ske087/enterprise_digital-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit: enterprise digital platform with portal SSO, DigiServer, IT Assets, NetworkView, Server Monitor

Browse Source
This commit is contained in:
ske087
2026-05-10 21:07:50 +03:00
commit 8d9df56b0b
364 changed files with 73655 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
digiserver-v2/app/blueprints/auth.py
+63
View File
@@ -0,0 +1,63 @@
"""
Authentication Blueprint - Login, Logout
User management is handled exclusively by the Enterprise Digital Platform portal.
Direct registration and local user creation are disabled.
"""
from flask import Blueprint, render_template, request, redirect, url_for, flash, current_app
from flask_login import login_user, logout_user, login_required, current_user
from app.extensions import db, bcrypt, login_manager
from app.models import User
from app.utils.logger import log_action
auth_bp = Blueprint('auth', __name__)
@auth_bp.route('/login', methods=['GET', 'POST'])
def login():
"""
Login handler.
When accessed through the portal nginx gateway the portal_sso.py before_request
hook already logs the user in and redirects to the dashboard — this handler is
only reached if someone accesses DigiServer directly (bypassing the gateway).
In that case we redirect them to the portal login page.
"""
if current_user.is_authenticated:
return redirect(url_for('main.dashboard'))
# If there are X-Auth-Username headers the SSO hook should have handled this
# already. If we still end up here the user has no portal session — send them
# to the portal login so they can authenticate through the proper gateway.
portal_login = current_app.config.get('PORTAL_LOGIN_URL', '/login')
return redirect(portal_login)
@auth_bp.route('/logout')
@login_required
def logout():
"""User logout"""
username = current_user.username
logout_user()
log_action('info', f'User {username} logged out')
flash('You have been logged out.', 'info')
return redirect(url_for('auth.login'))
@auth_bp.route('/register', methods=['GET', 'POST'])
def register():
"""
Self-registration is disabled — users are managed exclusively by the portal.
Redirect to the portal login page.
"""
portal_login = current_app.config.get('PORTAL_LOGIN_URL', '/login')
return redirect(portal_login)
@auth_bp.route('/change-password', methods=['GET', 'POST'])
@login_required
def change_password():
"""
Password changes are managed by the portal.
Passwords for portal-managed users are randomly generated and not user-facing.
"""
flash('Password management is handled through the Enterprise Digital Platform portal.', 'info')
return redirect(url_for('main.dashboard'))