()
| 52 | methods=['GET', 'POST']) |
| 53 | @pgCSRFProtect.exempt |
| 54 | def oauth_authorize(): |
| 55 | # Reconstruct the minimal AuthSourceManager state from the session. |
| 56 | # The previous design stored a live AuthSourceManager instance, |
| 57 | # which required serializable-anything session storage and |
| 58 | # presented a deserialization vector. Now we persist only the |
| 59 | # OAuth2 provider name and re-look-up the auth-source from |
| 60 | # current_app's registry. |
| 61 | from pgadmin.authenticate import AuthSourceManager, get_auth_sources |
| 62 | oauth2_client = session.get('oauth2_current_client') |
| 63 | if not oauth2_client: |
| 64 | current_app.logger.warning( |
| 65 | "OAuth2 callback received without provider context; " |
| 66 | "session may have expired between login and callback") |
| 67 | flash(gettext("Login session expired. Please try again."), |
| 68 | MessageType.ERROR) |
| 69 | return redirect(get_safe_post_logout_redirect()) |
| 70 | |
| 71 | oauth2_source = get_auth_sources(OAUTH2) |
| 72 | # Restore the provider selection onto the (process-global) source |
| 73 | # instance so login() picks the right OAuth2 client. |
| 74 | oauth2_source.oauth2_current_client = oauth2_client |
| 75 | |
| 76 | auth_obj = AuthSourceManager({}, [OAUTH2]) |
| 77 | auth_obj.set_source(oauth2_source) |
| 78 | auth_obj.set_current_source(oauth2_source.get_source_name()) |
| 79 | |
| 80 | status, msg = auth_obj.login() |
| 81 | if status: |
| 82 | session['auth_source_manager'] = auth_obj.as_dict() |
| 83 | session.pop('oauth2_current_client', None) |
| 84 | return redirect(get_safe_post_login_redirect()) |
| 85 | session.pop('oauth2_current_client', None) |
| 86 | logout_user() |
| 87 | flash(msg, MessageType.ERROR) |
| 88 | return redirect(get_safe_post_login_redirect()) |
| 89 | |
| 90 | @blueprint.route('/logout', endpoint="logout", |
| 91 | methods=['GET', 'POST']) |
nothing calls this directly
no test coverage detected