add abac datas in session
This commit is contained in:
parent
ab4ec523c3
commit
ada42f291a
|
@ -101,7 +101,6 @@ class DevicehubConfig(Config):
|
|||
URL_MANUALS = config('URL_MANUALS', None)
|
||||
ABAC_TOKEN = config('ABAC_TOKEN', None)
|
||||
ABAC_COOKIE = config('ABAC_COOKIE', None)
|
||||
ABAC_USER = config('ABAC_USER', None)
|
||||
|
||||
"""Definition of oauth jwt details."""
|
||||
OAUTH2_JWT_ENABLED = config('OAUTH2_JWT_ENABLED', False)
|
||||
|
|
|
@ -70,10 +70,11 @@ class LoginForm(FlaskForm):
|
|||
self.form_errors.append(self.error_messages['inactive'])
|
||||
|
||||
if 'dpp' in app.blueprints.keys():
|
||||
token_dlt = (
|
||||
user.get_dlt_keys(self.password.data).get('data', {}).get('api_token')
|
||||
)
|
||||
dlt_keys = user.get_dlt_keys(self.password.data).get('data', {})
|
||||
token_dlt = dlt_keys.get('api_token')
|
||||
eth_pub_key = dlt_keys.get('eth_pub_key')
|
||||
session['token_dlt'] = token_dlt
|
||||
session['eth_pub_key'] = eth_pub_key
|
||||
session['rols'] = user.get_rols()
|
||||
|
||||
return user.is_active
|
||||
|
|
|
@ -195,7 +195,7 @@ class User(UserMixin, Thing):
|
|||
def _call_abac(self, path):
|
||||
abac_tk = app.config.get('ABAC_TOKEN')
|
||||
abac_coockie = app.config.get('ABAC_COOKIE')
|
||||
eth_pub_key = app.config.get('ABAC_USER')
|
||||
eth_pub_key = session.get('eth_pub_key')
|
||||
abac_path = path
|
||||
if not (abac_tk and eth_pub_key and abac_path):
|
||||
return ''
|
||||
|
@ -210,15 +210,26 @@ class User(UserMixin, Thing):
|
|||
|
||||
def get_abac_did(self):
|
||||
try:
|
||||
if session.get('iota_abac_did'):
|
||||
return session.get('iota_abac_did')
|
||||
|
||||
r = self._call_abac('did')
|
||||
if not r or not r.status_code == 200:
|
||||
return ''
|
||||
return r.json().get('did', '')
|
||||
did = r.json().get('did', '').strip()
|
||||
if not did:
|
||||
return ''
|
||||
|
||||
session['iota_abac_did'] = did
|
||||
return did
|
||||
except Exception:
|
||||
return ''
|
||||
|
||||
def get_abac_attributes(self):
|
||||
try:
|
||||
if session.get('iota_abac_attributes'):
|
||||
return session.get('iota_abac_attributes')
|
||||
|
||||
r = self._call_abac('attributes')
|
||||
if not r or not r.status_code == 200:
|
||||
return {}
|
||||
|
@ -228,11 +239,12 @@ class User(UserMixin, Thing):
|
|||
result = {}
|
||||
for j in data:
|
||||
k = j.get('attributeURI', '').split('/')[-1].split("#")[-1]
|
||||
v = j.get('attributeValue', '')
|
||||
v = j.get('attributeValue', '').strip()
|
||||
if not (k and v):
|
||||
continue
|
||||
result[k] = v
|
||||
|
||||
session['iota_abac_attributes'] = result
|
||||
return result
|
||||
|
||||
except Exception:
|
||||
|
|
|
@ -107,17 +107,23 @@
|
|||
</div>
|
||||
|
||||
<div class="tab-pane fade pt-3" id="id_abac_attrs">
|
||||
{% if current_user.get_abac_did() %}
|
||||
<div class="row mb-3">
|
||||
<label class="col-md-4 col-lg-3 col-form-label">Did</label>
|
||||
<div class="col-md-8 col-lg-9">
|
||||
{{ current_user.get_abac_did() }}
|
||||
<a href="https://explorer.stable.iota-ec.net/custom/identity-resolver/{{ current_user.get_abac_did() }}" target="_blank">{{ current_user.get_abac_did() }}</a>
|
||||
</div>
|
||||
</div>
|
||||
{% endif %}
|
||||
{% for k, v in current_user.get_abac_attributes().items() %}
|
||||
<div class="row mb-3">
|
||||
<label class="col-md-4 col-lg-3 col-form-label">{{ k }}</label>
|
||||
<div class="col-md-8 col-lg-9">
|
||||
{% if v[:4] == 'http' %}
|
||||
<a href="{{ v }}" target="_blank">{{ v }}</a>
|
||||
{% else %}
|
||||
{{ v }}
|
||||
{% endif %}
|
||||
</div>
|
||||
</div>
|
||||
{% endfor %}
|
||||
|
|
|
@ -64,7 +64,14 @@ class LoginView(View):
|
|||
|
||||
class LogoutView(View):
|
||||
def dispatch_request(self):
|
||||
session_vars = ['token_dlt', 'rols', 'oidc']
|
||||
session_vars = [
|
||||
'token_dlt',
|
||||
'eth_pub_key',
|
||||
'rols',
|
||||
'oidc',
|
||||
'iota_abac_did',
|
||||
'iota_abac_attributes',
|
||||
]
|
||||
[session.pop(i, '') for i in session_vars]
|
||||
next_url = flask.request.args.get('next')
|
||||
logout_user()
|
||||
|
|
Reference in a new issue