add login route, remove ambiguous migrations

This commit is contained in:
b1ek 2023-05-16 22:55:05 +10:00
parent b29204ff34
commit e73c1622c9
Signed by: blek
GPG Key ID: 14546221E3595D0C
3 changed files with 72 additions and 146 deletions

View File

@ -1,104 +0,0 @@
# Generated by Django 4.2.1 on 2023-05-15 14:41
import django.core.validators
from django.db import migrations, models
import django.db.models.deletion
class Migration(migrations.Migration):
dependencies = [
('pairent_app', '0005_user'),
]
operations = [
migrations.AlterModelOptions(
name='user',
options={'verbose_name': 'Пользователь', 'verbose_name_plural': 'Пользователи'},
),
migrations.AlterField(
model_name='user',
name='about_me',
field=models.CharField(max_length=1000, verbose_name='Поле "О Себе"'),
),
migrations.AlterField(
model_name='user',
name='city',
field=models.CharField(max_length=1000, null=True, verbose_name='Город пользователя'),
),
migrations.AlterField(
model_name='user',
name='comparison_apartments',
field=models.CharField(max_length=100, verbose_name='Квартиры для сравнения (CSV)'),
),
migrations.AlterField(
model_name='user',
name='date_of_birth',
field=models.DateField(verbose_name='Дата рождения пользователя'),
),
migrations.AlterField(
model_name='user',
name='discord',
field=models.CharField(max_length=1000, null=True, verbose_name='Дискорд ник пользователя'),
),
migrations.AlterField(
model_name='user',
name='email',
field=models.CharField(max_length=1000, null=True, verbose_name='Почтовый ящик пользователя в формате user@example.com'),
),
migrations.AlterField(
model_name='user',
name='favorites_apartments',
field=models.CharField(max_length=100, verbose_name='Избранные квартиры (CSV)'),
),
migrations.AlterField(
model_name='user',
name='gender',
field=models.CharField(max_length=1, verbose_name='Пол пользователя (f,m,n,?)'),
),
migrations.AlterField(
model_name='user',
name='name',
field=models.CharField(max_length=256, verbose_name='ФИО Пользователя'),
),
migrations.AlterField(
model_name='user',
name='openid_addr',
field=models.CharField(max_length=1000, verbose_name='Адрес Open ID Connect (login@provider.com, для ВВГУ - login@vvsu.ru)'),
),
migrations.AlterField(
model_name='user',
name='phone',
field=models.CharField(max_length=30, null=True, verbose_name='Телефон пользователя в международном формате (+00000000)'),
),
migrations.AlterField(
model_name='user',
name='role',
field=models.CharField(max_length=1, verbose_name='Роль пользователя (s - student, a - admin, m - moderator)'),
),
migrations.AlterField(
model_name='user',
name='telegram',
field=models.CharField(max_length=1000, null=True, verbose_name='Телеграм пользователя'),
),
migrations.CreateModel(
name='PsychTestAnswers',
fields=[
('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('first_question', models.IntegerField(validators=[django.core.validators.MaxValueValidator(5)], verbose_name='Ответ на первый вопрос')),
('second_question', models.IntegerField(validators=[django.core.validators.MaxValueValidator(5)], verbose_name='Ответ на второй вопрос')),
('third_question', models.IntegerField(validators=[django.core.validators.MaxValueValidator(5)], verbose_name='Ответ на третий вопрос')),
('fourth_question', models.IntegerField(validators=[django.core.validators.MaxValueValidator(5)], verbose_name='Ответ на четвертый вопрос')),
('fifth_question', models.IntegerField(validators=[django.core.validators.MaxValueValidator(5)], verbose_name='Ответ на пятый вопрос')),
('sixth_question', models.IntegerField(validators=[django.core.validators.MaxValueValidator(5)], verbose_name='Ответ на шестой вопрос')),
('seventh_question', models.IntegerField(validators=[django.core.validators.MaxValueValidator(5)], verbose_name='Ответ на седьмой вопрос')),
('eighth_question', models.IntegerField(validators=[django.core.validators.MaxValueValidator(5)], verbose_name='Ответ на восьмой вопрос')),
('nineth_question', models.IntegerField(validators=[django.core.validators.MaxValueValidator(5)], verbose_name='Ответ на девятый вопрос')),
('tenth_question', models.IntegerField(validators=[django.core.validators.MaxValueValidator(5)], verbose_name='Ответ на десятый вопрос')),
('eleventh_question', models.IntegerField(validators=[django.core.validators.MaxValueValidator(5)], verbose_name='Ответ на одиннадцатый вопрос')),
('twelfth_question', models.IntegerField(validators=[django.core.validators.MaxValueValidator(5)], verbose_name='Ответ на двенадцатый вопрос')),
('thirteenth_question', models.IntegerField(validators=[django.core.validators.MaxValueValidator(5)], verbose_name='Ответ на тринадцатый вопрос')),
('users', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='pairent_app.user', verbose_name='Пользователь')),
],
),
]

