providers/oauth2: use @method_decorator instead of decorating in urls
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
5026cebf02
commit
a407334d3b
|
@ -1,10 +1,7 @@
|
|||
"""OAuth provider URLs"""
|
||||
from django.urls import path
|
||||
from django.views.decorators.csrf import csrf_exempt
|
||||
from django.views.generic.base import RedirectView
|
||||
|
||||
from authentik.providers.oauth2.constants import SCOPE_OPENID
|
||||
from authentik.providers.oauth2.utils import protected_resource_view
|
||||
from authentik.providers.oauth2.views.authorize import AuthorizationFlowInitView
|
||||
from authentik.providers.oauth2.views.introspection import TokenIntrospectionView
|
||||
from authentik.providers.oauth2.views.jwks import JWKSView
|
||||
|
@ -19,20 +16,20 @@ urlpatterns = [
|
|||
AuthorizationFlowInitView.as_view(),
|
||||
name="authorize",
|
||||
),
|
||||
path("token/", csrf_exempt(TokenView.as_view()), name="token"),
|
||||
path("token/", TokenView.as_view(), name="token"),
|
||||
path(
|
||||
"userinfo/",
|
||||
csrf_exempt(protected_resource_view([SCOPE_OPENID])(UserInfoView.as_view())),
|
||||
UserInfoView.as_view(),
|
||||
name="userinfo",
|
||||
),
|
||||
path(
|
||||
"introspect/",
|
||||
csrf_exempt(TokenIntrospectionView.as_view()),
|
||||
TokenIntrospectionView.as_view(),
|
||||
name="token-introspection",
|
||||
),
|
||||
path(
|
||||
"revoke/",
|
||||
csrf_exempt(TokenRevokeView.as_view()),
|
||||
TokenRevokeView.as_view(),
|
||||
name="token-revoke",
|
||||
),
|
||||
path(
|
||||
|
|
|
@ -1,9 +1,6 @@
|
|||
"""authentik oauth_provider urls"""
|
||||
from django.urls import include, path
|
||||
from django.views.decorators.csrf import csrf_exempt
|
||||
|
||||
from authentik.providers.oauth2.constants import SCOPE_GITHUB_ORG_READ, SCOPE_GITHUB_USER_EMAIL
|
||||
from authentik.providers.oauth2.utils import protected_resource_view
|
||||
from authentik.providers.oauth2.views.authorize import AuthorizationFlowInitView
|
||||
from authentik.providers.oauth2.views.github import GitHubUserTeamsView, GitHubUserView
|
||||
from authentik.providers.oauth2.views.token import TokenView
|
||||
|
@ -16,19 +13,17 @@ github_urlpatterns = [
|
|||
),
|
||||
path(
|
||||
"login/oauth/access_token",
|
||||
csrf_exempt(TokenView.as_view()),
|
||||
TokenView.as_view(),
|
||||
name="github-access-token",
|
||||
),
|
||||
path(
|
||||
"user",
|
||||
csrf_exempt(protected_resource_view([SCOPE_GITHUB_USER_EMAIL])(GitHubUserView.as_view())),
|
||||
GitHubUserView.as_view(),
|
||||
name="github-user",
|
||||
),
|
||||
path(
|
||||
"user/teams",
|
||||
csrf_exempt(
|
||||
protected_resource_view([SCOPE_GITHUB_ORG_READ])(GitHubUserTeamsView.as_view())
|
||||
),
|
||||
GitHubUserTeamsView.as_view(),
|
||||
name="github-user-teams",
|
||||
),
|
||||
]
|
||||
|
|
|
@ -1,12 +1,18 @@
|
|||
"""authentik pretend GitHub Views"""
|
||||
|
||||
from django.http import HttpRequest, HttpResponse, JsonResponse
|
||||
from django.utils.decorators import method_decorator
|
||||
from django.utils.text import slugify
|
||||
from django.views import View
|
||||
from django.views.decorators.csrf import csrf_exempt
|
||||
|
||||
from authentik.providers.oauth2.constants import SCOPE_GITHUB_ORG_READ, SCOPE_GITHUB_USER_EMAIL
|
||||
from authentik.providers.oauth2.models import RefreshToken
|
||||
from authentik.providers.oauth2.utils import protected_resource_view
|
||||
|
||||
|
||||
@method_decorator(csrf_exempt, name="dispatch")
|
||||
@method_decorator(protected_resource_view([SCOPE_GITHUB_USER_EMAIL]), name="dispatch")
|
||||
class GitHubUserView(View):
|
||||
"""Emulate GitHub's /user API Endpoint"""
|
||||
|
||||
|
@ -62,6 +68,8 @@ class GitHubUserView(View):
|
|||
)
|
||||
|
||||
|
||||
@method_decorator(csrf_exempt, name="dispatch")
|
||||
@method_decorator(protected_resource_view([SCOPE_GITHUB_ORG_READ]), name="dispatch")
|
||||
class GitHubUserTeamsView(View):
|
||||
"""Emulate GitHub's /user/teams API Endpoint"""
|
||||
|
||||
|
|
|
@ -2,7 +2,9 @@
|
|||
from dataclasses import dataclass, field
|
||||
|
||||
from django.http import HttpRequest, HttpResponse
|
||||
from django.utils.decorators import method_decorator
|
||||
from django.views import View
|
||||
from django.views.decorators.csrf import csrf_exempt
|
||||
from structlog.stdlib import get_logger
|
||||
|
||||
from authentik.providers.oauth2.errors import TokenIntrospectionError
|
||||
|
@ -59,6 +61,7 @@ class TokenIntrospectionParams:
|
|||
return TokenIntrospectionParams(token=token, provider=provider)
|
||||
|
||||
|
||||
@method_decorator(csrf_exempt, name="dispatch")
|
||||
class TokenIntrospectionView(View):
|
||||
"""Token Introspection
|
||||
https://tools.ietf.org/html/rfc7662"""
|
||||
|
|
|
@ -7,8 +7,10 @@ from re import fullmatch
|
|||
from typing import Any, Optional
|
||||
|
||||
from django.http import HttpRequest, HttpResponse
|
||||
from django.utils.decorators import method_decorator
|
||||
from django.utils.timezone import datetime, now
|
||||
from django.views import View
|
||||
from django.views.decorators.csrf import csrf_exempt
|
||||
from jwt import PyJWK, PyJWTError, decode
|
||||
from sentry_sdk.hub import Hub
|
||||
from structlog.stdlib import get_logger
|
||||
|
@ -364,6 +366,7 @@ class TokenParams:
|
|||
self.user.save()
|
||||
|
||||
|
||||
@method_decorator(csrf_exempt, name="dispatch")
|
||||
class TokenView(View):
|
||||
"""Generate tokens for clients"""
|
||||
|
||||
|
|
|
@ -2,7 +2,9 @@
|
|||
from dataclasses import dataclass
|
||||
|
||||
from django.http import Http404, HttpRequest, HttpResponse
|
||||
from django.utils.decorators import method_decorator
|
||||
from django.views import View
|
||||
from django.views.decorators.csrf import csrf_exempt
|
||||
from structlog.stdlib import get_logger
|
||||
|
||||
from authentik.providers.oauth2.errors import TokenRevocationError
|
||||
|
@ -43,6 +45,7 @@ class TokenRevocationParams:
|
|||
return TokenRevocationParams(token=token, provider=provider)
|
||||
|
||||
|
||||
@method_decorator(csrf_exempt, name="dispatch")
|
||||
class TokenRevokeView(View):
|
||||
"""Token revoke endpoint
|
||||
https://datatracker.ietf.org/doc/html/rfc7009"""
|
||||
|
|
|
@ -4,8 +4,10 @@ from typing import Any, Optional
|
|||
from deepmerge import always_merger
|
||||
from django.http import HttpRequest, HttpResponse
|
||||
from django.http.response import HttpResponseBadRequest
|
||||
from django.utils.decorators import method_decorator
|
||||
from django.utils.translation import gettext_lazy as _
|
||||
from django.views import View
|
||||
from django.views.decorators.csrf import csrf_exempt
|
||||
from structlog.stdlib import get_logger
|
||||
|
||||
from authentik.core.exceptions import PropertyMappingExpressionException
|
||||
|
@ -17,13 +19,16 @@ from authentik.providers.oauth2.constants import (
|
|||
SCOPE_GITHUB_USER,
|
||||
SCOPE_GITHUB_USER_EMAIL,
|
||||
SCOPE_GITHUB_USER_READ,
|
||||
SCOPE_OPENID,
|
||||
)
|
||||
from authentik.providers.oauth2.models import RefreshToken, ScopeMapping
|
||||
from authentik.providers.oauth2.utils import TokenResponse, cors_allow
|
||||
from authentik.providers.oauth2.utils import TokenResponse, cors_allow, protected_resource_view
|
||||
|
||||
LOGGER = get_logger()
|
||||
|
||||
|
||||
@method_decorator(csrf_exempt, name="dispatch")
|
||||
@method_decorator(protected_resource_view([SCOPE_OPENID]), name="dispatch")
|
||||
class UserInfoView(View):
|
||||
"""Create a dictionary with all the requested claims about the End-User.
|
||||
See: http://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse"""
|
||||
|
|
Reference in a new issue