Changeset View
Changeset View
Standalone View
Standalone View
swh/web/auth/views.py
Show First 20 Lines • Show All 41 Lines • ▼ Show 20 Lines | def _oidc_login(request: HttpRequest, redirect_uri: str, scope: str = "openid"): | ||||
code_verifier, code_challenge = gen_oidc_pkce_codes() | code_verifier, code_challenge = gen_oidc_pkce_codes() | ||||
request.session["login_data"] = { | request.session["login_data"] = { | ||||
"code_verifier": code_verifier, | "code_verifier": code_verifier, | ||||
"state": state, | "state": state, | ||||
"redirect_uri": redirect_uri, | "redirect_uri": redirect_uri, | ||||
"next_path": request.GET.get("next_path", ""), | "next_path": request.GET.get("next_path", ""), | ||||
"prompt": request.GET.get("prompt", ""), | |||||
} | } | ||||
authorization_url_params = { | authorization_url_params = { | ||||
"state": state, | "state": state, | ||||
"code_challenge": code_challenge, | "code_challenge": code_challenge, | ||||
"code_challenge_method": "S256", | "code_challenge_method": "S256", | ||||
"scope": scope, | "scope": scope, | ||||
"prompt": request.GET.get("prompt", ""), | |||||
} | } | ||||
oidc_client = get_oidc_client() | oidc_client = get_oidc_client() | ||||
authorization_url = oidc_client.authorization_url( | authorization_url = oidc_client.authorization_url( | ||||
redirect_uri, **authorization_url_params | redirect_uri, **authorization_url_params | ||||
) | ) | ||||
return HttpResponseRedirect(authorization_url) | return HttpResponseRedirect(authorization_url) | ||||
Show All 29 Lines | |||||
def oidc_login_complete(request: HttpRequest) -> HttpResponse: | def oidc_login_complete(request: HttpRequest) -> HttpResponse: | ||||
""" | """ | ||||
Django view to finalize login process using OpenID Connect. | Django view to finalize login process using OpenID Connect. | ||||
""" | """ | ||||
login_data = _get_login_data(request) | login_data = _get_login_data(request) | ||||
next_path = login_data["next_path"] or request.build_absolute_uri("/") | next_path = login_data["next_path"] or request.build_absolute_uri("/") | ||||
if "error" in request.GET and login_data["prompt"] == "none": | |||||
# Silent login failed because OIDC session expired. | if "error" in request.GET: | ||||
# Redirect to logout page and inform user. | |||||
logout(request) | |||||
logout_url = reverse( | |||||
"logout", query_params={"next_path": next_path, "remote_user": 1} | |||||
) | |||||
return HttpResponseRedirect(logout_url) | |||||
elif "error" in request.GET: | |||||
raise Exception(request.GET["error"]) | raise Exception(request.GET["error"]) | ||||
_check_login_data(request, login_data) | _check_login_data(request, login_data) | ||||
user = authenticate( | user = authenticate( | ||||
request=request, | request=request, | ||||
code=request.GET["code"], | code=request.GET["code"], | ||||
code_verifier=login_data["code_verifier"], | code_verifier=login_data["code_verifier"], | ||||
▲ Show 20 Lines • Show All 161 Lines • Show Last 20 Lines |