Skip to content

Commit c468bb0

Browse files
mwfarbmwfarb
authored
feat(filestore): allow remote filestore auth with id token context (#86)
* feat(filestore): allow remote filestore auth with id token context * fix user context
1 parent 4a47280 commit c468bb0

File tree

1 file changed

+26
-9
lines changed

1 file changed

+26
-9
lines changed

users/views.py

+26-9
Original file line numberDiff line numberDiff line change
@@ -599,17 +599,34 @@ def user_state(request):
599599
)
600600

601601

602+
@ api_view(["GET", "POST"])
602603
def storelogin(request):
603-
response = HttpResponse()
604-
# try user auth
605-
fs_user_token = use_filestore_auth(request.user)
606-
if not fs_user_token:
607-
# otherwise user needs to be added
608-
fs_user_token = add_filestore_auth(request.user)
604+
"""
605+
Endpoint request for the user's file store token: GET/POST.
606+
- POST requires id_token for headless clients like Python apps.
607+
"""
608+
user = request.user
609+
if request.method == "POST":
610+
gid_token = request.POST.get("id_token", None)
611+
if gid_token:
612+
try:
613+
user = get_user_from_id_token(gid_token)
614+
except (ValueError, SocialAccount.DoesNotExist) as err:
615+
return JsonResponse(
616+
{"error": "{0}".format(err)}, status=status.HTTP_403_FORBIDDEN
617+
)
618+
619+
if user.is_authenticated:
620+
# try user auth
621+
fs_user_token = use_filestore_auth(user)
622+
if not fs_user_token:
623+
# otherwise user needs to be added
624+
fs_user_token = add_filestore_auth(user)
609625

610-
# second, for staff, override automatic user-only scope, so staff users have root scope
611-
set_filestore_scope(request.user)
626+
# second, for staff, override automatic user-only scope, so staff users have root scope
627+
set_filestore_scope(user)
612628

629+
response = HttpResponse()
613630
if fs_user_token:
614631
response.set_cookie("auth", fs_user_token)
615632
else:
@@ -721,7 +738,7 @@ def _field_requested(request, field):
721738
# @schema(ArenaTokenSchema()) # TODO: schema not working yet
722739
def arena_token(request):
723740
"""
724-
Endpoint to request an ARENA with permissions for an anonymous or authenticated user for
741+
Endpoint to request an ARENA token with permissions for an anonymous or authenticated user for
725742
MQTT and Jitsi resources given incoming parameters.
726743
- POST requires id_token for headless clients like Python apps.
727744
"""

0 commit comments

Comments
 (0)