def inner(request, *args, **kwargs): """ Check for a TPA hint in combination with a logged in user, and log the user out if the hinted provider specifies that they should be, and if they haven't already been redirected to a logout by this decorator. """ sso_provider = None provider_id = request.GET.get('tpa_hint') decorator_already_processed = request.GET.get( 'session_cleared') == 'yes' if provider_id and not decorator_already_processed: # Check that there is a provider and that we haven't already processed this view. if request.user and request.user.is_authenticated(): try: sso_provider = Registry.get(provider_id=provider_id) except ValueError: sso_provider = None if sso_provider and sso_provider.drop_existing_session: # Do the redirect only if the configured provider says we ought to. return redirect('{}?{}'.format( request.build_absolute_uri(reverse('logout')), urlencode({ 'redirect_url': '{}?{}'.format( request.path, urlencode([('tpa_hint', provider_id), ('session_cleared', 'yes')])) }))) else: # Otherwise, pass everything through to the wrapped view. return func(request, *args, **kwargs)
def get_queryset(self): provider_id = self.kwargs.get('provider_id') # provider existence checking self.provider = Registry.get(provider_id) if not self.provider: raise Http404 query_set = filter_user_social_auth_queryset_by_provider( UserSocialAuth.objects.select_related('user'), self.provider, ) query = Q() usernames = self.request.query_params.getlist('username', None) remote_ids = self.request.query_params.getlist('remote_id', None) if usernames: usernames = ','.join(usernames) usernames = set(usernames.split(',')) if usernames else set() if usernames: query = query | Q(user__username__in=usernames) if remote_ids: remote_ids = ','.join(remote_ids) remote_ids = set(remote_ids.split(',')) if remote_ids else set() if remote_ids: query = query | Q(uid__in=[ self.provider.get_social_auth_uid(remote_id) for remote_id in remote_ids ]) return query_set.filter(query)
def get_identity_provider(provider_id): """ Get Identity Provider with given id. Raises a ValueError if it third_party_auth app is not available. Return: Instance of ProviderConfig or None. """ return Registry and Registry.get(provider_id)
def get_identity_provider(provider_id): """ Get Identity Provider with given id. Return: Instance of ProviderConfig or None. """ try: return Registry and Registry.get(provider_id) except ValueError: return None
def get_queryset(self): provider_id = self.kwargs.get('provider_id') # permission checking. We allow both API_KEY access and OAuth2 client credential access if not (self.request.user.is_superuser or ApiKeyHeaderPermission().has_permission(self.request, self) or ThirdPartyAuthProviderApiPermission( provider_id).has_permission(self.request, self)): raise exceptions.PermissionDenied() # provider existence checking self.provider = Registry.get(provider_id) if not self.provider: raise Http404 query_set = UserSocialAuth.objects.select_related('user').filter( provider=self.provider.backend_name) # build our query filters # When using multi-IdP backend, we only retrieve the ones that are for current IdP. # test if the current provider has a slug uid = self.provider.get_social_auth_uid('uid') if uid != 'uid': # if yes, we add a filter for the slug on uid column query_set = query_set.filter(uid__startswith=uid[:-3]) query = Q() usernames = self.request.query_params.getlist('username', None) remote_ids = self.request.query_params.getlist('remote_id', None) if usernames: usernames = ','.join(usernames) usernames = set(usernames.split(',')) if usernames else set() if usernames: query = query | Q(user__username__in=usernames) if remote_ids: remote_ids = ','.join(remote_ids) remote_ids = set(remote_ids.split(',')) if remote_ids else set() if remote_ids: query = query | Q(uid__in=[ self.provider.get_social_auth_uid(remote_id) for remote_id in remote_ids ]) return query_set.filter(query)
def get_identity_provider(provider_id): """ Get Identity Provider with given id. Return: Instance of ProviderConfig or None. """ try: from third_party_auth.provider import Registry # pylint: disable=redefined-outer-name except ImportError as exception: LOGGER.warning("Could not import Registry from third_party_auth.provider") LOGGER.warning(exception) Registry = None # pylint: disable=redefined-outer-name try: return Registry and Registry.get(provider_id) except ValueError: return None
