Skip to content
Snippets Groups Projects
Commit 64119113 authored by jan.bednarik's avatar jan.bednarik
Browse files

Pirati auth with Keycloak

parent 34aae0a2
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
helios_auth/auth_systems/__init__.py
+ 2
2
View file @ 64119113
from django.conf import settings from django.conf import settings
from . import password, twitter, linkedin, cas, facebook, google, yahoo, clever from . import password, twitter, linkedin, cas, facebook, google, yahoo, clever, pirati
AUTH_SYSTEMS = {} AUTH_SYSTEMS = {}
...@@ -10,8 +10,8 @@ AUTH_SYSTEMS['cas'] = cas ...@@ -10,8 +10,8 @@ AUTH_SYSTEMS['cas'] = cas
AUTH_SYSTEMS['facebook'] = facebook AUTH_SYSTEMS['facebook'] = facebook
AUTH_SYSTEMS['google'] = google AUTH_SYSTEMS['google'] = google
AUTH_SYSTEMS['yahoo'] = yahoo AUTH_SYSTEMS['yahoo'] = yahoo
# AUTH_SYSTEMS['pirateid'] = pirateid
AUTH_SYSTEMS['clever'] = clever AUTH_SYSTEMS['clever'] = clever
AUTH_SYSTEMS['pirati'] = pirati
# not ready # not ready
#import live #import live
......
helios_auth/auth_systems/pirati.py 0 → 100644
+ 148
0
View file @ 64119113
"""
Pirati Authentication
"""
from django.http import *
from django.core.mail import send_mail
from django.conf import settings
from urllib.request import urlopen
from requests_oauthlib import OAuth2Session
import json
# some parameters to indicate that status updating is not possible
STATUS_UPDATES = False
# display tweaks
LOGIN_MESSAGE = "Přihlásit se pirátskou identitou"
PIRATI_ENDPOINT_URL = f"{settings.PIRATI_REALM_URL}/protocol/openid-connect/auth"
PIRATI_TOKEN_URL = f"{settings.PIRATI_REALM_URL}/protocol/openid-connect/token"
PIRATI_USERINFO_URL = f"{settings.PIRATI_REALM_URL}/protocol/openid-connect/userinfo"
def get_auth_url(request, redirect_url):
request.session["pirate_redirect_url"] = redirect_url
oauth = OAuth2Session(settings.PIRATI_CLIENT_ID, redirect_uri=redirect_url)
url, state = oauth.authorization_url(PIRATI_ENDPOINT_URL)
return url
def get_user_info_after_auth(request):
oauth = OAuth2Session(
settings.PIRATI_CLIENT_ID, redirect_uri=request.session["pirate_redirect_url"]
)
token = oauth.fetch_token(
PIRATI_TOKEN_URL,
client_secret=settings.PIRATI_CLIENT_SECRET,
code=request.GET["code"],
)
response = oauth.get(PIRATI_USERINFO_URL)
data = response.json()
return {
"type": "pirati",
"user_id": data["preferred_username"],
"name": data["name"],
"info": {"email": data["email"]},
"token": {},
}
def do_logout(user):
"""
logout of Pirate
"""
return None
def update_status(token, message):
"""
simple update
"""
pass
def send_message(user_id, user_name, user_info, subject, body):
"""
send email to pirate user, user_id is combined with the domain to get the email.
"""
send_mail(
subject,
body,
settings.SERVER_EMAIL,
["%s <%s@pirati.cz>" % (user_name, user_id)],
fail_silently=False,
)
def generate_constraint(category_id, user):
return category_id
def eligibility_category_id(constraint):
return constraint
def check_constraint(constraint, user):
"""
for eligibility
"""
userinfo = json.load(urlopen("https://graph.pirati.cz/user/" + user.user_id))
id = userinfo["id"]
usergroups = json.load(urlopen("https://graph.pirati.cz/" + id + "/groups"))
for usergroup in usergroups:
if usergroup["id"] == constraint:
return True
return False
def can_list_categories():
"""
yep, we can
"""
return True
def list_categories(user):
"""
list groups from the graph api
"""
groups = json.load(urlopen("https://graph.pirati.cz/groups"))
groups.sort(key=lambda k: k["username"].lower())
return [{"id": group["id"], "name": group["username"]} for group in groups]
def can_list_category_members():
return True
def list_category_members(category_id):
members = json.load(urlopen("https://graph.pirati.cz/" + category_id + "/members"))
users = []
for member in members:
users.append(
{
"type": "pirati",
"id": member["username"],
"name": member["username"],
"info": {"email": member["email"]},
"token": {},
}
)
return users
def pretty_eligibility(constraint):
group = json.load(urlopen("https://graph.pirati.cz/" + constraint))
return 'Pirate users in "%s" group' % group["username"]
#
# Election Creation
#
def can_create_election(user_id, user_info):
return True
helios_auth/media/login-icons/pirati.png 0 → 100755
+ 0
0
View file @ 64119113
helios_auth/media/login-icons/pirati.png

