HWJ 何伟俊 / DMapManager · 提交

提交 de97ab29a2dce83cdfc070d12a882958ace5f71b

作者 qianyingz
1 个父辈 631a4b9b

add feature# 增加oa登录入口

内嵌 并排对比
正在显示 3 个修改的文件 包含 104 行增加4 行删除
1 -from enum import auto  
2 from logging import error 1 from logging import error
3 -from unittest import result  
4 from flasgger import swag_from 2 from flasgger import swag_from
5 from app.util import BlueprintApi 3 from app.util import BlueprintApi
6 -from app.util import BlueprintApi  
7 -from flask import Blueprint, render_template, redirect, request, session, jsonify, flash 4 +from flask import Blueprint, render_template, redirect, request, session, jsonify, flash, make_response
8 from .models import * 5 from .models import *
9 from .oauth2 import authorization, generate_user_info, require_oauth 6 from .oauth2 import authorization, generate_user_info, require_oauth
10 from authlib.oauth2 import OAuth2Error 7 from authlib.oauth2 import OAuth2Error
@@ -16,6 +13,9 @@ import time @@ -16,6 +13,9 @@ import time
16 from app.models import SM3, AESHelper 13 from app.models import SM3, AESHelper
17 from app.util.component.StructurePrint import StructurePrint 14 from app.util.component.StructurePrint import StructurePrint
18 import traceback 15 import traceback
  16 +from oauthlib import oauth2
  17 +import requests
  18 +from app.modules.auth.models import OAuth2Token, User, db
19 19
20 20
21 def current_user(): 21 def current_user():
@@ -42,6 +42,10 @@ class DataManager(BlueprintApi): @@ -42,6 +42,10 @@ class DataManager(BlueprintApi):
42 @bp.route("/authorize", methods=("GET", "POST")) 42 @bp.route("/authorize", methods=("GET", "POST"))
43 def authorize(): 43 def authorize():
44 user = current_user() 44 user = current_user()
  45 + request2 = authorization.create_oauth2_request(request)
  46 + grant2 = authorization.get_authorization_grant(request=request2)
  47 + redirect_uri = grant2.validate_authorization_request()
  48 + session["redirect_uri"] = redirect_uri
45 if request.method == "GET": 49 if request.method == "GET":
46 # 没有登录,跳转到登录界面 50 # 没有登录,跳转到登录界面
47 try: 51 try:
@@ -212,3 +216,96 @@ class DataManager(BlueprintApi): @@ -212,3 +216,96 @@ class DataManager(BlueprintApi):
212 new_pwd = SM3.encode(p) 216 new_pwd = SM3.encode(p)
213 result[p] = new_pwd 217 result[p] = new_pwd
214 return result 218 return result
  219 +
  220 + '''
  221 + 三方登录:OA
  222 + '''
  223 + @staticmethod
  224 + @bp.route("/oa", methods=["GET"])
  225 + def oa_authorization():
  226 + client = oauth2.WebApplicationClient(
  227 + configure.OA_OAUTH["client_id"])
  228 + state = client.state_generator()
  229 + auth_uri = client.prepare_request_uri(
  230 + configure.OA_OAUTH["authorization_endpoint"], configure.OA_OAUTH["redirect_uri"], configure.OA_OAUTH["scope"], state)
  231 + session["oauth_state"] = state
  232 + return redirect(auth_uri)
  233 +
  234 + '''
  235 + oa三方登录回调
  236 + '''
  237 + @staticmethod
  238 + @bp.route("/oa/callback", methods=["GET"])
  239 + def oa_callback():
  240 +
  241 + client = oauth2.WebApplicationClient(
  242 + configure.OA_OAUTH["client_id"])
  243 +
  244 + # 获取code
  245 + code = client.parse_request_uri_response(
  246 + request.url, session["oauth_state"]).get("code")
  247 +
  248 + if code == None:
  249 + return "登录失败"
  250 +
  251 + # 获取token
  252 + body = client.prepare_request_body(
  253 + code, redirect_uri=configure.OA_OAUTH["redirect_uri"], client_secret=configure.OA_OAUTH["client_secret"])
  254 +
  255 + r = requests.post(configure.OA_OAUTH["token_endpoint"], body, headers={
  256 + "Content-Type": "application/x-www-form-urlencoded"})
  257 +
  258 + tokeninfo = r.json()
  259 + access_token = tokeninfo.get("access_token")
  260 +
  261 + if access_token:
  262 + # 获取用户信息
  263 + userinfo_url = configure.OA_OAUTH["userinfo_endpoint"]
  264 + user_request = requests.get(userinfo_url, headers={
  265 + "Authorization": "Bearer %s" % access_token})
  266 + userinfo = user_request.json()
  267 + user_name = userinfo.get("user_name")
  268 + display_name = userinfo.get("displayname")
  269 +
  270 + # 默认关联dmap用户
  271 + try:
  272 + user = User.query.filter_by(
  273 + username=user_name).first()
  274 + except error as e:
  275 + user = None
  276 +
  277 + # 用户不存在,创建用户
  278 + if not user:
  279 + user = User(username=user_name, password=SM3.encode('DMap@123'), role='dataman',
  280 + phone='', company='', position='', email='',
  281 + create_time=time.strftime(
  282 + "%Y-%m-%d %H:%M:%S", time.localtime()),
  283 + update_time=time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()))
  284 + db.session.add(user)
  285 + db.session.commit()
  286 +
  287 + # dmap token授权
  288 + session["id"] = user.id
  289 +
  290 + # 存入数据库
  291 + token = OAuth2Token(
  292 + client_id=configure.OA_OAUTH["client_id"],
  293 + token_type=tokeninfo.get("token_type"),
  294 + access_token=access_token,
  295 + scope=tokeninfo.get("scope"),
  296 + expires_in=tokeninfo.get("expires_in"),
  297 + user_id=user.id
  298 + )
  299 + db.session.add(token)
  300 + db.session.commit()
  301 +
  302 + redirect_uri = session["redirect_uri"]
  303 + if not redirect_uri:
  304 + redirect_uri = '/'
  305 +
  306 + response = make_response(redirect(redirect_uri))
  307 + response.set_cookie('accessToken', access_token,max_age=604_800)
  308 +
  309 + return response
  310 + else:
  311 + return redirect('/')
@@ -24,6 +24,7 @@ class User (db.Model): @@ -24,6 +24,7 @@ class User (db.Model):
24 create_time = Column(Time) 24 create_time = Column(Time)
25 update_time = Column(Time) 25 update_time = Column(Time)
26 role = Column(Text) 26 role = Column(Text)
  27 + #origin = Column(Text, default="dmap")
27 28
28 def __str__(self): 29 def __str__(self):
29 return self.username 30 return self.username
@@ -76,6 +76,8 @@ @@ -76,6 +76,8 @@
76 立即登录 76 立即登录
77 </button> 77 </button>
78 </div> 78 </div>
  79 + <div>——或者——</div>
  80 + <a href="/auth/oa"> 城信所统一用户认证 </a>
79 </form> 81 </form>
80 </div> 82 </div>
81 <div class="clear"></div> 83 <div class="clear"></div>
注册登录 后发表评论