HSWRO retrofitting + OIDC
This commit is contained in:
parent
9983511136
commit
5a76b0052e
|
@ -5,10 +5,10 @@ from social_core.backends.oauth import BaseOAuth2
|
||||||
class HSWawOAuth2(BaseOAuth2):
|
class HSWawOAuth2(BaseOAuth2):
|
||||||
"""Hackerspace OAuth authentication backend"""
|
"""Hackerspace OAuth authentication backend"""
|
||||||
|
|
||||||
name = "hswaw"
|
name = "hswro"
|
||||||
ID_KEY = "username"
|
ID_KEY = "username"
|
||||||
AUTHORIZATION_URL = "https://sso.hackerspace.pl/oauth/authorize"
|
AUTHORIZATION_URL = "http://sso.lokal.hswro.org/oauth/authorize"
|
||||||
ACCESS_TOKEN_URL = "https://sso.hackerspace.pl/oauth/token"
|
ACCESS_TOKEN_URL = "http://sso.lokal.hswro.org/oauth/token"
|
||||||
DEFAULT_SCOPE = ["profile:read"]
|
DEFAULT_SCOPE = ["profile:read"]
|
||||||
REDIRECT_STATE = False
|
REDIRECT_STATE = False
|
||||||
SCOPE_SEPARATOR = ","
|
SCOPE_SEPARATOR = ","
|
||||||
|
@ -28,7 +28,7 @@ class HSWawOAuth2(BaseOAuth2):
|
||||||
|
|
||||||
def user_data(self, access_token, *args, **kwargs):
|
def user_data(self, access_token, *args, **kwargs):
|
||||||
"""Loads user data from service"""
|
"""Loads user data from service"""
|
||||||
url = "https://sso.hackerspace.pl/api/1/profile"
|
url = "http://sso.lokal.hswro.org/api/1/profile"
|
||||||
headers = {"Authorization": "Bearer {}".format(access_token)}
|
headers = {"Authorization": "Bearer {}".format(access_token)}
|
||||||
return self.get_json(url, headers=headers)
|
return self.get_json(url, headers=headers)
|
||||||
|
|
||||||
|
|
|
@ -5,7 +5,7 @@ from django.contrib.auth.models import Group
|
||||||
def staff_me_up(backend, details, response, uid, user, *args, **kwargs):
|
def staff_me_up(backend, details, response, uid, user, *args, **kwargs):
|
||||||
user.is_staff = True
|
user.is_staff = True
|
||||||
try:
|
try:
|
||||||
user.groups.set([Group.objects.get(name="member")])
|
user.groups.set([Group.objects.get(name="hsmember")])
|
||||||
except Group.DoesNotExist:
|
except Group.DoesNotExist:
|
||||||
pass
|
pass
|
||||||
user.save()
|
user.save()
|
||||||
|
|
|
@ -2,4 +2,4 @@ from django.shortcuts import redirect
|
||||||
|
|
||||||
|
|
||||||
def auth_redirect(request):
|
def auth_redirect(request):
|
||||||
return redirect("social:begin", "hswaw")
|
return redirect("social:begin", "hswro")
|
||||||
|
|
|
@ -4,11 +4,9 @@ services:
|
||||||
image: postgres:15.4
|
image: postgres:15.4
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- spejstore-db:/var/lib/postgresql/data
|
- /var/spejstore-pg:/var/lib/postgresql/data
|
||||||
environment:
|
env_file:
|
||||||
- POSTGRES_USER=postgres
|
- .env.pg
|
||||||
- POSTGRES_PASSWORD=postgres
|
|
||||||
- POSTGRES_DB=postgres
|
|
||||||
healthcheck:
|
healthcheck:
|
||||||
#CHANGE 1: this command checks if the database is ready, right on the source db server
|
#CHANGE 1: this command checks if the database is ready, right on the source db server
|
||||||
test: ["CMD-SHELL", "pg_isready -d postgres -U postgres"]
|
test: ["CMD-SHELL", "pg_isready -d postgres -U postgres"]
|
||||||
|
@ -18,18 +16,16 @@ services:
|
||||||
|
|
||||||
web:
|
web:
|
||||||
build: .
|
build: .
