jumpserver/apps/authentication/backends/oauth2/views.py

from django.conf import settings
from django.contrib import auth
from django.http import HttpResponseRedirect
from django.urls import reverse
from django.utils.http import urlencode
from django.views import View

from authentication.mixins import authenticate
from authentication.utils import build_absolute_uri
from authentication.views.mixins import FlashMessageMixin
from authentication.views.utils import redirect_to_guard_view
from common.utils import get_logger

logger = get_logger(__file__)


class OAuth2AuthRequestView(View):

    def get(self, request):
        log_prompt = "Process OAuth2 GET requests: {}"
        logger.debug(log_prompt.format('Start'))

        query_dict = {
            'client_id': settings.AUTH_OAUTH2_CLIENT_ID, 'response_type': 'code',
            'scope': settings.AUTH_OAUTH2_SCOPE,
            'redirect_uri': build_absolute_uri(
                request, path=reverse(settings.AUTH_OAUTH2_AUTH_LOGIN_CALLBACK_URL_NAME)
            )
        }

        if '?' in settings.AUTH_OAUTH2_PROVIDER_AUTHORIZATION_ENDPOINT:
            separator = '&'
        else:
            separator = '?'
        redirect_url = '{url}{separator}{query}'.format(
            url=settings.AUTH_OAUTH2_PROVIDER_AUTHORIZATION_ENDPOINT,
            separator=separator,
            query=urlencode(query_dict)
        )
        logger.debug(log_prompt.format('Redirect login url'))
        return HttpResponseRedirect(redirect_url)


class OAuth2AuthCallbackView(View, FlashMessageMixin):
    http_method_names = ['get', ]

    def get(self, request):
        """ Processes GET requests. """
        log_prompt = "Process GET requests [OAuth2AuthCallbackView]: {}"
        logger.debug(log_prompt.format('Start'))
        callback_params = request.GET

        if 'code' in callback_params:
            logger.debug(log_prompt.format('Process authenticate'))
            user = authenticate(code=callback_params['code'], request=request)

            if user:
                logger.debug(log_prompt.format('Login: {}'.format(user)))
                auth.login(self.request, user)
                logger.debug(log_prompt.format('Redirect'))
                return HttpResponseRedirect(
                    settings.AUTH_OAUTH2_AUTHENTICATION_REDIRECT_URI
                )

        logger.debug(log_prompt.format('Redirect'))
        redirect_url = settings.AUTH_OAUTH2_PROVIDER_END_SESSION_ENDPOINT or '/'
        return HttpResponseRedirect(redirect_url)


class OAuth2AuthCallbackClientView(View):
    http_method_names = ['get', ]

    def get(self, request):
        return redirect_to_guard_view(query_string='next=client')


class OAuth2EndSessionView(View):
    http_method_names = ['get', 'post', ]

    def get(self, request):
        """ Processes GET requests. """
        log_prompt = "Process GET requests [OAuth2EndSessionView]: {}"
        logger.debug(log_prompt.format('Start'))
        return self.post(request)

    def post(self, request):
        """ Processes POST requests. """
        log_prompt = "Process POST requests [OAuth2EndSessionView]: {}"
        logger.debug(log_prompt.format('Start'))

        logout_url = settings.LOGOUT_REDIRECT_URL or '/'

        # Log out the current user.
        if request.user.is_authenticated:
            logger.debug(log_prompt.format('Log out the current user: {}'.format(request.user)))
            auth.logout(request)

            logout_url = settings.AUTH_OAUTH2_PROVIDER_END_SESSION_ENDPOINT
            if settings.AUTH_OAUTH2_LOGOUT_COMPLETELY and logout_url:
                logger.debug(log_prompt.format('Log out OAUTH2 platform user session synchronously'))
                return HttpResponseRedirect(logout_url)

        logger.debug(log_prompt.format('Redirect'))
        return HttpResponseRedirect(logout_url)
feat: 认证方式支持OAuth2.0协议 (#8686) * feat: 认证方式支持OAuth2.0协议 * perf: 优化 OAuth2 认证逻辑和Logo (对接 Github) * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 Co-authored-by: Jiangjie.Bai <bugatti_it@163.com> 2022-08-04 06:40:33 +00:00			`from django.conf import settings`
feat: 支持OAuth2协议自定义注销功能 2022-08-26 09:59:16 +00:00			`from django.contrib import auth`
feat: 认证方式支持OAuth2.0协议 (#8686) * feat: 认证方式支持OAuth2.0协议 * perf: 优化 OAuth2 认证逻辑和Logo (对接 Github) * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 Co-authored-by: Jiangjie.Bai <bugatti_it@163.com> 2022-08-04 06:40:33 +00:00			`from django.http import HttpResponseRedirect`
			`from django.urls import reverse`
			`from django.utils.http import urlencode`
perf: Client login 2024-12-18 09:25:40 +00:00			`from django.views import View`
feat: 认证方式支持OAuth2.0协议 (#8686) * feat: 认证方式支持OAuth2.0协议 * perf: 优化 OAuth2 认证逻辑和Logo (对接 Github) * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 Co-authored-by: Jiangjie.Bai <bugatti_it@163.com> 2022-08-04 06:40:33 +00:00
perf: Client login 2024-12-18 09:25:40 +00:00			`from authentication.mixins import authenticate`
feat: 认证方式支持OAuth2.0协议 (#8686) * feat: 认证方式支持OAuth2.0协议 * perf: 优化 OAuth2 认证逻辑和Logo (对接 Github) * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 Co-authored-by: Jiangjie.Bai <bugatti_it@163.com> 2022-08-04 06:40:33 +00:00			`from authentication.utils import build_absolute_uri`
perf: 优化oauth2登录未激活用户时，会重复跳转登录问题 2024-03-06 06:49:20 +00:00			`from authentication.views.mixins import FlashMessageMixin`
perf: Client login 2024-12-18 09:25:40 +00:00			`from authentication.views.utils import redirect_to_guard_view`
perf: 优化oauth2登录未激活用户时，会重复跳转登录问题 2024-03-06 06:49:20 +00:00			`from common.utils import get_logger`

feat: 认证方式支持OAuth2.0协议 (#8686) * feat: 认证方式支持OAuth2.0协议 * perf: 优化 OAuth2 认证逻辑和Logo (对接 Github) * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 Co-authored-by: Jiangjie.Bai <bugatti_it@163.com> 2022-08-04 06:40:33 +00:00			`logger = get_logger(__file__)`


			`class OAuth2AuthRequestView(View):`

			`def get(self, request):`
			`log_prompt = "Process OAuth2 GET requests: {}"`
			`logger.debug(log_prompt.format('Start'))`

			`query_dict = {`
			`'client_id': settings.AUTH_OAUTH2_CLIENT_ID, 'response_type': 'code',`
			`'scope': settings.AUTH_OAUTH2_SCOPE,`
			`'redirect_uri': build_absolute_uri(`
			`request, path=reverse(settings.AUTH_OAUTH2_AUTH_LOGIN_CALLBACK_URL_NAME)`
			`)`
			`}`

perf: 优化oauth2的服务地址参数拼接 2022-12-13 13:57:17 +00:00			`if '?' in settings.AUTH_OAUTH2_PROVIDER_AUTHORIZATION_ENDPOINT:`
			`separator = '&'`
			`else:`
			`separator = '?'`
			`redirect_url = '{url}{separator}{query}'.format(`
fix: 增加配置项 SECURE_PROXY_SSL_HEADER request build url 时获取对应的 scheme 2022-08-08 06:54:54 +00:00			`url=settings.AUTH_OAUTH2_PROVIDER_AUTHORIZATION_ENDPOINT,`
perf: 优化oauth2的服务地址参数拼接 2022-12-13 13:57:17 +00:00			`separator=separator,`
fix: 增加配置项 SECURE_PROXY_SSL_HEADER request build url 时获取对应的 scheme 2022-08-08 06:54:54 +00:00			`query=urlencode(query_dict)`
			`)`
feat: 认证方式支持OAuth2.0协议 (#8686) * feat: 认证方式支持OAuth2.0协议 * perf: 优化 OAuth2 认证逻辑和Logo (对接 Github) * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 Co-authored-by: Jiangjie.Bai <bugatti_it@163.com> 2022-08-04 06:40:33 +00:00			`logger.debug(log_prompt.format('Redirect login url'))`
			`return HttpResponseRedirect(redirect_url)`


perf: 优化oauth2登录未激活用户时，会重复跳转登录问题 2024-03-06 06:49:20 +00:00			`class OAuth2AuthCallbackView(View, FlashMessageMixin):`
feat: 认证方式支持OAuth2.0协议 (#8686) * feat: 认证方式支持OAuth2.0协议 * perf: 优化 OAuth2 认证逻辑和Logo (对接 Github) * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 Co-authored-by: Jiangjie.Bai <bugatti_it@163.com> 2022-08-04 06:40:33 +00:00			`http_method_names = ['get', ]`

