Sample settings file
This commit is contained in:
Kumi 2023-07-08 16:51:05 +02:00
parent 7b6ee8a44c
commit 81115792b7
Signed by: kumi
GPG key ID: ECBCC9082395383F
6 changed files with 72 additions and 7 deletions

@ -1 +1 @@
Subproject commit 2dfe609aeec5a727115dd52df7eeecec9b58faec Subproject commit 02e5d622d917ae99baa78b63d97f32ef469a076b

9
kumisystems/auth.py Normal file
View file

@ -0,0 +1,9 @@
from mozilla_django_oidc.auth import OIDCAuthenticationBackend
class OIDCBackend(OIDCAuthenticationBackend):
def create_user(self, claims):
email = claims.get('email')
return self.UserModel.objects.create_user(email)
def get_username(self, claims):
return claims.get('email')

View file

@ -2,6 +2,8 @@ from pathlib import Path
from autosecretkey import AutoSecretKey from autosecretkey import AutoSecretKey
from django.urls import reverse_lazy
# Build paths inside the project like this: BASE_DIR / 'subdir'. # Build paths inside the project like this: BASE_DIR / 'subdir'.
BASE_DIR = Path(__file__).resolve().parent.parent BASE_DIR = Path(__file__).resolve().parent.parent
@ -48,6 +50,10 @@ INSTALLED_APPS = [
'djangocms_video', 'djangocms_video',
'djangocms_snippet', 'djangocms_snippet',
'djangocms_style', 'djangocms_style',
# Optional for OpenID Connect:
'mozilla_django_oidc',
] ]
MIDDLEWARE = [ MIDDLEWARE = [
@ -133,6 +139,30 @@ else:
# Password validation # Password validation
# https://docs.djangoproject.com/en/4.2/ref/settings/#auth-password-validators # https://docs.djangoproject.com/en/4.2/ref/settings/#auth-password-validators
USE_OIDC = False
if "OIDC" in CONFIG:
USE_OIDC = True
AUTHENTICATION_BACKENDS = [
'kumisystems.auth.OIDCBackend',
]
LOGIN_URL = reverse_lazy("oidc_authentication_init")
OIDC_NAME = CONFIG.get("OIDC", "Name", fallback="OIDC")
OIDC_RP_CLIENT_ID = CONFIG["OIDC"]["ClientID"]
OIDC_RP_CLIENT_SECRET = CONFIG["OIDC"]["ClientSecret"]
OIDC_OP_JWKS_ENDPOINT = CONFIG["OIDC"]["JWKS"]
OIDC_OP_AUTHORIZATION_ENDPOINT = CONFIG["OIDC"]["Authorization"]
OIDC_OP_TOKEN_ENDPOINT = CONFIG["OIDC"]["Token"]
OIDC_OP_USER_ENDPOINT = CONFIG["OIDC"]["UserInfo"]
OIDC_CREATE_USER = CONFIG.getboolean("OIDC", "CreateUsers", fallback=False)
OIDC_RP_SIGN_ALGO = CONFIG.get("OIDC", "Algorithm", fallback="RS256")
MIDDLEWARE.append("mozilla_django_oidc.middleware.SessionRefresh")
AUTH_PASSWORD_VALIDATORS = [ AUTH_PASSWORD_VALIDATORS = [
{ {
'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator', 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',

View file

@ -2,9 +2,19 @@ from django.contrib import admin
from django.urls import path, include from django.urls import path, include
from django.views.i18n import JavaScriptCatalog from django.views.i18n import JavaScriptCatalog
from django.conf.urls.i18n import i18n_patterns from django.conf.urls.i18n import i18n_patterns
from django.conf import settings
urlpatterns = i18n_patterns( urlpatterns = [
path('admin/', admin.site.urls), path("oidc/", include("mozilla_django_oidc.urls")),
path('', include('cms.urls')), ] + i18n_patterns(
path('jsi18n/', JavaScriptCatalog.as_view(), name='javascript-catalog'), path("admin/", admin.site.urls),
path("", include("cms.urls")),
path("jsi18n/", JavaScriptCatalog.as_view(), name="javascript-catalog"),
) )
if settings.USE_OIDC:
from mozilla_django_oidc.views import OIDCAuthenticationRequestView
urlpatterns = i18n_patterns(
path('admin/login/', OIDCAuthenticationRequestView.as_view(), name='oidc_authentication_init'),
) + urlpatterns

View file

@ -12,3 +12,4 @@ djangocms-picture
djangocms-video djangocms-video
djangocms-snippet djangocms-snippet
djangocms-style djangocms-style
mozilla-django-oidc

15
settings.dist.ini Normal file
View file

@ -0,0 +1,15 @@
[KumiSystems]
debug = 0 # Set to 1 to enable debug
host = kumisystems.local
# Uncomment and change values to enable OpenID Connect authentication
# [OIDC]
# name = KumiDC
# createusers = 0
# clientid = 012345
# clientsecret = afjkhsdjfkhajlkfhdsljkfh
# jwks = https://kumidc.local/openid/jwks/
# authorization = https://kumidc.local/openid/authorize/
# token = https://kumidc.local/openid/token/
# userinfo = https://kumidc.local/openid/userinfo/