diff --git a/account/serializers.py b/account/serializers.py index e14ab8e..710de0f 100644 --- a/account/serializers.py +++ b/account/serializers.py @@ -119,7 +119,6 @@ class ResetPasswordSerializer(serializers.Serializer): class SSOSerializer(serializers.Serializer): - appkey = serializers.CharField() token = serializers.CharField() diff --git a/account/urls/oj.py b/account/urls/oj.py index 1b26e14..a2cebe0 100644 --- a/account/urls/oj.py +++ b/account/urls/oj.py @@ -5,7 +5,7 @@ from ..views.oj import (ApplyResetPasswordAPI, ResetPasswordAPI, UserLoginAPI, UserLogoutAPI, UsernameOrEmailCheck, AvatarUploadAPI, TwoFactorAuthAPI, UserProfileAPI, UserRankAPI, CheckTFARequiredAPI, SessionManagementAPI, - ProfileProblemDisplayIDRefreshAPI, OpenAPIAppkeyAPI) + ProfileProblemDisplayIDRefreshAPI, OpenAPIAppkeyAPI, SSOAPI) from utils.captcha.views import CaptchaAPIView @@ -27,4 +27,5 @@ urlpatterns = [ url(r"^user_rank/?$", UserRankAPI.as_view(), name="user_rank_api"), url(r"^sessions/?$", SessionManagementAPI.as_view(), name="session_management_api"), url(r"^open_api_appkey/?$", OpenAPIAppkeyAPI.as_view(), name="open_api_appkey_api"), + url(r"^sso?$", SSOAPI.as_view(), name="sso_api") ] diff --git a/account/views/oj.py b/account/views/oj.py index 99051ae..fd45601 100644 --- a/account/views/oj.py +++ b/account/views/oj.py @@ -5,16 +5,17 @@ from importlib import import_module import qrcode from django.conf import settings from django.contrib import auth +from django.http import HttpResponseRedirect from django.template.loader import render_to_string from django.utils.decorators import method_decorator from django.utils.timezone import now -from django.views.decorators.csrf import ensure_csrf_cookie +from django.views.decorators.csrf import ensure_csrf_cookie, csrf_exempt from otpauth import OtpAuth from problem.models import Problem from utils.constants import ContestRuleType from options.options import SysOptions -from utils.api import APIView, validate_serializer +from utils.api import APIView, validate_serializer, CSRFExemptAPIView from utils.captcha import Captcha from utils.shortcuts import rand_str, img2base64, datetime2str from ..decorators import login_required @@ -22,7 +23,7 @@ from ..models import User, UserProfile, AdminType from ..serializers import (ApplyResetPasswordSerializer, ResetPasswordSerializer, UserChangePasswordSerializer, UserLoginSerializer, UserRegisterSerializer, UsernameOrEmailCheckSerializer, - RankInfoSerializer, UserChangeEmailSerializer) + RankInfoSerializer, UserChangeEmailSerializer, SSOSerializer) from ..serializers import (TwoFactorAuthCodeSerializer, UserProfileSerializer, EditUserProfileSerializer, ImageUploadForm) from ..tasks import send_email_async @@ -411,8 +412,26 @@ class OpenAPIAppkeyAPI(APIView): def post(self, request): user = request.user if not user.open_api: - return self.error("Permission denied") + return self.error("OpenAPI function is truned off for you") api_appkey = rand_str() user.open_api_appkey = api_appkey user.save() return self.success({"appkey": api_appkey}) + + +class SSOAPI(CSRFExemptAPIView): + @login_required + def get(self, request): + token = rand_str() + request.user.auth_token = token + request.user.save() + return self.success({"token": token}) + + @method_decorator(csrf_exempt) + @validate_serializer(SSOSerializer) + def post(self, request): + try: + user = User.objects.get(auth_token=request.data["token"]) + except User.DoesNotExist: + return self.error("User does not exist") + return self.success({"username": user.username, "avatar": user.userprofile.avatar, "admin_type": user.admin_type})