|
|
|
@@ -2,8 +2,8 @@ from __future__ import annotations
|
|
|
|
|
import bcrypt
|
|
|
|
|
from quart import Blueprint, render_template, request, redirect, url_for, session
|
|
|
|
|
from sqlalchemy import select, func
|
|
|
|
|
from fabledscryer.auth.middleware import login_user, logout_user
|
|
|
|
|
from fabledscryer.models.users import User, UserRole
|
|
|
|
|
from roundtable.auth.middleware import login_user, logout_user
|
|
|
|
|
from roundtable.models.users import User, UserRole
|
|
|
|
|
|
|
|
|
|
auth_bp = Blueprint("auth", __name__)
|
|
|
|
|
|
|
|
|
@@ -15,7 +15,7 @@ async def _provision_external_user(app, username: str, email: str, role_str: str
|
|
|
|
|
Their role is updated on every login to reflect current IdP group membership.
|
|
|
|
|
"""
|
|
|
|
|
import secrets
|
|
|
|
|
from fabledscryer.models.users import UserRole
|
|
|
|
|
from roundtable.models.users import UserRole
|
|
|
|
|
async with app.db_sessionmaker() as db:
|
|
|
|
|
result = await db.execute(select(User).where(User.username == username))
|
|
|
|
|
user = result.scalar_one_or_none()
|
|
|
|
@@ -60,7 +60,7 @@ async def login():
|
|
|
|
|
@auth_bp.post("/login")
|
|
|
|
|
async def login_post():
|
|
|
|
|
from quart import current_app
|
|
|
|
|
from fabledscryer.core.audit import log_audit
|
|
|
|
|
from roundtable.core.audit import log_audit
|
|
|
|
|
form = await request.form
|
|
|
|
|
username = form.get("username", "").strip()
|
|
|
|
|
password_str = form.get("password", "")
|
|
|
|
@@ -77,7 +77,7 @@ async def login_post():
|
|
|
|
|
# Try LDAP fallback if enabled
|
|
|
|
|
ldap_cfg = current_app.config.get("LDAP", {})
|
|
|
|
|
if ldap_cfg.get("enabled"):
|
|
|
|
|
from fabledscryer.auth.ldap_auth import ldap_authenticate
|
|
|
|
|
from roundtable.auth.ldap_auth import ldap_authenticate
|
|
|
|
|
ldap_info = await ldap_authenticate(ldap_cfg, username, password_str)
|
|
|
|
|
if ldap_info:
|
|
|
|
|
user = await _provision_external_user(
|
|
|
|
@@ -99,7 +99,7 @@ async def login_post():
|
|
|
|
|
@auth_bp.get("/login/oidc")
|
|
|
|
|
async def login_oidc():
|
|
|
|
|
from quart import current_app
|
|
|
|
|
from fabledscryer.auth.oidc import get_discovery, build_authorize_url, generate_state
|
|
|
|
|
from roundtable.auth.oidc import get_discovery, build_authorize_url, generate_state
|
|
|
|
|
oidc_cfg = current_app.config.get("OIDC", {})
|
|
|
|
|
if not oidc_cfg.get("enabled") or not oidc_cfg.get("discovery_url"):
|
|
|
|
|
return redirect(url_for("auth.login"))
|
|
|
|
@@ -123,8 +123,8 @@ async def login_oidc():
|
|
|
|
|
@auth_bp.get("/login/oidc/callback")
|
|
|
|
|
async def login_oidc_callback():
|
|
|
|
|
from quart import current_app
|
|
|
|
|
from fabledscryer.auth.oidc import get_discovery, exchange_code, get_userinfo, map_role
|
|
|
|
|
from fabledscryer.core.audit import log_audit
|
|
|
|
|
from roundtable.auth.oidc import get_discovery, exchange_code, get_userinfo, map_role
|
|
|
|
|
from roundtable.core.audit import log_audit
|
|
|
|
|
|
|
|
|
|
oidc_cfg = current_app.config.get("OIDC", {})
|
|
|
|
|
error = request.args.get("error")
|
|
|
|
@@ -190,7 +190,7 @@ async def setup():
|
|
|
|
|
@auth_bp.post("/setup")
|
|
|
|
|
async def setup_post():
|
|
|
|
|
from quart import current_app
|
|
|
|
|
from fabledscryer.core.audit import log_audit
|
|
|
|
|
from roundtable.core.audit import log_audit
|
|
|
|
|
if await get_user_count(current_app) > 0:
|
|
|
|
|
return redirect(url_for("auth.login"))
|
|
|
|
|
form = await request.form
|
|
|
|
|