views.py 2.68 KB

Raw Blame History Permalink

import base64
from common.mixins import GenericView, IWABaseView
from rest_framework import status
from rest_framework_jwt.views import ObtainJSONWebToken
from common import response
from common.redis_cache import redis_handler as rh
from .consts import LOGIN_TIMES_LIMIT_EXPIRES, LOGIN_TIMES_LIMIT
from settings import conf

# Create your views here.

# https://auth-i.bmwgroup.net/auth/oauth2/
iwa_url_params = {
    'scope': 'openid',
    'response_type': 'code',
    'redirect_uri': conf.IWA_REDIRECT_URI,
    'client_id': conf.IWA_CLIENT_ID
}
iwa_url_params_str = '&'.join(['{0}={1}'.format(k, v) for k, v in iwa_url_params.items()])
iwa_url = '{0}intranetb2x/authorize?{1}'.format(conf.IWA_URL, iwa_url_params_str)
client_id_base64 = base64.b64encode('{0}:{1}'.format(
    conf.IWA_CLIENT_ID, conf.IWA_CLIENT_SECRET).encode('utf-8')).decode('utf-8')


class LoginView(ObtainJSONWebToken, GenericView):

    def post(self, request, *args, **kwargs):
        # 登录次数限制
        user_name = request.data.get('username', '')
        times = rh.get_login_times(user_name)
        if isinstance(times, int) and times >= LOGIN_TIMES_LIMIT:
            raise self.invalid_params(msg="重试次数限制")

        res = super(LoginView, self).post(request, *args, **kwargs)
        self.running_log.info('[users.login] username: {0}'.format(user_name))

        if res.status_code == status.HTTP_400_BAD_REQUEST:
            rh.set_login_times(user_name, LOGIN_TIMES_LIMIT_EXPIRES)
            raise self.invalid_params(msg="用户名或密码错误")
        serializer = self.get_serializer(data=request.data)
        serializer.is_valid()
        user = serializer.object.get('user')
        data = {
            'user_id': user.id,
            'user_name': user.username,
            'token': res.data.get('token'),
        }
        return response.ok(data=data)


class IWALoginView(IWABaseView, GenericView):

    def post(self, request, *args, **kwargs):
        code = request.data.get('code', '')
        # redirect_uri = request.data.get('redirect_uri', '')
        iwa_res = self.get_q_number(conf.IWA_URL, code, conf.IWA_REDIRECT_URI, client_id_base64)
        q_number = iwa_res.get('sub', '')
        self.running_log.info('iwa_res: {0}'.format(iwa_res))

        is_valid, data = self.validate(q_number)

        self.running_log.info('[users.iwalogin] [username: {0}] [params: {1}]'.format(q_number, request.data))

        if is_valid:
            return response.ok(data=data)
        else:
            self.no_permission(data)


class IWAUrlView(IWABaseView, GenericView):

    def get(self, request, *args, **kwargs):
        data = {
            'iwa_url': iwa_url,
        }
        return response.ok(data=data)