[Update] 修改authentication目录结构

pull/2461/head
ibuler 2019-02-28 11:58:48 +08:00
parent 6700dc969f
commit 9b3509208d
23 changed files with 78 additions and 65 deletions

View File

@ -24,8 +24,10 @@ from users.utils import (
)
from users.hands import Asset, SystemUser
logger = get_logger(__name__)
__all__ = [
'UserAuthApi', 'UserConnectionTokenApi', 'UserOtpAuthApi',
]
class UserAuthApi(RootOrgViewMixin, APIView):
@ -146,29 +148,6 @@ class UserConnectionTokenApi(RootOrgViewMixin, APIView):
return super().get_permissions()
class UserToken(APIView):
permission_classes = (AllowAny,)
def post(self, request):
if not request.user.is_authenticated:
username = request.data.get('username', '')
email = request.data.get('email', '')
password = request.data.get('password', '')
public_key = request.data.get('public_key', '')
user, msg = check_user_valid(
username=username, email=email,
password=password, public_key=public_key)
else:
user = request.user
msg = None
if user:
token = user.create_bearer_token(request)
return Response({'Token': token, 'Keyword': 'Bearer'}, status=200)
else:
return Response({'error': msg}, status=406)
class UserOtpAuthApi(RootOrgViewMixin, APIView):
permission_classes = (AllowAny,)
serializer_class = UserSerializer

View File

@ -0,0 +1,6 @@
# -*- coding: utf-8 -*-
#
from .backends import *
from .middleware import *
from .utils import *

View File

@ -4,16 +4,19 @@
from django.contrib.auth import get_user_model
from django.conf import settings
from . import client
from common.utils import get_logger
from authentication.openid.models import OIDT_ACCESS_TOKEN
from .utils import new_client
from .models import OIDT_ACCESS_TOKEN
UserModel = get_user_model()
logger = get_logger(__file__)
client = new_client()
BACKEND_OPENID_AUTH_CODE = \
'authentication.openid.backends.OpenIDAuthorizationCodeBackend'
__all__ = [
'OpenIDAuthorizationCodeBackend', 'OpenIDAuthorizationPasswordBackend',
]
class BaseOpenIDAuthorizationBackend(object):

View File

@ -6,12 +6,15 @@ from django.contrib.auth import logout
from django.utils.deprecation import MiddlewareMixin
from django.contrib.auth import BACKEND_SESSION_KEY
from . import client
from common.utils import get_logger
from .backends import BACKEND_OPENID_AUTH_CODE
from authentication.openid.models import OIDT_ACCESS_TOKEN
from .utils import new_client
from .models import OIDT_ACCESS_TOKEN
BACKEND_OPENID_AUTH_CODE = \
'authentication.backends.openid.OpenIDAuthorizationCodeBackend'
client = new_client()
logger = get_logger(__file__)
__all__ = ['OpenIDAuthenticationMiddleware']
class OpenIDAuthenticationMiddleware(MiddlewareMixin):

View File

@ -5,7 +5,8 @@ from django.db import transaction
from django.contrib.auth import get_user_model
from keycloak.realm import KeycloakRealm
from keycloak.keycloak_openid import KeycloakOpenID
from ..signals import post_create_openid_user
from .signals import post_create_openid_user
OIDT_ACCESS_TOKEN = 'oidt_access_token'

View File

@ -0,0 +1,5 @@
from django.dispatch import Signal
post_create_openid_user = Signal(providing_args=('user',))
post_openid_login_success = Signal(providing_args=('user', 'request'))

View File

@ -0,0 +1,11 @@
# -*- coding: utf-8 -*-
#
from django.urls import path
from . import views
urlpatterns = [
path('login/', views.OpenIDLoginView.as_view(), name='openid-login'),
path('login/complete/', views.OpenIDLoginCompleteView.as_view(),
name='openid-login-complete'),
]

View File

@ -4,6 +4,8 @@
from django.conf import settings
from .models import Client
__all__ = ['new_client']
def new_client():
"""
@ -15,6 +17,3 @@ def new_client():
client_id=settings.AUTH_OPENID_CLIENT_ID,
client_secret=settings.AUTH_OPENID_CLIENT_SECRET
)
client = new_client()

View File

@ -3,7 +3,6 @@
import logging
from django.urls import reverse
from django.conf import settings
from django.core.cache import cache
from django.views.generic.base import RedirectView
@ -14,12 +13,12 @@ from django.http.response import (
HttpResponseRedirect
)
from ..openid import client
from ..openid.models import Nonce
from ..signals import post_auth_success
from .utils import new_client
from .models import Nonce
from .signals import post_openid_login_success
logger = logging.getLogger(__name__)
client = new_client()
__all__ = ['OpenIDLoginView', 'OpenIDLoginCompleteView']
@ -27,8 +26,8 @@ __all__ = ['OpenIDLoginView', 'OpenIDLoginCompleteView']
class OpenIDLoginView(RedirectView):
def get_redirect_url(self, *args, **kwargs):
redirect_uri = settings.BASE_SITE_URL + \
reverse("authentication:openid-login-complete")
# Todo: 待优化
redirect_uri = settings.BASE_SITE_URL + settings.LOGIN_COMPLETE_URL
nonce = Nonce(
redirect_uri=redirect_uri,
next_path=self.request.GET.get('next')
@ -72,6 +71,6 @@ class OpenIDLoginCompleteView(RedirectView):
return HttpResponseBadRequest()
login(self.request, user)
post_auth_success.send(sender=self.__class__, user=user, request=self.request)
post_openid_login_success.send(sender=self.__class__, user=user, request=self.request)
return HttpResponseRedirect(nonce.next_path or '/')

View File

@ -1,6 +1,5 @@
from django.dispatch import Signal
post_create_openid_user = Signal(providing_args=('user',))
post_auth_success = Signal(providing_args=('user', 'request'))
post_auth_failed = Signal(providing_args=('username', 'request', 'reason'))

View File

@ -6,11 +6,12 @@ from django.utils import timezone
from django_auth_ldap.backend import populate_user
from common.utils import get_request_ip
from .openid import client
from .tasks import write_login_log_async
from .signals import (
post_create_openid_user, post_auth_success, post_auth_failed
from .backends.openid import new_client
from .backends.openid.signals import (
post_create_openid_user, post_openid_login_success
)
from .tasks import write_login_log_async
from .signals import post_auth_success, post_auth_failed
@receiver(user_logged_out)
@ -23,6 +24,7 @@ def on_user_logged_out(sender, request, user, **kwargs):
'redirect_uri': settings.BASE_SITE_URL
})
client = new_client()
openid_logout_url = "%s?%s" % (
client.openid_connect_client.get_url(
name='end_session_endpoint'),
@ -39,6 +41,11 @@ def on_post_create_openid_user(sender, user=None, **kwargs):
user.save()
@receiver(post_openid_login_success)
def on_openid_login_success(sender, user=None, request=None, **kwargs):
post_auth_success.send(sender=sender, user=user, request=request)
@receiver(populate_user)
def on_ldap_create_user(sender, user, ldap_user, **kwargs):
if user and user.name != 'admin':

View File

@ -1,7 +1,7 @@
# coding:utf-8
#
from django.urls import path
from django.urls import path, include
from .. import views
@ -9,9 +9,7 @@ app_name = 'authentication'
urlpatterns = [
# openid
path('openid/login/', views.OpenIDLoginView.as_view(), name='openid-login'),
path('openid/login/complete/',
views.OpenIDLoginCompleteView.as_view(), name='openid-login-complete'),
path('openid/', include(('authentication.backends.openid.urls', 'authentication'), namespace='openid')),
# login
path('login/', views.UserLoginView.as_view(), name='login'),

View File

@ -1,5 +1,4 @@
# -*- coding: utf-8 -*-
#
from .openid import *
from .login import *

View File

@ -100,7 +100,7 @@ MIDDLEWARE = [
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'authentication.openid.middleware.OpenIDAuthenticationMiddleware', # openid
'authentication.backends.openid.middleware.OpenIDAuthenticationMiddleware',
'jumpserver.middleware.TimezoneMiddleware',
'jumpserver.middleware.DemoMiddleware',
'jumpserver.middleware.RequestMiddleware',
@ -343,10 +343,10 @@ REST_FRAMEWORK = {
),
'DEFAULT_AUTHENTICATION_CLASSES': (
# 'rest_framework.authentication.BasicAuthentication',
'authentication.authentication.AccessKeyAuthentication',
'authentication.authentication.AccessTokenAuthentication',
'authentication.authentication.PrivateTokenAuthentication',
'authentication.authentication.SessionAuthentication',
'authentication.backends.api.AccessKeyAuthentication',
'authentication.backends.api.AccessTokenAuthentication',
'authentication.backends.api.PrivateTokenAuthentication',
'authentication.backends.api.SessionAuthentication',
),
'DEFAULT_FILTER_BACKENDS': (
'django_filters.rest_framework.DjangoFilterBackend',
@ -409,12 +409,13 @@ AUTH_OPENID_REALM_NAME = CONFIG.AUTH_OPENID_REALM_NAME
AUTH_OPENID_CLIENT_ID = CONFIG.AUTH_OPENID_CLIENT_ID
AUTH_OPENID_CLIENT_SECRET = CONFIG.AUTH_OPENID_CLIENT_SECRET
AUTH_OPENID_BACKENDS = [
'authentication.openid.backends.OpenIDAuthorizationPasswordBackend',
'authentication.openid.backends.OpenIDAuthorizationCodeBackend',
'authentication.backends.openid.backends.OpenIDAuthorizationPasswordBackend',
'authentication.backends.openid.backends.OpenIDAuthorizationCodeBackend',
]
if AUTH_OPENID:
LOGIN_URL = reverse_lazy("authentication:openid-login")
LOGIN_URL = reverse_lazy("authentication:openid:openid-login")
LOGIN_COMPLETE_URL = reverse_lazy("authentication:openid:openid-login-complete")
AUTHENTICATION_BACKENDS.insert(0, AUTH_OPENID_BACKENDS[0])
AUTHENTICATION_BACKENDS.insert(0, AUTH_OPENID_BACKENDS[1])

View File

@ -2,5 +2,4 @@
#
from .user import *
from .auth import *
from .group import *

View File

@ -1,3 +0,0 @@
# -*- coding: utf-8 -*-
#

View File

@ -5,6 +5,8 @@ from __future__ import absolute_import
from django.urls import path
from rest_framework_bulk.routes import BulkRouter
from authentication import api as auth_api
from .. import api
app_name = 'users'
@ -15,6 +17,11 @@ router.register(r'groups', api.UserGroupViewSet, 'user-group')
urlpatterns = [
path('connection-token/', auth_api.UserConnectionTokenApi.as_view(),
name='connection-token'),
path('auth/', auth_api.UserAuthApi.as_view(), name='user-auth'),
path('otp/auth/', auth_api.UserOtpAuthApi.as_view(), name='user-otp-auth'),
path('profile/', api.UserProfileApi.as_view(), name='user-profile'),
path('otp/reset/', api.UserResetOTPApi.as_view(), name='my-otp-reset'),
path('users/<uuid:pk>/otp/reset/', api.UserResetOTPApi.as_view(), name='user-reset-otp'),