def get_queryset(self): provider_id = self.kwargs.get('provider_id') # permission checking. We allow both API_KEY access and OAuth2 client credential access if not ( self.request.user.is_superuser or ApiKeyHeaderPermission().has_permission(self.request, self) or ThirdPartyAuthProviderApiPermission(provider_id).has_permission(self.request, self) ): raise exceptions.PermissionDenied() # provider existence checking self.provider = Registry.get(provider_id) if not self.provider: raise Http404 query_set = UserSocialAuth.objects.select_related('user').filter(provider=self.provider.backend_name) # build our query filters # When using multi-IdP backend, we only retrieve the ones that are for current IdP. # test if the current provider has a slug uid = self.provider.get_social_auth_uid('uid') if uid != 'uid': # if yes, we add a filter for the slug on uid column query_set = query_set.filter(uid__startswith=uid[:-3]) query = Q() usernames = self.request.query_params.getlist('username', None) remote_ids = self.request.query_params.getlist('remote_id', None) if usernames: usernames = ','.join(usernames) usernames = set(usernames.split(',')) if usernames else set() if usernames: query = query | Q(user__username__in=usernames) if remote_ids: remote_ids = ','.join(remote_ids) remote_ids = set(remote_ids.split(',')) if remote_ids else set() if remote_ids: query = query | Q(uid__in=[self.provider.get_social_auth_uid(remote_id) for remote_id in remote_ids]) return query_set.filter(query)
def handle(self, *args, **options): provider_slug = options.get('provider_slug', None) try: provider = Registry.get(provider_slug) except ValueError as e: raise CommandError('provider slug {slug} does not exist'.format(slug=provider_slug)) query_set = UserSocialAuth.objects.select_related('user__profile') query_set = filter_user_social_auth_queryset_by_provider(query_set, provider) query_set = self.filter_user_social_auth_queryset_by_ssoverification_existence(query_set) for user_social_auth in query_set: verification = SSOVerification.objects.create( user=user_social_auth.user, status="approved", name=user_social_auth.user.profile.name, identity_provider_type=provider.full_class_name, identity_provider_slug=provider.slug, ) # Send a signal so users who have already passed their courses receive credit verification.send_approval_signal(provider.slug)
def inner(request, *args, **kwargs): """ Check for a TPA hint in combination with a logged in user, and log the user out if the hinted provider specifies that they should be, and if they haven't already been redirected to a logout by this decorator. """ sso_provider = None provider_id = request.GET.get('tpa_hint') decorator_already_processed = request.GET.get('session_cleared') == 'yes' if provider_id and not decorator_already_processed: # Check that there is a provider and that we haven't already processed this view. if request.user and request.user.is_authenticated(): try: sso_provider = Registry.get(provider_id=provider_id) except ValueError: sso_provider = None if sso_provider and sso_provider.drop_existing_session: # Do the redirect only if the configured provider says we ought to. return redirect( '{}?{}'.format( request.build_absolute_uri(reverse('logout')), urlencode( { 'redirect_url': '{}?{}'.format( request.path, urlencode( [ ('tpa_hint', provider_id), ('session_cleared', 'yes') ] ) ) } ) ) ) else: # Otherwise, pass everything through to the wrapped view. return func(request, *args, **kwargs)
def get_queryset(self): provider_id = self.kwargs.get('provider_id') # provider existence checking self.provider = Registry.get(provider_id) if not self.provider: raise Http404 query_set = UserSocialAuth.objects.select_related('user').filter( provider=self.provider.backend_name) # build our query filters # When using multi-IdP backend, we only retrieve the ones that are for current IdP. # test if the current provider has a slug uid = self.provider.get_social_auth_uid('uid') if uid != 'uid': # if yes, we add a filter for the slug on uid column query_set = query_set.filter(uid__startswith=uid[:-3]) query = Q() usernames = self.request.query_params.getlist('username', None) remote_ids = self.request.query_params.getlist('remote_id', None) if usernames: usernames = ','.join(usernames) usernames = set(usernames.split(',')) if usernames else set() if usernames: query = query | Q(user__username__in=usernames) if remote_ids: remote_ids = ','.join(remote_ids) remote_ids = set(remote_ids.split(',')) if remote_ids else set() if remote_ids: query = query | Q(uid__in=[ self.provider.get_social_auth_uid(remote_id) for remote_id in remote_ids ]) return query_set.filter(query)