From 5b6c6f1aacc024d8eaa1ece1c0e7bfbcd97b5d08 Mon Sep 17 00:00:00 2001
From: phil <phil.dev@philome.mooo.com>
Date: Sun, 26 Jan 2025 23:37:56 +0100
Subject: [PATCH] Fix account url, use template for settings

---
 src/oidc_test/main.py             | 19 ++++++++++++-------
 src/oidc_test/settings.py         | 23 +++++++++++++++++------
 src/oidc_test/templates/base.html |  2 +-
 3 files changed, 30 insertions(+), 14 deletions(-)

diff --git a/src/oidc_test/main.py b/src/oidc_test/main.py
index 83ee101..36d9d76 100644
--- a/src/oidc_test/main.py
+++ b/src/oidc_test/main.py
@@ -59,7 +59,7 @@ app.add_middleware(
 # Add oidc providers to authlib from the settings
 
 # fastapi_providers: dict[str, OpenIdConnect] = {}
-providers_settings: dict[str, OIDCProvider] = {}
+oidc_providers_settings: dict[str, OIDCProvider] = {}
 
 for provider in settings.oidc.providers:
     authlib_oauth.register(
@@ -80,7 +80,7 @@ for provider in settings.oidc.providers:
     # fastapi_providers[provider.id] = OpenIdConnect(
     #    openIdConnectUrl=provider.openid_configuration
     # )
-    providers_settings[provider.id] = provider
+    oidc_providers_settings[provider.id] = provider
 
 
 @app.get("/")
@@ -94,7 +94,7 @@ async def home(
     now = datetime.now()
     if oidc_provider and (
         (
-            oidc_provider_settings := providers_settings.get(
+            oidc_provider_settings := oidc_providers_settings.get(
                 request.session.get("oidc_provider_id", "")
             )
         )
@@ -111,6 +111,7 @@ async def home(
             "settings": settings.model_dump(),
             "user": user,
             "now": now,
+            "oidc_provider": oidc_provider,
             "oidc_provider_settings": oidc_provider_settings,
             "resources": resources,
             "user_info_details": (
@@ -137,7 +138,7 @@ async def login(request: Request, oidc_provider_id: str) -> RedirectResponse:
     except AttributeError:
         raise HTTPException(status.HTTP_401_UNAUTHORIZED, "No such provider")
     # if (
-    #    code_challenge_method := providers_settings[
+    #    code_challenge_method := oidc_providers_settings[
     #        oidc_provider_id
     #    ].code_challenge_method
     # ) is not None:
@@ -220,12 +221,14 @@ async def account(
     oidc_provider: Annotated[StarletteOAuth2App, Depends(get_oidc_provider)],
 ) -> RedirectResponse:
     if (
-        provider := providers_settings.get(request.session.get("oidc_provider_id", ""))
+        provider := oidc_providers_settings.get(
+            request.session.get("oidc_provider_id", "")
+        )
     ) is None:
         raise HTTPException(
             status.HTTP_406_NOT_ACCEPTABLE, detail="No oidc provider setting"
         )
-    return RedirectResponse(f"{provider.url}/account")
+    return RedirectResponse(f"{provider.account_url}")
 
 
 @app.get("/logout")
@@ -292,7 +295,9 @@ async def get_resource(
             status.HTTP_406_NOT_ACCEPTABLE, detail="No such oidc provider"
         )
     if (
-        provider := providers_settings.get(request.session.get("oidc_provider_id", ""))
+        provider := oidc_providers_settings.get(
+            request.session.get("oidc_provider_id", "")
+        )
     ) is None:
         raise HTTPException(
             status.HTTP_406_NOT_ACCEPTABLE, detail="No oidc provider setting"
diff --git a/src/oidc_test/settings.py b/src/oidc_test/settings.py
index 38443fa..81d5099 100644
--- a/src/oidc_test/settings.py
+++ b/src/oidc_test/settings.py
@@ -11,6 +11,9 @@ from pydantic_settings import (
     PydanticBaseSettingsSource,
     YamlConfigSettingsSource,
 )
+from starlette.requests import Request
+
+from .models import User
 
 
 class Resource(BaseModel):
@@ -32,7 +35,7 @@ class OIDCProvider(BaseModel):
     code_challenge_method: str | None = None
     hint: str = "No hint"
     resources: list[Resource] = []
-    account_url_suffix: str | None = None
+    account_url_template: str | None = None
 
     @computed_field
     @property
@@ -44,11 +47,19 @@ class OIDCProvider(BaseModel):
     def token_url(self) -> str:
         return "auth/" + self.id
 
-    @computed_field
-    @property
-    def account_url(self) -> str | None:
-        if self.account_url_suffix:
-            return self.url + self.account_url_suffix
+    def get_account_url(self, request: Request, user: User) -> str | None:
+        if self.account_url_template:
+            if not (
+                self.url.endswith("/") or self.account_url_template.startswith("/")
+            ):
+                sep = "/"
+            else:
+                sep = ""
+            return (
+                self.url
+                + sep
+                + self.account_url_template.format(request=request, user=user)
+            )
         else:
             return None
 
diff --git a/src/oidc_test/templates/base.html b/src/oidc_test/templates/base.html
index 3ff5f65..3bdb3f3 100644
--- a/src/oidc_test/templates/base.html
+++ b/src/oidc_test/templates/base.html
@@ -5,7 +5,7 @@
     <script src="{{ url_for('static', path='/utils.js') }}"></script>
   </head>
   <body onload="checkPerms('links-to-check')">
-    <h1>OIDC-test</h1>
+    <h1>OIDC-test - FastAPI client</h1>
     {% block content %}
     {% endblock %}
   </body>