Merge pull request #5015 from haiwen/jwt-sso

add jwt sso
2025-09-19 18:29:23 +00:00 · 2021-11-01 11:54:48 +08:00
parent 104008c1b1 222c4e26d6
commit 4515b470c3
2 changed files with 43 additions and 0 deletions
--- a/seahub/urls.py
+++ b/seahub/urls.py
@@ -193,6 +193,7 @@ urlpatterns = [
    url(r'^accounts/', include('seahub.base.registration_urls')),

    url(r'^sso/$', sso, name='sso'),
+    url(r'^jwt-sso/$', jwt_sso, name='jwt_sso'),
    url(r'^shib-login/', shib_login, name="shib_login"),
    url(r'^oauth/', include('seahub.oauth.urls')),
    url(r'^thirdparty-editor/', include('seahub.thirdparty_editor.urls')),
--- a/seahub/views/sso.py
+++ b/seahub/views/sso.py
@@ -1,10 +1,18 @@
 # Copyright (c) 2012-2016 Seafile Ltd.
+import jwt
+import time
+
 from django.conf import settings
 from django.urls import reverse
 from django.http import HttpResponseRedirect
 from django.utils.http import is_safe_url, urlquote
+from django.utils.translation import ugettext as _
+
+from seahub.base.templatetags.seahub_tags import email2nickname

 from seahub.auth import REDIRECT_FIELD_NAME
+from seahub.utils import render_error
+

 def sso(request):
    # Ensure the user-originating redirection url is safe.
@@ -43,6 +51,40 @@ def sso(request):

    return HttpResponseRedirect(next_page)

+
+def jwt_sso(request):
+
+    ENABLE_JWT_SSO = getattr(settings, 'ENABLE_JWT_SSO', False)
+    JWT_SSO_SECRET_KEY = getattr(settings, 'JWT_SSO_SECRET_KEY', '')
+    JWT_SSO_EXPIRATION = getattr(settings, 'JWT_SSO_EXPIRATION', 60 * 60)
+    JWT_SSO_ALGORITHM = getattr(settings, 'JWT_SSO_ALGORITHM', 'HS256')
+
+    if not ENABLE_JWT_SSO:
+        error_msg = _("jwt sso feature is not enabled.")
+        return render_error(request, error_msg)
+
+    if not JWT_SSO_SECRET_KEY:
+        error_msg = _("jwt sso secret key is not set.")
+        return render_error(request, error_msg)
+
+    page_url = request.GET.get('page', '')
+    if not page_url:
+        error_msg = _("page parameter is not passed.")
+        return render_error(request, error_msg)
+
+    username = request.user.username
+
+    data = {
+        'exp': time.time() + JWT_SSO_EXPIRATION,
+        'email': username,
+        'name': email2nickname(username)
+    }
+
+    jwt_token = jwt.encode(data, JWT_SSO_SECRET_KEY, JWT_SSO_ALGORITHM)
+    redirect_to = "{}?jwt-token={}".format(page_url, jwt_token)
+    return HttpResponseRedirect(redirect_to)
+
+
 def shib_login(request):
    # client platform args used to create api v2 token
    next_page = request.GET.get(REDIRECT_FIELD_NAME, '')