def get(self, request, *args, **kwargs):
logging.info("Login callback received from Staff SSO")
auth_code = request.GET.get("code", None)
if not auth_code:
return HttpResponseBadRequest()
state = self.request.session.get(TOKEN_SESSION_KEY + "_oauth_state",
None)
if not state:
return HttpResponseServerError()
try:
token = get_client(self.request).fetch_token(
TOKEN_URL,
client_secret=settings.AUTHBROKER_CLIENT_SECRET,
code=auth_code)
self.request.session[TOKEN_SESSION_KEY] = dict(token)
del self.request.session[TOKEN_SESSION_KEY + "_oauth_state"]
# NOTE: the BaseException will be removed or narrowed at a later date. The try/except block is
# here due to reports of the app raising a 500 if the url is copied. Current theory is that
# somehow the url with the authcode is being copied, which would cause `fetch_token` to raise
# an exception. However, looking at the fetch_code method, I'm not entirely sure what exceptions it
# would raise in this instance.
except BaseException:
client.captureException()
profile = get_profile(get_client(self.request))
response, status_code = authenticate_gov_user(request, profile)
if status_code != 200:
return error_page(
None,
title=strings.Authentication.UserDoesNotExist.TITLE,
description=strings.Authentication.UserDoesNotExist.
DESCRIPTION,
show_back_link=False,
)
# create the user
user = authenticate(request)
user.default_queue = response["default_queue"]
user.user_token = response["token"]
user.lite_api_user_id = response["lite_api_user_id"]
user.save()
if user is not None:
login(request, user)
return redirect(getattr(settings, "LOGIN_REDIRECT_URL", "/"))
def get_redirect_url(self, *args, **kwargs):
authorization_url, state = get_client(
self.request).authorization_url(AUTHORISATION_URL)
self.request.session[TOKEN_SESSION_KEY + "_oauth_state"] = state
return authorization_url
def get(self, request, *args, **kwargs):
auth_code = request.GET.get("code", None)
auth_state = request.GET.get("state", None)
if not auth_code:
return redirect(reverse_lazy("auth:login"))
state = self.request.session.get(TOKEN_SESSION_KEY + "_oauth_state",
None)
if not state:
return HttpResponseServerError()
if not constant_time_compare(auth_state, state):
return HttpResponseServerError()
client = get_client(self.request)
try:
token = client.fetch_token(
TOKEN_URL,
client_secret=settings.AUTHBROKER_CLIENT_SECRET,
code=auth_code)
self.request.session[TOKEN_SESSION_KEY] = dict(token)
del self.request.session[TOKEN_SESSION_KEY + "_oauth_state"]
except Exception:
raise Exception
return redirect(getattr(settings, "LOGIN_REDIRECT_URL", "/"))
def get_redirect_url(self, *args, **kwargs):
authorization_url, state = get_client(
self.request).authorization_url(AUTHORISATION_URL)
self.request.session[TOKEN_SESSION_KEY + "_oauth_state"] = state
updated_url = add_user_type_to_url(authorization_url,
{"user_type": "exporter"})
return updated_url
def authenticate(self, request, **kwargs):
client = get_client(request)
if not has_valid_token(client):
return
User = get_user_model()
profile = get_profile(client)
if not profile.get("email"):
return
user, created = User.objects.get_or_create(email=profile["email"])
if created:
user.set_unusable_password()
user.save()
return user
def get(self, request, *args, **kwargs):
auth_code = request.GET.get("code", None)
auth_state = request.GET.get("state", None)
if not auth_code:
return HttpResponseBadRequest()
state = self.request.session.get(TOKEN_SESSION_KEY + "_oauth_state",
None)
if not state:
return HttpResponseServerError()
if not constant_time_compare(auth_state, state):
return HttpResponseServerError()
try:
token = get_client(self.request).fetch_token(
TOKEN_URL,
client_secret=AUTHBROKER_CLIENT_SECRET,
code=auth_code,
)
self.request.session[TOKEN_SESSION_KEY] = dict(token)
del self.request.session[TOKEN_SESSION_KEY + "_oauth_state"]
# NOTE: the BaseException will be removed or narrowed at a later date. The try/except block is
# here due to reports of the app raising a 500 if the url is copied. Current theory is that
# somehow the url with the authcode is being copied, which would cause `fetch_token` to raise
# an exception. However, looking at the fetch_code method, I'm not entirely sure what exceptions it
# would raise in this instance.
except BaseException:
raise BaseException
# create the user
user = authenticate(request)
user.backend = "auth.backends.AuthbrokerBackend"
if user is not None:
login(request, user)
return redirect(getattr(settings, "LOGIN_REDIRECT_URL", "/"))
def authenticate(self, request, **kwargs):
client = get_client(request)
if has_valid_token(client):
User = get_user_model()
profile = get_profile(client)
user, created = User.objects.get_or_create(
email=profile["email"],
defaults={
"first_name": profile["first_name"],
"last_name": profile["last_name"]
},
)
if created:
user.set_unusable_password()
user.save()
return user
return None
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
context["profile"] = get_profile(get_client(self.request))
return context
def get(self, request, *args, **kwargs):
logging.info("Login callback received from GREAT SSO")
auth_code = request.GET.get("code", None)
if not auth_code:
return redirect(reverse_lazy("auth:login"))
state = self.request.session.get(TOKEN_SESSION_KEY + "_oauth_state",
None)
if not state:
return HttpResponseServerError()
try:
token = get_client(self.request).fetch_token(
TOKEN_URL,
client_secret=settings.AUTHBROKER_CLIENT_SECRET,
code=auth_code)
self.request.session[TOKEN_SESSION_KEY] = dict(token)
del self.request.session[TOKEN_SESSION_KEY + "_oauth_state"]
# NOTE: the BaseException will be removed or narrowed at a later date. The try/except block is
# here due to reports of the app raising a 500 if the url is copied. Current theory is that
# somehow the url with the authcode is being copied, which would cause `fetch_token` to raise
# an exception. However, looking at the fetch_code method, I'm not entirely sure what exceptions it
# would raise in this instance.
except BaseException:
client.captureException()
profile = get_profile(get_client(self.request))
response, status_code = authenticate_exporter_user(request, profile)
if status_code == 400:
return error_page(request, response.get("errors")[0])
user = authenticate(request)
login(request, user)
if status_code == 200:
user.user_token = response["token"]
user.first_name = response["first_name"]
user.last_name = response["last_name"]
user.lite_api_user_id = response["lite_api_user_id"]
user.organisation = None
user.save()
elif status_code == 401:
user.organisation = None
user.save()
return redirect("core:register_an_organisation_triage")
user_dict = get_user(request)
if len(user_dict["organisations"]) == 0:
return redirect("core:register_an_organisation_triage")
elif len(user_dict["organisations"]) == 1:
organisation = user_dict["organisations"][0]
if organisation["status"]["key"] != "in_review":
user.organisation = user_dict["organisations"][0]["id"]
user.save()
else:
return redirect("core:register_an_organisation_confirm")
elif len(user_dict["organisations"]) > 1:
return redirect("core:pick_organisation")
return redirect(getattr(settings, "LOGIN_REDIRECT_URL", "/"))