Enabled support for DirectLogin and GatewayLogin #36

2026-02-06 16:46:57 +00:00 · 2017-11-06 10:48:26 +01:00 · 2017-11-06 10:48:26 +01:00 · d34eba5315
commit d34eba5315
parent eb53f0f83c
8 changed files with 97 additions and 15 deletions
--- a/apimanager/apimanager/settings.py
+++ b/apimanager/apimanager/settings.py
@ -201,6 +201,7 @@ API_SWAGGER_BASE_PATH = '/obp/v1.4.0'
 # Always save session$
 SESSION_SAVE_EVERY_REQUEST = True

+# Paths on API_HOST to OAuth
 OAUTH_TOKEN_PATH = '/oauth/initiate'
 OAUTH_AUTHORIZATION_PATH = '/oauth/authorize'
 OAUTH_ACCESS_TOKEN_PATH = '/oauth/token'
@ -209,6 +210,12 @@ OAUTH_ACCESS_TOKEN_PATH = '/oauth/token'
 OAUTH_CONSUMER_KEY = None
 OAUTH_CONSUMER_SECRET = None

+# Path on API_HOST to DirectLogin
+DIRECTLOGIN_PATH = '/my/logins/direct'
+
+# Set to true if the API is connected to a core banking system
+GATEWAYLOGIN_HAS_CBS = False
+
 # Local settings can override anything in here
 try:
    from apimanager.local_settings import *
--- a/apimanager/apimanager/urls.py
+++ b/apimanager/apimanager/urls.py
@ -6,7 +6,13 @@ URLs for apimanager
 from django.conf.urls import url, include

 from base.views import HomeView
-from obp.views import OAuthInitiateView, OAuthAuthorizeView, LogoutView
+from obp.views import (
+    OAuthInitiateView, OAuthAuthorizeView,
+    DirectLoginView,
+    GatewayLoginView,
+    LogoutView,
+)
+


 urlpatterns = [
@ -17,6 +23,10 @@ urlpatterns = [
        OAuthInitiateView.as_view(), name='oauth-initiate'),
    url(r'^oauth/authorize$',
        OAuthAuthorizeView.as_view(), name='oauth-authorize'),
+    url(r'^directlogin$',
+        DirectLoginView.as_view(), name='directlogin'),
+    url(r'^gatewaylogin$',
+        GatewayLoginView.as_view(), name='gatewaylogin'),
    url(r'^logout$',
        LogoutView.as_view(), name='oauth-logout'),
    url(r'^consumers/', include('consumers.urls')),
--- a/apimanager/base/static/css/base.css
+++ b/apimanager/base/static/css/base.css
@ -140,3 +140,11 @@ table.tablesorter thead tr .headerSortDown {
 table.tablesorter thead tr .headerSortDown, table.tablesorter thead tr .headerSortUp {
 	background-color: #e6e6e6;
 }
+
+
+.authentication-method {
+	display: none;
+}
+.authentication-method h3 {
+	margin-top: 0;
+}
--- a/apimanager/base/static/js/base.js
+++ b/apimanager/base/static/js/base.js
@ -1,3 +1,8 @@
 $(document).ready(function($) {
 	$('table.tablesorter').tablesorter();
+	$('#authentication-select').change(function() {
+		$('.authentication-method').hide();
+		var method = $(this).val();
+		$(`#authenticate-${method}`).show();
+	});
 });
--- a/apimanager/base/templates/home.html
+++ b/apimanager/base/templates/home.html
@ -13,15 +13,59 @@

 {% if not user.is_authenticated %}
 	<div id="login">
-		<h2>Please authenticate</h2>
-		<p>
-			<a class="btn btn-primary" href="{% url 'oauth-initiate' %}{% if request.GET.next %}?next={{ request.GET.next }}{% endif %}">Initiate OAuth authentication with API</a>
-		</p>
-	</div>
-{% else %}
-	<div id="loggedin">
-		<h2>Thanks for logging in!</h2>
-		<p>Please select one of the items in the navigation above.</p>
+		<label for="authentication-select"><h2>Authenticate</h2></label>
+		<div class="row">
+			<div class="col-xs-12 col-sm-3">
+				<select class="form-control" id="authentication-select">
+					<option value="">Choose ...</option>
+					<option value="oauth">OAuth 1</option>
+					<option value="directlogin">DirectLogin</option>
+					<option value="gatewaylogin">GatewayLogin</option>
+				</select>
+			</div>
+
+			<div class="col-xs-12 col-sm-9">
+				<div class="authentication-method" id="authenticate-oauth">
+					<h3>OAuth</h3>
+					<a class="btn btn-primary" href="{% url 'oauth-initiate' %}{% if request.GET.next %}?next={{ request.GET.next }}{% endif %}">Proceed to authentication server</a>
+				</div>
+				<div class="authentication-method" id="authenticate-directlogin">
+					<h3>DirectLogin</h3>
+					<form action="{% url 'directlogin' %}" method="post">
+						{% csrf_token %}
+						<div class="form-group">
+							<label for="username">Username:</label>
+							{{ directlogin_form.username }}
+						</div>
+						<div class="form-group">
+							<label for="password">Password:</label>
+							{{ directlogin_form.password }}
+						</div>
+						<div class="form-group">
+							<label for="consumer-key">Consumer Key:</label>
+							{{ directlogin_form.consumer_key }}
+						</div>
+						<button class="btn btn-primary">Login</button>
+					</form>
+				</div>
+				<div class="authentication-method" id="authenticate-gatewaylogin">
+					<h3>GatewayLogin</h3>
+					<form action="{% url 'gatewaylogin' %}" method="post">
+						{% csrf_token %}
+						<div class="form-group">
+							<label for="username">Username:</label>
+							{{ gatewaylogin_form.username }}
+						</div>
+						<div class="form-group">
+							<label for="secret">Secret:</label>
+							{{ gatewaylogin_form.secret }}
+						</div>
+						<button class="btn btn-primary">Login</button>
+					</form>
+
+				</div>
+			</div>
+		</div>
 	</div>
 {% endif %}

--- a/apimanager/base/views.py
+++ b/apimanager/base/views.py
@ -6,6 +6,8 @@ Views for base app
 from django.conf import settings
 from django.views.generic import TemplateView

+from obp.forms import DirectLoginForm, GatewayLoginForm
+

 class HomeView(TemplateView):
    """View for home page"""
@ -13,5 +15,9 @@ class HomeView(TemplateView):

    def get_context_data(self, **kwargs):
        context = super(HomeView, self).get_context_data(**kwargs)
-        context['API_HOST'] = settings.API_HOST
+        context.update({
+            'API_HOST': settings.API_HOST,
+            'directlogin_form': DirectLoginForm(),
+            'gatewaylogin_form': GatewayLoginForm(),
+        })
        return context
--- a/apimanager/obp/directlogin.py
+++ b/apimanager/obp/directlogin.py
@ -33,12 +33,12 @@ class DirectLoginAuthenticator(Authenticator):
        headers = {'Authorization': authorization}

        try:
-            response = requests.get(url, headers=headers)
+            response = requests.post(url, headers=headers)
        except requests.exceptions.ConnectionError as err:
            raise AuthenticatorError(err)

        result = response.json()
-        if response.status_code != 200:
+        if response.status_code != 201:
            raise AuthenticatorError(result['error'])
        else:
            self.token = result['token']
--- a/apimanager/obp/views.py
+++ b/apimanager/obp/views.py
@ -107,7 +107,8 @@ class DirectLoginView(FormView, LoginToDjangoMixin):

    def get_success_url(self):
        messages.success(self.request, 'DirectLogin successful!')
-        return reverse('runtests-index')
+        redirect_url = self.request.GET.get('next', reverse('home'))
+        return redirect_url

    def form_valid(self, form):
        """
@ -132,7 +133,8 @@ class GatewayLoginView(FormView, LoginToDjangoMixin):

    def get_success_url(self):
        messages.success(self.request, 'GatewayLogin successful!')
-        return reverse('runtests-index')
+        redirect_url = self.request.GET.get('next', reverse('home'))
+        return redirect_url

    def form_valid(self, form):
        """