def callback(request): if 'oauth_state' not in request.session: return HttpResponseRedirect(request.build_absolute_uri(reverse(oauthadmin.views.login))) redirect_uri = request.build_absolute_uri(reverse(oauthadmin.views.callback)) oauth = OAuth2Session( app_setting('CLIENT_ID'), state=request.session['oauth_state'].decode('utf-8'), redirect_uri=redirect_uri, ) try: token = oauth.fetch_token( app_setting('TOKEN_URL'), client_secret=app_setting('CLIENT_SECRET'), authorization_response=app_setting('AUTH_URL') + "?" + request.GET.urlencode() ) except (MismatchingStateError, InvalidGrantError): return HttpResponseRedirect(request.build_absolute_uri(reverse(oauthadmin.views.login))) user = import_by_path(app_setting('GET_USER'))(token) request.session['last_verified_at'] = int(time()) request.session['oauth_token'] = token request.session['user'] = user next = json.loads(base64.b64decode(request.session['oauth_state']).decode('utf-8'))['next'] if not next: next = '/admin' return redirect(request.build_absolute_uri(next))
def login(request): # this view can be called directly by django admin site from # any url, or can be accessed by the login url if the urls # from this app were included if request.path == reverse(oauthadmin.views.login): # if this view is being accessed from login url look for 'next' # in query string to use as destination after the login is complete next = request.GET.get('next') else: # otherwise the django admin site called this view from another view. # Django admin doesn't redirect to login url if login is required, it # calls the view directly (django 1.7 fixed this and redirects and we # don't support it yet) next = request.get_full_path() redirect_uri = request.build_absolute_uri( reverse(oauthadmin.views.callback)) state_token = generate_token() state = base64.b64encode( json.dumps({ "state": state_token, "next": next }).encode('utf-8')) oauth = OAuth2Session( client_id=app_setting('CLIENT_ID'), redirect_uri=redirect_uri, scope=["default"], state=state, ) authorization_url, state = oauth.authorization_url(app_setting('AUTH_URL')) request.session['oauth_state'] = state return redirect(authorization_url)
def login(request): # this view can be called directly by django admin site from # any url, or can be accessed by the login url if the urls # from this app were included if request.path == reverse(oauthadmin.views.login): # if this view is being accessed from login url look for 'next' # in query string to use as destination after the login is complete next = request.GET.get('next') else: # otherwise the django admin site called this view from another view. # Django admin doesn't redirect to login url if login is required, it # calls the view directly (django 1.7 fixed this and redirects and we # don't support it yet) next = request.get_full_path() redirect_uri = request.build_absolute_uri(reverse(oauthadmin.views.callback)) state_token = generate_token() state=base64.b64encode(json.dumps({"state": state_token, "next": next}).encode('utf-8')) oauth = OAuth2Session( client_id=app_setting('CLIENT_ID'), redirect_uri=redirect_uri, scope=["default"], state=state, ) authorization_url, state = oauth.authorization_url(app_setting('AUTH_URL')) request.session['oauth_state'] = state return redirect(authorization_url)
def logout(request): if 'oauth_token' in request.session: oauth = OAuth2Session(app_setting('CLIENT_ID'), token=request.session['oauth_token']) oauth.get(app_setting('BASE_URL') + 'destroy_tokens') destroy_session(request) return redirect(request.build_absolute_uri('/'))
def process_request(self, request): if hasattr(request, 'session') and 'user' in request.session: request.user = request.session['user'] request._cached_user = request.session['user'] if app_setting('PING_INTERVAL') and app_setting('PING'): _verify_ping_interval(request, app_setting('PING_INTERVAL'), import_by_path(app_setting('PING'))) else: from django.contrib.auth.models import AnonymousUser request.user = AnonymousUser()
def logout_redirect(request): q = QueryDict(mutable=True) q['client_id'] = app_setting('CLIENT_ID') q['logout_uri'] = request.build_absolute_uri( reverse(oauthadmin.views.logout)) q['redirect_uri'] = quote_plus( request.build_absolute_uri(reverse(oauthadmin.views.logout))) q['response_type'] = 'code' # state_token = generate_token() # state=base64.b64encode(json.dumps({"state": state_token}).encode('utf-8')) # q['state'] = state q['scope'] = 'openid' return redirect(app_setting('BASE_URL') + 'logout?' + q.urlencode())
def process_request(self, request): if hasattr(request, 'session') and 'user' in request.session: request.user = request.session['user'] request._cached_user = request.session['user'] if app_setting('PING_INTERVAL') and app_setting('PING'): _verify_ping_interval( request, app_setting('PING_INTERVAL'), import_by_path(app_setting('PING')) ) else: from django.contrib.auth.models import AnonymousUser request.user = AnonymousUser()
def apply_groups(user): for group_name in app_setting('GROUPS'): try: group = Group.objects.get(name=group_name) group.user_set.add(user) except Group.DoesNotExist: pass
def callback(request): if 'oauth_state' not in request.session: return HttpResponseRedirect( request.build_absolute_uri(reverse(oauthadmin.views.login))) redirect_uri = request.build_absolute_uri( reverse(oauthadmin.views.callback)) oauth = OAuth2Session( app_setting('CLIENT_ID'), state=request.session['oauth_state'].decode('utf-8'), redirect_uri=redirect_uri, ) try: token = oauth.fetch_token( app_setting('TOKEN_URL'), client_secret=app_setting('CLIENT_SECRET'), authorization_response=app_setting('AUTH_URL') + "?" + request.GET.urlencode()) except (MismatchingStateError, InvalidGrantError): return HttpResponseRedirect( request.build_absolute_uri(reverse(oauthadmin.views.login))) user = import_by_path(app_setting('GET_USER'))(token) request.session['last_verified_at'] = int(time()) request.session['oauth_token'] = token request.session['user'] = user next = json.loads( base64.b64decode( request.session['oauth_state']).decode('utf-8'))['next'] if not next: next = app_setting('DEFAULT_NEXT_URL') return redirect(request.build_absolute_uri(next))
def default_get_user(token): # This import needs to be deferred from django.contrib.auth.models import User ui = userinfo(token) pk = ui[app_setting('USER_PK_ATTRIBUTE')] roles = ui[app_setting('USER_ROLES_ATTRIBUTE')] try: user = User.objects.get(username=pk) except User.DoesNotExist: user = User(username=pk) user.is_superuser = app_setting('ADMIN_ROLE_NAME') in roles user.is_staff = True user.email = ui[app_setting('USER_EMAIL_ATTRIBUTE')] user.first_name = ui[app_setting('USER_FIRST_NAME_ATTRIBUTE')] user.last_name = ui[app_setting('USER_LAST_NAME_ATTRIBUTE')] user.save() return user
def logout_redirect(request): return redirect( app_setting('BASE_URL') + 'logout?next=' + quote_plus( request.build_absolute_uri(reverse(oauthadmin.views.logout))))
def userinfo(token): oauth = OAuth2Session(app_setting('CLIENT_ID'), token=token) req = oauth.request('GET', app_setting('USERINFO')) return req.json()
def logout_redirect(request): return redirect(app_setting('BASE_URL') + 'logout?next=' + quote_plus(request.build_absolute_uri(reverse(oauthadmin.views.logout))))