Exemplo n.º 1
0
def social_auth(request, backend):
    """Wrapper around social_django.views.auth.

    - Requires POST (to avoid CSRF on auth)
    - Stores current user in session (to avoid CSRF upon completion)
    """
    store_userid(request)
    return auth(request, backend)
Exemplo n.º 2
0
def social_auth(request, backend):
    """Wrapper around social_django.views.auth.

    - requires POST (to avoid CSRF on auth)
    - it stores current user in session (to avoid CSRF on complete)
    """
    store_userid(request)
    return auth(request, backend)
Exemplo n.º 3
0
def sso_login(request: HttpRequest, backend: str) -> HttpResponse:
    sso_providers = get_available_sso_providers()

    if backend not in sso_providers:
        return redirect(f"/login?error_code=invalid_sso_provider")

    if not sso_providers[backend]:
        return redirect(f"/login?error_code=improperly_configured_sso")
    return auth(request, backend)
Exemplo n.º 4
0
    def process_request(self, request):
        """
        Check multidomain cookie and if user is authenticated on sso, login it on edx.
        """
        backend = "custom-oauth2"
        current_url = request.get_full_path()

        # don't work for admin
        for attr in ['SOCIAL_AUTH_EXCLUDE_URL_PATTERN', 'AUTOCOMPLETE_EXCLUDE_URL_PATTERN']:
            if hasattr(settings, attr):
                r = re.compile(getattr(settings, attr))
                if r.match(current_url):
                    return None

        auth_cookie = request.COOKIES.get(self.cookie_name, '0').lower()
        auth_cookie_user = request.COOKIES.get('{}_user'.format(self.cookie_name))
        auth_cookie = (auth_cookie in ('1', 'true', 'ok'))
        continue_url = reverse('{0}:complete'.format(NAMESPACE),
                               args=(backend,))
        is_auth = request.user.is_authenticated()

        is_same_user = (request.user.username == auth_cookie_user)

        # Check for infinity redirection loop
        is_continue = (continue_url in current_url)

        if (auth_cookie and not is_continue and (not is_auth or not is_same_user)) or \
                ('force_auth' in request.session and request.session.pop('force_auth')):
            query_dict = request.GET.copy()
            query_dict[REDIRECT_FIELD_NAME] = current_url
            query_dict['auth_entry'] = 'login'
            request.GET = query_dict
            logout(request)
            return auth(request, backend)
        elif not auth_cookie and is_auth:
            # Logout if user isn't logined on sso
            logout(request)

        return None