aboutsummaryrefslogtreecommitdiff
path: root/gn_auth/auth
diff options
context:
space:
mode:
Diffstat (limited to 'gn_auth/auth')
-rw-r--r--gn_auth/auth/authorisation/users/admin/views.py57
1 files changed, 56 insertions, 1 deletions
diff --git a/gn_auth/auth/authorisation/users/admin/views.py b/gn_auth/auth/authorisation/users/admin/views.py
index b0bb2db..3aadf49 100644
--- a/gn_auth/auth/authorisation/users/admin/views.py
+++ b/gn_auth/auth/authorisation/users/admin/views.py
@@ -3,12 +3,14 @@ import uuid
import json
import random
import string
+from pathlib import Path
from typing import Optional
from functools import partial
from dataclasses import asdict
from urllib.parse import urlparse
from datetime import datetime, timezone, timedelta
+from authlib.jose import JsonWebKey
from email_validator import validate_email, EmailNotValidError
from flask import (
flash,
@@ -17,7 +19,8 @@ from flask import (
redirect,
Blueprint,
current_app,
- render_template)
+ render_template,
+ current_app as app)
from gn_auth import session
@@ -259,6 +262,58 @@ def view_client(client_id: uuid.UUID):
scope=current_app.config["OAUTH2_SCOPE"],
granttypes=_FORM_GRANT_TYPES_)
+@admin.route("/register-client-public-key", methods=["POST"])
+@is_admin
+def register_client_public_key():
+ """Register a client's SSL key"""
+ form = request.form
+ admin_dashboard_uri = redirect(url_for("oauth2.admin.dashboard"))
+ view_client_uri = redirect(url_for("oauth2.admin.view_client",
+ client_id=form["client_id"]))
+ if not bool(form.get("client_id")):
+ flash("No client selected.", "alert-danger")
+ return admin_dashboard_uri
+
+ try:
+ _client = with_db_connection(partial(
+ oauth2_client, client_id=uuid.UUID(form["client_id"])))
+ if _client.is_nothing():
+ raise ValueError("No such client.")
+ _client = _client.value
+ except ValueError:
+ flash("Invalid client ID provided.", "alert-danger")
+ return admin_dashboard_uri
+ try:
+ _key = JsonWebKey.import_key(form["client_ssl_key"].strip())
+ except ValueError:
+ flash("Invalid key provided!", "alert-danger")
+ return view_client_uri
+
+ keypath = Path(app.config["CLIENTS_SSL_PUBLIC_KEYS_DIR"]).joinpath(
+ f"{_key.thumbprint()}.pem")
+ if not keypath.exists():
+ with open(keypath, mode="w", encoding="utf8") as _kpth:
+ _kpth.write(form["client_ssl_key"])
+
+ from gn_auth.debug import __pk__
+ with_db_connection(partial(save_client, the_client=OAuth2Client(
+ client_id=_client.client_id,
+ client_secret=_client.client_secret,
+ client_id_issued_at=_client.client_id_issued_at,
+ client_secret_expires_at=_client.client_secret_expires_at,
+ client_metadata={
+ **_client.client_metadata,
+ "public_keys": list(set(
+ _client.client_metadata.get("public_keys", []) +
+ [str(keypath)]))},
+ user=_client.user)))
+ flash("Client key successfully registered.", "alert-success")
+ return view_client_uri
+
+ flash("Client key already exists.", "alert-warning")
+ return view_client_uri
+
+
@admin.route("/edit-client", methods=["POST"])
@is_admin
def edit_client():