def work_weixin_oauth_login(request): if not work_weixin_oauth_check(): return render_error(request, _('Feature is not enabled.')) if request.user.is_authenticated(): return HttpResponseRedirect( request.GET.get(auth.REDIRECT_FIELD_NAME, redirect_to)) state = str(uuid.uuid4()) request.session['work_weixin_oauth_state'] = state request.session['work_weixin_oauth_redirect'] = request.GET.get( auth.REDIRECT_FIELD_NAME, redirect_to) data = { 'appid': WORK_WEIXIN_CORP_ID, 'agentid': WORK_WEIXIN_AGENT_ID, 'redirect_uri': get_site_scheme_and_netloc() + reverse('work_weixin_oauth_callback'), 'state': state, } authorization_url = WORK_WEIXIN_AUTHORIZATION_URL + '?' + urllib.parse.urlencode( data) return HttpResponseRedirect(authorization_url)
def work_weixin_oauth_login(request): if not work_weixin_oauth_check(): return render_error(request, _('Feature is not enabled.')) state = str(uuid.uuid4()) request.session['work_weixin_oauth_state'] = state request.session['work_weixin_oauth_redirect'] = request.GET.get( auth.REDIRECT_FIELD_NAME, '/') data = { 'appid': WORK_WEIXIN_CORP_ID, 'agentid': WORK_WEIXIN_AGENT_ID, 'redirect_uri': get_site_scheme_and_netloc() + reverse('work_weixin_oauth_callback'), 'state': state, } if 'micromessenger' in request.META.get('HTTP_USER_AGENT').lower(): data['response_type'] = 'code' data['scope'] = 'snsapi_base' authorization_url = MP_WORK_WEIXIN_AUTHORIZATION_URL + '?' + urllib.parse.urlencode( data) + '#wechat_redirect' else: authorization_url = WORK_WEIXIN_AUTHORIZATION_URL + '?' + urllib.parse.urlencode( data) return HttpResponseRedirect(authorization_url)
def work_weixin_oauth_connect_callback(request): if not work_weixin_oauth_check(): return render_error(request, _('Feature is not enabled.')) code = request.GET.get('code', None) state = request.GET.get('state', None) if state != request.session.get('work_weixin_oauth_connect_state', None) or not code: logger.error('can not get right code or state from work weixin request') return render_error(request, _('Error, please contact administrator.')) access_token = get_work_weixin_access_token() if not access_token: logger.error('can not get work weixin access_token') return render_error(request, _('Error, please contact administrator.')) data = { 'access_token': access_token, 'code': code, } api_response = requests.get(WORK_WEIXIN_GET_USER_INFO_URL, params=data) api_response_dic = handler_work_weixin_api_response(api_response) if not api_response_dic: logger.error('can not get work weixin user info') return render_error(request, _('Error, please contact administrator.')) if not api_response_dic.get('UserId', None): logger.error('can not get UserId in work weixin user info response') return render_error(request, _('Error, please contact administrator.')) user_id = api_response_dic.get('UserId') uid = WORK_WEIXIN_UID_PREFIX + user_id email = request.user.username work_weixin_user = SocialAuthUser.objects.get_by_provider_and_uid(WORK_WEIXIN_PROVIDER, uid) if work_weixin_user: logger.error('work weixin account already exists %s' % user_id) return render_error(request, '出错了,此企业微信账号已被绑定') SocialAuthUser.objects.add(email, WORK_WEIXIN_PROVIDER, uid) # update user info if WORK_WEIXIN_USER_INFO_AUTO_UPDATE: user_info_data = { 'access_token': access_token, 'userid': user_id, } user_info_api_response = requests.get(WORK_WEIXIN_GET_USER_PROFILE_URL, params=user_info_data) user_info_api_response_dic = handler_work_weixin_api_response(user_info_api_response) if user_info_api_response_dic: api_user = user_info_api_response_dic api_user['username'] = email api_user['contact_email'] = api_user['email'] update_work_weixin_user_info(api_user) # redirect user to page response = HttpResponseRedirect(request.session.get('work_weixin_oauth_connect_redirect', '/')) return response
