diff --git a/EpisodesCommunity/settings.py b/EpisodesCommunity/settings.py
index 548e7ef..56f9aa1 100644
--- a/EpisodesCommunity/settings.py
+++ b/EpisodesCommunity/settings.py
@@ -14,10 +14,12 @@ import dj_database_url
import os
import configparser
import warnings
+import base64
config = configparser.ConfigParser()
config.read('options.ini')
options = config['General']
+oauth_options = config['OAuth']
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
@@ -128,3 +130,9 @@ USE_TZ = True
# https://docs.djangoproject.com/en/1.11/howto/static-files/
STATIC_URL = '/static/'
+
+
+AUTH_TOKEN_ENDPOINT = oauth_options.get('token_endpoint','https://icynet.eu/oauth/')
+AUTH_CLIENT_ID = oauth_options.get('client_id')
+AUTH_B64 = base64.b64encode(bytearray('%s:%s'%(AUTH_CLIENT_ID,oauth_options.get('client_secret')),'utf-8')).decode("utf-8")
+AUTH_REDIRECT_URL = oauth_options.get('redirect_url')
diff --git a/EpisodesCommunity/urls.py b/EpisodesCommunity/urls.py
index 5068add..b24ce88 100644
--- a/EpisodesCommunity/urls.py
+++ b/EpisodesCommunity/urls.py
@@ -13,9 +13,10 @@ Including another URLconf
1. Import the include() function: from django.conf.urls import url, include
2. Add a URL to urlpatterns: url(r'^blog/', include('blog.urls'))
"""
-from django.conf.urls import url
+from django.conf.urls import url, include
from django.contrib import admin
urlpatterns = [
url(r'^admin/', admin.site.urls),
+ url(r'^', include('LandingPage.urls'))
]
diff --git a/LandingPage/models.py b/LandingPage/models.py
index c78d9e0..212a8f4 100644
--- a/LandingPage/models.py
+++ b/LandingPage/models.py
@@ -70,8 +70,9 @@ class Show(TimestampedModel):
)
class User(TimestampedModel):
- user_id = models.IntegerField(
- help_text='The user id assigned to this user by IcyNet\'s auth servers'
+ user_id = models.CharField(
+ max_length=36,
+ help_text='The UUID assigned to this user by IcyNet\'s auth servers'
)
email = models.EmailField(
help_text='This user\'s email address'
diff --git a/LandingPage/urls.py b/LandingPage/urls.py
new file mode 100644
index 0000000..ae09a29
--- /dev/null
+++ b/LandingPage/urls.py
@@ -0,0 +1,9 @@
+from django.conf.urls import url
+
+from . import views
+
+urlpatterns = [
+ url(r'^login/redirect$', views.LoginRedirect.as_view()),
+ url(r'^login$', views.Login.as_view()),
+]
+
diff --git a/LandingPage/views.py b/LandingPage/views.py
index 91ea44a..dd4be9f 100644
--- a/LandingPage/views.py
+++ b/LandingPage/views.py
@@ -1,3 +1,79 @@
from django.shortcuts import render
+from django.views import View
+from django.conf import settings
+from django.http import HttpResponse
+from django.http import HttpResponseRedirect
+import requests
+import hashlib
+import json
+from .models import User
# Create your views here.
+# Redirect url should point to this view
+class LoginRedirect(View):
+ def get(self, req):
+
+ # Check request has correct arguments
+ request_valid = 'state' in req.GET and 'code' in req.GET
+ if not request_valid:
+ r = HttpResponse('Error
There was an error in your request. Please try again
')
+ r.status = 400
+ return r
+
+ # Check state
+ userstate = generateState(req)
+ if userstate == req.GET['state']:
+ code = req.GET['code']
+ resp = requests.post(
+ settings.AUTH_TOKEN_ENDPOINT+"token",
+ data={
+ 'grant_type':'authorization_code',
+ 'code':code,
+ 'redirect_uri':settings.AUTH_REDIRECT_URL,
+ 'client_id':settings.AUTH_CLIENT_ID
+ },
+ headers = {
+ 'Authorization':'Basic %s'%settings.AUTH_B64
+ }
+ )
+ resp_json = resp.json()
+ if 'error' in resp_json:
+ r = HttpResponse('OAuth Error
%s
'%json.dumps(resp_json))
+ r.status = 500
+ return r
+ else:
+ user_info = requests.get(
+ settings.AUTH_TOKEN_ENDPOINT+"user",
+ headers = {
+ 'Authorization': 'Bearer ' + resp_json['access_token']
+ }
+ ).json()
+ req.session['user_id'] = user_info['uuid']
+ matches = User.objects.filter(user_id=user_info['uuid'])
+ if not len(matches):
+ user = User(
+ user_id = user_info['uuid'],
+ email = user_info['email'],
+ display_name = user_info['display_name']
+ )
+ user.save()
+ req.session['token'] = resp_json['access_token']
+ return HttpResponseRedirect('/')
+ else:
+ return HttpResponse('Unmatching state tokens
It looks like the request to login wasn\'t started by you. Try going back to the home page and logging in again.
', status=400)
+
+class Login(View):
+ def get(self, req):
+ url = '%sauthorize?response_type=code&client_id=%s&redirect_uri=%s&scope=email&state=%s'%(settings.AUTH_TOKEN_ENDPOINT,settings.AUTH_CLIENT_ID,settings.AUTH_REDIRECT_URL, generateState(req))
+ response = HttpResponse("Redirecting you to the IcyNet auth page...")
+ response.status_code = 302
+ response['Location'] = url
+ return response
+
+def generateState(request):
+ request.session.save()
+
+ m = hashlib.sha256()
+ m.update(bytearray(request.session.session_key, 'utf-8'))
+ m.update(bytearray(settings.SECRET_KEY, 'utf-8'))
+ return m.hexdigest()
diff --git a/options_example.ini b/options_example.ini
index 9d612ba..516fc94 100644
--- a/options_example.ini
+++ b/options_example.ini
@@ -9,3 +9,14 @@ secret_key=5up3r s3cr3t k3y
#For configuration details
database=sqlite:///database.sqlite3
+[OAuth]
+#The root of the oauth endpoint you are using for oauth settings
+token_endpoint=https://icynet.eu/oauth/
+
+#The client id, client secret, and redirect url used in the confguration
+#of your oauth client on the site that you plan to use for oauth.
+#The redirect url should probably point to the appropriate view, and
+#needs to be fully qualified.
+client_id=CLIENT ID HERE
+client_secret=CLIENT SECRET HERE
+redirect_url=REDIRECT URL HERE