Add OIDC_AFTER_USERLOGIN_HOOK setting.

This commit is contained in:
juanifioren 2015-03-19 14:04:32 -03:00
parent 8578528f91
commit 2d3bf16b58
4 changed files with 36 additions and 1 deletions

View file

@ -4,6 +4,9 @@ All notable changes to this project will be documented in this file.
### [Unreleased] ### [Unreleased]
##### Added
- Setting OIDC_AFTER_USERLOGIN_HOOK.
### [0.0.1] - 2015-03-13 ### [0.0.1] - 2015-03-13
##### Added ##### Added

15
DOC.md
View file

@ -19,6 +19,7 @@ Before getting started there are some important things that you should know:
- [Settings](#settings) - [Settings](#settings)
- [SITE_URL](#site_url) - [SITE_URL](#site_url)
- [LOGIN_URL](#login_url) - [LOGIN_URL](#login_url)
- [OIDC_AFTER_USERLOGIN_HOOK](#oidc_after_userlogin_hook)
- [OIDC_CODE_EXPIRE](#oidc_code_expire) - [OIDC_CODE_EXPIRE](#oidc_code_expire)
- [OIDC_EXTRA_SCOPE_CLAIMS](#oidc_extra_scope_claims) - [OIDC_EXTRA_SCOPE_CLAIMS](#oidc_extra_scope_claims)
- [OIDC_IDTOKEN_EXPIRE](#oidc_idtoken_expire) - [OIDC_IDTOKEN_EXPIRE](#oidc_idtoken_expire)
@ -80,6 +81,20 @@ REQUIRED. Used to log the user in. [Read more in Django docs](https://docs.djang
Default is `/accounts/login/`. Default is `/accounts/login/`.
##### OIDC_AFTER_USERLOGIN_HOOK
OPTIONAL. Provide a way to plug into the process after the user has logged in, typically to perform some business logic.
Default is:
```python
def default_hook_func(request, user, client):
return None
```
Return `None` if you want to continue with the flow.
The typical situation will be checking some state of the user or maybe redirect him somewhere.
With request you have access to all OIDC parameters. Remember that if you redirect the user to another place then you need to take him back to the authorize endpoint (use `request.get_full_path()` as the value for a "next" parameter).
##### OIDC_CODE_EXPIRE ##### OIDC_CODE_EXPIRE
OPTIONAL. Expressed in seconds. OPTIONAL. Expressed in seconds.

View file

@ -17,6 +17,16 @@ class DefaultSettings(object):
""" """
return None return None
@property
def OIDC_AFTER_USERLOGIN_HOOK(self):
"""
OPTIONAL.
"""
def default_hook_func(request, user, client):
return None
return default_hook_func
@property @property
def OIDC_CODE_EXPIRE(self): def OIDC_CODE_EXPIRE(self):
""" """

View file

@ -22,6 +22,12 @@ class AuthorizeView(View):
authorize.validate_params() authorize.validate_params()
if request.user.is_authenticated(): if request.user.is_authenticated():
# Check if there's a hook setted.
hook_resp = settings.get('OIDC_AFTER_USERLOGIN_HOOK')(
request=request, user=request.user,
client=authorize.client)
if hook_resp:
return hook_resp
# Generate hidden inputs for the form. # Generate hidden inputs for the form.
context = { context = {
@ -30,7 +36,8 @@ class AuthorizeView(View):
hidden_inputs = render_to_string( hidden_inputs = render_to_string(
'oidc_provider/hidden_inputs.html', context) 'oidc_provider/hidden_inputs.html', context)
# Remove openid from scope list since we don't need to print it. # Remove `openid` from scope list
# since we don't need to print it.
authorize.params.scope.remove('openid') authorize.params.scope.remove('openid')
context = { context = {