Mirrors/WGDashboard
1
0
Fork 0
mirror of https://github.com/donaldzou/WGDashboard.git synced 2025-07-13 16:46:58 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Update DashboardOIDC.py

Browse Source 
Testing more with OIDC
This commit is contained in:
Donald Zou 2025-07-01 13:06:16 +08:00
parent 491119d676
commit a619e7f571
1 changed files with 68 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/modules/DashboardOIDC.py
View File

@ -3,6 +3,7 @@ import json
import requests import requests
from jose import jwt from jose import jwt
import certifi import certifi
from flask import current_app
class DashboardOIDC: class DashboardOIDC:
@ -29,14 +30,22 @@ class DashboardOIDC:
providers = {} providers = {}
for k in self.providers.keys(): for k in self.providers.keys():
if all([self.providers[k]['client_id'], self.providers[k]['client_secret'], self.providers[k]['issuer']]): if all([self.providers[k]['client_id'], self.providers[k]['client_secret'], self.providers[k]['issuer']]):
try:
oidc_config = requests.get(
f"{self.providers[k]['issuer'].strip('/')}/.well-known/openid-configuration",
verify=certifi.where()
).json()
providers[k] = { providers[k] = {
'client_id': self.providers[k]['client_id'], 'client_id': self.providers[k]['client_id'],
'issuer': self.providers[k]['issuer'].strip('/') 'issuer': self.providers[k]['issuer'].strip('/')
} }
except Exception as e:
current_app.logger.error("Failed to request OIDC config for this provider: " + self.providers[k]['issuer'].strip('/'), exc_info=e)
return providers return providers
def VerifyToken(self, provider, code, redirect_uri): def VerifyToken(self, provider, code, redirect_uri):
try:
if not all([provider, code, redirect_uri]): if not all([provider, code, redirect_uri]):
return False, "" return False, ""
@ -65,13 +74,11 @@ class DashboardOIDC:
except Exception as e: except Exception as e:
return False, str(e) return False, str(e)
id_token = tokens.get('id_token') id_token = tokens.get('id_token')
jwks_uri = oidc_config.get("jwks_uri") jwks_uri = oidc_config.get("jwks_uri")
issuer = oidc_config.get("issuer") issuer = oidc_config.get("issuer")
jwks = requests.get(jwks_uri, verify=certifi.where()).json() jwks = requests.get(jwks_uri, verify=certifi.where()).json()
print(jwks)
headers = jwt.get_unverified_header(id_token) headers = jwt.get_unverified_header(id_token)
kid = headers["kid"] kid = headers["kid"]
@ -86,10 +93,17 @@ class DashboardOIDC:
) )
return True, payload return True, payload
except Exception as e:
current_app.logger.error('Read OIDC file failed. Reason: ' + str(e), provider, code, redirect_uri)
return False, str(e)
def ReadFile(self): def ReadFile(self):
decoder = json.JSONDecoder() decoder = json.JSONDecoder()
try:
self.providers = decoder.decode( self.providers = decoder.decode(
open(DashboardOIDC.ConfigurationFilePath, 'r').read() open(DashboardOIDC.ConfigurationFilePath, 'r').read()
) )
except Exception as e:
current_app.logger.error('Read OIDC file failed. Reason: ' + str(e))
return False