diff --git a/endpoints/oauthlogin.py b/endpoints/oauthlogin.py index 17cb6da20..bbb5d86f5 100644 --- a/endpoints/oauthlogin.py +++ b/endpoints/oauthlogin.py @@ -292,80 +292,3 @@ def decode_user_jwt(token, oidc_provider): audience=oidc_provider.client_id(), issuer=oidc_provider.issuer) - -@oauthlogin.route('/dex/callback', methods=['GET', 'POST']) -@route_show_if(features.DEX_LOGIN) -@oauthlogin_csrf_protect -def dex_oauth_callback(): - error = request.values.get('error', None) - if error: - return render_ologin_error(dex_login.public_title, error) - - code = request.values.get('code') - if not code: - return render_ologin_error(dex_login.public_title, 'Missing OAuth code') - - token = dex_login.exchange_code_for_token(app.config, client, code, client_auth=True, - form_encode=True) - if token is None: - return render_ologin_error(dex_login.public_title) - - try: - payload = decode_user_jwt(token, dex_login) - except InvalidTokenError: - logger.exception('Exception when decoding returned JWT') - return render_ologin_error( - dex_login.public_title, - 'Could not decode response. Please contact your system administrator about this error.', - ) - - username = get_email_username(payload) - metadata = {} - - dex_id = payload['sub'] - email_address = payload['email'] - - if not payload.get('email_verified', False): - return render_ologin_error( - dex_login.public_title, - 'A verified e-mail address is required for login. Please verify your ' + - 'e-mail address in %s and try again.' % dex_login.public_title, - ) - - - return conduct_oauth_login(dex_login, dex_id, username, email_address, - metadata=metadata) - - -@oauthlogin.route('/dex/callback/attach', methods=['GET', 'POST']) -@route_show_if(features.DEX_LOGIN) -@require_session_login -@oauthlogin_csrf_protect -def dex_oauth_attach(): - code = request.args.get('code') - token = dex_login.exchange_code_for_token(app.config, client, code, redirect_suffix='/attach', - client_auth=True, form_encode=True) - if token is None: - return render_ologin_error(dex_login.public_title) - - try: - payload = decode_user_jwt(token, dex_login) - except InvalidTokenError: - logger.exception('Exception when decoding returned JWT') - return render_ologin_error( - dex_login.public_title, - 'Could not decode response. Please contact your system administrator about this error.', - ) - - user_obj = current_user.db_user() - dex_id = payload['sub'] - metadata = {} - - try: - model.user.attach_federated_login(user_obj, 'dex', dex_id, metadata=metadata) - except IntegrityError: - err = '%s account is already attached to a %s account' % (dex_login.public_title, - app.config['REGISTRY_TITLE_SHORT']) - return render_ologin_error(dex_login.public_title, err) - - return redirect(url_for('web.user_view', path=user_obj.username, tab='external')) diff --git a/util/config/oauth.py b/util/config/oauth.py index 44bf084f2..7676e7954 100644 --- a/util/config/oauth.py +++ b/util/config/oauth.py @@ -349,22 +349,3 @@ class OIDCConfig(OAuthConfig): # Reload the key so that we can give a key *instance* to PyJWT to work around its weird parsing # issues. return load_der_public_key(rsa_key.key.exportKey('DER'), backend=default_backend()) - - -class DexOAuthConfig(OIDCConfig): - def service_name(self): - return 'Dex' - - @property - def public_title(self): - return self.get_public_config()['OIDC_TITLE'] - - def get_public_config(self): - return { - 'CLIENT_ID': self.client_id(), - 'AUTHORIZE_ENDPOINT': self.authorize_endpoint(), - - # TODO(jschorr): This should ideally come from the Dex side. - 'OIDC_TITLE': 'Dex', - 'OIDC_LOGO': 'https://tectonic.com/assets/ico/favicon-96x96.png' - }