OIDC Plesk Login App

This commit is contained in:
Kumi 2023-02-18 17:59:12 +00:00
commit eabb42353b
Signed by: kumi
GPG key ID: ECBCC9082395383F
4 changed files with 109 additions and 0 deletions

4
.gitignore vendored Normal file
View file

@ -0,0 +1,4 @@
__pycache__/
*.pyc
venv/
settings.ini

88
plesklogin.py Normal file
View file

@ -0,0 +1,88 @@
from authlib.integrations.flask_client import OAuth
from flask import Flask, jsonify, redirect, url_for, request
import requests
from configparser import ConfigParser
from pathlib import Path
import secrets
config = ConfigParser(Path(__file__).parent / "settings.ini")
app = Flask(__name__)
app.secret_key = config["FLASK"]["SecretKey"]
plesk_url = config["PLESK"]["Domain"]
plesk_login = config["PLESK"]["Username"]
plesk_password = config["PLESK"]["Password"]
# Configure Authlib with OIDC provider details
oauth = OAuth(app)
oauth.register(
name='oidc',
client_id=config["OIDC"]["ClientID"],
client_secret=config["OIDC"]["ClientSecret"],
access_token_url=config["OIDC"]["TokenURL"],
authorize_url=config["OIDC"]["AuthorizeURL"],
jwks_uri=config["OIDC"]["JWKSURL"],
client_kwargs={
'scope': config["OIDC"].get("Scope") or 'openid profile email',
'token_endpoint_auth_method': 'client_secret_basic',
'token_placement': 'header'
},
)
# Define a route for the home page
@app.route('/')
def home():
redirect_uri = url_for('oidc_callback', _external=True)
return oauth.oidc.authorize_redirect(redirect_uri)
# Define a route for the OIDC provider's callback URL
@app.route('/oidc/callback')
def oidc_callback():
# Get user information from OIDC provider
token = oauth.oidc.authorize_access_token()
user_info = token["userinfo"]
# Display user's preferred_username
username = user_info.get('preferred_username')
user_ip = request.remote_addr
xml_data = f"""
<packet version="1.6.9.1">
<server>
<create_session>
<login>{username}</login>
<data>
<user_ip>{user_ip}</user_ip>
<source_server></source_server>
</data>
</create_session>
</server>
</packet>
"""
headers = {
"Content-Type": "text/xml",
"HTTP_AUTH_LOGIN": plesk_login,
"HTTP_AUTH_PASSWD": plesk_password,
"HTTP_PRETTY_PRINT": "TRUE",
}
response = requests.post(f"https://{plesk_url}/enterprise/control/agent.php", headers=headers, data=xml_data, verify=False)
if response.status_code == 200:
response_xml = response.content.decode()
# Extract the session ID from the response XML
session_id = response_xml.split("<id>")[1].split("</id>")[0]
else:
print("Error:", response.status_code, response.content.decode())
raise Exception()
return redirect(f"https://{plesk_url}/enterprise/rsession_init.php?PLESKSESSID={session_id}")
if __name__ == '__main__':
app.run(debug=True)

3
requirements.txt Normal file
View file

@ -0,0 +1,3 @@
Flask
Authlib
requests

14
settings.dist.ini Normal file
View file

@ -0,0 +1,14 @@
[FLASK]
SecretKey = ReallyJustAnyRandomStringIGuess
[PLESK]
Domain = plesk.local
Username = your_admin_account
Password = your_admin_password
[OIDC]
ClientID = your_app_id
ClientSecret = your_app_secret
TokenURL = https://kumidc.local/openid/token
AuthorizeURL = https://kumidc.local/openid/authorize
JWKSURL = https://kumidc.local/openid/jwks