ske087/enterprise_digital-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0aefadbfd8a5a985ab63b7aa67925fd38e7d1f0b
enterprise_digital-platform/digiserver-v2/app/blueprints/auth.py
T
ske087 0aefadbfd8 NetworkView: API routing fix, logout button, audit trail, port/notes editor tracking 
- Fix frontend API base path (VITE_API_BASE env var, GraphPage hardcoded /api)
- Add logout button to NetworkView sidebar (clears portal SSO)
- Add AuditTrail component: inline change history on all entity pages
- DB migration: add updated_at, last_edited_by to ports table
- DB migration: add notes_last_edited_by, notes_updated_at to all entity tables
- Backend: track actor on port create/update; notes editor on entity PUT
- Frontend: extend types, MarkdownEditor shows last editor, port modal/list show last editor
- Fix port CREATE TABLE definition to include new columns upfront
- Add try/catch in handleSavePort to surface API errors in modal
2026-05-10 23:10:02 +03:00

64 lines
2.4 KiB
Python
Raw Blame History

"""
Authentication Blueprint - Login, Logout
User management is handled exclusively by the Enterprise Digital Platform portal.
Direct registration and local user creation are disabled.
"""
from flask import Blueprint, render_template, request, redirect, url_for, flash, current_app
from flask_login import login_user, logout_user, login_required, current_user
from app.extensions import db, bcrypt, login_manager
from app.models import User
from app.utils.logger import log_action
auth_bp = Blueprint('auth', __name__)
@auth_bp.route('/login', methods=['GET', 'POST'])
def login():
"""
Login handler.
When accessed through the portal nginx gateway the portal_sso.py before_request
hook already logs the user in and redirects to the dashboard — this handler is
only reached if someone accesses DigiServer directly (bypassing the gateway).
In that case we redirect them to the portal login page.
"""
if current_user.is_authenticated:
return redirect(url_for('main.dashboard'))
# If there are X-Auth-Username headers the SSO hook should have handled this
# already. If we still end up here the user has no portal session — send them
# to the portal login so they can authenticate through the proper gateway.
portal_login = current_app.config.get('PORTAL_LOGIN_URL', '/login')
return redirect(portal_login)
@auth_bp.route('/logout')
@login_required
def logout():
"""Log out of DigiServer and redirect to portal logout to clear the SSO cookie."""
username = current_user.username
logout_user()
log_action('info', f'User {username} logged out')
portal_logout = current_app.config.get('PORTAL_LOGOUT_URL', 'http://localhost:8080/logout')
return redirect(portal_logout)
@auth_bp.route('/register', methods=['GET', 'POST'])
def register():
"""
Self-registration is disabled — users are managed exclusively by the portal.
Redirect to the portal login page.
"""
portal_login = current_app.config.get('PORTAL_LOGIN_URL', '/login')
return redirect(portal_login)
@auth_bp.route('/change-password', methods=['GET', 'POST'])
@login_required
def change_password():
"""
Password changes are managed by the portal.
Passwords for portal-managed users are randomly generated and not user-facing.
"""
flash('Password management is handled through the Enterprise Digital Platform portal.', 'info')
return redirect(url_for('main.dashboard'))
Reference in New Issue View Git Blame Copy Permalink