IT-Naturschutz/konova
7
1
Fork 0
Code Issues 6 Pull Requests 1 Actions Projects Releases 28 Wiki Activity

master #454

Merged
mpeltriaux merged 5 commits from master into Docker 2024-12-23 12:09:49 +01:00
Conversation 0 Commits 5 Files Changed 9 +17 -11
5 changed files with 17 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 9149e4cbd3 - Show all commits

1
.env.sample
View File

@ -37,6 +37,7 @@ SSO_SERVER_BASE_URL=https://login.naturschutz.rlp.de
OAUTH_CODE_VERIFIER=CHANGE_ME OAUTH_CODE_VERIFIER=CHANGE_ME
OAUTH_CLIENT_ID=CHANGE_ME OAUTH_CLIENT_ID=CHANGE_ME
OAUTH_CLIENT_SECRET=CHANGE_ME OAUTH_CLIENT_SECRET=CHANGE_ME
PROPAGATION_SECRET=CHANGE_ME
# RabbitMQ # RabbitMQ
## For connections to EGON ## For connections to EGON

13
api/models/token.py
View File

@ -155,15 +155,18 @@ class OAuthToken(UuidModel):
return user return user
def revoke(self) -> (int, int): def revoke(self) -> int:
""" Revokes the tokens of the user """ Revokes the OAuth2 token of the user
(/o/revoke_token/ indeed removes the corresponding access token on provider side and invalidates the
submitted refresh token in one step)
Returns: Returns:
revocation_status_codes (tuple): HTTP status code for revocation of access_token and refresh_token revocation_status_code (int): HTTP status code for revocation of refresh_token
""" """
revoke_url = f"{SSO_SERVER_BASE}o/revoke_token/" revoke_url = f"{SSO_SERVER_BASE}o/revoke_token/"
token = self.refresh_token token = self.refresh_token
revocation_status_codes = requests.post( revocation_status_code = requests.post(
revoke_url, revoke_url,
data={ data={
'token': token, 'token': token,
@ -172,5 +175,5 @@ class OAuthToken(UuidModel):
auth=(OAUTH_CLIENT_ID, OAUTH_CLIENT_SECRET), auth=(OAUTH_CLIENT_ID, OAUTH_CLIENT_SECRET),
).status_code ).status_code
return revocation_status_codes return revocation_status_code

2
konova/sub_settings/sso_settings.py
View File

@ -16,3 +16,5 @@ OAUTH_CODE_VERIFIER = env("OAUTH_CODE_VERIFIER")
OAUTH_CLIENT_ID = env("OAUTH_CLIENT_ID") OAUTH_CLIENT_ID = env("OAUTH_CLIENT_ID")
OAUTH_CLIENT_SECRET = env("OAUTH_CLIENT_SECRET") OAUTH_CLIENT_SECRET = env("OAUTH_CLIENT_SECRET")
PROPAGATION_SECRET = env("PROPAGATION_SECRET")

8
konova/views/oauth.py
View File

@ -115,10 +115,10 @@ class OAuthCallbackView(View):
if status_code_invalid: if status_code_invalid:
raise RuntimeError(f"OAuth access token could not be fetched: {access_code_response.text}") raise RuntimeError(f"OAuth access token could not be fetched: {access_code_response.text}")
oauth_access_token = OAuthToken.from_access_token_response(access_code_response_body, received_on) oauth_token = OAuthToken.from_access_token_response(access_code_response_body, received_on)
oauth_access_token.save() oauth_token.save()
user = oauth_access_token.update_and_get_user() user = oauth_token.update_and_get_user()
user.oauth_replace_token(oauth_access_token) user.oauth_replace_token(oauth_token)
login(request, user) login(request, user)
return redirect("home") return redirect("home")

4
user/views/propagate.py
View File

@ -16,7 +16,7 @@ from django.utils.decorators import method_decorator
from django.views import View from django.views import View
from django.views.decorators.csrf import csrf_exempt from django.views.decorators.csrf import csrf_exempt
from konova.sub_settings.sso_settings import OAUTH_CLIENT_ID from konova.sub_settings.sso_settings import PROPAGATION_SECRET
from user.models import User from user.models import User
@ -36,7 +36,7 @@ class PropagateUserView(View):
# Decrypt # Decrypt
encrypted_body = request.body encrypted_body = request.body
_hash = hashlib.md5() _hash = hashlib.md5()
_hash.update(OAUTH_CLIENT_ID.encode("utf-8")) _hash.update(PROPAGATION_SECRET.encode("utf-8"))
key = base64.urlsafe_b64encode(_hash.hexdigest().encode("utf-8")) key = base64.urlsafe_b64encode(_hash.hexdigest().encode("utf-8"))
fernet = Fernet(key) fernet = Fernet(key)
body = fernet.decrypt(encrypted_body).decode("utf-8") body = fernet.decrypt(encrypted_body).decode("utf-8")