Fakultas Ilmu Komputer UI
Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
PMPL
Class Project
Kape
Commits
a5b4f0a5
Commit
a5b4f0a5
authored
Sep 30, 2019
by
Hafiyyan
Browse files
Merge branch 'login_sso_fix' into 'master'
Login sso fix See merge request
!1
parents
6bd97e2a
fdd20042
Pipeline
#21943
canceled with stages
Changes
4
Pipelines
4
Hide whitespace changes
Inline
Side-by-side
core/tests/test_accounts.py
View file @
a5b4f0a5
...
...
@@ -8,6 +8,7 @@ from core.models.accounts import Company, Supervisor, Student
class
LoginTests
(
APITestCase
):
@
requests_mock
.
Mocker
()
def
test_succesful_student_login_relogin
(
self
,
m
):
m
.
get
(
'https://akun.cs.ui.ac.id/oauth/token/verify/?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG'
,
json
=
{
"username"
:
'dummy.mahasiswa'
,
"role"
:
'mahasiswa'
,
"identity_number"
:
'1234567890'
},
status_code
=
200
)
m
.
post
(
'https://api.cs.ui.ac.id/authentication/ldap/v2/'
,
json
=
{
"username"
:
"dummy.mahasiswa"
,
"nama"
:
"Dummy Mahasiswa"
,
...
...
@@ -16,7 +17,7 @@ class LoginTests(APITestCase):
"kodeidentitas"
:
"1234567890"
,
"nama_role"
:
"mahasiswa"
},
status_code
=
200
)
m
.
get
(
'https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890
/
'
,
json
=
{
m
.
get
(
'https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890
?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG
'
,
json
=
{
"kota_lahir"
:
"kota_kota"
,
"tgl_lahir"
:
"2017-12-31"
,
"program"
:
[{
...
...
@@ -35,6 +36,7 @@ class LoginTests(APITestCase):
@
requests_mock
.
Mocker
()
def
test_successful_supervisor_login_relogin
(
self
,
m
):
m
.
get
(
'https://akun.cs.ui.ac.id/oauth/token/verify/?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG'
,
json
=
{
"username"
:
'dummy.mahasiswa'
,
"role"
:
'mahasiswa'
,
"identity_number"
:
'1234567890'
},
status_code
=
200
)
m
.
post
(
'https://api.cs.ui.ac.id/authentication/ldap/v2/'
,
json
=
{
"username"
:
"dummy.dosen"
,
"nama"
:
"Dummy Dosen"
,
...
...
@@ -106,6 +108,7 @@ class ProfileUpdateTests(APITestCase):
@
requests_mock
.
Mocker
()
def
test_student_profile_update
(
self
,
m
):
m
.
get
(
'https://akun.cs.ui.ac.id/oauth/token/verify/?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG'
,
json
=
{
"username"
:
'dummy.mahasiswa'
,
"role"
:
'mahasiswa'
,
"identity_number"
:
'1234567890'
},
status_code
=
200
)
m
.
post
(
'https://api.cs.ui.ac.id/authentication/ldap/v2/'
,
json
=
{
"username"
:
"dummy.mahasiswa"
,
"nama"
:
"Dummy Mahasiswa"
,
...
...
@@ -114,7 +117,7 @@ class ProfileUpdateTests(APITestCase):
"kodeidentitas"
:
"1234567890"
,
"nama_role"
:
"mahasiswa"
},
status_code
=
200
)
m
.
get
(
'https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890
/
'
,
json
=
{
m
.
get
(
'https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890
?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG
'
,
json
=
{
"kota_lahir"
:
"kota_kota"
,
"tgl_lahir"
:
"2017-12-31"
,
"program"
:
[{
...
...
core/tests/test_vacancies.py
View file @
a5b4f0a5
...
...
@@ -12,6 +12,7 @@ from core.models.vacancies import Vacancy, Application
class
ApplicationTests
(
APITestCase
):
@
requests_mock
.
Mocker
()
def
test_application_list
(
self
,
m
):
m
.
get
(
'https://akun.cs.ui.ac.id/oauth/token/verify/?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG'
,
json
=
{
"username"
:
'dummy.mahasiswa'
,
"role"
:
'mahasiswa'
,
"identity_number"
:
'1234567890'
},
status_code
=
200
)
m
.
post
(
'https://api.cs.ui.ac.id/authentication/ldap/v2/'
,
json
=
{
"username"
:
"dummy.mahasiswa"
,
"nama"
:
"Dummy Mahasiswa"
,
...
...
@@ -20,7 +21,7 @@ class ApplicationTests(APITestCase):
"kodeidentitas"
:
"1234567890"
,
"nama_role"
:
"mahasiswa"
},
status_code
=
200
)
m
.
get
(
'https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890
/
'
,
json
=
{
m
.
get
(
'https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890
?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG
'
,
json
=
{
"kota_lahir"
:
"kota_kota"
,
"tgl_lahir"
:
"2017-12-31"
,
"program"
:
[{
...
...
@@ -42,6 +43,7 @@ class ApplicationTests(APITestCase):
@
requests_mock
.
Mocker
()
def
test_application_create_and_delete
(
self
,
m
):
m
.
get
(
'https://akun.cs.ui.ac.id/oauth/token/verify/?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG'
,
json
=
{
"username"
:
'dummy.mahasiswa'
,
"role"
:
'mahasiswa'
,
"identity_number"
:
'1234567890'
},
status_code
=
200
)
m
.
post
(
'https://api.cs.ui.ac.id/authentication/ldap/v2/'
,
json
=
{
"username"
:
"dummy.mahasiswa"
,
"nama"
:
"Dummy Mahasiswa"
,
...
...
@@ -50,7 +52,7 @@ class ApplicationTests(APITestCase):
"kodeidentitas"
:
"1234567890"
,
"nama_role"
:
"mahasiswa"
},
status_code
=
200
)
m
.
get
(
'https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890
/
'
,
json
=
{
m
.
get
(
'https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890
?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG
'
,
json
=
{
"kota_lahir"
:
"kota_kota"
,
"tgl_lahir"
:
"2017-12-31"
,
"program"
:
[{
...
...
@@ -84,6 +86,7 @@ class ApplicationTests(APITestCase):
class
BookmarkApplicationTests
(
APITestCase
):
@
requests_mock
.
Mocker
()
def
test_application_list
(
self
,
m
):
m
.
get
(
'https://akun.cs.ui.ac.id/oauth/token/verify/?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG'
,
json
=
{
"username"
:
'dummy.mahasiswa'
,
"role"
:
'mahasiswa'
,
"identity_number"
:
'1234567890'
},
status_code
=
200
)
m
.
post
(
'https://api.cs.ui.ac.id/authentication/ldap/v2/'
,
json
=
{
"username"
:
"dummy.mahasiswa"
,
"nama"
:
"Dummy Mahasiswa"
,
...
...
@@ -92,7 +95,7 @@ class BookmarkApplicationTests(APITestCase):
"kodeidentitas"
:
"1234567890"
,
"nama_role"
:
"mahasiswa"
},
status_code
=
200
)
m
.
get
(
'https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890
/
'
,
json
=
{
m
.
get
(
'https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890
?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG
'
,
json
=
{
"kota_lahir"
:
"kota_kota"
,
"tgl_lahir"
:
"2017-12-31"
,
"program"
:
[{
...
...
@@ -114,6 +117,7 @@ class BookmarkApplicationTests(APITestCase):
@
requests_mock
.
Mocker
()
def
test_application_create_and_delete
(
self
,
m
):
m
.
get
(
'https://akun.cs.ui.ac.id/oauth/token/verify/?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG'
,
json
=
{
"username"
:
'dummy.mahasiswa'
,
"role"
:
'mahasiswa'
,
"identity_number"
:
'1234567890'
},
status_code
=
200
)
m
.
post
(
'https://api.cs.ui.ac.id/authentication/ldap/v2/'
,
json
=
{
"username"
:
"dummy.mahasiswa"
,
"nama"
:
"Dummy Mahasiswa"
,
...
...
@@ -122,7 +126,7 @@ class BookmarkApplicationTests(APITestCase):
"kodeidentitas"
:
"1234567890"
,
"nama_role"
:
"mahasiswa"
},
status_code
=
200
)
m
.
get
(
'https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890
/
'
,
json
=
{
m
.
get
(
'https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890
?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG
'
,
json
=
{
"kota_lahir"
:
"kota_kota"
,
"tgl_lahir"
:
"2017-12-31"
,
"program"
:
[{
...
...
core/views/accounts.py
View file @
a5b4f0a5
...
...
@@ -9,6 +9,7 @@ from rest_framework.parsers import FormParser,MultiPartParser
from
rest_framework.permissions
import
AllowAny
from
rest_framework.permissions
import
IsAdminUser
,
IsAuthenticated
from
rest_framework.response
import
Response
from
.sso_login
import
get_access_token
,
verify_user
,
get_riwayat_user
,
get_summary_user
from
core.lib.permissions
import
IsAdminOrStudent
,
IsAdminOrSelfOrReadOnly
,
IsAdminOrCompany
,
IsAdminOrSupervisor
,
\
IsAdminOrSupervisorOrCompanyOrSelf
...
...
@@ -81,14 +82,9 @@ class StudentViewSet(viewsets.ModelViewSet):
raise
PermissionDenied
(
"You are not allowed to see other student's transcript"
)
if
student
.
show_transcript
:
s
=
requests
.
Session
()
credentials
=
settings
.
API_CS_CREDENTIALS
s
.
get
(
'https://api.cs.ui.ac.id/api-auth/login/'
)
csrf
=
s
.
cookies
[
'csrftoken'
]
resp
=
s
.
post
(
'https://api.cs.ui.ac.id/api-auth/login/'
,
data
=
{
'username'
:
credentials
[
"user"
],
'password'
:
credentials
[
"password"
],
'csrfmiddlewaretoken'
:
csrf
})
response
=
s
.
get
(
'https://api.cs.ui.ac.id/siakngcs/mahasiswa/'
+
str
(
student
.
npm
)
+
'/riwayat/'
)
access_token
=
get_access_token
(
credentials
[
"user"
],
credentials
[
"password"
])
ver_user
=
verify_user
(
access_token
)
response
=
get_riwayat_user
(
access_token
,
ver_user
[
'identity_number'
])
return
Response
({
'name'
:
student
.
full_name
,
'transcript'
:
response
.
json
()},
status
=
status
.
