增加了讨论区的 SSO 登录

account/serializers.py

@@ -57,4 +57,8 @@ class ApplyResetPasswordSerializer(serializers.Serializer):
 class ResetPasswordSerializer(serializers.Serializer):
     token = serializers.CharField(min_length=1, max_length=40)
     password = serializers.CharField(min_length=6, max_length=30)
-    captcha = serializers.CharField(max_length=4, min_length=4)
+    captcha = serializers.CharField(max_length=4, min_length=4)
+
+
+class SSOSerializer(serializers.Serializer):
+    token = serializers.CharField(max_length=40)

account/views.py

@@ -5,6 +5,7 @@ from django.contrib import auth
 from django.shortcuts import render
 from django.db.models import Q
 from django.conf import settings
+from django.http import HttpResponseRedirect
 from django.core.exceptions import MultipleObjectsReturned
 from django.utils.timezone import now
 
@@ -20,7 +21,8 @@ from .models import User
 from .serializers import (UserLoginSerializer, UsernameCheckSerializer,
                           UserRegisterSerializer, UserChangePasswordSerializer,
                           EmailCheckSerializer, UserSerializer, EditUserSerializer,
-                          ApplyResetPasswordSerializer, ResetPasswordSerializer)
+                          ApplyResetPasswordSerializer, ResetPasswordSerializer,
+                          SSOSerializer)
 from .decorators import super_admin_required
 
 
@@ -287,12 +289,24 @@ def user_index_page(request, username):
     return render(request, "oj/account/user_index.html")
 
 
-def auth_page(request):
-    if not request.user.is_authenticated():
-        return render(request, "oj/account/oauth.html")
-    callback = request.GET.get("callback", None)
-    if not callback:
-        return error_page(request, u"参数错误")
-    token = rand_str()
-    request.user.auth_token = token
-    return render(request, "oj/account/oauth.html", {"callback": callback, "token": token})
+class SSOAPIView(APIView):
+    def post(self, request):
+        serializer = SSOSerializer(data=request.data)
+        if serializer.is_valid():
+            try:
+                user = User.objects.get(auth_token=serializer.data["token"])
+                return success_response({"username": user.username})
+            except User.DoesNotExist:
+                return error_response(u"用户不存在")
+        else:
+            return serializer_invalid_response(serializer)
+
+    @login_required
+    def get(self, request):
+        callback = request.GET.get("callback", None)
+        if not callback or callback != settings.SSO["callback"]:
+            return error_page(request, u"参数错误")
+        token = rand_str()
+        request.user.auth_token = token
+        request.user.save()
+        return render(request, "oj/account/sso.html", {"redirect_url": callback + "?token=" + token, "callback": callback})

oj/local_settings.py

@@ -11,18 +11,13 @@ DATABASES = {
     },
     # submission 的 name 和 engine 请勿修改，其他代码会用到
     'submission': {
-        'NAME': 'oj_submission',
-        'ENGINE': 'django.db.backends.mysql',
-        'CONN_MAX_AGE': 0.1,
-        'HOST': "127.0.0.1",
-        'PORT': 3306,
-        'USER': 'root',
-        'PASSWORD': 'root',
+        'ENGINE': 'django.db.backends.sqlite3',
+        'NAME': os.path.join(BASE_DIR, 'db1.sqlite3'),
     }
 }
 
 REDIS_CACHE = {
-    "host": "121.42.32.129",
+    "host": "127.0.0.1",
     "port": 6379,
     "db": 1
 }
@@ -36,4 +31,6 @@ ALLOWED_HOSTS = []
 STATICFILES_DIRS = [os.path.join(BASE_DIR, "static/src/"), BASE_DIR]
 
 # 模板文件夹
-TEMPLATE_DIRS = [os.path.join(BASE_DIR, 'template/src/')]
+TEMPLATE_DIRS = [os.path.join(BASE_DIR, 'template/src/')]
+
+SSO = {"callback": "http://localhost:8765/login"}

oj/server_settings.py

@@ -43,3 +43,5 @@ STATICFILES_DIRS = [os.path.join(BASE_DIR, "static/release/"), os.path.join(BASE
 TEMPLATE_DIRS = [os.path.join(BASE_DIR, 'template/release/')]
 
 SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+
+SSO = {"callback": "https://discuss.acmer.site/login"}

oj/urls.py

@@ -6,7 +6,7 @@ from django.views.generic import TemplateView
 from account.views import (UserLoginAPIView, UsernameCheckAPIView, UserRegisterAPIView,
                            UserChangePasswordAPIView, EmailCheckAPIView,
                            UserAdminAPIView, UserInfoAPIView,
-                           ApplyResetPasswordAPIView)
+                           ApplyResetPasswordAPIView, SSOAPIView)
 
 from announcement.views import AnnouncementAdminAPIView
 
@@ -127,7 +127,7 @@ urlpatterns = [
 
     url(r'^account/settings/$', TemplateView.as_view(template_name="oj/account/settings.html"), name="account_setting_page"),
     url(r'^account/settings/avatar/$', TemplateView.as_view(template_name="oj/account/avatar.html"), name="avatar_settings_page"),
-    url(r'^account/auth/$', "account.views.auth_page", name="auth_login_page"),
+    url(r'^account/sso/$', SSOAPIView.as_view(), name="sso_api"),
 ]
 
 

template/src/oj/account/sso.html

@@ -5,17 +5,13 @@
 {% block body %}
     <div class="container main">
         <div class="text-center">
-            {% if request.user.is_authenticated %}
-                <p>3秒钟后将跳转到<span id="link">{{ callback }}</span></p>
+                <p>3秒钟后将使用账号{{ request.user.username }}登录<span id="link">{{ callback }}</span></p>
+            <button class="btn btn-warning" onclick="location.href='/'">取消登录</button>
+            <button class="btn btn-success" onclick="location.href='/login/'">更换账号</button>
                 <script>setTimeout(function(){
-                    window.location.href = "{{ callback }}?token={{ token }}"},
+                    window.location.href = "{{ redirect_url }}"},
                         3000);
                 </script>
-            {% else %}
-                <script>window.location.href = "/login/";</script>
-            {% endif %}
-
-
         </div>
     </div>
 {% endblock %}