2017-04-18 09:25:16 +00:00
|
|
|
from hashlib import sha224
|
|
|
|
|
2015-03-04 19:24:41 +00:00
|
|
|
from django.core.urlresolvers import reverse
|
2015-11-12 20:12:18 +00:00
|
|
|
from django.http import HttpResponse
|
2015-03-04 19:24:41 +00:00
|
|
|
|
|
|
|
from oidc_provider import settings
|
|
|
|
|
2016-10-04 17:32:54 +00:00
|
|
|
try:
|
|
|
|
from urlparse import urlsplit, urlunsplit
|
|
|
|
except ImportError:
|
|
|
|
from urllib.parse import urlsplit, urlunsplit
|
|
|
|
|
|
|
|
|
|
|
|
def cleanup_url_from_query_string(uri):
|
|
|
|
"""
|
|
|
|
Function used to clean up the uri from any query string, used i.e. by endpoints to validate redirect_uri
|
|
|
|
|
|
|
|
:param uri: URI to clean from query string
|
|
|
|
:type uri: str
|
|
|
|
:return: cleaned URI without query string
|
|
|
|
"""
|
|
|
|
clean_uri = urlsplit(uri)
|
|
|
|
clean_uri = urlunsplit(clean_uri._replace(query=''))
|
|
|
|
return clean_uri
|
|
|
|
|
2015-03-04 19:24:41 +00:00
|
|
|
|
2015-11-12 20:12:18 +00:00
|
|
|
def redirect(uri):
|
|
|
|
"""
|
|
|
|
Custom Response object for redirecting to a Non-HTTP url scheme.
|
|
|
|
"""
|
|
|
|
response = HttpResponse('', status=302)
|
|
|
|
response['Location'] = uri
|
|
|
|
return response
|
|
|
|
|
|
|
|
|
2016-05-25 21:58:58 +00:00
|
|
|
def get_site_url(site_url=None, request=None):
|
|
|
|
"""
|
|
|
|
Construct the site url.
|
|
|
|
|
|
|
|
Orders to decide site url:
|
|
|
|
1. valid `site_url` parameter
|
|
|
|
2. valid `SITE_URL` in settings
|
|
|
|
3. construct from `request` object
|
|
|
|
"""
|
|
|
|
site_url = site_url or settings.get('SITE_URL')
|
|
|
|
if site_url:
|
|
|
|
return site_url
|
|
|
|
elif request:
|
|
|
|
return '{}://{}'.format(request.scheme, request.get_host())
|
|
|
|
else:
|
|
|
|
raise Exception('Either pass `site_url`, '
|
|
|
|
'or set `SITE_URL` in settings, '
|
|
|
|
'or pass `request` object.')
|
|
|
|
|
2017-04-18 09:25:16 +00:00
|
|
|
|
2016-05-25 21:58:58 +00:00
|
|
|
def get_issuer(site_url=None, request=None):
|
2015-07-13 20:36:15 +00:00
|
|
|
"""
|
|
|
|
Construct the issuer full url. Basically is the site url with some path
|
|
|
|
appended.
|
|
|
|
"""
|
2016-05-25 21:58:58 +00:00
|
|
|
site_url = get_site_url(site_url=site_url, request=request)
|
2016-11-01 15:15:48 +00:00
|
|
|
path = reverse('oidc_provider:provider-info') \
|
2016-01-16 10:35:26 +00:00
|
|
|
.split('/.well-known/openid-configuration')[0]
|
2015-07-13 20:36:15 +00:00
|
|
|
issuer = site_url + path
|
2015-03-04 19:24:41 +00:00
|
|
|
|
2016-09-21 13:20:03 +00:00
|
|
|
return str(issuer)
|
2015-07-13 20:36:15 +00:00
|
|
|
|
|
|
|
|
2016-07-07 15:50:27 +00:00
|
|
|
def default_userinfo(claims, user):
|
2016-01-12 18:17:22 +00:00
|
|
|
"""
|
2016-07-07 15:50:27 +00:00
|
|
|
Default function for setting OIDC_USERINFO.
