public inbox for [email protected]
help / color / mirror / Atom feedFrom: Florian Sabonchi <[email protected]>
To: [email protected]
Subject: feature #6640
Date: Sun, 10 Oct 2021 10:42:51 +0000
Message-ID: <[email protected]> (raw)
Hi I have written a patch for feature #6640
Attachments:
[text/x-patch] 0001-first-draft-for-feature-6640.patch (3.7K, 2-0001-first-draft-for-feature-6640.patch)
download | inline diff:
From fd3978884501845099ca6547cd342ead0f833b14 Mon Sep 17 00:00:00 2001
From: Florian Sabonchi <[email protected]>
Date: Sun, 10 Oct 2021 12:38:50 +0200
Subject: [PATCH] first draft for feature #6640
---
docs/en_US/oauth2.rst | 1 +
web/config.py | 2 ++
web/pgadmin/authenticate/oauth2.py | 19 +++++++++++++++++--
3 files changed, 20 insertions(+), 2 deletions(-)
diff --git a/docs/en_US/oauth2.rst b/docs/en_US/oauth2.rst
index 4cc2628f5..6cf2f5aba 100644
--- a/docs/en_US/oauth2.rst
+++ b/docs/en_US/oauth2.rst
@@ -36,6 +36,7 @@ and modify the values for the following parameters:
"OAUTH2_AUTO_CREATE_USER", "Set the value to *True* if you want to automatically
create a pgAdmin user corresponding to a successfully authenticated Oauth2 user.
Please note that password is not stored in the pgAdmin database."
+ "ALLOWED_ORGANIZATIONS", "Github organizations which are allowed. If the user is in an organization that is not in the list, logging in is not possible."
Redirect URL
============
diff --git a/web/config.py b/web/config.py
index 7a1f4ab1f..ec8ec0959 100644
--- a/web/config.py
+++ b/web/config.py
@@ -719,6 +719,8 @@ OAUTH2_CONFIG = [
'OAUTH2_ICON': None,
# UI button colour, ex: #0000ff
'OAUTH2_BUTTON_COLOR': None,
+ # Allowed github organizations
+ 'ALLOWED_ORGANIZATIONS': [''],
}
]
diff --git a/web/pgadmin/authenticate/oauth2.py b/web/pgadmin/authenticate/oauth2.py
index cc1143e06..866e12680 100644
--- a/web/pgadmin/authenticate/oauth2.py
+++ b/web/pgadmin/authenticate/oauth2.py
@@ -8,11 +8,12 @@
##########################################################################
"""A blueprint module implementing the Oauth2 authentication."""
+import requests as requests
import config
from authlib.integrations.flask_client import OAuth
-from flask import current_app, url_for, session, request,\
+from flask import current_app, url_for, session, request, \
redirect, Flask, flash
from flask_babelex import gettext
from flask_security import login_user, current_user
@@ -91,7 +92,6 @@ class OAuth2Authentication(BaseAuthentication):
def __init__(self):
for oauth2_config in config.OAUTH2_CONFIG:
-
OAuth2Authentication.oauth2_config[
oauth2_config['OAUTH2_NAME']] = oauth2_config
@@ -130,6 +130,17 @@ class OAuth2Authentication(BaseAuthentication):
user, msg = self.__auto_create_user(profile)
if user:
+ organizations = self.get_organizations(profile['organizations_url'])
+
+ for oauth2_config in config.OAUTH2_CONFIG:
+ allowed_organizations = oauth2_config['ALLOWED_ORGANIZATIONS']
+ if allowed_organizations:
+ for organization in organizations:
+ if organization['login'] not in allowed_organizations:
+ return False, gettext("You are in an organization "
+ "that is not on the "
+ "whitelist")
+
user = db.session.query(User).filter_by(
username=profile['email'], auth_source=OAUTH2).first()
current_app.login_manager.logout_view = \
@@ -137,6 +148,10 @@ class OAuth2Authentication(BaseAuthentication):
return login_user(user), None
return False, msg
+ def get_organizations(self, organizations_url: str):
+ organizations = requests.get(organizations_url)
+ return organizations.json()
+
def get_user_profile(self):
session['oauth2_token'] = self.oauth2_clients[
self.oauth2_current_client].authorize_access_token()
--
2.25.1
[application/pgp-keys] OpenPGP_0x9B79A5A968AF5F8F.asc (2.4K, 3-OpenPGP_0x9B79A5A968AF5F8F.asc)
download
[application/pgp-signature] OpenPGP_signature (665B, 4-OpenPGP_signature)
download
view thread (3+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected]
Subject: Re: feature #6640
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox