From 5644e57e6ae62a2cd9b98afea37f6226d7f8c27e Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 7 Jul 2020 21:47:07 +0200 Subject: [PATCH] sources/oauth: directly call AuthorizedServiceBackend instead of authenticate() --- .../sources/oauth/{backends.py => auth.py} | 19 +++++++++---------- passbook/sources/oauth/settings.py | 4 ---- passbook/sources/oauth/views/core.py | 11 ++++++----- 3 files changed, 15 insertions(+), 19 deletions(-) rename passbook/sources/oauth/{backends.py => auth.py} (59%) diff --git a/passbook/sources/oauth/backends.py b/passbook/sources/oauth/auth.py similarity index 59% rename from passbook/sources/oauth/backends.py rename to passbook/sources/oauth/auth.py index ee5d0a8a0..fb2445d89 100644 --- a/passbook/sources/oauth/backends.py +++ b/passbook/sources/oauth/auth.py @@ -1,24 +1,23 @@ """passbook oauth_client Authorization backend""" - from django.contrib.auth.backends import ModelBackend from django.db.models import Q +from django.http import HttpRequest +from passbook.core.models import User from passbook.sources.oauth.models import OAuthSource, UserOAuthSourceConnection class AuthorizedServiceBackend(ModelBackend): "Authentication backend for users registered with remote OAuth provider." - def authenticate(self, request, source=None, identifier=None): + def authenticate( + self, request: HttpRequest, source: OAuthSource, identifier: str + ) -> User: "Fetch user for a given source by id." source_q = Q(source__name=source) if isinstance(source, OAuthSource): source_q = Q(source=source) - try: - access = UserOAuthSourceConnection.objects.filter( - source_q, identifier=identifier - ).select_related("user")[0] - except IndexError: - return None - else: - return access.user + access = UserOAuthSourceConnection.objects.filter( + source_q, identifier=identifier + ).select_related("user")[0] + return access.user diff --git a/passbook/sources/oauth/settings.py b/passbook/sources/oauth/settings.py index 9678ee92e..0fd524a72 100644 --- a/passbook/sources/oauth/settings.py +++ b/passbook/sources/oauth/settings.py @@ -1,9 +1,5 @@ """Oauth2 Client Settings""" -AUTHENTICATION_BACKENDS = [ - "passbook.sources.oauth.backends.AuthorizedServiceBackend", -] - PASSBOOK_SOURCES_OAUTH_TYPES = [ "passbook.sources.oauth.types.discord", "passbook.sources.oauth.types.facebook", diff --git a/passbook/sources/oauth/views/core.py b/passbook/sources/oauth/views/core.py index 604c8abcb..4cebf7431 100644 --- a/passbook/sources/oauth/views/core.py +++ b/passbook/sources/oauth/views/core.py @@ -3,7 +3,6 @@ from typing import Any, Callable, Dict, Optional from django.conf import settings from django.contrib import messages -from django.contrib.auth import authenticate from django.contrib.auth.mixins import LoginRequiredMixin from django.http import Http404, HttpRequest, HttpResponse from django.shortcuts import get_object_or_404, redirect, render @@ -22,6 +21,7 @@ from passbook.flows.planner import ( ) from passbook.flows.views import SESSION_KEY_PLAN from passbook.lib.utils.urls import redirect_with_qs +from passbook.sources.oauth.auth import AuthorizedServiceBackend from passbook.sources.oauth.clients import BaseOAuthClient, get_client from passbook.sources.oauth.models import OAuthSource, UserOAuthSourceConnection from passbook.stages.password.stage import PLAN_CONTEXT_AUTHENTICATION_BACKEND @@ -134,7 +134,7 @@ class OAuthCallback(OAuthClientMixin, View): identifier=identifier, access_token=token.get("access_token"), ) - user = authenticate( + user = AuthorizedServiceBackend().authenticate( source=self.source, identifier=identifier, request=request ) if user is None: @@ -181,7 +181,8 @@ class OAuthCallback(OAuthClientMixin, View): self.request, { PLAN_CONTEXT_PENDING_USER: user, - PLAN_CONTEXT_AUTHENTICATION_BACKEND: user.backend, + # Since we authenticate the user by their token, they have no backend set + PLAN_CONTEXT_AUTHENTICATION_BACKEND: "django.contrib.auth.backends.ModelBackend", PLAN_CONTEXT_SSO: True, }, ) @@ -206,7 +207,7 @@ class OAuthCallback(OAuthClientMixin, View): % {"source": self.source.name} ), ) - user = authenticate( + user = AuthorizedServiceBackend().authenticate( source=access.source, identifier=access.identifier, request=self.request ) return self.handle_login_flow(source.authentication_flow, user) @@ -249,7 +250,7 @@ class OAuthCallback(OAuthClientMixin, View): ) ) # User was not authenticated, new user has been created - user = authenticate( + user = AuthorizedServiceBackend().authenticate( source=access.source, identifier=access.identifier, request=self.request ) messages.success(