Commit e16151cb authored by Nico Vermaas's avatar Nico Vermaas

Merge branch 'esap-gateway-query' into 'master'

Esap gateway query

See merge request !98
parents 927039b2 c3075cfa
Pipeline #15549 passed with stages
in 2 minutes and 1 second
......@@ -7,9 +7,24 @@ import base64
import json
import time
import datetime
from django.urls import reverse
from django.conf import settings
logger = logging.getLogger(__name__)
import mozilla_django_oidc.utils
# overriding 'absolutify' to be able to log the callback_url.
# TODO: remove this when we get rid of the IAM cors errors
def my_absolutify(request, path):
callback_url = request.build_absolute_uri(path)
#callback_url = request.build_absolute_uri(reverse('oidc_authentication_callback')).replace('http:','https:')
logger.info('callback_url = ' + callback_url)
return callback_url
mozilla_django_oidc.utils.absolutify = my_absolutify
class EsapQuerySchemaViewSet(viewsets.ModelViewSet):
"""
API endpoint that allows EsapQuerySchemas to be viewed or edited.
......@@ -76,9 +91,10 @@ class EsapUserProfileViewSet(viewsets.ModelViewSet):
oidc_id_token_expiration = self.request.session["oidc_id_token_expiration"]
now = time.time()
time_to_expire = round(oidc_id_token_expiration - now)
id_token_expiration = datetime.datetime.utcfromtimestamp(oidc_id_token_expiration).strftime('%Y-%m-%d %H:%M:%S')
id_token_expiration = datetime.datetime.utcfromtimestamp(oidc_id_token_expiration).strftime('%Y-%m-%dT%H:%M:%SZ')
logger.info('id_token expires in ' + str(time_to_expire) + " seconds")
logger.info('OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS: ' + str(settings.OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS))
# add the "===" to avoid an "Incorrect padding" exception
decoded_payload = base64.urlsafe_b64decode(token[1] + "===")
......
import logging
from mozilla_django_oidc.auth import OIDCAuthenticationBackend
from django.conf import settings
from .models import EsapUserProfile
logger = logging.getLogger(__name__)
......@@ -37,4 +39,6 @@ class MyOIDCAB(OIDCAuthenticationBackend):
verified = super(MyOIDCAB, self).verify_claims(claims)
is_admin = 'admin' in claims.get('group', [])
return verified
# return verified and is_admin
\ No newline at end of file
# return verified and is_admin
......@@ -27,6 +27,7 @@ CORS_ALLOW_CREDENTIALS = True
# https://www.nginx.com/resources/wiki/start/topics/examples/forwarded/
# https://docs.djangoproject.com/en/3.2/ref/settings/#use-x-forwarded-host
USE_X_FORWARDED_HOST = True
#SECURE_SSL_REDIRECT = True
# SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
......@@ -232,14 +233,15 @@ OIDC_OP_JWKS_ENDPOINT = os.environ['OIDC_OP_JWKS_ENDPOINT']
OIDC_OP_AUTHORIZATION_ENDPOINT = os.environ['OIDC_OP_AUTHORIZATION_ENDPOINT']
OIDC_OP_TOKEN_ENDPOINT = os.environ['OIDC_OP_TOKEN_ENDPOINT']
OIDC_OP_USER_ENDPOINT = os.environ['OIDC_OP_USER_ENDPOINT']
# OIDC_AUTHENTICATION_CALLBACK_URL = "https://sdc-dev.astron.nl/esap-api/oidc/callback/"
OIDC_STORE_ACCESS_TOKEN = True
OIDC_STORE_ID_TOKEN = True
#try:
# OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS = float(os.environ['OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS'])
#except:
OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS = 3600
try:
OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS = float(os.environ['OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS'])
except:
OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS = 3600
LOGIN_REDIRECT_URL = os.environ['LOGIN_REDIRECT_URL']
LOGOUT_REDIRECT_URL = os.environ['LOGOUT_REDIRECT_URL']
......@@ -264,7 +266,7 @@ STATIC_URL = '/static/'
STATIC_ROOT = os.path.join(BASE_DIR, 'static')
# configuration settings that can be requested through the REST API
VERSION = "ESAP-API version 29 april 2021"
VERSION = "ESAP-API version 20 juli 2021"
CONFIGURATION_DIR = os.path.join(BASE_DIR, 'configuration')
CONFIGURATION_FILE = 'esap_default'
......@@ -18,6 +18,8 @@ IS_DEV = True
CORS_ORIGIN_ALLOW_ALL = True
CORS_ALLOW_CREDENTIALS = True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
# Database
DATABASE_ROUTERS = [
'query.database_router.QueryRouter',
......@@ -67,5 +69,6 @@ LOGOUT_REDIRECT_URL = "http://localhost:3000/esap-gui/logout"
LOGIN_REDIRECT_URL_FAILURE = "http://localhost:3000/esap-gui/error"
# to test refresh
#OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS = 3600
#OIDC_AUTHENTICATION_CALLBACK_URL = "https://sdc-dev.astron.nl/esap-api/oidc/callback/"
OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS = 60
#OIDC_EXEMPT_URLS = ['/esap-api/accounts/user-profiles']
\ No newline at end of file
......@@ -8,11 +8,8 @@ import os
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/2.0/howto/deployment/checklist/
# SECURITY WARNING: keep the secret key used in production secret!
# SECRET_KEY = 'cie-((m#n$br$6l53yash45*2^mwuux*2u)bad5(0flx@krnj9'
# SECURE_SSL_REDIRECT = True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True
......
This diff is collapsed.
......@@ -70,7 +70,7 @@
</div>
<p class="footer" small>ASTRON - version 12 jul 2021 - 17:00</p>
<p class="footer" small>ASTRON - version 22 jul 2021 - 11:00</p>
{% endblock %}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment