def create_app(armazenamento=None):
app = Flask(__name__, static_folder=static_folder)
app.config.update({
'SECRET_KEY': 'MySecretIsMyPasswordBlaBla',
'TESTING': True,
'DEBUG': True,
'SQLALCHEMY_DATABASE_URI': openid_db,
'OIDC_CLIENT_SECRETS': 'client_secrets.json',
'OIDC_ID_TOKEN_COOKIE_SECURE': False,
'OIDC_REQUIRE_VERIFIED_EMAIL': False,
'OIDC_OPENID_REALM': uri + '/oidc_callback'
})
CORS(app)
Compress(app)
print("app criado.")
from db import create_db
db = create_db()
db.init_app(app)
oidc = OpenIDConnect(app, armazenamento)
add_routes(app, oidc)
return app
def create_app(config_obj=None):
app = Flask(__name__)
if config_obj:
app.config.from_object(config_obj)
else:
load_config(app)
if app.config[
'PRODUCTION'] and app.secret_key == 'replace-me-with-something-random':
raise Warning(
"You need to change the app.secret_key value for production")
# register error handlers
for code in default_exceptions.iterkeys():
app.register_error_handler(code, json_error)
app.register_error_handler(ConnectionError, json_error)
app.register_error_handler(Timeout, json_error)
populate_db_config(app)
if app.config['AUTH_METHOD'] == 'OIDC':
app.oidc = OpenIDConnect(app)
# initialize db
db.init_app(app)
# initialize db migrations
migrations_dir = os.path.join(os.path.abspath(os.path.dirname(__file__)),
'migrations')
Migrate(app, db, directory=migrations_dir)
# initialize logging
init_logging(app)
# register blueprints
app.register_blueprint(api_v1, url_prefix="/api/v1.0")
app.add_url_rule('/healthcheck', view_func=healthcheck)
register_event_handlers(app)
return app
def create_app(config, oidc_overrides=None):
global oidc
app = Flask(__name__)
app.config.update(config)
if oidc_overrides is None:
oidc_overrides = {}
oidc = OpenIDConnect(app, **oidc_overrides)
app.route('/')(oidc.check(index))
app.route('/at')(oidc.check(get_at))
app.route('/rt')(oidc.check(get_rt))
# Check standalone usage
rendered = oidc.accept_token(True, ['openid'])(api)
app.route('/api', methods=['GET', 'POST'])(rendered)
# Check combination with an external API renderer like Flask-RESTful
unrendered = oidc.accept_token(True, ['openid'],
render_errors=False)(raw_api)
def externally_rendered_api(*args, **kwds):
inner_response = unrendered(*args, **kwds)
if isinstance(inner_response, tuple):
raw_response, response_code, headers = inner_response
rendered_response = json.dumps(
raw_response), response_code, headers
else:
rendered_response = json.dumps(inner_response)
return rendered_response
app.route('/external_api', methods=['GET',
'POST'])(externally_rendered_api)
return app
def create_app(config, oidc_overrides=None):
app = Flask(__name__)
app.config.update(config)
if oidc_overrides is None:
oidc_overrides = {}
oidc = OpenIDConnect(app, **oidc_overrides)
app.route('/')(oidc.check(index))
return app
def configure_openid(app):
"""Set up OpenID, OpenIDConnect, and the module's Flask app reference"""
global APP
app.oid = OpenID(app)
try:
app.oidc = OpenIDConnect(app, credentials_store=flask.session)
except Exception as exc:
# Handle running with only anonymous API access enabled
app.logger.debug(str(exc))
app.oidc = None
app.route("/oidc_callback")(register_oidc_client)
APP = app
def __init__(self,
connectors,
name=None,
server=None,
app_url=None,
app_client_id=None,
app_client_secret=None,
oidc_client_secrets_path=None,
message_url_pattern='api/messages',
url_base_pathname='/',
csrf_protect=True,
formatter=None):
self.connectors = connectors
self.formatter = formatter
self.session = requests.Session()
print(self.session)
self.app_client_id = app_client_id or os.environ.get('APP_ID', '')
self.app_client_secret = app_client_secret or \
os.environ.get('APP_PASSWORD', '')
self.auth_str = None
# allow users to supply their own flask server
if server is not None:
self.server = server
else:
if name is None:
name = 'botframework'
self.server = Flask(name)
self.server.config['DEBUG'] = True
self.oidc_client_secrets_path = oidc_client_secrets_path
self.server.config.update(self._config())
self.oidc = OpenIDConnect(self.server)
self.message_url_pattern = message_url_pattern
self.url_base_pathname = url_base_pathname
print('Self Object: ')
print(self)
# list of dependencies
self.callback_map = {}
# gzip
Compress(self.server)
# urls
# This is kind of funky but should work
view_func = self.oidc.accept_token()(self.handle_messages)
self.server.add_url_rule('{}{}'.format(url_base_pathname,
message_url_pattern),
view_func=view_func,
methods=['post'])
def get_oidc():
"""
Connect to okta
"""
if 'oidc' not in g:
print('okta: get_oidc call')
g.oidc = OpenIDConnect(current_app)
g.okta_client = UsersClient(
"https://dev-833144.okta.com",
"00xJ6vTQkI8LzIQcPXf7Ehw75GrdAVDdqA2tvQFxFx")
# fixing global oidc problem for decorator in rooms
oidc = g.oidc
return g.oidc
def create_server():
"""Create the main Flask server of the dashboard, including
authentication
"""
server = Flask(__name__)
config_update = config_prepare(server.logger)
server.config.update(config_update)
oidc = OpenIDConnect(server)
@server.route("/")
def index():
if oidc.user_loggedin:
return redirect(url_for("pages"))
else:
try:
return render_template("index.html")
except TemplateNotFound:
abort(404)
@server.route("/login")
@oidc.require_login
def login():
return redirect(url_for("pages"))
@server.route("/logout", methods=["POST"])
def logout():
oidc.logout()
return redirect(url_for("index"))
@server.route("/pages")
@oidc.require_login
def pages():
return redirect("/pages/summary", 302)
def _oidc_error(message="Not Authorized", code=None):
try:
return render_template("index.html", alert=message)
except TemplateNotFound:
abort(404)
oidc._oidc_error = _oidc_error
@server.errorhandler(404)
def page_not_found(e):
# note that we set the 404 status explicitly
return render_template("404.html"), 404
return server, oidc
def create_app():
application = Flask(__name__)
ma = Marshmallow(application)
# Pull from config file
application.config.from_object('config.Config')
oidc = OpenIDConnect(application)
# Initailize database
db.init_app(application) #<- This will get called in our models.py file
migrate.init_app(application, db) #<- Migration directory
@application.route("/")
def home():
if oidc.user_loggedin:
return "Hello autenticated user: %s" % oidc.user_getfield(
'preferred_username')
else:
return 'This is the backend api to How R U. Please authenticate to access stuff: <a href="/login">Log in</a>'
