The SimpleLogin back-end and web app
Find a file
2019-12-15 18:55:12 +02:00
app Show "upgrade" button if user is in trial 2019-12-15 18:55:12 +02:00
local_data add self-signed ssl certificate generated by "openssl req -x509 -newkey rsa:4096 -nodes -out cert.pem -keyout key.pem -days 365" 2019-12-15 18:55:09 +02:00
migrations add missing migration 2019-12-15 18:55:12 +02:00
poc create BaseForm to enable CSRF 2019-07-02 10:20:12 +03:00
static user can choose their avatar to send 2019-12-15 18:55:10 +02:00
templates hide the "Become Partner/Developer" button 2019-12-15 18:55:12 +02:00
tests remove monthly pricing, display 20$ for monthly pricing 2019-12-15 18:55:12 +02:00
.dockerignore create BaseForm to enable CSRF 2019-07-02 10:20:12 +03:00
.env.example remove monthly pricing, display 20$ for monthly pricing 2019-12-15 18:55:12 +02:00
.gitignore Fix wordings on Login page 2019-12-15 18:55:08 +02:00
cron.py create BaseForm to enable CSRF 2019-07-02 10:20:12 +03:00
crontab.yml create BaseForm to enable CSRF 2019-07-02 10:20:12 +03:00
Dockerfile use 2 worker for gunicorn 2019-12-15 18:55:09 +02:00
pyproject.toml create BaseForm to enable CSRF 2019-07-02 10:20:12 +03:00
README.md replace sl-server by localhost 2019-12-15 18:55:12 +02:00
requirements.in add pyopenssl 2019-12-15 18:55:09 +02:00
requirements.txt add pyopenssl 2019-12-15 18:55:09 +02:00
server.py replace lyra by GA 2019-12-15 18:55:12 +02:00
shell.py use John Wick email 2019-12-15 18:55:10 +02:00
wsgi.py create BaseForm to enable CSRF 2019-07-02 10:20:12 +03:00

OAuth flow

Authorization code flow:

http://localhost:7777/oauth/authorize?client_id=client-id&state=123456&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A7000%2Fcallback&state=dvoQ6Jtv0PV68tBUgUMM035oFiZw57

Implicit flow: http://localhost:7777/oauth/authorize?client_id=client-id&state=123456&response_type=token&redirect_uri=http%3A%2F%2Flocalhost%3A7000%2Fcallback&state=dvoQ6Jtv0PV68tBUgUMM035oFiZw57

Exchange the code to get the token with {code} replaced by the code obtained in previous step.

http -f -a client-id:client-secret http://localhost:7777/oauth/token grant_type=authorization_code code={code}

Get user info:

http http://localhost:7777/oauth/user_info 'Authorization:Bearer {token}'

Template structure

base single: for login, register page default: for all pages when user log ins

How to create new migration

Whenever the model changes, a new migration needs to be created

Set the database connection to use staging environment:

ln -sf ~/config/simplelogin/staging.env .env

Generate the migration script and make sure to review it:

flask db migrate

Code structure

local_data/: contain files used only locally. In deployment, these files should be replaced. - jwtRS256.key: generated using

ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key
# Don't add passphrase
openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub

OpenID, OAuth2 response_type & scope

According to https://medium.com/@darutk/diagrams-of-all-the-openid-connect-flows-6968e3990660

  • response_type can be either code, token, id_token or any combination.
  • scope can contain openid or not

Below is the different combinations that are taken into account until now:

response_type=code scope: with openid in scope, return id_token at /token: OK without: OK

response_type=token scope: with and without openid, nothing to do: OK

response_type=id_token return id_token in /authorization endpoint

response_type=id_token token return id_token in addition to access_token in /authorization endpoint

response_type=id_token code return id_token in addition to authorization_code in /authorization endpoint

Plan Upgrade, downgrade flow

Here's an example:

July 2019: user takes yearly plan, valid until July 2020 user.plan=yearly, user.plan_expiration=None set user.stripe card-token, customer-id, subscription-id

December 2019: user cancels his plan. set plan_expiration to "period end of subscription", ie July 2020 call stripe: stripe.Subscription.modify( user.stripe_subscription_id, cancel_at_period_end=True )

There are 2 possible scenarios at this point:

  1. user decides to renew on March 2020: set plan_expiration = None stripe.Subscription.modify( user.stripe_subscription_id, cancel_at_period_end=False )

  2. the plan ends on July 2020. The cronjob set

  • user stripe_subscription_id , stripe_card_token, stripe_customer_id to None
  • user.plan=free, user.plan_expiration=None
  • delete customer on stripe

user decides to take the premium plan again: go through all normal flow