merging with remote branch..

This commit is contained in:
Nicolas 2015-01-29 11:12:08 -03:00
commit c2d9f0c00d
6 changed files with 83 additions and 24 deletions

View file

@ -46,9 +46,29 @@ Add the provider urls.
# ... # ...
) )
Finally, add a login view and ensure that has the same url defined in `LOGIN_URL` setting. ********
Settings
********
Add required variables to your project settings.
.. code:: python
# REQUIRED.
# Your server provider url.
SITE_URL = 'http://localhost:8000'
# Used to log the user in.
# See: https://docs.djangoproject.com/en/1.7/ref/settings/#login-url
LOGIN_URL = '/accounts/login/'
# OPTIONAL.
DOP_CODE_EXPIRE = 60*10 # 10 min.
DOP_IDTOKEN_EXPIRE = 60*10, # 10 min.
DOP_TOKEN_EXPIRE = 60*60 # 1 hour.
See: https://docs.djangoproject.com/en/1.7/ref/settings/#login-url
******************** ********************
Create User & Client Create User & Client
@ -61,7 +81,7 @@ Then let's create a Client. Start django shell: ``python manage.py shell``.
.. code:: python .. code:: python
>>> from openid_provider.models import Client >>> from openid_provider.models import Client
>>> c = Client(name='Some Client', client_id='123', client_secret='456', client_type='confidential', response_type='code', redirect_uris=['http://example.com/']) >>> c = Client(name='Some Client', client_id='123', client_secret='456', response_type='code', redirect_uris=['http://example.com/'])
>>> c.save() >>> c.save()
******************* *******************

View file

@ -4,6 +4,8 @@ from datetime import timedelta
from django.utils import timezone from django.utils import timezone
from openid_provider import settings
from ..errors import * from ..errors import *
from ..utils.params import * from ..utils.params import *
from ..utils.token import * from ..utils.token import *
@ -99,7 +101,8 @@ class AuthorizeEndpoint(object):
code.user = self.request.user code.user = self.request.user
code.client = self.client code.client = self.client
code.code = uuid.uuid4().hex code.code = uuid.uuid4().hex
code.expires_at = timezone.now() + timedelta(seconds=60*10) # TODO: Add this into settings. code.expires_at = timezone.now() + timedelta(
seconds=settings.get('DOP_CODE_EXPIRE'))
code.scope = self.params.scope code.scope = self.params.scope
code.save() code.save()
@ -109,7 +112,7 @@ class AuthorizeEndpoint(object):
id_token_dic = create_id_token_dic( id_token_dic = create_id_token_dic(
self.request.user, self.request.user,
'http://localhost:8000', # TODO: Add this into settings. settings.get('SITE_URL'),
self.client.client_id) self.client.client_id)
token = create_token( token = create_token(
@ -121,14 +124,15 @@ class AuthorizeEndpoint(object):
# Store the token. # Store the token.
token.save() token.save()
id_token = encode_id_token(id_token_dic, self.client.client_secret) id_token = encode_id_token(
id_token_dic, self.client.client_secret)
# TODO: Check if response_type is 'id_token token' then # TODO: Check if response_type is 'id_token token' then
# add access_token to the fragment. # add access_token to the fragment.
uri = self.params.redirect_uri + '#token_type={0}&id_token={1}&expires_in={2}'.format( uri = self.params.redirect_uri + '#token_type={0}&id_token={1}&expires_in={2}'.format(
'bearer', 'bearer',
id_token, id_token,
60*10 60 * 10
) )
except: except:
raise AuthorizeError( raise AuthorizeError(
@ -137,6 +141,8 @@ class AuthorizeEndpoint(object):
self.grant_type) self.grant_type)
# Add state if present. # Add state if present.
uri = uri + ('&state={0}'.format(self.params.state) if self.params.state else '') uri = uri + \
('&state={0}'.format(self.params.state)
if self.params.state else '')
return uri return uri

