Skip to content
Snippets Groups Projects
Commit a7178594 authored by Mart van Santen's avatar Mart van Santen
Browse files

Fix merge 

Merge branch '94-make-recovery-link-password-recovery-work-with-kratos' of open.greenhost.net:stackspin/single-sign-on into 94-make-recovery-link-password-recovery-work-with-kratos
parents 11f6c3e1 6d5a5865
No related branches found
No related tags found
1 merge request!51Resolve "Make recovery link / password recovery work with kratos"
Pipeline #9647 failed
Expand all Hide whitespace changes
Inline Side-by-side
Showing
with 233 additions and 32 deletions
docs/set-ssh-tunnel.sh
+ 28
9
View file @ a7178594
...@@ -2,25 +2,44 @@ ...@@ -2,25 +2,44 @@
host=$1 host=$1
namespace=$2
if [ "x$host" == "x" ] if [ "x$host" == "x" ]
then then
echo "Please give host of kubernetes master as argument" echo "Please give host of kubernetes master as argument. Optionally a
exit namespace can be provided. This defaults to 'stackspin'"
echo " "
echo $0 hostname [namespace]
exit 1
fi fi
admin=`ssh $host -lroot kubectl get service -n oas|grep single-sign-on-kratos-admin | awk '{print $3'}` if [ "x$namespace" == "x" ]
public=`ssh $host -lroot kubectl get service -n oas|grep single-sign-on-kratos-public | awk '{print $3}'` then
hydra=`ssh $host -lroot kubectl get service -n oas|grep single-sign-on-hydra-admin | awk '{print $3}'` namespace="stackspin"
psql=`ssh $host -lroot kubectl get service -n oas|grep single-sign-on-postgres|grep -v headless | awk '{print $3}'` fi
admin=`ssh $host -lroot kubectl get service -n $namespace |grep single-sign-on-kratos-admin | awk '{print $3'}`
public=`ssh $host -lroot kubectl get service -n $namespace |grep single-sign-on-kratos-public | awk '{print $3}'`
hydra=`ssh $host -lroot kubectl get service -n $namespace |grep single-sign-on-hydra-admin | awk '{print $3}'`
psql=`ssh $host -lroot kubectl get service -n $namespace |grep single-sign-on-postgres|grep -v headless | awk '{print $3}'`
if [ "x$admin" == 'x' ] || [ "x$public" == 'x' ] || [ "x$hydra" == 'x' ] || [ "x$psql" == 'x' ]
then
echo "It seems we where not able find at least one of the remote services"
echo " please make sure that kubectl use the right namespace by default."
echo " normally this is 'stackspin'. If you use a different namespace"
echo " please provide this as second argument"
exit 1
fi
echo " echo "
kratos admin port will be at localhost: 8000 kratos admin port will be at localhost: 8000
kratos public port will be at localhost: 8080 kratos public port will be at localhost: 8080
hydra admin port will be at localhost:4445 hydra admin port will be at localhost: 4445
psql port will be at localhost:5432 psql port will be at localhost: 5432
" "
ssh -L 8000:$admin:80 -L 8080:$public:80 -L 4445:$hydra:4445 -L 5432:$psql:5432 root@$host ssh -L 8000:$admin:80 -L 8080:$public:80 -L 4445:$hydra:4445 -L 5432:$psql:5432 root@$host
login/README.md
+ 10
5
View file @ a7178594
...@@ -10,20 +10,25 @@ ...@@ -10,20 +10,25 @@
# Database migration # Database migration
If your database is not up to date, migrate or initalize it If your database is not up to datedw initalize it:
``` ```
flask db init flask db init
# flask db migrate -m "Comment about migrate"
flask db upgrade flask db upgrade
``` ```
Note: The migrate command is only needed if you made changes to the model If you make changes on the model and want to generate the migrations for that,
run the following
```
flask db migrate -m "Comment about migrate"
flask db upgrade
```
# CLI Commands # CLI Commands
You can manipulate the kratos and postgres database with some CLI commands: You can manipulate the apps and users database with CLI commands:
``` ```
# Help: # Help:
...@@ -35,7 +40,7 @@ flask user create email@example.com ...@@ -35,7 +40,7 @@ flask user create email@example.com
flask user setadmin email@example.com flask user setadmin email@example.com
flask app create "nextcloud" "Nextcloud Collaboration Software" flask app create "nextcloud" "Nextcloud Collaboration Software"
flask app create "zulib" "NextGen Chat Application" flask app create "zulip" "NextGen Chat Application"
flask app create "matrix" "Living the dream" flask app create "matrix" "Living the dream"
``` ```
login/app.py
+ 28
16
View file @ a7178594
# Basic system imports # Basic system imports
import pprint
import logging import logging
import os import os
import click import click
import pprint
# Flask # Flask
from flask import abort, Flask, redirect, request, render_template from flask import abort, Flask, redirect, request, render_template
...@@ -13,13 +13,13 @@ from flask_migrate import Migrate ...@@ -13,13 +13,13 @@ from flask_migrate import Migrate
from flask.cli import AppGroup from flask.cli import AppGroup
# Import modules for external APS # Import modules for external APIs
# Hydra, OIDC Identity Provider # Hydra, OIDC Identity Provider
import hydra_client import hydra_client
# Kratos, Identity manager # Kratos, Identity manager
import ory_kratos_client import ory_kratos_client
from ory_kratos_client.api import metadata_api from ory_kratos_client.api import metadata_api
from ory_kratos_client.api import v0alpha2_api as kratos_api from ory_kratos_client.api import v0alpha2_api as kratos_api
from ory_kratos_client.model.generic_error import GenericError from ory_kratos_client.model.generic_error import GenericError
...@@ -43,7 +43,7 @@ app.config.from_object(os.environ['APP_SETTINGS']) ...@@ -43,7 +43,7 @@ app.config.from_object(os.environ['APP_SETTINGS'])
# Set right logging level based on config DEBUG flag # Set right logging level based on config DEBUG flag
if (app.config['DEBUG']): if app.config['DEBUG']:
app.logger.setLevel(logging.INFO) app.logger.setLevel(logging.INFO)
else: else:
app.logger.setLevel(logging.ERROR) app.logger.setLevel(logging.ERROR)
...@@ -55,7 +55,7 @@ HYDRA = hydra_client.HydraAdmin(app.config["HYDRA_ADMIN_URL"]) ...@@ -55,7 +55,7 @@ HYDRA = hydra_client.HydraAdmin(app.config["HYDRA_ADMIN_URL"])
# Kratos has an admin and public end-point. We create an API for them # Kratos has an admin and public end-point. We create an API for them
# both. The kratos implementation has bugs, which forces us to set # both. The kratos implementation has bugs, which forces us to set
# the discard_unkonwn_keys to True. # the discard_unknown_keys to True.
tmp = ory_kratos_client.Configuration(host=app.config["KRATOS_ADMIN_URL"], tmp = ory_kratos_client.Configuration(host=app.config["KRATOS_ADMIN_URL"],
discard_unknown_keys= True) discard_unknown_keys= True)
KRATOS_ADMIN = kratos_api.V0alpha2Api(ory_kratos_client.ApiClient(tmp)) KRATOS_ADMIN = kratos_api.V0alpha2Api(ory_kratos_client.ApiClient(tmp))
...@@ -86,7 +86,7 @@ from models import User, App, AppRole ...@@ -86,7 +86,7 @@ from models import User, App, AppRole
# #
# WARNING: # WARNING:
# #
# Below are very minimalistic calls to interfaces for development and testing # Below are very minimalistic calls to interfaces for development and testing
# purposed. Eventually this need to be moved to seperate files and more # purposed. Eventually this need to be moved to seperate files and more
# sophisticated calls with try{} catch{} claused etc. # sophisticated calls with try{} catch{} claused etc.
# #
...@@ -104,7 +104,7 @@ app_cli = AppGroup('app') ...@@ -104,7 +104,7 @@ app_cli = AppGroup('app')
@click.argument('slug') @click.argument('slug')
@click.argument('name') @click.argument('name')
def create_app(slug, name): def create_app(slug, name):
app.logger.info("Creating app definition: {1} ({0})".format(slug, name)) app.logger.info(f"Creating app definition: {name} ({slug})")
obj = App() obj = App()
obj.name = name obj.name = name
...@@ -161,7 +161,7 @@ def create_user(email): ...@@ -161,7 +161,7 @@ def create_user(email):
# - Should check if database entry already exists. If so, double check if # - Should check if database entry already exists. If so, double check if
# kratos user exists. If not, create that one. # kratos user exists. If not, create that one.
# #
# - If no DB user, should check with kratos of user already exists. If so, # - If no DB user, should check with kratos of user already exists. If so,
# throw warning, but still create DB entrie # throw warning, but still create DB entrie
# #
# - After creating kratos user, check if success, otherwise throw warning. # - After creating kratos user, check if success, otherwise throw warning.
...@@ -205,7 +205,7 @@ def delete_user(email): ...@@ -205,7 +205,7 @@ def delete_user(email):
db.session.delete(obj) db.session.delete(obj)
# TODO: # TODO:
# - if delete succesfull, also delete kratos user, if exists # - if delete succesfull, also delete kratos user, if exists
# - probably user roles need to be deleted before user can be deleted # - probably user roles need to be deleted before user can be deleted
...@@ -249,7 +249,7 @@ def unsetadmin_user(email): ...@@ -249,7 +249,7 @@ def unsetadmin_user(email):
@user_cli.command('recover') @user_cli.command('recover')
@click.argument('email') @click.argument('email')
def recover_user(email): def recover_user(email):
app.logger.info("Trying to sent recover email for user: {0}".format(email)) app.logger.info("Trying to send recover email for user: {0}".format(email))
obj = User.query.filter_by(email=email).first() obj = User.query.filter_by(email=email).first()
...@@ -264,7 +264,7 @@ def recover_user(email): ...@@ -264,7 +264,7 @@ def recover_user(email):
body = AdminCreateSelfServiceRecoveryLinkBody( body = AdminCreateSelfServiceRecoveryLinkBody(
expires_in="1h", expires_in="1h",
identity_id=obj.kratos_id, identity_id=obj.kratos_id,
) )
# example passing only required values which don't have defaults set # example passing only required values which don't have defaults set
# and optional values # and optional values
...@@ -274,8 +274,9 @@ def recover_user(email): ...@@ -274,8 +274,9 @@ def recover_user(email):
admin_create_self_service_recovery_link_body=body) admin_create_self_service_recovery_link_body=body)
pprint.pprint(api_response) pprint.pprint(api_response)
except ory_kratos_client.ApiException as e: except ory_kratos_client.ApiException as error:
print("Exception when calling V0alpha2Api->admin_create_self_service_recovery_link: %s\n" % e) app.logger.error("Exception when calling" +
"V0alpha2Api->admin_create_self_service_recovery_link: %s\n" % error)
return return
...@@ -293,10 +294,21 @@ app.cli.add_command(user_cli) ...@@ -293,10 +294,21 @@ app.cli.add_command(user_cli)
# -> recovery # -> recovery
# TODO: Create webroutes # TODO: Create webroutes
@app.route('/recover', methods=['GET', 'POST']) @app.route('/recovery', methods=['GET', 'POST'])
def recover(): def recovery():
flow = request.args.get("flow")
if not flow:
return redirect(app.config["KRATOS_PUBLIC_URL"] + "self-service/recovery/browser")
return render_template('recover.html') # localhost:8080/self-service/recover/browser
# return redirect("https://google.com")
# /self-service/recovery/browsera
return render_template(
'recover.html',
api_url = app.config["KRATOS_PUBLIC_URL"]
)
#login_form=login_form, logo=login_request.client.logo_uri, application_name=login_request.client.client_name) #login_form=login_form, logo=login_request.client.logo_uri, application_name=login_request.client.client_name)
......
login/config.py
+ 1
1
View file @ a7178594
...@@ -16,7 +16,7 @@ class Config(object): ...@@ -16,7 +16,7 @@ class Config(object):
HYDRA_ADMIN_URL = os.environ['HYDRA_ADMIN_URL']; HYDRA_ADMIN_URL = os.environ['HYDRA_ADMIN_URL'];
KRATOS_ADMIN_URL = os.environ['KRATOS_ADMIN_URL']; KRATOS_ADMIN_URL = os.environ['KRATOS_ADMIN_URL'];
KRATOS_PUBLIC_URL = os.environ['KRATOS_PUBLIC_URL']; KRATOS_PUBLIC_URL = os.environ['KRATOS_PUBLIC_URL'] + "/";
......
login/source_env
+ 1
1
View file @ a7178594
...@@ -4,7 +4,7 @@ ...@@ -4,7 +4,7 @@
export FLASK_RUN_HOST=0.0.0.0 export FLASK_RUN_HOST=0.0.0.0
export FLASK_RUN_PORT=5000 export FLASK_RUN_PORT=5000
export HYDRA_ADMIN_URL=http://localhost:4445 export HYDRA_ADMIN_URL=http://localhost:4445
export KRATOS_PUBLIC_URL=http://localhost:8080 export KRATOS_PUBLIC_URL=http://localhost/api
export KRATOS_ADMIN_URL=http://localhost:8000 export KRATOS_ADMIN_URL=http://localhost:8000
export DATABASE_URL="postgresql://stackspin:stackspin@localhost/stackspin" export DATABASE_URL="postgresql://stackspin:stackspin@localhost/stackspin"
......
login/static/css/bootstrap.min.css 0 → 100644
+ 7
0
View file @ a7178594
This diff is collapsed.
login/static/js/bootstrap.bundle.min.js 0 → 100644
+ 7
0
View file @ a7178594
This diff is collapsed.
login/static/js/jquery-3.6.0.min.js 0 → 100644
+ 2
0
View file @ a7178594
This diff is collapsed.
login/static/style.css 0 → 100644
+ 8
0
View file @ a7178594
div.loginpanel {
width: 644px;
margin-left: auto;
margin-right: auto;
margin-top: 100px;
}
login/templates/base.html 0 → 100644
+ 113
0
View file @ a7178594
<!doctype html>
<html>
<link rel="stylesheet" href="static/css/bootstrap.min.css">
<link rel="stylesheet" href="static/style.css">
<script src="static/js/bootstrap.bundle.min.js"></script>
<script src="static/js/jquery-3.6.0.min.js"></script>
<title>Stackspin Account</title>
</html>
<body>
<script>
var api_url = '{{ api_url }}';
// Actions
$(document).ready(function() {
var flow = $.urlParam('flow');
var uri = api_url + 'self-service/recovery/flows?id=' + flow;
console.log("Calling: " + uri);
$.ajax( {
type: "GET",
url: uri,
success: function(data) {
for (const node of data.ui.nodes) {
var name = node.attributes.name;
var type = node.attributes.type;
var value = node.attributes.value;
elm = getFormElement(type, name, value);
console.log(elm);
}
},
complete: function(obj) {
// Expired flow, refresh
if (obj.status == 410) {
alert("flow expired");
}
}
});
});
// Return form element based on name, including help etc
function getFormElement(type, name, value) {
if (name == 'email') {
return getFormInput(
'email',
'email',
'E-mail address',
'Please enter your e-mail address here',
'Please provode your e-mail address. We will send a recovery ' +
'link to that e-mail address.',
);
}
if (type == 'hidden') {
return `
<input type="`+type+`" class="form-control" id="`+name+`"
name="`+name+`" value='`+value+`'>`;
}
if (type == 'submit') {
return `<div class="form-group">
<input type="`+type+`" class="form-control" id="`+name+`"
name="`+name+`" value='x' text='z'>
</div>`;
}
}
function getFormInput(type, name, label, placeHolder, help) {
// Id field for help element
nameHelp = name + "Help";
element = `
<div class="form-group">
<label for="`+name+`">`+label+`</label>
<input type="`+type+`" class="form-control" id="`+name+`" name="`+name+`"
aria-describedby="` + nameHelp +`"
placeholder="`+placeHolder+`">
<small id="`+nameHelp+`" class="form-text text-muted">` + help + `
</small>
</div>`
return element;
}
// Helpers
$.urlParam = function(name) {
var results = new RegExp('[\?&]' + name + '=([^&#]*)').exec(window.location.href);
if (results==null) {
return null;
}
return decodeURI(results[1]) || 0;
};
</script>
<div class="loginpanel">
{% block content %}{% endblock %}
</div>
login/templates/recover.html 0 → 100644
+ 28
0
View file @ a7178594
{% extends 'base.html' %}
{% block content %}
<div id="
<div class="form-group">
<label for="email">E-mail address</label>
<input type="email" class="form-control" id="email" name="email"
aria-describedby="emailHelp"
placeholder="Enter your email address to send recover link">
<small id="emailHelp" class="form-text text-muted">
Please provode your e-mail address. We will send a recovery link to that
e-mail address.
</small>
<input type="submit"
name="method"
values="link"
type="button"
class="btn btn-primary">Recover
</button>
</div>
{% endblock %}
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment