예제 #1
0
    def get(self, request, *args, **kwargs):
        logging.info("Login callback received from Staff SSO")

        auth_code = request.GET.get("code", None)

        if not auth_code:
            return HttpResponseBadRequest()

        state = self.request.session.get(TOKEN_SESSION_KEY + "_oauth_state",
                                         None)

        if not state:
            return HttpResponseServerError()

        try:
            token = get_client(self.request).fetch_token(
                TOKEN_URL,
                client_secret=settings.AUTHBROKER_CLIENT_SECRET,
                code=auth_code)

            self.request.session[TOKEN_SESSION_KEY] = dict(token)

            del self.request.session[TOKEN_SESSION_KEY + "_oauth_state"]

        # NOTE: the BaseException will be removed or narrowed at a later date. The try/except block is
        # here due to reports of the app raising a 500 if the url is copied.  Current theory is that
        # somehow the url with the authcode is being copied, which would cause `fetch_token` to raise
        # an exception. However, looking at the fetch_code method, I'm not entirely sure what exceptions it
        # would raise in this instance.
        except BaseException:
            client.captureException()

        profile = get_profile(get_client(self.request))

        response, status_code = authenticate_gov_user(request, profile)
        if status_code != 200:
            return error_page(
                None,
                title=strings.Authentication.UserDoesNotExist.TITLE,
                description=strings.Authentication.UserDoesNotExist.
                DESCRIPTION,
                show_back_link=False,
            )

        # create the user
        user = authenticate(request)
        user.default_queue = response["default_queue"]
        user.user_token = response["token"]
        user.lite_api_user_id = response["lite_api_user_id"]
        user.save()
        if user is not None:
            login(request, user)

        return redirect(getattr(settings, "LOGIN_REDIRECT_URL", "/"))
예제 #2
0
    def get_redirect_url(self, *args, **kwargs):
        authorization_url, state = get_client(
            self.request).authorization_url(AUTHORISATION_URL)

        self.request.session[TOKEN_SESSION_KEY + "_oauth_state"] = state

        return authorization_url
예제 #3
0
    def get(self, request, *args, **kwargs):
        auth_code = request.GET.get("code", None)
        auth_state = request.GET.get("state", None)

        if not auth_code:
            return redirect(reverse_lazy("auth:login"))

        state = self.request.session.get(TOKEN_SESSION_KEY + "_oauth_state",
                                         None)
        if not state:
            return HttpResponseServerError()

        if not constant_time_compare(auth_state, state):
            return HttpResponseServerError()

        client = get_client(self.request)

        try:
            token = client.fetch_token(
                TOKEN_URL,
                client_secret=settings.AUTHBROKER_CLIENT_SECRET,
                code=auth_code)

            self.request.session[TOKEN_SESSION_KEY] = dict(token)

            del self.request.session[TOKEN_SESSION_KEY + "_oauth_state"]

        except Exception:
            raise Exception

        return redirect(getattr(settings, "LOGIN_REDIRECT_URL", "/"))
예제 #4
0
    def get_redirect_url(self, *args, **kwargs):
        authorization_url, state = get_client(
            self.request).authorization_url(AUTHORISATION_URL)

        self.request.session[TOKEN_SESSION_KEY + "_oauth_state"] = state

        updated_url = add_user_type_to_url(authorization_url,
                                           {"user_type": "exporter"})

        return updated_url
예제 #5
0
    def authenticate(self, request, **kwargs):
        client = get_client(request)
        if not has_valid_token(client):
            return

        User = get_user_model()

        profile = get_profile(client)
        if not profile.get("email"):
            return

        user, created = User.objects.get_or_create(email=profile["email"])
        if created:
            user.set_unusable_password()
            user.save()

        return user
예제 #6
0
    def get(self, request, *args, **kwargs):

        auth_code = request.GET.get("code", None)
        auth_state = request.GET.get("state", None)

        if not auth_code:
            return HttpResponseBadRequest()

        state = self.request.session.get(TOKEN_SESSION_KEY + "_oauth_state",
                                         None)
        if not state:
            return HttpResponseServerError()

        if not constant_time_compare(auth_state, state):
            return HttpResponseServerError()

        try:
            token = get_client(self.request).fetch_token(
                TOKEN_URL,
                client_secret=AUTHBROKER_CLIENT_SECRET,
                code=auth_code,
            )

            self.request.session[TOKEN_SESSION_KEY] = dict(token)

            del self.request.session[TOKEN_SESSION_KEY + "_oauth_state"]

