Add user consent logic to authorize endpoint.
This commit is contained in:
parent
544861abec
commit
503324ae66
2 changed files with 51 additions and 2 deletions
|
@ -1,5 +1,8 @@
|
||||||
|
from datetime import timedelta
|
||||||
import logging
|
import logging
|
||||||
|
|
||||||
|
from django.utils import timezone
|
||||||
|
|
||||||
from oidc_provider.lib.errors import *
|
from oidc_provider.lib.errors import *
|
||||||
from oidc_provider.lib.utils.params import *
|
from oidc_provider.lib.utils.params import *
|
||||||
from oidc_provider.lib.utils.token import *
|
from oidc_provider.lib.utils.token import *
|
||||||
|
@ -12,7 +15,6 @@ logger = logging.getLogger(__name__)
|
||||||
class AuthorizeEndpoint(object):
|
class AuthorizeEndpoint(object):
|
||||||
|
|
||||||
def __init__(self, request):
|
def __init__(self, request):
|
||||||
|
|
||||||
self.request = request
|
self.request = request
|
||||||
|
|
||||||
self.params = Params()
|
self.params = Params()
|
||||||
|
@ -138,3 +140,42 @@ class AuthorizeEndpoint(object):
|
||||||
uri += ('&state={0}'.format(self.params.state) if self.params.state else '')
|
uri += ('&state={0}'.format(self.params.state) if self.params.state else '')
|
||||||
|
|
||||||
return uri
|
return uri
|
||||||
|
|
||||||
|
def set_client_user_consent(self):
|
||||||
|
"""
|
||||||
|
Save the user consent given to a specific client.
|
||||||
|
|
||||||
|
Return None.
|
||||||
|
"""
|
||||||
|
expires_at = timezone.now() + timedelta(
|
||||||
|
days=settings.get('OIDC_USER_CONSENT_EXPIRE'))
|
||||||
|
|
||||||
|
uc, created = UserConsent.objects.get_or_create(
|
||||||
|
user=self.request.user,
|
||||||
|
client=self.client,
|
||||||
|
defaults={'expires_at': expires_at})
|
||||||
|
uc.scope = self.params.scope
|
||||||
|
|
||||||
|
# Rewrite expires_at if object already exists.
|
||||||
|
if not created:
|
||||||
|
uc.expires_at = expires_at
|
||||||
|
|
||||||
|
uc.save()
|
||||||
|
|
||||||
|
def client_has_user_consent(self):
|
||||||
|
"""
|
||||||
|
Check if already exists user consent for some client.
|
||||||
|
|
||||||
|
Return bool.
|
||||||
|
"""
|
||||||
|
value = False
|
||||||
|
try:
|
||||||
|
uc = UserConsent.objects.get(user=self.request.user,
|
||||||
|
client=self.client)
|
||||||
|
if (set(self.params.scope).issubset(uc.scope)) and \
|
||||||
|
not (uc.has_expired()):
|
||||||
|
value = True
|
||||||
|
except UserConsent.DoesNotExist:
|
||||||
|
pass
|
||||||
|
|
||||||
|
return value
|
||||||
|
|
|
@ -34,6 +34,12 @@ class AuthorizeView(View):
|
||||||
if hook_resp:
|
if hook_resp:
|
||||||
return hook_resp
|
return hook_resp
|
||||||
|
|
||||||
|
if settings.get('OIDC_USER_CONSENT_ENABLE'):
|
||||||
|
# Check if user previously give consent.
|
||||||
|
if authorize.client_has_user_consent():
|
||||||
|
uri = authorize.create_response_uri()
|
||||||
|
return HttpResponseRedirect(uri)
|
||||||
|
|
||||||
# Generate hidden inputs for the form.
|
# Generate hidden inputs for the form.
|
||||||
context = {
|
context = {
|
||||||
'params': authorize.params,
|
'params': authorize.params,
|
||||||
|
@ -85,8 +91,10 @@ class AuthorizeView(View):
|
||||||
'access_denied',
|
'access_denied',
|
||||||
authorize.grant_type)
|
authorize.grant_type)
|
||||||
|
|
||||||
uri = authorize.create_response_uri()
|
# Save the user consent given to the client.
|
||||||
|
authorize.set_client_user_consent()
|
||||||
|
|
||||||
|
uri = authorize.create_response_uri()
|
||||||
return HttpResponseRedirect(uri)
|
return HttpResponseRedirect(uri)
|
||||||
|
|
||||||
except (AuthorizeError) as error:
|
except (AuthorizeError) as error:
|
||||||
|
|
Loading…
Reference in a new issue