2015-01-08 20:55:24 +00:00
|
|
|
from datetime import timedelta
|
2015-03-02 20:37:54 +00:00
|
|
|
import time
|
|
|
|
import uuid
|
|
|
|
|
2015-07-27 14:33:28 +00:00
|
|
|
from Crypto.PublicKey.RSA import importKey
|
2015-01-08 20:55:24 +00:00
|
|
|
from django.utils import timezone
|
2015-08-12 03:50:05 +00:00
|
|
|
from hashlib import md5
|
2015-07-27 14:33:28 +00:00
|
|
|
from jwkest.jwk import RSAKey
|
|
|
|
from jwkest.jws import JWS
|
2015-03-02 20:37:54 +00:00
|
|
|
|
2015-07-13 20:37:13 +00:00
|
|
|
from oidc_provider.lib.utils.common import get_issuer, get_rsa_key
|
2015-02-18 18:07:22 +00:00
|
|
|
from oidc_provider.models import *
|
|
|
|
from oidc_provider import settings
|
2015-01-08 20:55:24 +00:00
|
|
|
|
|
|
|
|
2015-07-15 19:18:34 +00:00
|
|
|
def create_id_token(user, aud, nonce):
|
2015-01-28 18:19:36 +00:00
|
|
|
"""
|
2015-04-29 21:55:48 +00:00
|
|
|
Receives a user object and aud (audience).
|
|
|
|
Then creates the id_token dictionary.
|
2015-01-08 20:55:24 +00:00
|
|
|
See: http://openid.net/specs/openid-connect-core-1_0.html#IDToken
|
|
|
|
|
|
|
|
Return a dic.
|
2015-01-28 18:19:36 +00:00
|
|
|
"""
|
2015-07-13 20:37:13 +00:00
|
|
|
sub = settings.get('OIDC_IDTOKEN_SUB_GENERATOR')(user=user)
|
2015-04-29 21:55:48 +00:00
|
|
|
|
2015-02-26 19:14:36 +00:00
|
|
|
expires_in = settings.get('OIDC_IDTOKEN_EXPIRE')
|
2015-01-08 20:55:24 +00:00
|
|
|
|
|
|
|
# Convert datetimes into timestamps.
|
2015-07-15 19:18:34 +00:00
|
|
|
now = timezone.now()
|
2015-07-15 10:06:02 +00:00
|
|
|
iat_time = int(time.mktime(now.timetuple()))
|
|
|
|
exp_time = int(time.mktime((now + timedelta(seconds=expires_in)).timetuple()))
|
2015-04-29 21:55:48 +00:00
|
|
|
user_auth_time = user.last_login or user.date_joined
|
2015-07-15 10:06:02 +00:00
|
|
|
auth_time = int(time.mktime(user_auth_time.timetuple()))
|
2015-01-08 20:55:24 +00:00
|
|
|
|
|
|
|
dic = {
|
2015-04-29 21:55:48 +00:00
|
|
|
'iss': get_issuer(),
|
2015-03-02 20:37:54 +00:00
|
|
|
'sub': sub,
|
2015-07-27 18:50:02 +00:00
|
|
|
'aud': str(aud),
|
2015-01-08 20:55:24 +00:00
|
|
|
'exp': exp_time,
|
|
|
|
'iat': iat_time,
|
2015-04-29 21:55:48 +00:00
|
|
|
'auth_time': auth_time,
|
2015-01-08 20:55:24 +00:00
|
|
|
}
|
|
|
|
|
2015-07-10 12:44:26 +00:00
|
|
|
if nonce:
|
2015-07-27 18:50:02 +00:00
|
|
|
dic['nonce'] = str(nonce)
|
2015-07-10 12:44:26 +00:00
|
|
|
|
2015-01-08 20:55:24 +00:00
|
|
|
return dic
|
|
|
|
|
2015-01-28 18:19:36 +00:00
|
|
|
|
2015-07-27 14:33:28 +00:00
|
|
|
def encode_id_token(payload):
|
2015-01-28 18:19:36 +00:00
|
|
|
"""
|
2015-01-08 20:55:24 +00:00
|
|
|
Represent the ID Token as a JSON Web Token (JWT).
|
|
|
|
|
|
|
|
Return a hash.
|
2015-01-28 18:19:36 +00:00
|
|
|
"""
|
2015-08-12 03:50:05 +00:00
|
|
|
key_string = get_rsa_key().encode('utf-8')
|
|
|
|
keys = [ RSAKey(key=importKey(key_string), kid=md5(key_string).hexdigest()) ]
|
2015-07-27 14:33:28 +00:00
|
|
|
_jws = JWS(payload, alg='RS256')
|
2015-09-30 15:31:49 +00:00
|
|
|
return _jws.sign_compact(keys)
|
2015-01-08 20:55:24 +00:00
|
|
|
|
2015-01-28 18:19:36 +00:00
|
|
|
|
2015-01-08 20:55:24 +00:00
|
|
|
def create_token(user, client, id_token_dic, scope):
|
2015-01-28 18:19:36 +00:00
|
|
|
"""
|
2015-01-08 20:55:24 +00:00
|
|
|
Create and populate a Token object.
|
|
|
|
|
|
|
|
Return a Token object.
|
2015-01-28 18:19:36 +00:00
|
|
|
"""
|
2015-01-08 20:55:24 +00:00
|
|
|
token = Token()
|
|
|
|
token.user = user
|
|
|
|
token.client = client
|
|
|
|
token.access_token = uuid.uuid4().hex
|
|
|
|
|
|
|
|
token.id_token = id_token_dic
|
|
|
|
|
|
|
|
token.refresh_token = uuid.uuid4().hex
|
2015-01-28 20:00:04 +00:00
|
|
|
token.expires_at = timezone.now() + timedelta(
|
2015-02-26 19:14:36 +00:00
|
|
|
seconds=settings.get('OIDC_TOKEN_EXPIRE'))
|
2015-01-08 20:55:24 +00:00
|
|
|
token.scope = scope
|
|
|
|
|
2015-03-12 15:40:36 +00:00
|
|
|
return token
|
|
|
|
|
|
|
|
|
2015-07-15 19:23:36 +00:00
|
|
|
def create_code(user, client, scope, nonce):
|
2015-03-12 15:40:36 +00:00
|
|
|
"""
|
|
|
|
Create and populate a Code object.
|
|
|
|
|
|
|
|
Return a Code object.
|
|
|
|
"""
|
|
|
|
code = Code()
|
|
|
|
code.user = user
|
|
|
|
code.client = client
|
|
|
|
code.code = uuid.uuid4().hex
|
|
|
|
code.expires_at = timezone.now() + timedelta(
|
|
|
|
seconds=settings.get('OIDC_CODE_EXPIRE'))
|
|
|
|
code.scope = scope
|
2015-07-15 19:23:36 +00:00
|
|
|
code.nonce = nonce
|
2015-03-12 15:40:36 +00:00
|
|
|
|
2015-07-10 12:44:26 +00:00
|
|
|
return code
|