commit eabb42353b0b29bc60fc3bdc07b848b25366e9aa Author: Kumi Date: Sat Feb 18 17:59:12 2023 +0000 OIDC Plesk Login App diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..844ed78 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +__pycache__/ +*.pyc +venv/ +settings.ini \ No newline at end of file diff --git a/plesklogin.py b/plesklogin.py new file mode 100644 index 0000000..3e5e520 --- /dev/null +++ b/plesklogin.py @@ -0,0 +1,88 @@ +from authlib.integrations.flask_client import OAuth +from flask import Flask, jsonify, redirect, url_for, request + +import requests + +from configparser import ConfigParser +from pathlib import Path + +import secrets + +config = ConfigParser(Path(__file__).parent / "settings.ini") + +app = Flask(__name__) +app.secret_key = config["FLASK"]["SecretKey"] + +plesk_url = config["PLESK"]["Domain"] +plesk_login = config["PLESK"]["Username"] +plesk_password = config["PLESK"]["Password"] + +# Configure Authlib with OIDC provider details +oauth = OAuth(app) + +oauth.register( + name='oidc', + client_id=config["OIDC"]["ClientID"], + client_secret=config["OIDC"]["ClientSecret"], + access_token_url=config["OIDC"]["TokenURL"], + authorize_url=config["OIDC"]["AuthorizeURL"], + jwks_uri=config["OIDC"]["JWKSURL"], + client_kwargs={ + 'scope': config["OIDC"].get("Scope") or 'openid profile email', + 'token_endpoint_auth_method': 'client_secret_basic', + 'token_placement': 'header' + }, +) + +# Define a route for the home page +@app.route('/') +def home(): + redirect_uri = url_for('oidc_callback', _external=True) + return oauth.oidc.authorize_redirect(redirect_uri) + +# Define a route for the OIDC provider's callback URL +@app.route('/oidc/callback') +def oidc_callback(): + # Get user information from OIDC provider + token = oauth.oidc.authorize_access_token() + user_info = token["userinfo"] + + # Display user's preferred_username + username = user_info.get('preferred_username') + user_ip = request.remote_addr + + xml_data = f""" + + + + {username} + + {user_ip} + + + + + + """ + + headers = { + "Content-Type": "text/xml", + "HTTP_AUTH_LOGIN": plesk_login, + "HTTP_AUTH_PASSWD": plesk_password, + "HTTP_PRETTY_PRINT": "TRUE", + } + + response = requests.post(f"https://{plesk_url}/enterprise/control/agent.php", headers=headers, data=xml_data, verify=False) + + if response.status_code == 200: + response_xml = response.content.decode() + # Extract the session ID from the response XML + session_id = response_xml.split("")[1].split("")[0] + else: + print("Error:", response.status_code, response.content.decode()) + raise Exception() + + return redirect(f"https://{plesk_url}/enterprise/rsession_init.php?PLESKSESSID={session_id}") + +if __name__ == '__main__': + app.run(debug=True) \ No newline at end of file diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..26d4125 --- /dev/null +++ b/requirements.txt @@ -0,0 +1,3 @@ +Flask +Authlib +requests \ No newline at end of file diff --git a/settings.dist.ini b/settings.dist.ini new file mode 100644 index 0000000..c139d50 --- /dev/null +++ b/settings.dist.ini @@ -0,0 +1,14 @@ +[FLASK] +SecretKey = ReallyJustAnyRandomStringIGuess + +[PLESK] +Domain = plesk.local +Username = your_admin_account +Password = your_admin_password + +[OIDC] +ClientID = your_app_id +ClientSecret = your_app_secret +TokenURL = https://kumidc.local/openid/token +AuthorizeURL = https://kumidc.local/openid/authorize +JWKSURL = https://kumidc.local/openid/jwks \ No newline at end of file