Fakultas Ilmu Komputer UI

Commit fdd20042 authored by Hafiyyan's avatar Hafiyyan
Browse files

Login sso fix

parent 6bd97e2a
......@@ -8,6 +8,7 @@ from core.models.accounts import Company, Supervisor, Student
class LoginTests(APITestCase):
@requests_mock.Mocker()
def test_succesful_student_login_relogin(self, m):
m.get('https://akun.cs.ui.ac.id/oauth/token/verify/?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={"username": 'dummy.mahasiswa', "role": 'mahasiswa', "identity_number": '1234567890'}, status_code=200)
m.post('https://api.cs.ui.ac.id/authentication/ldap/v2/', json={
"username": "dummy.mahasiswa",
"nama": "Dummy Mahasiswa",
......@@ -16,7 +17,7 @@ class LoginTests(APITestCase):
"kodeidentitas": "1234567890",
"nama_role": "mahasiswa"
}, status_code=200)
m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890/', json={
m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={
"kota_lahir": "kota_kota",
"tgl_lahir": "2017-12-31",
"program": [{
......@@ -35,6 +36,7 @@ class LoginTests(APITestCase):
@requests_mock.Mocker()
def test_successful_supervisor_login_relogin(self, m):
m.get('https://akun.cs.ui.ac.id/oauth/token/verify/?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={"username": 'dummy.mahasiswa', "role": 'mahasiswa', "identity_number": '1234567890'}, status_code=200)
m.post('https://api.cs.ui.ac.id/authentication/ldap/v2/', json={
"username": "dummy.dosen",
"nama": "Dummy Dosen",
......@@ -106,6 +108,7 @@ class ProfileUpdateTests(APITestCase):
@requests_mock.Mocker()
def test_student_profile_update(self, m):
m.get('https://akun.cs.ui.ac.id/oauth/token/verify/?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={"username": 'dummy.mahasiswa', "role": 'mahasiswa', "identity_number": '1234567890'}, status_code=200)
m.post('https://api.cs.ui.ac.id/authentication/ldap/v2/', json={
"username": "dummy.mahasiswa",
"nama": "Dummy Mahasiswa",
......@@ -114,7 +117,7 @@ class ProfileUpdateTests(APITestCase):
"kodeidentitas": "1234567890",
"nama_role": "mahasiswa"
}, status_code=200)
m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890/', json={
m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={
"kota_lahir": "kota_kota",
"tgl_lahir": "2017-12-31",
"program": [{
......
......@@ -12,6 +12,7 @@ from core.models.vacancies import Vacancy, Application
class ApplicationTests(APITestCase):
@requests_mock.Mocker()
def test_application_list(self, m):
m.get('https://akun.cs.ui.ac.id/oauth/token/verify/?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={"username": 'dummy.mahasiswa', "role": 'mahasiswa', "identity_number": '1234567890'}, status_code=200)
m.post('https://api.cs.ui.ac.id/authentication/ldap/v2/', json={
"username": "dummy.mahasiswa",
"nama": "Dummy Mahasiswa",
......@@ -20,7 +21,7 @@ class ApplicationTests(APITestCase):
"kodeidentitas": "1234567890",
"nama_role": "mahasiswa"
}, status_code=200)
m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890/', json={
m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={
"kota_lahir": "kota_kota",
"tgl_lahir": "2017-12-31",
"program": [{
......@@ -42,6 +43,7 @@ class ApplicationTests(APITestCase):
@requests_mock.Mocker()
def test_application_create_and_delete(self, m):
m.get('https://akun.cs.ui.ac.id/oauth/token/verify/?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={"username": 'dummy.mahasiswa', "role": 'mahasiswa', "identity_number": '1234567890'}, status_code=200)
m.post('https://api.cs.ui.ac.id/authentication/ldap/v2/', json={
"username": "dummy.mahasiswa",
"nama": "Dummy Mahasiswa",
......@@ -50,7 +52,7 @@ class ApplicationTests(APITestCase):
"kodeidentitas": "1234567890",
"nama_role": "mahasiswa"
}, status_code=200)
m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890/', json={
m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={
"kota_lahir": "kota_kota",
"tgl_lahir": "2017-12-31",
"program": [{
......@@ -84,6 +86,7 @@ class ApplicationTests(APITestCase):
class BookmarkApplicationTests(APITestCase):
@requests_mock.Mocker()
def test_application_list(self, m):
m.get('https://akun.cs.ui.ac.id/oauth/token/verify/?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={"username": 'dummy.mahasiswa', "role": 'mahasiswa', "identity_number": '1234567890'}, status_code=200)
m.post('https://api.cs.ui.ac.id/authentication/ldap/v2/', json={
"username": "dummy.mahasiswa",
"nama": "Dummy Mahasiswa",
......@@ -92,7 +95,7 @@ class BookmarkApplicationTests(APITestCase):
"kodeidentitas": "1234567890",
"nama_role": "mahasiswa"
}, status_code=200)
m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890/', json={
m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={
"kota_lahir": "kota_kota",
"tgl_lahir": "2017-12-31",
"program": [{
......@@ -114,6 +117,7 @@ class BookmarkApplicationTests(APITestCase):
@requests_mock.Mocker()
def test_application_create_and_delete(self, m):
m.get('https://akun.cs.ui.ac.id/oauth/token/verify/?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={"username": 'dummy.mahasiswa', "role": 'mahasiswa', "identity_number": '1234567890'}, status_code=200)
m.post('https://api.cs.ui.ac.id/authentication/ldap/v2/', json={
"username": "dummy.mahasiswa",
"nama": "Dummy Mahasiswa",
......@@ -122,7 +126,7 @@ class BookmarkApplicationTests(APITestCase):
"kodeidentitas": "1234567890",
"nama_role": "mahasiswa"
}, status_code=200)
m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890/', json={
m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={
"kota_lahir": "kota_kota",
"tgl_lahir": "2017-12-31",
"program": [{
......
......@@ -9,6 +9,7 @@ from rest_framework.parsers import FormParser,MultiPartParser
from rest_framework.permissions import AllowAny
from rest_framework.permissions import IsAdminUser, IsAuthenticated
from rest_framework.response import Response
from .sso_login import get_access_token, verify_user, get_riwayat_user, get_summary_user
from core.lib.permissions import IsAdminOrStudent, IsAdminOrSelfOrReadOnly, IsAdminOrCompany, IsAdminOrSupervisor, \
IsAdminOrSupervisorOrCompanyOrSelf
......@@ -81,14 +82,9 @@ class StudentViewSet(viewsets.ModelViewSet):
raise PermissionDenied("You are not allowed to see other student's transcript")
if student.show_transcript:
s = requests.Session()
credentials = settings.API_CS_CREDENTIALS
s.get('https://api.cs.ui.ac.id/api-auth/login/')
csrf = s.cookies['csrftoken']
resp = s.post('https://api.cs.ui.ac.id/api-auth/login/',
data={'username': credentials["user"], 'password': credentials["password"],
'csrfmiddlewaretoken': csrf})
response = s.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/' + str(student.npm) + '/riwayat/')
access_token = get_access_token(credentials["user"], credentials["password"])
ver_user = verify_user(access_token)
response = get_riwayat_user(access_token, ver_user['identity_number'])
return Response({'name': student.full_name, 'transcript': response.json()}, status=status.HTTP_200_OK)
else:
return Response({'name': student.full_name, 'error': 'student does not allow transcript to be shown'},
......@@ -146,7 +142,7 @@ class LoginViewSet(viewsets.GenericViewSet):
return Response(status=status.HTTP_400_BAD_REQUEST)
if login_type == "sso-ui":
r = requests.post('https://api.cs.ui.ac.id/authentication/ldap/v2/',
json={"username": username, "password": password})
data={"username": username, "password": password})
resp = r.json()
if resp.get('state') != 0:
# create user
......@@ -167,8 +163,9 @@ class LoginViewSet(viewsets.GenericViewSet):
login(request, user)
if created:
if resp.get('nama_role') == "mahasiswa":
student_detail = requests.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/{}/'.format(resp.get("kodeidentitas")))
resp_student_detail = student_detail.json()
access_token = get_access_token(username, password)
ver_user = verify_user(access_token)
resp_student_detail = get_summary_user(access_token, ver_user['identity_number'])
student = Student.objects.create(
user=user,
npm=resp.get("kodeidentitas"),
......
import requests
API_MAHASISWA = "https://api.cs.ui.ac.id/siakngcs/mahasiswa/"
API_RIWAYAT_MAHASISWA = API_MAHASISWA+'{npm}/riwayat/'
API_VERIFY_USER = "https://akun.cs.ui.ac.id/oauth/token/verify/"
def get_access_token(username, password):
try:
url = "https://akun.cs.ui.ac.id/oauth/token/"
payload = "username=" + username + "&password=" + password + "&grant_type=password"
headers = {
'authorization': "Basic WDN6TmtGbWVwa2RBNDdBU05NRFpSWDNaOWdxU1UxTHd5d3U1V2VwRzpCRVFXQW43RDl6a2k3NEZ0bkNpWVhIRk50Ymg3eXlNWmFuNnlvMU1uaUdSVWNGWnhkQnBobUU5TUxuVHZiTTEzM1dsUnBwTHJoTXBkYktqTjBxcU9OaHlTNGl2Z0doczB0OVhlQ3M0Ym1JeUJLMldwbnZYTXE4VU5yTEFEMDNZeA==",
'cache-control': "no-cache",
'content-type': "application/x-www-form-urlencoded"
}
response = requests.request("POST", url, data=payload, headers=headers)
return response.json()["access_token"]
except Exception as e:
return None
# raise Exception("username atau password sso salah, input : [{}, {}]".format(username, password,))
def get_client_id():
client_id = 'X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG'
return client_id
def verify_user(access_token):
print ("#get identity number")
parameters = {"access_token": access_token, "client_id": get_client_id()}
response = requests.get(API_VERIFY_USER, params=parameters)
print ("response => ", response.json())
return response.json()
def get_summary_user(access_token, npm):
print ("#get summary user => ", npm)
parameters = {"access_token": access_token, "client_id": get_client_id()}
response = requests.get(API_MAHASISWA+str(npm), params=parameters)
print ("response => ", response.text)
print ("response => ", response.json())
return response.json()
def get_riwayat_user(access_token, npm):
print ("#get riwayat user => ", npm)
parameters = {"access_token": access_token, "client_id": get_client_id()}
response = requests.get(API_RIWAYAT_MAHASISWA.format(npm=npm), params=parameters)
print ("response => ", response.text)
print ("response => ", response.json())
return response.json()
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment