github/jumpserver
1
0
Fork 0
mirror of https://github.com/jumpserver/jumpserver.git synced 2025-09-01 07:27:35 +00:00
Code Issues Projects Releases Wiki Activity

Dev oidc (#3941)

Browse Source 
* [Update] oidc_rp获取token添加headers base64编码

* [Update] 移除对oidc_rp的支持

* [Update] 移除对oidc_rp的支持2

* [Update] 修改OpenID配置(添加新配置项,并对旧配置项做兼容)

* [Update] 移除所有与Keycloak相关的模块

* [Update] 添加jumpserver-django-oidc-rp的使用

* [Update] 更新登录重定向地址(oidc)

* [Update] oidc添加一些配置参数;处理用户登录/创建/更新等信号

* [Update] 修改退出登录逻辑

* [Update] 添加oidc user登录成功的信号机制

* [Update] 修改mfa认证choices内容 (otp => code)

* [Update] 添加OpenID backend password 认证失败信号机制;修改引入common包问题

* [Update] 用户Token/Auth API 校验用户时,传入request参数(解决登录成功日志记录的问题)

* [Update] 添加依赖jumpserver-django-oidc-rp==0.3.7.1

* [Update] oidc认证模块说明
This commit is contained in:
BaiJiangJie
2020-04-26 20:36:17 +08:00
committed by GitHub
parent 5d433456d4
commit 7833ff6671
28 changed files with 241 additions and 906 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
apps/authentication/backends/oidc/views.py
View File

@@ -1,77 +0,0 @@
from django.conf import settings
from django.http import HttpResponseRedirect, QueryDict
from django.urls import reverse
from django.utils.crypto import get_random_string
from django.utils.http import is_safe_url, urlencode
from oidc_rp.conf import settings as oidc_rp_settings
from oidc_rp.views import OIDCEndSessionView, OIDCAuthRequestView
__all__ = ['OverwriteOIDCAuthRequestView', 'OverwriteOIDCEndSessionView']
class OverwriteOIDCAuthRequestView(OIDCAuthRequestView):
def get(self, request):
""" Processes GET requests. """
# Defines common parameters used to bootstrap the authentication request.
authentication_request_params = request.GET.dict()
authentication_request_params.update({
'scope': oidc_rp_settings.SCOPES,
'response_type': 'code',
'client_id': oidc_rp_settings.CLIENT_ID,
'redirect_uri': request.build_absolute_uri(
reverse(settings.OIDC_RP_LOGIN_CALLBACK_URL_NAME)
),
})
# States should be used! They are recommended in order to maintain state between the
# authentication request and the callback.
if oidc_rp_settings.USE_STATE:
state = get_random_string(oidc_rp_settings.STATE_LENGTH)
authentication_request_params.update({'state': state})
request.session['oidc_auth_state'] = state
# Nonces should be used too! In that case the generated nonce is stored both in the
# authentication request parameters and in the user's session.
if oidc_rp_settings.USE_NONCE:
nonce = get_random_string(oidc_rp_settings.NONCE_LENGTH)
authentication_request_params.update({'nonce': nonce, })
request.session['oidc_auth_nonce'] = nonce
# Stores the "next" URL in the session if applicable.
next_url = request.GET.get('next')
request.session['oidc_auth_next_url'] = next_url \
if is_safe_url(url=next_url, allowed_hosts=(request.get_host(), )) else None
# Redirects the user to authorization endpoint.
query = urlencode(authentication_request_params)
redirect_url = '{url}?{query}'.format(
url=oidc_rp_settings.PROVIDER_AUTHORIZATION_ENDPOINT, query=query)
return HttpResponseRedirect(redirect_url)
class OverwriteOIDCEndSessionView(OIDCEndSessionView):
def post(self, request):
""" Processes POST requests. """
logout_url = settings.LOGOUT_REDIRECT_URL or '/'
try:
logout_url = self.provider_end_session_url \
if oidc_rp_settings.PROVIDER_END_SESSION_ENDPOINT else logout_url
except KeyError: # pragma: no cover
logout_url = logout_url
# Redirects the user to the appropriate URL.
return HttpResponseRedirect(logout_url)
@property
def provider_end_session_url(self):
""" Returns the end-session URL. """
q = QueryDict(mutable=True)
q[oidc_rp_settings.PROVIDER_END_SESSION_REDIRECT_URI_PARAMETER] = \
self.request.build_absolute_uri(settings.LOGOUT_REDIRECT_URL or '/')
if self.request.session.get('oidc_auth_id_token'):
q[oidc_rp_settings.PROVIDER_END_SESSION_ID_TOKEN_PARAMETER] = \
self.request.session['oidc_auth_id_token']
return '{}?{}'.format(oidc_rp_settings.PROVIDER_END_SESSION_ENDPOINT, q.urlencode())