2016-08-11 22:05:13 +00:00
|
|
|
import logging
|
2017-06-06 09:12:37 +00:00
|
|
|
|
2018-02-05 16:56:37 +00:00
|
|
|
from django.views.decorators.csrf import csrf_exempt
|
|
|
|
|
2018-02-05 15:29:08 +00:00
|
|
|
from oidc_provider.lib.endpoints.introspection import TokenIntrospectionEndpoint
|
2016-10-31 20:07:06 +00:00
|
|
|
try:
|
|
|
|
from urllib import urlencode
|
|
|
|
from urlparse import urlsplit, parse_qs, urlunsplit
|
|
|
|
except ImportError:
|
|
|
|
from urllib.parse import urlsplit, parse_qs, urlunsplit, urlencode
|
2016-08-11 22:05:13 +00:00
|
|
|
|
2016-10-03 15:54:54 +00:00
|
|
|
from Cryptodome.PublicKey import RSA
|
2016-10-31 20:07:06 +00:00
|
|
|
from django.contrib.auth.views import (
|
|
|
|
redirect_to_login,
|
|
|
|
logout,
|
|
|
|
)
|
2018-02-01 17:00:57 +00:00
|
|
|
try:
|
2017-08-10 09:38:50 +00:00
|
|
|
from django.urls import reverse
|
2018-02-01 17:00:57 +00:00
|
|
|
except ImportError:
|
2017-08-10 09:38:50 +00:00
|
|
|
from django.core.urlresolvers import reverse
|
2017-06-06 09:12:37 +00:00
|
|
|
from django.contrib.auth import logout as django_user_logout
|
2018-06-19 16:09:45 +00:00
|
|
|
from django.http import JsonResponse, HttpResponse
|
2014-12-19 15:27:43 +00:00
|
|
|
from django.shortcuts import render
|
2015-01-29 17:03:17 +00:00
|
|
|
from django.template.loader import render_to_string
|
2016-10-28 18:25:52 +00:00
|
|
|
from django.utils.decorators import method_decorator
|
|
|
|
from django.views.decorators.clickjacking import xframe_options_exempt
|
2014-12-19 15:27:43 +00:00
|
|
|
from django.views.decorators.http import require_http_methods
|
|
|
|
from django.views.generic import View
|
2015-07-13 20:34:43 +00:00
|
|
|
from jwkest import long_to_base64
|
2015-03-04 19:24:41 +00:00
|
|
|
|
2018-02-01 17:00:57 +00:00
|
|
|
from oidc_provider.compat import get_attr_or_callable
|
2016-02-15 20:21:46 +00:00
|
|
|
from oidc_provider.lib.claims import StandardScopeClaims
|
2016-08-11 22:05:13 +00:00
|
|
|
from oidc_provider.lib.endpoints.authorize import AuthorizeEndpoint
|
|
|
|
from oidc_provider.lib.endpoints.token import TokenEndpoint
|
|
|
|
from oidc_provider.lib.errors import (
|
|
|
|
AuthorizeError,
|
|
|
|
ClientIdError,
|
|
|
|
RedirectUriError,
|
|
|
|
TokenError,
|
2018-02-05 15:29:08 +00:00
|
|
|
UserAuthError,
|
|
|
|
TokenIntrospectionError)
|
2016-10-31 20:07:06 +00:00
|
|
|
from oidc_provider.lib.utils.common import (
|
|
|
|
redirect,
|
|
|
|
get_site_url,
|
|
|
|
get_issuer,
|
2018-06-19 16:09:45 +00:00
|
|
|
cors_allow_any,
|
2016-10-31 20:07:06 +00:00
|
|
|
)
|
2016-02-15 20:13:19 +00:00
|
|
|
from oidc_provider.lib.utils.oauth2 import protected_resource_view
|
2016-10-31 20:07:06 +00:00
|
|
|
from oidc_provider.lib.utils.token import client_id_from_id_token
|
|
|
|
from oidc_provider.models import (
|
|
|
|
Client,
|
|
|
|
RESPONSE_TYPE_CHOICES,
|
|
|
|
RSAKey,
|
|
|
|
)
|
2016-02-15 20:13:19 +00:00
|
|
|
from oidc_provider import settings
|
2016-12-01 19:20:34 +00:00