			`def get(self, request):`
			`""" Processes GET requests. """`
			`log_prompt = "Process GET requests [OAuth2AuthCallbackView]: {}"`
			`logger.debug(log_prompt.format('Start'))`
			`callback_params = request.GET`

			`if 'code' in callback_params:`
			`logger.debug(log_prompt.format('Process authenticate'))`
			`user = authenticate(code=callback_params['code'], request=request)`
perf: 优化oauth2登录未激活用户时，会重复跳转登录问题 2024-03-06 06:49:20 +00:00
fix: 解决OAuth2可以跳过不存在用户不允许登录的规则 2024-05-30 06:58:19 +00:00			`if user:`
feat: 认证方式支持OAuth2.0协议 (#8686) * feat: 认证方式支持OAuth2.0协议 * perf: 优化 OAuth2 认证逻辑和Logo (对接 Github) * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 Co-authored-by: Jiangjie.Bai <bugatti_it@163.com> 2022-08-04 06:40:33 +00:00			`logger.debug(log_prompt.format('Login: {}'.format(user)))`
feat: 支持OAuth2协议自定义注销功能 2022-08-26 09:59:16 +00:00			`auth.login(self.request, user)`
feat: 认证方式支持OAuth2.0协议 (#8686) * feat: 认证方式支持OAuth2.0协议 * perf: 优化 OAuth2 认证逻辑和Logo (对接 Github) * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 * perf: 优化 OAuth2 认证逻辑和Logo，支持上传图标 Co-authored-by: Jiangjie.Bai <bugatti_it@163.com> 2022-08-04 06:40:33 +00:00			`logger.debug(log_prompt.format('Redirect'))`
			`return HttpResponseRedirect(`
			`settings.AUTH_OAUTH2_AUTHENTICATION_REDIRECT_URI`
			`)`

			`logger.debug(log_prompt.format('Redirect'))`
fix: 解决OAuth2可以跳过不存在用户不允许登录的规则 2024-05-30 06:58:19 +00:00			`redirect_url = settings.AUTH_OAUTH2_PROVIDER_END_SESSION_ENDPOINT or '/'`
fix: 修复 OAuth2 用户本地被禁用后,页面一直跳转的问题. 2022-10-11 10:37:49 +00:00			`return HttpResponseRedirect(redirect_url)`
feat: 支持OAuth2协议自定义注销功能 2022-08-26 09:59:16 +00:00

perf: Client login 2024-12-18 09:25:40 +00:00			`class OAuth2AuthCallbackClientView(View):`
			`http_method_names = ['get', ]`

			`def get(self, request):`
			`return redirect_to_guard_view(query_string='next=client')`


feat: 支持OAuth2协议自定义注销功能 2022-08-26 09:59:16 +00:00			`class OAuth2EndSessionView(View):`
			`http_method_names = ['get', 'post', ]`

			`def get(self, request):`
			`""" Processes GET requests. """`
			`log_prompt = "Process GET requests [OAuth2EndSessionView]: {}"`
			`logger.debug(log_prompt.format('Start'))`
			`return self.post(request)`

			`def post(self, request):`
			`""" Processes POST requests. """`
			`log_prompt = "Process POST requests [OAuth2EndSessionView]: {}"`
			`logger.debug(log_prompt.format('Start'))`

			`logout_url = settings.LOGOUT_REDIRECT_URL or '/'`

			`# Log out the current user.`
			`if request.user.is_authenticated:`
			`logger.debug(log_prompt.format('Log out the current user: {}'.format(request.user)))`
			`auth.logout(request)`

perf: 修改变量名 2023-02-09 03:22:58 +00:00			`logout_url = settings.AUTH_OAUTH2_PROVIDER_END_SESSION_ENDPOINT`
			`if settings.AUTH_OAUTH2_LOGOUT_COMPLETELY and logout_url:`
feat: 支持OAuth2协议自定义注销功能 2022-08-26 09:59:16 +00:00			`logger.debug(log_prompt.format('Log out OAUTH2 platform user session synchronously'))`
perf: 修改变量名 2023-02-09 03:22:58 +00:00			`return HttpResponseRedirect(logout_url)`
feat: 支持OAuth2协议自定义注销功能 2022-08-26 09:59:16 +00:00
			`logger.debug(log_prompt.format('Redirect'))`
			`return HttpResponseRedirect(logout_url)`