1
0
Fork 0

HSWRO retrofitting + OIDC

This commit is contained in:
Wiktor 2024-08-27 22:55:16 +02:00
parent 9983511136
commit 5a76b0052e
8 changed files with 32 additions and 22 deletions

View File

@ -5,10 +5,10 @@ from social_core.backends.oauth import BaseOAuth2
class HSWawOAuth2(BaseOAuth2): class HSWawOAuth2(BaseOAuth2):
"""Hackerspace OAuth authentication backend""" """Hackerspace OAuth authentication backend"""
name = "hswaw" name = "hswro"
ID_KEY = "username" ID_KEY = "username"
AUTHORIZATION_URL = "https://sso.hackerspace.pl/oauth/authorize" AUTHORIZATION_URL = "http://sso.lokal.hswro.org/oauth/authorize"
ACCESS_TOKEN_URL = "https://sso.hackerspace.pl/oauth/token" ACCESS_TOKEN_URL = "http://sso.lokal.hswro.org/oauth/token"
DEFAULT_SCOPE = ["profile:read"] DEFAULT_SCOPE = ["profile:read"]
REDIRECT_STATE = False REDIRECT_STATE = False
SCOPE_SEPARATOR = "," SCOPE_SEPARATOR = ","
@ -28,7 +28,7 @@ class HSWawOAuth2(BaseOAuth2):
def user_data(self, access_token, *args, **kwargs): def user_data(self, access_token, *args, **kwargs):
"""Loads user data from service""" """Loads user data from service"""
url = "https://sso.hackerspace.pl/api/1/profile" url = "http://sso.lokal.hswro.org/api/1/profile"
headers = {"Authorization": "Bearer {}".format(access_token)} headers = {"Authorization": "Bearer {}".format(access_token)}
return self.get_json(url, headers=headers) return self.get_json(url, headers=headers)

View File

@ -5,7 +5,7 @@ from django.contrib.auth.models import Group
def staff_me_up(backend, details, response, uid, user, *args, **kwargs): def staff_me_up(backend, details, response, uid, user, *args, **kwargs):
user.is_staff = True user.is_staff = True
try: try:
user.groups.set([Group.objects.get(name="member")]) user.groups.set([Group.objects.get(name="hsmember")])
except Group.DoesNotExist: except Group.DoesNotExist:
pass pass
user.save() user.save()

View File

@ -2,4 +2,4 @@ from django.shortcuts import redirect
def auth_redirect(request): def auth_redirect(request):
return redirect("social:begin", "hswaw") return redirect("social:begin", "hswro")

View File

@ -4,11 +4,9 @@ services:
image: postgres:15.4 image: postgres:15.4
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- spejstore-db:/var/lib/postgresql/data - /var/spejstore-pg:/var/lib/postgresql/data
environment: env_file:
- POSTGRES_USER=postgres - .env.pg
- POSTGRES_PASSWORD=postgres
- POSTGRES_DB=postgres
healthcheck: healthcheck:
#CHANGE 1: this command checks if the database is ready, right on the source db server #CHANGE 1: this command checks if the database is ready, right on the source db server
test: ["CMD-SHELL", "pg_isready -d postgres -U postgres"] test: ["CMD-SHELL", "pg_isready -d postgres -U postgres"]
@ -18,18 +16,16 @@ services:
web: web:
build: . build: .
user: root
restart: unless-stopped restart: unless-stopped
command: bash -c "python manage.py collectstatic --no-input --clear && python manage.py migrate && gunicorn --workers 1 --threads 4 -b 0.0.0.0:8000 --capture-output --error-logfile - --access-logfile - spejstore.wsgi:application" command: bash -c "python manage.py collectstatic --no-input --clear && python manage.py migrate && gunicorn --workers 1 --threads 4 -b 0.0.0.0:8000 --capture-output --error-logfile - --access-logfile - spejstore.wsgi:application"
volumes: volumes:
- .:/code - .:/code
- /code/build_static - ./build_static:/code/build_static
ports: ports:
- "8000:8000" - "8021:8000"
env_file: env_file:
- .env - .env
depends_on: depends_on:
db: db:
condition: service_healthy condition: service_healthy
volumes:
spejstore-db:
external: false