|
|
|
from oidc_provider import signals
|
2014-12-19 15:27:43 +00:00
|
|
|
|
2018-02-05 15:29:08 +00:00
|
|
|
|
2015-06-19 20:46:00 +00:00
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
2017-05-05 03:19:57 +00:00
|
|
|
OIDC_TEMPLATES = settings.get('OIDC_TEMPLATES')
|
|
|
|
|
2015-06-19 20:46:00 +00:00
|
|
|
|
2014-12-19 15:27:43 +00:00
|
|
|
class AuthorizeView(View):
|
|
|
|
def get(self, request, *args, **kwargs):
|
|
|
|
|
|
|
|
authorize = AuthorizeEndpoint(request)
|
|
|
|
|
|
|
|
try:
|
|
|
|
authorize.validate_params()
|
|
|
|
|
2018-02-01 17:00:57 +00:00
|
|
|
if get_attr_or_callable(request.user, 'is_authenticated'):
|
2015-03-19 17:04:32 +00:00
|
|
|
# Check if there's a hook setted.
|
2016-01-19 20:37:32 +00:00
|
|
|
hook_resp = settings.get('OIDC_AFTER_USERLOGIN_HOOK', import_str=True)(
|
2015-03-19 17:04:32 +00:00
|
|
|
request=request, user=request.user,
|
|
|
|
client=authorize.client)
|
|
|
|
if hook_resp:
|
|
|
|
return hook_resp
|
2017-07-19 08:52:10 +00:00
|
|
|
|
2017-06-06 09:12:37 +00:00
|
|
|
if 'login' in authorize.params['prompt']:
|
|
|
|
if 'none' in authorize.params['prompt']:
|
2018-03-23 18:46:12 +00:00
|
|
|
raise AuthorizeError(
|
|
|
|
authorize.params['redirect_uri'], 'login_required',
|
|
|
|
authorize.grant_type)
|
2017-06-06 09:12:37 +00:00
|
|
|
else:
|
|
|
|
django_user_logout(request)
|
2017-07-19 08:52:10 +00:00
|
|
|
next_page = self.strip_prompt_login(request.get_full_path())
|
|
|
|
return redirect_to_login(next_page, settings.get('OIDC_LOGIN_URL'))
|
2017-06-06 09:12:37 +00:00
|
|
|
|
|
|
|
if 'select_account' in authorize.params['prompt']:
|
|
|
|
# TODO: see how we can support multiple accounts for the end-user.
|
|
|
|
if 'none' in authorize.params['prompt']:
|
2017-08-08 22:41:42 +00:00
|
|
|
raise AuthorizeError(
|
2018-03-23 18:46:12 +00:00
|
|
|
authorize.params['redirect_uri'], 'account_selection_required',
|
|
|
|
authorize.grant_type)
|
2017-06-06 09:12:37 +00:00
|
|
|
else:
|
|
|
|
django_user_logout(request)
|
2018-03-23 18:46:12 +00:00
|
|
|
return redirect_to_login(
|
|
|
|
request.get_full_path(), settings.get('OIDC_LOGIN_URL'))
|
2016-02-01 17:34:39 +00:00
|
|
|
|
2017-06-06 09:12:37 +00:00
|
|
|
if {'none', 'consent'}.issubset(authorize.params['prompt']):
|
2018-03-23 18:46:12 +00:00
|
|
|
raise AuthorizeError(
|
|
|
|
authorize.params['redirect_uri'], 'consent_required', authorize.grant_type)
|
2015-06-22 21:42:42 +00:00
|
|
|
|
2017-08-08 22:41:42 +00:00
|
|
|
implicit_flow_resp_types = {'id_token', 'id_token token'}
|
2017-07-07 11:18:36 +00:00
|
|
|
allow_skipping_consent = (
|
|
|
|
authorize.client.client_type != 'public' or
|
|
|
|
authorize.client.response_type in implicit_flow_resp_types)
|
|
|
|
|
|
|
|
if not authorize.client.require_consent and (
|
|
|
|
allow_skipping_consent and
|
|
|
|
'consent' not in authorize.params['prompt']):
|
|
|
|
return redirect(authorize.create_response_uri())
|
|
|
|
|
|
|
|
if authorize.client.reuse_consent:
