Commit 73f90725 authored by echel0n's avatar echel0n

Merge branch 'develop' into feature-annoucements

parents 09347b4a a41b58f1
......@@ -6,6 +6,10 @@ stages:
- release_sentry
- release_deploy
services:
- name: docker:dind
command: ["--mtu=1450"]
#review:webpack:
# stage: review_webpack
# image:
......
{
"name": "sickrage",
"version": "9.4.198.dev0",
"version": "9.4.200.dev0",
"private": true,
"repository": {
"type": "git",
......
[bumpversion]
current_version = 9.4.198.dev0
current_version = 9.4.200.dev0
commit = False
tag = False
parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)(\.(?P<release>[a-z]+)(?P<dev>\d+))?
......
......@@ -25,18 +25,17 @@ import threading
import time
import traceback
from abc import ABC
from json import JSONDecodeError
from urllib.parse import urlparse, urljoin
from jose import ExpiredSignatureError
from keycloak.exceptions import KeycloakClientError
from mako.exceptions import RichTraceback
from mako.lookup import TemplateLookup
from requests import HTTPError
from tornado import locale
from tornado.web import RequestHandler
import sickrage
from sickrage.core import helpers, API
from sickrage.core import helpers
class BaseHandler(RequestHandler, ABC):
......@@ -106,14 +105,15 @@ class BaseHandler(RequestHandler, ABC):
return
try:
token = json.loads(cookie)
token = json.loads(cookie.decode("utf-8"))
try:
return sickrage.app.oidc_client.userinfo(token['access_token'])
except KeycloakClientError as e:
return sickrage.app.oidc_client.decode_token(token['access_token'], sickrage.app.oidc_client.certs())
except (KeycloakClientError, ExpiredSignatureError):
token = sickrage.app.oidc_client.refresh_token(token['refresh_token'])
self.set_secure_cookie('_sr', json.dumps(token))
return sickrage.app.oidc_client.userinfo(token['access_token'])
except Exception:
self.set_secure_cookie('_sr', json.dumps({'access_token': token['access_token'], 'refresh_token': token['refresh_token']}))
return sickrage.app.oidc_client.decode_token(token['access_token'], sickrage.app.oidc_client.certs())
except Exception as e:
sickrage.app.log.debug('{!r}'.format(e))
pass
def render_string(self, template_name, **kwargs):
......
......@@ -36,22 +36,22 @@ class LoginHandler(BaseHandler, ABC):
if code:
try:
token = sickrage.app.oidc_client.authorization_code(code, redirect_uri)
userinfo = sickrage.app.oidc_client.userinfo(token['access_token'])
decoded_token = sickrage.app.oidc_client.decode_token(token['access_token'], sickrage.app.oidc_client.certs())
self.set_secure_cookie('_sr', json.dumps(token))
self.set_secure_cookie('_sr', json.dumps({'access_token': token['access_token'], 'refresh_token': token['refresh_token']}))
if not userinfo.get('sub'):
if not decoded_token.get('sub'):
return self.redirect('/logout')
if not sickrage.app.config.sub_id:
sickrage.app.config.sub_id = userinfo.get('sub')
sickrage.app.config.sub_id = decoded_token.get('sub')
sickrage.app.config.save()
if sickrage.app.config.sub_id != userinfo.get('sub'):
if sickrage.app.config.sub_id != decoded_token.get('sub'):
if API().token:
allowed_usernames = API().allowed_usernames()['data']
if not userinfo['preferred_username'] in allowed_usernames:
sickrage.app.log.debug("USERNAME:{} IP:{} - WEB-UI ACCESS DENIED".format(userinfo['preferred_username'], self.request.remote_ip))
if not decoded_token['preferred_username'] in allowed_usernames:
sickrage.app.log.debug("USERNAME:{} IP:{} - WEB-UI ACCESS DENIED".format(decoded_token['preferred_username'], self.request.remote_ip))
return self.redirect('/logout')
else:
return self.redirect('/logout')
......@@ -60,6 +60,7 @@ class LoginHandler(BaseHandler, ABC):
API().logout()
API().token = token
except Exception as e:
sickrage.app.log.debug('{!r}'.format(e))
return self.redirect('/logout')
if not sickrage.app.config.app_id:
......
9.4.198.dev0
\ No newline at end of file
9.4.200.dev0
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment