haiwen/seahub
1
0
Fork 0
mirror of https://github.com/haiwen/seahub.git synced 2025-09-20 02:48:51 +00:00
Code Issues Releases Wiki Activity

Merge pull request #5015 from haiwen/jwt-sso

Browse Source 
add jwt sso
This commit is contained in:
Daniel Pan
2021-11-01 11:54:48 +08:00
committed by GitHub
parent 104008c1b1 222c4e26d6
commit 4515b470c3
2 changed files with 43 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
seahub/urls.py
View File

@@ -193,6 +193,7 @@ urlpatterns = [
url(r'^accounts/', include('seahub.base.registration_urls')), url(r'^accounts/', include('seahub.base.registration_urls')),
url(r'^sso/$', sso, name='sso'), url(r'^sso/$', sso, name='sso'),
url(r'^jwt-sso/$', jwt_sso, name='jwt_sso'),
url(r'^shib-login/', shib_login, name="shib_login"), url(r'^shib-login/', shib_login, name="shib_login"),
url(r'^oauth/', include('seahub.oauth.urls')), url(r'^oauth/', include('seahub.oauth.urls')),
url(r'^thirdparty-editor/', include('seahub.thirdparty_editor.urls')), url(r'^thirdparty-editor/', include('seahub.thirdparty_editor.urls')),

42
seahub/views/sso.py
View File

@@ -1,10 +1,18 @@
# Copyright (c) 2012-2016 Seafile Ltd. # Copyright (c) 2012-2016 Seafile Ltd.
import jwt
import time
from django.conf import settings from django.conf import settings
from django.urls import reverse from django.urls import reverse
from django.http import HttpResponseRedirect from django.http import HttpResponseRedirect
from django.utils.http import is_safe_url, urlquote from django.utils.http import is_safe_url, urlquote
from django.utils.translation import ugettext as _
from seahub.base.templatetags.seahub_tags import email2nickname
from seahub.auth import REDIRECT_FIELD_NAME from seahub.auth import REDIRECT_FIELD_NAME
from seahub.utils import render_error
def sso(request): def sso(request):
# Ensure the user-originating redirection url is safe. # Ensure the user-originating redirection url is safe.
@@ -43,6 +51,40 @@ def sso(request):
return HttpResponseRedirect(next_page) return HttpResponseRedirect(next_page)
def jwt_sso(request):
ENABLE_JWT_SSO = getattr(settings, 'ENABLE_JWT_SSO', False)
JWT_SSO_SECRET_KEY = getattr(settings, 'JWT_SSO_SECRET_KEY', '')
JWT_SSO_EXPIRATION = getattr(settings, 'JWT_SSO_EXPIRATION', 60 * 60)
JWT_SSO_ALGORITHM = getattr(settings, 'JWT_SSO_ALGORITHM', 'HS256')
if not ENABLE_JWT_SSO:
error_msg = _("jwt sso feature is not enabled.")
return render_error(request, error_msg)
if not JWT_SSO_SECRET_KEY:
error_msg = _("jwt sso secret key is not set.")
return render_error(request, error_msg)
page_url = request.GET.get('page', '')
if not page_url:
error_msg = _("page parameter is not passed.")
return render_error(request, error_msg)
username = request.user.username
data = {
'exp': time.time() + JWT_SSO_EXPIRATION,
'email': username,
'name': email2nickname(username)
}
jwt_token = jwt.encode(data, JWT_SSO_SECRET_KEY, JWT_SSO_ALGORITHM)
redirect_to = "{}?jwt-token={}".format(page_url, jwt_token)
return HttpResponseRedirect(redirect_to)
def shib_login(request): def shib_login(request):
# client platform args used to create api v2 token # client platform args used to create api v2 token
next_page = request.GET.get(REDIRECT_FIELD_NAME, '') next_page = request.GET.get(REDIRECT_FIELD_NAME, '')