diff --git a/media/img/dingtalk.png b/media/img/dingtalk.png new file mode 100644 index 0000000000..f19bb85df3 Binary files /dev/null and b/media/img/dingtalk.png differ diff --git a/media/img/work-weixin.png b/media/img/work-weixin.png new file mode 100644 index 0000000000..6422657019 Binary files /dev/null and b/media/img/work-weixin.png differ diff --git a/seahub/base/context_processors.py b/seahub/base/context_processors.py index b6e19f7990..112e2e1f80 100644 --- a/seahub/base/context_processors.py +++ b/seahub/base/context_processors.py @@ -18,7 +18,7 @@ from constance import config import seaserv from seahub.settings import SEAFILE_VERSION, SITE_DESCRIPTION, \ - MAX_FILE_NAME, LOGO_PATH, BRANDING_CSS, LOGO_WIDTH, LOGO_HEIGHT,\ + MAX_FILE_NAME, LOGO_PATH, BRANDING_CSS, LOGO_WIDTH, LOGO_HEIGHT, \ SHOW_REPO_DOWNLOAD_BUTTON, SITE_ROOT, ENABLE_GUEST_INVITATION, \ FAVICON_PATH, APPLE_TOUCH_ICON_PATH, THUMBNAIL_SIZE_FOR_ORIGINAL, \ MEDIA_ROOT, SHOW_LOGOUT_ICON, CUSTOM_LOGO_PATH, CUSTOM_FAVICON_PATH, \ @@ -48,6 +48,7 @@ except ImportError: ENABLE_FILE_SCAN = False from seahub.work_weixin.settings import ENABLE_WORK_WEIXIN from seahub.weixin.settings import ENABLE_WEIXIN +from seahub.dingtalk.settings import ENABLE_DINGTALK try: from seahub.settings import SIDE_NAV_FOOTER_CUSTOM_HTML @@ -131,6 +132,8 @@ def base(request): 'site_name': get_site_name(), 'enable_signup': config.ENABLE_SIGNUP, 'enable_weixin': ENABLE_WEIXIN, + 'enable_work_weixin': ENABLE_WORK_WEIXIN, + 'enable_dingtalk': ENABLE_DINGTALK, 'max_file_name': MAX_FILE_NAME, 'has_file_search': HAS_FILE_SEARCH, 'show_repo_download_button': SHOW_REPO_DOWNLOAD_BUTTON, @@ -162,7 +165,6 @@ def base(request): 'enable_resumable_fileupload': dj_settings.ENABLE_RESUMABLE_FILEUPLOAD, 'service_url': get_service_url().rstrip('/'), 'enable_file_scan': ENABLE_FILE_SCAN, - 'enable_work_weixin': ENABLE_WORK_WEIXIN, 'avatar_url': avatar_url if avatar_url else '', 'privacy_policy_link': PRIVACY_POLICY_LINK, 'terms_of_service_link': TERMS_OF_SERVICE_LINK, diff --git a/seahub/dingtalk/settings.py b/seahub/dingtalk/settings.py index 6f32953654..7d6d75d38e 100644 --- a/seahub/dingtalk/settings.py +++ b/seahub/dingtalk/settings.py @@ -1,9 +1,10 @@ import seahub.settings as settings +from seahub.utils import is_pro_version # constants DINGTALK_PROVIDER = 'dingtalk' -ENABLE_DINGTALK = getattr(settings, 'ENABLE_DINGTALK', False) +ENABLE_DINGTALK = getattr(settings, 'ENABLE_DINGTALK', False) and is_pro_version() DINGTALK_AGENT_ID = getattr(settings, 'DINGTALK_AGENT_ID', '') # for 10.0 or later diff --git a/seahub/templates/registration/login.html b/seahub/templates/registration/login.html index 9c74ec2a46..9dead1cb75 100644 --- a/seahub/templates/registration/login.html +++ b/seahub/templates/registration/login.html @@ -81,16 +81,31 @@ html, body, #wrapper { height:100%; } {% endif %} - {% if enable_weixin %} + {% if enable_weixin or enable_work_weixin or enable_dingtalk %}
{% trans "Login with" %}
- - - + + {% if enable_weixin %} + + + + {% endif %} + + {% if enable_work_weixin %} + + + + {% endif %} + + {% if enable_dingtalk %} + + + + {% endif %}
