From 7525b2d56b7db71c61b012c1de87f78a8ec9dac2 Mon Sep 17 00:00:00 2001 From: b1ek Date: Tue, 16 May 2023 19:35:20 +1000 Subject: [PATCH] complete server side auth --- pairent_backend/pairent_app/views.py | 20 ++++++++++++------- pairent_backend/requirements.txt | 3 ++- .../src/pages/LoggedIn/index.jsx | 15 ++++++++++++-- 3 files changed, 28 insertions(+), 10 deletions(-) diff --git a/pairent_backend/pairent_app/views.py b/pairent_backend/pairent_app/views.py index e008efc..d03c8db 100644 --- a/pairent_backend/pairent_app/views.py +++ b/pairent_backend/pairent_app/views.py @@ -16,7 +16,7 @@ from .serializer import (ApartamentListSerializer, PsychTestAddResultSerializer, PublicUserSerializer) -import json, math, random, re, requests +import json, math, random, re, requests, oidc_client, base64, hashlib class ApartamentViewSet(viewsets.ReadOnlyModelViewSet): """Вывод списка квартир или отдельной квартиры""" @@ -176,23 +176,27 @@ class UserLogin(APIView): # TODO: Remove csrf exempt when index.html is loaded through django @csrf_exempt def post(self, req: HttpRequest): + if (req.content_type != 'application/json'): res = HttpResponse({'error': 'bad content type'}); res.status_code = 400; return res; - + data = json.loads(req.body.decode('utf8')); - # if (not hasattr(data, 'code')): - # res = JsonResponse({'error': 'no code'}); - # res.status_code = 400; - # return res + if not ('code' in data and 'code_verifier' in data): + res = JsonResponse({'error': 'no code'}); + res.status_code = 400; + return res + + + print(data); cb = requests.post('https://vvsu.ru/connect/oauth2/token', { 'grant_type': 'authorization_code', 'redirect_uri': 'https://pairent.vvsu.ru/sign-in/', 'code': data['code'], - # 'code_verifier': data['code_verifier'], + 'code_verifier': data['code_verifier'], 'client_id': 'it-hub-client', 'client_secret': 'U8y@uPVee6Q^*729esHTo4Vd' }, headers={ @@ -201,6 +205,8 @@ class UserLogin(APIView): }); + + resp = HttpResponse(cb.content); resp.headers['Content-Type'] = cb.headers['Content-Type']; diff --git a/pairent_backend/requirements.txt b/pairent_backend/requirements.txt index fb3ac95..a367ef2 100644 --- a/pairent_backend/requirements.txt +++ b/pairent_backend/requirements.txt @@ -3,4 +3,5 @@ django djangorestframework django-cors-headers Pillow -requests \ No newline at end of file +requests +oic \ No newline at end of file diff --git a/pairent_frontend_react/src/pages/LoggedIn/index.jsx b/pairent_frontend_react/src/pages/LoggedIn/index.jsx index 0920d60..476983b 100644 --- a/pairent_frontend_react/src/pages/LoggedIn/index.jsx +++ b/pairent_frontend_react/src/pages/LoggedIn/index.jsx @@ -1,7 +1,7 @@ import React from "react"; import { styled } from "styled-components"; import { HashLoader } from "react-spinners"; -import { SigninResponse } from 'oidc-client-ts'; +import { SigninResponse, UserManager } from 'oidc-client-ts'; import { User } from "../../API/User"; import FloatingBox from "../../components/UI/FloatingBox"; @@ -37,7 +37,18 @@ export default class LoggedIn extends React.Component { async componentDidMount() { if (this.response.error) return; - console.log(await User.login(this.response)); + + let code_verifier = '?'; + // get code verifier + for (const key in localStorage) { + if (key.startsWith('oidc.')) { + code_verifier = JSON.parse(localStorage[key]).code_verifier; + localStorage.removeItem(key); + break; + } + } + + console.log(await User.login({...this.response, code_verifier})); } render() {