HSWRO retrofitting + OIDC
This commit is contained in:
parent
9983511136
commit
5a76b0052e
|
@ -5,10 +5,10 @@ from social_core.backends.oauth import BaseOAuth2
|
|||
class HSWawOAuth2(BaseOAuth2):
|
||||
"""Hackerspace OAuth authentication backend"""
|
||||
|
||||
name = "hswaw"
|
||||
name = "hswro"
|
||||
ID_KEY = "username"
|
||||
AUTHORIZATION_URL = "https://sso.hackerspace.pl/oauth/authorize"
|
||||
ACCESS_TOKEN_URL = "https://sso.hackerspace.pl/oauth/token"
|
||||
AUTHORIZATION_URL = "http://sso.lokal.hswro.org/oauth/authorize"
|
||||
ACCESS_TOKEN_URL = "http://sso.lokal.hswro.org/oauth/token"
|
||||
DEFAULT_SCOPE = ["profile:read"]
|
||||
REDIRECT_STATE = False
|
||||
SCOPE_SEPARATOR = ","
|
||||
|
@ -28,7 +28,7 @@ class HSWawOAuth2(BaseOAuth2):
|
|||
|
||||
def user_data(self, access_token, *args, **kwargs):
|
||||
"""Loads user data from service"""
|
||||
url = "https://sso.hackerspace.pl/api/1/profile"
|
||||
url = "http://sso.lokal.hswro.org/api/1/profile"
|
||||
headers = {"Authorization": "Bearer {}".format(access_token)}
|
||||
return self.get_json(url, headers=headers)
|
||||
|
||||
|
|
|
@ -5,7 +5,7 @@ from django.contrib.auth.models import Group
|
|||
def staff_me_up(backend, details, response, uid, user, *args, **kwargs):
|
||||
user.is_staff = True
|
||||
try:
|
||||
user.groups.set([Group.objects.get(name="member")])
|
||||
user.groups.set([Group.objects.get(name="hsmember")])
|
||||
except Group.DoesNotExist:
|
||||
pass
|
||||
user.save()
|
||||
|
|
|
@ -2,4 +2,4 @@ from django.shortcuts import redirect
|
|||
|
||||
|
||||
def auth_redirect(request):
|
||||
return redirect("social:begin", "hswaw")
|
||||
return redirect("social:begin", "hswro")
|
||||
|
|
|
@ -4,11 +4,9 @@ services:
|
|||
image: postgres:15.4
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- spejstore-db:/var/lib/postgresql/data
|
||||
environment:
|
||||
- POSTGRES_USER=postgres
|
||||
- POSTGRES_PASSWORD=postgres
|
||||
- POSTGRES_DB=postgres
|
||||
- /var/spejstore-pg:/var/lib/postgresql/data
|
||||
env_file:
|
||||
- .env.pg
|
||||
healthcheck:
|
||||
#CHANGE 1: this command checks if the database is ready, right on the source db server
|
||||
test: ["CMD-SHELL", "pg_isready -d postgres -U postgres"]
|
||||
|
@ -18,18 +16,16 @@ services:
|
|||
|
||||
web:
|
||||
build: .
|
||||
user: root
|
||||
restart: unless-stopped
|
||||
command: bash -c "python manage.py collectstatic --no-input --clear && python manage.py migrate && gunicorn --workers 1 --threads 4 -b 0.0.0.0:8000 --capture-output --error-logfile - --access-logfile - spejstore.wsgi:application"
|
||||
volumes:
|
||||
- .:/code
|
||||
- /code/build_static
|
||||
- ./build_static:/code/build_static
|
||||
ports:
|
||||
- "8000:8000"
|
||||
- "8021:8000"
|
||||
env_file:
|
||||
- .env
|
||||
depends_on:
|
||||
db:
|
||||
condition: service_healthy
|
||||
volumes:
|
||||
spejstore-db:
|
||||
external: false
|
||||
|
|
|
@ -29,6 +29,7 @@ psycopg2==2.9.6
|
|||
pycparser==2.21
|
||||
PyJWT==2.7.0
|
||||
python-dateutil==2.8.2
|
||||
python-jose==3.3.0
|
||||
python3-openid==3.2.0
|
||||
pytz==2023.3
|
||||
requests==2.31.0
|
||||
|
|
|
@ -17,7 +17,7 @@ PROD = os.getenv("SPEJSTORE_ENV") == "prod"
|
|||
SECRET_KEY = env("SECRET_KEY", "#hjthi7_udsyt*9eeyb&nwgw5x=%pk_lnz3+u2tg9@=w3p1m*k")
|
||||
|
||||
# SECURITY WARNING: don't run with debug turned on in production!
|
||||
DEBUG = not PROD
|
||||
DEBUG = True
|
||||
|
||||
ALLOWED_HOSTS = env(
|
||||
"ALLOWED_HOSTS",
|
||||
|
@ -137,10 +137,16 @@ AUTH_PASSWORD_VALIDATORS = [
|
|||
},
|
||||
]
|
||||
|
||||
SOCIAL_AUTH_OIDC_OIDC_ENDPOINT = 'http://sso.lokal.hswro.org/' # endpoint without /.well-known/openid-configuration
|
||||
SOCIAL_AUTH_OIDC_KEY = env("CLIENT_ID")
|
||||
SOCIAL_AUTH_OIDC_SECRET = env("SECRET")
|
||||
|
||||
AUTHENTICATION_BACKENDS = (
|
||||
"auth.backend.HSWawOAuth2",
|
||||
"django.contrib.auth.backends.ModelBackend",
|
||||
|
||||
# env('LOGIN_BACKEND', 'auth.backend.HSWawOAuth2'),
|
||||
'auth.backend.HSWawOAuth2',
|
||||
# 'social_core.backends.open_id_connect.OpenIdConnectAuth',
|
||||
'django.contrib.auth.backends.ModelBackend',
|
||||
)
|
||||
|
||||
SOCIAL_AUTH_PIPELINE = (
|
||||
|
@ -259,9 +265,10 @@ REST_FRAMEWORK = {
|
|||
],
|
||||
}
|
||||
|
||||
SOCIAL_AUTH_HSWAW_KEY = env("CLIENT_ID")
|
||||
SOCIAL_AUTH_HSWAW_SECRET = env("SECRET")
|
||||
SOCIAL_AUTH_REDIRECT_IS_HTTPS = env("OAUTH_REDIRECT_IS_HTTPS", "true") == "true"
|
||||
SOCIAL_AUTH_HSWRO_KEY = env("CLIENT_ID")
|
||||
SOCIAL_AUTH_HSWRO_SECRET = env("SECRET")
|
||||
#SOCIAL_AUTH_REDIRECT_IS_HTTPS = env("OAUTH_REDIRECT_IS_HTTPS", "true") == "true"
|
||||
SOCIAL_AUTH_REDIRECT_IS_HTTPS = False
|
||||
|
||||
SOCIAL_AUTH_JSONFIELD_ENABLED = True
|
||||
|
||||
|
|
File diff suppressed because one or more lines are too long
|
@ -50,6 +50,9 @@
|
|||
</ul>
|
||||
</div>
|
||||
<a href="{% url 'admin:storage_item_change' item.pk %}" class="btn btn-default">Edit</a>
|
||||
{% if item.props.wiki %}
|
||||
<a href="https://wiki.hswro.org/{{ item.props.wiki }}" class="btn btn-info">Wiki</a>
|
||||
{% endif %}
|
||||
</div>
|
||||
|
||||
<table class="table table-hover table-striped">
|
||||
|
|
Loading…
Reference in New Issue