add abac datas in session

This commit is contained in:
Cayo Puigdefabregas 2023-11-06 16:48:03 +01:00
parent ab4ec523c3
commit ada42f291a
5 changed files with 34 additions and 9 deletions

View file

@ -101,7 +101,6 @@ class DevicehubConfig(Config):
URL_MANUALS = config('URL_MANUALS', None) URL_MANUALS = config('URL_MANUALS', None)
ABAC_TOKEN = config('ABAC_TOKEN', None) ABAC_TOKEN = config('ABAC_TOKEN', None)
ABAC_COOKIE = config('ABAC_COOKIE', None) ABAC_COOKIE = config('ABAC_COOKIE', None)
ABAC_USER = config('ABAC_USER', None)
"""Definition of oauth jwt details.""" """Definition of oauth jwt details."""
OAUTH2_JWT_ENABLED = config('OAUTH2_JWT_ENABLED', False) OAUTH2_JWT_ENABLED = config('OAUTH2_JWT_ENABLED', False)

View file

@ -70,10 +70,11 @@ class LoginForm(FlaskForm):
self.form_errors.append(self.error_messages['inactive']) self.form_errors.append(self.error_messages['inactive'])
if 'dpp' in app.blueprints.keys(): if 'dpp' in app.blueprints.keys():
token_dlt = ( dlt_keys = user.get_dlt_keys(self.password.data).get('data', {})
user.get_dlt_keys(self.password.data).get('data', {}).get('api_token') token_dlt = dlt_keys.get('api_token')
) eth_pub_key = dlt_keys.get('eth_pub_key')
session['token_dlt'] = token_dlt session['token_dlt'] = token_dlt
session['eth_pub_key'] = eth_pub_key
session['rols'] = user.get_rols() session['rols'] = user.get_rols()
return user.is_active return user.is_active

View file

@ -195,7 +195,7 @@ class User(UserMixin, Thing):
def _call_abac(self, path): def _call_abac(self, path):
abac_tk = app.config.get('ABAC_TOKEN') abac_tk = app.config.get('ABAC_TOKEN')
abac_coockie = app.config.get('ABAC_COOKIE') abac_coockie = app.config.get('ABAC_COOKIE')
eth_pub_key = app.config.get('ABAC_USER') eth_pub_key = session.get('eth_pub_key')
abac_path = path abac_path = path
if not (abac_tk and eth_pub_key and abac_path): if not (abac_tk and eth_pub_key and abac_path):
return '' return ''
@ -210,15 +210,26 @@ class User(UserMixin, Thing):
def get_abac_did(self): def get_abac_did(self):
try: try:
if session.get('iota_abac_did'):
return session.get('iota_abac_did')
r = self._call_abac('did') r = self._call_abac('did')
if not r or not r.status_code == 200: if not r or not r.status_code == 200:
return '' return ''
return r.json().get('did', '') did = r.json().get('did', '').strip()
if not did:
return ''
session['iota_abac_did'] = did
return did
except Exception: except Exception:
return '' return ''
def get_abac_attributes(self): def get_abac_attributes(self):
try: try:
if session.get('iota_abac_attributes'):
return session.get('iota_abac_attributes')
r = self._call_abac('attributes') r = self._call_abac('attributes')
if not r or not r.status_code == 200: if not r or not r.status_code == 200:
return {} return {}
@ -228,11 +239,12 @@ class User(UserMixin, Thing):
result = {} result = {}
for j in data: for j in data:
k = j.get('attributeURI', '').split('/')[-1].split("#")[-1] k = j.get('attributeURI', '').split('/')[-1].split("#")[-1]
v = j.get('attributeValue', '') v = j.get('attributeValue', '').strip()
if not (k and v): if not (k and v):
continue continue
result[k] = v result[k] = v
session['iota_abac_attributes'] = result
return result return result
except Exception: except Exception:

View file

@ -107,17 +107,23 @@
</div> </div>
<div class="tab-pane fade pt-3" id="id_abac_attrs"> <div class="tab-pane fade pt-3" id="id_abac_attrs">
{% if current_user.get_abac_did() %}
<div class="row mb-3"> <div class="row mb-3">
<label class="col-md-4 col-lg-3 col-form-label">Did</label> <label class="col-md-4 col-lg-3 col-form-label">Did</label>
<div class="col-md-8 col-lg-9"> <div class="col-md-8 col-lg-9">
{{ current_user.get_abac_did() }} <a href="https://explorer.stable.iota-ec.net/custom/identity-resolver/{{ current_user.get_abac_did() }}" target="_blank">{{ current_user.get_abac_did() }}</a>
</div> </div>
</div> </div>
{% endif %}
{% for k, v in current_user.get_abac_attributes().items() %} {% for k, v in current_user.get_abac_attributes().items() %}
<div class="row mb-3"> <div class="row mb-3">
<label class="col-md-4 col-lg-3 col-form-label">{{ k }}</label> <label class="col-md-4 col-lg-3 col-form-label">{{ k }}</label>
<div class="col-md-8 col-lg-9"> <div class="col-md-8 col-lg-9">
{% if v[:4] == 'http' %}
<a href="{{ v }}" target="_blank">{{ v }}</a>
{% else %}
{{ v }} {{ v }}
{% endif %}
</div> </div>
</div> </div>
{% endfor %} {% endfor %}

View file

@ -64,7 +64,14 @@ class LoginView(View):
class LogoutView(View): class LogoutView(View):
def dispatch_request(self): def dispatch_request(self):
session_vars = ['token_dlt', 'rols', 'oidc'] session_vars = [
'token_dlt',
'eth_pub_key',
'rols',
'oidc',
'iota_abac_did',
'iota_abac_attributes',
]
[session.pop(i, '') for i in session_vars] [session.pop(i, '') for i in session_vars]
next_url = flask.request.args.get('next') next_url = flask.request.args.get('next')
logout_user() logout_user()