From c6adf1ca4181f065a6bb293c28ba976d917e888b Mon Sep 17 00:00:00 2001 From: Christian Cueni Date: Mon, 4 Apr 2022 16:33:42 +0200 Subject: [PATCH] Fix sso --- server/config/settings/base.py | 11 +++++++---- server/config/urls.py | 1 + server/vbv_lernwelt/sso/urls.py | 8 +++----- server/vbv_lernwelt/sso/views.py | 8 +++++--- 4 files changed, 16 insertions(+), 12 deletions(-) diff --git a/server/config/settings/base.py b/server/config/settings/base.py index 961afe03..32102e7d 100644 --- a/server/config/settings/base.py +++ b/server/config/settings/base.py @@ -88,6 +88,7 @@ THIRD_PARTY_APPS = [ LOCAL_APPS = [ "vbv_lernwelt.core", "vbv_lernwelt.simpletodo", + "vbv_lernwelt.sso", # Your stuff: custom apps go here ] # https://docs.djangoproject.com/en/dev/ref/settings/#installed-apps @@ -452,14 +453,16 @@ if "django_redis.cache.RedisCache" in env("VBV_DJANGO_CACHE_BACKEND", default="" OAUTH = { "client_name": env("OAUTH_CLIENT_NAME", default="lernetz"), - "client_id": env("OAUTH_CLIENT_ID", default=""), + "client_id": env("OAUTH_CLIENT_ID", default="iterativ"), "client_secret": env("OAUTH_CLIENT_SECRET", default=""), "access_token_url": env("OAUTH_ACCESS_TOKEN_URL", default="https://sso.test.b.lernetz.host/auth/realms/vbv/protocol/openid-connect/token"), - "authorize_url": env("OAUTH_AUTHORIZE_URL", default="https://sso.test.b.lernetz.host/auth/realms/vbv/protocol/openid-connect/tokenk"), + "authorize_url": env("OAUTH_AUTHORIZE_URL", default="https://sso.test.b.lernetz.host/auth/realms/vbv/protocol/openid-connect/auth"), "api_base_url": env("OAUTH_API_BASE_URL", default="https://sso.test.b.lernetz.host/auth/realms/vbv/protocol/openid-connect/"), - "local_redirect_uri": env("OAUTH_LOCAL_DIRECT_URI", default="http://localhost:8000/api/oauth/callback/"), - 'client_kwargs': { + "local_redirect_uri": env("OAUTH_LOCAL_DIRECT_URI", default="http://localhost:8000/sso/callback/"), + "client_kwargs": { 'scope': '', + 'token_endpoint_auth_method': 'client_secret_post', + 'token_placement': 'header', } } diff --git a/server/config/urls.py b/server/config/urls.py index eb415853..874112de 100644 --- a/server/config/urls.py +++ b/server/config/urls.py @@ -36,6 +36,7 @@ urlpatterns = [ path("login/", django_view_authentication_exempt(auth_views.LoginView.as_view(template_name="core/login.html"))), path("checkratelimit/", check_rate_limit), path("todo/", include("vbv_lernwelt.simpletodo.urls")), + path("sso/", include("vbv_lernwelt.sso.urls")), ] + static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT) if settings.DEBUG: # Static file serving when using Gunicorn + Uvicorn for local web socket development diff --git a/server/vbv_lernwelt/sso/urls.py b/server/vbv_lernwelt/sso/urls.py index efc9b219..bad8008c 100644 --- a/server/vbv_lernwelt/sso/urls.py +++ b/server/vbv_lernwelt/sso/urls.py @@ -3,12 +3,10 @@ from django.conf.urls import url, include from rest_framework.routers import DefaultRouter from . import views - -router = DefaultRouter() +from ..core.middleware.auth import django_view_authentication_exempt app_name = 'sso' urlpatterns = [ - path(r'^login/', views.login, name='login'), - path(r'^callback/', views.authorize, name='authorize'), - url(r"^sso/", include(router.urls)), + path(r'login/', django_view_authentication_exempt(views.login), name='login'), + path(r'callback/', django_view_authentication_exempt(views.authorize), name='authorize'), ] diff --git a/server/vbv_lernwelt/sso/views.py b/server/vbv_lernwelt/sso/views.py index 91e7eb57..2553f810 100644 --- a/server/vbv_lernwelt/sso/views.py +++ b/server/vbv_lernwelt/sso/views.py @@ -13,14 +13,16 @@ OAUTH_REDIRECT = 'oauth-redirect' def login(request): - hep_oauth_client = oauth.create_client('hep') - redirect_uri = settings.OAUTH_LOCAL_REDIRECT_URI - return hep_oauth_client.authorize_redirect(request, redirect_uri) + oauth_client = oauth.create_client(settings.OAUTH["client_name"]) + redirect_uri = settings.OAUTH["local_redirect_uri"] + return oauth_client.authorize_redirect(request, redirect_uri) def authorize(request): try: logger.debug(request) + token = oauth.lernetz.authorize_access_token(request) + print(token) except OAuthError as e: logger.warning(f'OAuth error: {e}') if not settings.DEBUG: