Changeset View
Changeset View
Standalone View
Standalone View
swh/auth/django/views.py
Show All 33 Lines | def oidc_login_view(request: HttpRequest, redirect_uri: str, scope: str = "openid"): | ||||
state = str(uuid.uuid4()) | state = str(uuid.uuid4()) | ||||
code_verifier, code_challenge = gen_oidc_pkce_codes() | code_verifier, code_challenge = gen_oidc_pkce_codes() | ||||
request.session["login_data"] = { | request.session["login_data"] = { | ||||
"code_verifier": code_verifier, | "code_verifier": code_verifier, | ||||
"state": state, | "state": state, | ||||
"redirect_uri": redirect_uri, | "redirect_uri": redirect_uri, | ||||
"next_path": request.GET.get("next_path", ""), | "next": request.GET.get("next", ""), | ||||
} | } | ||||
authorization_url_params = { | authorization_url_params = { | ||||
"state": state, | "state": state, | ||||
"code_challenge": code_challenge, | "code_challenge": code_challenge, | ||||
"code_challenge_method": "S256", | "code_challenge_method": "S256", | ||||
"scope": scope, | "scope": scope, | ||||
} | } | ||||
▲ Show 20 Lines • Show All 51 Lines • ▼ Show 20 Lines | def oidc_login_complete(request: HttpRequest) -> HttpResponse: | ||||
try: | try: | ||||
login_data = get_oidc_login_data(request) | login_data = get_oidc_login_data(request) | ||||
except ValueError as ve: | except ValueError as ve: | ||||
return HttpResponseBadRequest(str(ve)) | return HttpResponseBadRequest(str(ve)) | ||||
except Exception as e: | except Exception as e: | ||||
return HttpResponseServerError(str(e)) | return HttpResponseServerError(str(e)) | ||||
next_path = login_data["next_path"] or request.build_absolute_uri("/") | next = login_data["next"] or request.build_absolute_uri("/") | ||||
user = authenticate( | user = authenticate( | ||||
request=request, | request=request, | ||||
code=request.GET["code"], | code=request.GET["code"], | ||||
code_verifier=login_data["code_verifier"], | code_verifier=login_data["code_verifier"], | ||||
redirect_uri=login_data["redirect_uri"], | redirect_uri=login_data["redirect_uri"], | ||||
) | ) | ||||
if user is None: | if user is None: | ||||
return HttpResponseServerError("User authentication failed.") | return HttpResponseServerError("User authentication failed.") | ||||
login(request, user) | login(request, user) | ||||
return HttpResponseRedirect(next_path) | return HttpResponseRedirect(next) | ||||
def oidc_logout(request: HttpRequest) -> HttpResponse: | def oidc_logout(request: HttpRequest) -> HttpResponse: | ||||
""" | """ | ||||
Django view to logout using OpenID Connect. | Django view to logout using OpenID Connect. | ||||
""" | """ | ||||
user = request.user | user = request.user | ||||
logout(request) | logout(request) | ||||
if hasattr(user, "refresh_token"): | if hasattr(user, "refresh_token"): | ||||
user = cast(OIDCUser, user) | user = cast(OIDCUser, user) | ||||
refresh_token = cast(str, user.refresh_token) | refresh_token = cast(str, user.refresh_token) | ||||
try: | try: | ||||
# end OpenID Connect session | # end OpenID Connect session | ||||
oidc_client = keycloak_oidc_client() | oidc_client = keycloak_oidc_client() | ||||
oidc_client.logout(refresh_token) | oidc_client.logout(refresh_token) | ||||
except KeycloakError as ke: | except KeycloakError as ke: | ||||
return HttpResponseServerError(keycloak_error_message(ke)) | return HttpResponseServerError(keycloak_error_message(ke)) | ||||
# remove user data from cache | # remove user data from cache | ||||
cache.delete(oidc_profile_cache_key(oidc_client, user.id)) | cache.delete(oidc_profile_cache_key(oidc_client, user.id)) | ||||
return HttpResponseRedirect(request.GET.get("next_path", "/")) | return HttpResponseRedirect(request.GET.get("next", "/")) | ||||
urlpatterns = [ | urlpatterns = [ | ||||
url(r"^oidc/login/$", oidc_login, name="oidc-login"), | url(r"^oidc/login/$", oidc_login, name="oidc-login"), | ||||
url(r"^oidc/login-complete/$", oidc_login_complete, name="oidc-login-complete"), | url(r"^oidc/login-complete/$", oidc_login_complete, name="oidc-login-complete"), | ||||
url(r"^oidc/logout/$", oidc_logout, name="oidc-logout"), | url(r"^oidc/logout/$", oidc_logout, name="oidc-logout"), | ||||
] | ] |