philorg/oidc-fastapi-test
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 2 Wiki Activity Actions

Run container with uvicorn, move templates for packaging, add systemd config for container deployment, add OIDC_TEST_SETTINGS_FILE env var for setting, misc fixes

Browse source
This commit is contained in:
phil 2025-01-10 17:33:10 +01:00
parent 170e663ee8
commit 57681d91fe
12 changed files with 146 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

157
src/oidc_test/templates/base.html Normal file
View file

@ -0,0 +1,157 @@
<html>
<head>
<title>FastAPI OIDC test</title>
<style>
body {
font-family: Arial, Helvetica, sans-serif;
background-color: antiquewhite;
}
h1 {
text-align: center;
}
.hidden {
display: none;
}
.content {
width: 100%;
display: flex;
flex-direction: column;
align-items: center;
justify-content: center;
}
.user-info {
padding: 1em;
margin: 1em 0;
display: flex;
gap: 0.5em;
flex-direction: column;
width: fit-content;
align-items: center;
margin: 5px auto;
box-shadow: 0px 0px 10px lightgreen;
background-color: lightgreen;
}
.user-info * {
flex: 2 1 auto;
margin: 0;
}
.user-info .picture {
max-width: 3em;
max-height: 3em
}
.user-info a.logout {
border: 2px solid darkkhaki;
padding: 3px 6px;
text-decoration: none;
text-align: center;
color: black;
}
.user-info a.logout:hover {
background-color: orange;
}
.login-box {
text-align: center;
}
.login-box p {
margin: 0;
}
.login-toolbox {
max-width: 20em;
margin: auto;
display: flex;
flex-direction: column;
padding: 0 1em;
gap: 5px;
}
.login-toolbox a {
background-color: lightblue;
padding: 3px 6px;
text-decoration: none;
text-align: center;
color: black;
flex: 1 1 auto;
}
.login-toolbox .error {
color: darkred;
padding: 3px 6px;
text-align: center;
font-weight: bold;
flex: 1 1 auto;
}
.login-toolbox a:hover {
background-color: lightgreen;
}
.debug-auth {
font-size: 90%;
background-color: #d8bebc75;
padding: 6px;
}
.debug-auth * {
margin: 0;
}
.debug-auth p {
text-align: center;
border-bottom: 1px solid black;
}
.debug-auth ul {
padding: 0;
list-style: none;
}
.debug-auth p, .debug-auth .key {
font-weight: bold;
}
.content {
text-align: left;
}
.content #links-to-check {
display: flex;
text-align: center;
}
.content #links-to-check a {
margin: 5px;
color: black;
padding: 3px 6px;
text-decoration: none;
}
.hasResponseStatus {
background-color: #88888840;
}
.hasResponseStatus.status-200 {
background-color: #00ff0040;
}
.hasResponseStatus.status-401 {
background-color: #ff000040;
}
.hasResponseStatus.status-403 {
background-color: #ff990040;
}
.role {
padding: 3px 6px;
background-color: #44228840;
}
</style>
<script>
function checkHref(elem) {
var xmlHttp = new XMLHttpRequest()
xmlHttp.onreadystatechange = function() {
if (xmlHttp.readyState == 4) {
elem.classList.add("hasResponseStatus")
elem.classList.add("status-" + xmlHttp.status)
elem.title = "Response code: " + xmlHttp.status
}
}
xmlHttp.open("GET", elem.href, true) // true for asynchronous
xmlHttp.send(null)
}
function checkPerms(rootId) {
var rootElem = document.getElementById(rootId)
Array.from(rootElem.children).forEach(elem => checkHref(elem))
}
</script>
</head>
<body onload="checkPerms('links-to-check')">
<h1>FastAPI test app for OIDC</h1>
{% block content %}
{% endblock %}
</body>
</html>

66
src/oidc_test/templates/home.html Normal file
View file

@ -0,0 +1,66 @@
{% extends "base.html" %}
{% block content %}
{% if not user %}
<div class="login-box">
<p>Log in with one of these authentication providers:</p>
<div class="login-toolbox">
{% for provider in settings.oidc.providers %}
<a href="login/{{ provider.id }}">{{ provider.name }}</a>
{% else %}
<span class="error">There is no authentication provider defined.
Hint: check the settings.yaml file.</span>
{% endfor %}
</div>
</div>
{% endif %}
{% if user %}
<div class="user-info">
<p>Hey, {{ user.name }}</p>
{% if user.picture %}
<img src="{{ user.picture }}" class="picture"></img>
{% endif %}
<div>{{ user.email }}</div>
{% if user.roles %}
<div>
<span>Roles:</span>
{% for role in user.roles %}
<span class="role">{{ role.name }}</span>
{% endfor %}
</div>
{% endif %}
<div>
<span>Provider:</span>
{{ user.oidc_provider.name }}
</div>
<a href="logout" class="logout">Logout</a>
</div>
{% endif %}
<div class="content">
<p>
These links should get different response codes depending on the authorization:
</p>
<div id="links-to-check">
<a href="public">Public</a>
<a href="protected">Auth protected content</a>
<a href="protected-by-foorole">Auth + foorole protected content</a>
<a href="protected-by-foorole-or-barrole">Auth + foorole or barrole protected content</a>
<a href="protected-by-barrole">Auth + barrole protected content</a>
<a href="protected-by-foorole-and-barrole">Auth + foorole and barrole protected content</a>
<a href="fast_api_depends" class="hidden">Using FastAPI Depends</a>
<a href="other">Other</a>
</div>
{% if user_info_details %}
<div class="debug-auth">
<p>User info</p>
<ul>
{% for key, value in user_info_details.items() %}
<li>
<span class="key">{{ key }}</span>: {{ value }}
</li>
{% endfor %}
</ul>
</div>
<div>Now is: {{ now }}</div>
</div>
{% endif %}
{% endblock %}

15
src/oidc_test/templates/non_compliant_logout.html Normal file
View file

@ -0,0 +1,15 @@
{% extends "base.html" %}
{% block content %}
<h2>Warning</h2>
<p>
You are logged out from the application, but the browser still has the
authorisation to log in again without asking for credentials.
</p>
<p>
This is because {{ provider.name }} does not provide "end_session_endpoint"
in its metadata (see: <a href="{{ provider._server_metadata_url }}">{{ provider._server_metadata_url }}</a>).
</p>
<p>
Please <a href="{{ provider.server_metadata['issuer'] }}">go there</a> and log out manually.
</p>
{% endblock %}