-
Notifications
You must be signed in to change notification settings - Fork 31
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
17 changed files
with
99 additions
and
16 deletions.
There are no files selected for viewing
2 changes: 1 addition & 1 deletion
2
...ashboard-assets/databases/PostgreSQL.yaml → .../superset/assets/databases/Analytics.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
{ | ||
"web": { | ||
"issuer": "${KEYCLOAK_URL}/realms/ozone", | ||
"auth_uri": "${KEYCLOAK_URL}/realms/ozone/protocol/openid-connect/auth", | ||
"client_id": "${SUPERSET_CLIENT_ID}", | ||
"client_secret": "${SUPERSET_CLIENT_SECRET}", | ||
"redirect_urls": [ | ||
"${SUPERSET_PUBLIC_URL}/*","http://localhost:8088/*" | ||
], | ||
"userinfo_uri": "${KEYCLOAK_URL}/realms/ozone/protocol/openid-connect/userinfo", | ||
"token_uri": "${KEYCLOAK_URL}/realms/ozone/protocol/openid-connect/token", | ||
"token_introspection_uri": "${KEYCLOAK_URL}/realms/ozone/protocol/openid-connect/token/introspect" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
from flask import redirect, request | ||
from flask_appbuilder.security.manager import AUTH_OID | ||
from superset.security import SupersetSecurityManager | ||
from flask_oidc import OpenIDConnect | ||
from flask_appbuilder.security.views import AuthOIDView | ||
from flask_login import login_user | ||
from urllib.parse import quote | ||
from flask_appbuilder.views import ModelView, SimpleFormView, expose | ||
import logging | ||
logger = logging.getLogger(__name__) | ||
|
||
class AuthOIDCView(AuthOIDView): | ||
def add_role_if_missing(self, sm, user_id, role_name): | ||
found_role = sm.find_role(role_name) | ||
session = sm.get_session | ||
user = session.query(sm.user_model).get(user_id) | ||
if found_role and found_role not in user.roles: | ||
user.roles += [found_role] | ||
session.commit() | ||
|
||
@expose('/login/', methods=['GET', 'POST']) | ||
def login(self, flag=True): | ||
sm = self.appbuilder.sm | ||
oidc = sm.oid | ||
|
||
|
||
@self.appbuilder.sm.oid.require_login | ||
def handle_login(): | ||
user = sm.auth_user_oid(oidc.user_getfield('email')) | ||
if user is None: | ||
info = oidc.user_getinfo(['preferred_username', 'given_name', 'family_name', 'email','roles']) | ||
user = sm.add_user(info.get('preferred_username'), info.get('given_name'), info.get('family_name'), info.get('email'), sm.find_role('Gamma')) | ||
role_info = oidc.user_getinfo(['roles']) | ||
if role_info is not None: | ||
for role in role_info['roles']: | ||
self.add_role_if_missing(sm, user.id, role) | ||
login_user(user, remember=False) | ||
return redirect(self.appbuilder.get_url_for_index) | ||
|
||
return handle_login() | ||
|
||
@expose('/logout/', methods=['GET', 'POST']) | ||
def logout(self): | ||
|
||
oidc = self.appbuilder.sm.oid | ||
|
||
oidc.logout() | ||
super(AuthOIDCView, self).logout() | ||
redirect_url = request.url_root.strip('/') + self.appbuilder.get_url_for_login | ||
|
||
return redirect(oidc.client_secrets.get('issuer') + '/protocol/openid-connect/logout?redirect_uri=' + quote(redirect_url)) | ||
|
||
class OIDCSecurityManager(SupersetSecurityManager): | ||
authoidview = AuthOIDCView | ||
def __init__(self,appbuilder): | ||
super(OIDCSecurityManager, self).__init__(appbuilder) | ||
if self.auth_type == AUTH_OID: | ||
self.oid = OpenIDConnect(self.appbuilder.get_app) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters