diff --git a/controlpanel/frontend/jinja2/frontpage.html b/controlpanel/frontend/jinja2/justice_email.html similarity index 97% rename from controlpanel/frontend/jinja2/frontpage.html rename to controlpanel/frontend/jinja2/justice_email.html index 0fe935e55..0135fa676 100644 --- a/controlpanel/frontend/jinja2/frontpage.html +++ b/controlpanel/frontend/jinja2/justice_email.html @@ -17,7 +17,7 @@

Authenticate with your Justice identity

- + Skip for now @@ -25,8 +25,4 @@

Authenticate with your Justice identity

- - - - {% endblock %} diff --git a/controlpanel/frontend/urls.py b/controlpanel/frontend/urls.py index c980ad736..24cdc0521 100644 --- a/controlpanel/frontend/urls.py +++ b/controlpanel/frontend/urls.py @@ -7,7 +7,6 @@ urlpatterns = [ path("", views.IndexView.as_view(), name="index"), - path("frontpage/", views.FrontPageView.as_view(), name="frontpage"), path("oidc/entraid/auth/", views.EntraIdAuthView.as_view(), name="entraid-auth"), path("oidc/logout/", views.LogoutView.as_view(), name="oidc_logout"), path("datasources/", views.AdminBucketList.as_view(), name="list-all-datasources"), diff --git a/controlpanel/frontend/views/__init__.py b/controlpanel/frontend/views/__init__.py index 33b591a0a..d08bcede4 100644 --- a/controlpanel/frontend/views/__init__.py +++ b/controlpanel/frontend/views/__init__.py @@ -1,12 +1,17 @@ +# Standard library +import base64 +import hashlib + # Third-party from django.http import HttpResponseRedirect from django.urls import reverse from django.views.generic.base import TemplateView from mozilla_django_oidc.views import OIDCLogoutView +from oauthlib.common import generate_token # First-party/Local from controlpanel.frontend.views.accessibility import Accessibility -from controlpanel.frontend.views.auth import EntraIdAuthView, FrontPageView +from controlpanel.frontend.views.auth import EntraIdAuthView # isort: off from controlpanel.frontend.views.app import ( @@ -86,21 +91,42 @@ class IndexView(OIDCLoginRequiredMixin, TemplateView): template_name = "home.html" - def get(self, request): + def get_template_names(self): + if not self.request.user.justice_email: + return ["justice_email.html"] + + return [self.template_name] + + def get(self, request, *args, **kwargs): """ If the user is a superuser display the home page (containing useful admin related links). Otherwise, redirect the user to the list of the tools they currently have available on the platform. """ - if not request.user.justice_email: - return HttpResponseRedirect(reverse("frontpage")) if request.user.is_superuser: - return super().get(request) - else: - # Redirect to the tools page. - return HttpResponseRedirect(reverse("list-tools")) + return super().get(request, *args, **kwargs) + + # TODO add feature request check + if not request.user.justice_email: + return super().get(request, *args, **kwargs) + + # Redirect to the tools page. + return HttpResponseRedirect(reverse("list-tools")) + + def post(self, request): + code_challenge = self._get_code_challenge() + redirect_uri = request.build_absolute_uri(reverse("entraid-auth")) + return oauth.azure.authorize_redirect( + request, + redirect_uri, + code_challenge=code_challenge, + ) + def _get_code_challenge(self): + code_verifier = generate_token(64) + digest = hashlib.sha256(code_verifier.encode()).digest() + return base64.urlsafe_b64encode(digest).rstrip(b"=").decode() class LogoutView(OIDCLogoutView): def get(self, request): diff --git a/controlpanel/frontend/views/auth.py b/controlpanel/frontend/views/auth.py index 07e439a91..4f5c63264 100644 --- a/controlpanel/frontend/views/auth.py +++ b/controlpanel/frontend/views/auth.py @@ -1,45 +1,17 @@ # Standard library -import base64 -import hashlib # Third-party import sentry_sdk -from authlib.common.security import generate_token from authlib.integrations.django_client import OAuthError from django.contrib import messages from django.http import HttpResponseRedirect from django.urls import reverse from django.views import View -from django.views.generic import TemplateView # First-party/Local from controlpanel.oidc import OIDCLoginRequiredMixin, oauth -class FrontPageView(OIDCLoginRequiredMixin, TemplateView): - http_method_names = ["get", "post"] - template_name = "frontpage.html" - - def get(self, request, *args, **kwargs): - if self.request.user.justice_email: - return HttpResponseRedirect(reverse("index")) - return super().get(request, *args, **kwargs) - - def post(self, request): - code_challenge = self._get_code_challenge() - redirect_uri = request.build_absolute_uri(reverse("entraid-auth")) - return oauth.azure.authorize_redirect( - request, - redirect_uri, - code_challenge=code_challenge, - ) - - def _get_code_challenge(self): - code_verifier = generate_token(64) - digest = hashlib.sha256(code_verifier.encode()).digest() - return base64.urlsafe_b64encode(digest).rstrip(b"=").decode() - - class EntraIdAuthView(OIDCLoginRequiredMixin, View): http_method_names = ["get"]