sso to thirdpart website (#5401)

2025-09-13 13:50:07 +00:00 · 2023-03-15 15:40:19 +08:00
parent bc7494b94b
commit 4ca0986384
7 changed files with 59 additions and 2 deletions
--- a/frontend/src/components/common/account.js
+++ b/frontend/src/components/common/account.js
@@ -3,7 +3,7 @@ import PropTypes from 'prop-types';
 import ReactDOM from 'react-dom';
 import { Utils } from '../../utils/utils';
 import { seafileAPI } from '../../utils/seafile-api';
-import { siteRoot, gettext, appAvatarURL } from '../../utils/constants';
+import { siteRoot, gettext, appAvatarURL, enableSSOToThirdpartWebsite } from '../../utils/constants';
 import toaster from '../toast';

 const propTypes = {
@@ -122,7 +122,7 @@ class Account extends Component {
        };
      } else if (isOrgStaff) {
        data = {
-          url: `${siteRoot}org/info/`,
+          url: enableSSOToThirdpartWebsite ? `${siteRoot}sso-to-thirdpart/` : `${siteRoot}org/info/`,
          text: gettext('Organization Admin')
        };
      } else if (isInstAdmin) {
--- a/frontend/src/utils/constants.js
+++ b/frontend/src/utils/constants.js
@@ -76,6 +76,7 @@ export const maxNumberOfFilesForFileupload = window.app.pageOptions.maxNumberOfF
 export const enableOCM = window.app.pageOptions.enableOCM;
 export const ocmRemoteServers = window.app.pageOptions.ocmRemoteServers;
 export const enableOCMViaWebdav = window.app.pageOptions.enableOCMViaWebdav;
+export const enableSSOToThirdpartWebsite = window.app.pageOptions.enableSSOToThirdpartWebsite;

 export const curNoteMsg = window.app.pageOptions.curNoteMsg;
 export const curNoteID = window.app.pageOptions.curNoteID;
--- a/seahub/settings.py
+++ b/seahub/settings.py
@@ -728,6 +728,11 @@ WEBDAV_SECRET_STRENGTH_LEVEL = 1

 ENABLE_USER_SET_CONTACT_EMAIL = False

+# SSO to thirdparty website
+ENABLE_SSO_TO_THIRDPART_WEBSITE = False
+THIRDPART_WEBSITE_SECRET_KEY = ''
+THIRDPART_WEBSITE_URL = ''
+
 #####################
 # Global AddressBook #
 #####################
--- a/seahub/templates/base_for_react.html
+++ b/seahub/templates/base_for_react.html
@@ -135,6 +135,7 @@
            curNoteID: '{{ request.cur_note.id }}',
            {% endif %}
            enableTC: {% if enable_terms_and_conditions %} true {% else %} false {% endif %},
+            enableSSOToThirdpartWebsite: {% if enable_sso_to_thirdpart_website %} true {% else %} false {% endif %},
            enableVideoThumbnail: {% if enable_video_thumbnail %} true {% else %} false {% endif %},
            showLogoutIcon: {% if show_logout_icon %} true {% else %} false {% endif %},
            additionalShareDialogNote: {% if additional_share_dialog_note %} {{ additional_share_dialog_note|safe }} {% else %} null {% endif %},
--- a/seahub/urls.py
+++ b/seahub/urls.py
@@ -6,6 +6,7 @@ from seahub.views import *
 from seahub.views.sysadmin import *
 from seahub.views.ajax import *
 from seahub.views.sso import *
+from seahub.views.sso_to_thirdpart import sso_to_thirdpart

 from seahub.views.file import view_history_file, view_trash_file,\
    view_snapshot_file, view_shared_file, view_file_via_shared_dir,\
@@ -203,6 +204,8 @@ urlpatterns = [
    url(r'^ocm-via-webdav/', include('seahub.ocm_via_webdav.urls')),
    url(r'^cad/', include('seahub.cad.urls')),

+    url(r'^sso-to-thirdpart/$', sso_to_thirdpart, name='sso-to-thirdpart'),
+
    url(r'^$', react_fake_view, name='libraries'),
    url(r'^robots\.txt$', TemplateView.as_view(template_name='robots.txt', content_type='text/plain')),

--- a/seahub/views/init.py
+++ b/seahub/views/init.py
@@ -1209,4 +1209,5 @@ def react_fake_view(request, **kwargs):
        'enable_video_thumbnail': settings.ENABLE_VIDEO_THUMBNAIL,
        'group_import_members_extra_msg': GROUP_IMPORT_MEMBERS_EXTRA_MSG,
        'request_from_onlyoffice_desktop_editor': ONLYOFFICE_DESKTOP_EDITOR_HTTP_USER_AGENT in request.META.get('HTTP_USER_AGENT', ''),
+        'enable_sso_to_thirdpart_website': settings.ENABLE_SSO_TO_THIRDPART_WEBSITE,
    })
--- a/seahub/views/sso_to_thirdpart.py
+++ b/seahub/views/sso_to_thirdpart.py
@@ -0,0 +1,46 @@
+# -*- coding: utf-8 -*-
+import time
+import logging
+
+import jwt
+from django.http import HttpResponseRedirect
+
+from seahub.auth.decorators import login_required
+from seahub.utils import render_error
+from seahub.api2.models import Token
+try:
+    from seahub.settings import ENABLE_SSO_TO_THIRDPART_WEBSITE, THIRDPART_WEBSITE_SECRET_KEY, THIRDPART_WEBSITE_URL
+except ImportError:
+    ENABLE_SSO_TO_THIRDPART_WEBSITE = False
+    THIRDPART_WEBSITE_SECRET_KEY = ''
+    THIRDPART_WEBSITE_URL = ''
+
+logger = logging.getLogger(__name__)
+
+
+@login_required
+def sso_to_thirdpart(request):
+    if not ENABLE_SSO_TO_THIRDPART_WEBSITE or not THIRDPART_WEBSITE_SECRET_KEY or not THIRDPART_WEBSITE_URL:
+        return render_error(request, 'Feature is not enabled.')
+
+    username = request.user.username
+    try:
+        api_token, _ = Token.objects.get_or_create(user=username)
+    except Exception as e:
+        logger.error(e)
+        return render_error(request, 'Internal Server Error')
+
+    payload = {
+        'exp': int(time.time()) + 100,
+        'user_id': username,
+        'api_token': api_token.key,
+    }
+
+    try:
+        access_token = jwt.encode(payload, THIRDPART_WEBSITE_SECRET_KEY, algorithm='HS256')
+    except Exception as e:
+        logger.error(e)
+        return render_error(request, 'Internal Server Error')
+
+    redirect_to = THIRDPART_WEBSITE_URL.strip('/') + '/?token=%s' % access_token
+    return HttpResponseRedirect(redirect_to)