Configuration class.

rohe · rohe · commit 0fd9ed0ded38 · 2020-02-12T08:18:56.000+01:00
configuration modified to use the new format.
diff --git a/flask_rp/application.py b/flask_rp/application.py
@@ -6,44 +6,28 @@
 from flask.app import Flask
 
 from oidcrp import RPHandler
-from oidcrp.util import load_yaml_config
+from oidcrp.configure import Configuration
 
 dir_path = os.path.dirname(os.path.realpath(__file__))
 
 
 def init_oidc_rp_handler(app):
-    verify_ssl = app.config.get('VERIFY_SSL')
-    httpc_params = {"verify": verify_ssl}
-
-    _cert = app.config.get("CLIENT_CERT")
-    _key = app.config.get("CLIENT_KEY")
-    if _cert and _key:
-        httpc_params["cert"] = (_cert, _key)
-    elif _cert:
-        httpc_params["cert"] = _cert
-
-    hash_seed = app.config.get('HASH_SEED')
-    if not hash_seed:
-        hash_seed = "BabyHoldOn"
-
-    rp_keys_conf = app.config.get('RP_KEYS')
-    if rp_keys_conf is None:
-        rp_keys_conf = app.config.get('OIDC_KEYS')
-
-    if rp_keys_conf:
-        _kj = init_key_jar(**rp_keys_conf)
-        _path = rp_keys_conf['public_path']
+    _rp_conf = app.rp_config
+
+    if _rp_conf.rp_keys:
+        _kj = init_key_jar(**_rp_conf.rp_keys)
+        _path = _rp_conf.rp_keys['public_path']
         # removes ./ and / from the begin of the string
         _path = re.sub('^(.)/', '', _path)
     else:
         _kj = KeyJar()
         _path = ''
-    _kj.httpc_params = httpc_params
+    _kj.httpc_params = _rp_conf.httpc_params
 
-    rph = RPHandler(base_url=app.config.get('BASEURL'),
-                    hash_seed=hash_seed, keyjar=_kj, jwks_path=_path,
-                    client_configs=app.config.get('CLIENTS'),
-                    services=app.config.get('SERVICES'), httpc_params=httpc_params)
+    rph = RPHandler(base_url=_rp_conf.base_url,
+                    hash_seed=_rp_conf.hash_seed, keyjar=_kj, jwks_path=_path,
+                    client_configs=_rp_conf.clients,
+                    services=_rp_conf.services, httpc_params=_rp_conf.httpc_params)
 
     return rph
 
@@ -52,14 +36,8 @@ def oidc_provider_init_app(config_file, name=None, **kwargs):
     name = name or __name__
     app = Flask(name, static_url_path='', **kwargs)
 
-    if config_file.endswith('.yaml'):
-        app.config.update(load_yaml_config(config_file))
-    elif config_file.endswith('.py'):
-        app.config.from_pyfile(os.path.join(dir_path, config_file))
-    else:
-        raise ValueError('Unknown configuration format')
-
-    app.config['SECRET_KEY'] = os.urandom(12).hex()
+    app.rp_config = Configuration.create_from_config_file(config_file)
+    # app.config['SECRET_KEY'] = os.urandom(12).hex()
 
     app.users = {'test_user': {'name': 'Testing Name'}}
 
diff --git a/flask_rp/conf.yaml b/flask_rp/conf.yaml
@@ -1,21 +1,15 @@
-PORT: 8090
-BASEURL: "https://127.0.0.1:8090"
+port: &port 8090
+domain: &domain 127.0.0.1
+base_url: "https://{domain}:{port}"
 
-# If BASE is https these has to be specified
-SERVER_CERT: "certs/cert.pem"
-SERVER_KEY: "certs/key.pem"
-CA_BUNDLE: ''
-# If you want the clients cert to be verified
-#VERIFY_USER: optional
+http_params:
+  # This is just for testing an local usage. In all other cases it MUST be True
+  verify_ssl: false
+  # Client side
+  #client_cert: "certs/client.crt"
+  #client_key: "certs/client.key"
 
-# This is just for testing an local usage. In all other cases it MUST be True
-VERIFY_SSL: false
-
-# Client side
-#CLIENT_CERT: "certs/client.crt"
-#CLIENT_KEY: "certs/client.key"
-
-KEYDEFS: &keydef
+keydefs: &keydef
   -
     "type": "RSA"
     "key": ''
@@ -25,27 +19,27 @@ KEYDEFS: &keydef
     "crv": "P-256"
     "use": ["sig"]
 
-HTML_HOME: 'html'
-SECRET_KEY: 'secret_key'
-SESSION_COOKIE_NAME: 'rp_session'
-PREFERRED_URL_SCHEME: 'https'
+html_home: 'html'
+secret_key: 'secret_key'
+session_cookie_name: 'rp_session'
+preferred_url_scheme: 'https'
 
-RP_KEYS:
-    'private_path': './private/jwks.json'
+rp_keys:
+    'private_path': 'private/jwks.json'
     'key_defs': *keydef
-    'public_path': './static/jwks.json'
+    'public_path': 'static/jwks.json'
     # this will create the jwks files if they are absent
     'read_only': False
 
-CLIENT_PREFERENCES: &id001
+client_preferences: &id001
     application_name: rphandler
     application_type: web
     contacts: [ops@example.com]
     response_types: [code]
     scope: [openid, profile, email, address, phone]
     token_endpoint_auth_method: [client_secret_basic, client_secret_post]
 
-SERVICES: &id002
+services: &id002
   discovery:
     class: oidcservice.oidc.provider_info_discovery.ProviderInfoDiscovery
     kwargs: {}
@@ -68,16 +62,16 @@ SERVICES: &id002
     class: oidcservice.oidc.end_session.EndSession
     kwargs: {}
 
-CLIENTS:
+clients:
   "":
     client_preferences: *id001
     redirect_uris: None
     services: *id002
   flop:
     client_preferences: *id001
     issuer: https://127.0.0.1:5000/
-    jwks_uri: https://127.0.0.1:8090/static/jwks.json
-    redirect_uris: ['https://127.0.0.1:8090/authz_cb/flop']
+    jwks_uri: 'static/jwks.json'
+    redirect_uris: ['authz_cb/flop']
     services: *id002
     add_ons:
       pkce:
@@ -87,5 +81,13 @@ CLIENTS:
           code_challenge_method: S256
 
 
-# Whether an attempt to fetch the userinfo should be made
-USERINFO: true
+webserver:
+  port: *port
+  domain: *domain
+  # If BASE is https these has to be specified
+  server_cert: "certs/cert.pem"
+  server_key: "certs/key.pem"
+  # If you want the clients cert to be verified
+  # verify_user: optional
+  # The you also need
+  # ca_bundle: ''
