sources/oauth: directly call AuthorizedServiceBackend instead of authenticate()
This commit is contained in:
parent
cfc181eed1
commit
5644e57e6a
|
@ -1,24 +1,23 @@
|
|||
"""passbook oauth_client Authorization backend"""
|
||||
|
||||
from django.contrib.auth.backends import ModelBackend
|
||||
from django.db.models import Q
|
||||
from django.http import HttpRequest
|
||||
|
||||
from passbook.core.models import User
|
||||
from passbook.sources.oauth.models import OAuthSource, UserOAuthSourceConnection
|
||||
|
||||
|
||||
class AuthorizedServiceBackend(ModelBackend):
|
||||
"Authentication backend for users registered with remote OAuth provider."
|
||||
|
||||
def authenticate(self, request, source=None, identifier=None):
|
||||
def authenticate(
|
||||
self, request: HttpRequest, source: OAuthSource, identifier: str
|
||||
) -> User:
|
||||
"Fetch user for a given source by id."
|
||||
source_q = Q(source__name=source)
|
||||
if isinstance(source, OAuthSource):
|
||||
source_q = Q(source=source)
|
||||
try:
|
||||
access = UserOAuthSourceConnection.objects.filter(
|
||||
source_q, identifier=identifier
|
||||
).select_related("user")[0]
|
||||
except IndexError:
|
||||
return None
|
||||
else:
|
||||
return access.user
|
|
@ -1,9 +1,5 @@
|
|||
"""Oauth2 Client Settings"""
|
||||
|
||||
AUTHENTICATION_BACKENDS = [
|
||||
"passbook.sources.oauth.backends.AuthorizedServiceBackend",
|
||||
]
|
||||
|
||||
PASSBOOK_SOURCES_OAUTH_TYPES = [
|
||||
"passbook.sources.oauth.types.discord",
|
||||
"passbook.sources.oauth.types.facebook",
|
||||
|
|
|
@ -3,7 +3,6 @@ from typing import Any, Callable, Dict, Optional
|
|||
|
||||
from django.conf import settings
|
||||
from django.contrib import messages
|
||||
from django.contrib.auth import authenticate
|
||||
from django.contrib.auth.mixins import LoginRequiredMixin
|
||||
from django.http import Http404, HttpRequest, HttpResponse
|
||||
from django.shortcuts import get_object_or_404, redirect, render
|
||||
|
@ -22,6 +21,7 @@ from passbook.flows.planner import (
|
|||
)
|
||||
from passbook.flows.views import SESSION_KEY_PLAN
|
||||
from passbook.lib.utils.urls import redirect_with_qs
|
||||
from passbook.sources.oauth.auth import AuthorizedServiceBackend
|
||||
from passbook.sources.oauth.clients import BaseOAuthClient, get_client
|
||||
from passbook.sources.oauth.models import OAuthSource, UserOAuthSourceConnection
|
||||
from passbook.stages.password.stage import PLAN_CONTEXT_AUTHENTICATION_BACKEND
|
||||
|
@ -134,7 +134,7 @@ class OAuthCallback(OAuthClientMixin, View):
|
|||
identifier=identifier,
|
||||
access_token=token.get("access_token"),
|
||||
)
|
||||
user = authenticate(
|
||||
user = AuthorizedServiceBackend().authenticate(
|
||||
source=self.source, identifier=identifier, request=request
|
||||
)
|
||||
if user is None:
|
||||
|
@ -181,7 +181,8 @@ class OAuthCallback(OAuthClientMixin, View):
|
|||
self.request,
|
||||
{
|
||||
PLAN_CONTEXT_PENDING_USER: user,
|
||||
PLAN_CONTEXT_AUTHENTICATION_BACKEND: user.backend,
|
||||
# Since we authenticate the user by their token, they have no backend set
|
||||
PLAN_CONTEXT_AUTHENTICATION_BACKEND: "django.contrib.auth.backends.ModelBackend",
|
||||
PLAN_CONTEXT_SSO: True,
|
||||
},
|
||||
)
|
||||
|
@ -206,7 +207,7 @@ class OAuthCallback(OAuthClientMixin, View):
|
|||
% {"source": self.source.name}
|
||||
),
|
||||
)
|
||||
user = authenticate(
|
||||
user = AuthorizedServiceBackend().authenticate(
|
||||
source=access.source, identifier=access.identifier, request=self.request
|
||||
)
|
||||
return self.handle_login_flow(source.authentication_flow, user)
|
||||
|
@ -249,7 +250,7 @@ class OAuthCallback(OAuthClientMixin, View):
|
|||
)
|
||||
)
|
||||
# User was not authenticated, new user has been created
|
||||
user = authenticate(
|
||||
user = AuthorizedServiceBackend().authenticate(
|
||||
source=access.source, identifier=access.identifier, request=self.request
|
||||
)
|
||||
messages.success(
|
||||
|
|
Reference in a new issue