2018-11-16 08:10:35 +00:00
|
|
|
"""passbook OAuth2 Views"""
|
2018-11-25 11:31:55 +00:00
|
|
|
from logging import getLogger
|
2018-12-09 20:07:18 +00:00
|
|
|
from urllib.parse import urlencode
|
2018-11-16 12:08:37 +00:00
|
|
|
|
2018-11-25 19:39:09 +00:00
|
|
|
from django.http import Http404
|
2018-12-09 20:07:18 +00:00
|
|
|
from django.shortcuts import get_object_or_404, reverse
|
|
|
|
from django.utils.translation import ugettext as _
|
2018-11-25 11:31:55 +00:00
|
|
|
from oauth2_provider.views.base import AuthorizationView
|
2018-11-16 12:08:37 +00:00
|
|
|
|
2018-11-25 19:39:09 +00:00
|
|
|
from passbook.core.views.access import AccessMixin
|
2018-12-09 20:07:18 +00:00
|
|
|
from passbook.core.views.utils import LoadingView
|
2018-11-25 19:39:09 +00:00
|
|
|
from passbook.oauth_provider.models import OAuth2Provider
|
2018-11-16 12:08:37 +00:00
|
|
|
|
2018-11-25 11:31:55 +00:00
|
|
|
LOGGER = getLogger(__name__)
|
2018-11-16 12:08:37 +00:00
|
|
|
|
|
|
|
|
2018-12-09 20:07:18 +00:00
|
|
|
class PassbookAuthorizationLoadingView(LoadingView):
|
|
|
|
"""Show loading view for permission checks"""
|
|
|
|
|
|
|
|
title = _('Checking permissions...')
|
|
|
|
|
|
|
|
def get_url(self):
|
|
|
|
querystring = urlencode(self.request.GET)
|
|
|
|
return reverse('passbook_oauth_provider:oauth2-ok-authorize')+'?'+querystring
|
|
|
|
|
2018-11-25 19:39:09 +00:00
|
|
|
class PassbookAuthorizationView(AccessMixin, AuthorizationView):
|
2018-11-25 11:31:55 +00:00
|
|
|
"""Custom OAuth2 Authorization View which checks rules, etc"""
|
|
|
|
|
2018-11-25 19:39:09 +00:00
|
|
|
_application = None
|
|
|
|
|
|
|
|
def dispatch(self, request, *args, **kwargs):
|
|
|
|
"""Update OAuth2Provider's skip_authorization state"""
|
|
|
|
# Get client_id to get provider, so we can update skip_authorization field
|
|
|
|
client_id = request.GET.get('client_id')
|
|
|
|
provider = get_object_or_404(OAuth2Provider, client_id=client_id)
|
|
|
|
application = self.provider_to_application(provider)
|
|
|
|
# Update field here so oauth-toolkit does work for us
|
|
|
|
provider.skip_authorization = application.skip_authorization
|
|
|
|
provider.save()
|
|
|
|
self._application = application
|
|
|
|
# Check permissions
|
|
|
|
if not self.user_has_access(self._application, request.user):
|
|
|
|
# TODO: Create a general error class for access denied
|
|
|
|
raise Http404
|
2018-12-09 20:07:18 +00:00
|
|
|
actual_response = super().dispatch(request, *args, **kwargs)
|
|
|
|
if actual_response.status_code == 400:
|
|
|
|
LOGGER.debug(request.GET.get('redirect_uri'))
|
|
|
|
return actual_response
|
2018-11-25 19:39:09 +00:00
|
|
|
|
2018-11-25 11:31:55 +00:00
|
|
|
def render_to_response(self, context, **kwargs):
|
|
|
|
# Always set is_login to true for correct css class
|
|
|
|
context['is_login'] = True
|
|
|
|
return super().render_to_response(context, **kwargs)
|
|
|
|
|
2018-11-25 19:39:09 +00:00
|
|
|
def form_valid(self, form):
|
|
|
|
# User has clicked on "Authorize"
|
|
|
|
# TODO: Create Audit log entry
|
|
|
|
LOGGER.debug('user %s authorized %s', self.request.user, self._application)
|
|
|
|
return super().form_valid(form)
|