jebus/enviPy-bayer
1
0
Fork 0
forked from enviPath/enviPy
Code Issues Pull Requests Actions Releases Activity
Files
349877b5e339a13e97381bedfb0a873278cf2c5e
enviPy-bayer/epauth/views.py
Tim Lorsbach 349877b5e3 wip
2026-04-15 12:23:29 +02:00

103 lines
3.7 KiB
Python
Raw Blame History

import msal
from django.conf import settings as s
from django.contrib.auth import login
from django.shortcuts import redirect
from django.contrib.auth import get_user_model
from epdb.logic import UserManager, GroupManager
from epdb.models import Group
def entra_login(request):
msal_app = msal.ConfidentialClientApplication(
client_id=s.MS_ENTRA_CLIENT_ID,
client_credential=s.MS_ENTRA_CLIENT_SECRET,
authority=s.MS_ENTRA_AUTHORITY,
)
flow = msal_app.initiate_auth_code_flow(
scopes=s.MS_ENTRA_SCOPES, redirect_uri=s.MS_ENTRA_REDIRECT_URI
)
request.session["msal_auth_flow"] = flow
return redirect(flow["auth_uri"])
def entra_callback(request):
msal_app = msal.ConfidentialClientApplication(
client_id=s.MS_ENTRA_CLIENT_ID,
client_credential=s.MS_ENTRA_CLIENT_SECRET,
authority=s.MS_ENTRA_AUTHORITY,
)
flow = request.session.pop("msal_auth_flow", None)
if not flow:
return redirect("/")
# Acquire token using the flow and callback request
result = msal_app.acquire_token_by_auth_code_flow(flow, request.GET)
print(result)
# if "error" in result:
# {'correlation_id': '626f511b-5230-4d06-9ffd-d89a764082c6',
# 'error': 'invalid_client',
# 'error_codes': [7000222],
# 'error_description': 'AADSTS7000222: The provided client secret keys for app '
# "'35c75dfb-bd15-493d-b4e9-af847f2df894' are expired. "
# 'Visit the Azure portal to create new keys for your app: '
# 'https://aka.ms/NewClientSecret, or consider using '
# 'certificate credentials for added security: '
# 'https://aka.ms/certCreds. Trace ID: '
# '30ba1c58-c949-4432-9ed6-3b6136856700 Correlation ID: '
# '626f511b-5230-4d06-9ffd-d89a764082c6 Timestamp: '
# '2026-04-15 08:21:15Z',
# 'error_uri': 'https://login.microsoftonline.com/error?code=7000222',
# 'timestamp': '2026-04-15 08:21:15Z',
# 'trace_id': '30ba1c58-c949-4432-9ed6-3b6136856700'}
# return redirect("/")
claims = result["id_token_claims"]
user_name = claims["name"]
user_email = claims.get("emailaddress", claims["email"])
user_oid = claims["oid"]
# Get implementing class
User = get_user_model()
if User.objects.filter(uuid=user_oid).exists():
u = User.objects.get(uuid=user_oid)
if u.username != user_name:
u.username = user_name
u.save()
else:
u = UserManager.create_user(user_name, user_email, None, uuid=user_oid, is_active=True)
login(request, u)
# EDIT START
# Ensure groups exists in eP
for id, name in s.ENTRA_SECRET_GROUPS.items():
if not Group.objects.filter(uuid=id).exists():
g = GroupManager.create_group(User.objects.get(username="admin"), name, f"Synced Entra Group {name} ", uuid=id)
else:
g = Group.objects.get(uuid=id)
# Ensure its secret
g.secret = True
g.save()
for id, name in s.ENTRA_GROUPS.items():
if not Group.objects.filter(uuid=id).exists():
g = GroupManager.create_group(User.objects.get(username="admin"), name, f"Synced Entra Group {name} ", uuid=id)
else:
g = Group.objects.get(uuid=id)
for group_uuid in claims.get("groups", []):
if Group.objects.filter(uuid=group_uuid).exists():
g = Group.objects.get(uuid=group_uuid)
g.user_member.add(u)
# EDIT END
return redirect(s.SERVER_URL) # Handle errors
Reference in New Issue View Git Blame Copy Permalink