feat(base): configurable SSO

!20 #1
2024-06-07 18:56:20 +09:30
parent fa28fd436e
commit 3040d4afe7
6 changed files with 130 additions and 3 deletions
--- a/app/app/context_processors/base.py
+++ b/app/app/context_processors/base.py
@ -21,6 +21,34 @@ def request(request):
    return request.get_full_path()


+def social_backends(request):
+    """ Fetch Backend Names
+
+    Required for use on the login page to dynamically build the social auth URLS
+
+    Returns:
+        list(str): backend name
+    """
+    from importlib import import_module
+
+    social_backends = []
+
+    if hasattr(settings, 'SSO_BACKENDS'):
+
+        for backend in settings.SSO_BACKENDS:
+
+            paths = str(backend).split('.')
+
+            module = import_module(paths[0] + '.' + paths[1] + '.' + paths[2])
+
+            backend_class = getattr(module, paths[3])
+            backend = backend_class.name
+
+            social_backends += [ str(backend) ]
+
+    return social_backends
+
+
 def user_settings(context) -> int:
    """ Provides the settings ID for the current user.

@ -136,5 +164,6 @@ def common(context):
    return {
        'build_details': build_details(context),
        'nav_items': nav_items(context),
+        'social_backends': social_backends(context),
        'user_settings': user_settings(context),
    }
--- a/app/app/settings.py
+++ b/app/app/settings.py
@ -30,8 +30,11 @@ BUILD_VERSION = os.getenv('CI_COMMIT_TAG')
 # SECURITY WARNING: keep the secret key used in production secret!
 SECRET_KEY = 'django-insecure-b*41-$afq0yl)1e#qpz^-nbt-opvjwb#avv++b9rfdxa@b55sk'

-# SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = False
+#
+# Defaults
+#
+DEBUG = False                    # SECURITY WARNING: don't run with debug turned on in production!
+SSO_ENABLED = False              # Enable SSO

 ALLOWED_HOSTS = [ '*' ]

@ -226,6 +229,12 @@ if os.path.isdir(SETTINGS_DIR):
    settings_files = os.path.join(SETTINGS_DIR, '*.py')
    include(optional(settings_files))

+#
+# Settings to reset to prevent user from over-riding
+#
+AUTHENTICATION_BACKENDS = (
+    'django.contrib.auth.backends.ModelBackend',
+)

 if DEBUG:
    INSTALLED_APPS += [
@ -245,3 +254,22 @@ if DEBUG:
        'information.apps.InformationConfig',
        'project_management.apps.ProjectManagementConfig',
    ]
+
+
+if SSO_ENABLED:
+
+    AUTHENTICATION_BACKENDS += (
+        *SSO_BACKENDS,
+    )
+
+    SOCIAL_AUTH_PIPELINE = (
+        'social_core.pipeline.social_auth.social_details',
+        'social_core.pipeline.social_auth.social_uid',
+        'social_core.pipeline.social_auth.social_user',
+        'social_core.pipeline.user.get_username',
+        'social_core.pipeline.social_auth.associate_by_email',
+        'social_core.pipeline.user.create_user',
+        'social_core.pipeline.social_auth.associate_user',
+        'social_core.pipeline.social_auth.load_extra_data',
+        'social_core.pipeline.user.user_details',
+    )
--- a/app/app/urls.py
+++ b/app/app/urls.py
@ -43,9 +43,18 @@ urlpatterns = [
    path("config_management/", include("config_management.urls")),

    path("history/<str:model_name>/<int:model_pk>", history.View.as_view(), name='_history'),
-    re_path(r'^static/(?P<path>.*)$', serve,{'document_root': settings.STATIC_ROOT})
+    re_path(r'^static/(?P<path>.*)$', serve,{'document_root': settings.STATIC_ROOT}),
+
 ]

+
+if settings.SSO_ENABLED:
+
+    urlpatterns += [
+        path('sso/', include('social_django.urls', namespace='social'))
+    ]
+
+
 if settings.API_ENABLED:
    urlpatterns += [

@ -54,6 +63,7 @@ if settings.API_ENABLED:
        path('api/swagger/', SpectacularSwaggerView.as_view(url_name='schema'), name='swagger-ui'),
    ]

+
 if settings.DEBUG:

    urlpatterns += [
--- a/app/templates/registration/login.html
+++ b/app/templates/registration/login.html
@ -22,6 +22,11 @@
                <fieldset style="border: none; display: unset; width: 100%; padding: 0px; margin: 0px;"><label for="id_username" style="background-color: inherit; width: 100%; display: block; padding-top: 30px; text-align: left;" >User Name</label><input name="username" autofocus autocapitalize="none" autocomplete="username" maxlength="150" required id="id_username" style="color: inherit; border-radius: 5px; background-color: #393f44; border: none; border-bottom: 1px solid #999; font-size: inherit; width: 100%; line-height: inherit;" type="text" /></fieldset>
                <fieldset style="border: none; display: unset; width: 100%; padding: 0px; margin: 0px;"><label for="id_password" style="background-color: inherit; width: 100%; display: block; padding-top: 30px; text-align: left;">Password</label><input name="password" autocomplete="current-password" required id="id_password" style="color: inherit; border-radius: 5px; background-color: #393f44; border: none; border-bottom: 1px solid #999; font-size: inherit; width: 100%; line-height: inherit;" type="password" /></fieldset>
                <button style="border-radius: 5px; background-color: #4CAF50; border: none; display: unset; width: 100%; padding: 0px; margin: 0px; margin-top: 30px; font-size: inherit; height: 35px;;" type="submit">Login</button>
+                {% for backend in social_backends %}
+                <span style="padding: 5px; margin: 10px; background-color: aqua; display: inline-block; width: auto;">
+                    <a href="/sso/login/{{ backend }}/">{{ backend }}</a>
+                </span>
+                {% endfor %}
            </form>
        </div>