From 5c688d42f8453b5336d4e83bc54c6bf1f2d2dfc5 Mon Sep 17 00:00:00 2001 From: Aurélien Bompard Date: Dec 12 2024 17:04:01 +0000 Subject: Adapt to a newer version of flask-oidc Signed-off-by: Aurélien Bompard --- diff --git a/fedora_elections/__init__.py b/fedora_elections/__init__.py index 749b05a..9167bc9 100644 --- a/fedora_elections/__init__.py +++ b/fedora_elections/__init__.py @@ -42,7 +42,7 @@ import fedora_elections.proxy import flask -from flask_oidc import OpenIDConnect +from flask_oidc import OpenIDConnect, signals import munch @@ -109,7 +109,7 @@ def is_admin(user, user_groups=None): user_groups = [] if is_authenticated() and OIDC.user_loggedin: - user_groups = OIDC.user_getfield("groups") + user_groups = flask.session["oidc_auth_profile"].get("groups", []) if len(user_groups) < 1: return False @@ -200,14 +200,15 @@ def set_session(): # pragma: no-cover if OIDC.user_loggedin: if not hasattr(flask.session, "fas_user") or not flask.session.fas_user: + oidc_user = flask.session["oidc_auth_profile"] flask.session.fas_user = munch.Munch( { - "username": OIDC.user_getfield("nickname"), - "email": OIDC.user_getfield("email") or "", - "timezone": OIDC.user_getfield("zoneinfo"), + "username": oidc_user["nickname"], + "email": oidc_user["email"] or "", + "timezone": oidc_user.get("zoneinfo"), #"Check for group membership instead of OIDC.user_getfield("agreements"), # which apparently does not work. - "cla_done": "signed_fpca" in (OIDC.user_getfield("groups") or []), + "cla_done": "signed_fpca" in oidc_user.get("groups", []), } ) flask.g.fas_user = flask.session.fas_user @@ -308,28 +309,10 @@ def archived_elections(): return flask.render_template("archive.html", elections=old_elections) -@APP.route("/login", methods=("GET", "POST")) -@OIDC.require_login -def auth_login(): - next_url = None - if "next" in flask.request.args: - if is_safe_url(flask.request.args["next"]): - next_url = flask.request.args["next"] - - if not next_url or next_url == flask.url_for(".auth_login"): - next_url = flask.url_for(".index") - - return safe_redirect_back(next_url) - - -@APP.route("/logout") -def auth_logout(): - if hasattr(flask.g, "fas_user") and flask.g.fas_user is not None: - OIDC.logout() - flask.g.fas_user = None - flask.session.fas_user = None - flask.flash("You have been logged out") - return safe_redirect_back() +@signals.after_logout.connect_via(APP) +def on_logout(sender, template, context, **extra): + flask.g.fas_user = None + flask.session.fas_user = None # Finalize the import of other controllers diff --git a/fedora_elections/admin.py b/fedora_elections/admin.py index c10788b..89df411 100644 --- a/fedora_elections/admin.py +++ b/fedora_elections/admin.py @@ -54,7 +54,7 @@ def election_admin_required(f): @wraps(f) def decorated_function(*args, **kwargs): if not is_authenticated(): - return flask.redirect(flask.url_for("auth_login", next=flask.request.url)) + return flask.redirect(flask.url_for("oidc_auth.login", next=flask.request.url)) if not is_admin(flask.g.fas_user): flask.abort(403) return f(*args, **kwargs) diff --git a/fedora_elections/elections.py b/fedora_elections/elections.py index 6039341..e2b450e 100644 --- a/fedora_elections/elections.py +++ b/fedora_elections/elections.py @@ -46,7 +46,7 @@ def login_required(f): @wraps(f) def decorated_function(*args, **kwargs): if not is_authenticated(): - return flask.redirect(flask.url_for("auth_login", next=flask.request.url)) + return flask.redirect(flask.url_for("oidc_auth.login", next=flask.request.url)) elif not flask.g.fas_user.cla_done: flask.flash("You must sign the CLA to vote", "error") return safe_redirect_back() diff --git a/fedora_elections/templates/base.html b/fedora_elections/templates/base.html index c963822..b77942c 100644 --- a/fedora_elections/templates/base.html +++ b/fedora_elections/templates/base.html @@ -41,12 +41,12 @@
- log out + log out
{% else %}
  • - Log In + Log In
    • {% endif %}