def social_auth(request, backend): """Wrapper around social_django.views.auth. - Incorporates modified social_djang.utils.psa - Requires POST (to avoid CSRF on auth) - Stores current user in session (to avoid CSRF upon completion) - Stores session ID in the request URL if needed """ # Fill in idp in case it is not provided if backend == "saml" and "idp" not in request.GET: request.GET = request.GET.copy() request.GET["idp"] = "weblate" store_userid(request) uri = reverse("social:complete", args=(backend, )) request.social_strategy = load_strategy(request) try: request.backend = load_backend(request.social_strategy, backend, uri) except MissingBackend: raise Http404("Backend not found") # Store session ID for OpenID based auth. The session cookies will not be sent # on returning POST request due to SameSite cookie policy if isinstance(request.backend, OpenIdAuth): request.backend.redirect_uri += "?authid={}".format( dumps( (request.session.session_key, get_ip_address(request)), salt="weblate.authid", )) return do_auth(request.backend, redirect_name=REDIRECT_FIELD_NAME)
def password_reset(request, backend): """ View method for path '/sso/password/reset' Start a password reset user flow Triggered by hyperlink 'Forgot your password' in idp selection page """ next_url = request.GET.get(REDIRECT_FIELD_NAME) if not next_url: next_url = request.session.get(REDIRECT_FIELD_NAME) if next_url: domain = utils.get_domain(next_url) or request.headers.get( "x-upstream-server-name") or request.get_host() next_url = get_absolute_url(next_url, domain) logger.debug("Found next url '{}'".format(next_url)) else: domain = request.headers.get( "x-upstream-server-name") or request.get_host() next_url = "https://{}/sso/profile".format(domain) logger.debug( "No next url provided,set the next url to '{}'".format(next_url)) request.session[REDIRECT_FIELD_NAME] = next_url request.policy = models.CustomizableUserflow.get_userflow( domain).password_reset return do_auth(request.backend, redirect_name="__already_set")
def auth(request, backend): # Redirect to tenant page if MULTI_TENANT setting configured for supported backend if isinstance(request.backend, MultiTenantMixin) and request.backend.setting( 'MULTI_TENANT', None) is not None: return redirect('social:tenant', backend=backend) return do_auth(request.backend, redirect_name=REDIRECT_FIELD_NAME)
def mfa_set(request, backend): """ View method for path '/sso/mfa/set' Start a user mfa set user flow called after user authentication """ next_url = request.GET.get(REDIRECT_FIELD_NAME) if not next_url: next_url = request.session.get(REDIRECT_FIELD_NAME) if next_url: domain = utils.get_domain(next_url) or request.headers.get( "x-upstream-server-name") or request.get_host() next_url = get_absolute_url(next_url, domain) logger.debug("Found next url '{}'".format(next_url)) else: domain = request.headers.get( "x-upstream-server-name") or request.get_host() next_url = "https://{}/sso/profile".format(domain) logger.debug( "No next url provided,set the next url to '{}'".format(next_url)) request.session[REDIRECT_FIELD_NAME] = next_url request.policy = models.CustomizableUserflow.get_userflow(domain).mfa_set return do_auth(request.backend, redirect_name="already_set")
def authenticate(self, trans): on_the_fly_config(trans.sa_session) strategy = Strategy(trans.request, trans.session, Storage, self.config) backend = self._load_backend(strategy, self.config['redirect_uri']) if backend.name is BACKENDS_NAME["google"] and \ "SOCIAL_AUTH_SECONDARY_AUTH_PROVIDER" in self.config and \ "SOCIAL_AUTH_SECONDARY_AUTH_ENDPOINT" in self.config: backend.DEFAULT_SCOPE.append("https://www.googleapis.com/auth/cloud-platform") return do_auth(backend)
def auth(request, provider): redirect_uri = reverse("social:complete", args=(provider, )) request.social_strategy = DjangoStrategy(DjangoStorage, request) try: backend_cls = get_backend(BACKENDS, provider) backend_obj = backend_cls(request.social_strategy, redirect_uri) except MissingBackend: raise Http404('Backend not found') return do_auth(backend_obj, redirect_name=REDIRECT_FIELD_NAME)
def tenant(request, backend): """ Handle tenant page request. """ # Send back to login of tenant page accessed for non-multi-tenant backend if not isinstance(request.backend, MultiTenantMixin): log.error( f'Backend "{request.backend.name}" does not support MULTI_TENANT features.' ) return redirect('accounts:login') # Get the Tenant alias to use for titles in the form tenant_alias = getattr(settings, 'SSO_TENANT_ALIAS', 'Tenant').title() # Handle form if request.method == 'POST': if 'sso-tenant-submit' not in request.POST: return HttpResponseBadRequest() else: # Create form bound to request data form = SsoTenantForm(request.POST) # Validate the form if form.is_valid(): cleaned_tenant = form.cleaned_data.get('tenant') try: # Setting the tenant on the backend performs normalization and validation of tenant # Part of the validation is that the provided tenant is in the MULTI_TENANT setting. request.backend.tenant = cleaned_tenant response = do_auth(request.backend, redirect_name=REDIRECT_FIELD_NAME) return response except ImproperlyConfigured as e: # No MULTI_TENANT settings configured: log error and redirect back to login view log.error(str(e)) return redirect('accounts:login') except ValueError: # Set form error and re-render form form.add_error( 'tenant', f'Invalid {tenant_alias.lower()} provided.') else: # Create new empty form form = SsoTenantForm() context = { 'form': form, 'form_title': tenant_alias, 'page_title': tenant_alias, 'backend': backend } return render(request, 'tethys_portal/accounts/sso_tenant.html', context)