@application.route('/login')
@oidc.require_login
def login():
return 'Welcome %s' % oidc.user_getfield('email')
@application.route("/api/mydata")
@oidc.accept_token(True, scopes_required=['openid'])
def messages():
#Grab sql records that match uid in oidc token info and badly mash into response :/
conn = pymysql.connect(host,
user=user,
port=port,
passwd=password,
db=dbname)
c = conn.cursor()
c.execute('select * from testDB where user_id = "%s";' %
g.oidc_token_info['uid'])
rows = c.fetchall()
response = {
'subject': '%s' % g.oidc_token_info['sub'],
'unformatted data': '%s' % " ".join(map(str, rows))
}
return json.dumps(response)
if __name__ == 'app':
application.run(host="0.0.0.0", port=80, debug=True)
return (application)
def create_app():
global app, oidc, _logger
app = Flask(__name__)
# Load the configurations based on the 'FLASK_ENV' environment variable
app.config.from_object(config)
# setup session database
db = SQLAlchemy(app)
app.config["SESSION_SQLALCHEMY_TABLE"] = 'sessions'
app.config["SESSION_SQLALCHEMY"] = db
session = Session(app)
session.app.session_interface.db.create_all()
# Init the OpenIDConnect application instance
# oidc.init_app(app)
oidc = OpenIDConnect(app, SessionCredentialStore())
# Initialize logger
_logger = configure_logger(app)
# Init the OpenIDConnect application instance
oidc.init_app(app)
# Registers the API URLs
# Below import here is to prevent the circular imports
from backend.apis import api as api_blueprint
api_prefix = '/{}/api'.format(app.config.get('SERVICE_SLUG'))
app.register_blueprint(api_blueprint, url_prefix=api_prefix)
# Registers the Views URLs
# This import here is to prevent the circular imports
from backend.views import view as view_blueprint
app.register_blueprint(view_blueprint)
# Registers our swagger UI blueprint
swagger_docs_prefix = '{}/{}'.format(api_prefix,
app.config.get('SWAGGER_DOCS'))
swagger_spec_prefix = '{}/{}'.format(api_prefix,
app.config.get('SWAGGER_SPEC'))
swaggerui_blueprint = get_swaggerui_blueprint(
swagger_docs_prefix,
swagger_spec_prefix,
config={'app_name': app.config.get('SWAGGER_NAME')},
)
app.register_blueprint(swaggerui_blueprint, url_prefix=swagger_docs_prefix)
return app
def create_app():
app = Flask(__name__, instance_relative_config=True)
app.config.from_mapping(SECRET_KEY=os.urandom(16))
from raspberry_monitor import config
conf = config.Config()
app.config.from_object(conf)
try:
os.makedirs(app.instance_path)
except OSError:
pass
global oidc
oidc = OpenIDConnect(app)
from raspberry_monitor.endpoints import api
api.init_app(app)
configure_logging()
if conf.BASIC_AUTH_FORCE:
BasicAuth(app)
return app
def __init__(self, *args, **kwargs):
super(FlaskOIDC, self).__init__(*args, **kwargs)
# Setup Session Database
_sql_db = SQLAlchemy(self)
self.config["SESSION_SQLALCHEMY"] = _sql_db
# Setup Session Store, that will hold the session information
# in database. OIDC by default keep the sessions in memory
_session = Session(self)
_session.app.session_interface.db.create_all()
# Initiate OpenIDConnect using the SQLAlchemy backed session store
_oidc = OpenIDConnect(self, SessionCredentialStore())
self.oidc = _oidc
# Register the before request function that will make sure each
# request is authenticated before processing
self.before_request(self._before_request)
@self.route('/login')
def login():
return redirect('/')
@self.route('/logout')
def logout():
"""
The logout function that logs user out from Keycloak.
:return: Redirects to the Keycloak login page
"""
_oidc.logout()
redirect_url = request.url_root.strip('/')
keycloak_issuer = _oidc.client_secrets.get('issuer')
keycloak_logout_url = '{}/protocol/openid-connect/logout'. \
format(keycloak_issuer)
return redirect('{}?redirect_uri={}'.format(
keycloak_logout_url, redirect_url))
def init_app(self, app):
from . import views
self.app = app
app.config.setdefault('AUTH_METHOD', 'local')
app.config.setdefault('AUTH_SUPERADMINS', ['admin'])
app.config.setdefault(
'AUTH_ROLE_GROUPS', {
'admin': ['webmasters'],
'content': ['webmasters'],
'business': ['business'],
'library': ['librarians'],
'missioncontrol': ['missioncontrol'],
})
self.login_manager = LoginManager()
self.login_manager.login_view = "auth.login"
self.login_manager.init_app(app)
self.login_manager.user_loader(load_user)
if app.config['AUTH_METHOD'] == 'oidc':
import flask_oidc
flask_oidc.logger = app.logger
with app.app_context():
app.config.setdefault('OIDC_SCOPES',
['openid', 'profile', 'email'])
app.config.update({
'OIDC_RESOURCE_SERVER_ONLY': True,
'OIDC_RESOURCE_CHECK_AUD': True,
})
from .views import oidc_callback
app.before_request(self._before_request)
bp.route('/oidc_callback')(oidc_callback)
self.oidc = OpenIDConnect(app)
def setUp(self):
"""Set a basic test environment.
This simply starts recording a VCR on start-up and stops on tearDown.
"""
mock_oidc = mock.patch(
'anitya.authentication.oidc',
OpenIDConnect(credentials_store=flask.session),
)
mock_oidc.start()
self.addCleanup(mock_oidc.stop)
mock_oid = mock.patch('anitya.authentication.oid', OpenID())
mock_oid.start()
self.addCleanup(mock_oid.stop)
self.flask_app = app.create(config.config)
cwd = os.path.dirname(os.path.realpath(__file__))
my_vcr = vcr.VCR(
cassette_library_dir=os.path.join(cwd, 'request-data/'), record_mode='once')
self.vcr = my_vcr.use_cassette(self.id())
self.vcr.__enter__()
self.addCleanup(self.vcr.__exit__, None, None, None)
def _init_auth(self) -> AuthenticationHandler:
"""Initalizes the AuthenticationHandler
Returns:
AuthenticationHandler -- The instantiated AuthenticationHandler object
"""
oidc_config = {
"SECRET_KEY":
environ.get("SECRET_KEY"),
"OIDC_CLIENT_SECRETS":
environ.get("OIDC_CLIENT_SECRETS"),
"OIDC_OPENID_REALM":
environ.get("OIDC_OPENID_REALM"),
'OIDC_ID_TOKEN_COOKIE_SECURE':
environ.get("OIDC_ID_TOKEN_COOKIE_SECURE") == "true"
}
self._service.config.update(oidc_config)
oicd = OpenIDConnect()
oicd.init_app(self._service)
return AuthenticationHandler(self._res, self._rpc, oicd)
from os import environ
from flask import Blueprint, redirect, url_for
from flask_oidc import OpenIDConnect
from okta import UsersClient
bp = Blueprint("auth", __name__, url_prefix="/")
oidc = OpenIDConnect()
okta_client = UsersClient("https://dev-407714.okta.com/", "token")
@bp.route("/login")
@oidc.require_login
def login():
"""
Force the user to login, then redirect them to the dashboard.
