diff --git a/frontend b/frontend index 2dfe609..02e5d62 160000 --- a/frontend +++ b/frontend @@ -1 +1 @@ -Subproject commit 2dfe609aeec5a727115dd52df7eeecec9b58faec +Subproject commit 02e5d622d917ae99baa78b63d97f32ef469a076b diff --git a/kumisystems/auth.py b/kumisystems/auth.py new file mode 100644 index 0000000..51af2c2 --- /dev/null +++ b/kumisystems/auth.py @@ -0,0 +1,9 @@ +from mozilla_django_oidc.auth import OIDCAuthenticationBackend + +class OIDCBackend(OIDCAuthenticationBackend): + def create_user(self, claims): + email = claims.get('email') + return self.UserModel.objects.create_user(email) + + def get_username(self, claims): + return claims.get('email') \ No newline at end of file diff --git a/kumisystems/settings.py b/kumisystems/settings.py index e8de482..5c2b8b4 100644 --- a/kumisystems/settings.py +++ b/kumisystems/settings.py @@ -2,6 +2,8 @@ from pathlib import Path from autosecretkey import AutoSecretKey +from django.urls import reverse_lazy + # Build paths inside the project like this: BASE_DIR / 'subdir'. BASE_DIR = Path(__file__).resolve().parent.parent @@ -48,6 +50,10 @@ INSTALLED_APPS = [ 'djangocms_video', 'djangocms_snippet', 'djangocms_style', + + # Optional for OpenID Connect: + + 'mozilla_django_oidc', ] MIDDLEWARE = [ @@ -133,6 +139,30 @@ else: # Password validation # https://docs.djangoproject.com/en/4.2/ref/settings/#auth-password-validators +USE_OIDC = False + +if "OIDC" in CONFIG: + USE_OIDC = True + + AUTHENTICATION_BACKENDS = [ + 'kumisystems.auth.OIDCBackend', + ] + + LOGIN_URL = reverse_lazy("oidc_authentication_init") + + OIDC_NAME = CONFIG.get("OIDC", "Name", fallback="OIDC") + OIDC_RP_CLIENT_ID = CONFIG["OIDC"]["ClientID"] + OIDC_RP_CLIENT_SECRET = CONFIG["OIDC"]["ClientSecret"] + OIDC_OP_JWKS_ENDPOINT = CONFIG["OIDC"]["JWKS"] + OIDC_OP_AUTHORIZATION_ENDPOINT = CONFIG["OIDC"]["Authorization"] + OIDC_OP_TOKEN_ENDPOINT = CONFIG["OIDC"]["Token"] + OIDC_OP_USER_ENDPOINT = CONFIG["OIDC"]["UserInfo"] + OIDC_CREATE_USER = CONFIG.getboolean("OIDC", "CreateUsers", fallback=False) + OIDC_RP_SIGN_ALGO = CONFIG.get("OIDC", "Algorithm", fallback="RS256") + + MIDDLEWARE.append("mozilla_django_oidc.middleware.SessionRefresh") + + AUTH_PASSWORD_VALIDATORS = [ { 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator', diff --git a/kumisystems/urls.py b/kumisystems/urls.py index 19c2806..fa7a5bf 100644 --- a/kumisystems/urls.py +++ b/kumisystems/urls.py @@ -2,9 +2,19 @@ from django.contrib import admin from django.urls import path, include from django.views.i18n import JavaScriptCatalog from django.conf.urls.i18n import i18n_patterns +from django.conf import settings -urlpatterns = i18n_patterns( - path('admin/', admin.site.urls), - path('', include('cms.urls')), - path('jsi18n/', JavaScriptCatalog.as_view(), name='javascript-catalog'), -) \ No newline at end of file +urlpatterns = [ + path("oidc/", include("mozilla_django_oidc.urls")), +] + i18n_patterns( + path("admin/", admin.site.urls), + path("", include("cms.urls")), + path("jsi18n/", JavaScriptCatalog.as_view(), name="javascript-catalog"), +) + +if settings.USE_OIDC: + from mozilla_django_oidc.views import OIDCAuthenticationRequestView + + urlpatterns = i18n_patterns( + path('admin/login/', OIDCAuthenticationRequestView.as_view(), name='oidc_authentication_init'), + ) + urlpatterns \ No newline at end of file diff --git a/requirements.txt b/requirements.txt index 15289b9..7f02727 100644 --- a/requirements.txt +++ b/requirements.txt @@ -11,4 +11,5 @@ djangocms-file djangocms-picture djangocms-video djangocms-snippet -djangocms-style \ No newline at end of file +djangocms-style +mozilla-django-oidc \ No newline at end of file diff --git a/settings.dist.ini b/settings.dist.ini new file mode 100644 index 0000000..7bffa74 --- /dev/null +++ b/settings.dist.ini @@ -0,0 +1,15 @@ +[KumiSystems] +debug = 0 # Set to 1 to enable debug +host = kumisystems.local + +# Uncomment and change values to enable OpenID Connect authentication + +# [OIDC] +# name = KumiDC +# createusers = 0 +# clientid = 012345 +# clientsecret = afjkhsdjfkhajlkfhdsljkfh +# jwks = https://kumidc.local/openid/jwks/ +# authorization = https://kumidc.local/openid/authorize/ +# token = https://kumidc.local/openid/token/ +# userinfo = https://kumidc.local/openid/userinfo/