sso endpoint

This commit is contained in:
Cayo Puigdefabregas 2023-12-19 10:41:26 +01:00
parent f067732802
commit 5d58e1e55e
2 changed files with 37 additions and 2 deletions

View file

@ -2,7 +2,7 @@ from django.contrib import admin
from django.conf.urls import include, url
from rest_framework.authtoken.views import obtain_auth_token
from orchestra.views import serve_private_media
from orchestra.views import serve_private_media, obtain_auth_token_v2
from . import api
from .utils.apps import isinstalled
@ -20,6 +20,7 @@ urlpatterns = [
url(r'^api/', include(api.router.urls)),
url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
url(r'^api-token-auth/', obtain_auth_token, name='api-token-auth'),
url(r'^api-token-auth-v2/', obtain_auth_token_v2, name='api-token-auth-v2'),
url(r'^media/(.+)/(.+)/(.+)/(.+)/(.+)$', serve_private_media, name='private-media'),
# url(r'search', 'orchestra.views.search', name='search'),
]

View file

@ -1,9 +1,14 @@
import json
import requests
from django.apps import apps
from django.http import Http404
from django.http import Http404, JsonResponse
from django.contrib.admin.utils import unquote
from django.core.exceptions import PermissionDenied
from django.shortcuts import get_object_or_404
from django.views.static import serve
from django.views.decorators.csrf import csrf_exempt
from rest_framework.authtoken.models import Token
from orchestra.contrib.accounts.models import Account
def serve_private_media(request, app_label, model_name, field_name, object_id, filename):
@ -18,3 +23,32 @@ def serve_private_media(request, app_label, model_name, field_name, object_id, f
return serve(request, field.name, document_root=field.storage.location)
else:
raise PermissionDenied()
def get_user_info(token):
url = "http://localhost:5000/oauth/userinfo"
access_token = token['access_token']
token_type = token.get('token_type', 'Bearer')
headers = {"Authorization": f"{token_type} {access_token}"}
msg = requests.get(url, headers=headers)
userinfo = json.loads(msg.text)
username = userinfo.get('username')
return username
@csrf_exempt
def obtain_auth_token_v2(request):
oidc_token = request.POST.get('token')
if not oidc_token:
raise PermissionDenied()
oidc_token = json.loads(oidc_token)
username = get_user_info(oidc_token)
users = Account.objects.filter(username=username)
if not users:
raise PermissionDenied()
user = users[0]
token = Token.objects.get_or_create(user=user)
if len(token) == 2:
return JsonResponse({"token": token[0].key})