record additional authentication event with nonce (#52446)
This commit is contained in:
parent
0cbaa59247
commit
97552a6224
|
@ -14,12 +14,15 @@
|
|||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
import urllib.parse
|
||||
import random
|
||||
|
||||
from django.conf import settings
|
||||
from django.core import signing
|
||||
from django.urls import reverse
|
||||
from django.db import transaction
|
||||
from django.http import HttpResponseRedirect
|
||||
from django.shortcuts import resolve_url
|
||||
from django.views.decorators.csrf import csrf_exempt
|
||||
from django.views.generic import View
|
||||
|
||||
|
@ -54,6 +57,16 @@ class LoginView(mellon.views.LoginView):
|
|||
idp = mellon.utils.get_idp(attributes['issuer'])
|
||||
adapter = mellon.utils.get_adapters(idp)[0]
|
||||
user = adapter.lookup_user(idp, attributes)
|
||||
|
||||
# extract nonce from next_url and record an additional authentication
|
||||
# event with it (as the event recorded in the adapter lacks the nonce).
|
||||
next_url = self.get_next_url(default=resolve_url(settings.LOGIN_REDIRECT_URL))
|
||||
try:
|
||||
nonce = urllib.parse.parse_qs(urllib.parse.urlparse(next_url).query)['nonce'][0]
|
||||
except (KeyError, IndexError):
|
||||
nonce = None
|
||||
a2_utils.record_authentication_event(request, 'fedict', nonce=nonce)
|
||||
|
||||
if not user.email:
|
||||
adapter.provision_attribute(user, idp, attributes)
|
||||
user.is_active = False
|
||||
|
|
Loading…
Reference in New Issue