record additional authentication event with nonce (#52446)

2021-05-04 19:33:37 +02:00 · 2021-05-04 19:33:37 +02:00 · 97552a6224
parent 0cbaa59247
commit 97552a6224
1 changed files with 13 additions and 0 deletions
--- a/src/authentic2_auth_fedict/views.py
+++ b/src/authentic2_auth_fedict/views.py
@ -14,12 +14,15 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

+import urllib.parse
 import random

+from django.conf import settings
 from django.core import signing
 from django.urls import reverse
 from django.db import transaction
 from django.http import HttpResponseRedirect
+from django.shortcuts import resolve_url
 from django.views.decorators.csrf import csrf_exempt
 from django.views.generic import View

@ -54,6 +57,16 @@ class LoginView(mellon.views.LoginView):
        idp = mellon.utils.get_idp(attributes['issuer'])
        adapter = mellon.utils.get_adapters(idp)[0]
        user = adapter.lookup_user(idp, attributes)
+
+        # extract nonce from next_url and record an additional authentication
+        # event with it (as the event recorded in the adapter lacks the nonce).
+        next_url = self.get_next_url(default=resolve_url(settings.LOGIN_REDIRECT_URL))
+        try:
+            nonce = urllib.parse.parse_qs(urllib.parse.urlparse(next_url).query)['nonce'][0]
+        except (KeyError, IndexError):
+            nonce = None
+        a2_utils.record_authentication_event(request, 'fedict', nonce=nonce)
+
        if not user.email:
            adapter.provision_attribute(user, idp, attributes)
            user.is_active = False