jebus/enviPy-bayer
1
0
Fork 0
forked from enviPath/enviPy
Code Issues Pull Requests Actions Releases Activity

More on PES

Browse Source
This commit is contained in:
Tim Lorsbach
2026-04-15 21:14:47 +02:00
parent 349877b5e3
commit ca0508d96a
11 changed files with 544 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
epdb/legacy_api.py
View File

@ -160,8 +160,46 @@ class SimpleModel(SimpleObject):
def login(request, loginusername: Form[str], loginpassword: Form[str]):
from django.contrib.auth import authenticate, login
email = User.objects.get(username=loginusername).email
user = authenticate(username=email, password=loginpassword)
if request.headers.get("Authorization"):
import jwt
import requests
TENANT_ID = s.MS_ENTRA_TENANT_ID
CLIENT_ID = s.MS_ENTRA_CLIENT_ID
def validate_token(token: str) -> dict:
# Fetch Microsoft's public keys
jwks_uri = f"https://login.microsoftonline.com/{TENANT_ID}/discovery/v2.0/keys"
jwks = requests.get(jwks_uri).json()
header = jwt.get_unverified_header(token)
public_key = jwt.algorithms.RSAAlgorithm.from_jwk(
next(k for k in jwks["keys"] if k["kid"] == header["kid"])
)
claims = jwt.decode(
token,
public_key,
algorithms=["RS256"],
audience=[CLIENT_ID, f"api://{CLIENT_ID}"],
issuer=f"https://sts.windows.net/{TENANT_ID}/",
)
return claims
token = request.headers.get("Authorization").split(" ")[1]
claims = validate_token(token)
if not User.objects.filter(uuid=claims['oid']).exists():
user = None
else:
user = User.objects.get(uuid=claims['oid'])
else:
email = User.objects.get(username=loginusername).email
user = authenticate(username=email, password=loginpassword)
if user:
login(request, user)
return user

3
epdb/views.py
View File

@ -388,6 +388,9 @@ def get_base_context(request, for_user=None) -> Dict[str, Any]:
"debug": s.DEBUG,
"external_databases": ExternalDatabase.get_databases(),
"site_id": s.MATOMO_SITE_ID,
# EDIT START
"secret_groups": Group.objects.filter(secret=True),
# EDIT END
},
}