def get(self, request): """Callback handler for OIDC authorization code flow""" nonce = request.session.get('oidc_nonce') if nonce: # Make sure that nonce is not used twice del request.session['oidc_nonce'] if request.GET.get('error'): # Ouch! Something important failed. # Make sure the user doesn't get to continue to be logged in # otherwise the refresh middleware will force the user to # redirect to authorize again if the session refresh has # expired. if is_authenticated(request.user): auth.logout(request) assert not is_authenticated(request.user) elif 'code' in request.GET and 'state' in request.GET: kwargs = { 'request': request, 'nonce': nonce, } if 'oidc_state' not in request.session: return self.login_failure() if request.GET['state'] != request.session['oidc_state']: msg = 'Session `oidc_state` does not match the OIDC callback state' raise SuspiciousOperation(msg) self.user = auth.authenticate(**kwargs) if self.user and self.user.is_active: return self.login_success() return self.login_failure()
def get(self, request): """Callback handler for OIDC authorization code flow""" nonce = request.session.get('oidc_nonce') if nonce: # Make sure that nonce is not used twice del request.session['oidc_nonce'] if request.GET.get('error'): # Ouch! Something important failed. # Make sure the user doesn't get to continue to be logged in # otherwise the refresh middleware will force the user to # redirect to authorize again if the session refresh has # expired. if is_authenticated(request.user): auth.logout(request) assert not is_authenticated(request.user) elif 'code' in request.GET and 'state' in request.GET: kwargs = { 'request': request, 'nonce': nonce, } if 'oidc_state' not in request.session: return self.login_failure() if request.GET['state'] != request.session['oidc_state']: msg = 'Session `oidc_state` does not match the OIDC callback state' raise SuspiciousOperation(msg) self.user = auth.authenticate(**kwargs) if self.user and self.user.is_active: return self.login_success() return self.login_failure()
def is_refreshable_url(self, request): """Takes a request and returns whether it triggers a refresh examination :arg HttpRequest request: :returns: boolean """ return (request.method == 'GET' and is_authenticated(request.user) and request.path not in self.exempt_urls)
def is_refreshable_url(self, request): """Takes a request and returns whether it triggers a refresh examination :arg HttpRequest request: :returns: boolean """ return ( request.method == 'GET' and is_authenticated(request.user) and request.path not in self.exempt_urls )
def post(self, request): """Log out the user.""" logout_url = self.redirect_url if is_authenticated(request.user): # Check if a method exists to build the URL to log out the user # from the OP. logout_from_op = import_from_settings('OIDC_OP_LOGOUT_URL_METHOD', '') if logout_from_op: logout_url = import_string(logout_from_op)() # Log out the Django user if they were logged in. auth.logout(request) return HttpResponseRedirect(logout_url)
def post(self, request): """Log out the user.""" logout_url = self.redirect_url if is_authenticated(request.user): # Check if a method exists to build the URL to log out the user # from the OP. logout_from_op = import_from_settings('OIDC_OP_LOGOUT_URL_METHOD', '') if logout_from_op: logout_url = import_string(logout_from_op)(request) # Log out the Django user if they were logged in. auth.logout(request) return HttpResponseRedirect(logout_url)
def is_refreshable_url(self, request): """Takes a request and returns whether it triggers a refresh examination :arg HttpRequest request: :returns: boolean """ # Do not attempt to refresh the session if the OIDC backend is not used backend_session = request.session.get(BACKEND_SESSION_KEY) is_oidc_enabled = True if backend_session: auth_backend = import_string(backend_session) is_oidc_enabled = issubclass(auth_backend, OIDCAuthenticationBackend) return (request.method == 'GET' and is_authenticated(request.user) and is_oidc_enabled and request.path not in self.exempt_urls)
def get(self, request): return Response({'is_authenticated': is_authenticated(request.user)})