Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature: optionally require login to access GHC app #254

Closed
justb4 opened this issue Jun 11, 2019 · 0 comments

Comments

@justb4
Copy link
Member

commented Jun 11, 2019

This feature has been requested by several users. In some cases it is required that only registered users have access to the entire GHC app as not to expose details of the OGC services. This could be both on an intranet (only sysadmin access) or when running publicly.

So basically only the login page (and reset password) should be accessible. Only when a user is in this case successfully logged-in will all other pages be accessible. By default GHC is configured with an admin user.

Proposed is to add a new setting GHC_REQUIRE_AUTH with default False to enforce this feature.

Implementation

Is quite simple, based on this StackOverflow answer.
The tricky thing is to still allow static content and the login view.

Some tests based on the StackOverflow answer revealed that this is workable, in app.py:

@APP.before_request
def before_request():
    g.user = current_user
    if request.args and 'lang' in request.args and request.args['lang'] != '':
        g.current_lang = request.args['lang']
    if not hasattr(g, 'current_lang'):
        g.current_lang = 'en'

    if not CONFIG['GHC_REQUIRE_AUTH']:
       return

    # ASSERTION: login required, pass-through static content and login page
    if any([request.endpoint.startswith('static/'),
            g.user.is_authenticated(),  # This is from Flask-Login 
            getattr(APP.view_functions[request.endpoint], 'is_public', False)]):
        return  # Access granted
    else:
        return redirect(url_for('login'))


def public_route(decorated_function):
    decorated_function.is_public = True
    return decorated_function

.
.
@APP.route('/login', methods=['GET', 'POST'])
@public_route
def login():
    """login"""
    if request.method == 'GET':
        return render_template('login.html')

@justb4 justb4 added the enhancement label Jun 11, 2019

@justb4 justb4 added this to the Version 0.7.0 milestone Jun 11, 2019

@justb4 justb4 self-assigned this Jun 11, 2019

@justb4 justb4 changed the title Feature: optionally always require login to access GHC app Feature: optionally require login to access GHC app Jun 11, 2019

justb4 added a commit to justb4/GeoHealthCheck that referenced this issue Jun 17, 2019

justb4 added a commit that referenced this issue Jun 18, 2019

PR #255 for issue #254 from justb4/issue-254-login
#254 implemented optional webapp-access authentication

@justb4 justb4 moved this from In progress to Done in Stantec NL sponsored development Jun 18, 2019

@justb4 justb4 closed this Jun 18, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
1 participant
You can’t perform that action at this time.