t1sugAXW

1import datetime
2from flask import current_app, flash, Flask, g, jsonify, redirect, render_template, request, send_from_directory, session, url_for
3import flask_principal
4import flask_saml
5from fpdf import FPDF, HTMLMixin
6import json
7import os
8from schema import FormSubmissions, PeopleList
9import sqlite3
10from time import sleep
11import uuid
12
13
14app = Flask(__name__)
15
16### FLASK_SAML
17app.config['SAML_DEFAULT_REDIRECT'] = '/'
18app.config['PROPAGATE_EXCEPTIONS'] = True
19app.config['SAML_USE_SESSIONS'] = True
20app.config.update({
21    'SECRET_KEY': 'SydUTechLab*$%BLIT2019#',
22    'SAML_METADATA_URL': "https://sts.sydney.edu.au/federationmetadata/2007-06/federationmetadata.xml",
23})
24principals = flask_principal.Principal(app)
25flask_saml.FlaskSAML(app)
26saml = flask_saml.FlaskSAML(app)
27
28admin_permission = flask_principal.Permission(flask_principal.RoleNeed('admin'))
29
30db = 'database.db'
31BASE_DIR = os.path.dirname(os.path.abspath(__file__))
32db_path = os.path.join(BASE_DIR, db)
33
34@flask_saml.saml_log_out.connect_via(app)
35def on_saml_logout(sender):
36    flask_principal.identity_changed.send(
37        current_app._get_current_object(),
38        identity=get_identity(),
39    )
40    
41@flask_saml.saml_authenticated.connect_via(app)
42def on_saml_authenticated(sender, subject, attributes, auth):
43    claims = []
44    for a in attributes.values():
45        claims.append(a[0])
46
47    session['user_name'] = claims[3]
48    session['first_name'] = claims[0]
49    session['surname'] = claims[1]
50    session['email'] = claims[2]
51    session['faculty'] = claims[4]
52
53    flask_principal.identity_changed.send(
54        current_app._get_current_object(),
55        identity=get_identity(),
56    )
57
58
59@principals.identity_loader
60def get_identity():
61    if 'saml' in session:
62        return flask_principal.Identity(session['saml']['subject'])
63    else:
64        return flask_principal.AnonymousIdentity()
65
66
67@flask_principal.identity_loaded.connect_via(app)
68def on_identity_loaded(sender, identity):
69    # If authenticated, you're an admin 
70    # TODO: Role based account setting
71    if not isinstance(identity, flask_principal.AnonymousIdentity):
72        identity.provides.add(flask_principal.RoleNeed('admin'))
73
74@app.errorhandler(flask_principal.PermissionDenied)
75def handle_permission_denied(error):
76    deny = 'Permission Denied', 403
77    redir = redirect(url_for('login', next=request.url))
78    if isinstance(g.identity, flask_principal.AnonymousIdentity):
79        return redir
80    else:
81        return deny
82
83@app.route('/logout_user')
84def logout_user():
85    session.clear()
86    return redirect('https://sts.sydney.edu.au/adfs/ls/adfs/ls/?wa=wsignout1.0')