Fix sso

2022-04-04 16:33:42 +02:00 · 2022-04-04 16:33:42 +02:00 · c6adf1ca41
parent 796db1e83b
commit c6adf1ca41
4 changed files with 16 additions and 12 deletions
--- a/server/config/settings/base.py
+++ b/server/config/settings/base.py
@ -88,6 +88,7 @@ THIRD_PARTY_APPS = [
 LOCAL_APPS = [
    "vbv_lernwelt.core",
    "vbv_lernwelt.simpletodo",
+    "vbv_lernwelt.sso",
    # Your stuff: custom apps go here
 ]
 # https://docs.djangoproject.com/en/dev/ref/settings/#installed-apps
@ -452,14 +453,16 @@ if "django_redis.cache.RedisCache" in env("VBV_DJANGO_CACHE_BACKEND", default=""

 OAUTH = {
    "client_name": env("OAUTH_CLIENT_NAME", default="lernetz"),
-    "client_id": env("OAUTH_CLIENT_ID", default=""),
+    "client_id": env("OAUTH_CLIENT_ID", default="iterativ"),
    "client_secret": env("OAUTH_CLIENT_SECRET", default=""),
    "access_token_url": env("OAUTH_ACCESS_TOKEN_URL", default="https://sso.test.b.lernetz.host/auth/realms/vbv/protocol/openid-connect/token"),
-    "authorize_url": env("OAUTH_AUTHORIZE_URL", default="https://sso.test.b.lernetz.host/auth/realms/vbv/protocol/openid-connect/tokenk"),
+    "authorize_url": env("OAUTH_AUTHORIZE_URL", default="https://sso.test.b.lernetz.host/auth/realms/vbv/protocol/openid-connect/auth"),
    "api_base_url": env("OAUTH_API_BASE_URL", default="https://sso.test.b.lernetz.host/auth/realms/vbv/protocol/openid-connect/"),
-    "local_redirect_uri": env("OAUTH_LOCAL_DIRECT_URI", default="http://localhost:8000/api/oauth/callback/"),
-    'client_kwargs': {
+    "local_redirect_uri": env("OAUTH_LOCAL_DIRECT_URI", default="http://localhost:8000/sso/callback/"),
+    "client_kwargs": {
        'scope': '',
+        'token_endpoint_auth_method': 'client_secret_post',
+        'token_placement': 'header',
    }
 }

--- a/server/config/urls.py
+++ b/server/config/urls.py
@ -36,6 +36,7 @@ urlpatterns = [
    path("login/", django_view_authentication_exempt(auth_views.LoginView.as_view(template_name="core/login.html"))),
    path("checkratelimit/", check_rate_limit),
    path("todo/", include("vbv_lernwelt.simpletodo.urls")),
+    path("sso/", include("vbv_lernwelt.sso.urls")),
 ] + static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
 if settings.DEBUG:
    # Static file serving when using Gunicorn + Uvicorn for local web socket development
--- a/server/vbv_lernwelt/sso/urls.py
+++ b/server/vbv_lernwelt/sso/urls.py
@ -3,12 +3,10 @@ from django.conf.urls import url, include
 from rest_framework.routers import DefaultRouter

 from . import views
-
-router = DefaultRouter()
+from ..core.middleware.auth import django_view_authentication_exempt

 app_name = 'sso'
 urlpatterns = [
-    path(r'^login/', views.login, name='login'),
-    path(r'^callback/', views.authorize, name='authorize'),
-    url(r"^sso/", include(router.urls)),
+    path(r'login/', django_view_authentication_exempt(views.login), name='login'),
+    path(r'callback/', django_view_authentication_exempt(views.authorize), name='authorize'),
 ]
--- a/server/vbv_lernwelt/sso/views.py
+++ b/server/vbv_lernwelt/sso/views.py
@ -13,14 +13,16 @@ OAUTH_REDIRECT = 'oauth-redirect'


 def login(request):
-    hep_oauth_client = oauth.create_client('hep')
-    redirect_uri = settings.OAUTH_LOCAL_REDIRECT_URI
-    return hep_oauth_client.authorize_redirect(request, redirect_uri)
+    oauth_client = oauth.create_client(settings.OAUTH["client_name"])
+    redirect_uri = settings.OAUTH["local_redirect_uri"]
+    return oauth_client.authorize_redirect(request, redirect_uri)


 def authorize(request):
    try:
        logger.debug(request)
+        token = oauth.lernetz.authorize_access_token(request)
+        print(token)
    except OAuthError as e:
        logger.warning(f'OAuth error: {e}')
        if not settings.DEBUG: