sso endpoint
This commit is contained in:
parent
f067732802
commit
5d58e1e55e
|
@ -2,7 +2,7 @@ from django.contrib import admin
|
|||
from django.conf.urls import include, url
|
||||
from rest_framework.authtoken.views import obtain_auth_token
|
||||
|
||||
from orchestra.views import serve_private_media
|
||||
from orchestra.views import serve_private_media, obtain_auth_token_v2
|
||||
|
||||
from . import api
|
||||
from .utils.apps import isinstalled
|
||||
|
@ -20,6 +20,7 @@ urlpatterns = [
|
|||
url(r'^api/', include(api.router.urls)),
|
||||
url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
|
||||
url(r'^api-token-auth/', obtain_auth_token, name='api-token-auth'),
|
||||
url(r'^api-token-auth-v2/', obtain_auth_token_v2, name='api-token-auth-v2'),
|
||||
url(r'^media/(.+)/(.+)/(.+)/(.+)/(.+)$', serve_private_media, name='private-media'),
|
||||
# url(r'search', 'orchestra.views.search', name='search'),
|
||||
]
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
import json
|
||||
import requests
|
||||
from django.apps import apps
|
||||
from django.http import Http404
|
||||
from django.http import Http404, JsonResponse
|
||||
from django.contrib.admin.utils import unquote
|
||||
from django.core.exceptions import PermissionDenied
|
||||
from django.shortcuts import get_object_or_404
|
||||
from django.views.static import serve
|
||||
from django.views.decorators.csrf import csrf_exempt
|
||||
from rest_framework.authtoken.models import Token
|
||||
from orchestra.contrib.accounts.models import Account
|
||||
|
||||
|
||||
def serve_private_media(request, app_label, model_name, field_name, object_id, filename):
|
||||
|
@ -18,3 +23,32 @@ def serve_private_media(request, app_label, model_name, field_name, object_id, f
|
|||
return serve(request, field.name, document_root=field.storage.location)
|
||||
else:
|
||||
raise PermissionDenied()
|
||||
|
||||
|
||||
def get_user_info(token):
|
||||
url = "http://localhost:5000/oauth/userinfo"
|
||||
access_token = token['access_token']
|
||||
token_type = token.get('token_type', 'Bearer')
|
||||
headers = {"Authorization": f"{token_type} {access_token}"}
|
||||
msg = requests.get(url, headers=headers)
|
||||
userinfo = json.loads(msg.text)
|
||||
username = userinfo.get('username')
|
||||
return username
|
||||
|
||||
|
||||
@csrf_exempt
|
||||
def obtain_auth_token_v2(request):
|
||||
oidc_token = request.POST.get('token')
|
||||
if not oidc_token:
|
||||
raise PermissionDenied()
|
||||
oidc_token = json.loads(oidc_token)
|
||||
|
||||
username = get_user_info(oidc_token)
|
||||
users = Account.objects.filter(username=username)
|
||||
if not users:
|
||||
raise PermissionDenied()
|
||||
|
||||
user = users[0]
|
||||
token = Token.objects.get_or_create(user=user)
|
||||
if len(token) == 2:
|
||||
return JsonResponse({"token": token[0].key})
|
||||
|
|
Loading…
Reference in a new issue