From 96d88aad949718cb5ff04315f9a9d60f04dffedf Mon Sep 17 00:00:00 2001
From: Lukas Zuba <l.z@chello.at>
Date: Mon, 9 Oct 2023 17:51:23 +0200
Subject: [PATCH] change flask oidc package and adjusted code & config
 accordingly to free up package requirments / allow newer versions

---
 app/starter.py           | 12 +++++-------
 docker/keycloak/dev.json | 10 +++++-----
 requirements.txt         |  4 ++--
 3 files changed, 12 insertions(+), 14 deletions(-)

diff --git a/app/starter.py b/app/starter.py
index b84cccb..1a78d3b 100644
--- a/app/starter.py
+++ b/app/starter.py
@@ -1,8 +1,8 @@
 #!/PATH/TO/YOUR/PYTHON3
 import functools
 import os, logging, Controller, sys, base64, customSessionInterface
-from flask_oidc_ex import OpenIDConnect
-from flask import Flask, request, jsonify, make_response, send_from_directory, render_template, Response
+from flask_oidc import OpenIDConnect
+from flask import Flask, request, jsonify, make_response, send_from_directory, render_template, Response, session
 import flask_wtf.csrf
 from cheroot.wsgi import Server as WSGIServer, PathInfoDispatcher
 from markupsafe import Markup
@@ -21,7 +21,6 @@
             "OIDC_COOKIE_SECURE": True,
             "OIDC_CLIENT_SECRETS": "app/secrets.json",
             "OIDC_ID_TOKEN_COOKIE_SECURE": True,
-            "OIDC_REQUIRE_VERIFIED_EMAIL": True,
             "OIDC_CLOCK_SKEW": 3600,
             "OVERWRITE_REDIRECT_URI": f"https://mlaps.{companyName}.com/oidc_callback",
             "OIDC_RESOURCE_SERVER_VALIDATION_MODE": "online",
@@ -42,10 +41,9 @@
 
     def get_oidc_user_info() -> dict:
         if oidc.user_loggedin:
-            info = oidc.user_getinfo(["groups", "preferred_username", "email"])
-            username = info.get("preferred_username")
-            email = info.get("email")
-            groups = info.get("groups")
+            username = session['oidc_auth_profile']["preferred_username"]
+            email = session['oidc_auth_profile']["email"]
+            groups = session['oidc_auth_profile']["groups"]
             return {"username": username, "email": email, "groups": groups}
         else:
             return None
diff --git a/docker/keycloak/dev.json b/docker/keycloak/dev.json
index 806efde..8fd3c4a 100644
--- a/docker/keycloak/dev.json
+++ b/docker/keycloak/dev.json
@@ -504,16 +504,16 @@
   }, {
     "id" : "82e2618a-7b8b-44aa-904b-c8e31990f404",
     "clientId" : "mlaps",
-    "rootUrl" : "https://mlaps.$YOURCOMPANY.com",
-    "adminUrl" : "https://mlaps.$YOURCOMPANY.com",
-    "baseUrl" : "https://mlaps.$YOURCOMPANY.com",
+    "rootUrl" : "https://mlaps.foobar.com",
+    "adminUrl" : "https://mlaps.foobar.com",
+    "baseUrl" : "https://mlaps.foobar.com",
     "surrogateAuthRequired" : false,
     "enabled" : true,
     "alwaysDisplayInConsole" : false,
     "clientAuthenticatorType" : "client-secret",
     "secret" : "7mF1V9zO8wsZIHOicQBAsqsYCaUqJqkC",
-    "redirectUris" : [ "https://mlaps.$YOURCOMPANY.com/oidc_callback" ],
-    "webOrigins" : [ "https://mlaps.$YOURCOMPANY.com" ],
+    "redirectUris" : [ "https://mlaps.foobar.com/authorize" ],
+    "webOrigins" : [ "https://mlaps.foobar.com" ],
     "notBefore" : 0,
     "bearerOnly" : false,
     "consentRequired" : false,
diff --git a/requirements.txt b/requirements.txt
index 2359e02..1e7014d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,6 +1,6 @@
 Flask
-flask_oidc_ex
-itsdangerous==2.0.1
+flask_oidc
+itsdangerous
 hvac
 Flask-APScheduler
 pyOpenSSL