|
|
|
|
# Check if user previously give consent.
|
|
|
|
if authorize.client_has_user_consent() and (
|
|
|
|
allow_skipping_consent and
|
|
|
|
'consent' not in authorize.params['prompt']):
|
2017-06-06 09:12:37 +00:00
|
|
|
return redirect(authorize.create_response_uri())
|
2016-06-01 15:09:40 +00:00
|
|
|
|
2017-06-06 09:12:37 +00:00
|
|
|
if 'none' in authorize.params['prompt']:
|
2018-03-23 18:46:12 +00:00
|
|
|
raise AuthorizeError(
|
|
|
|
authorize.params['redirect_uri'], 'consent_required', authorize.grant_type)
|
2016-06-01 15:09:40 +00:00
|
|
|
|
2015-01-29 17:03:17 +00:00
|
|
|
# Generate hidden inputs for the form.
|
2015-01-19 18:25:16 +00:00
|
|
|
context = {
|
2014-12-19 15:27:43 +00:00
|
|
|
'params': authorize.params,
|
2015-01-29 17:03:17 +00:00
|
|
|
}
|
2016-06-01 15:09:40 +00:00
|
|
|
hidden_inputs = render_to_string('oidc_provider/hidden_inputs.html', context)
|
2015-01-29 17:03:17 +00:00
|
|
|
|
2015-03-19 17:04:32 +00:00
|
|
|
# Remove `openid` from scope list
|
|
|
|
# since we don't need to print it.
|
2016-09-09 17:49:41 +00:00
|
|
|
if 'openid' in authorize.params['scope']:
|
|
|
|
authorize.params['scope'].remove('openid')
|
2015-01-29 17:03:17 +00:00
|
|
|
|
|
|
|
context = {
|
2014-12-19 15:27:43 +00:00
|
|
|
'client': authorize.client,
|
2015-01-29 17:03:17 +00:00
|
|
|
'hidden_inputs': hidden_inputs,
|
|
|
|
'params': authorize.params,
|
2016-06-16 20:18:39 +00:00
|
|
|
'scopes': authorize.get_scopes_information(),
|
2014-12-19 15:27:43 +00:00
|
|
|
}
|
|
|
|
|
2017-05-05 03:19:57 +00:00
|
|
|
return render(request, OIDC_TEMPLATES['authorize'], context)
|
2014-12-19 15:27:43 +00:00
|
|
|
else:
|
2017-06-06 09:12:37 +00:00
|
|
|
if 'none' in authorize.params['prompt']:
|
2018-03-23 18:46:12 +00:00
|
|
|
raise AuthorizeError(
|
|
|
|
authorize.params['redirect_uri'], 'login_required', authorize.grant_type)
|
2017-07-19 08:52:10 +00:00
|
|
|
if 'login' in authorize.params['prompt']:
|
|
|
|
next_page = self.strip_prompt_login(request.get_full_path())
|
|
|
|
return redirect_to_login(next_page, settings.get('OIDC_LOGIN_URL'))
|
2016-04-13 20:19:37 +00:00
|
|
|
|
2017-05-05 03:19:57 +00:00
|
|
|
return redirect_to_login(request.get_full_path(), settings.get('OIDC_LOGIN_URL'))
|
2014-12-19 15:27:43 +00:00
|
|
|
|
|
|
|
except (ClientIdError, RedirectUriError) as error:
|
2015-01-19 18:25:16 +00:00
|
|
|
context = {
|
2015-01-09 17:59:23 +00:00
