views: add federation support by generating a pseudonymous federation identifier
This commit is contained in:
parent
7d5a3f1356
commit
4b3ec93fb3
|
@ -1,32 +1,71 @@
|
|||
from django.conf import settings
|
||||
import uuid
|
||||
|
||||
|
||||
from rest_framework.decorators import (api_view, authentication_classes,
|
||||
permission_classes)
|
||||
from rest_framework.authentication import (OAuth2Authentication,
|
||||
SessionAuthentication)
|
||||
from rest_framework.permissions import IsAuthenticated
|
||||
from rest_framework.response import Response
|
||||
|
||||
from provider.oauth2.views import Authorize
|
||||
from provider import scope
|
||||
|
||||
from authentic2.models import FederatedId
|
||||
|
||||
from . import forms, app_settings
|
||||
|
||||
@api_view(['GET'])
|
||||
__ALL_ = [ 'user_info', 'Authorize' ]
|
||||
|
||||
def add_targeted_id(request, data):
|
||||
'''Retrieve a targeted id for the user and this client, if none exist
|
||||
create one using a random UUID.
|
||||
'''
|
||||
if request.auth is not None:
|
||||
if hasattr(request.auth, 'client'):
|
||||
client = request.auth.client
|
||||
user = request.user
|
||||
fedid = FederatedId.objects.get_or_create_for_local_user_and_service(
|
||||
user, client,
|
||||
'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
|
||||
'urn:uuid:%s' % uuid.uuid4())
|
||||
data['targeted_id'] = fedid.id_value
|
||||
return data
|
||||
|
||||
def delete_targeted_id(request, data):
|
||||
'''Delete the targeted id'''
|
||||
if request.auth is not None:
|
||||
if hasattr(request.auth, 'client'):
|
||||
client = request.auth.client
|
||||
user = request.user
|
||||
qs = FederatedId.objects.for_local_user_and_service(
|
||||
user, client)
|
||||
qs.delete()
|
||||
|
||||
@api_view(['GET', 'DELETE'])
|
||||
@authentication_classes([OAuth2Authentication, SessionAuthentication])
|
||||
@permission_classes([IsAuthenticated])
|
||||
def user_info(request):
|
||||
user = request.user
|
||||
return Response({
|
||||
'username': user.username,
|
||||
'first_name': user.first_name,
|
||||
'last_name': user.last_name,
|
||||
'email': user.email,
|
||||
'display_name': user.get_full_name(),
|
||||
'role': user.groups.values_list('name', flat=True),
|
||||
})
|
||||
'''User info endpoint'''
|
||||
data = {}
|
||||
if request.user and request.user.is_authenticated():
|
||||
if request.method == 'GET':
|
||||
user = request.user
|
||||
data = {
|
||||
'username': user.username,
|
||||
'first_name': user.first_name,
|
||||
'last_name': user.last_name,
|
||||
'email': user.email,
|
||||
'display_name': user.get_full_name(),
|
||||
'role': user.groups.values_list('name', flat=True),
|
||||
}
|
||||
add_targeted_id(request, data)
|
||||
elif request.method == 'DELETE':
|
||||
delete_targeted_id(request, data)
|
||||
return Response(data)
|
||||
|
||||
class Authorize(Authorize):
|
||||
'''Overload the default Authorize view of django-oauth2-provider to permit
|
||||
automatic grant for some scopes and some clients
|
||||
'''
|
||||
def get_authorization_form(self, request, client, data, client_data):
|
||||
for url_prefix, scopes in app_settings.AUTOMATIC_GRANT:
|
||||
if client.url.startswith(url_prefix) and \
|
||||
|
|
Reference in New Issue