views.py
4.78 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
import base64
from common.mixins import GenericView, IWABaseView
from rest_framework import status
from rest_framework_jwt.views import ObtainJSONWebToken
from common import response
from common.redis_cache import redis_handler as rh
from .consts import LOGIN_TIMES_LIMIT_EXPIRES, LOGIN_TIMES_LIMIT
from settings import conf
from django.urls import reverse
from django.http import HttpResponseRedirect
from django.contrib.auth import login as auth_login
from apps.account.models import UserRole
# from django.conf import settings
# from django.shortcuts import resolve_url, redirect
# Create your views here.
# https://auth-i.bmwgroup.net/auth/oauth2/
iwa_url_params = {
'scope': 'openid',
'response_type': 'code',
'redirect_uri': conf.IWA_REDIRECT_URI,
'client_id': conf.IWA_CLIENT_ID
}
iwa_url_params_str = '&'.join(['{0}={1}'.format(k, v) for k, v in iwa_url_params.items()])
iwa_url = '{0}intranetb2x/authorize?{1}'.format(conf.IWA_URL, iwa_url_params_str)
client_id_base64 = base64.b64encode('{0}:{1}'.format(
conf.IWA_CLIENT_ID, conf.IWA_CLIENT_SECRET).encode('utf-8')).decode('utf-8')
class LoginView(ObtainJSONWebToken, GenericView):
def post(self, request, *args, **kwargs):
# 登录次数限制
remote_ip = request.META.get('HTTP_X_REAL_IP', '')
user_name = request.data.get('username', '')
times = rh.get_login_times(remote_ip)
if isinstance(times, str) and int(times) >= LOGIN_TIMES_LIMIT:
raise self.invalid_params(msg="重试次数限制")
res = super(LoginView, self).post(request, *args, **kwargs)
self.running_log.info('[users.login] username: {0}'.format(user_name))
if res.status_code == status.HTTP_400_BAD_REQUEST:
rh.set_login_times(remote_ip, LOGIN_TIMES_LIMIT_EXPIRES)
raise self.invalid_params(msg="用户名或密码错误")
serializer = self.get_serializer(data=request.data)
serializer.is_valid()
user = serializer.object.get('user')
user_role = UserRole.objects.filter(auth_user_id=user.id).first()
data = {
'user_id': user.id,
'user_name': user.username,
'token': res.data.get('token'),
'role': user_role.role if user_role else -1
}
rh.set_token(res.data.get('token')[-10:], user.username)
rh.set_token(res.data.get('token')[-11:], user_role.role if user_role else -1)
return response.ok(data=data)
class IWALoginView(IWABaseView, GenericView):
def post(self, request, *args, **kwargs):
code = request.data.get('code', '')
# is_admin = request.data.get('state', '') == 'admin'
q_number = self.get_q_number(conf.IWA_URL, code, conf.IWA_REDIRECT_URI, client_id_base64)
# if is_admin:
#
# self.running_log.info('[admin_users.iwalogin] [username: {0}] [params: {1}]'.format(q_number, request.data))
#
# is_valid, data = self.validate_admin(q_number)
#
# if is_valid:
# request.user = data
# auth_login(request, data)
# index_path = reverse('admin:index')
# return HttpResponseRedirect(index_path)
# else:
# self.no_permission(data)
# else:
self.running_log.info('[users.iwalogin] [username: {0}] [params: {1}]'.format(q_number, request.data))
is_valid, data = self.validate(q_number)
if is_valid:
user_role = UserRole.objects.filter(auth_user_id=data.get('user_id')).first()
data['role'] = user_role.role if user_role else -1
rh.set_token(data.get('token')[-10:], data.get('user_name'))
rh.set_token(data.get('token')[-11:], user_role.role if user_role else -1)
return response.ok(data=data)
else:
self.no_permission(data)
class IWAUrlView(IWABaseView, GenericView):
def get(self, request, *args, **kwargs):
data = {
'iwa_url': iwa_url,
}
return response.ok(data=data)
class AdminLoginView(IWABaseView, GenericView):
def get(self, request, *args, **kwargs):
code = request.GET.get('code', '')
# is_admin = request.GET.get('state', '') == 'admin'
q_number = self.get_q_number(conf.IWA_URL, code, conf.IWA_ADMIN_REDIRECT_URI, client_id_base64)
# self.running_log.info('code={0}, is_admin={1}'.format(code, is_admin))
self.running_log.info('[admin_users.iwalogin] [username: {0}] [params: {1}]'.format(q_number, request.GET))
is_valid, data = self.validate_admin(q_number)
if is_valid:
request.user = data
auth_login(request, data)
index_path = reverse('admin:index')
return HttpResponseRedirect(index_path)
else:
self.no_permission(data)