Commit 9f6850a4 authored by Luis Araujo's avatar Luis Araujo Committed by Emanuele Aina

Add OAuth support

This commit adds OAuth support to authenticate with the Apertis GitLab
credentials using the FlaskDance framework.

This support requires configuring the GitLab instance to recognize the
QA Report App and the following variables need to be set in the
docker-compose file: FLASK_SECRET_KEY, GITLAB_OAUTH_CLIENT_ID and
GITLAB_OAUTH_CLIENT_SECRET.

Authentication is only enabled if the FLASK_SECRET_KEY is set.
Signed-off-by: Luis Araujo's avatarLuis Araujo <luis.araujo@collabora.co.uk>
parent d9e8d371
Pipeline #3057 passed with stage
in 1 minute and 12 seconds
......@@ -19,7 +19,8 @@ RUN apt update && \
&& rm -rf /var/lib/apt/lists/*
RUN pip3 install Flask Flask-SQLAlchemy Flask-Migrate Flask-Script psycopg2-binary
RUN pip3 install Flask Flask-SQLAlchemy Flask-Migrate Flask-Script \
psycopg2-binary Flask-Dance blinker
WORKDIR /app
......
......@@ -35,6 +35,7 @@ defaults = {
'test-cases-url': 'https://qa.apertis.org',
'image-root': 'https://images.apertis.org',
'bridge-url': 'https://lavaphabbridge.apertis.org',
'gitlab-hostname': 'gitlab.apertis.org',
'tasks': {
'space': 'S2',
'tag': 'test-failure'
......
......@@ -13,6 +13,9 @@ services:
- DB_NAME=test_results
- DB_HOST=postgres
- DB_PORT=5432
- FLASK_SECRET_KEY=<secret_key>
- GITLAB_OAUTH_CLIENT_ID=<client_id>
- GITLAB_OAUTH_CLIENT_SECRET=<client_secret>
links:
- postgres
volumes:
......
......@@ -28,7 +28,7 @@ from config import config
from sqlalchemy import desc
def generate_index():
def generate_index(username=None):
jobs_versions = set()
# Limit the result to 500 jobs in descending order.
for job in Job.query.order_by(desc(Job.creation_time)).limit(500).all():
......@@ -36,6 +36,7 @@ def generate_index():
job.image_deployment))
return render_template('index.html',
username=username,
url=request.base_url,
jobs_versions=sorted(jobs_versions,
key=lambda e: e[1],
......
......@@ -8,7 +8,16 @@
</head>
<body>
<main role="main" class="container" style="margin-top: 40px; margin-bottom: 40px">
<h2>Test Reports List</h2>
<div class="row">
<div class="col-md-9"><h2>Test Reports List</h2></div>
<div class="col">
{% if username %}
Logged in as {{ username }}
{% else %}
<a href="/login" class="btn btn-primary" role="button">Login</a>
{% endif %}
</div>
</div>
<hr />
<ul class="list-group">
......
......@@ -37,7 +37,9 @@ from models import db
from save import save_job
from pages import generate_index, generate_report
from flask import Flask, request
from flask import Flask, request, redirect, session, url_for
from flask_dance.contrib.gitlab import make_gitlab_blueprint, gitlab
from flask_dance.consumer import oauth_authorized
app = Flask(__name__)
# Queue of Jobs.
......@@ -63,6 +65,21 @@ app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
db.init_app(app)
@app.route('/login')
def login():
if app.secret_key and not gitlab.authorized:
return redirect(url_for("gitlab.login"))
return redirect(url_for('index'))
@oauth_authorized.connect
def redirect_after_auth(blueprint, token):
blueprint.token = token
# Retrieve username and save it in the session
user_info = gitlab.get("/api/v4/user")
assert user_info.ok
session['username'] = user_info.json()['username']
return redirect(url_for('index'))
@app.route('/report/<image_release>/<image_version>')
@app.route('/report/<image_release>/<image_version>/<image_deployment>')
def get_report(image_release, image_version, image_deployment='apt'):
......@@ -74,8 +91,10 @@ def get_report(image_release, image_version, image_deployment='apt'):
return 'Report error', HTTPStatus.NOT_FOUND
@app.route('/', methods=['GET'])
def get_index():
def index():
try:
if 'username' in session:
return generate_index(session['username'])
return generate_index()
except Exception as e:
logging.error(e)
......@@ -232,6 +251,16 @@ def main():
if not args.skip_phab:
connect_to_phab(config.get('arcrc'))
# GitLab OAuth configuration
app.secret_key = os.getenv('FLASK_SECRET_KEY')
# Only enable authentication if the secret key is set.
if app.secret_key:
blueprint = make_gitlab_blueprint(
client_id = os.getenv('GITLAB_OAUTH_CLIENT_ID'),
client_secret = os.getenv('GITLAB_OAUTH_CLIENT_SECRET'),
hostname = config['gitlab-hostname'])
app.register_blueprint(blueprint, url_prefix='/login')
# Call flask app.
app.run('0.0.0.0', config['port'])
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment