def sso_redirect_to_provider(request):
if request.user.is_authenticated:
return HttpResponseRedirect(request.GET.get('next', '/'))
nonce = uuid.uuid4().hex
secret = settings.DISCOURSE_SSO_SECRET.encode('utf8')
provider = settings.DISCOURSE_SSO_PROVIDER
request.session['sso_nonce'] = nonce
params = request.GET.copy()
try:
del params['sso']
del params['sig']
except KeyError:
pass
if params:
params = '?' + params.urlencode()
else:
params = ''
return_path = reverse('sso_callback') + params
return_url = request.build_absolute_uri(return_path)
payload = QueryDict(mutable=True)
payload['nonce'] = nonce
payload['return_sso_url'] = return_url
payload = base64.b64encode(payload.urlencode().encode('utf8'))
signature = hmac.new(secret, msg=payload,
digestmod=hashlib.sha256).hexdigest()
provider_url = 'https://%s/session/sso_provider?sso=%s&sig=%s' % (
provider, payload.decode('utf8'), signature)
return HttpResponseRedirect(provider_url)
