[Update] 修改authentication目录结构

apps/authentication/api/auth.py

@@ -24,8 +24,10 @@ from users.utils import (
 )
 from users.hands import Asset, SystemUser
 
-
 logger = get_logger(__name__)
+__all__ = [
+    'UserAuthApi', 'UserConnectionTokenApi', 'UserOtpAuthApi',
+]
 
 
 class UserAuthApi(RootOrgViewMixin, APIView):
@@ -146,29 +148,6 @@ class UserConnectionTokenApi(RootOrgViewMixin, APIView):
         return super().get_permissions()
 
 
-class UserToken(APIView):
-    permission_classes = (AllowAny,)
-
-    def post(self, request):
-        if not request.user.is_authenticated:
-            username = request.data.get('username', '')
-            email = request.data.get('email', '')
-            password = request.data.get('password', '')
-            public_key = request.data.get('public_key', '')
-
-            user, msg = check_user_valid(
-                username=username, email=email,
-                password=password, public_key=public_key)
-        else:
-            user = request.user
-            msg = None
-        if user:
-            token = user.create_bearer_token(request)
-            return Response({'Token': token, 'Keyword': 'Bearer'}, status=200)
-        else:
-            return Response({'error': msg}, status=406)
-
-
 class UserOtpAuthApi(RootOrgViewMixin, APIView):
     permission_classes = (AllowAny,)
     serializer_class = UserSerializer

apps/authentication/backends/openid/__init__.py

@@ -0,0 +1,6 @@
+# -*- coding: utf-8 -*-
+#
+
+from .backends import *
+from .middleware import *
+from .utils import *

apps/authentication/backends/openid/backends.py

@@ -4,16 +4,19 @@
 from django.contrib.auth import get_user_model
 from django.conf import settings
 
-from . import client
 from common.utils import get_logger
-from authentication.openid.models import OIDT_ACCESS_TOKEN
+from .utils import new_client
+from .models import OIDT_ACCESS_TOKEN
 
 UserModel = get_user_model()
 
 logger = get_logger(__file__)
+client = new_client()
 
-BACKEND_OPENID_AUTH_CODE = \
-    'authentication.openid.backends.OpenIDAuthorizationCodeBackend'
+
+__all__ = [
+    'OpenIDAuthorizationCodeBackend', 'OpenIDAuthorizationPasswordBackend',
+]
 
 
 class BaseOpenIDAuthorizationBackend(object):

apps/authentication/backends/openid/middleware.py

@@ -6,12 +6,15 @@ from django.contrib.auth import logout
 from django.utils.deprecation import MiddlewareMixin
 from django.contrib.auth import BACKEND_SESSION_KEY
 
-from . import client
 from common.utils import get_logger
-from .backends import BACKEND_OPENID_AUTH_CODE
-from authentication.openid.models import OIDT_ACCESS_TOKEN
+from .utils import new_client
+from .models import OIDT_ACCESS_TOKEN
 
+BACKEND_OPENID_AUTH_CODE = \
+    'authentication.backends.openid.OpenIDAuthorizationCodeBackend'
+client = new_client()
 logger = get_logger(__file__)
+__all__ = ['OpenIDAuthenticationMiddleware']
 
 
 class OpenIDAuthenticationMiddleware(MiddlewareMixin):

apps/authentication/backends/openid/models.py

@@ -5,7 +5,8 @@ from django.db import transaction
 from django.contrib.auth import get_user_model
 from keycloak.realm import KeycloakRealm
 from keycloak.keycloak_openid import KeycloakOpenID
-from ..signals import post_create_openid_user
+
+from .signals import post_create_openid_user
 
 OIDT_ACCESS_TOKEN = 'oidt_access_token'
 

apps/authentication/backends/openid/signals.py

@@ -0,0 +1,5 @@
+from django.dispatch import Signal
+
+
+post_create_openid_user = Signal(providing_args=('user',))
+post_openid_login_success = Signal(providing_args=('user', 'request'))

apps/authentication/backends/openid/urls.py

@@ -0,0 +1,11 @@
+# -*- coding: utf-8 -*-
+#
+from django.urls import path
+
+from . import views
+
+urlpatterns = [
+    path('login/', views.OpenIDLoginView.as_view(), name='openid-login'),
+    path('login/complete/', views.OpenIDLoginCompleteView.as_view(),
+         name='openid-login-complete'),
+]

apps/authentication/backends/openid/utils.py

@@ -4,6 +4,8 @@
 from django.conf import settings
 from .models import Client
 
+__all__ = ['new_client']
+
 
 def new_client():
     """
@@ -15,6 +17,3 @@ def new_client():
         client_id=settings.AUTH_OPENID_CLIENT_ID,
         client_secret=settings.AUTH_OPENID_CLIENT_SECRET
     )
-
-
-client = new_client()

apps/authentication/backends/openid/views.py

@@ -3,7 +3,6 @@
 
 import logging
 
-from django.urls import reverse
 from django.conf import settings
 from django.core.cache import cache
 from django.views.generic.base import RedirectView
@@ -14,12 +13,12 @@ from django.http.response import (
     HttpResponseRedirect
 )
 
-from ..openid import client
-from ..openid.models import Nonce
-from ..signals import post_auth_success
+from .utils import new_client
+from .models import Nonce
+from .signals import post_openid_login_success
 
 logger = logging.getLogger(__name__)
-
+client = new_client()
 
 __all__ = ['OpenIDLoginView', 'OpenIDLoginCompleteView']
 
@@ -27,8 +26,8 @@ __all__ = ['OpenIDLoginView', 'OpenIDLoginCompleteView']
 class OpenIDLoginView(RedirectView):
 
     def get_redirect_url(self, *args, **kwargs):
-        redirect_uri = settings.BASE_SITE_URL + \
-                       reverse("authentication:openid-login-complete")
+        # Todo: 待优化
+        redirect_uri = settings.BASE_SITE_URL + settings.LOGIN_COMPLETE_URL
         nonce = Nonce(
             redirect_uri=redirect_uri,
             next_path=self.request.GET.get('next')
@@ -72,6 +71,6 @@ class OpenIDLoginCompleteView(RedirectView):
             return HttpResponseBadRequest()
 
         login(self.request, user)
-        post_auth_success.send(sender=self.__class__, user=user, request=self.request)
+        post_openid_login_success.send(sender=self.__class__, user=user, request=self.request)
         return HttpResponseRedirect(nonce.next_path or '/')
 

apps/authentication/signals.py

@@ -1,6 +1,5 @@
 from django.dispatch import Signal
 
 
-post_create_openid_user = Signal(providing_args=('user',))
 post_auth_success = Signal(providing_args=('user', 'request'))
 post_auth_failed = Signal(providing_args=('username', 'request', 'reason'))

apps/authentication/signals_handlers.py

@@ -6,11 +6,12 @@ from django.utils import timezone
 from django_auth_ldap.backend import populate_user
 
 from common.utils import get_request_ip
-from .openid import client
-from .tasks import write_login_log_async
-from .signals import (
-    post_create_openid_user, post_auth_success, post_auth_failed
+from .backends.openid import new_client
+from .backends.openid.signals import (
+    post_create_openid_user, post_openid_login_success
 )
+from .tasks import write_login_log_async
+from .signals import post_auth_success, post_auth_failed
 
 
 @receiver(user_logged_out)
@@ -23,6 +24,7 @@ def on_user_logged_out(sender, request, user, **kwargs):
         'redirect_uri': settings.BASE_SITE_URL
     })
 
+    client = new_client()
     openid_logout_url = "%s?%s" % (
         client.openid_connect_client.get_url(
             name='end_session_endpoint'),
@@ -39,6 +41,11 @@ def on_post_create_openid_user(sender, user=None,  **kwargs):
         user.save()
 
 
+@receiver(post_openid_login_success)
+def on_openid_login_success(sender, user=None, request=None, **kwargs):
+    post_auth_success.send(sender=sender, user=user, request=request)
+
+
 @receiver(populate_user)
 def on_ldap_create_user(sender, user, ldap_user, **kwargs):
     if user and user.name != 'admin':

apps/authentication/urls/view_urls.py

@@ -1,7 +1,7 @@
 # coding:utf-8
 #
 
-from django.urls import path
+from django.urls import path, include
 
 from .. import views
 
@@ -9,9 +9,7 @@ app_name = 'authentication'
 
 urlpatterns = [
     # openid
-    path('openid/login/', views.OpenIDLoginView.as_view(), name='openid-login'),
-    path('openid/login/complete/',
-         views.OpenIDLoginCompleteView.as_view(), name='openid-login-complete'),
+    path('openid/', include(('authentication.backends.openid.urls', 'authentication'), namespace='openid')),
 
