jumpserver/apps/authentication/views/feishu.py

from urllib.parse import urlencode

from django.conf import settings
from django.http.request import HttpRequest
from django.http.response import HttpResponseRedirect
from django.utils.translation import gettext_lazy as _
from django.views import View
from rest_framework.exceptions import APIException
from rest_framework.permissions import AllowAny, IsAuthenticated

from authentication.const import ConfirmType
from authentication.permissions import UserConfirmation
from common.sdk.im.feishu import URL
from common.utils import get_logger
from common.utils.django import reverse
from common.utils.random import random_string
from common.views.mixins import PermissionsMixin, UserConfirmRequiredExceptionMixin
from users.views import UserVerifyPasswordView
from .base import BaseLoginCallbackView, BaseBindCallbackView
from .mixins import FlashMessageMixin

logger = get_logger(__file__)


class FeiShuEnableStartView(UserVerifyPasswordView):
    category = 'feishu'

    def get_success_url(self):
        referer = self.request.META.get('HTTP_REFERER')
        redirect_url = self.request.GET.get("redirect_url")

        success_url = reverse(f'authentication:{self.category}-qr-bind')

        success_url += '?' + urlencode({
            'redirect_url': redirect_url or referer
        })

        return success_url


class FeiShuQRMixin(UserConfirmRequiredExceptionMixin, PermissionsMixin, FlashMessageMixin, View):
    category = 'feishu'
    error = _('FeiShu Error')
    error_msg = _('FeiShu is already bound')
    state_session_key = f'_{category}_state'

    @property
    def url_object(self):
        return URL()

    def dispatch(self, request, *args, **kwargs):
        try:
            return super().dispatch(request, *args, **kwargs)
        except APIException as e:
            msg = str(e.detail)
            return self.get_failed_response(
                '/', self.error, msg
            )

    def verify_state(self):
        state = self.request.GET.get('state')
        session_state = self.request.session.get(self.state_session_key)
        if state != session_state:
            return False
        return True

    def get_verify_state_failed_response(self, redirect_uri):
        msg = _("The system configuration is incorrect. Please contact your administrator")
        return self.get_failed_response(redirect_uri, msg, msg)

    def get_qr_url(self, redirect_uri):
        state = random_string(16)
        self.request.session[self.state_session_key] = state

        params = {
            'app_id': getattr(settings, f'{self.category}_APP_ID'.upper()),
            'state': state,
            'redirect_uri': redirect_uri,
        }
        url = self.url_object.authen + '?' + urlencode(params)
        return url

    def get_already_bound_response(self, redirect_url):
        response = self.get_failed_response(redirect_url, self.error_msg, self.error_msg)
        return response


class FeiShuQRBindView(FeiShuQRMixin, View):
    permission_classes = (IsAuthenticated, UserConfirmation.require(ConfirmType.RELOGIN))

    def get(self, request: HttpRequest):
        redirect_url = request.GET.get('redirect_url')

        redirect_uri = reverse(f'authentication:{self.category}-qr-bind-callback', external=True)
        redirect_uri += '?' + urlencode({'redirect_url': redirect_url})

        url = self.get_qr_url(redirect_uri)
        return HttpResponseRedirect(url)


class FeiShuQRBindCallbackView(FeiShuQRMixin, BaseBindCallbackView):
    permission_classes = (IsAuthenticated,)

    auth_type = 'feishu'
    auth_type_label = _('FeiShu')
    client_type_path = f'common.sdk.im.{auth_type}.FeiShu'

    @property
    def client_auth_params(self):
        return {
            'app_id': f'{self.auth_type}_APP_ID'.upper(),
            'app_secret': f'{self.auth_type}_APP_SECRET'.upper()
        }


class FeiShuQRLoginView(FeiShuQRMixin, View):
    permission_classes = (AllowAny,)

    def get(self, request: HttpRequest):
        redirect_url = request.GET.get('redirect_url') or reverse('index')
        redirect_uri = reverse(f'authentication:{self.category}-qr-login-callback', external=True)
        redirect_uri += '?' + urlencode({
            'redirect_url': redirect_url,
        })

        url = self.get_qr_url(redirect_uri)
        return HttpResponseRedirect(url)


class FeiShuQRLoginCallbackView(FeiShuQRMixin, BaseLoginCallbackView):
    permission_classes = (AllowAny,)

    user_type = 'feishu'
    auth_type = user_type
    client_type_path = f'common.sdk.im.{auth_type}.FeiShu'

    msg_client_err = _('FeiShu Error')
    msg_user_not_bound_err = _('FeiShu is not bound')
    msg_not_found_user_from_client_err = _('Failed to get user from FeiShu')

    auth_backend = f'AUTH_BACKEND_{auth_type}'.upper()

    @property
    def client_auth_params(self):
        return {
            'app_id': f'{self.auth_type}_APP_ID'.upper(),
            'app_secret': f'{self.auth_type}_APP_SECRET'.upper()
        }