Implement oidc login

2025-05-30 10:57:59 +02:00
parent b491dff4b1
commit 391e310b91
39 changed files with 938 additions and 308 deletions
--- a/packages/sshecret-admin/src/sshecret_admin/api/endpoints/auth.py
+++ b/packages/sshecret-admin/src/sshecret_admin/api/endpoints/auth.py
@ -12,6 +12,7 @@ from sshecret_admin.core.dependencies import AdminDependencies

 LOG = logging.getLogger(__name__)

+
 def create_router(dependencies: AdminDependencies) -> APIRouter:
    """Create auth router."""
    app = APIRouter()
@ -35,5 +36,4 @@ def create_router(dependencies: AdminDependencies) -> APIRouter:
        )
        return Token(access_token=access_token, token_type="bearer")

-
    return app
--- a/packages/sshecret-admin/src/sshecret_admin/api/endpoints/clients.py
+++ b/packages/sshecret-admin/src/sshecret_admin/api/endpoints/clients.py
@ -25,7 +25,7 @@ def create_router(dependencies: AdminDependencies) -> APIRouter:

    @app.get("/clients/")
    async def get_clients(
-        admin: Annotated[AdminBackend, Depends(dependencies.get_admin_backend)]
+        admin: Annotated[AdminBackend, Depends(dependencies.get_admin_backend)],
    ) -> list[Client]:
        """Get clients."""
        clients = await admin.get_clients()
--- a/packages/sshecret-admin/src/sshecret_admin/api/endpoints/secrets.py
+++ b/packages/sshecret-admin/src/sshecret_admin/api/endpoints/secrets.py
@ -23,7 +23,7 @@ def create_router(dependencies: AdminDependencies) -> APIRouter:

    @app.get("/secrets/")
    async def get_secret_names(
-        admin: Annotated[AdminBackend, Depends(dependencies.get_admin_backend)]
+        admin: Annotated[AdminBackend, Depends(dependencies.get_admin_backend)],
    ) -> list[Secret]:
        """Get Secret Names."""
        return await admin.get_secrets()
--- a/packages/sshecret-admin/src/sshecret_admin/api/router.py
+++ b/packages/sshecret-admin/src/sshecret_admin/api/router.py
@ -14,6 +14,7 @@ from sqlalchemy.orm import Session
 from sshecret_admin.services.admin_backend import AdminBackend
 from sshecret_admin.core.dependencies import BaseDependencies, AdminDependencies
 from sshecret_admin.auth import PasswordDB, User, decode_token
+from sshecret_admin.auth.constants import LOCAL_ISSUER

 from .endpoints import auth, clients, secrets

@ -41,9 +42,17 @@ def create_router(dependencies: BaseDependencies) -> APIRouter:
        if not token_data:
            raise credentials_exception

-        user = session.scalars(
-            select(User).where(User.username == token_data.username)
-        ).first()
+        if token_data.provider == LOCAL_ISSUER:
+            user = session.scalars(
+                select(User).where(User.username == token_data.sub)
+            ).first()
+        else:
+            user = session.scalars(
+                select(User)
+                .where(User.oidc_issuer == token_data.provider)
+                .where(User.oidc_sub == token_data.sub)
+            ).first()
+
        if not user:
            raise credentials_exception
        return user
@ -57,10 +66,12 @@ def create_router(dependencies: BaseDependencies) -> APIRouter:
        return current_user

    async def get_admin_backend(
-        session: Annotated[Session, Depends(dependencies.get_db_session)]
+        session: Annotated[Session, Depends(dependencies.get_db_session)],
    ):
        """Get admin backend API."""
-        password_db = session.scalars(select(PasswordDB).where(PasswordDB.id == 1)).first()
+        password_db = session.scalars(
+            select(PasswordDB).where(PasswordDB.id == 1)
+        ).first()
        if not password_db:
            raise HTTPException(
                500, detail="Error: The password manager has not yet been set up."