import base64
from common.mixins import GenericView, IWABaseView
from rest_framework import status
from rest_framework_jwt.views import ObtainJSONWebToken
from common import response
from common.redis_cache import redis_handler as rh
from .consts import LOGIN_TIMES_LIMIT_EXPIRES, LOGIN_TIMES_LIMIT
from settings import conf
from django.urls import reverse
from django.http import HttpResponseRedirect
from django.contrib.auth import login as auth_login
from apps.account.models import UserRole
# from django.conf import settings
# from django.shortcuts import resolve_url, redirect
# Create your views here.
# https://auth-i.bmwgroup.net/auth/oauth2/
iwa_url_params = {
'scope': 'openid',
'response_type': 'code',
'redirect_uri': conf.IWA_REDIRECT_URI,
'client_id': conf.IWA_CLIENT_ID
}
iwa_url_params_str = '&'.join(['{0}={1}'.format(k, v) for k, v in iwa_url_params.items()])
iwa_url = '{0}intranetb2x/authorize?{1}'.format(conf.IWA_URL, iwa_url_params_str)
client_id_base64 = base64.b64encode('{0}:{1}'.format(
conf.IWA_CLIENT_ID, conf.IWA_CLIENT_SECRET).encode('utf-8')).decode('utf-8')
class LoginView(ObtainJSONWebToken, GenericView):
def post(self, request, *args, **kwargs):
# 登录次数限制
remote_ip = request.META.get('HTTP_X_REAL_IP', '')
user_name = request.data.get('username', '')
times = rh.get_login_times(remote_ip)
if isinstance(times, str) and int(times) >= LOGIN_TIMES_LIMIT:
raise self.invalid_params(msg="重试次数限制")
res = super(LoginView, self).post(request, *args, **kwargs)
self.running_log.info('[users.login] username: {0}'.format(user_name))
if res.status_code == status.HTTP_400_BAD_REQUEST:
rh.set_login_times(remote_ip, LOGIN_TIMES_LIMIT_EXPIRES)
raise self.invalid_params(msg="用户名或密码错误")
serializer = self.get_serializer(data=request.data)
serializer.is_valid()
user = serializer.object.get('user')
user_role = UserRole.objects.filter(auth_user_id=user.id).first()
data = {
'user_id': user.id,
'user_name': user.username,
'token': res.data.get('token'),
'role': user_role.role if user_role else -1
}
rh.set_token(res.data.get('token')[-10:], user.username)
return response.ok(data=data)
class IWALoginView(IWABaseView, GenericView):
def post(self, request, *args, **kwargs):
code = request.data.get('code', '')
# is_admin = request.data.get('state', '') == 'admin'
q_number = self.get_q_number(conf.IWA_URL, code, conf.IWA_REDIRECT_URI, client_id_base64)
# if is_admin:
#
# self.running_log.info('[admin_users.iwalogin] [username: {0}] [params: {1}]'.format(q_number, request.data))
#
# is_valid, data = self.validate_admin(q_number)
#
# if is_valid:
# request.user = data
# auth_login(request, data)
# index_path = reverse('admin:index')
# return HttpResponseRedirect(index_path)
# else:
# self.no_permission(data)
# else:
self.running_log.info('[users.iwalogin] [username: {0}] [params: {1}]'.format(q_number, request.data))
is_valid, data = self.validate(q_number)
if is_valid:
rh.set_token(data.get('token')[-10:], data.get('user_name'))
user_role = UserRole.objects.filter(auth_user_id=data.get('user_id')).first()
data['role'] = user_role.role if user_role else -1
return response.ok(data=data)
else:
self.no_permission(data)
class IWAUrlView(IWABaseView, GenericView):
def get(self, request, *args, **kwargs):
data = {
'iwa_url': iwa_url,
}
return response.ok(data=data)
class AdminLoginView(IWABaseView, GenericView):
def get(self, request, *args, **kwargs):
code = request.GET.get('code', '')
# is_admin = request.GET.get('state', '') == 'admin'
q_number = self.get_q_number(conf.IWA_URL, code, conf.IWA_ADMIN_REDIRECT_URI, client_id_base64)
# self.running_log.info('code={0}, is_admin={1}'.format(code, is_admin))
self.running_log.info('[admin_users.iwalogin] [username: {0}] [params: {1}]'.format(q_number, request.GET))
is_valid, data = self.validate_admin(q_number)
if is_valid:
request.user = data
auth_login(request, data)
index_path = reverse('admin:index')
return HttpResponseRedirect(index_path)
else:
self.no_permission(data)