def get_user_list(request):
qs = User.objects.filter(is_active=True).order_by('username').prefetch_related('organisations', 'useraddress_set',
'userphonenumber_set')
username = request.GET.get('q', None)
if username:
qs = qs.filter(username__icontains=username)
organisation__uuid = request.GET.get('organisation__uuid', None)
if organisation__uuid:
qs = qs.filter(organisations__uuid=organisation__uuid)
app_uuid = request.GET.get('app_uuid', None)
if app_uuid:
qs = qs.filter(application_roles__application__uuid=app_uuid)
modified_since = request.GET.get('modified_since', None)
if modified_since: # parse modified_since
parsed = parse_datetime_with_timezone_support(modified_since)
if parsed is None:
raise ValueError("can not parse %s" % modified_since)
qs = qs.filter(last_modified__gte=parsed)
page, links = get_page_and_links(request, qs)
userinfo = {
'collection': {
user.uuid.hex: get_userinfo(user, request, show_details=False) for user in page
},
'links': links
}
return JsonHttpResponse(request=request, data=userinfo)
def home(request):
base_uri = get_base_url(request)
resources = {
"@id":
"%s%s" % (base_uri, reverse('api:home')),
"@type":
"EntryPoint",
"associations":
"%s%s%s" % (base_uri, reverse('api:v2_associations'),
FIND_ASSOCIATION_EXPRESSION),
"association":
"%s%s%s" %
(base_uri, reverse('api:v2_associations'), "{association_id}/"),
"country_groups":
"%s%s%s" % (base_uri, reverse('api:v2_country_groups'),
FIND_COUNTRY_GROUP_EXPRESSION),
"country_group":
"%s%s%s" %
(base_uri, reverse('api:v2_country_groups'), "{country_group_id}/"),
"countries":
"%s%s%s" %
(base_uri, reverse('api:v2_countries'), FIND_COUNTRY_EXPRESSION),
"country":
"%s%s%s" % (base_uri, reverse('api:v2_countries'), "{iso2_code}/"),
"regions":
"%s%s%s" %
(base_uri, reverse('api:v2_regions'), FIND_REGION_EXPRESSION),
"region":
"%s%s%s" % (base_uri, reverse('api:v2_regions'), "{region_id}/"),
"organisations":
"%s%s%s" % (base_uri, reverse('api:v2_organisations'),
FIND_ORGANISATION_EXPRESSION),
"organisation":
"%s%s%s" % (base_uri, reverse('api:v2_organisations'), "{org_id}/"),
"users":
"%s%s%s" % (base_uri, reverse('api:v2_users'), FIND_USER_EXPRESSION),
"user":
"******" % (base_uri, reverse('api:v2_users'), "{user_id}/",
CREATE_USER_QUERY_PARAMS),
"me":
"%s%s" % (base_uri, reverse('api:v2_users_me')),
"navigation_me":
"%s%s" % (base_uri, reverse('api:v2_navigation_me')),
"navigation":
"%s%s" % (base_uri, reverse('api:v2_navigation_me').replace(
'/me/', '/{user_id}/', 1)),
"picture_me":
"%s%s" % (base_uri, reverse('api:v2_picture_me')),
"picture":
"%s%s" % (base_uri, reverse('api:v2_picture_me').replace(
'/me/', '/{user_id}/', 1)),
"user_emails":
"%s%s%s" %
(base_uri, reverse('api:user_emails'), FIND_USER_EMAILS_EXPRESSION),
# "emails": "%s%s" % (base_uri, reverse('api:emails', kwargs={'type': 'txt'}))
}
return JsonHttpResponse(data=resources, request=request)
def get(self, request, *args, **kwargs):
certs = {}
for cert in get_certs():
certs[cert.component.uuid.hex] = cert.value
return JsonHttpResponse(certs,
request,
allow_jsonp=True,
public_cors=True)
def get(self, request, uuid='me', *args, **kwargs):
if uuid == 'me':
selected_user = request.user
else:
selected_user = get_object_or_404(User, uuid=uuid)
if self.is_apps_only:
userinfo = get_userapps(selected_user, request)
else:
userinfo = get_userinfo(selected_user, request, show_details=True)
return JsonHttpResponse(data=userinfo, request=request)
def render_to_json_response(self,
context,
allow_jsonp=False,
**response_kwargs):
"""
Returns a JSON response
"""
data = self.get_data(context)
return JsonHttpResponse(data=data,
request=self.request,
allow_jsonp=allow_jsonp,
**response_kwargs)
def get(self, request, *args, **kwargs):
"""
http://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig
"""
base_uri = get_base_url(
request) # 'http://10.0.2.2:8000' # for android local client test
configuration = {
"issuer":
base_uri,
"authorization_endpoint":
'%s%s' % (base_uri, reverse('oauth2:authorize')),
"token_endpoint":
'%s%s' % (base_uri, reverse('oauth2:token')),
"userinfo_endpoint":
'%s%s' % (base_uri, reverse('api:v2_users_me')),
"revocation_endpoint":
'%s%s' % (base_uri, reverse('oauth2:revoke')),
"jwks_uri":
'%s%s' % (base_uri, reverse('oauth2:jwks')),
"scopes_supported": [
'openid', 'profile', 'email', 'role', 'offline_access',
'address', 'phone', 'users', 'picture'
],
"response_types_supported":
["code", "token", "id_token token", "id_token"],
"id_token_signing_alg_values_supported": ["RS256"],
"token_endpoint_auth_methods_supported": ["client_secret_basic"],
"token_endpoint_auth_signing_alg_values_supported": ["RS256"],
"display_values_supported": ["page", "popup"],
"subject_types_supported": ["public"],
"end_session_endpoint":
'%s%s' % (base_uri, reverse('auth:logout')),
"introspection_endpoint":
'%s%s' % (base_uri, reverse('oauth2:introspect')),
"check_session_iframe":
'%s%s' % (base_uri, reverse('oauth2:session')),
# "certs_uri": '%s%s' % (base_uri, reverse('oauth2:certs')),
"profile_uri":
'%s%s' % (base_uri, reverse('accounts:profile')),
}
if settings.SSO_SERVICE_DOCUMENTATION:
configuration[
'service_documentation'] = settings.SSO_SERVICE_DOCUMENTATION
return JsonHttpResponse(configuration,
request,
allow_jsonp=True,
public_cors=True)
def put(self, request, uuid, *args, **kwargs):
userinfo = parse_json(request)
user = None
try:
user = User.objects.get(uuid=uuid)
except ObjectDoesNotExist:
pass
first_name = userinfo['given_name']
last_name = userinfo['family_name']
email = userinfo['email']
organisations = Organisation.objects.filter(uuid__in=userinfo['organisations'].keys())
if user:
user.set_organisations(organisations)
user.is_active = True
user.save()
else:
# new user
username = default_username_generator(first_name, last_name)
user = User(first_name=first_name, last_name=last_name, username=username)
user.set_password(get_random_string(40))
application_roles = []
for application_uuid, application_data in userinfo.get('applications', {}).items():
application_roles += ApplicationRole.objects.filter(application__uuid=application_uuid,
role__name__in=application_data['roles'])
user.uuid = uuid
user.save()
user.create_primary_email(email)
user.application_roles.set(application_roles)
user.set_organisations(organisations)
user.add_default_roles()
send_account_created_email(user, request)
userinfo = get_userinfo(user, request, show_details=True)
return JsonHttpResponse(data=userinfo, request=request)
def get(self, request, *args, **kwargs):
"""
jwks_uri view (http://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata)
"""
certs = get_certs_jwks()
rsa256 = RSAAlgorithm(RSAAlgorithm.SHA256)
keys = []
for pub_key in get_public_keys():
key_obj = rsa256.prepare_key(pub_key.value)
key = json.loads(RSAAlgorithm.to_jwk(key_obj))
key["kid"] = pub_key.component.uuid.hex
key["alg"] = pub_key.component.name
key["use"] = "sig"
if pub_key.component.uuid.hex in certs:
key.update(certs[pub_key.component.uuid.hex])
keys.append(key)
data = {'keys': keys}
return JsonHttpResponse(data,
request,
allow_jsonp=True,
public_cors=True)
def client_details(request, object_id):
client = get_object_or_404(Client, pk=object_id)
data = {
"client_secret":
client.client_secret,
"application_id":
client.application.uuid.hex if client.application else None,
"client_id":
client.uuid.hex,
"scopes":
client.scopes,
"force_using_pkce":
client.force_using_pkce,
"redirect_uris": [uri for uri in client.redirect_uris.split()],
"post_logout_redirect_uris":
[uri for uri in client.post_logout_redirect_uris.split()],
"type":
client.type,
}
if client.user:
data['user_id'] = client.user.uuid.hex
return JsonHttpResponse(data, request)