Implement log_in_user

This commit is contained in:
richard-dds
2018-08-03 14:13:21 -04:00
committed by dandds
parent df0b4e64c0
commit 13146e9362
9 changed files with 76 additions and 95 deletions

View File

@@ -29,7 +29,7 @@ class Users(object):
return user
@classmethod
def create(cls, atat_role_name, **kwargs):
def create(cls, atat_role_name="developer", **kwargs):
atat_role = Roles.get(atat_role_name)
try:
@@ -42,11 +42,11 @@ class Users(object):
return user
@classmethod
def get_or_create(cls, user_id, **kwargs):
def get_or_create_by_dod_id(cls, dod_id, **kwargs):
try:
user = Users.get(user_id)
user = Users.get_by_dod_id(dod_id)
except NotFoundError:
user = Users.create(id=user_id, **kwargs)
user = Users.create(dod_id=dod_id, **kwargs)
db.session.add(user)
db.session.commit()

View File

@@ -1,4 +1,4 @@
from sqlalchemy import String, ForeignKey, Column, UniqueConstraint
from sqlalchemy import String, ForeignKey, Column
from sqlalchemy.orm import relationship
from sqlalchemy.dialects.postgresql import UUID

View File

@@ -1,7 +1,9 @@
from flask import Blueprint, render_template, g
from flask import Blueprint, render_template, g, redirect, session, url_for, request
import pendulum
from atst.domain.requests import Requests
from atst.domain.users import Users
from atst.domain.authnid.utils import parse_sdn
bp = Blueprint("atst", __name__)
@@ -24,3 +26,39 @@ def styleguide():
@bp.route('/<path:path>')
def catch_all(path):
return render_template("{}.html".format(path))
@bp.route('/login-redirect')
def log_in_user():
# FIXME: Find or create user based on the X-Ssl-Client-S-Dn header
# TODO: Store/log the X-Ssl-Client-Cert in case it's needed?
if request.environ.get('HTTP_X_SSL_CLIENT_VERIFY') == 'SUCCESS' and is_valid_certificate(request):
sdn = request.environ.get('HTTP_X_SSL_CLIENT_S_DN')
# TODO: error handling for bad SDN, database errors, etc
sdn_parts = parse_sdn(sdn)
user = Users.get_or_create_by_dod_id(**sdn_parts)
session["user_id"] = user.id
return redirect(url_for("atst.home"))
else:
template = render_template('not_authorized.html', atst_url=app.config['ATST_PASSTHROUGH'])
response = app.make_response(template)
response.status_code = 403
return response
def is_valid_certificate(request):
cert = request.environ.get('HTTP_X_SSL_CLIENT_CERT')
if cert:
result = app.crl_validator.validate(cert.encode())
if not result:
app.logger.info(app.crl_validator.errors[-1])
return result
else:
return False
def construct_redirect(uuid):
access_token = app.token_manager.token(uuid)
url = f'{app.config["ATST_REDIRECT"]}?bearer-token={access_token}'
return app.make_response(redirect(url))