Merge pull request #6 from N5GEH/5-add-oidc-auth

add oidc auth
N5GEH · Jul 15, 2022 · 33ed830 · 33ed830
2 parents 73f7a71 + a2cd2af
commit 33ed830
Show file tree

Hide file tree

Showing 53 changed files with 943 additions and 195 deletions.
diff --git a/README.md b/README.md
@@ -7,33 +7,80 @@
 
 ## Built With
 
- - Django 4.0.5
- - Bootstrap 5.2.0-beta1
- - htmx 1.7.0
+- Django 4.0.5
+- Bootstrap 5.2.0-beta1
+- htmx 1.7.0
 
-# Getting Started
+## Getting Started
 
-## Prerequisites
+### Prerequisites
 
-### Installing dependencies
-- pip
-    ```bash
-      cd ./app/entirety
-      pip install -r requirements.txt
-    ```
-- pre-commit
-    ```bash
-      pre-commit install
-    ```
+#### Installing dependencies
+
+pip
+
+```bash
+  cd ./app/entirety
+  pip install -r requirements.txt
+```
+
+pre-commit
+
+```bash
+  pre-commit install
+```
+
+#### create .env File
+
+```bash
+  cp .env.EXAMPLE .env
+```
 
 ## Usage
 
+Migrate Database
+
+```bash
+  python manage.py makemigrations projects users examples
+  python manage.py migrate
+```
+
 Starting the Django server:
 
 ```bash
   python manage.py runserver
 ```
 
+## Contributing
+
+See the [contributing guide](./docs/CONTRIBUTING.md) for detailed instructions on how to get started with our project.
+
+## Development
+
+To run the application in your development setup you'll need to
+provide following settings in your env file.
+
+### Required
+
+* [DJANGO_SECRET_KEY](./docs/SETTINGS.md#django_secret_key)
+* [OIDC_OP_AUTHORIZATION_ENDPOINT](./docs/SETTINGS.md#oidc_op_authorization_endpoint)
+* [OIDC_OP_JWKS_ENDPOINT](./docs/SETTINGS.md#oidc_op_jwks_endpoint)
+* [OIDC_OP_TOKEN_ENDPOINT](./docs/SETTINGS.md#oidc_op_token_endpoint)
+* [OIDC_OP_USER_ENDPOINT](./docs/SETTINGS.md#oidc_op_user_endpoint)
+* [OIDC_RP_CLIENT_ID](./docs/SETTINGS.md#oidc_rp_client_id)
+* [OIDC_RP_CLIENT_SECRET](./docs/SETTINGS.md#oidc_rp_client_secret)
+
+### Optional
+
+* [DJANGO_DEBUG](./docs/SETTINGS.md#django_debug)
+* [COMPRESS_ENABLED](./docs/SETTINGS.md#compress_enabled)
+
+For a full list of settings see [settings](./docs/SETTINGS.md).
+
+## Changelog
+
+See [changelog](./docs/CHANGELOG.md) for detailed overview of changes.
+
 ## Contact
 
 [@SBlechmann](https://github.com/SBlechmann)

diff --git a/app/Entirety/.env.EXAMPLE b/app/Entirety/.env.EXAMPLE
@@ -0,0 +1,25 @@
+# Django
+DJANGO_SECRET_KEY=
+DJANGO_DEBUG=False
+ALLOWED_HOSTS=["localhost","127.0.0.1"]
+LANGUAGE_CODE=en-us
+TIME_ZONE=Europe/Berlin
+
+# JS/SCSS compression
+COMPRESS_ENABLED=True
+
+# OIDC
+LOGIN_URL=/oidc/authenticate
+LOGIN_REDIRECT_URL=/oidc/callback/
+LOGOUT_REDIRECT_URL=/
+OIDC_OP_AUTHORIZATION_ENDPOINT=
+OIDC_OP_JWKS_ENDPOINT=
+OIDC_OP_TOKEN_ENDPOINT=
+OIDC_OP_USER_ENDPOINT=
+OIDC_RP_CLIENT_ID=
+OIDC_RP_CLIENT_SECRET=
+OIDC_SUPER_ADMIN_ROLE=super_admin
+OIDC_SERVER_ADMIN_ROLE=server_admin
+OIDC_PROJECT_ADMIN_ROLE=project_admin
+OIDC_USER_ROLE=user
+OIDC_TOKEN_ROLE_FIELD=roles
diff --git a/app/Entirety/projects/migrations/__init__.py → app/Entirety/alarming/__init__.py b/app/Entirety/projects/migrations/__init__.py → app/Entirety/alarming/__init__.py
diff --git a/app/Entirety/alarming/admin.py b/app/Entirety/alarming/admin.py
@@ -0,0 +1,5 @@
+from django.contrib import admin
+
+from alarming.models import Subscription
+
+admin.site.register(Subscription)
diff --git a/app/Entirety/alarming/apps.py b/app/Entirety/alarming/apps.py
@@ -0,0 +1,6 @@
+from django.apps import AppConfig
+
+
+class AlarmingConfig(AppConfig):
+    default_auto_field = "django.db.models.BigAutoField"
+    name = "alarming"
diff --git a/app/Entirety/alarming/models.py b/app/Entirety/alarming/models.py
@@ -0,0 +1,20 @@
+from django.db import models
+
+from utils.generators import generate_uuid
+
+from projects.models import Project
+
+
+class Subscription(models.Model):
+    uuid = models.CharField(
+        unique=True, max_length=64, default=generate_uuid, primary_key=True
+    )  # later uuid from cb
+    name = models.CharField(max_length=64)
+
+    project = models.ForeignKey(Project, on_delete=models.CASCADE)
+
+    def __str__(self):
+        return self.name
+
+    class Meta:
+        ordering = ["name"]
diff --git a/app/Entirety/alarming/templates/alarming/subscription_list.html b/app/Entirety/alarming/templates/alarming/subscription_list.html
@@ -0,0 +1,9 @@
+{% extends '_base.html' %}
+
+{% block title %}Subscriptions{% endblock %}
+
+{% block content %}
+    {% for subscription in subscription_list %}
+        {{ subscription.name }}
+    {% endfor %}
+{% endblock %}
diff --git a/app/Entirety/alarming/tests.py b/app/Entirety/alarming/tests.py
@@ -0,0 +1,3 @@
+from django.test import TestCase
+
+# Create your tests here.
diff --git a/app/Entirety/alarming/urls.py b/app/Entirety/alarming/urls.py
@@ -0,0 +1,10 @@
+from django.contrib.auth.decorators import login_required
+from django.urls import path
+from django.views.generic.base import RedirectView
+
+from alarming.views import SubscriptionList
+
+urlpatterns = [
+    path("subscriptions/", SubscriptionList.as_view(), name="subscriptions"),
+    path("", RedirectView.as_view(pattern_name="subscriptions")),
+]
diff --git a/app/Entirety/alarming/views.py b/app/Entirety/alarming/views.py
@@ -0,0 +1,12 @@
+from django.shortcuts import render
+from django.views.generic import ListView
+
+from alarming.models import Subscription
+from projects.mixins import ProjectContextMixin
+
+
+class SubscriptionList(ProjectContextMixin, ListView):
+    model = Subscription
+
+    def get_queryset(self):
+        return Subscription.objects.filter(project=self.project)
diff --git a/app/Entirety/entirety/asgi.py b/app/Entirety/entirety/asgi.py
@@ -10,7 +10,8 @@
 import os
 
 from django.core.asgi import get_asgi_application
+from pydantic_settings import SetUp
 
-os.environ.setdefault("DJANGO_SETTINGS_MODULE", "entirety.settings")
-
+os.environ.setdefault("DJANGO_SETTINGS_MODULE", "entirety.settings.Settings")
+SetUp().configure()
 application = get_asgi_application()
diff --git a/app/Entirety/entirety/models.py b/app/Entirety/entirety/models.py
diff --git a/app/Entirety/entirety/oidc.py b/app/Entirety/entirety/oidc.py
@@ -0,0 +1,34 @@
+from mozilla_django_oidc.auth import OIDCAuthenticationBackend
+from django.conf import settings
+
+
+class CustomOIDCAB(OIDCAuthenticationBackend):
+    def create_user(self, claims):
+        user = super(CustomOIDCAB, self).create_user(claims)
+
+        return self.__set_user_values(user, claims)
+
+    def update_user(self, user, claims):
+        return self.__set_user_values(user, claims)
+
+    def __set_user_values(self, user, claims):
+        roles = claims.get("roles", [])
+
+        user.first_name = claims.get("given_name", "")
+        user.last_name = claims.get("family_name", "")
+        user.username = claims.get("preferred_username", "")
+
+        user.is_superuser = user.is_staff = settings.OIDC_SUPER_ADMIN_ROLE in roles
+        user.is_server_admin = settings.OIDC_SERVER_ADMIN_ROLE in roles
+        user.is_project_admin = settings.OIDC_PROJECT_ADMIN_ROLE in roles
+
+        user.save()
+
+        return user
+
+    def verify_claims(self, claims):
+        verified = super(CustomOIDCAB, self).verify_claims(claims)
+        is_user = settings.OIDC_USER_ROLE in claims.get(
+            settings.OIDC_TOKEN_ROLE_FIELD, []
+        )
+        return verified and is_user
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		from django.test import TestCase

		# Create your tests here.