"""
return redirect(url_for("blog.dashboard"))
@bp.route("/logout")
def logout():
"""
Log the user out of their account.
"""
oidc.logout()
return redirect(url_for("blog.index"))
from boxsdk import JWTAuth
import requests
import config
import json
app = Flask(__name__)
app.config.update({
'SECRET_KEY': config.okta_client_secret,
'OIDC_CLIENT_SECRETS': './client_secrets.json',
'OIDC_DEBUG': True,
'OIDC_ID_TOKEN_COOKIE_SECURE': False,
'OIDC_SCOPES': ["openid", "profile"],
'OIDC_CALLBACK_ROUTE': config.okta_callback_route
})
oidc = OpenIDConnect(app)
okta_client = UsersClient(config.okta_org_url, config.okta_auth_token)
# Fetch Okta user record if logged in
@app.before_request
def before_request():
if oidc.user_loggedin:
g.user = okta_client.get_user(oidc.user_getfield('sub'))
else:
g.user = None
# Main application route
@app.route('/')
def start():
def __init__(self, appbuilder):
super(OIDCSecurityManagerMixin, self).__init__(appbuilder)
if self.auth_type == AUTH_OID:
self.oid = OpenIDConnect(self.appbuilder.get_app)
self.authoidview = AuthOIDCView
def init_oidc():
oidc = OpenIDConnect(current_app)
return oidc
def create_app(app_name=None):
# Configuration settings
import config
if not app_name:
app_name = config.APP_NAME
# Check if app is created for CLI operations or Web
cli_mode = False
if app_name.endswith('-cli'):
cli_mode = True
# Only enable password related functionality in server mode.
if config.SERVER_MODE is True:
# Some times we need to access these config params where application
# context is not available (we can't use current_app.config in those
# cases even with current_app.app_context())
# So update these params in config itself.
# And also these updated config values will picked up by application
# since we are updating config before the application instance is
# created.
config.SECURITY_RECOVERABLE = True
config.SECURITY_CHANGEABLE = True
# Now we'll open change password page in alertify dialog
# we don't want it to redirect to main page after password
# change operation so we will open the same password change page again.
config.SECURITY_POST_CHANGE_VIEW = 'browser.change_password'
"""Create the Flask application, startup logging and dynamically load
additional modules (blueprints) that are found in this directory."""
app = PgAdmin(__name__, static_url_path='/static')
# Removes unwanted whitespace from render_template function
app.jinja_env.trim_blocks = True
app.config.from_object(config)
app.config.update(dict(PROPAGATE_EXCEPTIONS=True))
##########################################################################
# Setup logging and log the application startup
##########################################################################
# We won't care about errors in the logging system, we are more
# interested in application errors.
logging.raiseExceptions = False
# Add SQL level logging, and set the base logging level
logging.addLevelName(25, 'SQL')
app.logger.setLevel(logging.DEBUG)
app.logger.handlers = []
# We also need to update the handler on the webserver in order to see
# request. Setting the level prevents werkzeug from setting up it's own
# stream handler thus ensuring all the logging goes through the pgAdmin
# logger.
logger = logging.getLogger('werkzeug')
logger.setLevel(config.CONSOLE_LOG_LEVEL)
# Set SQLITE_PATH to TEST_SQLITE_PATH while running test cases
if ('PGADMIN_TESTING_MODE' in os.environ
and os.environ['PGADMIN_TESTING_MODE'] == '1'):
config.SQLITE_PATH = config.TEST_SQLITE_PATH
config.MASTER_PASSWORD_REQUIRED = False
config.UPGRADE_CHECK_ENABLED = False
if not cli_mode:
# Ensure the various working directories exist
from pgadmin.setup import create_app_data_directory
create_app_data_directory(config)
# File logging
fh = logging.FileHandler(config.LOG_FILE, encoding='utf-8')
fh.setLevel(config.FILE_LOG_LEVEL)
fh.setFormatter(logging.Formatter(config.FILE_LOG_FORMAT))
app.logger.addHandler(fh)
logger.addHandler(fh)
# Console logging
ch = logging.StreamHandler()
ch.setLevel(config.CONSOLE_LOG_LEVEL)
ch.setFormatter(logging.Formatter(config.CONSOLE_LOG_FORMAT))
app.logger.addHandler(ch)
logger.addHandler(ch)
# Log the startup
app.logger.info('########################################################')
app.logger.info('Starting %s v%s...', config.APP_NAME, config.APP_VERSION)
app.logger.info('########################################################')
app.logger.debug("Python syspath: %s", sys.path)
##########################################################################
# Setup i18n
##########################################################################
# Initialise i18n
babel = Babel(app)
app.logger.debug('Available translations: %s' % babel.list_translations())
@babel.localeselector
def get_locale():
"""Get the language for the user."""
language = 'en'
if config.SERVER_MODE is False:
# Get the user language preference from the miscellaneous module
if current_user.is_authenticated:
user_id = current_user.id
else:
user = user_datastore.get_user(config.DESKTOP_USER)
if user is not None:
user_id = user.id
user_language = Preferences.raw_value('misc', 'user_language',
'user_language', user_id)
if user_language is not None:
language = user_language
else:
# If language is available in get request then return the same
# otherwise check the session or cookie
data = request.form
if 'language' in data:
language = data['language'] or language
setattr(session, 'PGADMIN_LANGUAGE', language)
elif hasattr(session, 'PGADMIN_LANGUAGE'):
language = getattr(session, 'PGADMIN_LANGUAGE', language)
elif hasattr(request.cookies, 'PGADMIN_LANGUAGE'):
language = getattr(request.cookies, 'PGADMIN_LANGUAGE',
language)
return language
##########################################################################
# Setup authentication
##########################################################################
app.config['SQLALCHEMY_DATABASE_URI'] = u'sqlite:///{0}?timeout={1}' \
.format(config.SQLITE_PATH.replace(u'\\', u'/'),
getattr(config, 'SQLITE_TIMEOUT', 500)
)
# Create database connection object and mailer
db.init_app(app)
##########################################################################
# Upgrade the schema (if required)
##########################################################################
with app.app_context():
# Run migration for the first time i.e. create database
from config import SQLITE_PATH
from pgadmin.setup import db_upgrade
# If version not available, user must have aborted. Tables are not
# created and so its an empty db
if not os.path.exists(SQLITE_PATH) or get_version() == -1:
# If running in cli mode then don't try to upgrade, just raise
# the exception
if not cli_mode:
db_upgrade(app)
else:
if not os.path.exists(SQLITE_PATH):
raise FileNotFoundError('SQLite database file "' +
SQLITE_PATH + '" does not exists.')
raise Exception('Specified SQLite database file is not valid.')
