HSWRO retrofitting + OIDC

This commit is contained in:
Wiktor 2024-08-27 22:55:16 +02:00
parent 9983511136
commit 5a76b0052e
8 changed files with 32 additions and 22 deletions

View File

@ -5,10 +5,10 @@ from social_core.backends.oauth import BaseOAuth2
class HSWawOAuth2(BaseOAuth2):
"""Hackerspace OAuth authentication backend"""
name = "hswaw"
name = "hswro"
ID_KEY = "username"
AUTHORIZATION_URL = "https://sso.hackerspace.pl/oauth/authorize"
ACCESS_TOKEN_URL = "https://sso.hackerspace.pl/oauth/token"
AUTHORIZATION_URL = "http://sso.lokal.hswro.org/oauth/authorize"
ACCESS_TOKEN_URL = "http://sso.lokal.hswro.org/oauth/token"
DEFAULT_SCOPE = ["profile:read"]
REDIRECT_STATE = False
SCOPE_SEPARATOR = ","
@ -28,7 +28,7 @@ class HSWawOAuth2(BaseOAuth2):
def user_data(self, access_token, *args, **kwargs):
"""Loads user data from service"""
url = "https://sso.hackerspace.pl/api/1/profile"
url = "http://sso.lokal.hswro.org/api/1/profile"
headers = {"Authorization": "Bearer {}".format(access_token)}
return self.get_json(url, headers=headers)

View File

@ -5,7 +5,7 @@ from django.contrib.auth.models import Group
def staff_me_up(backend, details, response, uid, user, *args, **kwargs):
user.is_staff = True
try:
user.groups.set([Group.objects.get(name="member")])
user.groups.set([Group.objects.get(name="hsmember")])
except Group.DoesNotExist:
pass
user.save()

View File

@ -2,4 +2,4 @@ from django.shortcuts import redirect
def auth_redirect(request):
return redirect("social:begin", "hswaw")
return redirect("social:begin", "hswro")

View File

@ -4,11 +4,9 @@ services:
image: postgres:15.4
restart: unless-stopped
volumes:
- spejstore-db:/var/lib/postgresql/data
environment:
- POSTGRES_USER=postgres
- POSTGRES_PASSWORD=postgres
- POSTGRES_DB=postgres
- /var/spejstore-pg:/var/lib/postgresql/data
env_file:
- .env.pg
healthcheck:
#CHANGE 1: this command checks if the database is ready, right on the source db server
test: ["CMD-SHELL", "pg_isready -d postgres -U postgres"]
@ -18,18 +16,16 @@ services:
web:
build: .
user: root
restart: unless-stopped
command: bash -c "python manage.py collectstatic --no-input --clear && python manage.py migrate && gunicorn --workers 1 --threads 4 -b 0.0.0.0:8000 --capture-output --error-logfile - --access-logfile - spejstore.wsgi:application"
volumes:
- .:/code
- /code/build_static
- ./build_static:/code/build_static
ports:
- "8000:8000"
- "8021:8000"
env_file:
- .env
depends_on:
db:
condition: service_healthy
volumes:
spejstore-db:
external: false

View File

@ -29,6 +29,7 @@ psycopg2==2.9.6
pycparser==2.21
PyJWT==2.7.0
python-dateutil==2.8.2
python-jose==3.3.0
python3-openid==3.2.0
pytz==2023.3
requests==2.31.0

View File

@ -17,7 +17,7 @@ PROD = os.getenv("SPEJSTORE_ENV") == "prod"
SECRET_KEY = env("SECRET_KEY", "#hjthi7_udsyt*9eeyb&nwgw5x=%pk_lnz3+u2tg9@=w3p1m*k")
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = not PROD
DEBUG = True
ALLOWED_HOSTS = env(
"ALLOWED_HOSTS",
@ -137,10 +137,16 @@ AUTH_PASSWORD_VALIDATORS = [
},
]
SOCIAL_AUTH_OIDC_OIDC_ENDPOINT = 'http://sso.lokal.hswro.org/' # endpoint without /.well-known/openid-configuration
SOCIAL_AUTH_OIDC_KEY = env("CLIENT_ID")
SOCIAL_AUTH_OIDC_SECRET = env("SECRET")
AUTHENTICATION_BACKENDS = (
"auth.backend.HSWawOAuth2",
"django.contrib.auth.backends.ModelBackend",
# env('LOGIN_BACKEND', 'auth.backend.HSWawOAuth2'),
'auth.backend.HSWawOAuth2',
# 'social_core.backends.open_id_connect.OpenIdConnectAuth',
'django.contrib.auth.backends.ModelBackend',
)
SOCIAL_AUTH_PIPELINE = (
@ -259,9 +265,10 @@ REST_FRAMEWORK = {
],
}
SOCIAL_AUTH_HSWAW_KEY = env("CLIENT_ID")
SOCIAL_AUTH_HSWAW_SECRET = env("SECRET")
SOCIAL_AUTH_REDIRECT_IS_HTTPS = env("OAUTH_REDIRECT_IS_HTTPS", "true") == "true"
SOCIAL_AUTH_HSWRO_KEY = env("CLIENT_ID")
SOCIAL_AUTH_HSWRO_SECRET = env("SECRET")
#SOCIAL_AUTH_REDIRECT_IS_HTTPS = env("OAUTH_REDIRECT_IS_HTTPS", "true") == "true"
SOCIAL_AUTH_REDIRECT_IS_HTTPS = False
SOCIAL_AUTH_JSONFIELD_ENABLED = True

File diff suppressed because one or more lines are too long

View File

@ -50,6 +50,9 @@
</ul>
</div>
<a href="{% url 'admin:storage_item_change' item.pk %}" class="btn btn-default">Edit</a>
{% if item.props.wiki %}
<a href="https://wiki.hswro.org/{{ item.props.wiki }}" class="btn btn-info">Wiki</a>
{% endif %}
</div>
<table class="table table-hover table-striped">