set cookie for attendee login, so talk component can use that cookie …

…for auto login (#350)
fossasia · Sep 30, 2024 · 989d392 · 989d392
1 parent 73044d0
commit 989d392
Show file tree

Hide file tree

Showing 3 changed files with 48 additions and 1 deletion.
diff --git a/src/pretix/helpers/jwt_generate.py b/src/pretix/helpers/jwt_generate.py
@@ -24,3 +24,23 @@ def generate_sso_token(user):
         jwt_token = jwt.encode(jwt_payload, settings.SECRET_KEY, algorithm='HS256')
         return jwt_token
     return None
+
+
+def generate_customer_sso_token(customer):
+    """
+    Generate a JWT token for the user.
+    @param customer: User obj
+    @return: jwt token
+    """
+    if customer:
+        jwt_payload = {
+            'email': customer.email,
+            'name': customer.name,
+            'is_active': customer.is_active,
+            'locale': customer.locale,
+            'exp': datetime.utcnow() + timedelta(hours=1),  # Token expiration
+            'iat': datetime.utcnow(),
+        }
+        jwt_token = jwt.encode(jwt_payload, settings.SECRET_KEY, algorithm='HS256')
+        return jwt_token
+    return None
diff --git a/src/pretix/presale/views/customer_view/authentication_view.py b/src/pretix/presale/views/customer_view/authentication_view.py
@@ -1,3 +1,8 @@
+from django.conf import settings
+
+from pretix.helpers.cookies import set_cookie_without_samesite
+from pretix.helpers.jwt_generate import generate_customer_sso_token
+from pretix.multidomain.middlewares import get_cookie_domain
 from pretix.presale.views.customer import RedirectBackMixin
 from django.views.generic import FormView, View
 from pretix.presale.forms.customer_forms import (AuthenticationForm, RegistrationForm)
@@ -63,7 +68,9 @@ def get_success_url(self):
     def form_valid(self, form):
         """Security check complete. Log the user in."""
         customer_login(self.request, form.get_customer())
-        return HttpResponseRedirect(self.get_success_url())
+        response = HttpResponseRedirect(self.get_success_url())
+        response = set_cookie_after_logged_in(self.request, response)
+        return response
 
 
 class LogoutView(View):
@@ -188,3 +195,20 @@ def form_valid(self, form):
               'account and choose a password.')
         )
         return HttpResponseRedirect(self.get_success_url())
+
+
+def set_cookie_after_logged_in(request, response):
+    if response.status_code == 302 and request.customer:
+        # Set JWT as a cookie in the response
+        token = generate_customer_sso_token(request.customer)
+        set_cookie_without_samesite(
+            request, response,
+            "customer_sso_token",
+            token,
+            max_age=settings.CSRF_COOKIE_AGE,
+            domain=get_cookie_domain(request),
+            path=settings.CSRF_COOKIE_PATH,
+            secure=request.scheme == 'https',
+            httponly=settings.CSRF_COOKIE_HTTPONLY
+        )
+    return response
diff --git a/src/pretix/presale/views/open_id_connect.py b/src/pretix/presale/views/open_id_connect.py
@@ -27,6 +27,7 @@
 from pretix.multidomain.urlreverse import build_absolute_uri
 from pretix.presale.forms.customer_forms import AuthenticationForm
 from pretix.presale.utils import customer_login, get_customer_auth_time
+from pretix.presale.views.customer_view.authentication_view import set_cookie_after_logged_in
 
 RESPONSE_TYPES_SUPPORTED = ("code", "id_token token", "id_token", "code id_token", "code id_token token", "code token")
 
@@ -207,6 +208,8 @@ def _success(self, client, scope, redirect_uri, response_type, response_mode, st
         response['Cache-Control'] = 'no-store'
         response['Pragma'] = 'no-cache'
 
+        set_cookie_after_logged_in(self.request, response)
+
         return response
 
     def _process_auth_request(self, request, request_data):