app-MAIL-temp

email flask hacktoberfest oauth2 simplelogin sso

Go to file

Son NK 45cef7a4ef create unsubscribe view to block quickly an alias		2019-12-15 18:55:15 +02:00
app	create unsubscribe view to block quickly an alias	2019-12-15 18:55:15 +02:00
local_data	add self-signed ssl certificate generated by "openssl req -x509 -newkey rsa:4096 -nodes -out cert.pem -keyout key.pem -days 365"	2019-12-15 18:55:09 +02:00
migrations	add EmailChange model	2019-12-15 18:55:15 +02:00
poc	create BaseForm to enable CSRF	2019-07-02 10:20:12 +03:00
static	add alias log page	2019-12-15 18:55:14 +02:00
templates	update email template: remove "or you can paste this link" from html template	2019-12-15 18:55:15 +02:00
tests	put original name and email to from: header	2019-12-15 18:55:15 +02:00
.dockerignore	create BaseForm to enable CSRF	2019-07-02 10:20:12 +03:00
.env.example	remove monthly pricing, display 20$ for monthly pricing	2019-12-15 18:55:12 +02:00
.gitignore	ignore config symlink	2019-12-15 18:55:13 +02:00
Dockerfile	add vim to dockerfile to debug more easily	2019-12-15 18:55:13 +02:00
README.md	Change subscription model	2019-12-15 18:55:13 +02:00
cron.py	fix '<' not supported between instances of 'datetime.date' and 'Arrow'	2019-12-15 18:55:14 +02:00
crontab.yml	create BaseForm to enable CSRF	2019-07-02 10:20:12 +03:00
email_handler.py	put original name and email to from: header	2019-12-15 18:55:15 +02:00
pyproject.toml	create BaseForm to enable CSRF	2019-07-02 10:20:12 +03:00
requirements.in	add aiosmtpd into requirement	2019-12-15 18:55:13 +02:00
requirements.txt	upgrade sentry-sdk==0.13.2	2019-12-15 18:55:13 +02:00
server.py	fix user re-subscribes	2019-12-15 18:55:14 +02:00
shell.py	use John Wick email	2019-12-15 18:55:10 +02:00
wsgi.py	create BaseForm to enable CSRF	2019-07-02 10:20:12 +03:00

README.md

OAuth flow

Authorization code flow:

http://localhost:7777/oauth/authorize?client_id=client-id&state=123456&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A7000%2Fcallback&state=dvoQ6Jtv0PV68tBUgUMM035oFiZw57

Implicit flow: http://localhost:7777/oauth/authorize?client_id=client-id&state=123456&response_type=token&redirect_uri=http%3A%2F%2Flocalhost%3A7000%2Fcallback&state=dvoQ6Jtv0PV68tBUgUMM035oFiZw57

Exchange the code to get the token with {code} replaced by the code obtained in previous step.

http -f -a client-id:client-secret http://localhost:7777/oauth/token grant_type=authorization_code code={code}

Get user info:

http http://localhost:7777/oauth/user_info 'Authorization:Bearer {token}'

Template structure

base single: for login, register page default: for all pages when user log ins

How to create new migration

Whenever the model changes, a new migration needs to be created

Set the database connection to use staging environment:

ln -sf ~/config/simplelogin/staging.env .env

Generate the migration script and make sure to review it:

flask db migrate

Code structure

local_data/: contain files used only locally. In deployment, these files should be replaced. - jwtRS256.key: generated using

ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key
# Don't add passphrase
openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub

OpenID, OAuth2 response_type & scope

According to https://medium.com/@darutk/diagrams-of-all-the-openid-connect-flows-6968e3990660

response_type can be either code, token, id_token or any combination.
scope can contain openid or not

Below is the different combinations that are taken into account until now:

response_type=code scope: with openid in scope, return id_token at /token: OK without: OK

response_type=token scope: with and without openid, nothing to do: OK

response_type=id_token return id_token in /authorization endpoint

response_type=id_token token return id_token in addition to access_token in /authorization endpoint

response_type=id_token code return id_token in addition to authorization_code in /authorization endpoint