def get(self, request):
if request.session.get("user_name", None) is None:
return HttpResponseRedirect(reverse("login"))
accounts = AuthenticationHelper.get_confidential_client().get_accounts(
username=request.session["user_name"])
if len(accounts) == 0:
return HttpResponseRedirect(reverse("login"))
token_response = AuthenticationHelper.get_confidential_client(
).acquire_token_silent(scopes=[os.environ.get("API_SCOPE")],
account=accounts[0],
authority=os.environ.get("AUTHORITY"))
if "error" in token_response:
return HttpResponse("An Error Occured:" +
token_response.get("error") + " " +
token_response.get("error_description"),
status=404)
rg_response = RequestsHelper.get_backend_api_session(
token_response).get(os.environ.get("FLASK_BACKEND_URL")).json()
rg_response_converted = json.dumps(rg_response)
return HttpResponse(rg_response_converted)
def get(self, request):
accounts = AuthenticationHelper.get_confidential_client().get_accounts(
username=request.session["user_name"])
if len(accounts) != 0:
#remove the user's account from the token cache
AuthenticationHelper.get_confidential_client().remove_account(
account=accounts[0])
#remove the user's session from the Django managed database
request.session.flush()
logout_url = os.environ.get("AUTHORITY") + os.environ.get(
"LOGOUT_URL") + os.environ.get("POST_LOGOUT_REDIRECT_URI")
return HttpResponseRedirect(logout_url)
def get(self, request):
#generating sign in url to initate the user's sign in with AAD
#using the initiate_auth_code_flow method ensures PKCE protection is used
auth_code_response = AuthenticationHelper.get_confidential_client(
).initiate_auth_code_flow(scopes=[os.environ.get("SCOPE")],
redirect_uri=os.environ.get("REDIRECT_URI"))
if "error" in auth_code_response:
return HttpResponse("An Error Occured:" +
auth_code_response.get("error") + " " +
auth_code_response.get("error_description"),
status=404)
request.session["auth_code_response"] = auth_code_response
return HttpResponseRedirect(auth_code_response["auth_uri"])
def get(self, request):
if "error" in request.GET:
return HttpResponse("An Error Occurred:" +
request.GET.get("error") + " " +
request.GET.get("error_description"),
status=403)
try:
#using the acquire_token_by_auth_code_flow method ensures PKCE protection is verified
#NOTE) This token acquisition uses the same set of scopes from the initial request made to initiate_auth_code_flow above
token_response = AuthenticationHelper.get_confidential_client(
).acquire_token_by_auth_code_flow(
auth_code_flow=request.session.get('auth_code_response', {}),
auth_response=request.GET,
scopes=[os.environ.get("SCOPE")],
)
except ValueError as exc:
#only occurs when client data, either auth_code_response or SCOPE in this case, is missing or malformed
return HttpResponse("An Error Occurred: " + str(exc), status=404)
if "error" in token_response:
return HttpResponse("An Error Occurred:" +
token_response.get("error") + " " +
token_response.get("error_description"),
status=404)
#sets the user_name value for this session, which will be used to determine if a user has been fully authenticated or not
#when managing user sign in via sessions, ensure to set the SESSION_COOKIE_AGE setting to a low number of seconds
request.session["user_name"] = token_response['id_token_claims'][
'preferred_username']
#remove used auth_code_response values from request session
del request.session['auth_code_response']
request.session.modified = True
return HttpResponseRedirect(reverse("azure_management_home"))