def _auth(self, request, app): auth_uri = request.get_argument('auth_uri', None) project = request.get_argument('project', None) redirect_uri = request.get_argument('redirect_uri', None) configuration.session_set(request, AUTH_URI_KEY, auth_uri) configuration.session_set(request, PROJECT_KEY, project) configuration.session_set(request, REDIRECT_URI_KEY, redirect_uri) self.init_auth(request, app) return do_auth(self.backend)
def social_login_begin(request, backend): strategy = load_strategy(request) try: redirect_uri = (settings.FRONTEND_ADDRESS + '/accounts/social-auth/' + backend + '/') backend = load_backend(strategy=strategy, name=backend, redirect_uri=redirect_uri) except MissingBackend: return Response(status=status.HTTP_400_BAD_REQUEST) auth = do_auth(backend) if auth: return Response({'url': auth.url}) else: return Response(status=status.HTTP_500_SERVER_ERROR)
def _auth(): r = current.request # Store "remember me" value in session current.strategy.session_set('remember', r.vars.get('remember', False)) if r.vars.backend == 'persona': # Mozilla Persona if r.vars.assertion == '': del r.vars.assertion redirect(URL(f='complete', args=['persona'], vars=r.vars)) else: try: return do_auth(current.backend) except Exception as e: process_exception(e)
def _auth(): r = current.request # Store "remember me" value in session current.strategy.session_set('remember', r.vars.get('remember', False)) if r.vars.backend == 'persona': # Mozilla Persona if r.vars.assertion == '': del r.vars.assertion redirect(URL(f='complete', args=['persona'], vars=r.vars)) else: try: return do_auth(current.backend) except Exception as e: process_exception(e)
def auth(request, backend): return do_auth(request.backend)
def _auth(self): return do_auth(self.request.backend)
def authenticate(self, trans): on_the_fly_config(trans.sa_session) strategy = Strategy(trans.request, trans.session, Storage, self.config) backend = self._load_backend(strategy, self.config['redirect_uri']) return do_auth(backend)
def add_social_account(request): request.session['discussion'] = request.matchdict['discussion_slug'] request.session['add_account'] = True # TODO: Make False later. return do_auth(request.backend, redirect_name='next')
def _auth(self, backend): do_auth(self.backend)
def authenticate(self, trans): self._on_the_fly_config(trans) strategy = Strategy(trans, Storage, self.config) backend = self._load_backend(strategy, self.config['redirect_uri']) return do_auth(backend)
def auth(request, backend): return do_auth(request.backend, redirect_name=REDIRECT_FIELD_NAME)
def auth(request, _backend): """Social authentication view. """ return do_auth(request.backend, redirect_name=REDIRECT_FIELD_NAME)
def authenticate(self, trans): on_the_fly_config(trans.sa_session) strategy = Strategy(trans.request, trans.session, Storage, self.config) backend = self._load_backend(strategy, self.config['redirect_uri']) return do_auth(backend)
def auth(request): forget(request) request.session['discussion'] = request.matchdict['discussion_slug'] request.session['add_account'] = False return do_auth(request.backend, redirect_name='next')
def login(backend): return do_auth(g.backend)
def auth(request): return do_auth(request.backend, redirect_name='next')
def auth(backend): return do_auth(g.backend)
def auth(request, backend, slug): candidate = get_object_or_404(Candidate, slug=slug) request.backend.strategy.session_set('facebook_slug', slug) return do_auth(request.backend)
def auth(request, backend): return do_auth(request.backend, redirect_name=REDIRECT_FIELD_NAME)
def authenticate(self, trans): self._on_the_fly_config(trans) strategy = Strategy(trans, Storage, self.config) backend = self._load_backend(strategy, self.config['redirect_uri']) return do_auth(backend)
def login(self, backend): return do_auth(self.backend)
def auth(request, backend): return do_auth(request.backend)
def auth(request): forget(request) request.session['discussion'] = request.matchdict['discussion_slug'] request.session['add_account'] = False return do_auth(request.backend, redirect_name='next')
def auth(request, backend, slug): candidate = get_object_or_404(Candidate, slug=slug) request.backend.strategy.session_set('facebook_slug', slug) return do_auth(request.backend)
def add_social_account(request): request.session['discussion'] = request.matchdict['discussion_slug'] request.session['add_account'] = True # TODO: Make False later. return do_auth(request.backend, redirect_name='next')
def auth_view(request, backend, *args, **kwargs): return do_auth(request.backend, redirect_name=REDIRECT_FIELD_NAME)
def _auth(self, backend): return do_auth(self.backend)