|
|
|
'error': error.error,
|
|
|
|
'description': error.description,
|
|
|
|
}
|
|
|
|
|
2017-05-05 03:19:57 +00:00
|
|
|
return render(request, OIDC_TEMPLATES['error'], context)
|
2014-12-19 15:27:43 +00:00
|
|
|
|
2017-06-06 09:12:37 +00:00
|
|
|
except AuthorizeError as error:
|
2015-01-12 22:13:48 +00:00
|
|
|
uri = error.create_uri(
|
2016-09-09 17:49:41 +00:00
|
|
|
authorize.params['redirect_uri'],
|
|
|
|
authorize.params['state'])
|
2014-12-19 15:27:43 +00:00
|
|
|
|
2015-11-12 20:12:18 +00:00
|
|
|
return redirect(uri)
|
2014-12-19 15:27:43 +00:00
|
|
|
|
|
|
|
def post(self, request, *args, **kwargs):
|
|
|
|
authorize = AuthorizeEndpoint(request)
|
|
|
|
|
2015-06-15 19:04:44 +00:00
|
|
|
try:
|
2015-06-15 20:34:36 +00:00
|
|
|
authorize.validate_params()
|
2016-06-01 15:09:40 +00:00
|
|
|
|
2016-04-13 20:19:37 +00:00
|
|
|
if not request.POST.get('allow'):
|
2017-08-08 22:41:42 +00:00
|
|
|
signals.user_decline_consent.send(
|
2018-03-23 18:46:12 +00:00
|
|
|
self.__class__, user=request.user,
|
|
|
|
client=authorize.client, scope=authorize.params['scope'])
|
2016-12-01 19:20:34 +00:00
|
|
|
|
2016-09-09 17:49:41 +00:00
|
|
|
raise AuthorizeError(authorize.params['redirect_uri'],
|
2015-06-15 19:04:44 +00:00
|
|
|
'access_denied',
|
|
|
|
authorize.grant_type)
|
|
|
|
|
2017-08-08 22:41:42 +00:00
|
|
|
signals.user_accept_consent.send(
|
2018-03-23 18:46:12 +00:00
|
|
|
self.__class__, user=request.user, client=authorize.client,
|
|
|
|
scope=authorize.params['scope'])
|
2016-12-01 19:20:34 +00:00
|
|
|
|
2015-06-22 21:42:42 +00:00
|
|
|
# Save the user consent given to the client.
|
|
|
|
authorize.set_client_user_consent()
|
2014-12-19 15:27:43 +00:00
|
|
|
|
2015-06-22 21:42:42 +00:00
|
|
|
uri = authorize.create_response_uri()
|
2015-11-12 20:12:18 +00:00
|
|
|
|
|
|
|
return redirect(uri)
|
2014-12-19 15:27:43 +00:00
|
|
|
|
2017-08-08 22:41:42 +00:00
|
|
|
except AuthorizeError as error:
|
2015-01-30 20:20:36 +00:00
|
|
|
uri = error.create_uri(
|
2016-09-09 17:49:41 +00:00
|
|
|
authorize.params['redirect_uri'],
|
|
|
|
authorize.params['state'])
|
2014-12-19 15:27:43 +00:00
|
|
|
|
2015-11-12 20:12:18 +00:00
|
|
|
return redirect(uri)
|
2014-12-19 15:27:43 +00:00
|
|
|
|
2017-07-19 08:52:10 +00:00
|
|
|
@staticmethod
|
|
|
|
def strip_prompt_login(path):
|
|
|
|
"""
|
|
|
|
Strips 'login' from the 'prompt' query parameter.