View File

@ -1,22 +0,0 @@
# Generated by Django 4.2.1 on 2023-05-15 15:23
from django.db import migrations
class Migration(migrations.Migration):
dependencies = [
('pairent_app', '0006_alter_user_options_alter_user_about_me_and_more'),
]
operations = [
migrations.AlterModelOptions(
name='psychtestanswers',
options={'verbose_name': 'Ответ на психологический тест', 'verbose_name_plural': 'Ответы на психологический тест'},
),
migrations.RenameField(
model_name='psychtestanswers',
old_name='users',
new_name='user',
),
]

View File

@ -172,11 +172,48 @@ def VVSUAuthProxy(req: Request):
return resp;
def regiserUser(oid, provider_id, name, date_of_birth):
user = User(
favorites_apartments='',
comparison_apartments='',
name=name,
date_of_birth=date_of_birth,
about_me='',
gender='?',
phone='+00000',
# email=,
# telegram=,
# discord=,
# city=,
role='s',
# photo_provider=,
openid_addr=oid,
openid_id=provider_id,
)
def get_oauth_token(remote, data):
return requests.post(remote + '/oauth2/token', data,
headers={
'Origin': 'https://pairent.vvsu.ru',
'Referer': 'https://pairent.vvsu.ru'
}).json();
def get_oauth_data(remote, key):
return requests.get(remote + '/userinfo', headers={
'Origin': 'https://pairent.vvsu.ru',
'Authorization': 'Bearer ' + key,
'User-Agent': 'curl/8.1'
}).json();
class UserLogin(APIView):
# TODO: Remove csrf exempt when index.html is loaded through django
@csrf_exempt
def post(self, req: HttpRequest):
if (req.session.has_key('auth_data')):
# TODO: Return user object instead of error
return JsonResponse({'error': 'already authenticated'})
if (req.content_type != 'application/json'):
res = HttpResponse({'error': 'bad content type'});
res.status_code = 400;
@ -187,31 +224,46 @@ class UserLogin(APIView):
if not ('code' in data and 'code_verifier' in data):
res = JsonResponse({'error': 'no code'});
res.status_code = 400;
return res;
# auth_data = get_oauth_token('https://vvsu.ru/connect', {
# 'grant_type': 'authorization_code',
# 'redirect_uri': 'https://pairent.vvsu.ru/sign-in/',
# 'code': data['code'],
# 'code_verifier': data['code_verifier'],
# 'client_id': 'it-hub-client',
# 'client_secret': 'U8y@uPVee6Q^*729esHTo4Vd'
# });
auth_data = {'access_token': '5kHvrjy91LJgJLKitejBBG24c7JiX45tEstKVHRpfHc._WQDwQ2F13aytbGFjlGnjXJeUWcDD1V3om3cRW0IujM', 'expires_in': 3600, 'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzpoeWRyYS5vcGVuaWQuaWQtdG9rZW4iLCJ0eXAiOiJKV1QifQ.eyJhY3IiOiIwIiwiYXRfaGFzaCI6IjRMR1dRekxVaXFodUVTYjU0QWFIM0EiLCJhdWQiOlsiaXQtaHViLWNsaWVudCJdLCJhdXRoX3RpbWUiOjE2ODQyMzc4MDksImNhbGxiYWNrX3VybCI6IiIsImV4cCI6MTY4NDI0MTQ1NSwiZmFtaWx5X25hbWUiOiLQn9GD0YHRgtC-0LLQsNC70L7QsiIsImdpdmVuX25hbWUiOiLQndC40LrQuNGC0LAiLCJpYXQiOjE2ODQyMzc4NTUsImlkIjoiMDk2Qzc4Q0QtNDk0My00RDU3LUJDNkQtNUNERTEyRjY4NkUzIiwiaXNzIjoiaHR0cHM6Ly93d3cudnZzdS5ydS9jb25uZWN0LyIsImp0aSI6IjEzMTBhNzcwLWFhZWUtNGExYS1hMTc1LWM3MzY3ZWM0ZjVhNyIsImxvZ2luIjoiaHR0cHM6Ly9vcGVuaWQudnZzdS5ydS9ibGVrX18iLCJvcGVuaWQiOiJodHRwczovL29wZW5pZC52dnN1LnJ1L2JsZWtfXyIsInBpY3R1cmUiOiJodHRwczovL3d3dy52dnN1LnJ1L29pc2twL3Bob3RvL3B0aC5hc3A_SUQ9MDk2Qzc4Q0QtNDk0My00RDU3LUJDNkQtNUNERTEyRjY4NkUzXHUwMDI2IiwicHJvZmlsZV91cmwiOm51bGwsInJhdCI6MTY4NDIzNzc5Nywic2lkIjoiOTYyYzg0OGYtZThkNS00ZDJjLWEwZmEtYjI5YmU3YjBlODAxIiwic3ViIjoiaHR0cHM6Ly9vcGVuaWQudnZzdS5ydS9ibGVrX18iLCJzdXJuYW1lIjoi0J_Rg9GB0YLQvtCy0LDQu9C-0LIiLCJ0aXRsZSI6ItCh0YLRg9C00LXQvdGCIiwidnZzdV9JZEVtcGwiOm51bGwsInZ2c3VfSWRTdHVkIjoiMTk3MDgwIiwidnZzdV9JZFVzZXIiOjE5MDQ4OSwidnZzdV9sb2dpbiI6ImJsZWtfXyJ9.A4BiOxpOqnesSiTGRdcTsC-lGhSABswivpUovD9EOdYmqKW753VlLcXQxfBPcfmq8Fdf7RmVvXTXPXYqkX7AKxQT-yUUm7XtJHCb85g2YfL64cjTP2sFYD6wPIU9nzXbCrsgKqKubY3p16Dn9VyrBCXE9N6jdbuNOFbWMLPLPlp7U5fx2SzVGaBMUONlTf8KiLkcisQoN4c_rPGqdi38gzhLf7WGEiKLOldXH1q-s_kPeObFvcdbsFrrnDPnJtdqBx8SF02wqJsrZlBiB9Hl-d6sSJYLZZWumFhS-qscfwRlTEZKqC-hWF5c9R8CUYewk89JxRvCcKrHZvPMip9j9vJF1_OjkSrC5EkGaprl765FgVPEBJqXj9LjGRkTOYfYUFAAMia_HhjtinQFp6XJ-Rh3JrmIfLAQ7DEUSOldMQ1xUw9GeHo_0sIsnjaM6lVx6M_SiDTWihxNu58DiI8tmvkdw7in95OJRoJZ30EhR3SGYsK3b51qdYK1aieufJHX40bN_S1gc84pisTg58z-zC5kGsjsZNv6gRSTO4oOpZMK1FMjv7HyasSMWEu-J052X4Qxquj4pWglpiGQNt3-E0jZUUjqmZ0-7AYiyEC_3IItBqWrve-LTXRF5faIZB5v3F3urY6Qjgn93m_AoK1oujfNAPk8WOLTv419CuC2fAc', 'scope': 'openid vvsu_IdUser vvsu_IdEmpl vvsu_IdStud vvsu_login given_name family_name', 'token_type': 'bearer'}
user = None;
new_user = False;
print(auth_data);
return JsonResponse(get_oauth_data('https://vvsu.ru/connect', auth_data['access_token']));
req.session['auth_data'] = vvsu_data;
if ('error' in vvsu_data):
res = JsonResponse(vvsu_data);
res.status_code = cb.status_code;
return res
vvsu_data['vvsu_login'] += '@vvsu.ru';
try:
user = User.objects.get(openid_addr=vvsu_data['vvsu_login']);
except User.DoesNotExist:
registerUser(vvsu_data['vvsu_login'], cb.id, f'{cb.given_name} {cb.family_name}');
user = User.objects.get(openid_addr=vvsu_data['vvsu_login']);
new_user = True;
print(data);
cb = requests.post('https://vvsu.ru/connect/oauth2/token', {
'grant_type': 'authorization_code',
'redirect_uri': 'https://pairent.vvsu.ru/sign-in/',
'code': data['code'],
'code_verifier': data['code_verifier'],
'client_id': 'it-hub-client',
'client_secret': 'U8y@uPVee6Q^*729esHTo4Vd'
}, headers={
'Origin': 'https://pairent.vvsu.ru',
'Referer': 'https://pairent.vvsu.ru'
return JsonResponse({
'user_data': user,
'new_user': new_user
});
resp = HttpResponse(cb.content);
resp.headers['Content-Type'] = cb.headers['Content-Type'];
return resp;
class UserGet(APIView):
def get(self, req: HttpRequest):
if not ('id' in req.GET.keys() or 'login' in req.GET.keys()):