else:
schema_version = get_version()
# Run migration if current schema version is greater than the
# schema version stored in version table
if CURRENT_SCHEMA_VERSION >= schema_version:
db_upgrade(app)
# Update schema version to the latest
if CURRENT_SCHEMA_VERSION > schema_version:
set_version(CURRENT_SCHEMA_VERSION)
db.session.commit()
if os.name != 'nt':
os.chmod(config.SQLITE_PATH, 0o600)
Mail(app)
# Don't bother paths when running in cli mode
if not cli_mode:
import pgadmin.utils.paths as paths
paths.init_app(app)
# Setup Flask-Security
user_datastore = SQLAlchemyUserDatastore(db, User, Role)
security = Security(None, user_datastore)
##########################################################################
# Setup security
##########################################################################
with app.app_context():
config.CSRF_SESSION_KEY = Keys.query.filter_by(
name='CSRF_SESSION_KEY').first().value
config.SECRET_KEY = Keys.query.filter_by(
name='SECRET_KEY').first().value
config.SECURITY_PASSWORD_SALT = Keys.query.filter_by(
name='SECURITY_PASSWORD_SALT').first().value
# Update the app.config with proper security keyes for signing CSRF data,
# signing cookies, and the SALT for hashing the passwords.
app.config.update(
dict({
'CSRF_SESSION_KEY': config.CSRF_SESSION_KEY,
'SECRET_KEY': config.SECRET_KEY,
'SECURITY_PASSWORD_SALT': config.SECURITY_PASSWORD_SALT,
'SESSION_COOKIE_DOMAIN': config.SESSION_COOKIE_DOMAIN,
# CSRF Token expiration till session expires
'WTF_CSRF_TIME_LIMIT': getattr(config, 'CSRF_TIME_LIMIT', None),
'WTF_CSRF_METHODS': ['GET', 'POST', 'PUT', 'DELETE'],
}))
security.init_app(app, user_datastore)
from flask_oidc import OpenIDConnect
app.login_manager.oidc = OpenIDConnect(app)
# register custom unauthorised handler.
app.login_manager.unauthorized_handler(pga_unauthorised)
# Set the permanent session lifetime to the specified value in config file.
app.permanent_session_lifetime = timedelta(
days=config.SESSION_EXPIRATION_TIME)
if not cli_mode:
app.session_interface = create_session_interface(
app, config.SESSION_SKIP_PATHS)
# Make the Session more secure against XSS & CSRF when running in web mode
if config.SERVER_MODE and config.ENHANCED_COOKIE_PROTECTION:
paranoid = Paranoid(app)
paranoid.redirect_view = 'browser.index'
##########################################################################
# Load all available server drivers
##########################################################################
driver.init_app(app)
authenticate.init_app(app)
##########################################################################
# Register language to the preferences after login
##########################################################################
@user_logged_in.connect_via(app)
def register_language(sender, user):
# After logged in, set the language in the preferences if we get from
# the login page
data = request.form
if 'language' in data:
language = data['language']
# Set the user language preference
misc_preference = Preferences.module('misc')
user_languages = misc_preference.preference('user_language')
if user_languages and language:
language = user_languages.set(language)
##########################################################################
# Register any local servers we can discover
##########################################################################
@user_logged_in.connect_via(app)
def on_user_logged_in(sender, user):
# Keep hold of the user ID
user_id = user.id
# Get the first server group for the user
servergroup_id = 1
servergroups = ServerGroup.query.filter_by(
user_id=user_id).order_by("id")
if servergroups.count() > 0:
servergroup = servergroups.first()
servergroup_id = servergroup.id
'''Add a server to the config database'''
def add_server(user_id, servergroup_id, name, superuser, port,
discovery_id, comment):
# Create a server object if needed, and store it.
servers = Server.query.filter_by(
user_id=user_id, discovery_id=svr_discovery_id).order_by("id")
if servers.count() > 0:
return
svr = Server(user_id=user_id,
servergroup_id=servergroup_id,
name=name,
host='localhost',
port=port,
maintenance_db='postgres',
username=superuser,
ssl_mode='prefer',
comment=svr_comment,
discovery_id=discovery_id)
db.session.add(svr)
db.session.commit()
# Figure out what servers are present
if winreg is not None:
arch_keys = set()
proc_arch = os.environ['PROCESSOR_ARCHITECTURE'].lower()
try:
proc_arch64 = os.environ['PROCESSOR_ARCHITEW6432'].lower()
except Exception:
proc_arch64 = None
if proc_arch == 'x86' and not proc_arch64:
arch_keys.add(0)
elif proc_arch == 'x86' or proc_arch == 'amd64':
arch_keys.add(winreg.KEY_WOW64_32KEY)
arch_keys.add(winreg.KEY_WOW64_64KEY)
for arch_key in arch_keys:
for server_type in ('PostgreSQL', 'EnterpriseDB'):
try:
root_key = winreg.OpenKey(
winreg.HKEY_LOCAL_MACHINE,
"SOFTWARE\\" + server_type + "\\Services", 0,
winreg.KEY_READ | arch_key)
for i in xrange(0, winreg.QueryInfoKey(root_key)[0]):
inst_id = winreg.EnumKey(root_key, i)
inst_key = winreg.OpenKey(root_key, inst_id)
svr_name = winreg.QueryValueEx(
inst_key, 'Display Name')[0]
svr_superuser = winreg.QueryValueEx(
inst_key, 'Database Superuser')[0]
svr_port = winreg.QueryValueEx(inst_key, 'Port')[0]
svr_discovery_id = inst_id
svr_comment = gettext(
"Auto-detected {0} installation with the data "
"directory at {1}").format(
winreg.QueryValueEx(
inst_key, 'Display Name')[0],
winreg.QueryValueEx(
inst_key, 'Data Directory')[0])
add_server(user_id, servergroup_id, svr_name,
svr_superuser, svr_port,
svr_discovery_id, svr_comment)
inst_key.Close()
except Exception:
pass
else:
# We use the postgres-winreg.ini file on non-Windows
from configparser import ConfigParser
registry = ConfigParser()
try:
registry.read('/etc/postgres-reg.ini')
sections = registry.sections()
# Loop the sections, and get the data from any that are PG or PPAS
for section in sections:
if (section.startswith('PostgreSQL/')
or section.startswith('EnterpriseDB/')):
svr_name = registry.get(section, 'Description')
svr_superuser = registry.get(section, 'Superuser')
