views.py
About this file
The file handles authentication endpoints for NYC OpenRecords.
The routes are defined to:
Handle login redirects for users,
Unified logout endpoint for all authentication types,
Allow users to manage their OpenRecords specific attributes,
View function to handle SAML SSO Workflow,
Access the SAML SP metadata for this application,
Login a user using the LDAP protocol,
Log a user out from the LDAP server,
Authenticate a user against the database (ignore password),
Log a user out from the server.
Code Check Report
app/auth/views.py:172:121: E501 line too long (127 > 120 characters)
app/auth/views.py:380:121: E501 line too long (131 > 120 characters)
Documentation drawn from source code
.. module:: auth.views.:synopsis: Handles authentication endpoints for NYC OpenRecords
login():Handle login redirects for users.This application supports three methods for login: SAML 2.0, LDAP, and Local AuthenticationSAML 2.0 integrates with the City of New York Authentication System (NYC.ID). Users will be redirected to the SAMLauthentication endpoint. Please see app.auth.saml for details.LDAP authentication will redirect the user to a Flask login form and authenticate them using the LDAP protocol.Please see app.auth.ldap_login for details.Local Auth is used for development and testing purposes only. It allows a user to login using any password, as longas the email is valid and in the database.The three methods are called in the preferred method for authentication: 1) SAML 2) LDAP 3) Local AuthBased off of: https://flask-login.readthedocs.io/en/latest/#login-exampleArgs:next (str): URL to send the user to after successful authentication.Returns:HTTP Response (werkzeug.wrappers.Response): Response redirecting the browser to the proper URL for login
logout():Unified logout endpoint for all authentication types.GET Args:timeout (bool): If True, logout is being called due to a session timeout.forced_logout (bool): If True, logout is being called due to a duplicate session.Returns:HTTP Response (werkzeug.wrappers.Response): Redirect to the appropriate logout endpoint.
manage():Allow users to manage their OpenRecords specific attributes.For POST requests, updates the users data in the database.For GET requests, pulls the current user data from the database and pre-populates the form.Requires users to have an active authentication session.Returns:Flask Response with Manage Page
saml():View function to handle SAML SSO Workflow.GET Parameters:sso - Handle a regular login request (user clicks Login in the navbar)sso2 - Handle a login request from the application (user attempts to access a privileged resource)acs - Handle a login response from the IdP and return the user to the provided redirect URL (defaults to the home page)slo - Generate a Logout request for the IdPsls - Handle a Logout Response from the IdP and destroy the local sessionReturns:HTTP Response (werkzeug.wrappers.Response): Redirects the user to the proper location in the SAML Auth Workflow.
metadata():Access the SAML SP metadata for this applicationReturns:HTTP Response (werkzeug.wrappers.Response): XML SP Metadata
ldap_login():Login a user using the LDAP protocolArgs:next (str): URL to redirect the user to if login is successful. (in request.args)Returns:HTTP Response (werkzeug.wrappers.Response): Redirects the user to the home page (if successful) or to thelogin page again (if unsuccessful)
ldap_logout():Log a user out from the LDAP server.Args:timed_out (bool): If True, the users client side session timed-out.Returns:HTTP Response (werkzeug.wrappers.Response): Redirects the user to the home page
local_login():Authenticate a user against the database (ignore password).Allows developers to test functionality as valid users without needing to use a third party service.Returns:HTTP Response (werkzeug.wrappers.Response): Redirects the user to the home page (if successful) or to thelogin page again (if unsuccessful)
local_logout(timed_out=False):Log a user out from the server.Args:timed_out (bool): If True, the users client side session timed-out.Returns:HTTP Response (werkzeug.wrappers.Response): Redirects the user to the home page