WIP: Add OIDC configuration, settings

requirements.txt

-Django ~= 3.0.4
-whitenoise ~= 5.0.1
-gunicorn ~=20.0.4
\ No newline at end of file
+Django~=3.0.4
+whitenoise~=5.0.1
+gunicorn~=20.0.4
+mozilla-django-oidc~=1.2.3
\ No newline at end of file

um_django_template_project/oidc_auth/auth.py

+import unicodedata
+
+from mozilla_django_oidc.auth import OIDCAuthenticationBackend
+
+
+def generate_username(email):
+    return unicodedata.normalize('NFKC', email).split('@')[0]
+
+
+class UMichOIDCBackend(OIDCAuthenticationBackend):
+    @staticmethod
+    def _set_claims(user, claims):
+        user.first_name = claims.get('given_name', '')
+        user.last_name = claims.get('family_name', '')
+
+    def create_user(self, claims):
+        user = super().create_user(claims)
+        self._set_claims(user, claims)
+        user.save()
+        return user
+
+    def update_user(self, user, claims):
+        self._set_claims(user, claims)
+        user.save()
+        return user

um_django_template_project/oidc_auth/urls.py

+from django.conf.urls import url
+from django.urls import include
+
+urlpatterns = [
+    url(r'^oidc/', include('mozilla_django_oidc.urls')),
+]

um_django_template_project/um_django_template_project/settings.py

@@ -12,6 +12,10 @@ https://docs.djangoproject.com/en/3.0/ref/settings/
 
 import os
 
+def str_to_bool(val):
+    return val.lower() in ('yes', 'true', 'on', '1')
+
+
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 
@@ -23,7 +27,7 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 SECRET_KEY = os.getenv('SECRET_KEY')
 
 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = os.getenv('DEBUG') in ['true', 'True', '1', 'yes'] if os.getenv('DEBUG') else False
+DEBUG = str_to_bool(os.getenv('DEBUG', 'off'))
 
 ALLOWED_HOSTS = os.getenv('ALLOWED_HOSTS', '127.0.0.1').split(',')
 
@@ -49,7 +53,8 @@ EMAIL_SUBJECT_PREFIX = f'[{os.getenv("EMAIL_SUBJECT_PREFIX", "localhost")}] '
 # Add additional non-Django apps here for consistent logging behavior
 EXTRA_APPS = [
     'um_template_ui',
-    'oidc_auth'
+    'oidc_auth',
+    'mozilla_django_oidc'
 ]
 
 INSTALLED_APPS = [
@@ -70,6 +75,7 @@ MIDDLEWARE = [
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
+    'mozilla_django_oidc.middleware.SessionRefresh'
 ]
 
 ROOT_URLCONF = 'um_django_template_project.urls'
@@ -92,10 +98,15 @@ TEMPLATES = [
 
 WSGI_APPLICATION = 'um_django_template_project.wsgi.application'
 
+
 # Authentication
 
 AUTH_USER_MODEL = 'oidc_auth.User'
 
+AUTHENTICATION_BACKENDS = [
+    'mozilla_django_oidc.auth.OIDCAuthenticationBackend',
+]
+
 LOGIN_REDIRECT_URL = '/'
 LOGOUT_REDIRECT_URL = '/'
 
@@ -103,6 +114,29 @@ if DEBUG is True:
     LOGIN_URL = '/admin'
 
 
+# Mozilla OIDC
+# https://mozilla-django-oidc.readthedocs.io/en/stable/
+
+OIDC_RP_CLIENT_ID = os.getenv('OIDC_RP_CLIENT_ID')
+OIDC_RP_CLIENT_SECRET = os.getenv('OIDC_RP_CLIENT_SECRET')
+OIDC_OP_AUTHORIZATION_ENDPOINT = os.getenv('OIDC_OP_AUTHORIZATION_ENDPOINT')
+OIDC_OP_TOKEN_ENDPOINT = os.getenv('OIDC_OP_TOKEN_ENDPOINT')
+OIDC_OP_USER_ENDPOINT = os.getenv('OIDC_OP_USER_ENDPOINT')
+OIDC_RP_SIGN_ALGO = os.getenv('OIDC_RP_SIGN_ALGO', 'RS256')
+OIDC_OP_JWKS_ENDPOINT = os.getenv('OIDC_OP_JWKS_ENDPOINT')
+OIDC_USERNAME_ALGO = 'officehours.auth.generate_username'
+OIDC_RP_SCOPES = 'openid email profile'
+OIDC_CREATE_USER = str_to_bool(os.getenv('OIDC_CREATE_USER', 'on'))
+
+if (OIDC_RP_CLIENT_ID and OIDC_RP_CLIENT_SECRET and OIDC_OP_AUTHORIZATION_ENDPOINT
+        and OIDC_OP_TOKEN_ENDPOINT and OIDC_OP_USER_ENDPOINT):
+    EXTRA_APPS += ['mozilla_django_oidc']
+    AUTHENTICATION_BACKENDS += ['oidc_auth.auth.UMichOIDCBackend']
+    LOGIN_URL = '/oidc/authenticate/'
+else:
+    print('Skipping OIDCAuthenticationBackend as OIDC variables were not set.')
+
+
 # Database
 # https://docs.djangoproject.com/en/3.0/ref/settings/#databases
 

um_django_template_project/um_django_template_project/urls.py

@@ -8,4 +8,5 @@ urlpatterns = [
     path('login/', login, name='login'),
     path('logout/', logout, name='logout'),
     path('', include('um_template_ui.urls')),
+    path('', include('oidc_auth.urls'))
 ]