complete server side auth

This commit is contained in:
b1ek 2023-05-16 19:35:20 +10:00
parent a4987aff81
commit 7525b2d56b
Signed by: blek
GPG Key ID: 14546221E3595D0C
3 changed files with 28 additions and 10 deletions

View File

@ -16,7 +16,7 @@ from .serializer import (ApartamentListSerializer,
PsychTestAddResultSerializer, PsychTestAddResultSerializer,
PublicUserSerializer) PublicUserSerializer)
import json, math, random, re, requests import json, math, random, re, requests, oidc_client, base64, hashlib
class ApartamentViewSet(viewsets.ReadOnlyModelViewSet): class ApartamentViewSet(viewsets.ReadOnlyModelViewSet):
"""Вывод списка квартир или отдельной квартиры""" """Вывод списка квартир или отдельной квартиры"""
@ -176,23 +176,27 @@ class UserLogin(APIView):
# TODO: Remove csrf exempt when index.html is loaded through django # TODO: Remove csrf exempt when index.html is loaded through django
@csrf_exempt @csrf_exempt
def post(self, req: HttpRequest): def post(self, req: HttpRequest):
if (req.content_type != 'application/json'): if (req.content_type != 'application/json'):
res = HttpResponse({'error': 'bad content type'}); res = HttpResponse({'error': 'bad content type'});
res.status_code = 400; res.status_code = 400;
return res; return res;
data = json.loads(req.body.decode('utf8')); data = json.loads(req.body.decode('utf8'));
# if (not hasattr(data, 'code')): if not ('code' in data and 'code_verifier' in data):
# res = JsonResponse({'error': 'no code'}); res = JsonResponse({'error': 'no code'});
# res.status_code = 400; res.status_code = 400;
# return res return res
print(data);
cb = requests.post('https://vvsu.ru/connect/oauth2/token', { cb = requests.post('https://vvsu.ru/connect/oauth2/token', {
'grant_type': 'authorization_code', 'grant_type': 'authorization_code',
'redirect_uri': 'https://pairent.vvsu.ru/sign-in/', 'redirect_uri': 'https://pairent.vvsu.ru/sign-in/',
'code': data['code'], 'code': data['code'],
# 'code_verifier': data['code_verifier'], 'code_verifier': data['code_verifier'],
'client_id': 'it-hub-client', 'client_id': 'it-hub-client',
'client_secret': 'U8y@uPVee6Q^*729esHTo4Vd' 'client_secret': 'U8y@uPVee6Q^*729esHTo4Vd'
}, headers={ }, headers={
@ -201,6 +205,8 @@ class UserLogin(APIView):
}); });
resp = HttpResponse(cb.content); resp = HttpResponse(cb.content);
resp.headers['Content-Type'] = cb.headers['Content-Type']; resp.headers['Content-Type'] = cb.headers['Content-Type'];

View File

@ -3,4 +3,5 @@ django
djangorestframework djangorestframework
django-cors-headers django-cors-headers
Pillow Pillow
requests requests
oic

View File

@ -1,7 +1,7 @@
import React from "react"; import React from "react";
import { styled } from "styled-components"; import { styled } from "styled-components";
import { HashLoader } from "react-spinners"; import { HashLoader } from "react-spinners";
import { SigninResponse } from 'oidc-client-ts'; import { SigninResponse, UserManager } from 'oidc-client-ts';
import { User } from "../../API/User"; import { User } from "../../API/User";
import FloatingBox from "../../components/UI/FloatingBox"; import FloatingBox from "../../components/UI/FloatingBox";
@ -37,7 +37,18 @@ export default class LoggedIn extends React.Component {
async componentDidMount() { async componentDidMount() {
if (this.response.error) return; if (this.response.error) return;
console.log(await User.login(this.response));
let code_verifier = '?';
// get code verifier
for (const key in localStorage) {
if (key.startsWith('oidc.')) {
code_verifier = JSON.parse(localStorage[key]).code_verifier;
localStorage.removeItem(key);
break;
}
}
console.log(await User.login({...this.response, code_verifier}));
} }
render() { render() {