View File

@ -29,6 +29,7 @@ psycopg2==2.9.6
pycparser==2.21 pycparser==2.21
PyJWT==2.7.0 PyJWT==2.7.0
python-dateutil==2.8.2 python-dateutil==2.8.2
python-jose==3.3.0
python3-openid==3.2.0 python3-openid==3.2.0
pytz==2023.3 pytz==2023.3
requests==2.31.0 requests==2.31.0

View File

@ -17,7 +17,7 @@ PROD = os.getenv("SPEJSTORE_ENV") == "prod"
SECRET_KEY = env("SECRET_KEY", "#hjthi7_udsyt*9eeyb&nwgw5x=%pk_lnz3+u2tg9@=w3p1m*k") SECRET_KEY = env("SECRET_KEY", "#hjthi7_udsyt*9eeyb&nwgw5x=%pk_lnz3+u2tg9@=w3p1m*k")
# SECURITY WARNING: don't run with debug turned on in production! # SECURITY WARNING: don't run with debug turned on in production!
DEBUG = not PROD DEBUG = True
ALLOWED_HOSTS = env( ALLOWED_HOSTS = env(
"ALLOWED_HOSTS", "ALLOWED_HOSTS",
@ -137,10 +137,16 @@ AUTH_PASSWORD_VALIDATORS = [
}, },
] ]
SOCIAL_AUTH_OIDC_OIDC_ENDPOINT = 'http://sso.lokal.hswro.org/' # endpoint without /.well-known/openid-configuration
SOCIAL_AUTH_OIDC_KEY = env("CLIENT_ID")
SOCIAL_AUTH_OIDC_SECRET = env("SECRET")
AUTHENTICATION_BACKENDS = ( AUTHENTICATION_BACKENDS = (
"auth.backend.HSWawOAuth2",
"django.contrib.auth.backends.ModelBackend", # env('LOGIN_BACKEND', 'auth.backend.HSWawOAuth2'),
'auth.backend.HSWawOAuth2',
# 'social_core.backends.open_id_connect.OpenIdConnectAuth',
'django.contrib.auth.backends.ModelBackend',
) )
SOCIAL_AUTH_PIPELINE = ( SOCIAL_AUTH_PIPELINE = (
@ -259,9 +265,10 @@ REST_FRAMEWORK = {
], ],
} }
SOCIAL_AUTH_HSWAW_KEY = env("CLIENT_ID") SOCIAL_AUTH_HSWRO_KEY = env("CLIENT_ID")
SOCIAL_AUTH_HSWAW_SECRET = env("SECRET") SOCIAL_AUTH_HSWRO_SECRET = env("SECRET")
SOCIAL_AUTH_REDIRECT_IS_HTTPS = env("OAUTH_REDIRECT_IS_HTTPS", "true") == "true" #SOCIAL_AUTH_REDIRECT_IS_HTTPS = env("OAUTH_REDIRECT_IS_HTTPS", "true") == "true"
SOCIAL_AUTH_REDIRECT_IS_HTTPS = False
SOCIAL_AUTH_JSONFIELD_ENABLED = True SOCIAL_AUTH_JSONFIELD_ENABLED = True

File diff suppressed because one or more lines are too long

View File

@ -50,6 +50,9 @@
</ul> </ul>
</div> </div>
<a href="{% url 'admin:storage_item_change' item.pk %}" class="btn btn-default">Edit</a> <a href="{% url 'admin:storage_item_change' item.pk %}" class="btn btn-default">Edit</a>
{% if item.props.wiki %}
<a href="https://wiki.hswro.org/{{ item.props.wiki }}" class="btn btn-info">Wiki</a>
{% endif %}
</div> </div>
<table class="table table-hover table-striped"> <table class="table table-hover table-striped">