HTTP_200_OK
)
else
:
return
Response
({
'name'
:
student
.
full_name
,
'error'
:
'student does not allow transcript to be shown'
},
...
...
@@ -146,7 +142,7 @@ class LoginViewSet(viewsets.GenericViewSet):
return
Response
(
status
=
status
.
HTTP_400_BAD_REQUEST
)
if
login_type
==
"sso-ui"
:
r
=
requests
.
post
(
'https://api.cs.ui.ac.id/authentication/ldap/v2/'
,
json
=
{
"username"
:
username
,
"password"
:
password
})
data
=
{
"username"
:
username
,
"password"
:
password
})
resp
=
r
.
json
()
if
resp
.
get
(
'state'
)
!=
0
:
# create user
...
...
@@ -167,8 +163,9 @@ class LoginViewSet(viewsets.GenericViewSet):
login
(
request
,
user
)
if
created
:
if
resp
.
get
(
'nama_role'
)
==
"mahasiswa"
:
student_detail
=
requests
.
get
(
'https://api.cs.ui.ac.id/siakngcs/mahasiswa/{}/'
.
format
(
resp
.
get
(
"kodeidentitas"
)))
resp_student_detail
=
student_detail
.
json
()
access_token
=
get_access_token
(
username
,
password
)
ver_user
=
verify_user
(
access_token
)
resp_student_detail
=
get_summary_user
(
access_token
,
ver_user
[
'identity_number'
])
student
=
Student
.
objects
.
create
(
user
=
user
,
npm
=
resp
.
get
(
"kodeidentitas"
),
...
...
core/views/sso_login.py
0 → 100644
View file @
a5b4f0a5
import
requests
API_MAHASISWA
=
"https://api.cs.ui.ac.id/siakngcs/mahasiswa/"
API_RIWAYAT_MAHASISWA
=
API_MAHASISWA
+
'{npm}/riwayat/'
API_VERIFY_USER
=
"https://akun.cs.ui.ac.id/oauth/token/verify/"
def
get_access_token
(
username
,
password
):
try
:
url
=
"https://akun.cs.ui.ac.id/oauth/token/"
payload
=
"username="
+
username
+
"&password="
+
password
+
"&grant_type=password"
headers
=
{
'authorization'
:
"Basic WDN6TmtGbWVwa2RBNDdBU05NRFpSWDNaOWdxU1UxTHd5d3U1V2VwRzpCRVFXQW43RDl6a2k3NEZ0bkNpWVhIRk50Ymg3eXlNWmFuNnlvMU1uaUdSVWNGWnhkQnBobUU5TUxuVHZiTTEzM1dsUnBwTHJoTXBkYktqTjBxcU9OaHlTNGl2Z0doczB0OVhlQ3M0Ym1JeUJLMldwbnZYTXE4VU5yTEFEMDNZeA=="
,
'cache-control'
:
"no-cache"
,
'content-type'
:
"application/x-www-form-urlencoded"
}
response
=
requests
.
request
(
"POST"
,
url
,
data
=
payload
,
headers
=
headers
)
return
response
.
json
()[
"access_token"
]
except
Exception
as
e
:
return
None
# raise Exception("username atau password sso salah, input : [{}, {}]".format(username, password,))
def
get_client_id
():
client_id
=
'X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG'
return
client_id
def
verify_user
(
access_token
):
print
(
"#get identity number"
)
parameters
=
{
"access_token"
:
access_token
,
"client_id"
:
get_client_id
()}
response
=
requests
.
get
(
API_VERIFY_USER
,
params
=
parameters
)
print
(
"response => "
,
response
.
json
())
return
response
.
json
()
def
get_summary_user
(
access_token
,
npm
):
print
(
"#get summary user => "
,
npm
)
parameters
=
{
"access_token"
:
access_token
,
"client_id"
:
get_client_id
()}
response
=
requests
.
get
(
API_MAHASISWA
+
str
(
npm
),
params
=
parameters
)
print
(
"response => "
,
response
.
text
)
print
(
"response => "
,
response
.
json
())
return
response
.
json
()
def
get_riwayat_user
(
access_token
,
npm
):
print
(
"#get riwayat user => "
,
npm
)
parameters
=
{
"access_token"
:
access_token
,
"client_id"
:
get_client_id
()}
response
=
requests
.
get
(
API_RIWAYAT_MAHASISWA
.
format
(
npm
=
npm
),
params
=
parameters
)
print
(
"response => "
,
response
.
text
)
print
(
"response => "
,
response
.
json
())
return
response
.
json
()
Daya Adianto
@addianto
mentioned in issue
#32 (closed)
·
Oct 03, 2019
mentioned in issue
#32 (closed)
mentioned in issue #32
Toggle commit list
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment