From addc4fe0f7402256a0b49723cae27c5a1dfaa22a Mon Sep 17 00:00:00 2001 From: Cayo Puigdefabregas Date: Wed, 27 Sep 2023 14:00:25 +0200 Subject: [PATCH] add oidc allow_code to views --- musician/views.py | 70 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) diff --git a/musician/views.py b/musician/views.py index ec3ac36..0474649 100644 --- a/musician/views.py +++ b/musician/views.py @@ -1,6 +1,8 @@ import logging import smtplib import datetime +import requests +import json from django.conf import settings from django.contrib import messages @@ -20,6 +22,7 @@ from django.views.generic.list import ListView from requests.exceptions import HTTPError from . import get_version +from . import api from .auth import login as auth_login from .auth import logout as auth_logout from .forms import LoginForm, MailboxChangePasswordForm, MailboxCreateForm, MailboxUpdateForm, MailForm @@ -33,6 +36,7 @@ from .utils import get_bootstraped_percent logger = logging.getLogger(__name__) + class DashboardView(CustomContextMixin, UserTokenRequiredMixin, TemplateView): template_name = "musician/dashboard.html" extra_context = { @@ -535,6 +539,61 @@ class DomainDetailView(CustomContextMixin, UserTokenRequiredMixin, DetailView): return domain +class AllowCodeView(RedirectView): + """ + Log in the user with OAuth2. + """ + permanent = False + success_url = reverse_lazy('musician:dashboard') + userinfo = None + + def get_token(self): + url = "http://localhost:5000/oauth/token" + client_id = settings.CLIENT_ID + client_secret = settings.CLIENT_SECRET + self.code = self.request.GET.get('code') + data = {'grant_type': 'authorization_code', 'code': self.code} + auth = (client_id, client_secret) + msg = requests.post(url, data=data, auth=auth) + self.token = msg.text + + def get(self, request, *args, **kwargs): + """ + Logs in the user. + """ + self.get_token() + # self.get_user_info() + orchestra = api.Orchestra(token=self.token) + self.orchestra_token = orchestra.auth_token + self.user = orchestra.retrieve_profile() + username = self.user.username + auth_login(self.request, username, self.orchestra_token) + + # set user language as active language + user_language = self.user.language + translation.activate(user_language) + + response = HttpResponseRedirect(self.get_success_url()) + response.set_cookie(settings.LANGUAGE_COOKIE_NAME, user_language) + + return response + # return super().get(*args, **kwargs) + + def get_success_url(self): + url = self.get_redirect_url() + return url or self.success_url + + def get_redirect_url(self): + """Return the user-originating redirect URL if it's safe.""" + redirect_to = self.success_url + url_is_safe = is_safe_url( + url=redirect_to, + allowed_hosts={self.request.get_host()}, + require_https=self.request.is_secure(), + ) + return redirect_to if url_is_safe else '' + + class LoginView(FormView): template_name = 'auth/login.html' form_class = LoginForm @@ -551,6 +610,16 @@ class LoginView(FormView): kwargs['request'] = self.request return kwargs + def get_oidc_url(self): + client_id = settings.CLIENT_ID + domain = settings.OIDC_PROVIDER + if not client_id or not domain: + return + + url = f'{domain}/oauth/authorize?client_id={client_id}' + url += '&scope=openid+profile&response_type=code&nonce=abc' + return url + def form_valid(self, form): """Security check complete. Log the user in.""" auth_login(self.request, form.username, form.token) @@ -585,6 +654,7 @@ class LoginView(FormView): context = super().get_context_data(**kwargs) context.update({ self.redirect_field_name: self.get_redirect_url(), + 'oidc_provider': self.get_oidc_url(), **(self.extra_context or {}) }) return context