Add user consent logic to authorize endpoint.
This commit is contained in:
parent
544861abec
commit
503324ae66
2 changed files with 51 additions and 2 deletions
|
@ -1,5 +1,8 @@
|
|||
from datetime import timedelta
|
||||
import logging
|
||||
|
||||
from django.utils import timezone
|
||||
|
||||
from oidc_provider.lib.errors import *
|
||||
from oidc_provider.lib.utils.params import *
|
||||
from oidc_provider.lib.utils.token import *
|
||||
|
@ -12,7 +15,6 @@ logger = logging.getLogger(__name__)
|
|||
class AuthorizeEndpoint(object):
|
||||
|
||||
def __init__(self, request):
|
||||
|
||||
self.request = request
|
||||
|
||||
self.params = Params()
|
||||
|
@ -138,3 +140,42 @@ class AuthorizeEndpoint(object):
|
|||
uri += ('&state={0}'.format(self.params.state) if self.params.state else '')
|
||||
|
||||
return uri
|
||||
|
||||
def set_client_user_consent(self):
|
||||
"""
|
||||
Save the user consent given to a specific client.
|
||||
|
||||
Return None.
|
||||
"""
|
||||
expires_at = timezone.now() + timedelta(
|
||||
days=settings.get('OIDC_USER_CONSENT_EXPIRE'))
|
||||
|
||||
uc, created = UserConsent.objects.get_or_create(
|
||||
user=self.request.user,
|
||||
client=self.client,
|
||||
defaults={'expires_at': expires_at})
|
||||
uc.scope = self.params.scope
|
||||
|
||||
# Rewrite expires_at if object already exists.
|
||||
if not created:
|
||||
uc.expires_at = expires_at
|
||||
|
||||
uc.save()
|
||||
|
||||
def client_has_user_consent(self):
|
||||
"""
|
||||
Check if already exists user consent for some client.
|
||||
|
||||
Return bool.
|
||||
"""
|
||||
value = False
|
||||
try:
|
||||
uc = UserConsent.objects.get(user=self.request.user,
|
||||
client=self.client)
|
||||
if (set(self.params.scope).issubset(uc.scope)) and \
|
||||
not (uc.has_expired()):
|
||||
value = True
|
||||
except UserConsent.DoesNotExist:
|
||||
pass
|
||||
|
||||
return value
|
||||
|
|
|
@ -34,6 +34,12 @@ class AuthorizeView(View):
|
|||
if hook_resp:
|
||||
return hook_resp
|
||||
|
||||
if settings.get('OIDC_USER_CONSENT_ENABLE'):
|
||||
# Check if user previously give consent.
|
||||
if authorize.client_has_user_consent():
|
||||
uri = authorize.create_response_uri()
|
||||
return HttpResponseRedirect(uri)
|
||||
|
||||
# Generate hidden inputs for the form.
|
||||
context = {
|
||||
'params': authorize.params,
|
||||
|
@ -85,8 +91,10 @@ class AuthorizeView(View):
|
|||
'access_denied',
|
||||
authorize.grant_type)
|
||||
|
||||
uri = authorize.create_response_uri()
|
||||
# Save the user consent given to the client.
|
||||
authorize.set_client_user_consent()
|
||||
|
||||
uri = authorize.create_response_uri()
|
||||
return HttpResponseRedirect(uri)
|
||||
|
||||
except (AuthorizeError) as error:
|
||||
|
|
Loading…
Reference in a new issue