Use OIDC authentication from the web form (release-engineering#33)

hluk · Nov 29, 2022 · 2403a32 · 2403a32
1 parent e27383d
commit 2403a32
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 12 deletions.
diff --git a/.github/workflows/gating.yaml b/.github/workflows/gating.yaml
@@ -10,17 +10,14 @@ jobs:
   tests:
     name: Unit tests
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        python-version: ["3.9"]
 
     steps:
       - uses: actions/checkout@v3
 
-      - name: Set up Python ${{ matrix.python-version }}
+      - name: Set up Python
         uses: actions/setup-python@v3
         with:
-          python-version: ${{ matrix.python-version }}
+          python-version: "3.9"
 
       - name: Install system dependencies
         uses: nick-invision/retry@v2
@@ -54,6 +51,11 @@ jobs:
           pip3 install --upgrade coveralls==3.2.0
           coveralls --service=github
 
+      - name: Set up Python for documentation build
+        uses: actions/setup-python@v3
+        with:
+          python-version: "3.8"
+
       - name: Test building documentation with tox
         run: tox -e docs
 
@@ -124,17 +126,14 @@ jobs:
       IMAGE_NAME: waiverdb
       REGISTRY: quay.io/factory2
       GH_REGISTRY: ghcr.io/${{ github.actor }}
-    strategy:
-      matrix:
-        python-version: ["3.9"]
 
     steps:
       - uses: actions/checkout@v3
 
-      - name: Set up Python ${{ matrix.python-version }}
+      - name: Set up Python
         uses: actions/setup-python@v3
         with:
-          python-version: ${{ matrix.python-version }}
+          python-version: "3.9"
 
       - name: Install dependencies
         run: |

diff --git a/waiverdb/api_v1.py b/waiverdb/api_v1.py
@@ -464,6 +464,7 @@ def _create_waiver(self, args, user):
 
 
 class WaiversNewResource(WaiversResource):
+    @oidc.require_login
     def get(self):
         """
         HTML form to create a waiver.
@@ -484,14 +485,15 @@ def get(self):
         html = render_template('new_waiver.html', request_args=request.args)
         return Response(html, mimetype='text/html')
 
+    @oidc.require_login
     @marshal_with(waiver_fields)
     def post(self):
-        user, headers = waiverdb.auth.get_user(request)
+        user = oidc.user_getfield(current_app.config["OIDC_USERNAME_FIELD"])
         args = RP['create_waiver_form'].parse_args()
         result = self._create_waiver(args, user)
         db.session.add(result)
         db.session.commit()
-        return result, 201, headers
+        return result, 201
 
 
 class WaiverResource(Resource):

diff --git a/waiverdb/config.py b/waiverdb/config.py
@@ -22,6 +22,7 @@ class Config(object):
     # https://github.com/flask-restful/flask-restful/issues/449
     ERROR_404_HELP = False
     AUTH_METHOD = 'OIDC'  # Specify OIDC, Kerberos or SSL for authentication
+    OIDC_USERNAME_FIELD = 'preferred_username'
     # Set this to True or False to enable publishing to a message bus
     MESSAGE_BUS_PUBLISH = True
     # Specify fedmsg or stomp for publishing messages