Skip to content
Snippets Groups Projects
Commit 113dc850 authored by Stefano Alberto Russo's avatar Stefano Alberto Russo
Browse files

Implemented cookie-based post login redirects.

parent 62ea8805
No related branches found
No related tags found
No related merge requests found
from mozilla_django_oidc.auth import OIDCAuthenticationBackend
from mozilla_django_oidc.views import OIDCAuthenticationCallbackView
from .core_app.utils import finalize_user_creation
from django.http import HttpResponseRedirect
# Setup logging
import logging
......@@ -18,9 +20,27 @@ class RosettaOIDCAuthenticationBackend(OIDCAuthenticationBackend):
return user
def get_userinfo(self, access_token, id_token, payload):
# Payload must contain the "email" key
return payload
class RosettaOIDCAuthenticationCallbackView(OIDCAuthenticationCallbackView):
def login_success(self):
# Call parent login_success but do not return
super(RosettaOIDCAuthenticationCallbackView, self).login_success()
logger.debug('Trying to get cookie-based post login redirect')
post_login_page = self.request.COOKIES.get('post_login_redirect')
if post_login_page:
logger.debug('Got "%s" and redirecting', post_login_page )
response = HttpResponseRedirect(post_login_page)
response.delete_cookie('post_login_redirect')
return response
else:
logger.debug('No cookie-based post login redirect found, redirecting to "%s"', self.success_url)
return HttpResponseRedirect(self.success_url)
......@@ -132,5 +132,8 @@ def private_view(wrapped_view):
else:
log_user_activity("DEBUG", "Redirecting to login since not authenticated", request)
return HttpResponseRedirect('/login')
logger.debug('Setting cookie-based post login redirect to "%s"', request.build_absolute_uri())
response = HttpResponseRedirect('/login')
response.set_cookie('post_login_redirect', request.build_absolute_uri())
return response
return private_view_wrapper
......@@ -36,9 +36,16 @@ def login_view(request):
data = {}
# Set post login page
post_login_page = request.COOKIES.get('post_login_redirect')
if post_login_page is None:
post_login_page = '/main'
# If authenticated user reloads the main URL
if request.method == 'GET' and request.user.is_authenticated:
return HttpResponseRedirect('/main/')
response = HttpResponseRedirect(post_login_page)
response.delete_cookie('post_login_redirect')
return response
else:
# If local auth disabled, just render login page
# (will be rendered an open id connect url only)
......@@ -73,7 +80,9 @@ def login_view(request):
user = authenticate(username=username, password=password)
if user:
login(request, user)
return HttpResponseRedirect('/main')
response = HttpResponseRedirect(post_login_page)
response.delete_cookie('post_login_redirect')
return response
else:
raise ErrorMessage('Check email and password')
else:
......@@ -138,8 +147,9 @@ def login_view(request):
loginToken.delete()
# Now redirect to site
return HttpResponseRedirect('/main/')
response = HttpResponseRedirect(post_login_page)
response.delete_cookie('post_login_redirect')
return response
# All other cases, render the login page again with no other data than title
return render(request, 'login.html', {'data': data})
......
......@@ -265,6 +265,9 @@ if OIDC_RP_CLIENT_ID:
OIDC_USE_NONCE = booleanize(os.environ.get('OIDC_USE_NONCE', False))
OIDC_TOKEN_USE_BASIC_AUTH = booleanize(os.environ.get('OIDC_TOKEN_USE_BASIC_AUTH', False))
# Custom callback to enable session-based post-login redirects
OIDC_CALLBACK_CLASS = 'rosetta.auth.RosettaOIDCAuthenticationCallbackView'
# Non-customizable stuff
LOGIN_REDIRECT_URL = '/'
LOGOUT_REDIRECT_URL = '/'
......@@ -278,3 +281,5 @@ if OIDC_RP_CLIENT_ID:
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment