From 5d58e1e55e3f31a8be9e9293724346c126ef3cbc Mon Sep 17 00:00:00 2001
From: Cayo Puigdefabregas <cayo@usody.com>
Date: Tue, 19 Dec 2023 10:41:26 +0100
Subject: [PATCH] sso endpoint

---
 orchestra/urls.py  |  3 ++-
 orchestra/views.py | 36 +++++++++++++++++++++++++++++++++++-
 2 files changed, 37 insertions(+), 2 deletions(-)

diff --git a/orchestra/urls.py b/orchestra/urls.py
index e3f7cefb..c2f37e4a 100644
--- a/orchestra/urls.py
+++ b/orchestra/urls.py
@@ -2,7 +2,7 @@ from django.contrib import admin
 from django.conf.urls import include, url
 from rest_framework.authtoken.views import obtain_auth_token
 
-from orchestra.views import serve_private_media
+from orchestra.views import serve_private_media, obtain_auth_token_v2
 
 from . import api
 from .utils.apps import isinstalled
@@ -20,6 +20,7 @@ urlpatterns = [
     url(r'^api/', include(api.router.urls)),
     url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
     url(r'^api-token-auth/', obtain_auth_token, name='api-token-auth'),
+    url(r'^api-token-auth-v2/', obtain_auth_token_v2, name='api-token-auth-v2'),
     url(r'^media/(.+)/(.+)/(.+)/(.+)/(.+)$', serve_private_media, name='private-media'),
 #    url(r'search', 'orchestra.views.search', name='search'),
 ]
diff --git a/orchestra/views.py b/orchestra/views.py
index 5b5e5652..79b61e24 100644
--- a/orchestra/views.py
+++ b/orchestra/views.py
@@ -1,9 +1,14 @@
+import json
+import requests
 from django.apps import apps
-from django.http import Http404
+from django.http import Http404, JsonResponse
 from django.contrib.admin.utils import unquote
 from django.core.exceptions import PermissionDenied
 from django.shortcuts import get_object_or_404
 from django.views.static import serve
+from django.views.decorators.csrf import csrf_exempt
+from rest_framework.authtoken.models import Token
+from orchestra.contrib.accounts.models import Account
 
 
 def serve_private_media(request, app_label, model_name, field_name, object_id, filename):
@@ -18,3 +23,32 @@ def serve_private_media(request, app_label, model_name, field_name, object_id, f
         return serve(request, field.name, document_root=field.storage.location)
     else:
         raise PermissionDenied()
+
+
+def get_user_info(token):
+    url = "http://localhost:5000/oauth/userinfo"
+    access_token = token['access_token']
+    token_type = token.get('token_type', 'Bearer')
+    headers = {"Authorization": f"{token_type} {access_token}"}
+    msg = requests.get(url, headers=headers)
+    userinfo = json.loads(msg.text)
+    username = userinfo.get('username')
+    return username
+
+
+@csrf_exempt
+def obtain_auth_token_v2(request):
+    oidc_token = request.POST.get('token')
+    if not oidc_token:
+        raise PermissionDenied()
+    oidc_token = json.loads(oidc_token)
+
+    username = get_user_info(oidc_token)
+    users = Account.objects.filter(username=username)
+    if not users:
+        raise PermissionDenied()
+
+    user = users[0]
+    token = Token.objects.get_or_create(user=user)
+    if len(token) == 2:
+        return JsonResponse({"token": token[0].key})