trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

providers/oauth2: use @method_decorator instead of decorating in urls 

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-09-10 13:26:17 +02:00
parent 5026cebf02
commit a407334d3b
7 changed files with 30 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
authentik/providers/oauth2/urls.py
View File

@ -1,10 +1,7 @@
"""OAuth provider URLs""" """OAuth provider URLs"""
from django.urls import path from django.urls import path
from django.views.decorators.csrf import csrf_exempt
from django.views.generic.base import RedirectView from django.views.generic.base import RedirectView
from authentik.providers.oauth2.constants import SCOPE_OPENID
from authentik.providers.oauth2.utils import protected_resource_view
from authentik.providers.oauth2.views.authorize import AuthorizationFlowInitView from authentik.providers.oauth2.views.authorize import AuthorizationFlowInitView
from authentik.providers.oauth2.views.introspection import TokenIntrospectionView from authentik.providers.oauth2.views.introspection import TokenIntrospectionView
from authentik.providers.oauth2.views.jwks import JWKSView from authentik.providers.oauth2.views.jwks import JWKSView
@ -19,20 +16,20 @@ urlpatterns = [
AuthorizationFlowInitView.as_view(), AuthorizationFlowInitView.as_view(),
name="authorize", name="authorize",
), ),
path("token/", csrf_exempt(TokenView.as_view()), name="token"), path("token/", TokenView.as_view(), name="token"),
path( path(
"userinfo/", "userinfo/",
csrf_exempt(protected_resource_view([SCOPE_OPENID])(UserInfoView.as_view())), UserInfoView.as_view(),
name="userinfo", name="userinfo",
), ),
path( path(
"introspect/", "introspect/",
csrf_exempt(TokenIntrospectionView.as_view()), TokenIntrospectionView.as_view(),
name="token-introspection", name="token-introspection",
), ),
path( path(
"revoke/", "revoke/",
csrf_exempt(TokenRevokeView.as_view()), TokenRevokeView.as_view(),
name="token-revoke", name="token-revoke",
), ),
path( path(

11
authentik/providers/oauth2/urls_github.py
View File

@ -1,9 +1,6 @@
"""authentik oauth_provider urls""" """authentik oauth_provider urls"""
from django.urls import include, path from django.urls import include, path
from django.views.decorators.csrf import csrf_exempt
from authentik.providers.oauth2.constants import SCOPE_GITHUB_ORG_READ, SCOPE_GITHUB_USER_EMAIL
from authentik.providers.oauth2.utils import protected_resource_view
from authentik.providers.oauth2.views.authorize import AuthorizationFlowInitView from authentik.providers.oauth2.views.authorize import AuthorizationFlowInitView
from authentik.providers.oauth2.views.github import GitHubUserTeamsView, GitHubUserView from authentik.providers.oauth2.views.github import GitHubUserTeamsView, GitHubUserView
from authentik.providers.oauth2.views.token import TokenView from authentik.providers.oauth2.views.token import TokenView
@ -16,19 +13,17 @@ github_urlpatterns = [
), ),
path( path(
"login/oauth/access_token", "login/oauth/access_token",
csrf_exempt(TokenView.as_view()), TokenView.as_view(),
name="github-access-token", name="github-access-token",
), ),
path( path(
"user", "user",
csrf_exempt(protected_resource_view([SCOPE_GITHUB_USER_EMAIL])(GitHubUserView.as_view())), GitHubUserView.as_view(),
name="github-user", name="github-user",
), ),
path( path(
"user/teams", "user/teams",
csrf_exempt( GitHubUserTeamsView.as_view(),
protected_resource_view([SCOPE_GITHUB_ORG_READ])(GitHubUserTeamsView.as_view())
),
name="github-user-teams", name="github-user-teams",
), ),
] ]

8
authentik/providers/oauth2/views/github.py
View File

@ -1,12 +1,18 @@
"""authentik pretend GitHub Views""" """authentik pretend GitHub Views"""
from django.http import HttpRequest, HttpResponse, JsonResponse from django.http import HttpRequest, HttpResponse, JsonResponse
from django.utils.decorators import method_decorator
from django.utils.text import slugify from django.utils.text import slugify
from django.views import View from django.views import View
from django.views.decorators.csrf import csrf_exempt
from authentik.providers.oauth2.constants import SCOPE_GITHUB_ORG_READ, SCOPE_GITHUB_USER_EMAIL
from authentik.providers.oauth2.models import RefreshToken from authentik.providers.oauth2.models import RefreshToken
from authentik.providers.oauth2.utils import protected_resource_view
@method_decorator(csrf_exempt, name="dispatch")
@method_decorator(protected_resource_view([SCOPE_GITHUB_USER_EMAIL]), name="dispatch")
class GitHubUserView(View): class GitHubUserView(View):
"""Emulate GitHub's /user API Endpoint""" """Emulate GitHub's /user API Endpoint"""
@ -62,6 +68,8 @@ class GitHubUserView(View):
) )
@method_decorator(csrf_exempt, name="dispatch")
@method_decorator(protected_resource_view([SCOPE_GITHUB_ORG_READ]), name="dispatch")
class GitHubUserTeamsView(View): class GitHubUserTeamsView(View):
"""Emulate GitHub's /user/teams API Endpoint""" """Emulate GitHub's /user/teams API Endpoint"""

