Add OAuth support

This commit adds OAuth support to authenticate with the Apertis GitLab credentials using the FlaskDance framework. This support requires configuring the GitLab instance to recognize the QA Report App and the following variables need to be set in the docker-compose file: FLASK_SECRET_KEY, GITLAB_OAUTH_CLIENT_ID and GITLAB_OAUTH_CLIENT_SECRET. Authentication is only enabled if the FLASK_SECRET_KEY is set. Signed-off-by: Luis Araujo <luis.araujo@collabora.co.uk>

Add OAuth support
This commit adds OAuth support to authenticate with the Apertis GitLab credentials using the FlaskDance framework. This support requires configuring the GitLab instance to recognize the QA Report App and the following variables need to be set in the docker-compose file: FLASK_SECRET_KEY, GITLAB_OAUTH_CLIENT_ID and GITLAB_OAUTH_CLIENT_SECRET. Authentication is only enabled if the FLASK_SECRET_KEY is set. Signed-off-by: Luis Araujo <luis.araujo@collabora.co.uk>
9f6850a4 · Luis Araujo · Emanuele Aina · d9e8d371 · 9f6850a4 · 9f6850a4
Commit 9f6850a4 authored Jun 05, 2019 by Luis Araujo Committed by Emanuele Aina Jun 13, 2019
Showing with 49 additions and 5 deletions

Dockerfile Dockerfile +2 -1

config.py config.py +1 -0

docker-compose.yaml docker-compose.yaml +3 -0

pages.py pages.py +2 -1

templates/index.html templates/index.html +10 -1

webhook.py webhook.py +31 -2

No files found.
--- a/Dockerfile
+++ b/Dockerfile
@@ -19,7 +19,8 @@ RUN apt update && \
    && rm -rf /var/lib/apt/lists/*


-RUN pip3 install Flask Flask-SQLAlchemy Flask-Migrate Flask-Script psycopg2-binary
+RUN pip3 install Flask Flask-SQLAlchemy Flask-Migrate Flask-Script \
+                 psycopg2-binary Flask-Dance blinker

 WORKDIR /app


--- a/config.py
+++ b/config.py
@@ -35,6 +35,7 @@ defaults = {
    'test-cases-url': 'https://qa.apertis.org',
    'image-root': 'https://images.apertis.org',
    'bridge-url': 'https://lavaphabbridge.apertis.org',
+    'gitlab-hostname': 'gitlab.apertis.org',
    'tasks': {
        'space': 'S2',
        'tag': 'test-failure'

--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -13,6 +13,9 @@ services:
      - DB_NAME=test_results
      - DB_HOST=postgres
      - DB_PORT=5432
+      - FLASK_SECRET_KEY=<secret_key>
+      - GITLAB_OAUTH_CLIENT_ID=<client_id>
+      - GITLAB_OAUTH_CLIENT_SECRET=<client_secret>
    links:
      - postgres
    volumes:

--- a/pages.py
+++ b/pages.py
@@ -28,7 +28,7 @@ from config import config
 from sqlalchemy import desc


-def generate_index():
+def generate_index(username=None):
    jobs_versions = set()
    # Limit the result to 500 jobs in descending order.
    for job in Job.query.order_by(desc(Job.creation_time)).limit(500).all():
@@ -36,6 +36,7 @@ def generate_index():
                           job.image_deployment))

    return render_template('index.html',
+                           username=username,
                           url=request.base_url,
                           jobs_versions=sorted(jobs_versions,
                                                key=lambda e: e[1],

--- a/templates/index.html
+++ b/templates/index.html
@@ -8,7 +8,16 @@
  </head>
  <body>
    <main role="main" class="container" style="margin-top: 40px; margin-bottom: 40px">
-      <h2>Test Reports List</h2>
+      <div class="row">
+	<div class="col-md-9"><h2>Test Reports List</h2></div>
+	<div class="col">
+	  {% if username %}
+	  Logged in as {{ username }}
+	  {% else %}
+	  <a href="/login" class="btn btn-primary" role="button">Login</a>
+	  {% endif %}
+	</div>
+      </div>
      <hr />

      <ul class="list-group">

--- a/webhook.py
+++ b/webhook.py
@@ -37,7 +37,9 @@ from models import db
 from save import save_job
 from pages import generate_index, generate_report

-from flask import Flask, request
+from flask import Flask, request, redirect, session, url_for
+from flask_dance.contrib.gitlab import make_gitlab_blueprint, gitlab
+from flask_dance.consumer import oauth_authorized
 app = Flask(__name__)

 # Queue of Jobs.
@@ -63,6 +65,21 @@ app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
 db.init_app(app)


+@app.route('/login')
+def login():
+    if app.secret_key and not gitlab.authorized:
+        return redirect(url_for("gitlab.login"))
+    return redirect(url_for('index'))
+
+@oauth_authorized.connect
+def redirect_after_auth(blueprint, token):
+    blueprint.token = token
+    # Retrieve username and save it in the session
+    user_info = gitlab.get("/api/v4/user")
+    assert user_info.ok
+    session['username'] = user_info.json()['username']
+    return redirect(url_for('index'))
+
 @app.route('/report/<image_release>/<image_version>')
 @app.route('/report/<image_release>/<image_version>/<image_deployment>')
 def get_report(image_release, image_version, image_deployment='apt'):
@@ -74,8 +91,10 @@ def get_report(image_release, image_version, image_deployment='apt'):
        return 'Report error', HTTPStatus.NOT_FOUND

 @app.route('/', methods=['GET'])
-def get_index():
+def index():
    try:
+        if 'username' in session:
+            return generate_index(session['username'])
        return generate_index()
    except Exception as e:
        logging.error(e)
@@ -232,6 +251,16 @@ def main():
    if not args.skip_phab:
        connect_to_phab(config.get('arcrc'))

+    # GitLab OAuth configuration
+    app.secret_key = os.getenv('FLASK_SECRET_KEY')
+    # Only enable authentication if the secret key is set.
+    if app.secret_key:
+        blueprint = make_gitlab_blueprint(
+            client_id = os.getenv('GITLAB_OAUTH_CLIENT_ID'),
+            client_secret = os.getenv('GITLAB_OAUTH_CLIENT_SECRET'),
+            hostname = config['gitlab-hostname'])
+        app.register_blueprint(blueprint, url_prefix='/login')
+
    # Call flask app.
    app.run('0.0.0.0', config['port'])