-
-
Notifications
You must be signed in to change notification settings - Fork 102
/
views.py
156 lines (128 loc) · 5.19 KB
/
views.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
import base64
import logging
from django.conf import settings as django_settings
from django.contrib.auth import authenticate, login, logout
from django.shortcuts import redirect
try:
from django.utils.http import url_has_allowed_host_and_scheme
except ImportError:
# Django <3.0
from django.utils.http import is_safe_url as url_has_allowed_host_and_scheme
from django.views.generic import View
from django_auth_adfs.config import provider_config, settings
from django_auth_adfs.exceptions import MFARequired
logger = logging.getLogger("django_auth_adfs")
class OAuth2CallbackView(View):
def get(self, request):
"""
Handles the redirect from ADFS to our site.
We try to process the passed authorization code and login the user.
Args:
request (django.http.request.HttpRequest): A Django Request object
"""
code = request.GET.get("code")
if not code:
# Return an error message
return settings.CUSTOM_FAILED_RESPONSE_VIEW(
request,
error_message="No authorization code was provided.",
status=400
)
redirect_to = request.GET.get("state")
try:
user = authenticate(request=request, authorization_code=code)
except MFARequired:
return redirect(provider_config.build_authorization_endpoint(request, force_mfa=True))
if user:
if user.is_active:
login(request, user)
# Redirect to the "after login" page.
# Because we got redirected from ADFS, we can't know where the
# user came from.
if redirect_to:
redirect_to = base64.urlsafe_b64decode(redirect_to.encode()).decode()
else:
redirect_to = django_settings.LOGIN_REDIRECT_URL
url_is_safe = url_has_allowed_host_and_scheme(
url=redirect_to,
allowed_hosts=[request.get_host()],
require_https=request.is_secure(),
)
redirect_to = redirect_to if url_is_safe else '/'
return redirect(redirect_to)
else:
# Return a 'disabled account' error message
return settings.CUSTOM_FAILED_RESPONSE_VIEW(
request,
error_message="Your account is disabled.",
status=403
)
else:
# Return an 'invalid login' error message
return settings.CUSTOM_FAILED_RESPONSE_VIEW(
request,
error_message="Login failed.",
status=401
)
class OAuth2LoginView(View):
def get(self, request):
"""
Initiates the OAuth2 flow and redirect the user agent to ADFS
Args:
request (django.http.request.HttpRequest): A Django Request object
"""
return redirect(provider_config.build_authorization_endpoint(request))
def post(self, request):
"""
Initiates the OAuth2 flow and redirect the user agent to ADFS
Args:
request (django.http.request.HttpRequest): A Django Request object
"""
return redirect(provider_config.build_authorization_endpoint(request))
class OAuth2LoginNoSSOView(View):
def get(self, request):
"""
Initiates the OAuth2 flow and redirect the user agent to ADFS
Args:
request (django.http.request.HttpRequest): A Django Request object
"""
return redirect(provider_config.build_authorization_endpoint(request, disable_sso=True))
def post(self, request):
"""
Initiates the OAuth2 flow and redirect the user agent to ADFS
Args:
request (django.http.request.HttpRequest): A Django Request object
"""
return redirect(provider_config.build_authorization_endpoint(request, disable_sso=True))
class OAuth2LoginForceMFA(View):
def get(self, request):
"""
Initiates the OAuth2 flow and redirect the user agent to ADFS
Args:
request (django.http.request.HttpRequest): A Django Request object
"""
return redirect(provider_config.build_authorization_endpoint(request, force_mfa=True))
def post(self, request):
"""
Initiates the OAuth2 flow and redirect the user agent to ADFS
Args:
request (django.http.request.HttpRequest): A Django Request object
"""
return redirect(provider_config.build_authorization_endpoint(request, force_mfa=True))
class OAuth2LogoutView(View):
def get(self, request):
"""
Logs out the user from both Django and ADFS
Args:
request (django.http.request.HttpRequest): A Django Request object
"""
logout(request)
return redirect(provider_config.build_end_session_endpoint())
def post(self, request):
"""
Logs out the user from both Django and ADFS
Args:
request (django.http.request.HttpRequest): A Django Request object
"""
logout(request)
return redirect(provider_config.build_end_session_endpoint())