{% endif %} diff --git a/seahub/urls.py b/seahub/urls.py index 70c86cde86..e40c5b5681 100644 --- a/seahub/urls.py +++ b/seahub/urls.py @@ -209,6 +209,8 @@ urlpatterns = [ path('mobile-login/', mobile_login, name="mobile_login"), path('sso/', sso, name='sso'), + path('work-weixin-sso/', work_weixin_sso, name='work_weixin_sso'), + path('dingtalk-sso/', dingtalk_sso, name='dingtalk_sso'), path('jwt-sso/', jwt_sso, name='jwt_sso'), re_path(r'^shib-login/', shib_login, name="shib_login"), path('oauth/', include('seahub.oauth.urls')), diff --git a/seahub/views/sso.py b/seahub/views/sso.py index 8b39b3de50..d37bf2d7dc 100644 --- a/seahub/views/sso.py +++ b/seahub/views/sso.py @@ -21,6 +21,8 @@ from seahub.utils import render_permission_error, render_error from seahub.api2.utils import get_token_v1, get_token_v2 from seahub.settings import CLIENT_SSO_VIA_LOCAL_BROWSER, CLIENT_SSO_TOKEN_EXPIRATION, LOGIN_URL from seahub.base.models import ClientSSOToken +from seahub.work_weixin.settings import ENABLE_WORK_WEIXIN +from seahub.dingtalk.settings import ENABLE_DINGTALK # Get an instance of a logger logger = logging.getLogger(__name__) @@ -48,25 +50,59 @@ def sso(request): return HttpResponseRedirect(next_page) # send next page back to other views - next_param = '?%s=' % REDIRECT_FIELD_NAME + quote(next_page) + next_param = f'?{REDIRECT_FIELD_NAME}={quote(next_page)}' if getattr(settings, 'ENABLE_ADFS_LOGIN', False): return HttpResponseRedirect(reverse('saml2_login') + next_param) if getattr(settings, 'ENABLE_OAUTH', False): return HttpResponseRedirect(reverse('oauth_login') + next_param) - if getattr(settings, 'ENABLE_DINGTALK', False): - return HttpResponseRedirect(reverse('dingtalk_login') + next_param) - if getattr(settings, 'ENABLE_CAS', False): return HttpResponseRedirect(reverse('cas_ng_login') + next_param) - if getattr(settings, 'ENABLE_WORK_WEIXIN', False): - return HttpResponseRedirect(reverse('work_weixin_oauth_login') + next_param) - return HttpResponseRedirect(next_page) +def work_weixin_sso(request): + + if not ENABLE_WORK_WEIXIN: + error_msg = _('Work weixin sso feature is not enabled') + return render_error(request, error_msg) + + request.session['is_sso_user'] = True + + # Ensure the user-originating redirection url is safe. + if REDIRECT_FIELD_NAME in request.GET: + next_page = request.GET[REDIRECT_FIELD_NAME] + if not url_has_allowed_host_and_scheme(url=next_page, allowed_hosts=request.get_host()): + next_page = settings.LOGIN_REDIRECT_URL + else: + next_page = reverse('libraries') + + next_param = f'?{REDIRECT_FIELD_NAME}={quote(next_page)}' + return HttpResponseRedirect(reverse('work_weixin_oauth_login') + next_param) + + +def dingtalk_sso(request): + + if not ENABLE_DINGTALK: + error_msg = _('Dingtalk sso feature is not enabled') + return render_error(request, error_msg) + + request.session['is_sso_user'] = True + + # Ensure the user-originating redirection url is safe. + if REDIRECT_FIELD_NAME in request.GET: + next_page = request.GET[REDIRECT_FIELD_NAME] + if not url_has_allowed_host_and_scheme(url=next_page, allowed_hosts=request.get_host()): + next_page = settings.LOGIN_REDIRECT_URL + else: + next_page = reverse('libraries') + + next_param = f'?{REDIRECT_FIELD_NAME}={quote(next_page)}' + return HttpResponseRedirect(reverse('dingtalk_login') + next_param) + + def jwt_sso(request): ENABLE_JWT_SSO = getattr(settings, 'ENABLE_JWT_SSO', False) diff --git a/seahub/work_weixin/settings.py b/seahub/work_weixin/settings.py index a780b9ccc4..5eca72fa55 100644 --- a/seahub/work_weixin/settings.py +++ b/seahub/work_weixin/settings.py @@ -1,9 +1,10 @@ # Copyright (c) 2012-2019 Seafile Ltd. # encoding: utf-8 from django.conf import settings +from seahub.utils import is_pro_version # # work weixin base -ENABLE_WORK_WEIXIN = getattr(settings, 'ENABLE_WORK_WEIXIN', False) +ENABLE_WORK_WEIXIN = getattr(settings, 'ENABLE_WORK_WEIXIN', False) and is_pro_version() WORK_WEIXIN_CORP_ID = getattr(settings, 'WORK_WEIXIN_CORP_ID', '') WORK_WEIXIN_AGENT_SECRET = getattr(settings, 'WORK_WEIXIN_AGENT_SECRET', '') WORK_WEIXIN_ACCESS_TOKEN_URL = getattr(settings, 'WORK_WEIXIN_ACCESS_TOKEN_URL',