CCCHH/dooris
1
1
Fork 0
Code Issues 1 Pull requests 1 Releases Packages 1 Activity Actions

redirect the user to a proper url after login

Browse source
This commit is contained in:
lilly 2026-05-05 19:21:42 +02:00
commit 8ea3e70c97
Signed by: lilly
SSH key fingerprint: SHA256:y9T5GFw2A20WVklhetIxG1+kcg/Ce0shnQmbu1LQ37g
1 changed files with 11 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

16
api/src/dooris_api/app.py
View file

@ -39,7 +39,7 @@ app = FastAPI(
) )
@app.get("/api/user-info/") @app.get("/api/user-info/", name="get-user-info")
async def get_user_info(req: Request, current_user: deps.CurrentUser) -> UserStatus: async def get_user_info(req: Request, current_user: deps.CurrentUser) -> UserStatus:
if current_user is None: if current_user is None:
return UserStatus(is_logged_in=False, user_info=None) return UserStatus(is_logged_in=False, user_info=None)
@ -54,6 +54,8 @@ async def get_user_info(req: Request, current_user: deps.CurrentUser) -> UserSta
@app.get("/auth/login", response_class=RedirectResponse, status_code=302) @app.get("/auth/login", response_class=RedirectResponse, status_code=302)
async def login_init(req: Request, resp: Response, oidc_client: deps.OpenidClient, next: Optional[str] = "") -> str: async def login_init(req: Request, resp: Response, oidc_client: deps.OpenidClient, next: Optional[str] = "") -> str:
logger.debug("starting user authentication with upstream identity provider")
# save the ?next url for later redirection if the user requested that # save the ?next url for later redirection if the user requested that
if next: if next:
resp.set_cookie("auth_next", next, max_age=60 * 10, httponly=True, secure=True) resp.set_cookie("auth_next", next, max_age=60 * 10, httponly=True, secure=True)
@ -74,12 +76,13 @@ async def login_init(req: Request, resp: Response, oidc_client: deps.OpenidClien
return oidc_client.authorization_code_flow.start_authentication(state=state, nonce=nonce) return oidc_client.authorization_code_flow.start_authentication(state=state, nonce=nonce)
@app.get("/auth/login-callback") @app.get("/auth/login-callback", response_class=RedirectResponse, status_code=302)
async def login_callback(req: Request, resp: Response, oidc_client: deps.OpenidClient): async def login_callback(req: Request, resp: Response, oidc_client: deps.OpenidClient):
# check that the user is currently in an authenticating state # check that the user is currently in an authenticating state
# these cookies are set by the login_init() view # these cookies are set by the login_init() view
if "auth_state" not in req.cookies or "auth_nonce" not in req.cookies or "auth_start_time" not in req.cookies: if "auth_state" not in req.cookies or "auth_nonce" not in req.cookies or "auth_start_time" not in req.cookies:
raise ValueError("user is currently not authentication or the authentication expired. try again") logger.debug("user tried to log in but cookies indicate they are in a wrong state; redirecting to error view")
return "/auth/login-error?error=todo"
# ensure cookies are always cleared in the response # ensure cookies are always cleared in the response
resp.set_cookie("auth_state", "", max_age=0) resp.set_cookie("auth_state", "", max_age=0)
@ -94,9 +97,12 @@ async def login_callback(req: Request, resp: Response, oidc_client: deps.OpenidC
deps.persist_auth_state(oidc_client, resp, auth_result, auth_start_time, req.cookies["auth_nonce"]) deps.persist_auth_state(oidc_client, resp, auth_result, auth_start_time, req.cookies["auth_nonce"])
# redirect the user to the page they wanted to visit # redirect the user to the page they wanted to visit
return {"authenticated": True} # TODO: respect "auth_next" cookie to redirect the user to a specific url
logger.debug("successfully authenticated user")
return str(req.url_for("get-user-info"))
else: else:
return {"authenticated": False, "error": auth_result} logger.debu("could not authenticate user because of OIDC error; redirecting to error page with error messages intact")
return f"/auth/login-error?{req.query_params}"