philorg/oidc-fastapi-test
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 2 Wiki Activity Actions

Cleanup
Some checks failed
/ build (push) Failing after 14s
Details
/ test (push) Successful in 5s
Details

Browse source
This commit is contained in:
phil 2025-01-19 16:45:21 +01:00
parent 90cfdb66dd
commit 5f2901d558
1 changed files with 11 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

41
src/oidc_test/main.py
View file

@ -249,6 +249,8 @@ async def non_compliant_logout(
oidc_provider: Annotated[StarletteOAuth2App, Depends(get_oidc_provider)], oidc_provider: Annotated[StarletteOAuth2App, Depends(get_oidc_provider)],
): ):
"""A page for non-compliant OAuth2 servers that we cannot log out.""" """A page for non-compliant OAuth2 servers that we cannot log out."""
# Clear the remain of the session
request.session.pop("oidc_provider_id", None)
return templates.TemplateResponse( return templates.TemplateResponse(
name="non_compliant_logout.html", name="non_compliant_logout.html",
request=request, request=request,
@ -268,7 +270,7 @@ async def get_resource(
token: Annotated[OAuth2Token, Depends(get_token)], token: Annotated[OAuth2Token, Depends(get_token)],
) -> JSONResponse: ) -> JSONResponse:
"""Generic path for testing a resource provided by a provider""" """Generic path for testing a resource provided by a provider"""
assert user is not None assert user is not None # Just to keep QA checks happy
if oidc_provider is None: if oidc_provider is None:
raise HTTPException( raise HTTPException(
status.HTTP_406_NOT_ACCEPTABLE, detail="No such oidc provider" status.HTTP_406_NOT_ACCEPTABLE, detail="No such oidc provider"
@ -309,21 +311,21 @@ async def public() -> HTMLResponse:
async def get_protected( async def get_protected(
user: Annotated[User, Depends(get_current_user)] user: Annotated[User, Depends(get_current_user)]
) -> HTMLResponse: ) -> HTMLResponse:
assert user is not None assert user is not None # Just to keep QA checks happy
return HTMLResponse("<h1>Only authenticated users can see this</h1>") return HTMLResponse("<h1>Only authenticated users can see this</h1>")
@app.get("/protected-by-foorole") @app.get("/protected-by-foorole")
@hasrole("foorole") @hasrole("foorole")
async def get_protected_by_foorole(request: Request) -> HTMLResponse: async def get_protected_by_foorole(request: Request) -> HTMLResponse:
assert request is not None assert request is not None # Just to keep QA checks happy
return HTMLResponse("<h1>Only users with foorole can see this</h1>") return HTMLResponse("<h1>Only users with foorole can see this</h1>")
@app.get("/protected-by-barrole") @app.get("/protected-by-barrole")
@hasrole("barrole") @hasrole("barrole")
async def get_protected_by_barrole(request: Request) -> HTMLResponse: async def get_protected_by_barrole(request: Request) -> HTMLResponse:
assert request is not None assert request is not None # Just to keep QA checks happy
return HTMLResponse("<h1>Protected by barrole</h1>") return HTMLResponse("<h1>Protected by barrole</h1>")
@ -331,14 +333,14 @@ async def get_protected_by_barrole(request: Request) -> HTMLResponse:
@hasrole("barrole") @hasrole("barrole")
@hasrole("foorole") @hasrole("foorole")
async def get_protected_by_foorole_and_barrole(request: Request) -> HTMLResponse: async def get_protected_by_foorole_and_barrole(request: Request) -> HTMLResponse:
assert request is not None assert request is not None # Just to keep QA checks happy
return HTMLResponse("<h1>Only users with foorole and barrole can see this</h1>") return HTMLResponse("<h1>Only users with foorole and barrole can see this</h1>")
@app.get("/protected-by-foorole-or-barrole") @app.get("/protected-by-foorole-or-barrole")
@hasrole(["foorole", "barrole"]) @hasrole(["foorole", "barrole"])
async def get_protected_by_foorole_or_barrole(request: Request) -> HTMLResponse: async def get_protected_by_foorole_or_barrole(request: Request) -> HTMLResponse:
assert request is not None assert request is not None # Just to keep QA checks happy
return HTMLResponse("<h1>Only users with foorole or barrole can see this</h1>") return HTMLResponse("<h1>Only users with foorole or barrole can see this</h1>")
@ -348,7 +350,7 @@ async def get_introspect(
oidc_provider: Annotated[StarletteOAuth2App, Depends(get_oidc_provider)], oidc_provider: Annotated[StarletteOAuth2App, Depends(get_oidc_provider)],
token: Annotated[OAuth2Token, Depends(get_token)], token: Annotated[OAuth2Token, Depends(get_token)],
) -> JSONResponse: ) -> JSONResponse:
assert request is not None assert request is not None # Just to keep QA checks happy
if ( if (
response := await oidc_provider.post( response := await oidc_provider.post(
oidc_provider.server_metadata["introspection_endpoint"], oidc_provider.server_metadata["introspection_endpoint"],
@ -361,31 +363,10 @@ async def get_introspect(
raise HTTPException(status_code=response.status_code, detail=response.text) raise HTTPException(status_code=response.status_code, detail=response.text)
@app.get("/oauth2-forgejo-test")
async def get_forgejo_user_info(
request: Request,
user: Annotated[User, Depends(get_current_user)],
oidc_provider: Annotated[StarletteOAuth2App, Depends(get_oidc_provider)],
token: Annotated[OAuth2Token, Depends(get_token)],
) -> HTMLResponse:
assert request is not None
if (
response := await oidc_provider.get(
"/api/v1/user/repos",
# headers={"Authorization": f"token {token['access_token']}"},
token=token,
)
).is_success:
repos = response.json()
names = [repo["name"] for repo in repos]
return HTMLResponse(f"{user.name} has {len(repos)} repos: {', '.join(names)}")
else:
raise HTTPException(status_code=response.status_code, detail=response.text)
# Snippet for running standalone # Snippet for running standalone
# Mostly useful for the --version option, # Mostly useful for the --version option,
# as running with uvicorn is easy and provides flaxibility # as running with uvicorn is easy and provides better flexibility, eg.
# uvicorn --host foo oidc_test.main:app --reload
def main(): def main():