add abac datas in session
This commit is contained in:
parent
ab4ec523c3
commit
ada42f291a
|
@ -101,7 +101,6 @@ class DevicehubConfig(Config):
|
||||||
URL_MANUALS = config('URL_MANUALS', None)
|
URL_MANUALS = config('URL_MANUALS', None)
|
||||||
ABAC_TOKEN = config('ABAC_TOKEN', None)
|
ABAC_TOKEN = config('ABAC_TOKEN', None)
|
||||||
ABAC_COOKIE = config('ABAC_COOKIE', None)
|
ABAC_COOKIE = config('ABAC_COOKIE', None)
|
||||||
ABAC_USER = config('ABAC_USER', None)
|
|
||||||
|
|
||||||
"""Definition of oauth jwt details."""
|
"""Definition of oauth jwt details."""
|
||||||
OAUTH2_JWT_ENABLED = config('OAUTH2_JWT_ENABLED', False)
|
OAUTH2_JWT_ENABLED = config('OAUTH2_JWT_ENABLED', False)
|
||||||
|
|
|
@ -70,10 +70,11 @@ class LoginForm(FlaskForm):
|
||||||
self.form_errors.append(self.error_messages['inactive'])
|
self.form_errors.append(self.error_messages['inactive'])
|
||||||
|
|
||||||
if 'dpp' in app.blueprints.keys():
|
if 'dpp' in app.blueprints.keys():
|
||||||
token_dlt = (
|
dlt_keys = user.get_dlt_keys(self.password.data).get('data', {})
|
||||||
user.get_dlt_keys(self.password.data).get('data', {}).get('api_token')
|
token_dlt = dlt_keys.get('api_token')
|
||||||
)
|
eth_pub_key = dlt_keys.get('eth_pub_key')
|
||||||
session['token_dlt'] = token_dlt
|
session['token_dlt'] = token_dlt
|
||||||
|
session['eth_pub_key'] = eth_pub_key
|
||||||
session['rols'] = user.get_rols()
|
session['rols'] = user.get_rols()
|
||||||
|
|
||||||
return user.is_active
|
return user.is_active
|
||||||
|
|
|
@ -195,7 +195,7 @@ class User(UserMixin, Thing):
|
||||||
def _call_abac(self, path):
|
def _call_abac(self, path):
|
||||||
abac_tk = app.config.get('ABAC_TOKEN')
|
abac_tk = app.config.get('ABAC_TOKEN')
|
||||||
abac_coockie = app.config.get('ABAC_COOKIE')
|
abac_coockie = app.config.get('ABAC_COOKIE')
|
||||||
eth_pub_key = app.config.get('ABAC_USER')
|
eth_pub_key = session.get('eth_pub_key')
|
||||||
abac_path = path
|
abac_path = path
|
||||||
if not (abac_tk and eth_pub_key and abac_path):
|
if not (abac_tk and eth_pub_key and abac_path):
|
||||||
return ''
|
return ''
|
||||||
|
@ -210,15 +210,26 @@ class User(UserMixin, Thing):
|
||||||
|
|
||||||
def get_abac_did(self):
|
def get_abac_did(self):
|
||||||
try:
|
try:
|
||||||
|
if session.get('iota_abac_did'):
|
||||||
|
return session.get('iota_abac_did')
|
||||||
|
|
||||||
r = self._call_abac('did')
|
r = self._call_abac('did')
|
||||||
if not r or not r.status_code == 200:
|
if not r or not r.status_code == 200:
|
||||||
return ''
|
return ''
|
||||||
return r.json().get('did', '')
|
did = r.json().get('did', '').strip()
|
||||||
|
if not did:
|
||||||
|
return ''
|
||||||
|
|
||||||
|
session['iota_abac_did'] = did
|
||||||
|
return did
|
||||||
except Exception:
|
except Exception:
|
||||||
return ''
|
return ''
|
||||||
|
|
||||||
def get_abac_attributes(self):
|
def get_abac_attributes(self):
|
||||||
try:
|
try:
|
||||||
|
if session.get('iota_abac_attributes'):