     # login
     path('login/', views.UserLoginView.as_view(), name='login'),

apps/authentication/views/__init__.py

@@ -1,5 +1,4 @@
 # -*- coding: utf-8 -*-
 #
 
-from .openid import *
 from .login import *

apps/jumpserver/settings.py

@@ -100,7 +100,7 @@ MIDDLEWARE = [
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
-    'authentication.openid.middleware.OpenIDAuthenticationMiddleware',  # openid
+    'authentication.backends.openid.middleware.OpenIDAuthenticationMiddleware',
     'jumpserver.middleware.TimezoneMiddleware',
     'jumpserver.middleware.DemoMiddleware',
     'jumpserver.middleware.RequestMiddleware',
@@ -343,10 +343,10 @@ REST_FRAMEWORK = {
     ),
     'DEFAULT_AUTHENTICATION_CLASSES': (
         # 'rest_framework.authentication.BasicAuthentication',
-        'authentication.authentication.AccessKeyAuthentication',
-        'authentication.authentication.AccessTokenAuthentication',
-        'authentication.authentication.PrivateTokenAuthentication',
-        'authentication.authentication.SessionAuthentication',
+        'authentication.backends.api.AccessKeyAuthentication',
+        'authentication.backends.api.AccessTokenAuthentication',
+        'authentication.backends.api.PrivateTokenAuthentication',
+        'authentication.backends.api.SessionAuthentication',
     ),
     'DEFAULT_FILTER_BACKENDS': (
         'django_filters.rest_framework.DjangoFilterBackend',
@@ -409,12 +409,13 @@ AUTH_OPENID_REALM_NAME = CONFIG.AUTH_OPENID_REALM_NAME
 AUTH_OPENID_CLIENT_ID = CONFIG.AUTH_OPENID_CLIENT_ID
 AUTH_OPENID_CLIENT_SECRET = CONFIG.AUTH_OPENID_CLIENT_SECRET
 AUTH_OPENID_BACKENDS = [
-    'authentication.openid.backends.OpenIDAuthorizationPasswordBackend',
-    'authentication.openid.backends.OpenIDAuthorizationCodeBackend',
+    'authentication.backends.openid.backends.OpenIDAuthorizationPasswordBackend',
+    'authentication.backends.openid.backends.OpenIDAuthorizationCodeBackend',
 ]
 
 if AUTH_OPENID:
-    LOGIN_URL = reverse_lazy("authentication:openid-login")
+    LOGIN_URL = reverse_lazy("authentication:openid:openid-login")
+    LOGIN_COMPLETE_URL = reverse_lazy("authentication:openid:openid-login-complete")
     AUTHENTICATION_BACKENDS.insert(0, AUTH_OPENID_BACKENDS[0])
     AUTHENTICATION_BACKENDS.insert(0, AUTH_OPENID_BACKENDS[1])
 

apps/users/api/__init__.py

@@ -2,5 +2,4 @@
 #
 
 from .user import *
-from .auth import *
 from .group import *

apps/users/api/auth.py

@@ -1,3 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-

apps/users/urls/api_urls.py

@@ -5,6 +5,8 @@ from __future__ import absolute_import
 
 from django.urls import path
 from rest_framework_bulk.routes import BulkRouter
+
+from authentication import api as auth_api
 from .. import api
 
 app_name = 'users'
@@ -15,6 +17,11 @@ router.register(r'groups', api.UserGroupViewSet, 'user-group')
 
 
 urlpatterns = [
+    path('connection-token/', auth_api.UserConnectionTokenApi.as_view(),
+         name='connection-token'),
+    path('auth/', auth_api.UserAuthApi.as_view(), name='user-auth'),
+    path('otp/auth/', auth_api.UserOtpAuthApi.as_view(), name='user-otp-auth'),
+
     path('profile/', api.UserProfileApi.as_view(), name='user-profile'),
     path('otp/reset/', api.UserResetOTPApi.as_view(), name='my-otp-reset'),
     path('users/<uuid:pk>/otp/reset/', api.UserResetOTPApi.as_view(), name='user-reset-otp'),