|
|
|
|
"""
|
|
|
|
uri = urlsplit(path)
|
|
|
|
query_params = parse_qs(uri.query)
|
|
|
|
if 'login' in query_params['prompt']:
|
|
|
|
query_params['prompt'].remove('login')
|
|
|
|
if not query_params['prompt']:
|
|
|
|
del query_params['prompt']
|
|
|
|
uri = uri._replace(query=urlencode(query_params, doseq=True))
|
|
|
|
return urlunsplit(uri)
|
|
|
|
|
2015-03-04 19:24:41 +00:00
|
|
|
|
2014-12-19 15:27:43 +00:00
|
|
|
class TokenView(View):
|
|
|
|
def post(self, request, *args, **kwargs):
|
|
|
|
token = TokenEndpoint(request)
|
|
|
|
|
|
|
|
try:
|
|
|
|
token.validate_params()
|
|
|
|
|
|
|
|
dic = token.create_response_dic()
|
|
|
|
|
|
|
|
return TokenEndpoint.response(dic)
|
|
|
|
|
2017-05-05 03:19:57 +00:00
|
|
|
except TokenError as error:
|
2014-12-19 15:27:43 +00:00
|
|
|
return TokenEndpoint.response(error.create_dict(), status=400)
|
2017-05-05 03:19:57 +00:00
|
|
|
except UserAuthError as error:
|
|
|
|
return TokenEndpoint.response(error.create_dict(), status=403)
|
2014-12-19 15:27:43 +00:00
|
|
|
|
2015-03-04 19:24:41 +00:00
|
|
|
|
2018-06-19 16:09:45 +00:00
|
|
|
@require_http_methods(['GET', 'POST', 'OPTIONS'])
|
2016-02-15 20:13:19 +00:00
|
|
|
@protected_resource_view(['openid'])
|
|
|
|
def userinfo(request, *args, **kwargs):
|
|
|
|
"""
|
2018-02-05 15:29:08 +00:00
|
|
|
Create a dictionary with all the requested claims about the End-User.
|
2016-02-15 20:13:19 +00:00
|
|
|
See: http://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse
|
2014-12-19 15:27:43 +00:00
|
|
|
|
2018-02-05 15:29:08 +00:00
|
|
|
Return a dictionary.
|
2016-02-15 20:13:19 +00:00
|
|
|
"""
|
2018-06-19 16:09:45 +00:00
|
|
|
|
|
|
|
def set_headers(response):
|
|
|
|
response['Cache-Control'] = 'no-store'
|
|
|
|
response['Pragma'] = 'no-cache'
|
|
|
|
cors_allow_any(request, response)
|
|
|
|
return response
|
|
|
|
|
|
|
|
if request.method == 'OPTIONS':
|
|
|
|
return set_headers(HttpResponse())
|
|
|
|
|
2016-02-15 20:13:19 +00:00
|
|
|
token = kwargs['token']
|
2014-12-19 15:27:43 +00:00
|
|
|
|
2016-02-15 20:13:19 +00:00
|
|
|
dic = {
|
|
|
|
'sub': token.id_token.get('sub'),
|
|
|
|
}
|
2014-12-19 15:27:43 +00:00
|
|
|
|
2016-10-12 19:23:57 +00:00
|
|
|
standard_claims = StandardScopeClaims(token)
|
2016-02-15 20:13:19 +00:00
|
|
|
dic.update(standard_claims.create_response_dic())
|
|
|
|
|
2016-07-07 15:50:27 +00:00
|
|
|
if settings.get('OIDC_EXTRA_SCOPE_CLAIMS'):
|
2016-10-12 19:23:57 +00:00
|
|
|
extra_claims = settings.get('OIDC_EXTRA_SCOPE_CLAIMS', import_str=True)(token)
|
2016-07-07 15:50:27 +00:00
|
|
|
dic.update(extra_claims.create_response_dic())
|
2016-02-15 20:13:19 +00:00
|
|
|
|
2018-06-19 16:09:45 +00:00
|
|
|
success_response = JsonResponse(dic, status=200)
|
|
|
|
set_headers(success_response)
|
2016-05-30 16:28:07 +00:00
|
|
