forked from r00tstici/CTFd-SSO-plugin
-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathmodels.py
More file actions
65 lines (55 loc) · 2.19 KB
/
Copy pathmodels.py
File metadata and controls
65 lines (55 loc) · 2.19 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
from CTFd.config import process_boolean_str
from CTFd.models import db
from CTFd.utils import get_app_config
import json
def fetch_token():
return request.cookies.get("token")
class OAuthClients(db.Model):
__tablename__ = "oauth_clients"
id = db.Column(db.Integer, primary_key=True)
name = db.Column(db.Text)
client_id = db.Column(db.Text)
client_secret = db.Column(db.Text)
access_token_url = db.Column(db.Text)
authorize_url = db.Column(db.Text)
api_base_url = db.Column(db.Text)
server_metadata_url = db.Column(db.Text)
# Do we use S256 PKCE challenges
pkce_s256 = db.Column(db.Boolean, default=False)
# In a later update you will be able to customize the login button
color = db.Column(db.Text)
icon = db.Column(db.Text)
# Allow the OAuth provider to be individually enabled/disabled
enabled = db.Column(db.Boolean, default=False)
def register(self, oauth):
if process_boolean_str(get_app_config("OAUTH_HAS_ROLES")):
scope = 'profile openid email roles'
else:
scope = 'profile openid email'
oauth.register(
name=self.id,
client_id=self.client_id,
client_secret=self.client_secret,
code_challenge_method="S256" if self.pkce_s256 else None,
access_token_url=self.access_token_url,
authorize_url=self.authorize_url,
api_base_url=self.api_base_url,
server_metadata_url=self.server_metadata_url,
fetch_token=fetch_token,
client_kwargs={'scope': scope}
)
def disconnect(self, oauth):
oauth._registry[self.id] = None
oauth._clients[self.id] = None
def json(self):
return {'id': self.id,
'name': self.name,
'client_id' : self.client_id,
'access_token_url': self.access_token_url,
'authorize_url': self.authorize_url,
'api_base_url': self.api_base_url,
'server_metadata_url': self.server_metadata_url,
'color': self.color,
'icon': self.icon,
'pkce_s256': self.pkce_s256,
'enabled': self.enabled}