# getint function throws exception if value is blank.
# Ex: Port=
# In such case we should handle the exception and continue
# to read the next section of the config file.
try:
svr_port = registry.getint(section, 'Port')
except ValueError:
continue
svr_discovery_id = section
description = registry.get(section, 'Description')
data_directory = registry.get(section, 'DataDirectory')
if hasattr(str, 'decode'):
description = description.decode('utf-8')
data_directory = data_directory.decode('utf-8')
svr_comment = gettext(
u"Auto-detected {0} installation "
u"with the data directory at {1}").format(
description, data_directory)
add_server(user_id, servergroup_id, svr_name,
svr_superuser, svr_port, svr_discovery_id,
svr_comment)
except Exception:
pass
@user_logged_in.connect_via(app)
@user_logged_out.connect_via(app)
def force_session_write(app, user):
session.force_write = True
@user_logged_in.connect_via(app)
def store_crypt_key(app, user):
# in desktop mode, master password is used to encrypt/decrypt
# and is stored in the keyManager memory
if config.SERVER_MODE and 'password' in request.form:
current_app.keyManager.set(request.form['password'])
@user_logged_out.connect_via(app)
def current_user_cleanup(app, user):
from config import PG_DEFAULT_DRIVER
from pgadmin.utils.driver import get_driver
from flask import current_app
# remove key
current_app.keyManager.reset()
for mdl in current_app.logout_hooks:
try:
mdl.on_logout(user)
except Exception as e:
current_app.logger.exception(e)
_driver = get_driver(PG_DEFAULT_DRIVER)
_driver.gc_own()
##########################################################################
# Load plugin modules
##########################################################################
for module in app.find_submodules('pgadmin'):
app.logger.info('Registering blueprint module: %s' % module)
app.register_blueprint(module)
app.register_logout_hook(module)
##########################################################################
# Handle the desktop login
##########################################################################
@app.before_request
def before_request():
"""Login the default user if running in desktop mode"""
# Check the auth key is valid, if it's set, and we're not in server
# mode, and it's not a help file request.
if not config.SERVER_MODE and app.PGADMIN_INT_KEY != '' and (
('key' not in request.args
or request.args['key'] != app.PGADMIN_INT_KEY) and
request.cookies.get('PGADMIN_INT_KEY') != app.PGADMIN_INT_KEY
and request.endpoint != 'help.static'):
abort(401)
if not config.SERVER_MODE and not current_user.is_authenticated:
user = user_datastore.get_user(config.DESKTOP_USER)
# Throw an error if we failed to find the desktop user, to give
# the sysadmin a hint. We'll continue to try to login anyway as
# that'll through a nice 500 error for us.
if user is None:
app.logger.error(
'The desktop user %s was not found in the configuration '
'database.' % config.DESKTOP_USER)
abort(401)
login_user(user)
# if the server is restarted the in memory key will be lost
# but the user session may still be active. Logout the user
# to get the key again when login
if config.SERVER_MODE and current_user.is_authenticated and \
(current_app.keyManager.get() is None and not hasattr(current_app.login_manager, 'oidc')) and \
request.endpoint not in ('security.login', 'security.logout'):
logout_user()
@app.after_request
def after_request(response):
if 'key' in request.args:
domain = dict()
if config.COOKIE_DEFAULT_DOMAIN and \
config.COOKIE_DEFAULT_DOMAIN != 'localhost':
domain['domain'] = config.COOKIE_DEFAULT_DOMAIN
response.set_cookie('PGADMIN_INT_KEY',
value=request.args['key'],
path=config.COOKIE_DEFAULT_PATH,
**domain)
# X-Frame-Options for security
if config.X_FRAME_OPTIONS != "" and \
config.X_FRAME_OPTIONS.lower() != "deny":
response.headers["X-Frame-Options"] = config.X_FRAME_OPTIONS
return response
##########################################################################
# Cache busting
##########################################################################
# Version number to be added to all static file url requests
# This is used by url_for function when generating urls
# This will solve caching issues when application is upgrading
# This is called - Cache Busting
@app.url_defaults
def add_internal_version(endpoint, values):
extensions = config.APP_VERSION_EXTN
# Add the internal version only if it is set
if config.APP_VERSION_PARAM is not None and \
config.APP_VERSION_PARAM != '':
# If there is a filename, add the version
if 'filename' in values \
and values['filename'].endswith(extensions):
values[config.APP_VERSION_PARAM] = config.APP_VERSION_INT
else:
# Sometimes there may be direct endpoint for some files
# There will be only one rule for such endpoints
urls = [url for url in app.url_map.iter_rules(endpoint)]
if len(urls) == 1 and urls[0].rule.endswith(extensions):
values[config.APP_VERSION_PARAM] = \
config.APP_VERSION_INT
# Strip away internal version param before sending further to app as it was
# required for cache busting only
@app.url_value_preprocessor
def strip_version_number(endpoint, values):
if values and config.APP_VERSION_PARAM in values:
values.pop(config.APP_VERSION_PARAM)
##########################################################################
# Minify output. Not required in desktop mode
##########################################################################
if not config.DEBUG and config.SERVER_MODE:
from flask_compress import Compress
Compress(app)
from pgadmin.misc.themes import Themes
Themes(app)
@app.context_processor
def inject_blueprint():
"""
Inject a reference to the current blueprint, if any.
"""
return {
'current_app': current_app,
'current_blueprint': current_blueprint,
}
@app.errorhandler(Exception)
def all_exception_handler(e):
current_app.logger.error(e, exc_info=True)
return internal_server_error(errormsg=str(e))
# Exclude HTTPexception from above handler (all_exception_handler)
# HTTPException are user defined exceptions and those should be returned
# as is
@app.errorhandler(HTTPException)
def http_exception_handler(e):
current_app.logger.error(e, exc_info=True)
return e
# Intialize the key manager
app.keyManager = KeyManager()
##########################################################################
# Protection against CSRF attacks
##########################################################################
with app.app_context():
pgCSRFProtect.init_app(app)
