Merge branch 'dev' into custom_current_user

Monogramm · Mar 12, 2023 · bd30c73 · bd30c73
2 parents 0ac7a5a + 84cfd16
commit bd30c73
Show file tree

Hide file tree

Showing 9 changed files with 137 additions and 49 deletions.
diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml
@@ -6,6 +6,7 @@ name: MegaLinter
 on:
   push:
     branches-ignore:
+      - "*"
       - "dev"
       - "main"
       - "master"

diff --git a/powerdnsadmin/models/setting.py b/powerdnsadmin/models/setting.py
@@ -28,8 +28,8 @@ class Setting(db.Model):
         'allow_user_create_domain': False,
         'allow_user_remove_domain': False,
         'allow_user_view_history': False,
-	'delete_sso_accounts': False,
         'custom_history_header': '',
+        'delete_sso_accounts': False,
         'bg_domain_updates': False,
         'enable_api_rr_history': True,
         'preserve_history': False,
@@ -45,7 +45,7 @@ class Setting(db.Model):
         'local_db_enabled': True,
         'signup_enabled': True,
         'autoprovisioning': False,
-        'urn_value':'',
+        'urn_value': '',
         'autoprovisioning_attribute': '',
         'purge': False,
         'verify_user_email': False,
@@ -70,25 +70,31 @@ class Setting(db.Model):
         'github_oauth_scope': 'email',
         'github_oauth_api_url': 'https://api.github.com/user',
         'github_oauth_token_url':
-        'https://github.com/login/oauth/access_token',
+            'https://github.com/login/oauth/access_token',
         'github_oauth_authorize_url':
-        'https://github.com/login/oauth/authorize',
+            'https://github.com/login/oauth/authorize',
+        'github_oauth_jwks_url': '',
+        'github_oauth_metadata_url': '',
         'google_oauth_enabled': False,
         'google_oauth_client_id': '',
         'google_oauth_client_secret': '',
         'google_token_url': 'https://oauth2.googleapis.com/token',
         'google_oauth_scope': 'openid email profile',
         'google_authorize_url': 'https://accounts.google.com/o/oauth2/v2/auth',
+        'google_oauth_jwks_url': '',
+        'google_oauth_metadata_url': '',
         'google_base_url': 'https://www.googleapis.com/oauth2/v3/',
         'azure_oauth_enabled': False,
         'azure_oauth_key': '',
         'azure_oauth_secret': '',
         'azure_oauth_scope': 'User.Read openid email profile',
         'azure_oauth_api_url': 'https://graph.microsoft.com/v1.0/',
         'azure_oauth_token_url':
-        'https://login.microsoftonline.com/[tenancy]/oauth2/v2.0/token',
+            'https://login.microsoftonline.com/[tenancy]/oauth2/v2.0/token',
         'azure_oauth_authorize_url':
-        'https://login.microsoftonline.com/[tenancy]/oauth2/v2.0/authorize',
+            'https://login.microsoftonline.com/[tenancy]/oauth2/v2.0/authorize',
+        'azure_oauth_jwks_url': '',
+        'azure_oauth_metadata_url': '',
         'azure_sg_enabled': False,
         'azure_admin_group': '',
         'azure_operator_group': '',
@@ -105,6 +111,7 @@ class Setting(db.Model):
         'oidc_oauth_api_url': '',
         'oidc_oauth_token_url': '',
         'oidc_oauth_authorize_url': '',
+        'oidc_oauth_jwks_url': '',
         'oidc_oauth_metadata_url': '',
         'oidc_oauth_logout_url': '',
         'oidc_oauth_username': 'preferred_username',
@@ -285,7 +292,7 @@ def get(self, setting):
                 result = self.query.filter(Setting.name == setting).first()
 
             if result is not None:
-                if hasattr(result,'value'):
+                if hasattr(result, 'value'):
                     result = result.value
                 return strtobool(result) if result in [
                     'True', 'False'

