From ea5c9732ba16eb76c65d50e0e80905a2449bce0f Mon Sep 17 00:00:00 2001 From: dandds Date: Fri, 3 Aug 2018 15:51:44 -0400 Subject: [PATCH] implement authentication redirect --- atst/domain/auth.py | 18 ++++++++++++++++++ atst/routes/__init__.py | 10 +++++----- atst/routes/dev.py | 2 +- config/base.ini | 5 ++--- config/prod.ini | 2 ++ templates/root.html | 2 +- 6 files changed, 29 insertions(+), 10 deletions(-) create mode 100644 atst/domain/auth.py create mode 100644 config/prod.ini diff --git a/atst/domain/auth.py b/atst/domain/auth.py new file mode 100644 index 00000000..e14f2aa2 --- /dev/null +++ b/atst/domain/auth.py @@ -0,0 +1,18 @@ +from functools import wraps +from flask import g, request, redirect, url_for, session + +from atst.domain.users import Users + + +def login_required(f): + + @wraps(f) + def decorated_function(*args, **kwargs): + if session.get("user_id"): + g.user = Users.get(session.get("user_id")) + return f(*args, **kwargs) + + else: + return redirect(url_for("atst.root")) + + return decorated_function diff --git a/atst/routes/__init__.py b/atst/routes/__init__.py index b1f75fbd..8b0decc4 100644 --- a/atst/routes/__init__.py +++ b/atst/routes/__init__.py @@ -1,9 +1,11 @@ from flask import Blueprint, render_template, g, redirect, session, url_for, request +from flask import current_app as app import pendulum from atst.domain.requests import Requests from atst.domain.users import Users from atst.domain.authnid.utils import parse_sdn +from atst.domain.auth import login_required bp = Blueprint("atst", __name__) @@ -14,16 +16,19 @@ def root(): @bp.route("/home") +@login_required def home(): return render_template("home.html") @bp.route("/styleguide") +@login_required def styleguide(): return render_template("styleguide.html") @bp.route('/') +@login_required def catch_all(path): return render_template("{}.html".format(path)) @@ -58,8 +63,3 @@ def is_valid_certificate(request): return result else: return False - -def construct_redirect(uuid): - access_token = app.token_manager.token(uuid) - url = f'{app.config["ATST_REDIRECT"]}?bearer-token={access_token}' - return app.make_response(redirect(url)) diff --git a/atst/routes/dev.py b/atst/routes/dev.py index 25c176c5..f50ff4ca 100644 --- a/atst/routes/dev.py +++ b/atst/routes/dev.py @@ -46,7 +46,7 @@ _DEV_USERS = { @bp.route("/login-dev") -def get(): +def login_dev(): role = request.args.get("username", "amanda") user_data = _DEV_USERS[role] user = _set_user_permissions(user_data["dod_id"], user_data["atat_role"]) diff --git a/config/base.ini b/config/base.ini index 318256f6..ac66c00c 100644 --- a/config/base.ini +++ b/config/base.ini @@ -6,7 +6,7 @@ AUTHNID_BASE_URL= https://localhost:8001 COOKIE_SECRET = some-secret-please-replace SECRET = change_me_into_something_secret SECRET_KEY = change_me_into_something_secret -CAC_URL = https://localhost:8001 +CAC_URL = http://localhost:8000/login-redirect PE_NUMBER_CSV_URL = http://c95e1ebb198426ee57b8-174bb05a294821bedbf46b6384fe9b1f.r31.cf5.rackcdn.com/penumbers.csv REDIS_URI = redis://localhost:6379 SESSION_TTL_SECONDS = 600 @@ -17,6 +17,5 @@ PGUSER = postgres PGPASSWORD = postgres PGDATABASE = atat SESSION_TYPE = redis -SESSION_COOKIE_DOMAIN= atat.codes -SESSION_COOKIE_SECURE = True +SESSION_COOKIE_NAME=atat SESSION_USE_SIGNER = True diff --git a/config/prod.ini b/config/prod.ini new file mode 100644 index 00000000..fbaaa394 --- /dev/null +++ b/config/prod.ini @@ -0,0 +1,2 @@ +[default] +SESSION_COOKIE_SECURE=True diff --git a/templates/root.html b/templates/root.html index a206bc7b..090196ec 100644 --- a/templates/root.html +++ b/templates/root.html @@ -17,7 +17,7 @@

JEDI

- Sign In with CAC + Sign In with CAC {% if g.dev %} DEV Login