-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
20 changed files
with
362 additions
and
21 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
# Generated by Django 4.2.7 on 2024-03-26 12:21 | ||
|
||
from django.db import migrations, models | ||
|
||
|
||
class Migration(migrations.Migration): | ||
dependencies = [ | ||
("api", "0035_user_is_bedrock_enabled"), | ||
] | ||
|
||
operations = [ | ||
migrations.AddField( | ||
model_name="user", | ||
name="justice_email", | ||
field=models.EmailField(blank=True, max_length=254, null=True, unique=True), | ||
), | ||
] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
{% extends "base.html" %} | ||
|
||
{% set page_name = "home" %} | ||
{% set hide_nav = True %} | ||
{% set page_title = "Hello " ~ ( request.user.name if request.user ) %} | ||
|
||
{% block content %} | ||
|
||
<div class="govuk-grid-row"> | ||
<div class="govuk-grid-column-two-thirds"> | ||
<h1 class="govuk-heading-xl">Authenticate with your Justice identity</h1> | ||
<p class="govuk-body-l">As part of upcoming work to offer new tools and services, all Analytical Platform will need to authenticate with their Justice identity so that we can store your @justice.gov.uk email address.</p> | ||
<p class="govuk-body">You will need to complete authentication by 30th April 2024. If you do not currently have a @justice.gov.uk email address, <a href="#" class="govuk-link">see our guidance on requesting one.</a></p> | ||
<div class="govuk-button-group"> | ||
<form method="POST" action="."> | ||
{{ csrf_input }} | ||
<button type="submit" class="govuk-button" data-module="govuk-button"> | ||
Authenticate with Justice identity | ||
</button> | ||
<a class="govuk-button govuk-button--secondary" href="{{ url('list-tools') }}"> | ||
Skip for now | ||
</a> | ||
</form> | ||
</div> | ||
</div> | ||
</div> | ||
|
||
{% endblock %} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
# Standard library | ||
|
||
# Third-party | ||
import sentry_sdk | ||
from authlib.integrations.django_client import OAuthError | ||
from django.conf import settings | ||
from django.contrib import messages | ||
from django.http import HttpResponseRedirect, Http404 | ||
from django.urls import reverse | ||
from django.views import View | ||
|
||
# First-party/Local | ||
from controlpanel.oidc import OIDCLoginRequiredMixin, oauth | ||
|
||
|
||
class EntraIdAuthView(OIDCLoginRequiredMixin, View): | ||
""" | ||
This view is used as the callback after a user authenticates with their Justice | ||
identity via Azure EntraID, in order to capture a users Justice email address. | ||
""" | ||
http_method_names = ["get"] | ||
|
||
def _get_access_token(self): | ||
""" | ||
Attempts to valiate and return the access token | ||
""" | ||
try: | ||
token = oauth.azure.authorize_access_token(self.request) | ||
except OAuthError as error: | ||
sentry_sdk.capture_exception(error) | ||
token = None | ||
return token | ||
|
||
def get(self, request, *args, **kwargs): | ||
""" | ||
Attempts to retrieve the auth token, and update the user. | ||
""" | ||
if not settings.features.justice_auth.enabled and not request.user.is_superuser: | ||
raise Http404() | ||
|
||
token = self._get_access_token() | ||
if not token: | ||
messages.error(request, "Something went wrong, please try again") | ||
return HttpResponseRedirect(reverse("index")) | ||
|
||
self.update_user(token=token) | ||
messages.success( | ||
request=request, | ||
message=f"Successfully authenticated with your email {request.user.justice_email}", | ||
) | ||
return HttpResponseRedirect(reverse("index")) | ||
|
||
def update_user(self, token): | ||
""" | ||
Update user with details from the ID token returned by the provided EntraID | ||
access token | ||
""" | ||
email = token["userinfo"]["email"] | ||
self.request.user.justice_email = email | ||
self.request.user.save() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.