flows: separate final login step from flow executor

2020-05-09 23:19:36 +02:00
parent 0aad0604d8
commit c46f0781fc
11 changed files with 166 additions and 13 deletions
--- a/passbook/flows/migrations/0002_default_flows.py
+++ b/passbook/flows/migrations/0002_default_flows.py
@ -12,6 +12,9 @@ def create_default_flow(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
    Flow = apps.get_model("passbook_flows", "Flow")
    FlowStageBinding = apps.get_model("passbook_flows", "FlowStageBinding")
    PasswordStage = apps.get_model("passbook_stages_password", "PasswordStage")
+    LoginStage = apps.get_model(
+        "passbook_stages_login", "LoginStage"
+    )
    IdentificationStage = apps.get_model(
        "passbook_stages_identification", "IdentificationStage"
    )
@ -33,8 +36,12 @@ def create_default_flow(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
            name="password", backends=["django.contrib.auth.backends.ModelBackend"],
        )

+    if not LoginStage.objects.using(db_alias).exists():
+        LoginStage.objects.using(db_alias).create(name="authentication")
+
    ident_stage = IdentificationStage.objects.using(db_alias).first()
    pw_stage = PasswordStage.objects.using(db_alias).first()
+    login_stage = LoginStage.objects.using(db_alias).first()
    flow = Flow.objects.using(db_alias).create(
        name="default-authentication-flow",
        slug="default-authentication-flow",
@ -46,12 +53,16 @@ def create_default_flow(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
    FlowStageBinding.objects.using(db_alias).create(
        flow=flow, stage=pw_stage, order=1,
    )
+    FlowStageBinding.objects.using(db_alias).create(
+        flow=flow, stage=login_stage, order=2,
+    )


 class Migration(migrations.Migration):

    dependencies = [
        ("passbook_flows", "0001_initial"),
+        ("passbook_stages_login", "0001_initial"),
        ("passbook_stages_password", "0001_initial"),
        ("passbook_stages_identification", "0001_initial"),
    ]
--- a/passbook/flows/views.py
+++ b/passbook/flows/views.py
@ -1,7 +1,6 @@
 """passbook multi-stage authentication engine"""
 from typing import Optional

-from django.contrib.auth import login
 from django.http import HttpRequest, HttpResponse
 from django.shortcuts import get_object_or_404, redirect
 from django.views.generic import View
@ -27,7 +26,7 @@ class FlowExecutorView(View):

    flow: Flow

-    plan: FlowPlan
+    plan: Optional[FlowPlan] = None
    current_stage: Stage
    current_stage_view: View

@ -116,15 +115,6 @@ class FlowExecutorView(View):

    def _flow_done(self) -> HttpResponse:
        """User Successfully passed all stages"""
-        backend = self.plan.context[PLAN_CONTEXT_PENDING_USER].backend
-        login(
-            self.request, self.plan.context[PLAN_CONTEXT_PENDING_USER], backend=backend
-        )
-        LOGGER.debug(
-            "Logged in",
-            user=self.plan.context[PLAN_CONTEXT_PENDING_USER],
-            flow_slug=self.flow.slug,
-        )
        self.cancel()
        next_param = self.request.GET.get(NEXT_ARG_NAME, None)
        if next_param and not is_url_absolute(next_param):
@ -165,10 +155,9 @@ class FlowExecutorView(View):
        self.cancel()
        return redirect_with_qs("passbook_flows:denied", self.request.GET)

-    def cancel(self) -> HttpResponse:
+    def cancel(self):
        """Cancel current execution and return a redirect"""
        del self.request.session[SESSION_KEY_PLAN]
-        return redirect_with_qs("passbook_flows:denied", self.request.GET)


 class FlowPermissionDeniedView(PermissionDeniedView):