diff options
| author |   Sawyer Bergeron <sbergeron@iol.unh.edu> | 2020-06-23 20:58:14 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <gerrit@opnfv.org> | 2020-06-23 20:58:14 +0000 |
| commit | 6a41bf4f6f0b84e84293b7f2649ba60a9c78818f (patch) | |
| tree | a8169386aca6e64ceb4e0f13895618be55b146e8 | |
| parent | 3bd27e99960c16c0a9bcab1533b1e6f15b0c9d9e (diff) | |
| parent | 596664b37c17b31f2b5faa0d5144e4317179e0ba (diff) | |
Merge "Enable OpenID"
| -rw-r--r-- | config.env.sample | 8 | ||||
| -rw-r--r-- | requirements.txt | 1 | ||||
| -rw-r--r-- | src/account/views.py | 15 | ||||
| -rw-r--r-- | src/laas_dashboard/settings.py | 17 | ||||
| -rw-r--r-- | src/laas_dashboard/urls.py | 3 | ||||
| -rw-r--r-- | src/templates/akraino/base.html | 20 | ||||
| -rw-r--r-- | src/templates/akraino/dashboard/landing.html | 7 | ||||
| -rw-r--r-- | src/templates/base/base.html | 2 | ||||
| -rw-r--r-- | src/templates/base/dashboard/landing.html | 2 |
9 files changed, 73 insertions, 2 deletions
diff --git a/config.env.sample b/config.env.sample index fadf0ed..137ecb0 100644 --- a/config.env.sample +++ b/config.env.sample @@ -35,6 +35,14 @@ JIRA_URL=sample_url JIRA_USER_NAME=sample_jira_user JIRA_USER_PASSWORD=sample_jira_pass +# LFID +OIDC_CLIENT_ID=sample_id +OIDC_CLIENT_SECRET=sample_secret + +OIDC_AUTHORIZATION_ENDPOINT=https://linuxfoundation-test.auth0.com/authorize +OIDC_TOKEN_ENDPOINT=https://linuxfoundation-test.auth0.com/oauth/token +OIDC_USER_ENDPOINT=https://linuxfoundation-test.auth0.com/userinfo + # Rabbitmq RABBITMQ_DEFAULT_USER=opnfv RABBITMQ_DEFAULT_PASS=opnfvopnfv diff --git a/requirements.txt b/requirements.txt index 7e2fbd1..b34dd1e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -15,3 +15,4 @@ requests==2.22.0 django-fernet-fields==0.6 pyyaml==3.13 pytz==2018.5 +mozilla-django-oidc==1.2.3 diff --git a/src/account/views.py b/src/account/views.py index 1cb2275..912a432 100644 --- a/src/account/views.py +++ b/src/account/views.py @@ -28,6 +28,7 @@ from django.views.generic import RedirectView, TemplateView, UpdateView from django.shortcuts import render from jira import JIRA from rest_framework.authtoken.models import Token +from mozilla_django_oidc.auth import OIDCAuthenticationBackend from account.forms import AccountSettingsForm @@ -58,6 +59,20 @@ class AccountSettingsView(UpdateView): return context +class MyOIDCAB(OIDCAuthenticationBackend): + def filter_users_by_claims(self, claims): + email = claims.get(email=email) + if not email: + return self.UserModel.objects.none() + + try: + profile = Profile.objects.get(email=email) + return profile.user + + except Profile.DoesNotExist: + return self.UserModel.objects.none() + + class JiraLoginView(RedirectView): def get_redirect_url(self, *args, **kwargs): consumer = oauth.Consumer(settings.OAUTH_CONSUMER_KEY, settings.OAUTH_CONSUMER_SECRET) diff --git a/src/laas_dashboard/settings.py b/src/laas_dashboard/settings.py index 62fc9ec..0b23960 100644 --- a/src/laas_dashboard/settings.py +++ b/src/laas_dashboard/settings.py @@ -30,6 +30,7 @@ INSTALLED_APPS = [ 'api', 'django.contrib.admin', 'django.contrib.auth', + 'mozilla_django_oidc', # needs to be defined after auth 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', @@ -37,7 +38,7 @@ INSTALLED_APPS = [ 'django.contrib.humanize', 'bootstrap4', 'rest_framework', - 'rest_framework.authtoken' + 'rest_framework.authtoken', ] MIDDLEWARE = [ @@ -51,6 +52,20 @@ MIDDLEWARE = [ 'account.middleware.TimezoneMiddleware', ] +AUTHENTICATION_BACKENDS = ['account.views.MyOIDCAB'] + + +# OpenID Authentications +OIDC_RP_CLIENT_ID = os.environ['OIDC_CLIENT_ID'] +OIDC_RP_CLIENT_SECRET = os.environ['OIDC_CLIENT_SECRET'] + +OIDC_OP_AUTHORIZATION_ENDPOINT = os.environ['OIDC_AUTHORIZATION_ENDPOINT'] +OIDC_OP_TOKEN_ENDPOINT = os.environ['OIDC_TOKEN_ENDPOINT'] +OIDC_OP_USER_ENDPOINT = os.environ['OIDC_USER_ENDPOINT'] + +LOGIN_REDIRECT_URL = os.environ['DASHBOARD_URL'] +LOGOUT_REDIRECT_URL = os.environ['DASHBOARD_URL'] + ROOT_URLCONF = 'laas_dashboard.urls' TEMPLATE_OVERRIDE = os.environ.get("TEMPLATE_OVERRIDE_DIR", "") # the user's custom template dir diff --git a/src/laas_dashboard/urls.py b/src/laas_dashboard/urls.py index 17cbe84..7a37d7e 100644 --- a/src/laas_dashboard/urls.py +++ b/src/laas_dashboard/urls.py @@ -41,7 +41,8 @@ urlpatterns = [ url(r'^admin/', admin.site.urls), url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')), url(r'^api/', include('api.urls')), - url(r'^messages/', include('notifier.urls', namespace='notifier')) + url(r'^messages/', include('notifier.urls', namespace='notifier')), + url(r'^oidc/', include('mozilla_django_oidc.urls')), ] if settings.DEBUG is True: diff --git a/src/templates/akraino/base.html b/src/templates/akraino/base.html index 1368476..b93dcd2 100644 --- a/src/templates/akraino/base.html +++ b/src/templates/akraino/base.html @@ -22,3 +22,23 @@ {% endblock logo %} {% block dropDown %} {% endblock dropDown %} + +{% block login %} + <div class="dropdown-menu dropdown-menu-right"> + {% if user.is_authenticated %} + <a href="{% url 'account:settings' %}" class="text-dark dropdown-item"> + <i class="fas fa-cog"></i> + Settings + </a> + <a href="{% url 'oidc_logout' %}" class="text-dark dropdown-item"> + <i class="fas fa-sign-out-alt"></i> + Logout + </a> + {% else %} + <a href="{% url 'oidc_authentication_init' %}" class="text-dark dropdown-item"> + <i class="fas fa-sign-in-alt"></i> + Login with LFID + </a> + {% endif %} + </div> +{% endblock login %}
\ No newline at end of file diff --git a/src/templates/akraino/dashboard/landing.html b/src/templates/akraino/dashboard/landing.html index d7f434b..39eebb6 100644 --- a/src/templates/akraino/dashboard/landing.html +++ b/src/templates/akraino/dashboard/landing.html @@ -18,5 +18,12 @@ <p>To get started, book a pod below:</p> <a class="btn btnAkr btn-lg d-flex flex-column justify-content-center align-content-center border text-white p-4" href="/booking/quick/">Book a Pod</a> {% endblock btnGrp %} + +{% block biglogin %} +<h4 class="text-center"> + To get started, please log in with <a href="{% url 'oidc_authentication_init' %}"> Linux Foundation ID</a> +</h4> +{% endblock biglogin %} + {% block returningUsers %} {% endblock returningUsers %} diff --git a/src/templates/base/base.html b/src/templates/base/base.html index cc6d38d..f86cff8 100644 --- a/src/templates/base/base.html +++ b/src/templates/base/base.html @@ -44,6 +44,7 @@ {% endif %} <i class="fas fa-caret-down rotate"></i> </a> + {% block login %} <div class="dropdown-menu dropdown-menu-right"> {% if user.is_authenticated %} <a href="{% url 'account:settings' %}" class="text-dark dropdown-item"> @@ -61,6 +62,7 @@ </a> {% endif %} </div> + {% endblock login %} </li> </ul> </div> diff --git a/src/templates/base/dashboard/landing.html b/src/templates/base/dashboard/landing.html index dd09dc4..c46b0fa 100644 --- a/src/templates/base/dashboard/landing.html +++ b/src/templates/base/dashboard/landing.html @@ -28,9 +28,11 @@ <div class="col-12 col-lg-6 mb-4"> <h2 class="border-bottom">Get Started</h2> {% if request.user.is_anonymous %} + {% block biglogin %} <h4 class="text-center"> To get started, please log in with your <a href="/accounts/login">Linux Foundation Jira account</a> </h4> + {% endblock biglogin %} {% else %} {% block btnGrp %} <p>To get started, book a server below:</p> |