*(minor): small refactor
This commit is contained in:
Langhammer, Jens
0
passbook/providers/oauth/views/__init__.py
Normal file
0
passbook/providers/oauth/views/__init__.py
Normal file
63
passbook/providers/oauth/views/github.py
Normal file
63
passbook/providers/oauth/views/github.py
Normal file
@ -0,0 +1,63 @@
|
||||
"""passbook pretend GitHub Views"""
|
||||
from django.http import JsonResponse
|
||||
from django.shortcuts import get_object_or_404
|
||||
from django.views import View
|
||||
from oauth2_provider.models import AccessToken
|
||||
|
||||
|
||||
class GitHubUserView(View):
|
||||
"""Emulate GitHub's /user API Endpoint"""
|
||||
|
||||
def verify_access_token(self):
|
||||
"""Verify access token manually since github uses /user?access_token=..."""
|
||||
token = get_object_or_404(AccessToken, token=self.request.GET.get('access_token', ''))
|
||||
return token.user
|
||||
|
||||
def get(self, request):
|
||||
"""Emulate GitHub's /user API Endpoint"""
|
||||
user = self.verify_access_token()
|
||||
return JsonResponse({
|
||||
"login": user.username,
|
||||
"id": user.pk,
|
||||
"node_id": "",
|
||||
"avatar_url": "",
|
||||
"gravatar_id": "",
|
||||
"url": "",
|
||||
"html_url": "",
|
||||
"followers_url": "",
|
||||
"following_url": "",
|
||||
"gists_url": "",
|
||||
"starred_url": "",
|
||||
"subscriptions_url": "",
|
||||
"organizations_url": "",
|
||||
"repos_url": "",
|
||||
"events_url": "",
|
||||
"received_events_url": "",
|
||||
"type": "User",
|
||||
"site_admin": False,
|
||||
"name": user.name,
|
||||
"company": "",
|
||||
"blog": "",
|
||||
"location": "",
|
||||
"email": user.email,
|
||||
"hireable": False,
|
||||
"bio": "",
|
||||
"public_repos": 0,
|
||||
"public_gists": 0,
|
||||
"followers": 0,
|
||||
"following": 0,
|
||||
"created_at": user.date_joined,
|
||||
"updated_at": user.date_joined,
|
||||
"private_gists": 0,
|
||||
"total_private_repos": 0,
|
||||
"owned_private_repos": 0,
|
||||
"disk_usage": 0,
|
||||
"collaborators": 0,
|
||||
"two_factor_authentication": True,
|
||||
"plan": {
|
||||
"name": "None",
|
||||
"space": 0,
|
||||
"private_repos": 0,
|
||||
"collaborators": 0
|
||||
}
|
||||
})
|
||||
85
passbook/providers/oauth/views/oauth2.py
Normal file
85
passbook/providers/oauth/views/oauth2.py
Normal file
@ -0,0 +1,85 @@
|
||||
"""passbook OAuth2 Views"""
|
||||
from urllib.parse import urlencode
|
||||
|
||||
from django.contrib import messages
|
||||
from django.contrib.auth.mixins import LoginRequiredMixin
|
||||
from django.shortcuts import get_object_or_404, redirect, reverse
|
||||
from django.utils.translation import ugettext as _
|
||||
from oauth2_provider.views.base import AuthorizationView
|
||||
from structlog import get_logger
|
||||
|
||||
from passbook.audit.models import AuditEntry
|
||||
from passbook.core.models import Application
|
||||
from passbook.core.views.access import AccessMixin
|
||||
from passbook.core.views.utils import LoadingView, PermissionDeniedView
|
||||
from passbook.providers.oauth.models import OAuth2Provider
|
||||
|
||||
LOGGER = get_logger()
|
||||
|
||||
|
||||
class PassbookAuthorizationLoadingView(LoginRequiredMixin, LoadingView):
|
||||
"""Show loading view for permission checks"""
|
||||
|
||||
title = _('Checking permissions...')
|
||||
|
||||
def get_url(self):
|
||||
querystring = urlencode(self.request.GET)
|
||||
return reverse('passbook_providers_oauth:oauth2-ok-authorize')+'?'+querystring
|
||||
|
||||
|
||||
class OAuthPermissionDenied(PermissionDeniedView):
|
||||
"""Show permission denied view"""
|
||||
|
||||
|
||||
class PassbookAuthorizationView(AccessMixin, AuthorizationView):
|
||||
"""Custom OAuth2 Authorization View which checks policies, etc"""
|
||||
|
||||
_application = None
|
||||
|
||||
def _inject_response_type(self):
|
||||
"""Inject response_type into querystring if not set"""
|
||||
LOGGER.debug("response_type not set, defaulting to 'code'")
|
||||
querystring = urlencode(self.request.GET)
|
||||
querystring += '&response_type=code'
|
||||
return redirect(reverse('passbook_providers_oauth:oauth2-ok-authorize') + '?' + querystring)
|
||||
|
||||
def dispatch(self, request, *args, **kwargs):
|
||||
"""Update OAuth2Provider's skip_authorization state"""
|
||||
# Get client_id to get provider, so we can update skip_authorization field
|
||||
client_id = request.GET.get('client_id')
|
||||
provider = get_object_or_404(OAuth2Provider, client_id=client_id)
|
||||
try:
|
||||
application = self.provider_to_application(provider)
|
||||
except Application.DoesNotExist:
|
||||
return redirect('passbook_providers_oauth:oauth2-permission-denied')
|
||||
# Update field here so oauth-toolkit does work for us
|
||||
provider.skip_authorization = application.skip_authorization
|
||||
provider.save()
|
||||
self._application = application
|
||||
# Check permissions
|
||||
passing, policy_messages = self.user_has_access(self._application, request.user)
|
||||
if not passing:
|
||||
for policy_message in policy_messages:
|
||||
messages.error(request, policy_message)
|
||||
return redirect('passbook_providers_oauth:oauth2-permission-denied')
|
||||
# Some clients don't pass response_type, so we default to code
|
||||
if 'response_type' not in request.GET:
|
||||
return self._inject_response_type()
|
||||
actual_response = super().dispatch(request, *args, **kwargs)
|
||||
if actual_response.status_code == 400:
|
||||
LOGGER.debug(request.GET.get('redirect_uri'))
|
||||
return actual_response
|
||||
|
||||
def render_to_response(self, context, **kwargs):
|
||||
# Always set is_login to true for correct css class
|
||||
context['is_login'] = True
|
||||
return super().render_to_response(context, **kwargs)
|
||||
|
||||
def form_valid(self, form):
|
||||
# User has clicked on "Authorize"
|
||||
AuditEntry.create(
|
||||
action=AuditEntry.ACTION_AUTHORIZE_APPLICATION,
|
||||
request=self.request,
|
||||
app=str(self._application))
|
||||
LOGGER.debug('user %s authorized %s', self.request.user, self._application)
|
||||
return super().form_valid(form)
|
||||
Reference in New Issue
Block a user