View file

@ -5,6 +5,8 @@ try: # JsonResponse is only available in Django > 1.7
except ImportError: except ImportError:
from ..utils.http import JsonResponse from ..utils.http import JsonResponse
from openid_provider import settings
from ..utils.http import JsonResponse from ..utils.http import JsonResponse
from ..errors import * from ..errors import *
from ..utils.params import * from ..utils.params import *
@ -27,7 +29,8 @@ class TokenEndpoint(object):
self.params.client_id = query_dict.get('client_id', '') self.params.client_id = query_dict.get('client_id', '')
self.params.client_secret = query_dict.get('client_secret', '') self.params.client_secret = query_dict.get('client_secret', '')
self.params.redirect_uri = urllib.unquote(query_dict.get('redirect_uri', '')) self.params.redirect_uri = urllib.unquote(
query_dict.get('redirect_uri', ''))
self.params.grant_type = query_dict.get('grant_type', '') self.params.grant_type = query_dict.get('grant_type', '')
self.params.code = query_dict.get('code', '') self.params.code = query_dict.get('code', '')
self.params.state = query_dict.get('state', '') self.params.state = query_dict.get('state', '')
@ -48,7 +51,8 @@ class TokenEndpoint(object):
self.code = Code.objects.get(code=self.params.code) self.code = Code.objects.get(code=self.params.code)
if not (self.code.client == self.client) and not self.code.has_expired(): if not (self.code.client == self.client) and \
not self.code.has_expired():
raise TokenError('invalid_grant') raise TokenError('invalid_grant')
except Client.DoesNotExist: except Client.DoesNotExist:
@ -61,16 +65,14 @@ class TokenEndpoint(object):
id_token_dic = create_id_token_dic( id_token_dic = create_id_token_dic(
self.code.user, self.code.user,
'http://localhost:8000', # TODO: Add this into settings. settings.get('SITE_URL'),
self.client.client_id self.client.client_id)
)
token = create_token( token = create_token(
user=self.code.user, user=self.code.user,
client=self.code.client, client=self.code.client,
id_token_dic=id_token_dic, id_token_dic=id_token_dic,
scope=self.code.scope scope=self.code.scope)
)
# Store the token. # Store the token.
token.save() token.save()
@ -83,7 +85,7 @@ class TokenEndpoint(object):
dic = { dic = {
'access_token': token.access_token, 'access_token': token.access_token,
'token_type': 'bearer', 'token_type': 'bearer',
'expires_in': 60*60, # TODO: Add this into settings. 'expires_in': settings.get('DOP_TOKEN_EXPIRE'),
'id_token': id_token, 'id_token': id_token,
} }

View file

@ -4,6 +4,7 @@ import uuid
from datetime import timedelta from datetime import timedelta
from openid_provider import settings
from django.utils import timezone from django.utils import timezone
from openid_provider.models import * from openid_provider.models import *
@ -16,7 +17,7 @@ def create_id_token_dic(user, iss, aud):
Return a dic. Return a dic.
""" """
expires_in = 60*10 expires_in = settings.get('DOP_IDTOKEN_EXPIRE')
now = timezone.now() now = timezone.now()
@ -62,7 +63,8 @@ def create_token(user, client, id_token_dic, scope):
token.id_token = id_token_dic token.id_token = id_token_dic
token.refresh_token = uuid.uuid4().hex token.refresh_token = uuid.uuid4().hex
token.expires_at = timezone.now() + timedelta(seconds=60*60) # TODO: Add this into settings. token.expires_at = timezone.now() + timedelta(
seconds=settings.get('DOP_TOKEN_EXPIRE'))
token.scope = scope token.scope = scope
return token return token

View file

@ -0,0 +1,27 @@
from django.conf import settings
# Here goes all the package default settings.
default_settings = {
'DOP_CODE_EXPIRE': 60 * 10, # 10 min.
'DOP_IDTOKEN_EXPIRE': 60 * 10, # 10 min.
'DOP_TOKEN_EXPIRE': 60 * 60, # 1 hour.
'LOGIN_URL': None,
'SITE_URL': None,
}
def get(name):
"""
Helper function to use inside the package.
:param name:
:return:
"""
try:
value = default_settings[name]
value = getattr(settings, name)
except AttributeError:
if value == None:
raise Exception('You must set ' + name + ' in your settings.')
return value

View file

@ -15,6 +15,8 @@ from .lib.endpoints.authorize import *
from .lib.endpoints.token import * from .lib.endpoints.token import *
from .lib.endpoints.userinfo import * from .lib.endpoints.userinfo import *
from openid_provider import settings
class AuthorizeView(View): class AuthorizeView(View):
@ -39,7 +41,7 @@ class AuthorizeView(View):
else: else:
path = request.get_full_path() path = request.get_full_path()
return redirect_to_login( return redirect_to_login(
path, settings.LOGIN_URL, REDIRECT_FIELD_NAME) path, settings.get('LOGIN_URL'), REDIRECT_FIELD_NAME)
except (ClientIdError, RedirectUriError) as error: except (ClientIdError, RedirectUriError) as error:
context = { context = {