zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-05-16 01:27:03 +02:00
Code Issues Projects Releases Packages Wiki Activity

wip

Browse source
This commit is contained in:
David Kennedy 2023-12-06 13:34:13 -05:00
parent cd022404f0
commit 2e1ff849cf
No known key found for this signature in database
GPG key ID: 6528A5386E66B96B
2 changed files with 12 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/djangooidc/oidc.py
View file

@ -162,7 +162,7 @@ class Client(oic.Client):
logger.error(err) logger.error(err)
logger.error("Unable to parse response for %s" % state) logger.error("Unable to parse response for %s" % state)
raise o_e.AuthenticationFailed(locator=state) raise o_e.AuthenticationFailed(locator=state)
logger.info(authn_response)
# ErrorResponse is not raised, it is passed back... # ErrorResponse is not raised, it is passed back...
if isinstance(authn_response, ErrorResponse): if isinstance(authn_response, ErrorResponse):
error = authn_response.get("error", "") error = authn_response.get("error", "")
@ -207,7 +207,7 @@ class Client(oic.Client):
logger.error(err) logger.error(err)
logger.error("Unable to request user info for %s" % state) logger.error("Unable to request user info for %s" % state)
raise o_e.AuthenticationFailed(locator=state) raise o_e.AuthenticationFailed(locator=state)
logger.info(info_response)
# ErrorResponse is not raised, it is passed back... # ErrorResponse is not raised, it is passed back...
if isinstance(info_response, ErrorResponse): if isinstance(info_response, ErrorResponse):
logger.error("Unable to get user info (%s) for %s" % (info_response.get("error", ""), state)) logger.error("Unable to get user info (%s) for %s" % (info_response.get("error", ""), state))

11
src/djangooidc/views.py
View file

@ -56,6 +56,7 @@ def error_page(request, error):
def openid(request): def openid(request):
"""Redirect the user to an authentication provider (OP).""" """Redirect the user to an authentication provider (OP)."""
request.session["next"] = request.GET.get("next", "/") request.session["next"] = request.GET.get("next", "/")
request.session["acr_value"] = request.GET.get("acr_value",)
try: try:
return CLIENT.create_authn_request(request.session) return CLIENT.create_authn_request(request.session)
@ -70,6 +71,13 @@ def login_callback(request):
userinfo = CLIENT.callback(query, request.session) userinfo = CLIENT.callback(query, request.session)
user = authenticate(request=request, **userinfo) user = authenticate(request=request, **userinfo)
if user: if user:
# test for need for identity verification and if it is satisfied
# if not satisfied, redirect user to login with stepped up acr_value
if requires_step_up_auth(userinfo):
return
#
# if User.needs_identity_verification and step_up_acr_value not in
# ial returned from callback, redirect to
login(request, user) login(request, user)
logger.info("Successfully logged in user %s" % user) logger.info("Successfully logged in user %s" % user)
return redirect(request.session.get("next", "/")) return redirect(request.session.get("next", "/"))
@ -78,7 +86,8 @@ def login_callback(request):
except Exception as err: except Exception as err:
return error_page(request, err) return error_page(request, err)
def requires_step_up_auth(userinfo):
step_up_acr_value =
def logout(request, next_page=None): def logout(request, next_page=None):
"""Redirect the user to the authentication provider (OP) logout page.""" """Redirect the user to the authentication provider (OP) logout page."""
try: try: