redirect the user to a proper url after login
This commit is contained in:
parent
94fac19546
commit
8ea3e70c97
SSH key fingerprint:
SHA256:y9T5GFw2A20WVklhetIxG1+kcg/Ce0shnQmbu1LQ37g
1 changed files with 11 additions and 5 deletions
|
|
@ -39,7 +39,7 @@ app = FastAPI(
|
|||
)
|
||||
|
||||
|
||||
@app.get("/api/user-info/")
|
||||
@app.get("/api/user-info/", name="get-user-info")
|
||||
async def get_user_info(req: Request, current_user: deps.CurrentUser) -> UserStatus:
|
||||
if current_user is None:
|
||||
return UserStatus(is_logged_in=False, user_info=None)
|
||||
|
|
@ -54,6 +54,8 @@ async def get_user_info(req: Request, current_user: deps.CurrentUser) -> UserSta
|
|||
|
||||
@app.get("/auth/login", response_class=RedirectResponse, status_code=302)
|
||||
async def login_init(req: Request, resp: Response, oidc_client: deps.OpenidClient, next: Optional[str] = "") -> str:
|
||||
logger.debug("starting user authentication with upstream identity provider")
|
||||
|
||||
# save the ?next url for later redirection if the user requested that
|
||||
if next:
|
||||
resp.set_cookie("auth_next", next, max_age=60 * 10, httponly=True, secure=True)
|
||||
|
|
@ -74,12 +76,13 @@ async def login_init(req: Request, resp: Response, oidc_client: deps.OpenidClien
|
|||
return oidc_client.authorization_code_flow.start_authentication(state=state, nonce=nonce)
|
||||
|
||||
|
||||
@app.get("/auth/login-callback")
|
||||
@app.get("/auth/login-callback", response_class=RedirectResponse, status_code=302)
|
||||
async def login_callback(req: Request, resp: Response, oidc_client: deps.OpenidClient):
|
||||
# check that the user is currently in an authenticating state
|
||||
# these cookies are set by the login_init() view
|
||||
if "auth_state" not in req.cookies or "auth_nonce" not in req.cookies or "auth_start_time" not in req.cookies:
|
||||
raise ValueError("user is currently not authentication or the authentication expired. try again")
|
||||
logger.debug("user tried to log in but cookies indicate they are in a wrong state; redirecting to error view")
|
||||
return "/auth/login-error?error=todo"
|
||||
|
||||
# ensure cookies are always cleared in the response
|
||||
resp.set_cookie("auth_state", "", max_age=0)
|
||||
|
|
@ -94,9 +97,12 @@ async def login_callback(req: Request, resp: Response, oidc_client: deps.OpenidC
|
|||
deps.persist_auth_state(oidc_client, resp, auth_result, auth_start_time, req.cookies["auth_nonce"])
|
||||
|
||||
# redirect the user to the page they wanted to visit
|
||||
return {"authenticated": True}
|
||||
# TODO: respect "auth_next" cookie to redirect the user to a specific url
|
||||
logger.debug("successfully authenticated user")
|
||||
return str(req.url_for("get-user-info"))
|
||||
else:
|
||||
return {"authenticated": False, "error": auth_result}
|
||||
logger.debu("could not authenticate user because of OIDC error; redirecting to error page with error messages intact")
|
||||
return f"/auth/login-error?{req.query_params}"
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue