ホーム エクスプローラ ヘルプ
登録 サインイン
shenzhen
/
tjdify
Watch 2
Star 0
Fork 0
ファイル 課題 0 プルリクエスト 0 Wiki
ツリー: d7f0056e2d
ブランチ タグ
tjdify
/
api
/
services
/
enterprise
/
enterprise_sso_service.py

enterprise_sso_service.py 2.2 KB
履歴 Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061 
  1. import logging
    2. 

  2. 

  3. from models.account import Account, AccountStatus
    4. 

  4. from services.account_service import AccountService, TenantService
    5. 

  5. from services.enterprise.base import EnterpriseRequest
    6. 

  6. 

  7. logger = logging.getLogger(__name__)
    8. 

  8. 

  9. 

  10. class EnterpriseSSOService:
    11. 

  11. 

  12.     @classmethod
    13. 

  13.     def get_sso_saml_login(cls) -> str:
    14. 

  14.         return EnterpriseRequest.send_request('GET', '/sso/saml/login')
    15. 

  15. 

  16.     @classmethod
    17. 

  17.     def post_sso_saml_acs(cls, saml_response: str) -> str:
    18. 

  18.         response = EnterpriseRequest.send_request('POST', '/sso/saml/acs', json={'SAMLResponse': saml_response})
    19. 

  19.         if 'email' not in response or response['email'] is None:
    20. 

  20.             logger.exception(response)
    21. 

  21.             raise Exception('Saml response is invalid')
    22. 

  22. 

  23.         return cls.login_with_email(response.get('email'))
    24. 

  24. 

  25.     @classmethod
    26. 

  26.     def get_sso_oidc_login(cls):
    27. 

  27.         return EnterpriseRequest.send_request('GET', '/sso/oidc/login')
    28. 

  28. 

  29.     @classmethod
    30. 

  30.     def get_sso_oidc_callback(cls, args: dict):
    31. 

  31.         state_from_query = args['state']
    32. 

  32.         code_from_query = args['code']
    33. 

  33.         state_from_cookies = args['oidc-state']
    34. 

  34. 

  35.         if state_from_cookies != state_from_query:
    36. 

  36.             raise Exception('invalid state or code')
    37. 

  37. 

  38.         response = EnterpriseRequest.send_request('GET', '/sso/oidc/callback', params={'code': code_from_query})
    39. 

  39.         if 'email' not in response or response['email'] is None:
    40. 

  40.             logger.exception(response)
    41. 

  41.             raise Exception('OIDC response is invalid')
    42. 

  42. 

  43.         return cls.login_with_email(response.get('email'))
    44. 

  44. 

  45.     @classmethod
    46. 

  46.     def login_with_email(cls, email: str) -> str:
    47. 

  47.         account = Account.query.filter_by(email=email).first()
    48. 

  48.         if account is None:
    49. 

  49.             raise Exception('account not found, please contact system admin to invite you to join in a workspace')
    50. 

  50. 

  51.         if account.status == AccountStatus.BANNED:
    52. 

  52.             raise Exception('account is banned, please contact system admin')
    53. 

  53. 

  54.         tenants = TenantService.get_join_tenants(account)
    55. 

  55.         if len(tenants) == 0:
    56. 

  56.             raise Exception("workspace not found, please contact system admin to invite you to join in a workspace")
    57. 

  57. 

  58.         token = AccountService.get_account_jwt_token(account)
    59. 

  59. 

  60.         return token
    61. 

  61.