public inbox for [email protected]
help / color / mirror / Atom feedFrom: Yogesh Mahajan <[email protected]>
To: pgadmin-hackers <[email protected]>
Subject: Re: Feature #7325 - Support for Azure AD OAUTH2 authentication
Date: Thu, 21 Apr 2022 11:49:49 +0530
Message-ID: <CAMa=N=M_kBSQ2XhaFLPD=99qhBzSiWxZYRq6wSfyroeJZv_AmA@mail.gmail.com> (raw)
In-Reply-To: <CAMa=N=O8qXiGkAhVZ_Cw-CzjJMEZdDfS3AiJ7CFhvXSeMstsYA@mail.gmail.com>
References: <CAMa=N=O8qXiGkAhVZ_Cw-CzjJMEZdDfS3AiJ7CFhvXSeMstsYA@mail.gmail.com>
Hi,
Please ignore the previous patch. Here is the updated one.
Thanks,
Yogesh Mahajan
EnterpriseDB
On Thu, Apr 21, 2022 at 11:12 AM Yogesh Mahajan <
[email protected]> wrote:
> Hi,
>
> Please find the attached patch which adds support for Azure AD
> authentication method.
>
> Thanks,
> Yogesh Mahajan
> EnterpriseDB
>
Attachments:
[application/octet-stream] RM_7325_v2.patch (2.6K, 3-RM_7325_v2.patch)
download | inline diff:
diff --git a/web/pgadmin/authenticate/oauth2.py b/web/pgadmin/authenticate/oauth2.py
index 935d110a7..07d398380 100644
--- a/web/pgadmin/authenticate/oauth2.py
+++ b/web/pgadmin/authenticate/oauth2.py
@@ -88,6 +88,7 @@ class OAuth2Authentication(BaseAuthentication):
oauth_obj = OAuth(Flask(__name__))
oauth2_clients = {}
oauth2_config = {}
+ email_keys = ['mail', 'email']
def __init__(self):
for oauth2_config in config.OAUTH2_CONFIG:
@@ -119,7 +120,11 @@ class OAuth2Authentication(BaseAuthentication):
def login(self, form):
profile = self.get_user_profile()
- if 'email' not in profile or not profile['email']:
+ email_key = \
+ [value for value in self.email_keys if value in profile.keys()]
+ email = profile[email_key[0]] if (len(email_key) > 0) else None
+
+ if not email or email == '':
current_app.logger.exception(
"An email id is required to login into pgAdmin. "
"Please update your Oauth2 profile."
@@ -128,10 +133,10 @@ class OAuth2Authentication(BaseAuthentication):
"An email id is required to login into pgAdmin. "
"Please update your Oauth2 profile.")
- user, msg = self.__auto_create_user(profile)
+ user, msg = self.__auto_create_user(email)
if user:
user = db.session.query(User).filter_by(
- username=profile['email'], auth_source=OAUTH2).first()
+ username=email, auth_source=OAUTH2).first()
current_app.login_manager.logout_view = \
OAuth2Authentication.LOGOUT_VIEW
return login_user(user), None
@@ -161,17 +166,17 @@ class OAuth2Authentication(BaseAuthentication):
return False, self.oauth2_clients[
self.oauth2_current_client].authorize_redirect(redirect_url)
- def __auto_create_user(self, resp):
+ def __auto_create_user(self, email):
if config.OAUTH2_AUTO_CREATE_USER:
- user = User.query.filter_by(username=resp['email'],
+ user = User.query.filter_by(username=email,
auth_source=OAUTH2).first()
if not user:
return create_user({
- 'username': resp['email'],
- 'email': resp['email'],
+ 'username': email,
+ 'email': email,
'role': 2,
'active': True,
'auth_source': OAUTH2
})
- return True, {'username': resp['email']}
+ return True, {'username': email}
view thread (3+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected]
Subject: Re: Feature #7325 - Support for Azure AD OAUTH2 authentication
In-Reply-To: <CAMa=N=M_kBSQ2XhaFLPD=99qhBzSiWxZYRq6wSfyroeJZv_AmA@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox