diff --git a/EpisodesCommunity/settings.py b/EpisodesCommunity/settings.py index 548e7ef..56f9aa1 100644 --- a/EpisodesCommunity/settings.py +++ b/EpisodesCommunity/settings.py @@ -14,10 +14,12 @@ import dj_database_url import os import configparser import warnings +import base64 config = configparser.ConfigParser() config.read('options.ini') options = config['General'] +oauth_options = config['OAuth'] # Build paths inside the project like this: os.path.join(BASE_DIR, ...) BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) @@ -128,3 +130,9 @@ USE_TZ = True # https://docs.djangoproject.com/en/1.11/howto/static-files/ STATIC_URL = '/static/' + + +AUTH_TOKEN_ENDPOINT = oauth_options.get('token_endpoint','https://icynet.eu/oauth/') +AUTH_CLIENT_ID = oauth_options.get('client_id') +AUTH_B64 = base64.b64encode(bytearray('%s:%s'%(AUTH_CLIENT_ID,oauth_options.get('client_secret')),'utf-8')).decode("utf-8") +AUTH_REDIRECT_URL = oauth_options.get('redirect_url') diff --git a/EpisodesCommunity/urls.py b/EpisodesCommunity/urls.py index 5068add..b24ce88 100644 --- a/EpisodesCommunity/urls.py +++ b/EpisodesCommunity/urls.py @@ -13,9 +13,10 @@ Including another URLconf 1. Import the include() function: from django.conf.urls import url, include 2. Add a URL to urlpatterns: url(r'^blog/', include('blog.urls')) """ -from django.conf.urls import url +from django.conf.urls import url, include from django.contrib import admin urlpatterns = [ url(r'^admin/', admin.site.urls), + url(r'^', include('LandingPage.urls')) ] diff --git a/LandingPage/models.py b/LandingPage/models.py index c78d9e0..212a8f4 100644 --- a/LandingPage/models.py +++ b/LandingPage/models.py @@ -70,8 +70,9 @@ class Show(TimestampedModel): ) class User(TimestampedModel): - user_id = models.IntegerField( - help_text='The user id assigned to this user by IcyNet\'s auth servers' + user_id = models.CharField( + max_length=36, + help_text='The UUID assigned to this user by IcyNet\'s auth servers' ) email = models.EmailField( help_text='This user\'s email address' diff --git a/LandingPage/urls.py b/LandingPage/urls.py new file mode 100644 index 0000000..ae09a29 --- /dev/null +++ b/LandingPage/urls.py @@ -0,0 +1,9 @@ +from django.conf.urls import url + +from . import views + +urlpatterns = [ + url(r'^login/redirect$', views.LoginRedirect.as_view()), + url(r'^login$', views.Login.as_view()), +] + diff --git a/LandingPage/views.py b/LandingPage/views.py index 91ea44a..dd4be9f 100644 --- a/LandingPage/views.py +++ b/LandingPage/views.py @@ -1,3 +1,79 @@ from django.shortcuts import render +from django.views import View +from django.conf import settings +from django.http import HttpResponse +from django.http import HttpResponseRedirect +import requests +import hashlib +import json +from .models import User # Create your views here. +# Redirect url should point to this view +class LoginRedirect(View): + def get(self, req): + + # Check request has correct arguments + request_valid = 'state' in req.GET and 'code' in req.GET + if not request_valid: + r = HttpResponse('

Error

There was an error in your request. Please try again

') + r.status = 400 + return r + + # Check state + userstate = generateState(req) + if userstate == req.GET['state']: + code = req.GET['code'] + resp = requests.post( + settings.AUTH_TOKEN_ENDPOINT+"token", + data={ + 'grant_type':'authorization_code', + 'code':code, + 'redirect_uri':settings.AUTH_REDIRECT_URL, + 'client_id':settings.AUTH_CLIENT_ID + }, + headers = { + 'Authorization':'Basic %s'%settings.AUTH_B64 + } + ) + resp_json = resp.json() + if 'error' in resp_json: + r = HttpResponse('

OAuth Error

%s
'%json.dumps(resp_json)) + r.status = 500 + return r + else: + user_info = requests.get( + settings.AUTH_TOKEN_ENDPOINT+"user", + headers = { + 'Authorization': 'Bearer ' + resp_json['access_token'] + } + ).json() + req.session['user_id'] = user_info['uuid'] + matches = User.objects.filter(user_id=user_info['uuid']) + if not len(matches): + user = User( + user_id = user_info['uuid'], + email = user_info['email'], + display_name = user_info['display_name'] + ) + user.save() + req.session['token'] = resp_json['access_token'] + return HttpResponseRedirect('/') + else: + return HttpResponse('

Unmatching state tokens


It looks like the request to login wasn\'t started by you. Try going back to the home page and logging in again.

', status=400) + +class Login(View): + def get(self, req): + url = '%sauthorize?response_type=code&client_id=%s&redirect_uri=%s&scope=email&state=%s'%(settings.AUTH_TOKEN_ENDPOINT,settings.AUTH_CLIENT_ID,settings.AUTH_REDIRECT_URL, generateState(req)) + response = HttpResponse("Redirecting you to the IcyNet auth page...") + response.status_code = 302 + response['Location'] = url + return response + +def generateState(request): + request.session.save() + + m = hashlib.sha256() + m.update(bytearray(request.session.session_key, 'utf-8')) + m.update(bytearray(settings.SECRET_KEY, 'utf-8')) + return m.hexdigest() diff --git a/options_example.ini b/options_example.ini index 9d612ba..516fc94 100644 --- a/options_example.ini +++ b/options_example.ini @@ -9,3 +9,14 @@ secret_key=5up3r s3cr3t k3y #For configuration details database=sqlite:///database.sqlite3 +[OAuth] +#The root of the oauth endpoint you are using for oauth settings +token_endpoint=https://icynet.eu/oauth/ + +#The client id, client secret, and redirect url used in the confguration +#of your oauth client on the site that you plan to use for oauth. +#The redirect url should probably point to the appropriate view, and +#needs to be fully qualified. +client_id=CLIENT ID HERE +client_secret=CLIENT SECRET HERE +redirect_url=REDIRECT URL HERE