HSWRO retrofitting + OIDC

2024-08-27 22:55:16 +02:00 · 2024-08-27 22:55:16 +02:00 · 5a76b0052e
parent 9983511136
commit 5a76b0052e
8 changed files with 32 additions and 22 deletions
--- a/auth/backend.py
+++ b/auth/backend.py
@ -5,10 +5,10 @@ from social_core.backends.oauth import BaseOAuth2
 class HSWawOAuth2(BaseOAuth2):
    """Hackerspace OAuth authentication backend"""

-    name = "hswaw"
+    name = "hswro"
    ID_KEY = "username"
-    AUTHORIZATION_URL = "https://sso.hackerspace.pl/oauth/authorize"
-    ACCESS_TOKEN_URL = "https://sso.hackerspace.pl/oauth/token"
+    AUTHORIZATION_URL = "http://sso.lokal.hswro.org/oauth/authorize"
+    ACCESS_TOKEN_URL = "http://sso.lokal.hswro.org/oauth/token"
    DEFAULT_SCOPE = ["profile:read"]
    REDIRECT_STATE = False
    SCOPE_SEPARATOR = ","
@ -28,7 +28,7 @@ class HSWawOAuth2(BaseOAuth2):

    def user_data(self, access_token, *args, **kwargs):
        """Loads user data from service"""
-        url = "https://sso.hackerspace.pl/api/1/profile"
+        url = "http://sso.lokal.hswro.org/api/1/profile"
        headers = {"Authorization": "Bearer {}".format(access_token)}
        return self.get_json(url, headers=headers)

--- a/auth/pipeline.py
+++ b/auth/pipeline.py
@ -5,7 +5,7 @@ from django.contrib.auth.models import Group
 def staff_me_up(backend, details, response, uid, user, *args, **kwargs):
    user.is_staff = True
    try:
-        user.groups.set([Group.objects.get(name="member")])
+        user.groups.set([Group.objects.get(name="hsmember")])
    except Group.DoesNotExist:
        pass
    user.save()
--- a/auth/views.py
+++ b/auth/views.py
@ -2,4 +2,4 @@ from django.shortcuts import redirect


 def auth_redirect(request):
-    return redirect("social:begin", "hswaw")
+    return redirect("social:begin", "hswro")
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -4,11 +4,9 @@ services:
    image: postgres:15.4
    restart: unless-stopped
    volumes:
-      - spejstore-db:/var/lib/postgresql/data
-    environment:
-      - POSTGRES_USER=postgres
-      - POSTGRES_PASSWORD=postgres
-      - POSTGRES_DB=postgres
+      - /var/spejstore-pg:/var/lib/postgresql/data
+    env_file:
+      - .env.pg
    healthcheck:
      #CHANGE 1: this command checks if the database is ready, right on the source db server
      test: ["CMD-SHELL", "pg_isready -d postgres -U postgres"]
@ -18,18 +16,16 @@ services:

  web:
    build: .
+    user: root
    restart: unless-stopped
    command: bash -c "python manage.py collectstatic --no-input --clear && python manage.py migrate && gunicorn --workers 1 --threads 4 -b 0.0.0.0:8000 --capture-output --error-logfile - --access-logfile - spejstore.wsgi:application"
    volumes:
      - .:/code
-      - /code/build_static
+      - ./build_static:/code/build_static
    ports:
-      - "8000:8000"
+      - "8021:8000"
    env_file:
      - .env
    depends_on:
      db:
        condition: service_healthy
-volumes:
-  spejstore-db:
-    external: false
--- a/requirements.txt
+++ b/requirements.txt
@ -29,6 +29,7 @@ psycopg2==2.9.6
 pycparser==2.21
 PyJWT==2.7.0
 python-dateutil==2.8.2
+python-jose==3.3.0
 python3-openid==3.2.0
 pytz==2023.3
 requests==2.31.0
--- a/spejstore/settings.py
+++ b/spejstore/settings.py
@ -17,7 +17,7 @@ PROD = os.getenv("SPEJSTORE_ENV") == "prod"
 SECRET_KEY = env("SECRET_KEY", "#hjthi7_udsyt*9eeyb&nwgw5x=%pk_lnz3+u2tg9@=w3p1m*k")

 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = not PROD
+DEBUG = True

 ALLOWED_HOSTS = env(
    "ALLOWED_HOSTS",
@ -137,10 +137,16 @@ AUTH_PASSWORD_VALIDATORS = [
    },
 ]

+SOCIAL_AUTH_OIDC_OIDC_ENDPOINT = 'http://sso.lokal.hswro.org/'  # endpoint without /.well-known/openid-configuration
+SOCIAL_AUTH_OIDC_KEY = env("CLIENT_ID")
+SOCIAL_AUTH_OIDC_SECRET = env("SECRET")

 AUTHENTICATION_BACKENDS = (
-    "auth.backend.HSWawOAuth2",
-    "django.contrib.auth.backends.ModelBackend",
+
+#    env('LOGIN_BACKEND', 'auth.backend.HSWawOAuth2'),
+    'auth.backend.HSWawOAuth2',
+#    'social_core.backends.open_id_connect.OpenIdConnectAuth',
+    'django.contrib.auth.backends.ModelBackend',
 )

 SOCIAL_AUTH_PIPELINE = (
@ -259,9 +265,10 @@ REST_FRAMEWORK = {
    ],
 }

-SOCIAL_AUTH_HSWAW_KEY = env("CLIENT_ID")
-SOCIAL_AUTH_HSWAW_SECRET = env("SECRET")
-SOCIAL_AUTH_REDIRECT_IS_HTTPS = env("OAUTH_REDIRECT_IS_HTTPS", "true") == "true"
+SOCIAL_AUTH_HSWRO_KEY = env("CLIENT_ID")
+SOCIAL_AUTH_HSWRO_SECRET = env("SECRET")
+#SOCIAL_AUTH_REDIRECT_IS_HTTPS = env("OAUTH_REDIRECT_IS_HTTPS", "true") == "true"
+SOCIAL_AUTH_REDIRECT_IS_HTTPS = False

 SOCIAL_AUTH_JSONFIELD_ENABLED = True

--- a/static/css/theme.min.css
+++ b/static/css/theme.min.css
--- a/storage/templates/item.html
+++ b/storage/templates/item.html
@ -50,6 +50,9 @@
                    </ul>
                </div>
                <a href="{% url 'admin:storage_item_change' item.pk %}" class="btn btn-default">Edit</a>
+		{% if item.props.wiki %}
+			<a href="https://wiki.hswro.org/{{ item.props.wiki }}" class="btn btn-info">Wiki</a>
+		{% endif %}
            </div>

            <table class="table table-hover table-striped">