##########################################################################
# All done!
##########################################################################
return app
# Only import flask_fas_openid if it is needed
if APP.config.get('PAGURE_AUTH', None) in ['fas', 'openid']:
from flask_fas_openid import FAS
FAS = FAS(APP)
@FAS.postlogin
def set_user_fas(return_url):
''' After login method. '''
set_user()
return flask.redirect(return_url)
if APP.config.get('PAGURE_AUTH', None) == 'oidc':
from flask_oidc import OpenIDConnect
oidc = OpenIDConnect(APP)
@APP.before_request
def fas_user_from_oidc():
if oidc.user_loggedin and 'oidc_logintime' in flask.session:
email_key, fulln_key, usern_key, ssh_key, groups_key = [
APP.config['OIDC_PAGURE_EMAIL'],
APP.config['OIDC_PAGURE_FULLNAME'],
APP.config['OIDC_PAGURE_USERNAME'],
APP.config['OIDC_PAGURE_SSH_KEY'],
APP.config['OIDC_PAGURE_GROUPS'],
]
info = oidc.user_getinfo(
[email_key, fulln_key, usern_key, ssh_key, groups_key])
username = info.get(usern_key)
if not username:
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
"""
Helper module for configuring OpenID Connect based authentication
"""
from functools import wraps
import logging
import flask
from flask_openid import OpenID
from flask_oidc import OpenIDConnect
_log = logging.getLogger(__name__)
oid = OpenID()
oidc = OpenIDConnect(credentials_store=flask.session)
####################################
# Set up core OpenID Connect support
####################################
def configure_openid(app):
"""Set up OpenID, OpenIDConnect, and the module's Flask app reference"""
global oidc
global oid
oid.init_app(app)
try:
oidc.init_app(app)
except Exception as exc:
# Handle running with only anonymous API access enabled
from flask_oidc import OpenIDConnect from flask_sqlalchemy import SQLAlchemy login = OpenIDConnect() db = SQLAlchemy()
def create_app(entirety_config, client_secret):
"""Main function to create Flask app"""
app = Flask(__name__,
static_folder='../static',
template_folder='../templates')
app.config.update({
'SECRET_KEY': 'SomethingNotEntirelySecret',
'TESTING': True,
'DEBUG': True,
'OIDC_CLIENT_SECRETS': client_secret,
'OIDC_ID_TOKEN_COOKIE_SECURE': False,
'OIDC_REQUIRE_VERIFIED_EMAIL': False,
'OIDC_USER_INFO_ENABLED': True,
'OIDC_OPENID_REALM': 'n5geh',
'OIDC_SCOPES': ['openid', 'email', 'profile'],
'OIDC_INTROSPECTION_AUTH_METHOD': 'client_secret_post',
'FIWARE': entirety_config['fiware'],
'DEVICE_IDM': entirety_config['device_idm'],
'DATAMODEL': entirety_config['datamodel'],
'IDM': entirety_config['idm']
})
oidc = OpenIDConnect(
app) # OpenIDConnect provides security mechanism for API
datamodel = Datamodel(config=app.config['DATAMODEL'])
orion = Orion(config=app.config['FIWARE'])
iotagent = IoTAgent(config=app.config['FIWARE'])
quantumleap = QuantumLeap(config=app.config['FIWARE'])
idm = IDM(config=app.config['DEVICE_IDM'])
formservice = FormService()
# General routes
@app.errorhandler(404)
def not_found(e):
"""Render not found page"""
return render_template("404.html")
@app.before_request
def before_request():
"""Add user details to each request"""
if oidc.user_loggedin:
info = oidc.user_getinfo([
'preferred_username', 'email', 'sub', 'given_name',
'family_name'
])
g.user = info.get('preferred_username')
g.fullname = '{} {}'.format(info.get('given_name'),
info.get('family_name'))
g.account_url = app.config['IDM']['account_url']
else:
g.user = None
g.fullname = None
@app.route('/')
def index():
"""Default web page"""
return redirect('/dashboard')
@app.route('/dashboard')
@oidc.require_login
def dashboard():
"""Dashboard web page"""
data = {}
data['orion_version'] = orion.get_version()
data['iot_agent_version'] = iotagent.get_version()
data['idm_is_active'] = idm.is_active()
data['quantumleap_version'] = quantumleap.get_version()
data['classes'] = datamodel.get_classes()
data['subscription_number'] = len(orion.get_subscriptions())
count = 0
if data['orion_version'] != '':
for c in data['classes']:
count += len(orion.get_entities(c))
data['registered_classes'] = count
data['all_classes'] = len(datamodel.classes_file_list)
return render_template('dashboard.html', d=data)
@app.route('/about')
@oidc.require_login
def about():
"""Render About page"""
page_name = 'About'
page_content = 'Device Wizard is a service for registering device within N5GEH cloud platform.'
return render_template('simple.html',
page_name=page_name,
page_content=page_content)
@app.route('/help')
@oidc.require_login
def help():
"""Render Help page"""
page_name = 'Help'
page_content = 'This is a help page to explain how user can register a device in a N5GEH platform.'
return render_template('simple.html',
page_name=page_name,
page_content=page_content)
@app.route('/logout')
def logout():
"""Performs logout by removing the session cookie."""
oidc.logout()
return redirect(app.config['IDM']['logout_link'])
# Orion routes
def select_type(device_types,
fiware_service,
render_page='select_type.html'):
"""Render Select type of device page for Orion and IoT Agent"""
choices = []
for t in device_types:
tt = t.split('.')
choices.append((
t,
tt[0],
))
form = TypesForm()
form.types.choices = choices
return render_template(render_page,
form=form,
fiware_service=fiware_service)
def wrong_device_type(device_type, url, service):
"""Render error page with wrong device type"""
page_name = 'Wrong device type'
page_content = 'Could not found template for this <span class="text-warning">{}services</span> device type. Please select one from <a href="{}">+ {} page</a>.'.format(
device_type, url, service)
return render_template('simple.html',
page_name=page_name,
page_content=page_content)
def check_orion(func):
"""Check if Orion is available"""
@wraps(func)
def decorated_function(*args, **kwargs):
if orion.get_version() == '':
page_name, page_content = (
'Orion LD',
'Could not connect to the Orion LD. URL: {}'.format(
orion.url),
)
return render_template('simple.html',
page_name=page_name,
page_content=page_content)
return func(*args, **kwargs)
return decorated_function
def check_keycloak(func):
"""Check if Keycloak is available"""
@wraps(func)
def decorated_function(*args, **kwargs):
if not idm.is_active():
page_name, page_content = (
'Keycloack',
'Could not connect to the Keycloack IDM. URL: {}'.format(
idm.config['server']),
)
return render_template('simple.html',
page_name=page_name,
page_content=page_content)
return func(*args, **kwargs)
return decorated_function
def check_iotagent(func):
"""Check if IoT Agent is available"""
@wraps(func)
def decorated_function(*args, **kwargs):
if iotagent.get_version() == '':
page_name, page_content = (
'IoT Agent',
'Could not connect to the IoT Agent. URL: {}'.format(
iotagent.url),
)
return render_template('simple.html',
page_name=page_name,
page_content=page_content)
return func(*args, **kwargs)
return decorated_function
def check_quantumleap(func):
"""Check if QuantumLeap is available"""
@wraps(func)
def decorated_function(*args, **kwargs):
if quantumleap.get_version() == '':
page_name, page_content = (
'QuantumLeap',
'Could not connect to the QuantumLeap. URL: {}'.format(
quantumleap.url),
)
return render_template('simple.html',
page_name=page_name,
page_content=page_content)
return func(*args, **kwargs)
return decorated_function
@app.route('/orion/device', methods=['GET', 'POST'])
@oidc.require_login
@check_orion
@check_keycloak
def orion_device():
"""Render Device Wizard page"""
device_type = request.args.get('types')
if device_type is None:
return select_type(datamodel.device_types, 'Orion LD')
if device_type not in datamodel.device_types:
return wrong_device_type(device_type, '/orion/device', 'Orion LD')
form, properties_dict = formservice.create_form_template(
device_type, orion, datamodel)
if request.method == 'POST':
form = form(request.form)
if form.validate():
params = {}
for fieldname, value in form.data.items():
if fieldname.endswith('_datetime'):
params[fieldname] = value.isoformat() + 'Z'
else:
params[fieldname] = value
entity = datamodel.create_entity(device_type, params)
result = orion.create_entity(entity)
id_key = properties_dict['id'][2]
device_type = formservice.get_device_type(device_type)
idm.create_entity(
'urn:ngsi-ld:{}:{}'.format(device_type, params[id_key]),
device_type)
if result['status']:
page_name = 'Success'
page_content = 'Entity successfully created. Go to <a href="/orion/devices">Orion LD devices page</a>.'
