def work_weixin_oauth_login(request):
if not work_weixin_oauth_check():
return render_error(request, _('Feature is not enabled.'))
if request.user.is_authenticated():
return HttpResponseRedirect(
request.GET.get(auth.REDIRECT_FIELD_NAME, redirect_to))
state = str(uuid.uuid4())
request.session['work_weixin_oauth_state'] = state
request.session['work_weixin_oauth_redirect'] = request.GET.get(
auth.REDIRECT_FIELD_NAME, redirect_to)
data = {
'appid':
WORK_WEIXIN_CORP_ID,
'agentid':
WORK_WEIXIN_AGENT_ID,
'redirect_uri':
get_site_scheme_and_netloc() + reverse('work_weixin_oauth_callback'),
'state':
state,
}
authorization_url = WORK_WEIXIN_AUTHORIZATION_URL + '?' + urllib.parse.urlencode(
data)
return HttpResponseRedirect(authorization_url)
def work_weixin_oauth_login(request):
if not work_weixin_oauth_check():
return render_error(request, _('Feature is not enabled.'))
state = str(uuid.uuid4())
request.session['work_weixin_oauth_state'] = state
request.session['work_weixin_oauth_redirect'] = request.GET.get(
auth.REDIRECT_FIELD_NAME, '/')
data = {
'appid':
WORK_WEIXIN_CORP_ID,
'agentid':
WORK_WEIXIN_AGENT_ID,
'redirect_uri':
get_site_scheme_and_netloc() + reverse('work_weixin_oauth_callback'),
'state':
state,
}
if 'micromessenger' in request.META.get('HTTP_USER_AGENT').lower():
data['response_type'] = 'code'
data['scope'] = 'snsapi_base'
authorization_url = MP_WORK_WEIXIN_AUTHORIZATION_URL + '?' + urllib.parse.urlencode(
data) + '#wechat_redirect'
else:
authorization_url = WORK_WEIXIN_AUTHORIZATION_URL + '?' + urllib.parse.urlencode(
data)
return HttpResponseRedirect(authorization_url)
def work_weixin_oauth_connect_callback(request):
if not work_weixin_oauth_check():
return render_error(request, _('Feature is not enabled.'))
code = request.GET.get('code', None)
state = request.GET.get('state', None)
if state != request.session.get('work_weixin_oauth_connect_state', None) or not code:
logger.error('can not get right code or state from work weixin request')
return render_error(request, _('Error, please contact administrator.'))
access_token = get_work_weixin_access_token()
if not access_token:
logger.error('can not get work weixin access_token')
return render_error(request, _('Error, please contact administrator.'))
data = {
'access_token': access_token,
'code': code,
}
api_response = requests.get(WORK_WEIXIN_GET_USER_INFO_URL, params=data)
api_response_dic = handler_work_weixin_api_response(api_response)
if not api_response_dic:
logger.error('can not get work weixin user info')
return render_error(request, _('Error, please contact administrator.'))
if not api_response_dic.get('UserId', None):
logger.error('can not get UserId in work weixin user info response')
return render_error(request, _('Error, please contact administrator.'))
user_id = api_response_dic.get('UserId')
uid = WORK_WEIXIN_UID_PREFIX + user_id
email = request.user.username
work_weixin_user = SocialAuthUser.objects.get_by_provider_and_uid(WORK_WEIXIN_PROVIDER, uid)
if work_weixin_user:
logger.error('work weixin account already exists %s' % user_id)
return render_error(request, '出错了,此企业微信账号已被绑定')
SocialAuthUser.objects.add(email, WORK_WEIXIN_PROVIDER, uid)
# update user info
if WORK_WEIXIN_USER_INFO_AUTO_UPDATE:
user_info_data = {
'access_token': access_token,
'userid': user_id,
}
user_info_api_response = requests.get(WORK_WEIXIN_GET_USER_PROFILE_URL, params=user_info_data)
user_info_api_response_dic = handler_work_weixin_api_response(user_info_api_response)
if user_info_api_response_dic:
api_user = user_info_api_response_dic
api_user['username'] = email
api_user['contact_email'] = api_user['email']
update_work_weixin_user_info(api_user)
# redirect user to page
response = HttpResponseRedirect(request.session.get('work_weixin_oauth_connect_redirect', '/'))
return response
def work_weixin_oauth_disconnect(request):
if not work_weixin_oauth_check():
return render_error(request, _('Feature is not enabled.'))
username = request.user.username
if username[-(len(VIRTUAL_ID_EMAIL_DOMAIN)):] == VIRTUAL_ID_EMAIL_DOMAIN:
return render_error(request, '出错了,此账号不能解绑企业微信')
SocialAuthUser.objects.delete_by_username_and_provider(username, WORK_WEIXIN_PROVIDER)
# redirect user to page
response = HttpResponseRedirect(request.GET.get(auth.REDIRECT_FIELD_NAME, '/'))
return response
def work_weixin_oauth_disconnect(request):
if not work_weixin_oauth_check():
return render_error(request, _('Feature is not enabled.'))
username = request.user.username
if username[-(len(VIRTUAL_ID_EMAIL_DOMAIN)):] == VIRTUAL_ID_EMAIL_DOMAIN:
profile = Profile.objects.get_profile_by_user(username)
if not profile or not (profile.contact_email or profile.phone):
return render_error(request, '出错了,当前账号不能解绑企业微信,请绑定手机号或邮箱后再试')
SocialAuthUser.objects.delete_by_username_and_provider(
username, WORK_WEIXIN_PROVIDER)
# redirect user to page
response = HttpResponseRedirect(
request.GET.get(auth.REDIRECT_FIELD_NAME, redirect_to))
return response
def work_weixin_oauth_callback(request):
if not work_weixin_oauth_check():
return render_error(request, _('Feature is not enabled.'))
code = request.GET.get('code', None)
state = request.GET.get('state', None)
if state != request.session.get('work_weixin_oauth_state',
None) or not code:
logger.error(
'can not get right code or state from work weixin request')
return render_error(request, _('Error, please contact administrator.'))
access_token = get_work_weixin_access_token()
if not access_token:
logger.error('can not get work weixin access_token')
return render_error(request, _('Error, please contact administrator.'))
data = {
'access_token': access_token,
'code': code,
}
api_response = requests.get(WORK_WEIXIN_GET_USER_INFO_URL, params=data)
api_response_dic = handler_work_weixin_api_response(api_response)
if not api_response_dic:
logger.error('can not get work weixin user info')
return render_error(request, _('Error, please contact administrator.'))
if not api_response_dic.get('UserId', None):
logger.error('can not get UserId in work weixin user info response')
return render_error(request, _('Error, please contact administrator.'))
user_id = api_response_dic.get('UserId')
uid = WORK_WEIXIN_UID_PREFIX + user_id
work_weixin_user = SocialAuthUser.objects.get_by_provider_and_uid(
WORK_WEIXIN_PROVIDER, uid)
if work_weixin_user:
email = work_weixin_user.username
is_new_user = False
else:
email = gen_user_virtual_id()
SocialAuthUser.objects.add(email, WORK_WEIXIN_PROVIDER, uid)
is_new_user = True
try:
user = auth.authenticate(remote_user=email)
except User.DoesNotExist:
user = None
if not user:
return render_error(
request,
_('Error, new user registration is not allowed, please contact administrator.'
))
# update user info
if is_new_user or WORK_WEIXIN_USER_INFO_AUTO_UPDATE:
user_info_data = {
'access_token': access_token,
'userid': user_id,
}
user_info_api_response = requests.get(WORK_WEIXIN_GET_USER_PROFILE_URL,
params=user_info_data)
user_info_api_response_dic = handler_work_weixin_api_response(
user_info_api_response)
if user_info_api_response_dic:
api_user = user_info_api_response_dic
api_user['username'] = email
api_user['contact_email'] = api_user['email']
update_work_weixin_user_info(api_user)
if not user.is_active:
return render_error(
request,
_('Your account is created successfully, please wait for administrator to activate your account.'
))
# User is valid. Set request.user and persist user in the session
# by logging the user in.
request.user = user
auth.login(request, user)
# generate auth token for Seafile client
api_token = get_api_token(request)
# redirect user to page
response = HttpResponseRedirect(
request.session.get('work_weixin_oauth_redirect', '/'))
response.set_cookie('seahub_auth', user.username + '@' + api_token.key)
return response
def edit_profile(request):
"""
Show and edit user profile.
"""
username = request.user.username
form_class = DetailedProfileForm
if request.method == 'POST':
form = form_class(user=request.user, data=request.POST)
if form.is_valid():
form.save()
messages.success(request, _('Successfully edited profile.'))
return HttpResponseRedirect(reverse('edit_profile'))
else:
messages.error(request, _('Failed to edit profile'))
else:
profile = Profile.objects.get_profile_by_user(username)
d_profile = DetailedProfile.objects.get_detailed_profile_by_user(
username)
init_dict = {}
if profile:
init_dict['nickname'] = profile.nickname
init_dict['login_id'] = profile.login_id
init_dict['contact_email'] = profile.contact_email
init_dict['list_in_address_book'] = profile.list_in_address_book
if d_profile:
init_dict['department'] = d_profile.department
init_dict['telephone'] = d_profile.telephone
form = form_class(user=request.user, data=init_dict)
# common logic
try:
server_crypto = UserOptions.objects.is_server_crypto(username)
except CryptoOptionNotSetError:
# Assume server_crypto is ``False`` if this option is not set.
server_crypto = False
sub_lib_enabled = UserOptions.objects.is_sub_lib_enabled(username)
default_repo_id = UserOptions.objects.get_default_repo(username)
if default_repo_id:
default_repo = seafile_api.get_repo(default_repo_id)
else:
default_repo = None
owned_repos = get_owned_repo_list(request)
owned_repos = [r for r in owned_repos if not r.is_virtual]
if settings.ENABLE_WEBDAV_SECRET:
decoded = UserOptions.objects.get_webdav_decoded_secret(username)
webdav_passwd = decoded if decoded else ''
else:
webdav_passwd = ''
email_inverval = UserOptions.objects.get_file_updates_email_interval(
username)
email_inverval = email_inverval if email_inverval is not None else 0
if work_weixin_oauth_check():
enable_wechat_work = True
from seahub.auth.models import SocialAuthUser
from seahub.work_weixin.settings import WORK_WEIXIN_PROVIDER
social_connected = SocialAuthUser.objects.filter(
username=request.user.username,
provider=WORK_WEIXIN_PROVIDER).count() > 0
else:
enable_wechat_work = False
social_connected = False
if ENABLE_DINGTALK:
enable_dingtalk = True
from seahub.auth.models import SocialAuthUser
social_connected_dingtalk = SocialAuthUser.objects.filter(
username=request.user.username, provider='dingtalk').count() > 0
else:
enable_dingtalk = False
social_connected_dingtalk = False
resp_dict = {
'form': form,
'server_crypto': server_crypto,
"sub_lib_enabled": sub_lib_enabled,
'ENABLE_ADDRESSBOOK_OPT_IN': settings.ENABLE_ADDRESSBOOK_OPT_IN,
'default_repo': default_repo,
'owned_repos': owned_repos,
'is_pro': is_pro_version(),
'is_ldap_user': is_ldap_user(request.user),
'two_factor_auth_enabled': has_two_factor_auth(),
'ENABLE_CHANGE_PASSWORD': settings.ENABLE_CHANGE_PASSWORD,
'ENABLE_GET_AUTH_TOKEN_BY_SESSION':
settings.ENABLE_GET_AUTH_TOKEN_BY_SESSION,
'ENABLE_WEBDAV_SECRET': settings.ENABLE_WEBDAV_SECRET,
'ENABLE_DELETE_ACCOUNT': ENABLE_DELETE_ACCOUNT,
'ENABLE_UPDATE_USER_INFO': ENABLE_UPDATE_USER_INFO,
'webdav_passwd': webdav_passwd,
'email_notification_interval': email_inverval,
'social_next_page': reverse('edit_profile'),
'enable_wechat_work': enable_wechat_work,
'social_connected': social_connected,
'enable_dingtalk': enable_dingtalk,
'social_connected_dingtalk': social_connected_dingtalk,
'ENABLE_USER_SET_CONTACT_EMAIL':
settings.ENABLE_USER_SET_CONTACT_EMAIL,
'user_unusable_password':
request.user.enc_password == UNUSABLE_PASSWORD,
}
if has_two_factor_auth():
from seahub.two_factor.models import StaticDevice, default_device
try:
backup_tokens = StaticDevice.objects.get(
user=request.user.username).token_set.count()
except StaticDevice.DoesNotExist:
backup_tokens = 0
resp_dict['default_device'] = default_device(request.user)
resp_dict['backup_tokens'] = backup_tokens
#template = 'profile/set_profile.html'
template = 'profile/set_profile_react.html'
return render(request, template, resp_dict)