|
||||||
|
return session.get('iota_abac_attributes')
|
||||||
|
|
||||||
r = self._call_abac('attributes')
|
r = self._call_abac('attributes')
|
||||||
if not r or not r.status_code == 200:
|
if not r or not r.status_code == 200:
|
||||||
return {}
|
return {}
|
||||||
|
@ -228,11 +239,12 @@ class User(UserMixin, Thing):
|
||||||
result = {}
|
result = {}
|
||||||
for j in data:
|
for j in data:
|
||||||
k = j.get('attributeURI', '').split('/')[-1].split("#")[-1]
|
k = j.get('attributeURI', '').split('/')[-1].split("#")[-1]
|
||||||
v = j.get('attributeValue', '')
|
v = j.get('attributeValue', '').strip()
|
||||||
if not (k and v):
|
if not (k and v):
|
||||||
continue
|
continue
|
||||||
result[k] = v
|
result[k] = v
|
||||||
|
|
||||||
|
session['iota_abac_attributes'] = result
|
||||||
return result
|
return result
|
||||||
|
|
||||||
except Exception:
|
except Exception:
|
||||||
|
|
|
@ -107,17 +107,23 @@
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="tab-pane fade pt-3" id="id_abac_attrs">
|
<div class="tab-pane fade pt-3" id="id_abac_attrs">
|
||||||
|
{% if current_user.get_abac_did() %}
|
||||||
<div class="row mb-3">
|
<div class="row mb-3">
|
||||||
<label class="col-md-4 col-lg-3 col-form-label">Did</label>
|
<label class="col-md-4 col-lg-3 col-form-label">Did</label>
|
||||||
<div class="col-md-8 col-lg-9">
|
<div class="col-md-8 col-lg-9">
|
||||||
{{ current_user.get_abac_did() }}
|
<a href="https://explorer.stable.iota-ec.net/custom/identity-resolver/{{ current_user.get_abac_did() }}" target="_blank">{{ current_user.get_abac_did() }}</a>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
{% endif %}
|
||||||
{% for k, v in current_user.get_abac_attributes().items() %}
|
{% for k, v in current_user.get_abac_attributes().items() %}
|
||||||
<div class="row mb-3">
|
<div class="row mb-3">
|
||||||
<label class="col-md-4 col-lg-3 col-form-label">{{ k }}</label>
|
<label class="col-md-4 col-lg-3 col-form-label">{{ k }}</label>
|
||||||
<div class="col-md-8 col-lg-9">
|
<div class="col-md-8 col-lg-9">
|
||||||
|
{% if v[:4] == 'http' %}
|
||||||
|
<a href="{{ v }}" target="_blank">{{ v }}</a>
|
||||||
|
{% else %}
|
||||||
{{ v }}
|
{{ v }}
|
||||||
|
{% endif %}
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
|
@ -64,7 +64,14 @@ class LoginView(View):
|
||||||
|
|
||||||
class LogoutView(View):
|
class LogoutView(View):
|
||||||
def dispatch_request(self):
|
def dispatch_request(self):
|
||||||
session_vars = ['token_dlt', 'rols', 'oidc']
|
session_vars = [
|
||||||
|
'token_dlt',
|
||||||
|
'eth_pub_key',
|
||||||
|
'rols',
|
||||||
|
'oidc',
|
||||||
|
'iota_abac_did',
|
||||||
|
'iota_abac_attributes',
|
||||||
|
]
|
||||||
[session.pop(i, '') for i in session_vars]
|
[session.pop(i, '') for i in session_vars]
|
||||||
next_url = flask.request.args.get('next')
|
next_url = flask.request.args.get('next')
|
||||||
logout_user()
|
logout_user()
|
||||||
|
|
Reference in a new issue