def _logout():
if current_user.is_authenticated:
next_url = get_safe_redirect_target()
resp = make_response(redirect(next_url))
resp.delete_cookie("session")
return resp
return jsonify(message="User not logged in"), 401
def gitlab_connect():
r"""Endpoint to init the REANA connection to GitLab.
---
get:
summary: Initiate connection to GitLab.
operationId: gitlab_connect
description: >-
Initiate connection to GitLab to authorize accessing the
authenticated user's API.
responses:
302:
description: >-
Redirection to GitLab site.
"""
# Get redirect target in safe manner.
next_param = get_safe_redirect_target()
# Create a JSON Web Token
state_token = serializer.dumps({
"next": next_param,
"sid": _create_identifier(),
})
params = {
"client_id": REANA_GITLAB_OAUTH_APP_ID,
"redirect_uri": url_for(".gitlab_oauth", _external=True),
"response_type": "code",
"scope": "api",
"state": state_token,
}
req = requests.PreparedRequest()
req.prepare_url(REANA_GITLAB_URL + "/oauth/authorize", params)
return redirect(req.url), 302
def gitlab_connect():
r"""Endpoint to init the REANA connection to GitLab.
---
get:
summary: Initiate connection to GitLab.
operationId: gitlab_connect
description: >-
Initiate connection to GitLab to authorize accessing the
authenticated user's API.
responses:
302:
description: >-
Redirection to GitLab site.
"""
# Get redirect target in safe manner.
next_param = get_safe_redirect_target()
# Create a JSON Web Token
state_token = serializer.dumps({
'next': next_param,
'sid': _create_identifier(),
})
params = {
'client_id': REANA_GITLAB_OAUTH_APP_ID,
'redirect_uri': url_for('.gitlab_oauth', _external=True),
'response_type': 'code',
'scope': 'api',
'state': state_token
}
req = requests.PreparedRequest()
req.prepare_url(REANA_GITLAB_URL + '/oauth/authorize', params)
return redirect(req.url), 302
def login(remote_app):
"""
Redirect user to remote application for authentication.
This function redirects the user to the IdP for authorization. After having
authorized the IdP redirects the user back to this web application as
configured in your ``saml_path``.
Args:
remote_app (str): The remote application key name.
Returns:
flask.Response: Return redirect response to IdP or abort in case
of failure.
"""
if remote_app not in current_app.config['SHIBBOLETH_REMOTE_APPS']:
return abort(404)
conf = current_app.config['SHIBBOLETH_REMOTE_APPS'][remote_app]
if 'saml_path' not in conf:
return abort(500, 'Bad server configuration.')
# Store next parameter in state token
next_param = get_safe_redirect_target(arg='next')
if not next_param:
next_param = '/'
state_token = serializer.dumps({
'app': remote_app,
'next': next_param,
'sid': _create_identifier(),
})
saml_path = conf['saml_path']
req = prepare_flask_request(request)
try:
auth = init_saml_auth(req, saml_path)
except OneLogin_Saml2_Error:
return abort(500)
return redirect(auth.login(state_token))
def test_get_safe_redirect_target(app, test_input, expected):
with app.test_request_context('/?next={0}'.format(quote_plus(test_input))):
assert get_safe_redirect_target() == expected
