Merge branch 'feature/admin2'

@@ -6,4 +6,5 @@ urlpatterns = [
     path(r'login/', views.LoginView.as_view()),
     path(r'login/', views.LoginView.as_view()),
     path(r'iwalogin/', views.IWALoginView.as_view()),
     path(r'iwalogin/', views.IWALoginView.as_view()),
     path(r'iwaurl/', views.IWAUrlView.as_view()),
     path(r'iwaurl/', views.IWAUrlView.as_view()),
+    path(r'adminlogin/', views.AdminLoginView.as_view()),
 ]
 ]

@@ -6,6 +6,11 @@ from common import response
 from common.redis_cache import redis_handler as rh
 from common.redis_cache import redis_handler as rh
 from .consts import LOGIN_TIMES_LIMIT_EXPIRES, LOGIN_TIMES_LIMIT
 from .consts import LOGIN_TIMES_LIMIT_EXPIRES, LOGIN_TIMES_LIMIT
 from settings import conf
 from settings import conf
+from django.urls import reverse
+from django.http import HttpResponseRedirect
+from django.contrib.auth import login as auth_login
+from django.conf import settings
+from django.shortcuts import resolve_url, redirect
 
 
 # Create your views here.
 # Create your views here.
 
 
@@ -53,15 +58,28 @@ class IWALoginView(IWABaseView, GenericView):
 
 
     def post(self, request, *args, **kwargs):
     def post(self, request, *args, **kwargs):
         code = request.data.get('code', '')
         code = request.data.get('code', '')
-        # redirect_uri = request.data.get('redirect_uri', '')
-        iwa_res = self.get_q_number(conf.IWA_URL, code, conf.IWA_REDIRECT_URI, client_id_base64)
-        q_number = iwa_res.get('sub', '')
-        self.running_log.info('iwa_res: {0}'.format(iwa_res))
-
-        is_valid, data = self.validate(q_number)
+        # is_admin = request.data.get('state', '') == 'admin'
+        q_number = self.get_q_number(conf.IWA_URL, code, conf.IWA_REDIRECT_URI, client_id_base64)
+
+        # if is_admin:
+        #
+        #     self.running_log.info('[admin_users.iwalogin] [username: {0}] [params: {1}]'.format(q_number, request.data))
+        #
+        #     is_valid, data = self.validate_admin(q_number)
+        #
+        #     if is_valid:
+        #         request.user = data
+        #         auth_login(request, data)
+        #         index_path = reverse('admin:index')
+        #         return HttpResponseRedirect(index_path)
+        #     else:
+        #         self.no_permission(data)
+        # else:
 
 
         self.running_log.info('[users.iwalogin] [username: {0}] [params: {1}]'.format(q_number, request.data))
         self.running_log.info('[users.iwalogin] [username: {0}] [params: {1}]'.format(q_number, request.data))
 
 
+        is_valid, data = self.validate(q_number)
+
         if is_valid:
         if is_valid:
             return response.ok(data=data)
             return response.ok(data=data)
         else:
         else:
@@ -75,3 +93,24 @@ class IWAUrlView(IWABaseView, GenericView):
             'iwa_url': iwa_url,
             'iwa_url': iwa_url,
         }
         }
         return response.ok(data=data)
         return response.ok(data=data)
+
+
+class AdminLoginView(IWABaseView, GenericView):
+
+    def get(self, request, *args, **kwargs):
+        code = request.GET.get('code', '')
+        # is_admin = request.GET.get('state', '') == 'admin'
+        q_number = self.get_q_number(conf.IWA_URL, code, conf.IWA_REDIRECT_URI, client_id_base64)
+
+        # self.running_log.info('code={0}, is_admin={1}'.format(code, is_admin))
+        self.running_log.info('[admin_users.iwalogin] [username: {0}] [params: {1}]'.format(q_number, request.data))
+
+        is_valid, data = self.validate_admin(q_number)
+
+        if is_valid:
+            request.user = data
+            auth_login(request, data)
+            index_path = reverse('admin:index')
+            return HttpResponseRedirect(index_path)
+        else:
+            self.no_permission(data)

 from django.contrib import admin
 from django.contrib import admin
+from django.urls import reverse
 from django.views.decorators.cache import never_cache
 from django.views.decorators.cache import never_cache
 from django.http import HttpResponseRedirect
 from django.http import HttpResponseRedirect
 from settings import conf
 from settings import conf
@@ -7,7 +8,7 @@ from settings import conf
 iwa_admin_url_params = {
 iwa_admin_url_params = {
     'scope': 'openid',
     'scope': 'openid',
     'response_type': 'code',
     'response_type': 'code',
-    'redirect_uri': conf.IWA_REDIRECT_URI,
+    'redirect_uri': conf.IWA_ADMIN_REDIRECT_URI,
     'client_id': conf.IWA_CLIENT_ID,
     'client_id': conf.IWA_CLIENT_ID,
     'acr_values': 'strongAuth4000Service'
     'acr_values': 'strongAuth4000Service'
 }
 }
@@ -21,7 +22,12 @@ class MyAdminSite(admin.AdminSite):
 
 
     @never_cache
     @never_cache
     def login(self, request, extra_context=None):
     def login(self, request, extra_context=None):
+        if request.method == 'GET' and self.has_permission(request):
+            # Already logged-in, redirect to admin index
+            index_path = reverse('admin:index', current_app=self.name)
+            return HttpResponseRedirect(index_path)
         return HttpResponseRedirect(iwa_admin_url)
         return HttpResponseRedirect(iwa_admin_url)
+        # return HttpResponseRedirect('https://staging-bmw-ocr.situdata.com/api/user/adminlogin/?state=admin&code=xxx')
 
 
 
 
 admin_site = MyAdminSite()
 admin_site = MyAdminSite()

@@ -135,7 +135,7 @@ class IWABaseView:
         iwa_user_url = '{0}intranetb2x/userinfo'.format(iwa_url_base)
         iwa_user_url = '{0}intranetb2x/userinfo'.format(iwa_url_base)
         res = requests.get(iwa_user_url, headers=headers)
         res = requests.get(iwa_user_url, headers=headers)
 
 
-        return res.json()
+        return res.json().get('sub', '')
 
 
     @staticmethod
     @staticmethod
     def validate(q_number):
     def validate(q_number):
@@ -159,3 +159,22 @@ class IWABaseView:
         else:
         else:
             msg = 'q_number user not found'
             msg = 'q_number user not found'
             return False, msg
             return False, msg
+
+    @staticmethod
+    def validate_admin(q_number):
+        if not q_number:
+            return False, 'get q_number empty'
+        user = get_user_model().objects.filter(username=q_number).first()
+        if user:
+            if not user.is_active:
+                msg = 'User account is disabled.'
+                return False, msg
+
+            if not user.is_superuser:
+                msg = 'User account is not admin user'
+                return False, msg
+
+            return True, user
+        else:
+            msg = 'q_number user not found'
+            return False, msg