|
|
2018-06-19 16:09:45 +00:00
|
|
|
return success_response
|
2015-03-04 19:24:41 +00:00
|
|
|
|
|
|
|
|
|
|
|
class ProviderInfoView(View):
|
|
|
|
def get(self, request, *args, **kwargs):
|
2015-07-31 17:19:53 +00:00
|
|
|
dic = dict()
|
2015-03-04 19:24:41 +00:00
|
|
|
|
2016-05-25 21:58:58 +00:00
|
|
|
site_url = get_site_url(request=request)
|
|
|
|
dic['issuer'] = get_issuer(site_url=site_url, request=request)
|
2015-07-31 17:19:53 +00:00
|
|
|
|
2016-05-25 21:58:58 +00:00
|
|
|
dic['authorization_endpoint'] = site_url + reverse('oidc_provider:authorize')
|
|
|
|
dic['token_endpoint'] = site_url + reverse('oidc_provider:token')
|
|
|
|
dic['userinfo_endpoint'] = site_url + reverse('oidc_provider:userinfo')
|
2016-11-01 15:15:48 +00:00
|
|
|
dic['end_session_endpoint'] = site_url + reverse('oidc_provider:end-session')
|
2018-02-05 15:29:08 +00:00
|
|
|
dic['introspection_endpoint'] = site_url + reverse('oidc_provider:token-introspection')
|
2015-07-31 17:19:53 +00:00
|
|
|
|
2016-04-25 20:33:52 +00:00
|
|
|
types_supported = [x[0] for x in RESPONSE_TYPE_CHOICES]
|
2015-07-31 17:19:53 +00:00
|
|
|
dic['response_types_supported'] = types_supported
|
|
|
|
|
2016-05-25 21:58:58 +00:00
|
|
|
dic['jwks_uri'] = site_url + reverse('oidc_provider:jwks')
|
2015-07-31 17:19:53 +00:00
|
|
|
|
2016-03-22 23:48:30 +00:00
|
|
|
dic['id_token_signing_alg_values_supported'] = ['HS256', 'RS256']
|
2015-07-31 17:19:53 +00:00
|
|
|
|
|
|
|
# See: http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes
|
|
|
|
dic['subject_types_supported'] = ['public']
|
2015-03-04 19:24:41 +00:00
|
|
|
|
2016-08-08 17:54:40 +00:00
|
|
|
dic['token_endpoint_auth_methods_supported'] = ['client_secret_post',
|
|
|
|
'client_secret_basic']
|
2015-07-31 17:59:33 +00:00
|
|
|
|
2016-10-28 18:25:52 +00:00
|
|
|
if settings.get('OIDC_SESSION_MANAGEMENT_ENABLE'):
|
|
|
|
dic['check_session_iframe'] = site_url + reverse('oidc_provider:check-session-iframe')
|
|
|
|
|
2016-09-06 16:21:29 +00:00
|
|
|
response = JsonResponse(dic)
|
|
|
|
response['Access-Control-Allow-Origin'] = '*'
|
|
|
|
|
|
|
|
return response
|
2015-07-13 20:34:43 +00:00
|
|
|
|
|
|
|
|
|
|
|
class JwksView(View):
|
|
|
|
def get(self, request, *args, **kwargs):
|
|
|
|
dic = dict(keys=[])
|
|
|
|
|
2016-01-25 20:52:24 +00:00
|
|
|
for rsakey in RSAKey.objects.all():
|
2016-08-08 17:54:40 +00:00
|
|
|
public_key = RSA.importKey(rsakey.key).publickey()
|
2016-01-25 20:52:24 +00:00
|
|
|
dic['keys'].append({
|
|
|
|
'kty': 'RSA',
|
|
|
|
'alg': 'RS256',
|
|
|
|
'use': 'sig',
|
|
|
|
'kid': rsakey.kid,
|
|
|
|
'n': long_to_base64(public_key.n),
|
|
|
|
'e': long_to_base64(public_key.e),
|
|
|
|
})
|
2015-07-13 20:34:43 +00:00
|
|
|
|
2016-01-20 20:08:47 +00:00
|
|
|
response = JsonResponse(dic)
|
|
|
|
response['Access-Control-Allow-Origin'] = '*'
