ログイン修正

app.py

@@ -21,7 +21,8 @@ import tiktoken
 from streamlit import runtime
 from streamlit.runtime.scriptrunner import get_script_run_ctx
 import ipaddress
-
+import streamlit_authenticator as stauth
+import yaml
 from requests_oauthlib import OAuth2Session
 from time import time
 from dotenv import load_dotenv
@@ -32,36 +33,6 @@ load_dotenv()
 # 接続元制御
 ALLOW_IP_ADDRESS = os.environ["ALLOW_IP_ADDRESS"]
 
-# Azure AD app registration details
-CLIENT_ID = os.environ["CLIENT_ID"]
-CLIENT_SECRET = os.environ["CLIENT_SECRET"]
-TENANT_ID = os.environ["TENANT_ID"]
-
-# Azure API
-AUTHORITY = f"https://login.microsoftonline.com/{TENANT_ID}"
-REDIRECT_PATH = os.environ["REDIRECT_PATH"]
-TOKEN_URL = f"{AUTHORITY}/oauth2/v2.0/token"
-AUTHORIZATION_URL = f"{AUTHORITY}/oauth2/v2.0/authorize"
-SCOPES = ["openid", "profile", "User.Read"]
-
-# 認証用URL取得
-def authorization_request():
-    oauth = OAuth2Session(CLIENT_ID, redirect_uri=REDIRECT_PATH, scope=SCOPES)
-    authorization_url, state = oauth.authorization_url(AUTHORIZATION_URL)
-    return authorization_url, state
-
-# 認証トークン取得
-def token_request(authorization_response, state):
-    oauth = OAuth2Session(CLIENT_ID, state=state)
-    token = oauth.fetch_token(
-        TOKEN_URL,
-        code=authorization_response[0],
-        authorization_response=authorization_response,
-        client_secret=CLIENT_SECRET,
-
-    )
-    return token
-
 index_name = "./data/storage"
 pkl_name = "./data/stored_documents.pkl"
 
@@ -160,11 +131,6 @@ def is_allow_ip_address():
     # その他（許可リスト判定）
     return remote_ip in ALLOW_IP_ADDRESS
 
-def logout():
-    st.session_state["token"] = None
-    st.session_state["token_expires"] = None
-    st.session_state["authorization_state"] = None
-
 # メイン
 def app():
     # 初期化
@@ -180,39 +146,30 @@ def app():
     # 接続元OK
     st.title("Azure AD Login with Streamlit")
 
-    # 認証後のリダイレクトのGETパラメータ値を取得
-    authorization_response = st.experimental_get_query_params().get("code")
-
-    # 認証OK、トークン無し
-    if authorization_response and st.session_state["token"] is None:
-        # トークン設定
-        token = token_request(authorization_response, st.session_state["authorization_state"])
-        st.session_state["token"] = token
-        st.session_state["token_expires"] = token["expires_at"]
-
-    # トークン無し or 期限切れ
-    if st.session_state["token"] is None or float(st.session_state["token_expires"]) <= time():
-        # 認証用リンク表示
-        authorization_url, st.session_state["authorization_state"] = authorization_request()
-        st.markdown(f'[Click here to log in]({authorization_url})', unsafe_allow_html=True)
-    else:
-        # 認証OK
-        st.markdown(f"Logged in successfully. Welcome, {st.session_state['token']['token_type']}!")
-        if st.button("logout",use_container_width=True):
-            logout()
-            st.experimental_set_query_params()
-            st.experimental_rerun()
-        st.text("サイドバーから利用するメニューをお選びください。")
-        initialize_index()
-
-if __name__ == "__main__":
-    if "token" not in st.session_state or st.session_state["token"] is None or float(st.session_state["token_expires"]) <= time():
-        app()
-    else:
-        st.title("Azure AD Login with Streamlit")
-        if st.button("logout",use_container_width=True):
-            logout()
-            st.experimental_set_query_params()
-            st.experimental_rerun()
-        st.text("ログイン済みです。")
-        st.text("サイドバーから利用するメニューをお選びください。")
+with open('config.yaml') as file:
+    config = yaml.load(file, Loader=yaml.SafeLoader)
+
+authenticator = stauth.Authenticate(
+    config['credentials'],
+    config['cookie']['name'],
+    config['cookie']['key'],
+    config['cookie']['expiry_days'],
+    config['preauthorized'],
+)
+
+name, authentication_status, username = authenticator.login('Login', 'main')
+
+
+if 'authentication_status' not in st.session_state:
+    st.session_state['authentication_status'] = None
+
+if st.session_state["authentication_status"]:
+    authenticator.logout('Logout', 'main')
+    st.write(f'ログインに成功しました')
+    initialize_index()
+		# ここにログイン後の処理を書く。
+elif st.session_state["authentication_status"] is False:
+    st.error('ユーザ名またはパスワードが間違っています')
+elif st.session_state["authentication_status"] is None:
+    st.warning('ユーザ名やパスワードを入力してください')
+

common.py

@@ -17,22 +17,6 @@ logger.debug("調査用ログ")
 # 接続元制御
 ALLOW_IP_ADDRESS = os.environ["ALLOW_IP_ADDRESS"]
 
-# Azure AD app registration details
-CLIENT_ID = os.environ["CLIENT_ID"]
-TENANT_ID = os.environ["TENANT_ID"]
-
-# Azure API
-AUTHORITY = f"https://login.microsoftonline.com/{TENANT_ID}"
-REDIRECT_PATH = os.environ["REDIRECT_PATH"]
-AUTHORIZATION_URL = f"{AUTHORITY}/oauth2/v2.0/authorize"
-SCOPES = ["openid", "profile", "User.Read"]
-
-# 認証用URL取得
-def authorization_request():
-    oauth = OAuth2Session(CLIENT_ID, redirect_uri=REDIRECT_PATH, scope=SCOPES)
-    authorization_url, state = oauth.authorization_url(AUTHORIZATION_URL)
-    return authorization_url, state
-
 # 接続元IP取得
 def get_remote_ip():
     ctx = get_script_run_ctx()
@@ -60,13 +44,8 @@ def is_allow_ip_address():
 
 #ログインの確認
 def check_login():
-    # 接続元IP許可判定
-    if not is_allow_ip_address():
-        st.title("HTTP 403 Forbidden")
-        return
-
-    if "token" not in st.session_state or st.session_state["token"] is None or float(st.session_state["token_expires"]) <= time():
-        # 認証用リンク表示
-        authorization_url, st.session_state["authorization_state"] = authorization_request()
-        st.markdown(f'[Click here to log in]({authorization_url})', unsafe_allow_html=True)
+    if 'authentication_status' not in st.session_state:
+        st.session_state['authentication_status'] = None
+    if st.session_state["authentication_status"] is None or False:
+        st.warning("**ログインしてください**")
         st.stop()