return render_template('simple.html',
page_name=page_name,
page_content=page_content)
else:
page_name = 'Failed'
page_content = 'Could not create entity. <a href="" onclick="windows.back()">Go Back</a> <br/>Reason: <span class="text-danger">{}</span>'.format(
result['error'])
return render_template('simple.html',
page_name=page_name,
page_content=page_content)
return render_template('form_generator.html',
form=form(),
action='Register',
fiware_service='Orion LD')
@app.route('/orion/edit_device', methods=['GET', 'POST'])
@oidc.require_login
@check_orion
def orion_edit_device():
"""Edit device properties"""
device_id = request.args.get('id')
device_type = request.args.get('type')
form = formservice.create_form_entity(device_id, device_type, orion,
datamodel)
if request.method == 'POST':
filled_form = form(request.form)
if filled_form.validate():
result = orion.update_entity(
device_id,
formservice.create_entity_update(filled_form.data.items()))
if result['status']:
page_name = 'Success'
page_content = 'Entity successfully updated. Go to <a href="/orion/device">+ Orion LD page</a>.'
return render_template('simple.html',
page_name=page_name,
page_content=page_content)
else:
page_name = 'Failed'
page_content = 'Could not update entity. <a href="" onclick="windows.back()">Go Back</a> <br/>Reason: <span class="text-danger">{}</span>'.format(
result['error'])
return render_template('simple.html',
page_name=page_name,
page_content=page_content)
return render_template('form_generator.html',
form=form(),
action='Update',
fiware_service='Orion LD')
@app.route('/orion/devices', methods=['GET', 'POST'])
@oidc.require_login
@check_orion
@check_keycloak
def get_orion_devices():
"""Render list of Orion devices page"""
device_type = request.args.get('types')
if device_type is None:
return select_type(datamodel.device_types,
'Orion LD',
render_page='orion/devices.html')
if device_type not in datamodel.device_types:
return wrong_device_type(device_type, '/orion/device', 'Orion LD')
device_type = device_type.split(".")[0]
devices = orion.get_entities(device_type)
for device in devices:
device['mqtt_topic'] = idm.create_topic(device['id'], device_type)
device['mqtt_user'] = device['id'].lower()
return render_template('orion/devices_to_json.html',
devices=devices,
device_type=device_type)
@app.route('/orion/subscriptions', methods=['GET', 'POST'])
@oidc.require_login
@check_orion
def get_orion_subscriptions():
"""Render Orion subscrpitions page"""
return render_template('orion/subscriptions.html')
@app.route('/orion/subscriptions_to_json', methods=['GET', 'POST'])
@oidc.require_login
def get_orion_subscriptions_json():
"""Render Orion subscriptions as JSON"""
subscriptions = orion.get_subscriptions()
return render_template('orion/subscriptions_to_json.html',
subscriptions=subscriptions)
@app.route('/orion/delete', methods=['GET'])
@oidc.require_login
@check_orion
@check_keycloak
def orion_delete():
"""Delete device from Orion"""
device_id = request.args.get('device_id')
orion.delete_entity(device_id)
idm.delete_entity(device_id)
return "true"
@app.route('/orion/init_subscriptions', methods=['GET'])
@oidc.require_login
@check_orion
@check_quantumleap
def orion_init_subscription():
"""Init QuantumLeap subscriptions in Orion for the Datamodel"""
devices_types = datamodel.iotdevice_types
for devices_type in devices_types:
try:
result = orion.create_subscription(devices_type)
except Exception as e:
pass
page_name = 'Success'
page_content = 'Subscriptions successfully registered. Go to <a href="/iotagent/device">+ IoT Agent device</a>.'
return render_template('simple.html',
page_name=page_name,
page_content=page_content)
@app.route('/orion/delete_subscription', methods=['GET'])
@oidc.require_login
@check_orion
def orion_delete_subscription():
"""Delete subscription from Orion"""
subcription_id = request.args.get('subscription_id')
r = orion.delete_subscription(subcription_id)
return "true"
@app.route('/orion/register_classes', methods=['GET'])
@oidc.require_login
@check_orion
def orion_register_classes():
"""Register properties classes for the Datamodel"""
classes = datamodel.get_classes_files()
for cls in classes:
if os.path.isfile(cls):
data = open(cls, 'rt').read()
try:
result = orion.create_entity(data)
except Exception as e:
pass
page_name = 'Success'
page_content = 'Classes successfully registered. Go to <a href="/iotagent/device">+ IoT Agent device</a>.'
return render_template('simple.html',
page_name=page_name,
page_content=page_content)
# IoT Agent routes
@app.route('/iotagent/device', methods=['GET', 'POST'])
@oidc.require_login
@check_orion
@check_keycloak
@check_iotagent
def iotagent_device():
"""Render page for IoT Agent device"""
device_type = request.args.get('types')
if device_type is None:
return select_type(datamodel.iotdevice_types, 'IoT Agent')
if device_type not in datamodel.iotdevice_types:
return wrong_device_type(device_type, '/iotagent/device',
'IoT Agent')
form = formservice.create_form_json(device_type, orion, datamodel)
if request.method == 'POST':
form = form(request.form)
if form.validate():
params = {}
for fieldname, value in form.data.items():
if fieldname.endswith('_datetime'):
params[fieldname] = value.isoformat() + 'Z'
else:
params[fieldname] = value
services = iotagent.get_services()
apikey = IDM.create_apikey(device_type)
is_service_exist = False
for service in services['services']:
if service['apikey'] == apikey:
is_service_exist = True
if not is_service_exist:
iotagent.create_service(apikey, device_type)
device = formservice.create_iotdevice(device_type, params,
datamodel)
result = iotagent.create_device(device)
idm.create_entity(device['entity_name'], device['entity_type'])
if result['status']:
page_name = 'Success'
page_content = 'Entity successfully registered. Go to <a href="/iotagent/devices">IoT Agent registered devices page</a>.'