|
|
|
|
|
|
|
|
return response
|
2015-07-24 09:36:45 +00:00
|
|
|
|
|
|
|
|
2016-11-01 15:15:48 +00:00
|
|
|
class EndSessionView(View):
|
2015-07-24 09:36:45 +00:00
|
|
|
def get(self, request, *args, **kwargs):
|
2016-10-31 20:07:06 +00:00
|
|
|
id_token_hint = request.GET.get('id_token_hint', '')
|
|
|
|
post_logout_redirect_uri = request.GET.get('post_logout_redirect_uri', '')
|
|
|
|
state = request.GET.get('state', '')
|
2017-05-05 03:19:57 +00:00
|
|
|
client = None
|
2016-10-31 20:07:06 +00:00
|
|
|
|
2017-05-05 03:19:57 +00:00
|
|
|
next_page = settings.get('OIDC_LOGIN_URL')
|
|
|
|
after_end_session_hook = settings.get('OIDC_AFTER_END_SESSION_HOOK', import_str=True)
|
2016-10-31 20:07:06 +00:00
|
|
|
|
|
|
|
if id_token_hint:
|
|
|
|
client_id = client_id_from_id_token(id_token_hint)
|
|
|
|
try:
|
|
|
|
client = Client.objects.get(client_id=client_id)
|
|
|
|
if post_logout_redirect_uri in client.post_logout_redirect_uris:
|
|
|
|
if state:
|
|
|
|
uri = urlsplit(post_logout_redirect_uri)
|
|
|
|
query_params = parse_qs(uri.query)
|
|
|
|
query_params['state'] = state
|
|
|
|
uri = uri._replace(query=urlencode(query_params, doseq=True))
|
|
|
|
next_page = urlunsplit(uri)
|
|
|
|
else:
|
|
|
|
next_page = post_logout_redirect_uri
|
|
|
|
except Client.DoesNotExist:
|
|
|
|
pass
|
|
|
|
|
2017-05-05 03:19:57 +00:00
|
|
|
after_end_session_hook(
|
|
|
|
request=request,
|
|
|
|
id_token=id_token_hint,
|
|
|
|
post_logout_redirect_uri=post_logout_redirect_uri,
|
|
|
|
state=state,
|
|
|
|
client=client,
|
|
|
|
next_page=next_page
|
|
|
|
)
|
|
|
|
|
2016-10-31 20:07:06 +00:00
|
|
|
return logout(request, next_page=next_page)
|
2016-10-28 18:25:52 +00:00
|
|
|
|
|
|
|
|
|
|
|
class CheckSessionIframeView(View):
|
|
|
|
@method_decorator(xframe_options_exempt)
|
|
|
|
def dispatch(self, request, *args, **kwargs):
|
|
|
|
return super(CheckSessionIframeView, self).dispatch(request, *args, **kwargs)
|
|
|
|
|
|
|
|
def get(self, request, *args, **kwargs):
|
|
|
|
return render(request, 'oidc_provider/check_session_iframe.html', kwargs)
|
2018-02-05 15:29:08 +00:00
|
|
|
|
|
|
|
|
|
|
|
class TokenIntrospectionView(View):
|
2018-02-05 16:56:37 +00:00
|
|
|
@method_decorator(csrf_exempt)
|
|
|
|
def dispatch(self, request, *args, **kwargs):
|
|
|
|
return super(TokenIntrospectionView, self).dispatch(request, *args, **kwargs)
|
|
|
|
|
2018-02-05 15:29:08 +00:00
|
|
|
def post(self, request, *args, **kwargs):
|
|
|
|
introspection = TokenIntrospectionEndpoint(request)
|
|
|
|
|
|
|
|
try:
|
|
|
|
introspection.validate_params()
|
|
|
|
dic = introspection.create_response_dic()
|
|
|
|
return TokenIntrospectionEndpoint.response(dic)
|
|
|
|
except TokenIntrospectionError:
|
|
|
|
return TokenIntrospectionEndpoint.response({'active': False})
|