Commit b1875342 authored by Jon Yu's avatar Jon Yu
Browse files

WIP: Add OIDC configuration, settings

parent 3a8ed936
Django ~= 3.0.4
whitenoise ~= 5.0.1
gunicorn ~=20.0.4
\ No newline at end of file
Django~=3.0.4
whitenoise~=5.0.1
gunicorn~=20.0.4
mozilla-django-oidc~=1.2.3
\ No newline at end of file
import unicodedata
from mozilla_django_oidc.auth import OIDCAuthenticationBackend
def generate_username(email):
return unicodedata.normalize('NFKC', email).split('@')[0]
class UMichOIDCBackend(OIDCAuthenticationBackend):
@staticmethod
def _set_claims(user, claims):
user.first_name = claims.get('given_name', '')
user.last_name = claims.get('family_name', '')
def create_user(self, claims):
user = super().create_user(claims)
self._set_claims(user, claims)
user.save()
return user
def update_user(self, user, claims):
self._set_claims(user, claims)
user.save()
return user
from django.conf.urls import url
from django.urls import include
urlpatterns = [
url(r'^oidc/', include('mozilla_django_oidc.urls')),
]
......@@ -12,6 +12,10 @@ https://docs.djangoproject.com/en/3.0/ref/settings/
import os
def str_to_bool(val):
return val.lower() in ('yes', 'true', 'on', '1')
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
......@@ -23,7 +27,7 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
SECRET_KEY = os.getenv('SECRET_KEY')
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = os.getenv('DEBUG') in ['true', 'True', '1', 'yes'] if os.getenv('DEBUG') else False
DEBUG = str_to_bool(os.getenv('DEBUG', 'off'))
ALLOWED_HOSTS = os.getenv('ALLOWED_HOSTS', '127.0.0.1').split(',')
......@@ -49,7 +53,8 @@ EMAIL_SUBJECT_PREFIX = f'[{os.getenv("EMAIL_SUBJECT_PREFIX", "localhost")}] '
# Add additional non-Django apps here for consistent logging behavior
EXTRA_APPS = [
'um_template_ui',
'oidc_auth'
'oidc_auth',
'mozilla_django_oidc'
]
INSTALLED_APPS = [
......@@ -70,6 +75,7 @@ MIDDLEWARE = [
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'mozilla_django_oidc.middleware.SessionRefresh'
]
ROOT_URLCONF = 'um_django_template_project.urls'
......@@ -92,10 +98,15 @@ TEMPLATES = [
WSGI_APPLICATION = 'um_django_template_project.wsgi.application'
# Authentication
AUTH_USER_MODEL = 'oidc_auth.User'
AUTHENTICATION_BACKENDS = [
'mozilla_django_oidc.auth.OIDCAuthenticationBackend',
]
LOGIN_REDIRECT_URL = '/'
LOGOUT_REDIRECT_URL = '/'
......@@ -103,6 +114,29 @@ if DEBUG is True:
LOGIN_URL = '/admin'
# Mozilla OIDC
# https://mozilla-django-oidc.readthedocs.io/en/stable/
OIDC_RP_CLIENT_ID = os.getenv('OIDC_RP_CLIENT_ID')
OIDC_RP_CLIENT_SECRET = os.getenv('OIDC_RP_CLIENT_SECRET')
OIDC_OP_AUTHORIZATION_ENDPOINT = os.getenv('OIDC_OP_AUTHORIZATION_ENDPOINT')
OIDC_OP_TOKEN_ENDPOINT = os.getenv('OIDC_OP_TOKEN_ENDPOINT')
OIDC_OP_USER_ENDPOINT = os.getenv('OIDC_OP_USER_ENDPOINT')
OIDC_RP_SIGN_ALGO = os.getenv('OIDC_RP_SIGN_ALGO', 'RS256')
OIDC_OP_JWKS_ENDPOINT = os.getenv('OIDC_OP_JWKS_ENDPOINT')
OIDC_USERNAME_ALGO = 'officehours.auth.generate_username'
OIDC_RP_SCOPES = 'openid email profile'
OIDC_CREATE_USER = str_to_bool(os.getenv('OIDC_CREATE_USER', 'on'))
if (OIDC_RP_CLIENT_ID and OIDC_RP_CLIENT_SECRET and OIDC_OP_AUTHORIZATION_ENDPOINT
and OIDC_OP_TOKEN_ENDPOINT and OIDC_OP_USER_ENDPOINT):
EXTRA_APPS += ['mozilla_django_oidc']
AUTHENTICATION_BACKENDS += ['oidc_auth.auth.UMichOIDCBackend']
LOGIN_URL = '/oidc/authenticate/'
else:
print('Skipping OIDCAuthenticationBackend as OIDC variables were not set.')
# Database
# https://docs.djangoproject.com/en/3.0/ref/settings/#databases
......
......@@ -8,4 +8,5 @@ urlpatterns = [
path('login/', login, name='login'),
path('logout/', logout, name='logout'),
path('', include('um_template_ui.urls')),
path('', include('oidc_auth.urls'))
]
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment