fix scope of authorization
This commit is contained in:
parent
addc4fe0f7
commit
5a3ca10825
|
@ -5,4 +5,5 @@ API_BASE_URL = 'http://localhost:9080/api/'
|
||||||
STATIC_ROOT = 'musician/static/'
|
STATIC_ROOT = 'musician/static/'
|
||||||
CLIENT_ID = "ZjYHcERGfUKo26y41VLI4KHz"
|
CLIENT_ID = "ZjYHcERGfUKo26y41VLI4KHz"
|
||||||
CLIENT_SECRET = "jjUfJq9vOomJaj8Zm5W6OweMG61wQ5G3VyKhBzxLqp5k5HVW"
|
CLIENT_SECRET = "jjUfJq9vOomJaj8Zm5W6OweMG61wQ5G3VyKhBzxLqp5k5HVW"
|
||||||
OIDC_PROVIDER = "http://localhost:5000"
|
OIDC_PROVIDER = "http://localhost:9000"
|
||||||
|
DOMAIN = "http://localhost:8000"
|
||||||
|
|
|
@ -548,20 +548,55 @@ class AllowCodeView(RedirectView):
|
||||||
userinfo = None
|
userinfo = None
|
||||||
|
|
||||||
def get_token(self):
|
def get_token(self):
|
||||||
url = "http://localhost:5000/oauth/token"
|
oidc_provider = settings.OIDC_PROVIDER.strip("/")
|
||||||
|
domain = settings.DOMAIN.strip("/")
|
||||||
|
url = f"{oidc_provider}/application/o/token/"
|
||||||
client_id = settings.CLIENT_ID
|
client_id = settings.CLIENT_ID
|
||||||
client_secret = settings.CLIENT_SECRET
|
client_secret = settings.CLIENT_SECRET
|
||||||
self.code = self.request.GET.get('code')
|
self.code = self.request.GET.get('code')
|
||||||
data = {'grant_type': 'authorization_code', 'code': self.code}
|
data = {
|
||||||
|
'grant_type': 'authorization_code',
|
||||||
|
'code': self.code,
|
||||||
|
'redirect_uri': f"{domain}/allow_code",
|
||||||
|
}
|
||||||
auth = (client_id, client_secret)
|
auth = (client_id, client_secret)
|
||||||
msg = requests.post(url, data=data, auth=auth)
|
msg = requests.post(url, data=data, auth=auth)
|
||||||
self.token = msg.text
|
self.token = msg.text
|
||||||
|
|
||||||
|
def get_user_info(self):
|
||||||
|
# DELETE THIS METHOD IS ONLY A TEST
|
||||||
|
if self.userinfo:
|
||||||
|
return self.username
|
||||||
|
if 'error' in self.token:
|
||||||
|
return
|
||||||
|
|
||||||
|
if 'access_token' not in self.token:
|
||||||
|
return
|
||||||
|
|
||||||
|
if not isinstance(self.token, str):
|
||||||
|
return
|
||||||
|
|
||||||
|
self.token = json.loads(self.token)
|
||||||
|
oidc_provider = settings.OIDC_PROVIDER.strip("/")
|
||||||
|
url = f"{oidc_provider}/application/o/userinfo/"
|
||||||
|
access_token = self.token.get('access_token')
|
||||||
|
token_type = self.token.get('token_type', 'Bearer')
|
||||||
|
if not access_token or not token_type:
|
||||||
|
return
|
||||||
|
|
||||||
|
headers = {"Authorization": f"{token_type} {access_token}"}
|
||||||
|
msg = requests.get(url, headers=headers)
|
||||||
|
self.userinfo = json.loads(msg.text)
|
||||||
|
self.username = self.userinfo.get("username")
|
||||||
|
# import pdb; pdb.set_trace()
|
||||||
|
return self.username
|
||||||
|
|
||||||
def get(self, request, *args, **kwargs):
|
def get(self, request, *args, **kwargs):
|
||||||
"""
|
"""
|
||||||
Logs in the user.
|
Logs in the user.
|
||||||
"""
|
"""
|
||||||
self.get_token()
|
self.get_token()
|
||||||
|
# Delete this line
|
||||||
# self.get_user_info()
|
# self.get_user_info()
|
||||||
orchestra = api.Orchestra(token=self.token)
|
orchestra = api.Orchestra(token=self.token)
|
||||||
self.orchestra_token = orchestra.auth_token
|
self.orchestra_token = orchestra.auth_token
|
||||||
|
@ -612,12 +647,14 @@ class LoginView(FormView):
|
||||||
|
|
||||||
def get_oidc_url(self):
|
def get_oidc_url(self):
|
||||||
client_id = settings.CLIENT_ID
|
client_id = settings.CLIENT_ID
|
||||||
domain = settings.OIDC_PROVIDER
|
oidc_provider = settings.OIDC_PROVIDER.strip("/")
|
||||||
if not client_id or not domain:
|
domain = settings.DOMAIN.strip("/")
|
||||||
|
if not client_id or not oidc_provider:
|
||||||
return
|
return
|
||||||
|
|
||||||
url = f'{domain}/oauth/authorize?client_id={client_id}'
|
url = f'{oidc_provider}/application/o/authorize/?client_id={client_id}'
|
||||||
url += '&scope=openid+profile&response_type=code&nonce=abc'
|
url += f'&scope=openid+musician&response_type=code&nonce=abc'
|
||||||
|
url += f'&redirect_uri={domain}/allow_code&response_type=code&nonce=abc'
|
||||||
return url
|
return url
|
||||||
|
|
||||||
def form_valid(self, form):
|
def form_valid(self, form):
|
||||||
|
|
|
@ -180,6 +180,7 @@ CLIENT_ID = config('CLIENT_ID')
|
||||||
CLIENT_SECRET = config('CLIENT_SECRET')
|
CLIENT_SECRET = config('CLIENT_SECRET')
|
||||||
|
|
||||||
OIDC_PROVIDER = config('OIDC_PROVIDER')
|
OIDC_PROVIDER = config('OIDC_PROVIDER')
|
||||||
|
DOMAIN = config('DOMAIN')
|
||||||
|
|
||||||
# Managers: who should get notifications about services changes that
|
# Managers: who should get notifications about services changes that
|
||||||
# may require human actions (e.g. deleted mailboxes)
|
# may require human actions (e.g. deleted mailboxes)
|
||||||
|
|
Loading…
Reference in a new issue