Made OAuth and EsteID authentication more configurable

TaaviE · Dec 29, 2018 · 6a8deed · 6a8deed
1 parent d22995b
commit 6a8deed
Show file tree

Hide file tree

Showing 4 changed files with 64 additions and 18 deletions.
diff --git a/example_config.py b/example_config.py
@@ -67,6 +67,23 @@ class Config(object):
     CELERY_BROKER_URL = ""  # TODO: URL to your Celery broker
     CELERY_RESULT_BACKEND = ""  # TODO: URL to your Celery result backend
 
+    OAUTHLIB_INSECURE_TRANSPORT = False
+    OAUTHLIB_RELAX_TOKEN_SCOPE = True
+
+    GOOGLE_OAUTH = False
+    GOOGLE_OAUTH_CLIENT_ID = ""
+    GOOGLE_OAUTH_CLIENT_SECRET = ""
+
+    GITHUB_OAUTH = False
+    GITHUB_OAUTH_CLIENT_ID = ""
+    GITHUB_OAUTH_CLIENT_SECRET = ""
+
+    FACEBOOK_OAUTH = False
+    FACEBOOK_OAUTH_CLIENT_ID = ""
+    FACEBOOK_OAUTH_CLIENT_SECRET = ""
+
+    ESTEID_AUTH = False  # TODO: Requires web server configuration
+
     GOOGLE_ADS = False  # TODO: If you want to display unintrusive ads CONFIGURE BELOW
     DATA_AD_CLIENT = "ca-pub-asdfghjklmnopqrstuvxy"  # TODO: Update AD client field value
     DATA_AD_SLOT = "1234567890"  # TODO: Update AD slot field value

diff --git a/main.py b/main.py
@@ -45,23 +45,32 @@
 from flask_dance.contrib.google import make_google_blueprint
 from flask_dance.contrib.github import make_github_blueprint
 from flask_dance.consumer.backend.sqla import SQLAlchemyBackend
+from flask_login import current_user
 
-google_blueprint = make_google_blueprint(
-    scope=[
-        "https://www.googleapis.com/auth/plus.me",
-        "https://www.googleapis.com/auth/userinfo.email",
-    ],
-    client_id=Config.GOOGLE_OAUTH_CLIENT_ID,
-    client_secret=Config.GOOGLE_OAUTH_CLIENT_SECRET,
-)
-
-github_blueprint = make_github_blueprint(
-    client_id=Config.GITHUB_OAUTH_CLIENT_ID,
-    client_secret=Config.GITHUB_OAUTH_CLIENT_SECRET,
-)
+if Config.GOOGLE_OAUTH:
+    google_blueprint = make_google_blueprint(
+        scope=[
+            "https://www.googleapis.com/auth/plus.me",
+            "https://www.googleapis.com/auth/userinfo.email",
+        ],
+        client_id=Config.GOOGLE_OAUTH_CLIENT_ID,
+        client_secret=Config.GOOGLE_OAUTH_CLIENT_SECRET,
+    )
+    google_blueprint.backend = SQLAlchemyBackend(AuthLinks, db.session, user=current_user)
+    app.register_blueprint(google_blueprint, url_prefix="/google")
 
-from flask_login import current_user
+if Config.GITHUB_OAUTH:
+    github_blueprint = make_github_blueprint(
+        client_id=Config.GITHUB_OAUTH_CLIENT_ID,
+        client_secret=Config.GITHUB_OAUTH_CLIENT_SECRET,
+    )
+    github_blueprint.backend = SQLAlchemyBackend(AuthLinks, db.session, user=current_user)
+    app.register_blueprint(github_blueprint, url_prefix="/github")
 
-google_blueprint.backend = SQLAlchemyBackend(AuthLinks, db.session, user=current_user)
-app.register_blueprint(google_blueprint, url_prefix="/google")
-app.register_blueprint(github_blueprint, url_prefix="/github")
+if Config.FACEBOOK_OAUTH:
+    facebook_blueprint = make_github_blueprint(
+        client_id=Config.FACEBOOK_OAUTH_CLIENT_ID,
+        client_secret=Config.FACEBOOK_OAUTH_CLIENT_SECRET,
+    )
+    facebook_blueprint.backend = SQLAlchemyBackend(AuthLinks, db.session, user=current_user)
+    app.register_blueprint(facebook_blueprint, url_prefix="/facebook")
diff --git a/templates/security/login_user.html b/templates/security/login_user.html
@@ -16,9 +16,29 @@ <h1>{{ _("Login") }}</h1>
             <p>{{ render_field(login_user_form.submit) }}</p>
         </form>
 
+        {% if config.ESTEID_AUTH %}
         <p><a href="{{ url_for("main_page.log_user_in_with_cert") }}"
               class="mdl-button mdl-js-button mdl-button--raised mdl-js-ripple-effect"
         >{{ _("Log in using Estonian ID card") }}</a></p>
+        {% endif %}
+
+        {% if config.GITHUB_OAUTH %}
+            <p><a href="{{ url_for("github.login") }}"
+                  class="mdl-button mdl-js-button mdl-button--raised mdl-js-ripple-effect"
+            >{{ _("Log in using Github") }}</a></p>
+        {% endif %}
+
+        {% if config.GOOGLE_OAUTH %}
+            <p><a href="{{ url_for("google.login") }}"
+                  class="mdl-button mdl-js-button mdl-button--raised mdl-js-ripple-effect"
+            >{{ _("Log in using Google") }}</a></p>
+        {% endif %}
+
+        {% if config.FACEBOOK_OAUTH %}
+            <p><a href="{{ url_for("facebook.login") }}"
+                  class="mdl-button mdl-js-button mdl-button--raised mdl-js-ripple-effect"
+            >{{ _("Log in using Facebook") }}</a></p>
+        {% endif %}
         {# <form action="{{ url_for('social.login', provider_id="google") }}" method="POST">
             <input class="mdl-button mdl-js-button mdl-button--raised mdl-js-ripple-effect mdl-button--accent"
                    type="submit" value="Login with Google"/>

diff --git a/utility.py b/utility.py
@@ -28,7 +28,7 @@ def get_family_id(passed_person_id):
     passed_person_id = int(passed_person_id)
     db_families_user_has_conn = UserFamilyAdmin.query.filter(UserFamilyAdmin.user_id == passed_person_id).all()
 
-    db_family = db_families_user_has_conn[0]
+    db_family = db_families_user_has_conn[0]  # TODO: User might have more than one family
     family_id = db_family.family_id
     return family_id