ctfd-oauth/blueprint.py at main · nodezeroat/ctfd-oauth · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
from typing import Any

from CTFd.cache import cache
from CTFd.utils.decorators import admins_only
from flask import Blueprint, render_template, request

from . import auth
from .db_utils import DBUtils

oauth_bp = Blueprint("oauth2", __name__, template_folder="templates")


def clear_oauth_cache() -> None:
    """Clear OAuth configuration cache to pick up changes immediately."""
    # Import here to avoid circular dependency
    from . import is_oauth_enabled

    try:
        cache.delete_memoized(is_oauth_enabled)
    except:
        # If memoized cache fails, try regular cache delete
        pass

    try:
        cache.delete("oauth_plugin_enabled_status")
    except:
        pass


def load_bp(plugin_route: str) -> Blueprint:
    """Load and configure the OAuth blueprint with routes."""

    @oauth_bp.route(plugin_route, methods=["GET"])
    @admins_only
    def get_config() -> str:
        """Display OAuth configuration page."""
        config = DBUtils.get_config()
        is_valid, errors = DBUtils.validate_config()

        return render_template(
            "oauth2/config.html",
            config=config,
            errors=errors if not is_valid else [],
        )

    @oauth_bp.route(plugin_route, methods=["POST"])
    @admins_only
    def update_config() -> str:
        """Update OAuth configuration."""
        config = request.form.to_dict()
        del config["nonce"]

        errors = []

        # Handle OIDC discovery if discovery URL is provided
        discovery_url = config.get("oauth_discovery_url")
        if discovery_url:
            endpoints = DBUtils.discover_oidc_endpoints(discovery_url)
            if endpoints:
                config.update(endpoints)
                errors.append(
                    "OIDC discovery successful! Endpoints have been auto-configured."
                )
            else:
                errors.append(
                    "OIDC discovery failed. Please check the discovery URL or configure endpoints manually."
                )

        DBUtils.save_config(config.items())

        # Clear cache to pick up configuration changes immediately
        clear_oauth_cache()

        # Validate the saved configuration
        is_valid, validation_errors = DBUtils.validate_config()
        if not is_valid:
            errors.extend(validation_errors)
        else:
            # Add success message if configuration is valid
            if config.get("oauth_plugin_enabled") == "on":
                errors.append(
                    "OAuth configuration saved successfully! Changes are active immediately - no restart required."
                )
            else:
                errors.append(
                    "OAuth configuration saved successfully! OAuth is currently disabled."
                )

        return render_template(
            "oauth2/config.html",
            config=DBUtils.get_config(),
            errors=errors,
        )

    @oauth_bp.route("/oauth2/login", methods=["GET"])
    def oauth2_login() -> Any:
        """Handle OAuth login initiation."""
        return auth.oauth2_login()

    @oauth_bp.route("/oauth2/callback", methods=["GET"])
    def oauth2_callback() -> Any:
        """Handle OAuth callback."""
        return auth.oauth2_callback()

    return oauth_bp