|
|
|
|
`claims` is a dict that contains all the OIDC standard claims.
|
2016-01-12 18:17:22 +00:00
|
|
|
"""
|
2016-07-07 15:50:27 +00:00
|
|
|
return claims
|
2016-01-12 18:17:22 +00:00
|
|
|
|
|
|
|
|
|
|
|
def default_sub_generator(user):
|
|
|
|
"""
|
|
|
|
Default function for setting OIDC_IDTOKEN_SUB_GENERATOR.
|
|
|
|
"""
|
|
|
|
return str(user.id)
|
2016-01-19 20:37:32 +00:00
|
|
|
|
|
|
|
|
|
|
|
def default_after_userlogin_hook(request, user, client):
|
|
|
|
"""
|
|
|
|
Default function for setting OIDC_AFTER_USERLOGIN_HOOK.
|
|
|
|
"""
|
|
|
|
return None
|
2016-02-12 16:02:35 +00:00
|
|
|
|
2017-01-27 08:05:25 +00:00
|
|
|
|
2017-03-31 12:00:24 +00:00
|
|
|
def default_after_end_session_hook(request, id_token=None, post_logout_redirect_uri=None, state=None, client=None, next_page=None):
|
2017-01-27 08:05:25 +00:00
|
|
|
"""
|
2017-03-31 12:00:24 +00:00
|
|
|
Default function for setting OIDC_AFTER_END_SESSION_HOOK.
|
2017-01-27 08:05:25 +00:00
|
|
|
|
|
|
|
:param request: Django request object
|
|
|
|
:type request: django.http.HttpRequest
|
|
|
|
|
|
|
|
:param id_token: token passed by `id_token_hint` url query param - do NOT trust this param or validate token
|
|
|
|
:type id_token: str
|
|
|
|
|
|
|
|
:param post_logout_redirect_uri: redirect url from url query param - do NOT trust this param
|
|
|
|
:type post_logout_redirect_uri: str
|
|
|
|
|
|
|
|
:param state: state param from url query params
|
|
|
|
:type state: str
|
|
|
|
|
|
|
|
:param client: If id_token has `aud` param and associated Client exists, this is an instance of it - do NOT trust this param
|
|
|
|
:type client: oidc_provider.models.Client
|
|
|
|
|
|
|
|
:param next_page: calculated next_page redirection target
|
|
|
|
:type next_page: str
|
|
|
|
:return:
|
|
|
|
"""
|
|
|
|
return None
|
|
|
|
|
|
|
|
|
2016-02-25 09:46:10 +00:00
|
|
|
def default_idtoken_processing_hook(id_token, user):
|
2016-02-12 16:02:35 +00:00
|
|
|
"""
|
|
|
|
Hook to perform some additional actions ti `id_token` dictionary just before serialization.
|
|
|
|
|
|
|
|
:param id_token: dictionary contains values that going to be serialized into `id_token`
|
|
|
|
:type id_token: dict
|
2016-02-25 13:10:07 +00:00
|
|
|
|
2016-02-25 09:46:10 +00:00
|
|
|
:param user: user for whom id_token is generated
|
|
|
|
:type user: User
|
2016-02-25 13:10:07 +00:00
|
|
|
|
2016-02-12 16:02:35 +00:00
|
|
|
:return: custom modified dictionary of values for `id_token`
|
|
|
|
:rtype dict
|
|
|
|
"""
|
|
|
|
return id_token
|
2017-04-18 09:25:16 +00:00
|
|
|
|
|
|
|
|
|
|
|
def get_browser_state_or_default(request):
|
|
|
|
"""
|
|
|
|
Determine value to use as session state.
|
|
|
|
"""
|
|
|
|
key = request.session.session_key or settings.get('OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY')
|
|
|
|
return sha224(key.encode('utf-8')).hexdigest()
|