Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
feudal
feudalBackend
Commits
30cbbb71
Commit
30cbbb71
authored
Dec 19, 2017
by
Lukas Burgey
Browse files
Put oidc config into the db
parent
00cd417a
Changes
6
Hide whitespace changes
Inline
Side-by-side
django_backend/backend/admin.py
View file @
30cbbb71
from
django.contrib
import
admin
from
.
import
models
from
.auth.models
import
OIDCConfig
# from django.apps import apps
# b = apps.get_app_config('backend')
#
# # register all models of the app
# for _, model in b.models.items():
# admin.site.register(model)
admin
.
site
.
register
(
models
.
User
)
admin
.
site
.
register
(
models
.
Site
)
admin
.
site
.
register
(
models
.
Service
)
admin
.
site
.
register
(
OIDCConfig
)
django_backend/backend/auth/__init__.py
0 → 100644
View file @
30cbbb71
django_backend/backend/auth/
backend
.py
→
django_backend/backend/auth/
models
.py
View file @
30cbbb71
from
django.db
import
models
as
db_models
from
oic.oic
import
Client
from
oic.utils.authn.client
import
CLIENT_AUTHN_METHOD
from
oic.oic.message
import
RegistrationResponse
from
urllib.request
import
Request
,
urlopen
from
..
import
models
from
django.core.exceptions
import
ObjectDoesNotExist
from
.oidc
import
OIDC_CLIENT
from
django.conf
import
settings
import
json
oidc_client
=
None
class
OIDCConfig
(
db_models
.
Model
):
client_id
=
db_models
.
CharField
(
max_length
=
200
)
client_secret
=
db_models
.
CharField
(
max_length
=
200
)
redirect_uri
=
db_models
.
CharField
(
max_length
=
200
)
issuer_uri
=
db_models
.
CharField
(
max_length
=
200
)
@
property
def
registration_response
(
self
):
info
=
{
"client_id"
:
self
.
client_id
,
"client_secret"
:
self
.
client_secret
}
return
RegistrationResponse
(
**
info
)
@
property
def
oidc_client
(
self
):
global
oidc_client
if
oidc_client
is
None
:
oidc_client
=
Client
(
client_authn_method
=
CLIENT_AUTHN_METHOD
)
oidc_client
.
provider_config
(
self
.
issuer_uri
)
oidc_client
.
store_registration_info
(
self
.
registration_response
)
return
oidc_client
@
property
def
provider_info
(
self
):
return
self
.
oidc_client
.
provider_info
def
get_auth_request
(
self
,
client
,
state
):
args
=
{
'client_id'
:
self
.
client_id
,
'response_type'
:
'code'
,
'scope'
:
[
'openid'
,
'profile'
,
'email'
],
'redirect_uri'
:
self
.
redirect_uri
,
'state'
:
state
,
}
auth_req
=
client
.
construct_AuthorizationRequest
(
request_args
=
args
)
return
auth_req
.
request
(
client
.
authorization_endpoint
)
def
__str__
(
self
):
return
self
.
issuer_uri
def
get_oidc_client
():
# TODO dubious
oidc_config
=
OIDCConfig
.
objects
.
all
()[
settings
.
OIDC_CONFIG_INDEX
]
return
oidc_config
.
oidc_client
class
OIDCTokenAuthBackend
(
object
):
def
get_user_info
(
self
,
access_token
,
token_type
=
'Bearer'
):
q
=
Request
(
OIDC_CLIENT
.
provider_info
[
'userinfo_endpoint'
])
q
=
Request
(
get_oidc_client
()
.
provider_info
[
'userinfo_endpoint'
])
auth
=
(
token_type
+
' '
+
access_token
)
q
.
add_header
(
'Authorization'
,
auth
)
...
