providers/oauth2: use @method_decorator instead of decorating in urls

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-09-10 13:26:17 +02:00
parent 5026cebf02
commit a407334d3b
7 changed files with 30 additions and 16 deletions

View file

@ -1,10 +1,7 @@
"""OAuth provider URLs"""
from django.urls import path
from django.views.decorators.csrf import csrf_exempt
from django.views.generic.base import RedirectView
from authentik.providers.oauth2.constants import SCOPE_OPENID
from authentik.providers.oauth2.utils import protected_resource_view
from authentik.providers.oauth2.views.authorize import AuthorizationFlowInitView
from authentik.providers.oauth2.views.introspection import TokenIntrospectionView
from authentik.providers.oauth2.views.jwks import JWKSView
@ -19,20 +16,20 @@ urlpatterns = [
AuthorizationFlowInitView.as_view(),
name="authorize",
),
path("token/", csrf_exempt(TokenView.as_view()), name="token"),
path("token/", TokenView.as_view(), name="token"),
path(
"userinfo/",
csrf_exempt(protected_resource_view([SCOPE_OPENID])(UserInfoView.as_view())),
UserInfoView.as_view(),
name="userinfo",
),
path(
"introspect/",
csrf_exempt(TokenIntrospectionView.as_view()),
TokenIntrospectionView.as_view(),
name="token-introspection",
),
path(
"revoke/",
csrf_exempt(TokenRevokeView.as_view()),
TokenRevokeView.as_view(),
name="token-revoke",
),
path(

View file

@ -1,9 +1,6 @@
"""authentik oauth_provider urls"""
from django.urls import include, path
from django.views.decorators.csrf import csrf_exempt
from authentik.providers.oauth2.constants import SCOPE_GITHUB_ORG_READ, SCOPE_GITHUB_USER_EMAIL
from authentik.providers.oauth2.utils import protected_resource_view
from authentik.providers.oauth2.views.authorize import AuthorizationFlowInitView
from authentik.providers.oauth2.views.github import GitHubUserTeamsView, GitHubUserView
from authentik.providers.oauth2.views.token import TokenView
@ -16,19 +13,17 @@ github_urlpatterns = [
),
path(
"login/oauth/access_token",
csrf_exempt(TokenView.as_view()),
TokenView.as_view(),
name="github-access-token",
),
path(
"user",
csrf_exempt(protected_resource_view([SCOPE_GITHUB_USER_EMAIL])(GitHubUserView.as_view())),
GitHubUserView.as_view(),
name="github-user",
),
path(
"user/teams",
csrf_exempt(
protected_resource_view([SCOPE_GITHUB_ORG_READ])(GitHubUserTeamsView.as_view())
),
GitHubUserTeamsView.as_view(),
name="github-user-teams",
),
]

View file

@ -1,12 +1,18 @@
"""authentik pretend GitHub Views"""
from django.http import HttpRequest, HttpResponse, JsonResponse
from django.utils.decorators import method_decorator
from django.utils.text import slugify
from django.views import View
from django.views.decorators.csrf import csrf_exempt
from authentik.providers.oauth2.constants import SCOPE_GITHUB_ORG_READ, SCOPE_GITHUB_USER_EMAIL
from authentik.providers.oauth2.models import RefreshToken
from authentik.providers.oauth2.utils import protected_resource_view
@method_decorator(csrf_exempt, name="dispatch")
@method_decorator(protected_resource_view([SCOPE_GITHUB_USER_EMAIL]), name="dispatch")
class GitHubUserView(View):
"""Emulate GitHub's /user API Endpoint"""
@ -62,6 +68,8 @@ class GitHubUserView(View):
)
@method_decorator(csrf_exempt, name="dispatch")
@method_decorator(protected_resource_view([SCOPE_GITHUB_ORG_READ]), name="dispatch")
class GitHubUserTeamsView(View):
"""Emulate GitHub's /user/teams API Endpoint"""

View file

@ -2,7 +2,9 @@
from dataclasses import dataclass, field
from django.http import HttpRequest, HttpResponse
from django.utils.decorators import method_decorator
from django.views import View
from django.views.decorators.csrf import csrf_exempt
from structlog.stdlib import get_logger
from authentik.providers.oauth2.errors import TokenIntrospectionError
@ -59,6 +61,7 @@ class TokenIntrospectionParams:
return TokenIntrospectionParams(token=token, provider=provider)
@method_decorator(csrf_exempt, name="dispatch")
class TokenIntrospectionView(View):
"""Token Introspection
https://tools.ietf.org/html/rfc7662"""

View file

@ -7,8 +7,10 @@ from re import fullmatch
from typing import Any, Optional
from django.http import HttpRequest, HttpResponse
from django.utils.decorators import method_decorator
from django.utils.timezone import datetime, now
from django.views import View
from django.views.decorators.csrf import csrf_exempt
from jwt import PyJWK, PyJWTError, decode
from sentry_sdk.hub import Hub
from structlog.stdlib import get_logger
@ -364,6 +366,7 @@ class TokenParams:
self.user.save()
@method_decorator(csrf_exempt, name="dispatch")
class TokenView(View):
"""Generate tokens for clients"""

View file

@ -2,7 +2,9 @@
from dataclasses import dataclass
from django.http import Http404, HttpRequest, HttpResponse
from django.utils.decorators import method_decorator
from django.views import View
from django.views.decorators.csrf import csrf_exempt
from structlog.stdlib import get_logger
from authentik.providers.oauth2.errors import TokenRevocationError
@ -43,6 +45,7 @@ class TokenRevocationParams:
return TokenRevocationParams(token=token, provider=provider)
@method_decorator(csrf_exempt, name="dispatch")
class TokenRevokeView(View):
"""Token revoke endpoint
https://datatracker.ietf.org/doc/html/rfc7009"""

View file

@ -4,8 +4,10 @@ from typing import Any, Optional
from deepmerge import always_merger
from django.http import HttpRequest, HttpResponse
from django.http.response import HttpResponseBadRequest
from django.utils.decorators import method_decorator
from django.utils.translation import gettext_lazy as _
from django.views import View
from django.views.decorators.csrf import csrf_exempt
from structlog.stdlib import get_logger
from authentik.core.exceptions import PropertyMappingExpressionException
@ -17,13 +19,16 @@ from authentik.providers.oauth2.constants import (
SCOPE_GITHUB_USER,
SCOPE_GITHUB_USER_EMAIL,
SCOPE_GITHUB_USER_READ,
SCOPE_OPENID,
)
from authentik.providers.oauth2.models import RefreshToken, ScopeMapping
from authentik.providers.oauth2.utils import TokenResponse, cors_allow
from authentik.providers.oauth2.utils import TokenResponse, cors_allow, protected_resource_view
LOGGER = get_logger()
@method_decorator(csrf_exempt, name="dispatch")
@method_decorator(protected_resource_view([SCOPE_OPENID]), name="dispatch")
class UserInfoView(View):
"""Create a dictionary with all the requested claims about the End-User.
See: http://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse"""