kumidc/authentication/hooks/oidc.py

from django.conf import settings
from django.contrib import messages
from django.urls import reverse_lazy
from django.shortcuts import resolve_url
from django.utils import timezone
from django.contrib.auth.views import redirect_to_login
from django.contrib.auth import REDIRECT_FIELD_NAME, logout

from urllib.parse import urlparse

from ..models.otp import TOTPSecret


def authorize_hook(request, user, client):
    if request.session["LastActivity"] < (timezone.now() - timezone.timedelta(minutes=settings.REVERIFY_AFTER_INACTIVITY_MINUTES)).timestamp():
        try:
            assert user.totpsecret.active
            destination = reverse_lazy("auth:reverify")
        except (AssertionError, TOTPSecret.DoesNotExist):
            messages.error(request, "Your session has timed out, please login again.")
            logout(request)
            destination = reverse_lazy("auth:login")

        path = request.build_absolute_uri()
        resolved_login_url = resolve_url(destination)
        login_scheme, login_netloc = urlparse(resolved_login_url)[:2]
        current_scheme, current_netloc = urlparse(path)[:2]
        if (not login_scheme or login_scheme == current_scheme) and (
            not login_netloc or login_netloc == current_netloc
        ):
            path = request.get_full_path()     

        return redirect_to_login(path, resolved_login_url, REDIRECT_FIELD_NAME)
    else:
        return None
Lots of frontend work 2022-08-04 11:15:10 +00:00			`from django.conf import settings`
			`from django.contrib import messages`
			`from django.urls import reverse_lazy`
			`from django.shortcuts import resolve_url`
			`from django.utils import timezone`
			`from django.contrib.auth.views import redirect_to_login`
			`from django.contrib.auth import REDIRECT_FIELD_NAME, logout`

			`from urllib.parse import urlparse`

			`from ..models.otp import TOTPSecret`


			`def authorize_hook(request, user, client):`
			`if request.session["LastActivity"] < (timezone.now() - timezone.timedelta(minutes=settings.REVERIFY_AFTER_INACTIVITY_MINUTES)).timestamp():`
			`try:`
			`assert user.totpsecret.active`
			`destination = reverse_lazy("auth:reverify")`
			`except (AssertionError, TOTPSecret.DoesNotExist):`
			`messages.error(request, "Your session has timed out, please login again.")`
			`logout(request)`
			`destination = reverse_lazy("auth:login")`

			`path = request.build_absolute_uri()`
			`resolved_login_url = resolve_url(destination)`
			`login_scheme, login_netloc = urlparse(resolved_login_url)[:2]`
			`current_scheme, current_netloc = urlparse(path)[:2]`
			`if (not login_scheme or login_scheme == current_scheme) and (`
			`not login_netloc or login_netloc == current_netloc`
			`):`
			`path = request.get_full_path()`

			`return redirect_to_login(path, resolved_login_url, REDIRECT_FIELD_NAME)`
			`else:`
			`return None`