chore(auth): add password login

Author: duanhongyi

rootfs/api/apps_extra/social_core/actions.py

@@ -1,13 +1,13 @@
 import json
 from urllib.parse import quote
-
 from social_core.utils import (
     partial_pipeline_data,
     sanitize_redirect,
     setting_url,
     user_is_active,
     user_is_authenticated,
 )
+from api.oauth import TokenManager
 
 
 def do_auth(backend, redirect_name="next"):
@@ -40,8 +40,8 @@ def form2json(form_data):
         query = urlparse("?" + form_data).query
         params = parse_qs(query)
         return {key: params[key][0] for key in params}
-    from django.core.cache import cache
-    cache.set("oidc_key_" + data.get("key", ""), form2json(url).get("state"), 60 * 10)
+    manager = TokenManager()
+    manager.set_state(data.get("key", ""), form2json(url).get("state"))
     return response
 
 
@@ -129,11 +129,8 @@ def do_complete(backend, login, user=None, redirect_name="next", *args, **kwargs
     if social_auth and social_auth.extra_data:
         extra_data = json.loads(social_auth.extra_data) if \
             isinstance(social_auth.extra_data, str) else social_auth.extra_data
-    from django.core.cache import cache
-    cache.set("oidc_state_" + data.get("state"),
-              {"token": extra_data.get("id_token", "fail"),
-               "username": user.username},
-              60 * 10)
+    manager = TokenManager()
+    manager.set_token(data.get("state"), extra_data.get("access_token", "fail"), user.username)
     return response
 
 

rootfs/api/authentication.py

@@ -7,7 +7,7 @@
 from rest_framework.authentication import TokenAuthentication, \
     get_authorization_header
 from rest_framework import exceptions
-from api.oauth import OAuthManager
+
 
 logger = logging.getLogger(__name__)
 
@@ -44,19 +44,21 @@ def authenticate(self, request):
                 msg = gettext_lazy(
                     'Invalid token header. Token string should not contain invalid characters.')
                 raise exceptions.AuthenticationFailed(msg)
-            return cache.get_or_set(
-                token, lambda: self._get_user(token), settings.OAUTH_CACHE_USER_TIME), None
+            return self.sync_user(token), None
         return super(DryccAuthentication, self).authenticate(request)
 
     @staticmethod
-    def _get_user(key):
-        from api import serializers
-        try:
-            user_info = OAuthManager().get_user_by_token(key)
-            if not user_info.get('email'):
-                user_info['email'] = OAuthManager().get_email_by_token(key)
-            user, _ = serializers.UserSerializer.update_or_create(user_info)
-            return user
-        except Exception as e:
-            logger.info(e)
-            raise exceptions.AuthenticationFailed(gettext_lazy('Verify token fail.'))
+    def sync_user(token):
+        def _sync_user(token):
+            from api import serializers
+            from api.oauth import OAuthManager
+            try:
+                user_info = OAuthManager().get_user_by_token(token)
+                if not user_info.get('email'):
+                    user_info['email'] = OAuthManager().get_email_by_token(token)
+                user, _ = serializers.UserSerializer.update_or_create(user_info)
+                return user
+            except Exception as e:
+                logger.info(e)
+                raise exceptions.AuthenticationFailed(gettext_lazy('Verify token fail.'))
+        return cache.get_or_set(token, lambda: _sync_user(token), settings.OAUTH_CACHE_USER_TIME)

rootfs/api/oauth.py

@@ -2,9 +2,26 @@
 
 import requests
 from django.conf import settings
+from django.core.cache import cache
 from authlib.integrations.requests_client import OAuth2Session
 
 
+class TokenManager(object):
+
+    def __init__(self, timeout=60 * 10):
+        self.timeout = timeout
+
+    def set_state(self, key, state):
+        cache.set("oidc_key_" + key, state, self.timeout)
+
+    def set_token(self, state, token, username):
+        cache.set("oidc_state_" + state, {"token": token, "username": username}, self.timeout)
+
+    def get_token(self, key):
+        state = cache.get("oidc_key_" + key, "")
+        return cache.get("oidc_state_" + state, {})
+
+
 class OAuthManager(object):
 
     def __init__(self):

rootfs/api/serializers/__init__.py

@@ -11,8 +11,10 @@
 from django.conf import settings
 from django.contrib.auth import get_user_model
 from django.utils import timezone
+from django.utils.translation import gettext_lazy
 from rest_framework import serializers
 
+
 from api import models
 from api.exceptions import DryccException
 from scheduler.resources.pod import DEFAULT_CONTAINER_PORT
@@ -96,6 +98,21 @@ def to_representation(self, obj):
         return obj
 
 
+class AuthSerializer(serializers.Serializer):
+    username = serializers.CharField(
+        label=gettext_lazy("Username"),
+        required=False,
+        write_only=True
+    )
+    password = serializers.CharField(
+        label=gettext_lazy("Password"),
+        style={'input_type': 'password'},
+        required=False,
+        trim_whitespace=False,
+        write_only=True,
+    )
+
+
 class UserSerializer(serializers.ModelSerializer):
     class Meta:
         model = User

rootfs/api/views.py

@@ -5,6 +5,7 @@
 import uuid
 import logging
 import json
+import requests
 from django.db.models import Q
 from django.core.cache import cache
 from django.http import Http404, HttpResponse
@@ -20,7 +21,7 @@
 from rest_framework.response import Response
 from rest_framework.viewsets import GenericViewSet
 
-from api import monitor, models, permissions, serializers, viewsets, authentication
+from api import monitor, models, permissions, serializers, viewsets, authentication, oauth
 from api.tasks import scale_app, restart_app, mount_app, downstream_model_owner
 from api.exceptions import AlreadyExists, ServiceUnavailable, DryccException
 
@@ -85,22 +86,51 @@ def complete(request, backend, *args, **kwargs):
 class AuthLoginView(GenericViewSet):
 
     permission_classes = (AllowAny, )
+    serializer_class = serializers.AuthSerializer
 
     def login(self, request, *args, **kwargs):
-        def get_local_host(request):
-            uri = request.build_absolute_uri()
-            return uri[0:uri.find(request.path)]
-        res = redirect(get_local_host(request) + "/v2/login/drycc/?key=" + uuid.uuid4().hex)
-        return res
+        key = uuid.uuid4().hex
+        serializer = self.get_serializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+        username = serializer.validated_data.get('username')
+        password = serializer.validated_data.get('password')
+        if username and password:
+            return self._create_interactive_response(username, password, key)
+        return self._create_browser_response(key)
+
+    def _create_browser_response(self, key):
+        uri = self.request.build_absolute_uri()
+        return redirect(f"{uri[0:uri.find(self.request.path)]}/v2/login/drycc/?key={key}")
+
+    def _create_interactive_response(self, username, password, key):
+        response = requests.post(
+            settings.SOCIAL_AUTH_DRYCC_ACCESS_TOKEN_URL,
+            data={
+                'grant_type': 'password',
+                'client_id': settings.SOCIAL_AUTH_DRYCC_KEY,
+                'client_secret': settings.SOCIAL_AUTH_DRYCC_SECRET,
+                'username': username,
+                'password': password,
+            },
+        )
+        if response.status_code != 200:
+            raise DryccException(response.content)
+        state = uuid.uuid4().hex
+        token = response.json()["access_token"]
+        authentication.DryccAuthentication.sync_user(token)
+        manager = oauth.TokenManager()
+        manager.set_state(key, state)
+        manager.set_token(state, token, username)
+        return HttpResponse(json.dumps({"key": key}))
 
 
 class AuthTokenView(GenericViewSet):
 
     permission_classes = (AllowAny, )
 
     def token(self, request, *args, **kwargs):
-        state = cache.get("oidc_key_" + self.kwargs['key'], "")
-        token = cache.get("oidc_state_" + state, {})
+        manager = oauth.TokenManager()
+        token = manager.get_token(self.kwargs['key'])
         if not token.get('token'):
             return HttpResponse(status=404)
         return HttpResponse(json.dumps(token))