complete server side auth

2023-05-16 19:35:20 +10:00 · 2023-05-16 19:35:20 +10:00 · 7525b2d56b
parent a4987aff81
commit 7525b2d56b
3 changed files with 28 additions and 10 deletions
--- a/pairent_backend/pairent_app/views.py
+++ b/pairent_backend/pairent_app/views.py
@ -16,7 +16,7 @@ from .serializer import (ApartamentListSerializer,
                         PsychTestAddResultSerializer,
                         PublicUserSerializer)

-import json, math, random, re, requests
+import json, math, random, re, requests, oidc_client, base64, hashlib

 class ApartamentViewSet(viewsets.ReadOnlyModelViewSet):
    """Вывод списка квартир или отдельной квартиры"""
@ -176,23 +176,27 @@ class UserLogin(APIView):
    # TODO: Remove csrf exempt when index.html is loaded through django
    @csrf_exempt
    def post(self, req: HttpRequest):
+
        if (req.content_type != 'application/json'):
            res = HttpResponse({'error': 'bad content type'});
            res.status_code = 400;
            return res;
-        
+
        data = json.loads(req.body.decode('utf8'));

-        # if (not hasattr(data, 'code')):
-        #     res = JsonResponse({'error': 'no code'});
-        #     res.status_code = 400;
-        #     return res
+        if not ('code' in data and 'code_verifier' in data):
+            res = JsonResponse({'error': 'no code'});
+            res.status_code = 400;
+            return res
+
+        
+        print(data);

        cb = requests.post('https://vvsu.ru/connect/oauth2/token', {
            'grant_type': 'authorization_code',
            'redirect_uri': 'https://pairent.vvsu.ru/sign-in/',
            'code': data['code'],
-            # 'code_verifier': data['code_verifier'],
+            'code_verifier': data['code_verifier'],
            'client_id': 'it-hub-client',
            'client_secret': 'U8y@uPVee6Q^*729esHTo4Vd'
        }, headers={
@ -201,6 +205,8 @@ class UserLogin(APIView):
        });


+
+
        resp = HttpResponse(cb.content);
        resp.headers['Content-Type'] = cb.headers['Content-Type'];

--- a/pairent_backend/requirements.txt
+++ b/pairent_backend/requirements.txt
@ -3,4 +3,5 @@ django
 djangorestframework
 django-cors-headers
 Pillow
-requests
+requests
+oic
--- a/pairent_frontend_react/src/pages/LoggedIn/index.jsx
+++ b/pairent_frontend_react/src/pages/LoggedIn/index.jsx
@ -1,7 +1,7 @@
 import React from "react";
 import { styled } from "styled-components";
 import { HashLoader } from "react-spinners";
-import { SigninResponse } from 'oidc-client-ts';
+import { SigninResponse, UserManager } from 'oidc-client-ts';
 import { User } from "../../API/User";
 import FloatingBox from "../../components/UI/FloatingBox";

@ -37,7 +37,18 @@ export default class LoggedIn extends React.Component {

    async componentDidMount() {
        if (this.response.error) return;
-        console.log(await User.login(this.response));
+        
+        let code_verifier = '?';
+        // get code verifier
+        for (const key in localStorage) {
+            if (key.startsWith('oidc.')) {
+                code_verifier = JSON.parse(localStorage[key]).code_verifier;
+                localStorage.removeItem(key);
+                break;
+            }
+        }
+
+        console.log(await User.login({...this.response, code_verifier}));
    }

    render() {