...
django_backend/backend/auth/oidc.py
deleted
100644 → 0
View file @
00cd417a
from
oic.oic
import
Client
from
oic.utils.authn.client
import
CLIENT_AUTHN_METHOD
from
oic.oic.message
import
RegistrationResponse
import
os
OIDC_CLIENT_ID
=
os
.
environ
.
get
(
'OIDC_CLIENT_ID'
,
''
)
OIDC_CLIENT_ID_SECRET
=
os
.
environ
.
get
(
'OIDC_CLIENT_ID_SECRET'
,
''
)
OIDC_REDIRECT_URI
=
os
.
environ
.
get
(
'OIDC_REDIRECT_URI'
,
''
)
OIDC_ISSUER_URI
=
os
.
environ
.
get
(
'OIDC_ISSUER_URI'
,
''
)
OIDC_CLIENT
=
Client
(
client_authn_method
=
CLIENT_AUTHN_METHOD
)
OIDC_CLIENT
.
provider_config
(
OIDC_ISSUER_URI
)
info
=
{
"client_id"
:
OIDC_CLIENT_ID
,
"client_secret"
:
OIDC_CLIENT_ID_SECRET
}
client_reg
=
RegistrationResponse
(
**
info
)
OIDC_CLIENT
.
store_registration_info
(
client_reg
)
django_backend/backend/auth/views.py
View file @
30cbbb71
from
.
oidc
import
OIDC
_CLIENT
,
OIDC_CLIENT_ID
,
OIDC_REDIRECT_URI
from
.
models
import
OIDC
Config
from
django.contrib.auth
import
authenticate
,
login
from
django.db.utils
import
OperationalError
from
django.shortcuts
import
redirect
,
render
...
...
@@ -13,25 +13,20 @@ class Auth(View):
state
=
rndstr
()
try
:
request
.
session
[
'state'
]
=
state
request
.
session
[
'nonce'
]
=
rndstr
()
#
request.session['nonce'] = rndstr()
except
OperationalError
:
return
redirect
(
'/?error=not_operational'
)
args
=
{
'client_id'
:
OIDC_CLIENT_ID
,
'response_type'
:
'code'
,
'scope'
:
[
'openid'
,
'profile'
,
'email'
],
'redirect_uri'
:
OIDC_REDIRECT_URI
,
'state'
:
state
,
}
auth_req
=
OIDC_CLIENT
.
construct_AuthorizationRequest
(
request_args
=
args
)
login_url
=
auth_req
.
request
(
OIDC_CLIENT
.
authorization_endpoint
)
oidc_config
=
OIDCConfig
.
objects
.
all
()[
0
]
oidc_client
=
oidc_config
.
oidc_client
login_url
=
oidc_config
.
get_auth_request
(
oidc_client
,
state
)
return
redirect
(
login_url
)
class
AuthCallback
(
View
):
def
get
(
self
,
request
,
**
kwargs
):
try
:
...
...
@@ -39,7 +34,10 @@ class AuthCallback(View):
except
OperationalError
:
return
redirect
(
'/?error=not_operational'
)
aresp
=
OIDC_CLIENT
.
parse_response
(
oidc_config
=
OIDCConfig
.
objects
.
all
()[
0
]
oidc_client
=
oidc_config
.
oidc_client
aresp
=
oidc_client
.
parse_response
(
AuthorizationResponse
,
info
=
json
.
dumps
(
request
.
GET
))
...
...
@@ -50,13 +48,13 @@ class AuthCallback(View):
'code'
:
code
,
}
ac_token_response
=
OIDC_CLIENT
.
do_access_token_request
(
ac_token_response
=
oidc_client
.
do_access_token_request
(
state
=
aresp
[
'state'
],
request_args
=
args
)
# does fail with 'invalid_token'
# user_info = OIDC_CLIENT.do_user_info_request(
# state
=
aresp['state'])
# statearesp['state'])
# user_info = self.get_user_info(ac_token_response['access_token'])
# try:
# u = models.User.objects.get(sub=user_info['sub'])
...
...
django_backend/settings.py
View file @
30cbbb71
...
...
@@ -21,6 +21,10 @@ SESSION_COOKIE_AGE = 3600
CSRF_HEADER_NAME
=
'HTTP_X_CSRFTOKEN'
# index in the django_backend.backend.auth.models.OIDCConfig table
OIDC_CONFIG_INDEX
=
0
# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/1.11/howto/deployment/checklist/
...
...
@@ -99,7 +103,7 @@ DATABASES = {
CORS_ORIGIN_ALLOW_ALL
=
True
AUTHENTICATION_BACKENDS
=
[
'django_backend.backend.auth.
backend
.OIDCTokenAuthBackend'
,
'django_backend.backend.auth.
models
.OIDCTokenAuthBackend'
,
'django.contrib.auth.backends.ModelBackend'
,
]
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment