From 7a64a098c11ca8c0f294f8a980e889b84d9ba5cc Mon Sep 17 00:00:00 2001
From: rushilwiz <rushilwiz@gmail.com>
Date: Fri, 22 May 2020 04:26:32 -0400
Subject: [PATCH] GOT LOGIN AND OAUTH WORKIN!

---
 chirper/blog/templates/blog/base.html    | 10 ++++
 chirper/users/templates/users/login.html |  7 ++-
 chirper/users/urls.py                    |  1 +
 chirper/users/views.py                   | 65 +++++++++++++++++++-----
 4 files changed, 69 insertions(+), 14 deletions(-)

diff --git a/chirper/blog/templates/blog/base.html b/chirper/blog/templates/blog/base.html
index 9fd6a4e..9d75617 100644
--- a/chirper/blog/templates/blog/base.html
+++ b/chirper/blog/templates/blog/base.html
@@ -45,6 +45,16 @@
     <main role="main" class="container">
       <div class="row">
         <div class="col-md-8">
+          {% if messages %}
+            {% for message in messages %}
+              <div class="alert alert-{{ message.tags }} alert-dismissible fade show">
+                {{ message }}
+                <button type="button" class="close" data-dismiss="alert" aria-label="Close">
+                  <span aria-hidden="true">&times;</span>
+                </button>
+              </div>
+            {% endfor %}
+          {% endif %}
           {% block content %}{% endblock %}
         </div>
       </div>
diff --git a/chirper/users/templates/users/login.html b/chirper/users/templates/users/login.html
index 2afa10c..50eecdd 100644
--- a/chirper/users/templates/users/login.html
+++ b/chirper/users/templates/users/login.html
@@ -1 +1,6 @@
-<h1>you shouldn't be here</h1>
+{% extends "blog/base.html" %}
+{% block content %}
+  <div class="content-section">
+    <a class="btn btn-primary btn-lg btn-block" href="{{authorization_url}}">Sign in with Ion</a>
+  </div>
+{% endblock content %}
diff --git a/chirper/users/urls.py b/chirper/users/urls.py
index 8f9e766..9082c24 100644
--- a/chirper/users/urls.py
+++ b/chirper/users/urls.py
@@ -3,4 +3,5 @@ from . import views
 
 urlpatterns = [
     path('', views.login, name='login'),
+    path('callback/', views.callback)
 ]
diff --git a/chirper/users/views.py b/chirper/users/views.py
index f4a20b4..8929f7e 100644
--- a/chirper/users/views.py
+++ b/chirper/users/views.py
@@ -1,7 +1,9 @@
 from django.shortcuts import render, redirect
+from django.contrib.auth.models import User
+from django.contrib.auth import authenticate
+from django.contrib.auth import login as auth_login
+from django.contrib import messages
 from requests_oauthlib import OAuth2Session
-from oauthlib.oauth2 import TokenExpiredError
-from django.views.decorators.csrf import csrf_exempt
 import json
 import requests
 
@@ -9,22 +11,59 @@ import requests
 
 client_id = r'6p7HJlFCD8cnBNBEdgMsdULS5ph0jserw1xvWfxX'
 client_secret = r'E1e79KebxzAp0LBEtxcUg32b0qFP9Ap9Dxqkac6Qhci5AwXFhSfrbe7MtmGJUh6DDgxivJpGgFYNQgusfvoSraDAnsq3NnEET5DmxgfBBvvuYc2bwDq6KpeKIDQqFtwz'
-redirect_uri = 'http://localhost:8000/login/'
+redirect_uri = 'http://localhost:8000/login/callback/'
 token_url = 'https://ion.tjhsst.edu/oauth/authorize/'
 scope=["read","write"]
 
+authorized_users=["2023rumareti", "Your ION_USERNAME"]
+#                 Hey that's me
+
+# Yes, I realize that this is slightly convoluted, but I couldn't get social-oauth to work,
+# and OAuth2Session kept giving me nasty errors, so what I am doing below is pretty much manual OAuth
+
 def login(request):
-    if request.method == "GET":
-        code = request.GET.get('code')
-        if code is not None:
-            payload = {'grant_type':'authorization_code','code': code,'redirect_uri':redirect_uri,'client_id':client_id,'client_secret':client_secret, 'csrfmiddlewaretoken': request.GET.get("state")}
-            token = requests.post("https://ion.tjhsst.edu/oauth/token/", data=payload)
-            # profile = requests.post("https://ion.tjhsst.edu/api/profile", headers="Authorization: Bearer {token.access_token}")
-            return redirect('/')
-
 
+    # First, we get a authorization url with OAuth2Session and redirect the user to the Ion authorization page
     oauth = OAuth2Session(client_id=client_id, redirect_uri=redirect_uri, scope=scope)
     authorization_url, state = oauth.authorization_url("https://ion.tjhsst.edu/oauth/authorize/")
-    print(f'a_url: {authorization_url}')
 
-    return redirect(authorization_url)
+    return render(request,"users/login.html", {"authorization_url": authorization_url})
+
+def callback (request):
+        if request.method == "GET":
+            code = request.GET.get('code')
+            state = request.GET.get("state")
+            # Then if we get a response from Ion with the authorization code
+            if code is not None and state is not None:
+
+                # We send it back to fetch the acess_token
+                payload = {'grant_type':'authorization_code','code': code,'redirect_uri':redirect_uri,'client_id':client_id,'client_secret':client_secret, 'csrfmiddlewaretoken': state}
+                token = requests.post("https://ion.tjhsst.edu/oauth/token/", data=payload).json()
+                headers = {'Authorization': f"Bearer {token['access_token']}"}
+
+                # And finally get the user's profile!
+                profile = requests.get("https://ion.tjhsst.edu/api/profile", headers=headers).json()
+                username = profile['ion_username']
+                email = profile['tj_email']
+                first_name = profile['first_name']
+                last_name = profile['last_name']
+
+                # First we need to check if this user is authoized to post, as defined in the global array above
+                if username in authorized_users:
+                    # Then we check if this user exists in the system, we log them in, and if not we create a user for them
+                    user = authenticate(request, username=username, password=username)
+                    if user is not None:
+                        auth_login(request, user)
+                        messages.success(request, f"Welcome back {first_name}!")
+                    else:
+                        user = User.objects.create_user(username=username, email=email, password=username, first_name=first_name, last_name=last_name)
+                        user.save()
+                        auth_login(request, user, backend='django.contrib.auth.backends.ModelBackend')
+                        messages.success(request, f"Welcome to Chirper, {first_name}, we hope you like your stay!")
+                    return redirect('/')
+                else:
+                    messages.error(request, "Sorry, you're not an authorized Ion user!", extra_tags='danger')
+                    return redirect('/')
+
+        messages.warning(request, "Invalid Callback Response")
+        return redirect('/')