        # NOTE: the BaseException will be removed or narrowed at a later date. The try/except block is
        # here due to reports of the app raising a 500 if the url is copied.  Current theory is that
        # somehow the url with the authcode is being copied, which would cause `fetch_token` to raise
        # an exception. However, looking at the fetch_code method, I'm not entirely sure what exceptions it
        # would raise in this instance.
        except BaseException:
            raise BaseException

        # create the user
        user = authenticate(request)
        user.backend = "auth.backends.AuthbrokerBackend"

        if user is not None:
            login(request, user)

        return redirect(getattr(settings, "LOGIN_REDIRECT_URL", "/"))
예제 #7
0
    def authenticate(self, request, **kwargs):
        client = get_client(request)
        if has_valid_token(client):
            User = get_user_model()

            profile = get_profile(client)

            user, created = User.objects.get_or_create(
                email=profile["email"],
                defaults={
                    "first_name": profile["first_name"],
                    "last_name": profile["last_name"]
                },
            )
            if created:
                user.set_unusable_password()
                user.save()
            return user

        return None
예제 #8
0
 def get_context_data(self, **kwargs):
     context = super().get_context_data(**kwargs)
     context["profile"] = get_profile(get_client(self.request))
     return context
예제 #9
0
    def get(self, request, *args, **kwargs):
        logging.info("Login callback received from GREAT SSO")

        auth_code = request.GET.get("code", None)

        if not auth_code:
            return redirect(reverse_lazy("auth:login"))

        state = self.request.session.get(TOKEN_SESSION_KEY + "_oauth_state",
                                         None)

        if not state:
            return HttpResponseServerError()

        try:
            token = get_client(self.request).fetch_token(
                TOKEN_URL,
                client_secret=settings.AUTHBROKER_CLIENT_SECRET,
                code=auth_code)

            self.request.session[TOKEN_SESSION_KEY] = dict(token)

            del self.request.session[TOKEN_SESSION_KEY + "_oauth_state"]

        # NOTE: the BaseException will be removed or narrowed at a later date. The try/except block is
        # here due to reports of the app raising a 500 if the url is copied.  Current theory is that
        # somehow the url with the authcode is being copied, which would cause `fetch_token` to raise
        # an exception. However, looking at the fetch_code method, I'm not entirely sure what exceptions it
        # would raise in this instance.
        except BaseException:
            client.captureException()

        profile = get_profile(get_client(self.request))

        response, status_code = authenticate_exporter_user(request, profile)

        if status_code == 400:
            return error_page(request, response.get("errors")[0])

        user = authenticate(request)
        login(request, user)

        if status_code == 200:
            user.user_token = response["token"]
            user.first_name = response["first_name"]
            user.last_name = response["last_name"]
            user.lite_api_user_id = response["lite_api_user_id"]
            user.organisation = None
            user.save()
        elif status_code == 401:
            user.organisation = None
            user.save()
            return redirect("core:register_an_organisation_triage")

        user_dict = get_user(request)

        if len(user_dict["organisations"]) == 0:
            return redirect("core:register_an_organisation_triage")
        elif len(user_dict["organisations"]) == 1:
            organisation = user_dict["organisations"][0]
            if organisation["status"]["key"] != "in_review":
                user.organisation = user_dict["organisations"][0]["id"]
                user.save()
            else:
                return redirect("core:register_an_organisation_confirm")
        elif len(user_dict["organisations"]) > 1:
            return redirect("core:pick_organisation")

        return redirect(getattr(settings, "LOGIN_REDIRECT_URL", "/"))