diff --git a/proxstar/__init__.py b/proxstar/__init__.py index 74a1196..a6c3ae6 100644 --- a/proxstar/__init__.py +++ b/proxstar/__init__.py @@ -128,7 +128,7 @@ def add_rq_dashboard_auth(blueprint): @blueprint.before_request - @auth.oidc_auth('sso') + @auth.oidc_auth def rq_dashboard_auth(*args, **kwargs): # pylint: disable=unused-argument,unused-variable if 'rtp' not in session['userinfo']['groups']: abort(403) @@ -153,7 +153,7 @@ def forbidden(e): @app.route('/') @app.route('/user/') -@auth.oidc_auth('sso') +@auth.oidc_auth def list_vms(user_view=None): user = User(session['userinfo']['preferred_username']) rtp_view = False @@ -190,7 +190,7 @@ def list_vms(user_view=None): @app.route('/isos') -@auth.oidc_auth('sso') +@auth.oidc_auth def isos(): proxmox = connect_proxmox() stored_isos = get_isos(proxmox, app.config['PROXMOX_ISO_STORAGE']) @@ -198,7 +198,7 @@ def isos(): @app.route('/hostname/') -@auth.oidc_auth('sso') +@auth.oidc_auth def hostname(name): valid, available = check_hostname(starrs, name) if not valid: @@ -210,7 +210,7 @@ def hostname(name): @app.route('/vm/') -@auth.oidc_auth('sso') +@auth.oidc_auth def vm_details(vmid): user = User(session['userinfo']['preferred_username']) connect_proxmox() @@ -230,7 +230,7 @@ def vm_details(vmid): @app.route('/vm//power/', methods=['POST']) -@auth.oidc_auth('sso') +@auth.oidc_auth def vm_power(vmid, action): user = User(session['userinfo']['preferred_username']) connect_proxmox() @@ -270,7 +270,7 @@ def vm_console_stop(vmid): @app.route('/console/vm/', methods=['POST']) -@auth.oidc_auth('sso') +@auth.oidc_auth def vm_console(vmid): user = User(session['userinfo']['preferred_username']) connect_proxmox() @@ -290,7 +290,7 @@ def vm_console(vmid): @app.route('/vm//cpu/', methods=['POST']) -@auth.oidc_auth('sso') +@auth.oidc_auth def vm_cpu(vmid, cores): user = User(session['userinfo']['preferred_username']) connect_proxmox() @@ -311,7 +311,7 @@ def vm_cpu(vmid, cores): @app.route('/vm//mem/', methods=['POST']) -@auth.oidc_auth('sso') +@auth.oidc_auth def vm_mem(vmid, mem): user = User(session['userinfo']['preferred_username']) connect_proxmox() @@ -332,7 +332,7 @@ def vm_mem(vmid, mem): @app.route('/vm//disk//', methods=['POST']) -@auth.oidc_auth('sso') +@auth.oidc_auth def vm_disk(vmid, disk, size): user = User(session['userinfo']['preferred_username']) connect_proxmox() @@ -348,7 +348,7 @@ def vm_disk(vmid, disk, size): @app.route('/vm//renew', methods=['POST']) -@auth.oidc_auth('sso') +@auth.oidc_auth def vm_renew(vmid): user = User(session['userinfo']['preferred_username']) connect_proxmox() @@ -364,7 +364,7 @@ def vm_renew(vmid): @app.route('/vm//eject', methods=['POST']) -@auth.oidc_auth('sso') +@auth.oidc_auth def iso_eject(vmid): user = User(session['userinfo']['preferred_username']) connect_proxmox() @@ -377,7 +377,7 @@ def iso_eject(vmid): @app.route('/vm//mount/', methods=['POST']) -@auth.oidc_auth('sso') +@auth.oidc_auth def iso_mount(vmid, iso): user = User(session['userinfo']['preferred_username']) connect_proxmox() @@ -391,7 +391,7 @@ def iso_mount(vmid, iso): @app.route('/vm//delete', methods=['POST']) -@auth.oidc_auth('sso') +@auth.oidc_auth def delete(vmid): user = User(session['userinfo']['preferred_username']) connect_proxmox() @@ -405,7 +405,7 @@ def delete(vmid): @app.route('/vm//boot_order', methods=['POST']) -@auth.oidc_auth('sso') +@auth.oidc_auth def get_boot_order(vmid): user = User(session['userinfo']['preferred_username']) connect_proxmox() @@ -421,7 +421,7 @@ def get_boot_order(vmid): @app.route('/vm/create', methods=['GET', 'POST']) -@auth.oidc_auth('sso') +@auth.oidc_auth def create(): user = User(session['userinfo']['preferred_username']) proxmox = connect_proxmox() @@ -494,7 +494,7 @@ def create(): @app.route('/limits/', methods=['POST']) -@auth.oidc_auth('sso') +@auth.oidc_auth def set_limits(user): if 'rtp' in session['userinfo']['groups']: cpu = request.form['cpu'] @@ -507,7 +507,7 @@ def set_limits(user): @app.route('/user//delete', methods=['POST']) -@auth.oidc_auth('sso') +@auth.oidc_auth def delete_user(user): if 'rtp' in session['userinfo']['groups']: connect_proxmox() @@ -518,7 +518,7 @@ def delete_user(user): @app.route('/settings') -@auth.oidc_auth('sso') +@auth.oidc_auth def settings(): user = User(session['userinfo']['preferred_username']) if user.rtp: @@ -537,7 +537,7 @@ def settings(): @app.route('/pool//ignore', methods=['POST', 'DELETE']) -@auth.oidc_auth('sso') +@auth.oidc_auth def ignored_pools(pool): if 'rtp' in session['userinfo']['groups']: if request.method == 'POST': @@ -550,7 +550,7 @@ def ignored_pools(pool): @app.route('/user//allow', methods=['POST', 'DELETE']) -@auth.oidc_auth('sso') +@auth.oidc_auth def allowed_users(user): if 'rtp' in session['userinfo']['groups']: if request.method == 'POST': @@ -591,7 +591,7 @@ def cleanup_vnc(): @app.route('/template//disk') -@auth.oidc_auth('sso') +@auth.oidc_auth def template_disk(template_id): if template_id == 'none': return '0' @@ -599,7 +599,7 @@ def template_disk(template_id): @app.route('/template//edit', methods=['POST']) -@auth.oidc_auth('sso') +@auth.oidc_auth def template_edit(template_id): if 'rtp' in session['userinfo']['groups']: name = request.form['name'] @@ -611,7 +611,7 @@ def template_edit(template_id): @app.route('/logout') -@auth.oidc_logout('sso') +@auth.oidc_logout def logout(): return redirect(url_for('list_vms'), 302) diff --git a/proxstar/auth.py b/proxstar/auth.py index 83fa357..3405903 100644 --- a/proxstar/auth.py +++ b/proxstar/auth.py @@ -1,17 +1,12 @@ from flask_pyoidc.flask_pyoidc import OIDCAuthentication -from flask_pyoidc.provider_configuration import ProviderConfiguration, ClientMetadata from tenacity import retry @retry def get_auth(app): - sso_config = ProviderConfiguration( + auth = OIDCAuthentication( + app, issuer=app.config['OIDC_ISSUER'], - client_metadata=ClientMetadata( - app.config['OIDC_CLIENT_CONFIG']['client_id'], - app.config['OIDC_CLIENT_CONFIG']['client_secret'], - ), + client_registration_info=app.config['OIDC_CLIENT_CONFIG'], ) - - auth = OIDCAuthentication({'sso': sso_config}, app) return auth diff --git a/requirements.txt b/requirements.txt index 562ff45..453c7bb 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,7 +1,7 @@ black~=20.8b1 csh-ldap~=2.2.0 flask==1.1.2 -flask-pyoidc==3.7.0 +flask-pyoidc==1.3.0 gunicorn==20.0.4 paramiko==2.7.2 proxmoxer==1.1.1