django-orchestra/orchestra/views.py

import json
import requests
from django.apps import apps
from django.conf import settings
from django.http import Http404, JsonResponse
from django.contrib.admin.utils import unquote
from django.core.exceptions import PermissionDenied
from django.shortcuts import get_object_or_404
from django.views.static import serve
from django.views.decorators.csrf import csrf_exempt
from rest_framework.authtoken.models import Token
from orchestra.contrib.accounts.models import Account


def serve_private_media(request, app_label, model_name, field_name, object_id, filename):
    model = apps.get_model(app_label, model_name)
    if model is None:
        raise Http404('')
    instance = get_object_or_404(model, pk=unquote(object_id))
    if not hasattr(instance, field_name):
        raise Http404('')
    field = getattr(instance, field_name)
    if field.condition(request, instance):
        return serve(request, field.name, document_root=field.storage.location)
    else:
        raise PermissionDenied()


def get_user_info(token):
    # domain = settings.OIDC_PROVIDER.strip("/")
    domain = "https://idp.demo.pangea.org"
    url = f"{domain}/application/o/userinfo/"
    access_token = token['access_token']
    token_type = token.get('token_type', 'Bearer')
    headers = {"Authorization": f"{token_type} {access_token}"}
    msg = requests.get(url, headers=headers)
    userinfo = json.loads(msg.text)
    username = userinfo.get('username')
    return username


@csrf_exempt
def obtain_auth_token_v2(request):
    oidc_token = request.POST.get('token')
    if not oidc_token:
        raise PermissionDenied()
    oidc_token = json.loads(oidc_token)

    username = get_user_info(oidc_token)
    users = Account.objects.filter(username=username)
    if not users:
        raise PermissionDenied()

    user = users[0]
    token = Token.objects.get_or_create(user=user)
    if len(token) == 2:
        return JsonResponse({"token": token[0].key})