diff --git a/back/taiga_contrib_oidc_auth/views.py b/back/taiga_contrib_oidc_auth/views.py index efe817b..0227dca 100644 --- a/back/taiga_contrib_oidc_auth/views.py +++ b/back/taiga_contrib_oidc_auth/views.py @@ -13,6 +13,7 @@ # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . +from json import dumps from six.moves.urllib.parse import urlencode from mozilla_django_oidc.views import OIDCAuthenticationCallbackView @@ -28,20 +29,26 @@ def _make_login_url(data): "front": {"domain": "localhost:9001", "scheme": "http", "name": "front"}, }, ) + return "{}://{}/login?{}".format( SITES["front"]["scheme"], SITES["front"]["domain"], urlencode(data) ) class TaigaOIDCAuthenticationCallbackView(OIDCAuthenticationCallbackView): + @property def success_url(self): - # Pull the next url from the session or settings--we don't need to - # sanitize here because it should already have been sanitized. - next_url = self.request.session.get("oidc_login_next") or "/" - data = make_auth_response_data(self.user) - data["type"] = "oidc" - data["next"] = next_url + user_data = make_auth_response_data(self.user) + user_data["roles"] = list(user_data["roles"]) + user_data["date_joined"] = str(user_data["date_joined"]) + + data = { + "type": "oidc", + "data": dumps(user_data), + "next": self.request.session.get("oidc_login_next") or "/", + } + return _make_login_url(data) @property @@ -52,4 +59,5 @@ def failure_url(self): "error": self.request.GET.get("error"), "error_description": self.request.GET.get("error_description"), } + return _make_login_url(data) diff --git a/front/coffee/oidc_auth.coffee b/front/coffee/oidc_auth.coffee index d5f7f9d..e0d99ab 100644 --- a/front/coffee/oidc_auth.coffee +++ b/front/coffee/oidc_auth.coffee @@ -1,42 +1,28 @@ module = angular.module('taigaContrib.oidcAuth', []) -OIDCLoginButtonDirective = ($window, $params, $location, $config, $events, $confirm, $auth, $navUrls, $loader, $rootScope) -> +OIDCLoginButtonDirective = ($window, $params, $location, $config, $events, $confirm, $auth, $navUrls, $rootScope) -> # Login or register a user with their OIDC account. link = ($scope, $el, $attrs) -> loginSuccess = -> - # Login in the UI. Using $auth.login() is too GitHub-specific. + if $params.next and $params.next != $navUrls.resolve("login") + nextUrl = $params.next + else + nextUrl = $navUrls.resolve("home") + + $events.setupConnection() + $auth.removeToken(); - data = _.clone($params, false); + data = JSON.parse($params.data); + user = $auth.model.make_model("users", data); $auth.setToken(user.auth_token); + $auth.setRefreshToken(user.refresh) $auth.setUser(user); $rootScope.$broadcast("auth:login", user) - # Cleanup the URL - - $events.setupConnection() # I don't know why this is necessary. - - scrub = (name, i) -> - $location.search(name, null) - [ - 'accepted_terms', 'auth_token', 'big_photo', 'bio', 'color', 'date_joined', - 'email', 'full_name', 'full_name_display', 'gravatar_id', 'id', 'is_active', - 'lang', 'max_memberships_private_projects', 'max_memberships_public_projects', - 'max_private_projects', 'max_public_projects', 'next', 'photo', 'read_new_terms', - 'roles', 'theme', 'timezone', 'total_private_projects', 'total_public_projects', - 'type', 'username', 'uuid' - ].forEach(scrub) - - # Redirect to the destination page. - - if $params.next and $params.next != $navUrls.resolve("login") - nextUrl = $params.next - else - nextUrl = $navUrls.resolve("home") - - $location.path(nextUrl) + $window.location.href = nextUrl loginError = -> error_description = $params.error_description @@ -93,5 +79,5 @@ OIDCLoginButtonDirective = ($window, $params, $location, $config, $events, $conf module.directive("tgOidcLoginButton", [ "$window", '$routeParams', "$tgLocation", "$tgConfig", "$tgEvents", - "$tgConfirm", "$tgAuth", "$tgNavUrls", "tgLoader", "$rootScope", + "$tgConfirm", "$tgAuth", "$tgNavUrls", "$rootScope", OIDCLoginButtonDirective])