3
authentik/providers/oauth2/views/introspection.py
View File

@ -2,7 +2,9 @@
from dataclasses import dataclass, field from dataclasses import dataclass, field
from django.http import HttpRequest, HttpResponse from django.http import HttpRequest, HttpResponse
from django.utils.decorators import method_decorator
from django.views import View from django.views import View
from django.views.decorators.csrf import csrf_exempt
from structlog.stdlib import get_logger from structlog.stdlib import get_logger
from authentik.providers.oauth2.errors import TokenIntrospectionError from authentik.providers.oauth2.errors import TokenIntrospectionError
@ -59,6 +61,7 @@ class TokenIntrospectionParams:
return TokenIntrospectionParams(token=token, provider=provider) return TokenIntrospectionParams(token=token, provider=provider)
@method_decorator(csrf_exempt, name="dispatch")
class TokenIntrospectionView(View): class TokenIntrospectionView(View):
"""Token Introspection """Token Introspection
https://tools.ietf.org/html/rfc7662""" https://tools.ietf.org/html/rfc7662"""

3
authentik/providers/oauth2/views/token.py
View File

@ -7,8 +7,10 @@ from re import fullmatch
from typing import Any, Optional from typing import Any, Optional
from django.http import HttpRequest, HttpResponse from django.http import HttpRequest, HttpResponse
from django.utils.decorators import method_decorator
from django.utils.timezone import datetime, now from django.utils.timezone import datetime, now
from django.views import View from django.views import View
from django.views.decorators.csrf import csrf_exempt
from jwt import PyJWK, PyJWTError, decode from jwt import PyJWK, PyJWTError, decode
from sentry_sdk.hub import Hub from sentry_sdk.hub import Hub
from structlog.stdlib import get_logger from structlog.stdlib import get_logger
@ -364,6 +366,7 @@ class TokenParams:
self.user.save() self.user.save()
@method_decorator(csrf_exempt, name="dispatch")
class TokenView(View): class TokenView(View):
"""Generate tokens for clients""" """Generate tokens for clients"""

3
authentik/providers/oauth2/views/token_revoke.py
View File

@ -2,7 +2,9 @@
from dataclasses import dataclass from dataclasses import dataclass
from django.http import Http404, HttpRequest, HttpResponse from django.http import Http404, HttpRequest, HttpResponse
from django.utils.decorators import method_decorator
from django.views import View from django.views import View
from django.views.decorators.csrf import csrf_exempt
from structlog.stdlib import get_logger from structlog.stdlib import get_logger
from authentik.providers.oauth2.errors import TokenRevocationError from authentik.providers.oauth2.errors import TokenRevocationError
@ -43,6 +45,7 @@ class TokenRevocationParams:
return TokenRevocationParams(token=token, provider=provider) return TokenRevocationParams(token=token, provider=provider)
@method_decorator(csrf_exempt, name="dispatch")
class TokenRevokeView(View): class TokenRevokeView(View):
"""Token revoke endpoint """Token revoke endpoint
https://datatracker.ietf.org/doc/html/rfc7009""" https://datatracker.ietf.org/doc/html/rfc7009"""

7
authentik/providers/oauth2/views/userinfo.py
View File

@ -4,8 +4,10 @@ from typing import Any, Optional
from deepmerge import always_merger from deepmerge import always_merger
from django.http import HttpRequest, HttpResponse from django.http import HttpRequest, HttpResponse
from django.http.response import HttpResponseBadRequest from django.http.response import HttpResponseBadRequest
from django.utils.decorators import method_decorator
from django.utils.translation import gettext_lazy as _ from django.utils.translation import gettext_lazy as _
from django.views import View from django.views import View
from django.views.decorators.csrf import csrf_exempt
from structlog.stdlib import get_logger from structlog.stdlib import get_logger
from authentik.core.exceptions import PropertyMappingExpressionException from authentik.core.exceptions import PropertyMappingExpressionException
@ -17,13 +19,16 @@ from authentik.providers.oauth2.constants import (
SCOPE_GITHUB_USER, SCOPE_GITHUB_USER,
SCOPE_GITHUB_USER_EMAIL, SCOPE_GITHUB_USER_EMAIL,
SCOPE_GITHUB_USER_READ, SCOPE_GITHUB_USER_READ,
SCOPE_OPENID,
) )
from authentik.providers.oauth2.models import RefreshToken, ScopeMapping from authentik.providers.oauth2.models import RefreshToken, ScopeMapping
from authentik.providers.oauth2.utils import TokenResponse, cors_allow from authentik.providers.oauth2.utils import TokenResponse, cors_allow, protected_resource_view
LOGGER = get_logger() LOGGER = get_logger()
@method_decorator(csrf_exempt, name="dispatch")
@method_decorator(protected_resource_view([SCOPE_OPENID]), name="dispatch")
class UserInfoView(View): class UserInfoView(View):
"""Create a dictionary with all the requested claims about the End-User. """Create a dictionary with all the requested claims about the End-User.
See: http://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse""" See: http://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse"""