def authenticate_credentials(self, payload):
"""
Returns an active user that matches the payload's user id and email.
"""
# User = get_user_model()
username = jwt_get_username_from_payload(payload)
if not username:
# msg = _('Invalid payload.')
msg = _('认证信息不合法.')
# raise exceptions.AuthenticationFailed(msg)
logger.debug('==========================>'.format(msg))
raise AuthenticationInfoHasExpiredError(msg)
try:
user = Users.objects.get(nick_name=username)
except Users.DoesNotExist:
# msg = _('Invalid signature.')
msg = _('签名不合法.')
# raise exceptions.AuthenticationFailed(msg)
raise AuthenticationInfoHasExpiredError(msg)
if not user.is_active:
# msg = _('User account is disabled.')
msg = _('用户身份未激活.')
# raise exceptions.AuthenticationFailed(msg)
raise AuthenticationInfoHasExpiredError(msg)
return user
def initial(self, request, *args, **kwargs):
super(CloudEnterpriseCenterView, self).initial(request, *args, **kwargs)
if not os.getenv("IS_PUBLIC", False):
return
try:
oauth_service = OAuthServices.objects.get(oauth_type="enterprisecenter", ID=1)
pre_enterprise_center = os.getenv("PRE_ENTERPRISE_CENTER", None)
if pre_enterprise_center:
oauth_service = OAuthServices.objects.get(name=pre_enterprise_center, oauth_type="enterprisecenter")
oauth_user = UserOAuthServices.objects.get(service_id=oauth_service.ID, user_id=self.user.user_id)
except OAuthServices.DoesNotExist:
raise NotFound("enterprise center oauth server not found")
except UserOAuthServices.DoesNotExist:
msg = _('用户身份未在企业中心认证')
raise AuthenticationInfoHasExpiredError(msg)
self.oauth_instance = get_oauth_instance(oauth_service.oauth_type, oauth_service, oauth_user)
if not self.oauth_instance:
msg = _('未找到企业中心OAuth服务类型')
raise AuthenticationInfoHasExpiredError(msg)
def authenticate(self, request):
"""
Returns a two-tuple of `User` and token if a valid signature has been
supplied using JWT-based authentication. Otherwise returns `None`.
"""
# update request authentication info
jwt_value = self.get_jwt_value(request)
if jwt_value is None:
msg = _('未提供验证信息')
raise AuthenticationInfoHasExpiredError(msg)
# Check if the jwt is expired.If not, reset the expire time
jwt_manager = JwtManager()
if not jwt_manager.exists(jwt_value):
raise AuthenticationInfoHasExpiredError("token expired")
# if have SSO login modules
if settings.MODULES.get('SSO_LOGIN', None):
sso_user_id = request.COOKIES.get('uid')
sso_user_token = jwt_value
if not sso_user_id or not sso_user_token:
msg = _("Cookie信息里面应该包含Token和用户uid")
raise AuthenticationInfoHasExpiredError(msg)
if sso_user_id == 'null' or sso_user_token == 'null':
msg = _("Cookie信息里面应该包含Token和用户uid")
raise AuthenticationInfoHasExpiredError(msg)
try:
user = Users.objects.get(sso_user_id=sso_user_id)
return user, None
except Users.DoesNotExist:
msg = _('认证信息错误')
raise AuthenticationInfoHasExpiredError(msg)
else:
try:
payload = jwt_decode_handler(jwt_value)
except jwt.ExpiredSignature:
msg = _('认证信息已过期')
raise AuthenticationInfoHasExpiredError(msg)
except jwt.DecodeError:
msg = _('认证信息错误')
raise AuthenticationInfoHasExpiredError(msg)
except jwt.InvalidTokenError:
msg = _('认证信息错误,请求Token不合法')
raise AuthenticationInfoHasExpiredError(msg)
user = self.authenticate_credentials(payload)
jwt_manager.set(jwt_value, user.user_id)
return user, jwt_value
