From 2d3bf16b586a1bfd161122228d75e7c96829e1ff Mon Sep 17 00:00:00 2001
From: juanifioren <juanifioren@gmail.com>
Date: Thu, 19 Mar 2015 14:04:32 -0300
Subject: [PATCH] Add OIDC_AFTER_USERLOGIN_HOOK setting.

---
 CHANGELOG.md              |  3 +++
 DOC.md                    | 15 +++++++++++++++
 oidc_provider/settings.py | 10 ++++++++++
 oidc_provider/views.py    |  9 ++++++++-
 4 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 73b37b9..14b3e52 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,9 @@ All notable changes to this project will be documented in this file.
 
 ### [Unreleased]
 
+##### Added
+- Setting OIDC_AFTER_USERLOGIN_HOOK.
+
 ### [0.0.1] - 2015-03-13
 
 ##### Added
diff --git a/DOC.md b/DOC.md
index 795082f..06cc0d6 100644
--- a/DOC.md
+++ b/DOC.md
@@ -19,6 +19,7 @@ Before getting started there are some important things that you should know:
 - [Settings](#settings)
     - [SITE_URL](#site_url)
     - [LOGIN_URL](#login_url)
+    - [OIDC_AFTER_USERLOGIN_HOOK](#oidc_after_userlogin_hook)
     - [OIDC_CODE_EXPIRE](#oidc_code_expire)
     - [OIDC_EXTRA_SCOPE_CLAIMS](#oidc_extra_scope_claims)
     - [OIDC_IDTOKEN_EXPIRE](#oidc_idtoken_expire)
@@ -80,6 +81,20 @@ REQUIRED. Used to log the user in. [Read more in Django docs](https://docs.djang
 
 Default is `/accounts/login/`.
 
+##### OIDC_AFTER_USERLOGIN_HOOK
+OPTIONAL. Provide a way to plug into the process after the user has logged in, typically to perform some business logic.
+
+Default is:
+```python
+def default_hook_func(request, user, client):
+    return None
+```
+
+Return `None` if you want to continue with the flow.
+
+The typical situation will be checking some state of the user or maybe redirect him somewhere.
+With request you have access to all OIDC parameters. Remember that if you redirect the user to another place then you need to take him back to the authorize endpoint (use `request.get_full_path()` as the value for a "next" parameter).
+
 ##### OIDC_CODE_EXPIRE
 OPTIONAL. Expressed in seconds.
 
diff --git a/oidc_provider/settings.py b/oidc_provider/settings.py
index 80959c5..26288b8 100644
--- a/oidc_provider/settings.py
+++ b/oidc_provider/settings.py
@@ -17,6 +17,16 @@ class DefaultSettings(object):
         """
         return None
 
+    @property
+    def OIDC_AFTER_USERLOGIN_HOOK(self):
+        """
+        OPTIONAL.
+        """
+        def default_hook_func(request, user, client):
+            return None
+
+        return default_hook_func
+
     @property
     def OIDC_CODE_EXPIRE(self):
         """
diff --git a/oidc_provider/views.py b/oidc_provider/views.py
index 928b838..4850e30 100644
--- a/oidc_provider/views.py
+++ b/oidc_provider/views.py
@@ -22,6 +22,12 @@ class AuthorizeView(View):
             authorize.validate_params()
 
             if request.user.is_authenticated():
+                # Check if there's a hook setted.
+                hook_resp = settings.get('OIDC_AFTER_USERLOGIN_HOOK')(
+                    request=request, user=request.user,
+                    client=authorize.client)
+                if hook_resp:
+                    return hook_resp
 
                 # Generate hidden inputs for the form.
                 context = {
@@ -30,7 +36,8 @@ class AuthorizeView(View):
                 hidden_inputs = render_to_string(
                     'oidc_provider/hidden_inputs.html', context)
 
-                # Remove openid from scope list since we don't need to print it.
+                # Remove `openid` from scope list
+                # since we don't need to print it.
                 authorize.params.scope.remove('openid')
 
                 context = {