238 lines
8.8 KiB
Python
238 lines
8.8 KiB
Python
# Copyright (c) 2023-present Plane Software, Inc. and contributors
|
|
# SPDX-License-Identifier: AGPL-3.0-only
|
|
# See the LICENSE file for details.
|
|
|
|
# Django imports
|
|
from django.core.exceptions import ValidationError
|
|
from django.core.validators import validate_email
|
|
from django.http import HttpResponseRedirect
|
|
from django.views import View
|
|
|
|
# Module imports
|
|
from plane.authentication.provider.credentials.email import EmailProvider
|
|
from plane.authentication.utils.login import user_login
|
|
from plane.license.models import Instance
|
|
from plane.authentication.utils.host import base_host
|
|
from plane.authentication.utils.redirection_path import get_redirection_path
|
|
from plane.authentication.utils.user_auth_workflow import post_user_auth_workflow
|
|
from plane.db.models import User
|
|
from plane.authentication.adapter.error import (
|
|
AuthenticationException,
|
|
AUTHENTICATION_ERROR_CODES,
|
|
)
|
|
from plane.utils.path_validator import get_safe_redirect_url
|
|
|
|
|
|
class SignInAuthEndpoint(View):
|
|
def post(self, request):
|
|
next_path = request.POST.get("next_path")
|
|
# Check instance configuration
|
|
instance = Instance.objects.first()
|
|
if instance is None or not instance.is_setup_done:
|
|
# Redirection params
|
|
exc = AuthenticationException(
|
|
error_code=AUTHENTICATION_ERROR_CODES["INSTANCE_NOT_CONFIGURED"],
|
|
error_message="INSTANCE_NOT_CONFIGURED",
|
|
)
|
|
params = exc.get_error_dict()
|
|
# Base URL join
|
|
url = get_safe_redirect_url(
|
|
base_url=base_host(request=request, is_app=True),
|
|
next_path=next_path,
|
|
params=params,
|
|
)
|
|
return HttpResponseRedirect(url)
|
|
|
|
# set the referer as session to redirect after login
|
|
email = request.POST.get("email", False)
|
|
password = request.POST.get("password", False)
|
|
|
|
## Raise exception if any of the above are missing
|
|
if not email or not password:
|
|
# Redirection params
|
|
exc = AuthenticationException(
|
|
error_code=AUTHENTICATION_ERROR_CODES["REQUIRED_EMAIL_PASSWORD_SIGN_IN"],
|
|
error_message="REQUIRED_EMAIL_PASSWORD_SIGN_IN",
|
|
payload={"email": str(email)},
|
|
)
|
|
params = exc.get_error_dict()
|
|
# Next path
|
|
url = get_safe_redirect_url(
|
|
base_url=base_host(request=request, is_app=True),
|
|
next_path=next_path,
|
|
params=params,
|
|
)
|
|
return HttpResponseRedirect(url)
|
|
|
|
# Validate email
|
|
email = email.strip().lower()
|
|
try:
|
|
validate_email(email)
|
|
except ValidationError:
|
|
exc = AuthenticationException(
|
|
error_code=AUTHENTICATION_ERROR_CODES["INVALID_EMAIL_SIGN_IN"],
|
|
error_message="INVALID_EMAIL_SIGN_IN",
|
|
payload={"email": str(email)},
|
|
)
|
|
params = exc.get_error_dict()
|
|
url = get_safe_redirect_url(
|
|
base_url=base_host(request=request, is_app=True),
|
|
next_path=next_path,
|
|
params=params,
|
|
)
|
|
return HttpResponseRedirect(url)
|
|
|
|
existing_user = User.objects.filter(email=email).first()
|
|
|
|
if not existing_user:
|
|
exc = AuthenticationException(
|
|
error_code=AUTHENTICATION_ERROR_CODES["USER_DOES_NOT_EXIST"],
|
|
error_message="USER_DOES_NOT_EXIST",
|
|
payload={"email": str(email)},
|
|
)
|
|
params = exc.get_error_dict()
|
|
url = get_safe_redirect_url(
|
|
base_url=base_host(request=request, is_app=True),
|
|
next_path=next_path,
|
|
params=params,
|
|
)
|
|
return HttpResponseRedirect(url)
|
|
|
|
try:
|
|
provider = EmailProvider(
|
|
request=request,
|
|
key=email,
|
|
code=password,
|
|
is_signup=False,
|
|
callback=post_user_auth_workflow,
|
|
)
|
|
user = provider.authenticate()
|
|
# Login the user and record his device info
|
|
user_login(request=request, user=user, is_app=True)
|
|
# Get the redirection path
|
|
if next_path:
|
|
path = next_path
|
|
else:
|
|
path = get_redirection_path(user=user)
|
|
|
|
# Get the safe redirect URL
|
|
url = get_safe_redirect_url(
|
|
base_url=base_host(request=request, is_app=True),
|
|
next_path=path,
|
|
params={},
|
|
)
|
|
return HttpResponseRedirect(url)
|
|
except AuthenticationException as e:
|
|
params = e.get_error_dict()
|
|
url = get_safe_redirect_url(
|
|
base_url=base_host(request=request, is_app=True),
|
|
next_path=next_path,
|
|
params=params,
|
|
)
|
|
return HttpResponseRedirect(url)
|
|
|
|
|
|
class SignUpAuthEndpoint(View):
|
|
def post(self, request):
|
|
next_path = request.POST.get("next_path")
|
|
# Check instance configuration
|
|
instance = Instance.objects.first()
|
|
if instance is None or not instance.is_setup_done:
|
|
# Redirection params
|
|
exc = AuthenticationException(
|
|
error_code=AUTHENTICATION_ERROR_CODES["INSTANCE_NOT_CONFIGURED"],
|
|
error_message="INSTANCE_NOT_CONFIGURED",
|
|
)
|
|
params = exc.get_error_dict()
|
|
url = get_safe_redirect_url(
|
|
base_url=base_host(request=request, is_app=True),
|
|
next_path=next_path,
|
|
params=params,
|
|
)
|
|
return HttpResponseRedirect(url)
|
|
|
|
email = request.POST.get("email", False)
|
|
password = request.POST.get("password", False)
|
|
## Raise exception if any of the above are missing
|
|
if not email or not password:
|
|
# Redirection params
|
|
exc = AuthenticationException(
|
|
error_code=AUTHENTICATION_ERROR_CODES["REQUIRED_EMAIL_PASSWORD_SIGN_UP"],
|
|
error_message="REQUIRED_EMAIL_PASSWORD_SIGN_UP",
|
|
payload={"email": str(email)},
|
|
)
|
|
params = exc.get_error_dict()
|
|
url = get_safe_redirect_url(
|
|
base_url=base_host(request=request, is_app=True),
|
|
next_path=next_path,
|
|
params=params,
|
|
)
|
|
return HttpResponseRedirect(url)
|
|
# Validate the email
|
|
email = email.strip().lower()
|
|
try:
|
|
validate_email(email)
|
|
except ValidationError:
|
|
# Redirection params
|
|
exc = AuthenticationException(
|
|
error_code=AUTHENTICATION_ERROR_CODES["INVALID_EMAIL_SIGN_UP"],
|
|
error_message="INVALID_EMAIL_SIGN_UP",
|
|
payload={"email": str(email)},
|
|
)
|
|
params = exc.get_error_dict()
|
|
url = get_safe_redirect_url(
|
|
base_url=base_host(request=request, is_app=True),
|
|
next_path=next_path,
|
|
params=params,
|
|
)
|
|
return HttpResponseRedirect(url)
|
|
|
|
# Existing user
|
|
existing_user = User.objects.filter(email=email).first()
|
|
|
|
if existing_user:
|
|
# Existing User
|
|
exc = AuthenticationException(
|
|
error_code=AUTHENTICATION_ERROR_CODES["USER_ALREADY_EXIST"],
|
|
error_message="USER_ALREADY_EXIST",
|
|
payload={"email": str(email)},
|
|
)
|
|
params = exc.get_error_dict()
|
|
url = get_safe_redirect_url(
|
|
base_url=base_host(request=request, is_app=True),
|
|
next_path=next_path,
|
|
params=params,
|
|
)
|
|
return HttpResponseRedirect(url)
|
|
|
|
try:
|
|
provider = EmailProvider(
|
|
request=request,
|
|
key=email,
|
|
code=password,
|
|
is_signup=True,
|
|
callback=post_user_auth_workflow,
|
|
)
|
|
user = provider.authenticate()
|
|
# Login the user and record his device info
|
|
user_login(request=request, user=user, is_app=True)
|
|
# Get the redirection path
|
|
if next_path:
|
|
path = next_path
|
|
else:
|
|
path = get_redirection_path(user=user)
|
|
|
|
url = get_safe_redirect_url(
|
|
base_url=base_host(request=request, is_app=True),
|
|
next_path=path,
|
|
params={},
|
|
)
|
|
return HttpResponseRedirect(url)
|
|
except AuthenticationException as e:
|
|
params = e.get_error_dict()
|
|
url = get_safe_redirect_url(
|
|
base_url=base_host(request=request, is_app=True),
|
|
next_path=next_path,
|
|
params=params,
|
|
)
|
|
return HttpResponseRedirect(url)
|