def work_weixin_oauth_disconnect(request): if not work_weixin_oauth_check(): return render_error(request, _('Feature is not enabled.')) username = request.user.username if username[-(len(VIRTUAL_ID_EMAIL_DOMAIN)):] == VIRTUAL_ID_EMAIL_DOMAIN: return render_error(request, '出错了,此账号不能解绑企业微信') SocialAuthUser.objects.delete_by_username_and_provider(username, WORK_WEIXIN_PROVIDER) # redirect user to page response = HttpResponseRedirect(request.GET.get(auth.REDIRECT_FIELD_NAME, '/')) return response
def work_weixin_oauth_disconnect(request): if not work_weixin_oauth_check(): return render_error(request, _('Feature is not enabled.')) username = request.user.username if username[-(len(VIRTUAL_ID_EMAIL_DOMAIN)):] == VIRTUAL_ID_EMAIL_DOMAIN: profile = Profile.objects.get_profile_by_user(username) if not profile or not (profile.contact_email or profile.phone): return render_error(request, '出错了,当前账号不能解绑企业微信,请绑定手机号或邮箱后再试') SocialAuthUser.objects.delete_by_username_and_provider( username, WORK_WEIXIN_PROVIDER) # redirect user to page response = HttpResponseRedirect( request.GET.get(auth.REDIRECT_FIELD_NAME, redirect_to)) return response
def work_weixin_oauth_callback(request): if not work_weixin_oauth_check(): return render_error(request, _('Feature is not enabled.')) code = request.GET.get('code', None) state = request.GET.get('state', None) if state != request.session.get('work_weixin_oauth_state', None) or not code: logger.error( 'can not get right code or state from work weixin request') return render_error(request, _('Error, please contact administrator.')) access_token = get_work_weixin_access_token() if not access_token: logger.error('can not get work weixin access_token') return render_error(request, _('Error, please contact administrator.')) data = { 'access_token': access_token, 'code': code, } api_response = requests.get(WORK_WEIXIN_GET_USER_INFO_URL, params=data) api_response_dic = handler_work_weixin_api_response(api_response) if not api_response_dic: logger.error('can not get work weixin user info') return render_error(request, _('Error, please contact administrator.')) if not api_response_dic.get('UserId', None): logger.error('can not get UserId in work weixin user info response') return render_error(request, _('Error, please contact administrator.')) user_id = api_response_dic.get('UserId') uid = WORK_WEIXIN_UID_PREFIX + user_id work_weixin_user = SocialAuthUser.objects.get_by_provider_and_uid( WORK_WEIXIN_PROVIDER, uid) if work_weixin_user: email = work_weixin_user.username is_new_user = False else: email = gen_user_virtual_id() SocialAuthUser.objects.add(email, WORK_WEIXIN_PROVIDER, uid) is_new_user = True try: user = auth.authenticate(remote_user=email) except User.DoesNotExist: user = None if not user: return render_error( request, _('Error, new user registration is not allowed, please contact administrator.' )) # update user info if is_new_user or WORK_WEIXIN_USER_INFO_AUTO_UPDATE: user_info_data = { 'access_token': access_token, 'userid': user_id, } user_info_api_response = requests.get(WORK_WEIXIN_GET_USER_PROFILE_URL, params=user_info_data) user_info_api_response_dic = handler_work_weixin_api_response( user_info_api_response) if user_info_api_response_dic: api_user = user_info_api_response_dic api_user['username'] = email api_user['contact_email'] = api_user['email'] update_work_weixin_user_info(api_user) if not user.is_active: return render_error( request, _('Your account is created successfully, please wait for administrator to activate your account.' )) # User is valid. Set request.user and persist user in the session # by logging the user in. request.user = user auth.login(request, user) # generate auth token for Seafile client api_token = get_api_token(request) # redirect user to page response = HttpResponseRedirect( request.session.get('work_weixin_oauth_redirect', '/')) response.set_cookie('seahub_auth', user.username + '@' + api_token.key) return response
def edit_profile(request): """ Show and edit user profile. """ username = request.user.username form_class = DetailedProfileForm if request.method == 'POST': form = form_class(user=request.user, data=request.POST) if form.is_valid(): form.save() messages.success(request, _('Successfully edited profile.')) return HttpResponseRedirect(reverse('edit_profile')) else: messages.error(request, _('Failed to edit profile')) else: profile = Profile.objects.get_profile_by_user(username) d_profile = DetailedProfile.objects.get_detailed_profile_by_user( username) init_dict = {} if profile: init_dict['nickname'] = profile.nickname init_dict['login_id'] = profile.login_id init_dict['contact_email'] = profile.contact_email init_dict['list_in_address_book'] = profile.list_in_address_book if d_profile: init_dict['department'] = d_profile.department init_dict['telephone'] = d_profile.telephone form = form_class(user=request.user, data=init_dict) # common logic try: server_crypto = UserOptions.objects.is_server_crypto(username) except CryptoOptionNotSetError: # Assume server_crypto is ``False`` if this option is not set. server_crypto = False sub_lib_enabled = UserOptions.objects.is_sub_lib_enabled(username) default_repo_id = UserOptions.objects.get_default_repo(username) if default_repo_id: default_repo = seafile_api.get_repo(default_repo_id) else: default_repo = None owned_repos = get_owned_repo_list(request) owned_repos = [r for r in owned_repos if not r.is_virtual] if settings.ENABLE_WEBDAV_SECRET: decoded = UserOptions.objects.get_webdav_decoded_secret(username) webdav_passwd = decoded if decoded else '' else: webdav_passwd = '' email_inverval = UserOptions.objects.get_file_updates_email_interval( username) email_inverval = email_inverval if email_inverval is not None else 0 if work_weixin_oauth_check(): enable_wechat_work = True from seahub.auth.models import SocialAuthUser from seahub.work_weixin.settings import WORK_WEIXIN_PROVIDER social_connected = SocialAuthUser.objects.filter( username=request.user.username, provider=WORK_WEIXIN_PROVIDER).count() > 0 else: enable_wechat_work = False social_connected = False if ENABLE_DINGTALK: enable_dingtalk = True from seahub.auth.models import SocialAuthUser social_connected_dingtalk = SocialAuthUser.objects.filter( username=request.user.username, provider='dingtalk').count() > 0 else: enable_dingtalk = False social_connected_dingtalk = False resp_dict = { 'form': form, 'server_crypto': server_crypto, "sub_lib_enabled": sub_lib_enabled, 'ENABLE_ADDRESSBOOK_OPT_IN': settings.ENABLE_ADDRESSBOOK_OPT_IN, 'default_repo': default_repo, 'owned_repos': owned_repos, 'is_pro': is_pro_version(), 'is_ldap_user': is_ldap_user(request.user), 'two_factor_auth_enabled': has_two_factor_auth(), 'ENABLE_CHANGE_PASSWORD': settings.ENABLE_CHANGE_PASSWORD, 'ENABLE_GET_AUTH_TOKEN_BY_SESSION': settings.ENABLE_GET_AUTH_TOKEN_BY_SESSION, 'ENABLE_WEBDAV_SECRET': settings.ENABLE_WEBDAV_SECRET, 'ENABLE_DELETE_ACCOUNT': ENABLE_DELETE_ACCOUNT, 'ENABLE_UPDATE_USER_INFO': ENABLE_UPDATE_USER_INFO, 'webdav_passwd': webdav_passwd, 'email_notification_interval': email_inverval, 'social_next_page': reverse('edit_profile'), 'enable_wechat_work': enable_wechat_work, 'social_connected': social_connected, 'enable_dingtalk': enable_dingtalk, 'social_connected_dingtalk': social_connected_dingtalk, 'ENABLE_USER_SET_CONTACT_EMAIL': settings.ENABLE_USER_SET_CONTACT_EMAIL, 'user_unusable_password': request.user.enc_password == UNUSABLE_PASSWORD, } if has_two_factor_auth(): from seahub.two_factor.models import StaticDevice, default_device try: backup_tokens = StaticDevice.objects.get( user=request.user.username).token_set.count() except StaticDevice.DoesNotExist: backup_tokens = 0 resp_dict['default_device'] = default_device(request.user) resp_dict['backup_tokens'] = backup_tokens #template = 'profile/set_profile.html' template = 'profile/set_profile_react.html' return render(request, template, resp_dict)