complete server side auth
This commit is contained in:
parent
a4987aff81
commit
7525b2d56b
|
@ -16,7 +16,7 @@ from .serializer import (ApartamentListSerializer,
|
||||||
PsychTestAddResultSerializer,
|
PsychTestAddResultSerializer,
|
||||||
PublicUserSerializer)
|
PublicUserSerializer)
|
||||||
|
|
||||||
import json, math, random, re, requests
|
import json, math, random, re, requests, oidc_client, base64, hashlib
|
||||||
|
|
||||||
class ApartamentViewSet(viewsets.ReadOnlyModelViewSet):
|
class ApartamentViewSet(viewsets.ReadOnlyModelViewSet):
|
||||||
"""Вывод списка квартир или отдельной квартиры"""
|
"""Вывод списка квартир или отдельной квартиры"""
|
||||||
|
@ -176,6 +176,7 @@ class UserLogin(APIView):
|
||||||
# TODO: Remove csrf exempt when index.html is loaded through django
|
# TODO: Remove csrf exempt when index.html is loaded through django
|
||||||
@csrf_exempt
|
@csrf_exempt
|
||||||
def post(self, req: HttpRequest):
|
def post(self, req: HttpRequest):
|
||||||
|
|
||||||
if (req.content_type != 'application/json'):
|
if (req.content_type != 'application/json'):
|
||||||
res = HttpResponse({'error': 'bad content type'});
|
res = HttpResponse({'error': 'bad content type'});
|
||||||
res.status_code = 400;
|
res.status_code = 400;
|
||||||
|
@ -183,16 +184,19 @@ class UserLogin(APIView):
|
||||||
|
|
||||||
data = json.loads(req.body.decode('utf8'));
|
data = json.loads(req.body.decode('utf8'));
|
||||||
|
|
||||||
# if (not hasattr(data, 'code')):
|
if not ('code' in data and 'code_verifier' in data):
|
||||||
# res = JsonResponse({'error': 'no code'});
|
res = JsonResponse({'error': 'no code'});
|
||||||
# res.status_code = 400;
|
res.status_code = 400;
|
||||||
# return res
|
return res
|
||||||
|
|
||||||
|
|
||||||
|
print(data);
|
||||||
|
|
||||||
cb = requests.post('https://vvsu.ru/connect/oauth2/token', {
|
cb = requests.post('https://vvsu.ru/connect/oauth2/token', {
|
||||||
'grant_type': 'authorization_code',
|
'grant_type': 'authorization_code',
|
||||||
'redirect_uri': 'https://pairent.vvsu.ru/sign-in/',
|
'redirect_uri': 'https://pairent.vvsu.ru/sign-in/',
|
||||||
'code': data['code'],
|
'code': data['code'],
|
||||||
# 'code_verifier': data['code_verifier'],
|
'code_verifier': data['code_verifier'],
|
||||||
'client_id': 'it-hub-client',
|
'client_id': 'it-hub-client',
|
||||||
'client_secret': 'U8y@uPVee6Q^*729esHTo4Vd'
|
'client_secret': 'U8y@uPVee6Q^*729esHTo4Vd'
|
||||||
}, headers={
|
}, headers={
|
||||||
|
@ -201,6 +205,8 @@ class UserLogin(APIView):
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
resp = HttpResponse(cb.content);
|
resp = HttpResponse(cb.content);
|
||||||
resp.headers['Content-Type'] = cb.headers['Content-Type'];
|
resp.headers['Content-Type'] = cb.headers['Content-Type'];
|
||||||
|
|
||||||
|
|
|
@ -4,3 +4,4 @@ djangorestframework
|
||||||
django-cors-headers
|
django-cors-headers
|
||||||
Pillow
|
Pillow
|
||||||
requests
|
requests
|
||||||
|
oic
|
|
@ -1,7 +1,7 @@
|
||||||
import React from "react";
|
import React from "react";
|
||||||
import { styled } from "styled-components";
|
import { styled } from "styled-components";
|
||||||
import { HashLoader } from "react-spinners";
|
import { HashLoader } from "react-spinners";
|
||||||
import { SigninResponse } from 'oidc-client-ts';
|
import { SigninResponse, UserManager } from 'oidc-client-ts';
|
||||||
import { User } from "../../API/User";
|
import { User } from "../../API/User";
|
||||||
import FloatingBox from "../../components/UI/FloatingBox";
|
import FloatingBox from "../../components/UI/FloatingBox";
|
||||||
|
|
||||||
|
@ -37,7 +37,18 @@ export default class LoggedIn extends React.Component {
|
||||||
|
|
||||||
async componentDidMount() {
|
async componentDidMount() {
|
||||||
if (this.response.error) return;
|
if (this.response.error) return;
|
||||||
console.log(await User.login(this.response));
|
|
||||||
|
let code_verifier = '?';
|
||||||
|
// get code verifier
|
||||||
|
for (const key in localStorage) {
|
||||||
|
if (key.startsWith('oidc.')) {
|
||||||
|
code_verifier = JSON.parse(localStorage[key]).code_verifier;
|
||||||
|
localStorage.removeItem(key);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
console.log(await User.login({...this.response, code_verifier}));
|
||||||
}
|
}
|
||||||
|
|
||||||
render() {
|
render() {
|
||||||
|
|
Loading…
Reference in New Issue