6.33 KiB

requirements.txt
+ 2
0
View file @ 64119113
...@@ -20,3 +20,5 @@ boto==2.49.0 ...@@ -20,3 +20,5 @@ boto==2.49.0
django-ses==0.8.14 django-ses==0.8.14
oauth2client==4.1.3 oauth2client==4.1.3
rollbar==0.14.7 rollbar==0.14.7
requests-oauthlib==1.3.0
settings.py
+ 10
5
View file @ 64119113
...@@ -46,7 +46,7 @@ DATABASES = { ...@@ -46,7 +46,7 @@ DATABASES = {
# override if we have an env variable # override if we have an env variable
if get_from_env('DATABASE_URL', None): if get_from_env('DATABASE_URL', None):
import dj_database_url import dj_database_url
DATABASES['default'] = dj_database_url.config(conn_max_age=600, ssl_require=True) DATABASES['default'] = dj_database_url.config(conn_max_age=600)
DATABASES['default']['ENGINE'] = 'django.db.backends.postgresql_psycopg2' DATABASES['default']['ENGINE'] = 'django.db.backends.postgresql_psycopg2'
# Local time zone for this installation. Choices can be found here: # Local time zone for this installation. Choices can be found here:
...@@ -54,11 +54,11 @@ if get_from_env('DATABASE_URL', None): ...@@ -54,11 +54,11 @@ if get_from_env('DATABASE_URL', None):
# although not all choices may be available on all operating systems. # although not all choices may be available on all operating systems.
# If running in a Windows environment this must be set to the same as your # If running in a Windows environment this must be set to the same as your
# system time zone. # system time zone.
TIME_ZONE = 'America/Los_Angeles' TIME_ZONE = 'Europe/Prague'
# Language code for this installation. All choices can be found here: # Language code for this installation. All choices can be found here:
# http://www.i18nguy.com/unicode/language-identifiers.html # http://www.i18nguy.com/unicode/language-identifiers.html
LANGUAGE_CODE = 'en-us' LANGUAGE_CODE = 'cs-cz'
SITE_ID = 1 SITE_ID = 1
...@@ -210,9 +210,9 @@ HELIOS_PRIVATE_DEFAULT = False ...@@ -210,9 +210,9 @@ HELIOS_PRIVATE_DEFAULT = False
# authentication systems enabled # authentication systems enabled
# AUTH_ENABLED_SYSTEMS = ['password','facebook','twitter', 'google', 'yahoo'] # AUTH_ENABLED_SYSTEMS = ['password','facebook','twitter', 'google', 'yahoo']
AUTH_ENABLED_SYSTEMS = get_from_env('AUTH_ENABLED_SYSTEMS', AUTH_ENABLED_SYSTEMS = get_from_env('AUTH_ENABLED_SYSTEMS',
get_from_env('AUTH_ENABLED_AUTH_SYSTEMS', 'password,google,facebook') get_from_env('AUTH_ENABLED_AUTH_SYSTEMS', 'pirati')
).split(",") ).split(",")
AUTH_DEFAULT_SYSTEM = get_from_env('AUTH_DEFAULT_SYSTEM', get_from_env('AUTH_DEFAULT_AUTH_SYSTEM', None)) AUTH_DEFAULT_SYSTEM = get_from_env('AUTH_DEFAULT_SYSTEM', get_from_env('AUTH_DEFAULT_AUTH_SYSTEM', 'pirati'))
# google # google
GOOGLE_CLIENT_ID = get_from_env('GOOGLE_CLIENT_ID', '') GOOGLE_CLIENT_ID = get_from_env('GOOGLE_CLIENT_ID', '')
...@@ -282,3 +282,8 @@ if ROLLBAR_ACCESS_TOKEN: ...@@ -282,3 +282,8 @@ if ROLLBAR_ACCESS_TOKEN:
'access_token': ROLLBAR_ACCESS_TOKEN, 'access_token': ROLLBAR_ACCESS_TOKEN,
'environment': 'development' if DEBUG else 'production', 'environment': 'development' if DEBUG else 'production',
} }
# auth setup
PIRATI_REALM_URL = get_from_env('PIRATI_REALM_URL', '')
PIRATI_CLIENT_ID = get_from_env('PIRATI_CLIENT_ID', '')
PIRATI_CLIENT_SECRET = get_from_env('PIRATI_CLIENT_SECRET', '')
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

Pirátský GitLab - Home of the CopyLeft