Merge pull request #169 from devinmatte/oidc

Adding Flask_pyoidc and Updating to Python 3.6

Author: stevenmirabito

.travis.yml

@@ -1,6 +1,6 @@
 language: python
 python:
-  - "3.3"
+  - "3.6"
 
 install:
   - "pip install -r requirements.txt"

README.md

@@ -31,8 +31,24 @@ Then, install the pipeline and frontend dependencies:
 npm install
 ```
 
+### Config
+
 You must create `config.py` in the top-level directory with the appropriate credentials for the application to run. See `config.sample.py` for an example.
 
+#### Add OIDC Config
+Reach out to an RTP to get OIDC credentials that will allow you to develop locally behind OIDC auth
+```
+# OIDC Config
+OIDC_ISSUER = "https://sso.csh.rit.edu/auth/realms/csh"
+OIDC_CLIENT_CONFIG = {
+    'client_id': '',
+    'client_secret': '',
+    'post_logout_redirect_uris': ['http://0.0.0.0:6969/logout']
+}
+```
+
+### Run
+
 Once you have all of the dependencies installed, simply run:
 
 ```

conditional/__init__.py

@@ -1,14 +1,14 @@
 import os
 import subprocess
 from datetime import datetime
-from flask import Flask, redirect, request, render_template, g
-from flask_sqlalchemy import SQLAlchemy
-from flask_migrate import Migrate
+
+import structlog
 from csh_ldap import CSHLDAP
-from raven import fetch_git_sha
+from flask import Flask, redirect, render_template, g
+from flask_migrate import Migrate
+from flask_pyoidc.flask_pyoidc import OIDCAuthentication
+from flask_sqlalchemy import SQLAlchemy
 from raven.contrib.flask import Sentry
-from raven.exceptions import InvalidGitRepository
-import structlog
 
 app = Flask(__name__)
 
@@ -22,7 +22,6 @@
                                                       '--short',
                                                       'HEAD']).decode('utf-8').rstrip()
 
-
 db = SQLAlchemy(app)
 migrate = Migrate(app, db)
 sentry = Sentry(app)
@@ -31,17 +30,24 @@
                app.config['LDAP_BIND_PW'],
                ro=app.config['LDAP_RO'])
 
+auth = OIDCAuthentication(app, issuer=app.config["OIDC_ISSUER"],
+                          client_registration_info=app.config["OIDC_CLIENT_CONFIG"])
+
+app.secret_key = app.config["SECRET_KEY"]
+
 def start_of_year():
     start = datetime(datetime.today().year, 6, 1)
     if datetime.today() < start:
-        start = datetime(datetime.today().year-1, 6, 1)
+        start = datetime(datetime.today().year - 1, 6, 1)
     return start
 
+
 # pylint: disable=C0413
 from conditional.models.models import UserLog
 
+
 # Configure Logging
-def request_processor(logger, log_method, event_dict): # pylint: disable=unused-argument, redefined-outer-name
+def request_processor(logger, log_method, event_dict):  # pylint: disable=unused-argument, redefined-outer-name
     if 'request' in event_dict:
         flask_request = event_dict['request']
         event_dict['user'] = flask_request.headers.get("x-webauth-user")
@@ -52,7 +58,7 @@ def request_processor(logger, log_method, event_dict): # pylint: disable=unused-
     return event_dict
 
 
-def database_processor(logger, log_method, event_dict): # pylint: disable=unused-argument, redefined-outer-name
+def database_processor(logger, log_method, event_dict):  # pylint: disable=unused-argument, redefined-outer-name
     if 'request' in event_dict:
         if event_dict['method'] != 'GET':
             log = UserLog(
@@ -62,23 +68,25 @@ def database_processor(logger, log_method, event_dict): # pylint: disable=unused
                 blueprint=event_dict['blueprint'],
                 path=event_dict['path'],
                 description=event_dict['event']
-                )
+            )
             db.session.add(log)
             db.session.flush()
             db.session.commit()
         del event_dict['request']
     return event_dict
 
+
 structlog.configure(processors=[
     request_processor,
     database_processor,
     structlog.processors.KeyValueRenderer()
-    ])
+])
 
 logger = structlog.get_logger()
 
+from conditional.util.auth import get_user
 
-from conditional.blueprints.dashboard import dashboard_bp # pylint: disable=ungrouped-imports
+from conditional.blueprints.dashboard import dashboard_bp  # pylint: disable=ungrouped-imports
 from conditional.blueprints.attendance import attendance_bp
 from conditional.blueprints.major_project_submission import major_project_bp
 from conditional.blueprints.intro_evals import intro_evals_bp
@@ -108,27 +116,36 @@ def database_processor(logger, log_method, event_dict): # pylint: disable=unused
 
 from conditional.util.ldap import ldap_get_member
 
+
 @app.route('/<path:path>')
 def static_proxy(path):
     # send_static_file will guess the correct MIME type
     return app.send_static_file(path)
 
 
 @app.route('/')
+@auth.oidc_auth
 def default_route():
     return redirect('/dashboard')
 
+
+@app.route("/logout")
+@auth.oidc_logout
+def logout():
+    return redirect("/", 302)
+
+
 @app.errorhandler(404)
 @app.errorhandler(500)
-def route_errors(error):
+@auth.oidc_auth
+@get_user
+def route_errors(error, user_dict=None):
     data = dict()
-    username = request.headers.get('x-webauth-user')
 
     # Handle the case where the header isn't present
-    if username is not None:
-        member = ldap_get_member(username)
-        data['username'] = member.uid
-        data['name'] = member.cn
+    if user_dict['username'] is not None:
+        data['username'] = user_dict['account'].uid
+        data['name'] = user_dict['account'].cn
     else:
         data['username'] = "unknown"
         data['name'] = "Unknown"
@@ -149,15 +166,17 @@ def route_errors(error):
         error_desc = type(error).__name__
 
     return render_template('errors.html',
-                            error=error_desc,
-                            error_code=code,
-                            event_id=g.sentry_event_id,
-                            public_dsn=sentry.client.get_public_dsn('https'),
-                            **data), int(code)
+                           error=error_desc,
+                           error_code=code,
+                           event_id=g.sentry_event_id,
+                           public_dsn=sentry.client.get_public_dsn('https'),
+                           **data), int(code)
+
 
 @app.cli.command()
 def zoo():
     from conditional.models.migrate import free_the_zoo
     free_the_zoo(app.config['ZOO_DATABASE_URI'])
 
+
 logger.info('conditional started')