Commit 30cbbb71 authored by Lukas Burgey's avatar Lukas Burgey

Put oidc config into the db

parent 00cd417a
from django.contrib import admin
from . import models
from .auth.models import OIDCConfig
# from django.apps import apps
# b = apps.get_app_config('backend')
#
# # register all models of the app
# for _, model in b.models.items():
# admin.site.register(model)
admin.site.register(models.User)
admin.site.register(models.Site)
admin.site.register(models.Service)
admin.site.register(OIDCConfig)
from django.db import models as db_models
from oic.oic import Client
from oic.utils.authn.client import CLIENT_AUTHN_METHOD
from oic.oic.message import RegistrationResponse
from urllib.request import Request, urlopen
from .. import models
from django.core.exceptions import ObjectDoesNotExist
from .oidc import OIDC_CLIENT
from django.conf import settings
import json
oidc_client = None
class OIDCConfig(db_models.Model):
client_id = db_models.CharField(max_length=200)
client_secret = db_models.CharField(max_length=200)
redirect_uri = db_models.CharField(max_length=200)
issuer_uri = db_models.CharField(max_length=200)
@property
def registration_response(self):
info = {"client_id": self.client_id,
"client_secret": self.client_secret}
return RegistrationResponse(**info)
@property
def oidc_client(self):
global oidc_client
if oidc_client is None:
oidc_client = Client(client_authn_method=CLIENT_AUTHN_METHOD)
oidc_client.provider_config(self.issuer_uri)
oidc_client.store_registration_info(self.registration_response)
return oidc_client
@property
def provider_info(self):
return self.oidc_client.provider_info
def get_auth_request(self, client, state):
args = {
'client_id': self.client_id,
'response_type': 'code',
'scope': ['openid', 'profile', 'email'],
'redirect_uri': self.redirect_uri,
'state': state,
}
auth_req = client.construct_AuthorizationRequest(
request_args=args)
return auth_req.request(client.authorization_endpoint)
def __str__(self):
return self.issuer_uri
def get_oidc_client():
# TODO dubious
oidc_config = OIDCConfig.objects.all()[settings.OIDC_CONFIG_INDEX]
return oidc_config.oidc_client
class OIDCTokenAuthBackend(object):
def get_user_info(self, access_token, token_type='Bearer'):
q = Request(OIDC_CLIENT.provider_info['userinfo_endpoint'])
q = Request(get_oidc_client().provider_info['userinfo_endpoint'])
auth = (token_type + ' ' + access_token)
q.add_header('Authorization', auth)
......
from oic.oic import Client
from oic.utils.authn.client import CLIENT_AUTHN_METHOD
from oic.oic.message import RegistrationResponse
import os
OIDC_CLIENT_ID = os.environ.get('OIDC_CLIENT_ID', '')
OIDC_CLIENT_ID_SECRET = os.environ.get('OIDC_CLIENT_ID_SECRET', '')
OIDC_REDIRECT_URI = os.environ.get('OIDC_REDIRECT_URI', '')
OIDC_ISSUER_URI = os.environ.get('OIDC_ISSUER_URI', '')
OIDC_CLIENT = Client(client_authn_method=CLIENT_AUTHN_METHOD)
OIDC_CLIENT.provider_config(OIDC_ISSUER_URI)
info = {"client_id": OIDC_CLIENT_ID, "client_secret": OIDC_CLIENT_ID_SECRET}
client_reg = RegistrationResponse(**info)
OIDC_CLIENT.store_registration_info(client_reg)
from .oidc import OIDC_CLIENT, OIDC_CLIENT_ID, OIDC_REDIRECT_URI
from .models import OIDCConfig
from django.contrib.auth import authenticate, login
from django.db.utils import OperationalError
from django.shortcuts import redirect, render
......@@ -13,25 +13,20 @@ class Auth(View):
state = rndstr()
try:
request.session['state'] = state
request.session['nonce'] = rndstr()
# request.session['nonce'] = rndstr()
except OperationalError:
return redirect('/?error=not_operational')
args = {
'client_id': OIDC_CLIENT_ID,
'response_type': 'code',
'scope': ['openid', 'profile', 'email'],
'redirect_uri': OIDC_REDIRECT_URI,
'state': state,
}
auth_req = OIDC_CLIENT.construct_AuthorizationRequest(
request_args=args)
login_url = auth_req.request(OIDC_CLIENT.authorization_endpoint)
oidc_config = OIDCConfig.objects.all()[0]
oidc_client = oidc_config.oidc_client
login_url = oidc_config.get_auth_request(
oidc_client,
state)
return redirect(login_url)
class AuthCallback(View):
def get(self, request, **kwargs):
try:
......@@ -39,7 +34,10 @@ class AuthCallback(View):
except OperationalError:
return redirect('/?error=not_operational')
aresp = OIDC_CLIENT.parse_response(
oidc_config = OIDCConfig.objects.all()[0]
oidc_client = oidc_config.oidc_client
aresp = oidc_client.parse_response(
AuthorizationResponse,
info=json.dumps(request.GET))
......@@ -50,13 +48,13 @@ class AuthCallback(View):
'code': code,
}
ac_token_response = OIDC_CLIENT.do_access_token_request(
ac_token_response = oidc_client.do_access_token_request(
state=aresp['state'],
request_args=args)
# does fail with 'invalid_token'
# user_info = OIDC_CLIENT.do_user_info_request(
# state=aresp['state'])
# statearesp['state'])
# user_info = self.get_user_info(ac_token_response['access_token'])
# try:
# u = models.User.objects.get(sub=user_info['sub'])
......
......@@ -21,6 +21,10 @@ SESSION_COOKIE_AGE = 3600
CSRF_HEADER_NAME = 'HTTP_X_CSRFTOKEN'
# index in the django_backend.backend.auth.models.OIDCConfig table
OIDC_CONFIG_INDEX = 0
# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/1.11/howto/deployment/checklist/
......@@ -99,7 +103,7 @@ DATABASES = {
CORS_ORIGIN_ALLOW_ALL = True
AUTHENTICATION_BACKENDS = [
'django_backend.backend.auth.backend.OIDCTokenAuthBackend',
'django_backend.backend.auth.models.OIDCTokenAuthBackend',
'django.contrib.auth.backends.ModelBackend',
]
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment