Note: The default ITS GitLab runner is a shared resource and is subject to slowdowns during heavy usage.
You can run your own GitLab runner that is dedicated just to your group if you need to avoid processing delays.

Commit b1875342 authored by Jon Yu's avatar Jon Yu
Browse files

WIP: Add OIDC configuration, settings

parent 3a8ed936
Django ~= 3.0.4
whitenoise ~= 5.0.1
gunicorn ~=20.0.4
\ No newline at end of file
Django~=3.0.4
whitenoise~=5.0.1
gunicorn~=20.0.4
mozilla-django-oidc~=1.2.3
\ No newline at end of file
import unicodedata
from mozilla_django_oidc.auth import OIDCAuthenticationBackend
def generate_username(email):
return unicodedata.normalize('NFKC', email).split('@')[0]
class UMichOIDCBackend(OIDCAuthenticationBackend):
@staticmethod
def _set_claims(user, claims):
user.first_name = claims.get('given_name', '')
user.last_name = claims.get('family_name', '')
def create_user(self, claims):
user = super().create_user(claims)
self._set_claims(user, claims)
user.save()
return user
def update_user(self, user, claims):
self._set_claims(user, claims)
user.save()
return user
from django.conf.urls import url
from django.urls import include
urlpatterns = [
url(r'^oidc/', include('mozilla_django_oidc.urls')),
]
......@@ -12,6 +12,10 @@ https://docs.djangoproject.com/en/3.0/ref/settings/
import os
def str_to_bool(val):
return val.lower() in ('yes', 'true', 'on', '1')
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
......@@ -23,7 +27,7 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
SECRET_KEY = os.getenv('SECRET_KEY')
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = os.getenv('DEBUG') in ['true', 'True', '1', 'yes'] if os.getenv('DEBUG') else False
DEBUG = str_to_bool(os.getenv('DEBUG', 'off'))
ALLOWED_HOSTS = os.getenv('ALLOWED_HOSTS', '127.0.0.1').split(',')
......@@ -49,7 +53,8 @@ EMAIL_SUBJECT_PREFIX = f'[{os.getenv("EMAIL_SUBJECT_PREFIX", "localhost")}] '
# Add additional non-Django apps here for consistent logging behavior
EXTRA_APPS = [
'um_template_ui',
'oidc_auth'
'oidc_auth',
'mozilla_django_oidc'
]
INSTALLED_APPS = [
......@@ -70,6 +75,7 @@ MIDDLEWARE = [
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'mozilla_django_oidc.middleware.SessionRefresh'
]
ROOT_URLCONF = 'um_django_template_project.urls'
......@@ -92,10 +98,15 @@ TEMPLATES = [
WSGI_APPLICATION = 'um_django_template_project.wsgi.application'
# Authentication
AUTH_USER_MODEL = 'oidc_auth.User'
AUTHENTICATION_BACKENDS = [
'mozilla_django_oidc.auth.OIDCAuthenticationBackend',
]
LOGIN_REDIRECT_URL = '/'
LOGOUT_REDIRECT_URL = '/'
......@@ -103,6 +114,29 @@ if DEBUG is True:
LOGIN_URL = '/admin'
# Mozilla OIDC
# https://mozilla-django-oidc.readthedocs.io/en/stable/
OIDC_RP_CLIENT_ID = os.getenv('OIDC_RP_CLIENT_ID')
OIDC_RP_CLIENT_SECRET = os.getenv('OIDC_RP_CLIENT_SECRET')
OIDC_OP_AUTHORIZATION_ENDPOINT = os.getenv('OIDC_OP_AUTHORIZATION_ENDPOINT')
OIDC_OP_TOKEN_ENDPOINT = os.getenv('OIDC_OP_TOKEN_ENDPOINT')
OIDC_OP_USER_ENDPOINT = os.getenv('OIDC_OP_USER_ENDPOINT')
OIDC_RP_SIGN_ALGO = os.getenv('OIDC_RP_SIGN_ALGO', 'RS256')
OIDC_OP_JWKS_ENDPOINT = os.getenv('OIDC_OP_JWKS_ENDPOINT')
OIDC_USERNAME_ALGO = 'officehours.auth.generate_username'
OIDC_RP_SCOPES = 'openid email profile'
OIDC_CREATE_USER = str_to_bool(os.getenv('OIDC_CREATE_USER', 'on'))
if (OIDC_RP_CLIENT_ID and OIDC_RP_CLIENT_SECRET and OIDC_OP_AUTHORIZATION_ENDPOINT
and OIDC_OP_TOKEN_ENDPOINT and OIDC_OP_USER_ENDPOINT):
EXTRA_APPS += ['mozilla_django_oidc']
AUTHENTICATION_BACKENDS += ['oidc_auth.auth.UMichOIDCBackend']
LOGIN_URL = '/oidc/authenticate/'
else:
print('Skipping OIDCAuthenticationBackend as OIDC variables were not set.')
# Database
# https://docs.djangoproject.com/en/3.0/ref/settings/#databases
......
......@@ -8,4 +8,5 @@ urlpatterns = [
path('login/', login, name='login'),
path('logout/', logout, name='logout'),
path('', include('um_template_ui.urls')),
path('', include('oidc_auth.urls'))
]
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment