Skip to content

Commit 31ed71c

Browse files
JoelEagerJoelEager
committed
Wrote an oidc wrapper to stop intro members from accessing upperclassmen packet
1 parent 16653a0 commit 31ed71c

File tree

5 files changed

+36
-19
lines changed

5 files changed

+36
-19
lines changed

packet/routes/api.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,10 @@
1-
from packet import auth, app, db
2-
from packet.utils import before_request
1+
from packet import app, db
2+
from packet.utils import before_request, packet_auth
33
from packet.models import Packet, MiscSignature
44

55

66
@app.route("/api/v1/sign/<packet_id>/", methods=["POST"])
7-
@auth.oidc_auth
7+
@packet_auth
88
@before_request
99
def sign(packet_id, info):
1010
packet = Packet.by_id(packet_id)

packet/routes/freshmen.py

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -4,13 +4,13 @@
44

55
from flask import redirect, render_template, request, url_for
66

7-
from packet import auth, app, db
7+
from packet import app, db
88
from packet.models import Packet
9-
from packet.utils import before_request
9+
from packet.utils import before_request, packet_auth
1010

1111

1212
@app.route("/")
13-
@auth.oidc_auth
13+
@packet_auth
1414
@before_request
1515
def index(info=None):
1616
most_recent_packet = Packet.query.filter_by(freshman_username=info['uid']).order_by(Packet.id.desc()).first()
@@ -22,7 +22,7 @@ def index(info=None):
2222

2323

2424
@app.route("/essays/<packet_id>/")
25-
@auth.oidc_auth
25+
@packet_auth
2626
@before_request
2727
def essays(packet_id, info=None):
2828
packet = Packet.by_id(packet_id)
@@ -34,7 +34,7 @@ def essays(packet_id, info=None):
3434

3535

3636
@app.route("/essays/<packet_id>/", methods=["POST"])
37-
@auth.oidc_auth
37+
@packet_auth
3838
@before_request
3939
def submit_essays(packet_id, info=None):
4040
packet = Packet.by_id(packet_id)

packet/routes/shared.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
from flask import render_template, redirect
66

77
from packet import auth, app
8-
from packet.utils import before_request
8+
from packet.utils import before_request, packet_auth
99
from packet.models import Packet
1010

1111

@@ -16,7 +16,7 @@ def logout():
1616

1717

1818
@app.route("/packet/<packet_id>/")
19-
@auth.oidc_auth
19+
@packet_auth
2020
@before_request
2121
def freshman_packet(packet_id, info=None):
2222
packet = Packet.by_id(packet_id)
@@ -43,7 +43,7 @@ def freshman_packet(packet_id, info=None):
4343

4444

4545
@app.route("/packets/")
46-
@auth.oidc_auth
46+
@packet_auth
4747
@before_request
4848
def packets(info=None):
4949
open_packets = Packet.open_packets()

packet/routes/upperclassmen.py

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -6,19 +6,19 @@
66
from itertools import chain
77
from operator import itemgetter
88

9-
from packet import auth, app
9+
from packet import app
1010
from packet.models import Packet, MiscSignature
11-
from packet.utils import before_request
11+
from packet.utils import before_request, packet_auth
1212

1313

1414
@app.route("/")
15-
@auth.oidc_auth
15+
@packet_auth
1616
def index():
1717
return redirect(url_for("packets"), 302)
1818

1919

2020
@app.route("/member/<uid>/")
21-
@auth.oidc_auth
21+
@packet_auth
2222
@before_request
2323
def upperclassman(uid, info=None):
2424
open_packets = Packet.open_packets()
@@ -37,7 +37,7 @@ def upperclassman(uid, info=None):
3737

3838

3939
@app.route("/upperclassmen/")
40-
@auth.oidc_auth
40+
@packet_auth
4141
@before_request
4242
def upperclassmen_total(info=None):
4343
open_packets = Packet.open_packets()

packet/utils.py

Lines changed: 20 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,13 +5,14 @@
55
import requests
66
from flask import session
77

8-
from packet import _ldap
8+
from packet import _ldap, auth, app
99
from packet.models import Freshman
1010
from packet.ldap import (ldap_get_member,
1111
ldap_is_active,
1212
ldap_is_onfloor,
1313
ldap_get_roomnumber,
14-
ldap_get_groups)
14+
ldap_get_groups,
15+
ldap_is_intromember)
1516

1617
INTRO_REALM = "https://sso.csh.rit.edu/auth/realms/intro"
1718

@@ -67,4 +68,20 @@ def is_on_floor(uid):
6768
if freshman is not None:
6869
return freshman.onfloor
6970
else:
70-
return False
71+
return False
72+
73+
74+
def packet_auth(func):
75+
"""
76+
Decorator for easily configuring oidc
77+
"""
78+
@auth.oidc_auth
79+
@wraps(func)
80+
def wrapped_function(*args, **kwargs):
81+
if app.config["REALM"] == "csh":
82+
if ldap_is_intromember(ldap_get_member(str(session["userinfo"].get("preferred_username", "")))):
83+
return "Sorry, upperclassmen packet is not available to intro members.", 401
84+
85+
return func(*args, **kwargs)
86+
87+
return wrapped_function

0 commit comments

Comments
 (0)