Fix the sso authentication status

da6b4f5e · kaiyou · b81fb8cf · da6b4f5e · da6b4f5e
Commit da6b4f5e authored 4 years ago by kaiyou
--- a/hiboo/sso/oidc.py
+++ b/hiboo/sso/oidc.py
@@ -7,10 +7,10 @@ It relies heavily on authlib for the OAuth/OIDC implementation.
 from authlib.integrations import flask_oauth2, sqla_oauth2
 from authlib.oauth2 import rfc6749 as oauth2
 from authlib.oidc import core as oidc
-from authlib.common import security
+from authlib.common import security as authlib_security

 from hiboo.sso import blueprint, get_service
-from hiboo import models, utils, profile
+from hiboo import models, utils, profile, security

 import flask
 import time
@@ -22,9 +22,9 @@ def fill_service(service):
    """
    if "client_id" not in service.config:
        service.config.update(
-            client_id=security.generate_token(24),
-            client_secret=security.generate_token(48),
-            jwt_key=security.generate_token(24),
+            client_id=authlib_security.generate_token(24),
+            client_secret=authlib_security.generate_token(48),
+            jwt_key=authlib_security.generate_token(24),
            jwt_alg="HS256"
        )

@@ -38,7 +38,7 @@ class AuthorizationCodeMixin(object):

    def create_authorization_code(self, client, profile, request):
        obj = AuthorizationCodeMixin.AuthorizationCode(
-            code=security.generate_token(48), nonce=request.data.get("nonce") or "",
+            code=authlib_security.generate_token(48), nonce=request.data.get("nonce") or "",
            client_id=client.client_id, redirect_uri=request.redirect_uri,
            scope=request.scope, user_id=profile.uuid,
            auth_time=int(time.time())
@@ -145,7 +145,7 @@ class Client(sqla_oauth2.OAuth2ClientMixin):
        """ Specific token generation function to help keep track of the profile associated with a token
        """
        return dict(
-            client_id=self.client_id, token_type="Bearer", access_token=security.generate_token(48),
+            client_id=self.client_id, token_type="Bearer", access_token=authlib_security.generate_token(48),
            issued_at=time.time(), expires_in=expires_in or 3600, profile_uuid=user.uuid, scope=scope or ""
        )

@@ -166,6 +166,7 @@ class Client(sqla_oauth2.OAuth2ClientMixin):


 @blueprint.route("/oidc/authorize/<service_uuid>", methods=["GET", "POST"])
+@security.authentication_required()
 def oidc_authorize(service_uuid):
    client = Client(get_service(service_uuid, __name__))
    picked = profile.get_profile(client.service, intent=True) or flask.abort(403)

--- a/hiboo/sso/saml.py
+++ b/hiboo/sso/saml.py
@@ -8,7 +8,7 @@ request parsing and response crafting.
 """

 from hiboo.sso import blueprint, get_service
-from hiboo import profile
+from hiboo import profile, security

 from cryptography import x509
 from cryptography.hazmat import primitives, backends
@@ -128,6 +128,7 @@ class MetaData(mdstore.InMemoryMetaData):


 @blueprint.route("/saml/redirect/<service_uuid>", methods=["GET", "POST"])
+@security.authentication_required()
 def saml_redirect(service_uuid):
    service = get_service(service_uuid, __name__)
    # Get the profile from user input (implies redirects)