Skip to content

Commit

Permalink
Add oauth-jwt-user config variable (#1470)
Browse files Browse the repository at this point in the history
  • Loading branch information
@philippjfr
philippjfr authored Jul 8, 2020
1 parent d8804e5 commit f3f6fe0
Show file tree
Hide file tree
Showing 3 changed files with 35 additions and 2 deletions.
9 changes: 7 additions & 2 deletions panel/auth.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -202,7 +202,8 @@ async def get(self):
await self.get_authenticated_user(**params)

def _on_auth(self, user_info, access_token):
self.set_secure_cookie('user', user_info[self._USER_KEY])
user_key = config.oauth_jwt_user or self._USER_KEY
self.set_secure_cookie('user', user_info[user_key])
id_token = base64url_encode(json.dumps(user_info))
if state.encryption:
access_token = state.encryption.encrypt(access_token.encode('utf-8'))
Expand Down Expand Up @@ -434,7 +435,8 @@ def _on_auth(self, id_token, access_token):
signing_input, _ = id_token.encode('utf-8').rsplit(b".", 1)
_, payload_segment = signing_input.split(b".", 1)
decoded = json.loads(base64url_decode(payload_segment).decode('utf-8'))
self.set_secure_cookie('user', decoded['email'])
user_key = config.oauth_jwt_user or self._USER_KEY
self.set_secure_cookie('user', decoded[user_key])
if state.encryption:
access_token = state.encryption.encrypt(access_token.encode('utf-8'))
id_token = state.encryption.encrypt(id_token.encode('utf-8'))
Expand All @@ -454,6 +456,8 @@ class AzureAdLoginHandler(OAuthIDTokenLoginHandler, OAuth2Mixin):
_OAUTH_AUTHORIZE_URL_ = 'https://login.microsoftonline.com/{tenant}/oauth2/authorize'
_OAUTH_USER_URL_ = ''

_USER_KEY = 'unique_name'

@property
def _OAUTH_ACCESS_TOKEN_URL(self):
return self._OAUTH_ACCESS_TOKEN_URL_.format(**config.oauth_extra_params)
Expand All @@ -478,6 +482,7 @@ class GoogleLoginHandler(OAuthIDTokenLoginHandler, OAuth2Mixin):

_SCOPE = ['profile', 'email']

_USER_KEY = 'email'


class LogoutHandler(tornado.web.RequestHandler):
Expand Down
13 changes: 13 additions & 0 deletions panel/command/serve.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,11 @@ class Serve(_BkServe):
type = str,
help = "Additional parameters to use.",
)),
('--oauth-jwt-user', dict(
action = 'store',
type = str,
help = "The key in the ID JWT token to consider the user.",
)),
('--oauth-encryption-key', dict(
action = 'store',
type = str,
Expand Down Expand Up @@ -190,6 +195,14 @@ def customize_kwargs(self, args, server_kwargs):
elif args.oauth_redirect_uri:
config.oauth_redirect_uri = args.oauth_redirect_uri

if args.oauth_jwt_user and config.oauth_jwt_user:
raise ValueError(
"Supply OAuth JWT user either using environment "
"variable or via explicit argument, not both."
)
elif args.oauth_jwt_user:
config.oauth_jwt_user = args.oauth_jwt_user

if config.cookie_secret:
kwargs['cookie_secret'] = config.cookie_secret

Expand Down
15 changes: 15 additions & 0 deletions panel/config.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,9 @@ class _config(param.Parameterized):
_oauth_secret = param.String(default=None, doc="""
A client secret to provide to the OAuth provider.""")

_oauth_jwt_user = param.String(default=None, doc="""
The key in the ID JWT token to consider the user.""")

_oauth_redirect_uri = param.String(default=None, doc="""
A redirect URI to provide to the OAuth provider.""")

Expand Down Expand Up @@ -319,6 +322,18 @@ def oauth_redirect_uri(self, value):
validate_config(self, '_oauth_redirect_uri', value)
self._oauth_redirect_uri_ = value

@property
def oauth_jwt_user(self):
if self._oauth_jwt_user_ is not None:
return self._oauth_jwt_user_
else:
return os.environ.get('PANEL_OAUTH_JWT_USER', _config._oauth_jwt_user)

@oauth_jwt_user.setter
def oauth_secret(self, value):
validate_config(self, '_oauth_jwt_user', value)
self._oauth_jwt_user_ = value

@property
def oauth_encryption_key(self):
if self._oauth_encryption_key_ is not None:
Expand Down

0 comments on commit f3f6fe0

Please sign in to comment.