From 596664b37c17b31f2b5faa0d5144e4317179e0ba Mon Sep 17 00:00:00 2001 From: ssmith Date: Thu, 18 Jun 2020 18:30:39 -0400 Subject: Enable OpenID Signed-off-by: Sean Smith Change-Id: I4397976dbafce1d9d1cccc52f0e705891e59153a --- config.env.sample | 8 ++++++++ requirements.txt | 1 + src/account/views.py | 15 +++++++++++++++ src/laas_dashboard/settings.py | 17 ++++++++++++++++- src/laas_dashboard/urls.py | 3 ++- src/templates/akraino/base.html | 20 ++++++++++++++++++++ src/templates/akraino/dashboard/landing.html | 7 +++++++ src/templates/base/base.html | 2 ++ src/templates/base/dashboard/landing.html | 2 ++ 9 files changed, 73 insertions(+), 2 deletions(-) diff --git a/config.env.sample b/config.env.sample index fadf0ed..137ecb0 100644 --- a/config.env.sample +++ b/config.env.sample @@ -35,6 +35,14 @@ JIRA_URL=sample_url JIRA_USER_NAME=sample_jira_user JIRA_USER_PASSWORD=sample_jira_pass +# LFID +OIDC_CLIENT_ID=sample_id +OIDC_CLIENT_SECRET=sample_secret + +OIDC_AUTHORIZATION_ENDPOINT=https://linuxfoundation-test.auth0.com/authorize +OIDC_TOKEN_ENDPOINT=https://linuxfoundation-test.auth0.com/oauth/token +OIDC_USER_ENDPOINT=https://linuxfoundation-test.auth0.com/userinfo + # Rabbitmq RABBITMQ_DEFAULT_USER=opnfv RABBITMQ_DEFAULT_PASS=opnfvopnfv diff --git a/requirements.txt b/requirements.txt index 7e2fbd1..b34dd1e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -15,3 +15,4 @@ requests==2.22.0 django-fernet-fields==0.6 pyyaml==3.13 pytz==2018.5 +mozilla-django-oidc==1.2.3 diff --git a/src/account/views.py b/src/account/views.py index d1cc813..f883338 100644 --- a/src/account/views.py +++ b/src/account/views.py @@ -28,6 +28,7 @@ from django.views.generic import RedirectView, TemplateView, UpdateView from django.shortcuts import render from jira import JIRA from rest_framework.authtoken.models import Token +from mozilla_django_oidc.auth import OIDCAuthenticationBackend from account.forms import AccountSettingsForm @@ -58,6 +59,20 @@ class AccountSettingsView(UpdateView): return context +class MyOIDCAB(OIDCAuthenticationBackend): + def filter_users_by_claims(self, claims): + email = claims.get(email=email) + if not email: + return self.UserModel.objects.none() + + try: + profile = Profile.objects.get(email=email) + return profile.user + + except Profile.DoesNotExist: + return self.UserModel.objects.none() + + class JiraLoginView(RedirectView): def get_redirect_url(self, *args, **kwargs): consumer = oauth.Consumer(settings.OAUTH_CONSUMER_KEY, settings.OAUTH_CONSUMER_SECRET) diff --git a/src/laas_dashboard/settings.py b/src/laas_dashboard/settings.py index 62fc9ec..0b23960 100644 --- a/src/laas_dashboard/settings.py +++ b/src/laas_dashboard/settings.py @@ -30,6 +30,7 @@ INSTALLED_APPS = [ 'api', 'django.contrib.admin', 'django.contrib.auth', + 'mozilla_django_oidc', # needs to be defined after auth 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', @@ -37,7 +38,7 @@ INSTALLED_APPS = [ 'django.contrib.humanize', 'bootstrap4', 'rest_framework', - 'rest_framework.authtoken' + 'rest_framework.authtoken', ] MIDDLEWARE = [ @@ -51,6 +52,20 @@ MIDDLEWARE = [ 'account.middleware.TimezoneMiddleware', ] +AUTHENTICATION_BACKENDS = ['account.views.MyOIDCAB'] + + +# OpenID Authentications +OIDC_RP_CLIENT_ID = os.environ['OIDC_CLIENT_ID'] +OIDC_RP_CLIENT_SECRET = os.environ['OIDC_CLIENT_SECRET'] + +OIDC_OP_AUTHORIZATION_ENDPOINT = os.environ['OIDC_AUTHORIZATION_ENDPOINT'] +OIDC_OP_TOKEN_ENDPOINT = os.environ['OIDC_TOKEN_ENDPOINT'] +OIDC_OP_USER_ENDPOINT = os.environ['OIDC_USER_ENDPOINT'] + +LOGIN_REDIRECT_URL = os.environ['DASHBOARD_URL'] +LOGOUT_REDIRECT_URL = os.environ['DASHBOARD_URL'] + ROOT_URLCONF = 'laas_dashboard.urls' TEMPLATE_OVERRIDE = os.environ.get("TEMPLATE_OVERRIDE_DIR", "") # the user's custom template dir diff --git a/src/laas_dashboard/urls.py b/src/laas_dashboard/urls.py index 17cbe84..7a37d7e 100644 --- a/src/laas_dashboard/urls.py +++ b/src/laas_dashboard/urls.py @@ -41,7 +41,8 @@ urlpatterns = [ url(r'^admin/', admin.site.urls), url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')), url(r'^api/', include('api.urls')), - url(r'^messages/', include('notifier.urls', namespace='notifier')) + url(r'^messages/', include('notifier.urls', namespace='notifier')), + url(r'^oidc/', include('mozilla_django_oidc.urls')), ] if settings.DEBUG is True: diff --git a/src/templates/akraino/base.html b/src/templates/akraino/base.html index 1368476..b93dcd2 100644 --- a/src/templates/akraino/base.html +++ b/src/templates/akraino/base.html @@ -22,3 +22,23 @@ {% endblock logo %} {% block dropDown %} {% endblock dropDown %} + +{% block login %} + +{% endblock login %} \ No newline at end of file diff --git a/src/templates/akraino/dashboard/landing.html b/src/templates/akraino/dashboard/landing.html index d7f434b..39eebb6 100644 --- a/src/templates/akraino/dashboard/landing.html +++ b/src/templates/akraino/dashboard/landing.html @@ -18,5 +18,12 @@

To get started, book a pod below:

Book a Pod {% endblock btnGrp %} + +{% block biglogin %} +

+ To get started, please log in with Linux Foundation ID +

+{% endblock biglogin %} + {% block returningUsers %} {% endblock returningUsers %} diff --git a/src/templates/base/base.html b/src/templates/base/base.html index cc6d38d..f86cff8 100644 --- a/src/templates/base/base.html +++ b/src/templates/base/base.html @@ -44,6 +44,7 @@ {% endif %} + {% block login %} + {% endblock login %} diff --git a/src/templates/base/dashboard/landing.html b/src/templates/base/dashboard/landing.html index dd09dc4..c46b0fa 100644 --- a/src/templates/base/dashboard/landing.html +++ b/src/templates/base/dashboard/landing.html @@ -28,9 +28,11 @@

Get Started

{% if request.user.is_anonymous %} + {% block biglogin %}

To get started, please log in with your Linux Foundation Jira account

+ {% endblock biglogin %} {% else %} {% block btnGrp %}

To get started, book a server below:

-- cgit 1.2.3-korg