|
||||||
|
user: root
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
command: bash -c "python manage.py collectstatic --no-input --clear && python manage.py migrate && gunicorn --workers 1 --threads 4 -b 0.0.0.0:8000 --capture-output --error-logfile - --access-logfile - spejstore.wsgi:application"
|
command: bash -c "python manage.py collectstatic --no-input --clear && python manage.py migrate && gunicorn --workers 1 --threads 4 -b 0.0.0.0:8000 --capture-output --error-logfile - --access-logfile - spejstore.wsgi:application"
|
||||||
volumes:
|
volumes:
|
||||||
- .:/code
|
- .:/code
|
||||||
- /code/build_static
|
- ./build_static:/code/build_static
|
||||||
ports:
|
ports:
|
||||||
- "8000:8000"
|
- "8021:8000"
|
||||||
env_file:
|
env_file:
|
||||||
- .env
|
- .env
|
||||||
depends_on:
|
depends_on:
|
||||||
db:
|
db:
|
||||||
condition: service_healthy
|
condition: service_healthy
|
||||||
volumes:
|
|
||||||
spejstore-db:
|
|
||||||
external: false
|
|
||||||
|
|
|
@ -29,6 +29,7 @@ psycopg2==2.9.6
|
||||||
pycparser==2.21
|
pycparser==2.21
|
||||||
PyJWT==2.7.0
|
PyJWT==2.7.0
|
||||||
python-dateutil==2.8.2
|
python-dateutil==2.8.2
|
||||||
|
python-jose==3.3.0
|
||||||
python3-openid==3.2.0
|
python3-openid==3.2.0
|
||||||
pytz==2023.3
|
pytz==2023.3
|
||||||
requests==2.31.0
|
requests==2.31.0
|
||||||
|
|
|
@ -17,7 +17,7 @@ PROD = os.getenv("SPEJSTORE_ENV") == "prod"
|
||||||
SECRET_KEY = env("SECRET_KEY", "#hjthi7_udsyt*9eeyb&nwgw5x=%pk_lnz3+u2tg9@=w3p1m*k")
|
SECRET_KEY = env("SECRET_KEY", "#hjthi7_udsyt*9eeyb&nwgw5x=%pk_lnz3+u2tg9@=w3p1m*k")
|
||||||
|
|
||||||
# SECURITY WARNING: don't run with debug turned on in production!
|
# SECURITY WARNING: don't run with debug turned on in production!
|
||||||
DEBUG = not PROD
|
DEBUG = True
|
||||||
|
|
||||||
ALLOWED_HOSTS = env(
|
ALLOWED_HOSTS = env(
|
||||||
"ALLOWED_HOSTS",
|
"ALLOWED_HOSTS",
|
||||||
|
@ -137,10 +137,16 @@ AUTH_PASSWORD_VALIDATORS = [
|
||||||
},
|
},
|
||||||
]
|
]
|
||||||
|
|
||||||
|
SOCIAL_AUTH_OIDC_OIDC_ENDPOINT = 'http://sso.lokal.hswro.org/' # endpoint without /.well-known/openid-configuration
|
||||||
|
SOCIAL_AUTH_OIDC_KEY = env("CLIENT_ID")
|
||||||
|
SOCIAL_AUTH_OIDC_SECRET = env("SECRET")
|
||||||
|
|
||||||
AUTHENTICATION_BACKENDS = (
|
AUTHENTICATION_BACKENDS = (
|
||||||
"auth.backend.HSWawOAuth2",
|
|
||||||
"django.contrib.auth.backends.ModelBackend",
|
# env('LOGIN_BACKEND', 'auth.backend.HSWawOAuth2'),
|
||||||
|
'auth.backend.HSWawOAuth2',
|
||||||
|
# 'social_core.backends.open_id_connect.OpenIdConnectAuth',
|
||||||
|
'django.contrib.auth.backends.ModelBackend',
|
||||||
)
|
)
|
||||||
|
|
||||||
SOCIAL_AUTH_PIPELINE = (
|
SOCIAL_AUTH_PIPELINE = (
|
||||||
|
@ -259,9 +265,10 @@ REST_FRAMEWORK = {
|
||||||
],
|
],
|
||||||
}
|
}
|
||||||
|
|
||||||
SOCIAL_AUTH_HSWAW_KEY = env("CLIENT_ID")
|
SOCIAL_AUTH_HSWRO_KEY = env("CLIENT_ID")
|
||||||
SOCIAL_AUTH_HSWAW_SECRET = env("SECRET")
|
SOCIAL_AUTH_HSWRO_SECRET = env("SECRET")
|
||||||
SOCIAL_AUTH_REDIRECT_IS_HTTPS = env("OAUTH_REDIRECT_IS_HTTPS", "true") == "true"
|
#SOCIAL_AUTH_REDIRECT_IS_HTTPS = env("OAUTH_REDIRECT_IS_HTTPS", "true") == "true"
|
||||||
|
SOCIAL_AUTH_REDIRECT_IS_HTTPS = False
|
||||||
|
|
||||||
SOCIAL_AUTH_JSONFIELD_ENABLED = True
|
SOCIAL_AUTH_JSONFIELD_ENABLED = True
|
||||||
|
|
||||||
|
|
File diff suppressed because one or more lines are too long
|
@ -50,6 +50,9 @@
|
||||||
</ul>
|
</ul>
|
||||||
</div>
|
</div>
|
||||||
<a href="{% url 'admin:storage_item_change' item.pk %}" class="btn btn-default">Edit</a>
|
<a href="{% url 'admin:storage_item_change' item.pk %}" class="btn btn-default">Edit</a>
|
||||||
|
{% if item.props.wiki %}
|
||||||
|
<a href="https://wiki.hswro.org/{{ item.props.wiki }}" class="btn btn-info">Wiki</a>
|
||||||
|
{% endif %}
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<table class="table table-hover table-striped">
|
<table class="table table-hover table-striped">
|
||||||
|
|
Loading…
Reference in New Issue