return render_template('simple.html',
page_name=page_name,
page_content=page_content)
else:
page_name = 'Failed'
page_content = 'Could not register entity. <a href="" onclick="windows.back()">Go Back</a> <br/>Reason: <span class="text-danger">{}</span>'.format(
result['error'])
return render_template('simple.html',
page_name=page_name,
page_content=page_content)
return render_template('form_generator.html',
form=form(),
action='Register',
fiware_service='IoT Agent')
@app.route('/iotagent/devices', methods=['GET', 'POST'])
@oidc.require_login
@check_iotagent
@check_keycloak
def get_iotagent_devices():
"""Render IoT Agent devices"""
return render_template('iotagent/devices.html')
@app.route('/iotagent/devices_to_json', methods=['GET', 'POST'])
@oidc.require_login
def get_iotagent_devices_json():
"""Render IoT Agent devices as JSON"""
devices = iotagent.get_entities()
for device in devices['devices']:
device['mqtt_topic'] = idm.create_topic(device['entity_name'],
device['entity_type'])
device['mqtt_user'] = device['entity_name'].lower()
return render_template('iotagent/devices_to_json.html',
devices=devices)
@app.route('/iotagent/services', methods=['GET', 'POST'])
@oidc.require_login
@check_iotagent
def get_iotagent_services():
"""Render IoT Agent services"""
return render_template('iotagent/services.html')
@app.route('/iotagent/services_to_json', methods=['GET', 'POST'])
@oidc.require_login
def get_iotagent_services_json():
"""Render IoT Agent services as JSON"""
services = iotagent.get_services()
return render_template('iotagent/services_to_json.html',
services=services)
@app.route('/iotagent/delete_service', methods=['GET'])
@oidc.require_login
@check_orion
def iotagent_delete_service():
"""Delete service from IoT Agent"""
apikey = request.args.get('apikey')
resource = request.args.get('resource')
iotagent.delete_service(apikey, resource)
return "true"
@app.route('/iotagent/delete_device', methods=['GET'])
@oidc.require_login
@check_iotagent
@check_keycloak
def iotagent_delete_device():
"""Delete device from IoT Agent"""
device_id = request.args.get('device_id')
iotagent.delete_entity(device_id)
idm.delete_entity(device_id)
return "true"
return app
limiter = Limiter(key_func=get_remote_address)
cache_supported_backends = {
None: __cache_module.NullCache,
'memcached': __cache_module.MemcachedCache,
'redis': __cache_module.RedisCache
}
__cache_uri = os.environ.get('CACHE_SERVICE')
if __cache_uri:
try:
# example __cache_uri is 'redis:dev_redis_1:6379'
[__cache_type, __url, __port] = __cache_uri.split(':')
except ValueError:
raise ImproperlyConfigured('CACHE_SERVICE is wrongly formatted. Use "redis:dev_redis_1:6379" as example.')
if __cache_type == 'redis':
cache = __cache_module.RedisCache(host=__url, port=__port, default_timeout=os.environ.get('CACHE_TIMEOUT'))
elif __cache_type == 'memcached':
cache = __cache_module.MemcachedCache(
servers=["{url}:{port}".format(url=__url, port=__port)],
default_timeout=os.environ.get('CACHE_TIMEOUT')
)
else:
raise ImproperlyConfigured('Unknown cache service, only Memcached and Redis are supported at the moment.')
else:
cache = __cache_module.NullCache
credentials_store = SqliteDict('flask_oidc.db', autocommit=True)
openid_connect = OpenIDConnect(credentials_store=credentials_store)
socketio.init_app(application,
async_mode='eventlet',
message_queue=application.config['ACTIVE_MQ_URL'],
path='/api/v1/socket.io')
else:
socketio.init_app(application, path='/api/v1/socket.io')
if application.config['CORS_ALLOWED_ORIGINS'] is not None:
CORS(application,
supports_credentials=True,
origins=application.config['CORS_ALLOWED_ORIGINS'])
api = Api(application, prefix='/api/v1', doc='/api/v1/')
from flask_oidc import OpenIDConnect
oidc = OpenIDConnect(application)
# Set up Flask Admin.
from app import admin
flask_admin = Admin(application,
name='Admin Console',
template_mode='bootstrap3',
index_view=admin.HomeView())
flask_admin.add_view(admin.ChannelModelView)
flask_admin.add_view(admin.CounterModelView)
flask_admin.add_view(admin.CSRModelView)
flask_admin.add_view(admin.CSRGAModelView)
flask_admin.add_view(admin.InvigilatorModelView)
flask_admin.add_view(admin.OfficeModelView)
flask_admin.add_view(admin.OfficeGAModelView)
flask_admin.add_view(admin.RoleModelView)
description="Apis desarrollada para manejar Farma Salud")
flask_app.config.update({
'SECRET_KEY': 'SomethingNotEntirelySecret',
'TESTING': True,
'DEBUG': True,
'OIDC_CLIENT_SECRETS': 'conf/client_secrets.json',
'OIDC_ID_TOKEN_COOKIE_SECURE': False,
'OIDC_REQUIRE_VERIFIED_EMAIL': False,
'OIDC_USER_INFO_ENABLED': True,
'OIDC_OPENID_REALM': 'farmasalud',
'OIDC_SCOPES': ['openid', 'email', 'profile'],
'OIDC_INTROSPECTION_AUTH_METHOD': 'client_secret_post'
})
oidc = OpenIDConnect(flask_app)
#app.namespace()
sucursales = app.namespace('sucursales', description='Manejar Sucursales')
articulos = app.namespace('articulos', description='Manejar articulos')
inventory = app.namespace('inventory', description='Manejar articulos')
user = app.namespace('user', description='Manejar articulos')
login = app.namespace('login', description='login')
logout = app.namespace('logout', description='login')
with open(r'conf/efip_config.yaml') as file:
config = yaml.load(file, Loader=yaml.FullLoader)
agregararticulo_model = app.model(
'Modelo agregar articulo', {
'nombre_del_articulo':
import flask
#from fedora.client import AuthError, AppError
from flask_oidc import OpenIDConnect
import munch
# Set up Flask application
app = flask.Flask(__name__)
# Application configuration (add secret key of your choice)
app.config["OIDC_CLIENT_SECRETS"] = "client_secrets.json"
app.config["SECRET_KEY"] = "secretkey"
app.config["OIDC_SCOPES"] = [
'openid', 'email', 'profile', 'https://id.fedoraproject.org/scope/groups',
'https://id.fedoraproject.org/scope/agreements'
]
# Set up FAS extension
OIDC = OpenIDConnect(app, credentials_store=flask.session)
@app.before_request
def before_request():
"""Set the flask session as permanent."""
flask.session.permanent = True
@app.route("/logged_in")
@OIDC.require_login
def logged_in():
return flask.Response(
f"You are now logged in. Try to logout by going to http://localhost:5000/logout {OIDC.user_getfield('email')} {OIDC.user_getfield('zoneinfo')} {OIDC.user_getfield('preferred_username')}"
)
def __init__(self, appbuilder):
super().__init__(appbuilder)
if self.auth_type == AUTH_OID:
self.oid = OpenIDConnect(self.appbuilder.get_app)
self.authoidview = KeycloakAuthOIDCView
import json
import logging
logging.basicConfig()
config = {
'OIDC_CLIENT_SECRETS': './client_secrets.json',
'OIDC_ID_TOKEN_COOKIE_SECURE': False,
'OIDC_VALID_ISSUERS': 'http://*****:*****@app.route('/userinfo')
@oidc.accept_token()
def my_api():
#return json.dumps('Welcome %s' % oidc.oidc_token_info['sub'])
return json.dumps(oidc._retrieve_userinfo())