diff --git a/powerdnsadmin/routes/admin.py b/powerdnsadmin/routes/admin.py
@@ -1637,12 +1637,16 @@ def setting_authentication():
                               request.form.get('google_oauth_client_id'))
                 Setting().set('google_oauth_client_secret',
                               request.form.get('google_oauth_client_secret'))
+                Setting().set('google_oauth_metadata_url',
+                              request.form.get('google_oauth_metadata_url'))
                 Setting().set('google_token_url',
                               request.form.get('google_token_url'))
                 Setting().set('google_oauth_scope',
                               request.form.get('google_oauth_scope'))
                 Setting().set('google_authorize_url',
                               request.form.get('google_authorize_url'))
+                Setting().set('google_oauth_jwks_url',
+                              request.form.get('google_oauth_jwks_url'))
                 Setting().set('google_base_url',
                               request.form.get('google_base_url'))
                 result = {
@@ -1670,10 +1674,14 @@ def setting_authentication():
                               request.form.get('github_oauth_scope'))
                 Setting().set('github_oauth_api_url',
                               request.form.get('github_oauth_api_url'))
+                Setting().set('github_oauth_metadata_url',
+                              request.form.get('github_oauth_metadata_url'))
                 Setting().set('github_oauth_token_url',
                               request.form.get('github_oauth_token_url'))
                 Setting().set('github_oauth_authorize_url',
                               request.form.get('github_oauth_authorize_url'))
+                Setting().set('github_oauth_jwks_url',
+                              request.form.get('github_oauth_jwks_url'))
                 result = {
                     'status': True,
                     'msg':
@@ -1699,10 +1707,14 @@ def setting_authentication():
                               request.form.get('azure_oauth_scope'))
                 Setting().set('azure_oauth_api_url',
                               request.form.get('azure_oauth_api_url'))
+                Setting().set('azure_oauth_metadata_url',
+                              request.form.get('azure_oauth_metadata_url'))
                 Setting().set('azure_oauth_token_url',
                               request.form.get('azure_oauth_token_url'))
                 Setting().set('azure_oauth_authorize_url',
                               request.form.get('azure_oauth_authorize_url'))
+                Setting().set('azure_oauth_jwks_url',
+                              request.form.get('azure_oauth_jwks_url'))
                 Setting().set(
                     'azure_sg_enabled', True
                     if request.form.get('azure_sg_enabled') == 'ON' else False)
@@ -1750,12 +1762,14 @@ def setting_authentication():
                               request.form.get('oidc_oauth_scope'))
                 Setting().set('oidc_oauth_api_url',
                               request.form.get('oidc_oauth_api_url'))
+                Setting().set('oidc_oauth_metadata_url',
+                              request.form.get('oidc_oauth_metadata_url'))
                 Setting().set('oidc_oauth_token_url',
                               request.form.get('oidc_oauth_token_url'))
                 Setting().set('oidc_oauth_authorize_url',
                               request.form.get('oidc_oauth_authorize_url'))
-                Setting().set('oidc_oauth_metadata_url',
-                              request.form.get('oidc_oauth_metadata_url'))
+                Setting().set('oidc_oauth_jwks_url',
+                              request.form.get('oidc_oauth_jwks_url'))
                 Setting().set('oidc_oauth_logout_url',
                               request.form.get('oidc_oauth_logout_url'))
                 Setting().set('oidc_oauth_username',

diff --git a/powerdnsadmin/services/azure.py b/powerdnsadmin/services/azure.py
@@ -23,6 +23,8 @@ def update_token(token):
         request_token_url=None,
         access_token_url=Setting().get('azure_oauth_token_url'),
         authorize_url=Setting().get('azure_oauth_authorize_url'),
+        jwks_url=Setting().get('azure_oauth_jwks_url'),
+        server_metadata_url=Setting().get('azure_oauth_metadata_url'),
         client_kwargs={'scope': Setting().get('azure_oauth_scope')},
         fetch_token=fetch_azure_token,
     )

diff --git a/powerdnsadmin/services/github.py b/powerdnsadmin/services/github.py
@@ -24,6 +24,8 @@ def update_token(token):
         request_token_url=None,
         access_token_url=Setting().get('github_oauth_token_url'),
         authorize_url=Setting().get('github_oauth_authorize_url'),
+        jwks_url=Setting().get('github_oauth_jwks_url'),
+        server_metadata_url=Setting().get('github_oauth_metadata_url'),
         client_kwargs={'scope': Setting().get('github_oauth_scope')},
         fetch_token=fetch_github_token,
         update_token=update_token)

diff --git a/powerdnsadmin/services/google.py b/powerdnsadmin/services/google.py
@@ -23,6 +23,8 @@ def update_token(token):
         request_token_url=None,
         access_token_url=Setting().get('google_token_url'),
         authorize_url=Setting().get('google_authorize_url'),
+        jwks_url=Setting().get('google_oauth_jwks_url'),
+        server_metadata_url=Setting().get('google_oauth_metadata_url'),
         client_kwargs={'scope': Setting().get('google_oauth_scope')},
         fetch_token=fetch_google_token,
         update_token=update_token)

diff --git a/powerdnsadmin/services/oidc.py b/powerdnsadmin/services/oidc.py
@@ -23,6 +23,7 @@ def update_token(token):
         request_token_url=None,
         access_token_url=Setting().get('oidc_oauth_token_url'),
         authorize_url=Setting().get('oidc_oauth_authorize_url'),
+        jwks_url=Setting().get('oidc_oauth_jwks_url'),
         server_metadata_url=Setting().get('oidc_oauth_metadata_url'),
         client_kwargs={'scope': Setting().get('oidc_oauth_scope')},
         fetch_token=fetch_oidc_token,
-Original file line number
+Diff line change
@@ Expand Up / @@ -6,6 +6,7 @@ name: MegaLinter @@
     on:
       push:
         branches-ignore:
+          - "*"
           - "dev"
           - "main"
           - "master"
@@ Expand Down @@