Merge branch 'feature/admin2'

周伟奇
Showing 4 changed files with 73 additions and 8 deletions
src/apps/account/urls.py
src/apps/account/views.py
src/apps/myadmin/admin.py
src/common/mixins.py
--- a/src/apps/account/urls.py
View file @ba9f0a4
+++ b/src/apps/account/urls.py
View file @ba9f0a4
@@ -6,4 +6,5 @@ urlpatterns = [
    path(r'login/', views.LoginView.as_view()),
    path(r'iwalogin/', views.IWALoginView.as_view()),
    path(r'iwaurl/', views.IWAUrlView.as_view()),
+    path(r'adminlogin/', views.AdminLoginView.as_view()),
 ]
--- a/src/apps/account/views.py
View file @ba9f0a4
+++ b/src/apps/account/views.py
View file @ba9f0a4
@@ -6,6 +6,11 @@ from common import response
 from common.redis_cache import redis_handler as rh
 from .consts import LOGIN_TIMES_LIMIT_EXPIRES, LOGIN_TIMES_LIMIT
 from settings import conf
+from django.urls import reverse
+from django.http import HttpResponseRedirect
+from django.contrib.auth import login as auth_login
+from django.conf import settings
+from django.shortcuts import resolve_url, redirect

 # Create your views here.

@@ -53,15 +58,28 @@ class IWALoginView(IWABaseView, GenericView):

    def post(self, request, *args, **kwargs):
        code = request.data.get('code', '')
-        # redirect_uri = request.data.get('redirect_uri', '')
-        iwa_res = self.get_q_number(conf.IWA_URL, code, conf.IWA_REDIRECT_URI, client_id_base64)
-        q_number = iwa_res.get('sub', '')
-        self.running_log.info('iwa_res: {0}'.format(iwa_res))
-
-        is_valid, data = self.validate(q_number)
+        # is_admin = request.data.get('state', '') == 'admin'
+        q_number = self.get_q_number(conf.IWA_URL, code, conf.IWA_REDIRECT_URI, client_id_base64)
+
+        # if is_admin:
+        #
+        #     self.running_log.info('[admin_users.iwalogin] [username: {0}] [params: {1}]'.format(q_number, request.data))
+        #
+        #     is_valid, data = self.validate_admin(q_number)
+        #
+        #     if is_valid:
+        #         request.user = data
+        #         auth_login(request, data)
+        #         index_path = reverse('admin:index')
+        #         return HttpResponseRedirect(index_path)
+        #     else:
+        #         self.no_permission(data)
+        # else:

        self.running_log.info('[users.iwalogin] [username: {0}] [params: {1}]'.format(q_number, request.data))

+        is_valid, data = self.validate(q_number)
+
        if is_valid:
            return response.ok(data=data)
        else:
@@ -75,3 +93,24 @@ class IWAUrlView(IWABaseView, GenericView):
            'iwa_url': iwa_url,
        }
        return response.ok(data=data)
+
+
+class AdminLoginView(IWABaseView, GenericView):
+
+    def get(self, request, *args, **kwargs):
+        code = request.GET.get('code', '')
+        # is_admin = request.GET.get('state', '') == 'admin'
+        q_number = self.get_q_number(conf.IWA_URL, code, conf.IWA_REDIRECT_URI, client_id_base64)
+
+        # self.running_log.info('code={0}, is_admin={1}'.format(code, is_admin))
+        self.running_log.info('[admin_users.iwalogin] [username: {0}] [params: {1}]'.format(q_number, request.data))
+
+        is_valid, data = self.validate_admin(q_number)
+
+        if is_valid:
+            request.user = data
+            auth_login(request, data)
+            index_path = reverse('admin:index')
+            return HttpResponseRedirect(index_path)
+        else:
+            self.no_permission(data)
--- a/src/apps/myadmin/admin.py
View file @ba9f0a4
+++ b/src/apps/myadmin/admin.py
View file @ba9f0a4
 from django.contrib import admin
+from django.urls import reverse
 from django.views.decorators.cache import never_cache
 from django.http import HttpResponseRedirect
 from settings import conf
@@ -7,7 +8,7 @@ from settings import conf
 iwa_admin_url_params = {
    'scope': 'openid',
    'response_type': 'code',
-    'redirect_uri': conf.IWA_REDIRECT_URI,
+    'redirect_uri': conf.IWA_ADMIN_REDIRECT_URI,
    'client_id': conf.IWA_CLIENT_ID,
    'acr_values': 'strongAuth4000Service'
 }
@@ -21,7 +22,12 @@ class MyAdminSite(admin.AdminSite):

    @never_cache
    def login(self, request, extra_context=None):
+        if request.method == 'GET' and self.has_permission(request):
+            # Already logged-in, redirect to admin index
+            index_path = reverse('admin:index', current_app=self.name)
+            return HttpResponseRedirect(index_path)
        return HttpResponseRedirect(iwa_admin_url)
+        # return HttpResponseRedirect('https://staging-bmw-ocr.situdata.com/api/user/adminlogin/?state=admin&code=xxx')


 admin_site = MyAdminSite()
--- a/src/common/mixins.py
View file @ba9f0a4
+++ b/src/common/mixins.py
View file @ba9f0a4
@@ -135,7 +135,7 @@ class IWABaseView:
        iwa_user_url = '{0}intranetb2x/userinfo'.format(iwa_url_base)
        res = requests.get(iwa_user_url, headers=headers)

-        return res.json()
+        return res.json().get('sub', '')

    @staticmethod
    def validate(q_number):
@@ -159,3 +159,22 @@ class IWABaseView:
        else:
            msg = 'q_number user not found'
            return False, msg
+
+    @staticmethod
+    def validate_admin(q_number):
+        if not q_number:
+            return False, 'get q_number empty'
+        user = get_user_model().objects.filter(username=q_number).first()
+        if user:
+            if not user.is_active:
+                msg = 'User account is disabled.'
+                return False, msg
+
+            if not user.is_superuser:
+                msg = 'User account is not admin user'
+                return False, msg
+
+            return True, user
+        else:
+            msg = 'q_number user not found'
+            return False, msg