kumidc/authentication/hooks/oidc.py
2022-08-04 13:15:10 +02:00

35 lines
No EOL
1.4 KiB
Python

from django.conf import settings
from django.contrib import messages
from django.urls import reverse_lazy
from django.shortcuts import resolve_url
from django.utils import timezone
from django.contrib.auth.views import redirect_to_login
from django.contrib.auth import REDIRECT_FIELD_NAME, logout
from urllib.parse import urlparse
from ..models.otp import TOTPSecret
def authorize_hook(request, user, client):
if request.session["LastActivity"] < (timezone.now() - timezone.timedelta(minutes=settings.REVERIFY_AFTER_INACTIVITY_MINUTES)).timestamp():
try:
assert user.totpsecret.active
destination = reverse_lazy("auth:reverify")
except (AssertionError, TOTPSecret.DoesNotExist):
messages.error(request, "Your session has timed out, please login again.")
logout(request)
destination = reverse_lazy("auth:login")
path = request.build_absolute_uri()
resolved_login_url = resolve_url(destination)
login_scheme, login_netloc = urlparse(resolved_login_url)[:2]
current_scheme, current_netloc = urlparse(path)[:2]
if (not login_scheme or login_scheme == current_scheme) and (
not login_netloc or login_netloc == current_netloc
):
path = request.get_full_path()
return redirect_to_login(path, resolved_login_url, REDIRECT_FIELD_NAME)
else:
return None