feat(auth): Use allauth and setup dev login
This commit is contained in:
parent
411a3664ec
commit
f69c69e73e
15 changed files with 208 additions and 36 deletions
1
.credentials/KANIDM_SECRET
Normal file
1
.credentials/KANIDM_SECRET
Normal file
|
@ -0,0 +1 @@
|
||||||
|
MpWq4pgWKhVZDFve1Acy4DvjBrCSBe1Q4y2VUfYUSFXBfP9G
|
|
@ -60,6 +60,7 @@ in
|
||||||
CREDENTIALS_DIRECTORY = builtins.toString ./.credentials;
|
CREDENTIALS_DIRECTORY = builtins.toString ./.credentials;
|
||||||
DGSI_DEBUG = "true";
|
DGSI_DEBUG = "true";
|
||||||
DGSI_STATIC_ROOT = builtins.toString ./.static;
|
DGSI_STATIC_ROOT = builtins.toString ./.static;
|
||||||
|
DGSI_KANIDM_CLIENT = "dgsi_test";
|
||||||
};
|
};
|
||||||
|
|
||||||
shellHook = ''
|
shellHook = ''
|
||||||
|
|
|
@ -33,6 +33,12 @@ INSTALLED_APPS = [
|
||||||
"shared.staticfiles.StaticFilesApp", # Overrides the default staticfiles app to filter out the sccs sources
|
"shared.staticfiles.StaticFilesApp", # Overrides the default staticfiles app to filter out the sccs sources
|
||||||
"sass_processor",
|
"sass_processor",
|
||||||
"bulma",
|
"bulma",
|
||||||
|
# Authentication
|
||||||
|
"allauth",
|
||||||
|
"allauth.account",
|
||||||
|
"allauth.socialaccount",
|
||||||
|
"allauth.socialaccount.providers.openid_connect",
|
||||||
|
# Main app
|
||||||
"dgsi",
|
"dgsi",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
@ -47,6 +53,7 @@ MIDDLEWARE = [
|
||||||
"django.contrib.auth.middleware.AuthenticationMiddleware",
|
"django.contrib.auth.middleware.AuthenticationMiddleware",
|
||||||
"django.contrib.messages.middleware.MessageMiddleware",
|
"django.contrib.messages.middleware.MessageMiddleware",
|
||||||
"django.middleware.clickjacking.XFrameOptionsMiddleware",
|
"django.middleware.clickjacking.XFrameOptionsMiddleware",
|
||||||
|
"allauth.account.middleware.AccountMiddleware",
|
||||||
]
|
]
|
||||||
|
|
||||||
###
|
###
|
||||||
|
@ -96,8 +103,31 @@ DATABASES = {
|
||||||
|
|
||||||
|
|
||||||
###
|
###
|
||||||
|
# Authentication configuration
|
||||||
# Disable password validation, no authentication should use local passwords
|
# Disable password validation, no authentication should use local passwords
|
||||||
|
|
||||||
|
AUTHENTICATION_BACKENDS = [
|
||||||
|
"allauth.account.auth_backends.AuthenticationBackend",
|
||||||
|
]
|
||||||
|
|
||||||
|
SOCIALACCOUNT_ONLY = True
|
||||||
|
SOCIALACCOUNT_PROVIDERS = {
|
||||||
|
"openid_connect": {
|
||||||
|
"OAUTH_PKCE_ENABLED": True,
|
||||||
|
"APPS": [
|
||||||
|
{
|
||||||
|
"provider_id": "kanidm",
|
||||||
|
"name": "DGNum",
|
||||||
|
"client_id": credentials["KANIDM_CLIENT"],
|
||||||
|
"secret": credentials["KANIDM_SECRET"],
|
||||||
|
"settings": {
|
||||||
|
"server_url": f"https://sso.dgnum.eu/oauth2/openid/{credentials['KANIDM_CLIENT']}",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
],
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
AUTH_PASSWORD_VALIDATORS = []
|
AUTH_PASSWORD_VALIDATORS = []
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -22,7 +22,9 @@ from django.views.generic import TemplateView
|
||||||
|
|
||||||
urlpatterns = [
|
urlpatterns = [
|
||||||
path("", TemplateView.as_view(template_name="home.html"), name="index"),
|
path("", TemplateView.as_view(template_name="home.html"), name="index"),
|
||||||
|
path("login", TemplateView.as_view(template_name="login.html"), name="login"),
|
||||||
path("", include("dgsi.urls")),
|
path("", include("dgsi.urls")),
|
||||||
|
path("accounts/", include("allauth.urls")),
|
||||||
]
|
]
|
||||||
|
|
||||||
if settings.DEBUG:
|
if settings.DEBUG:
|
||||||
|
|
6
src/shared/templates/_footer.html
Normal file
6
src/shared/templates/_footer.html
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
{% load django_browser_reload %}
|
||||||
|
|
||||||
|
<footer class="footer has-text-centered">
|
||||||
|
<b>Logiciel développé pour et par la <a href="https://dgnum.eu">DGNum</a>.</b>
|
||||||
|
{% django_browser_reload_script %}
|
||||||
|
</footer>
|
26
src/shared/templates/_hero.html
Normal file
26
src/shared/templates/_hero.html
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
{% load i18n %}
|
||||||
|
|
||||||
|
<section class="hero is-dark is-primary">
|
||||||
|
<div class="hero-body">
|
||||||
|
<div class="container">
|
||||||
|
<div class="grid">
|
||||||
|
<div class="cell">
|
||||||
|
<h1 class="title">
|
||||||
|
<a href="{% url 'index' %}" class="has-text-dark">Dossier Général des Services Informagiques</a>
|
||||||
|
</h1>
|
||||||
|
<h2 class="subtitle">Système d'information de la DGNum</h2>
|
||||||
|
</div>
|
||||||
|
<div class="cell">
|
||||||
|
<a href="{% url 'login' %}" class="button is-light is-pulled-right">
|
||||||
|
<span>
|
||||||
|
<span>{% trans "Connexion" %}</span>
|
||||||
|
<span class="icon">
|
||||||
|
<i class="ti ti-login"></i>
|
||||||
|
</span>
|
||||||
|
</span>
|
||||||
|
</a>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</section>
|
12
src/shared/templates/_links.html
Normal file
12
src/shared/templates/_links.html
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
{% load sass_tags static %}
|
||||||
|
|
||||||
|
<!-- Icons -->
|
||||||
|
<link href="{% static 'favicon.ico' %}" rel="icon" />
|
||||||
|
<link href="{% static 'apple-touch-icon.png' %}" rel="apple-touch-icon" />
|
||||||
|
<link rel="icon" type="image/png" href="{% static 'favicon-16x16.png' %}" sizes="16x16" />
|
||||||
|
<link rel="icon" type="image/png" href="{% static 'favicon-32x32.png' %}" sizes="32x32" />
|
||||||
|
<link rel="icon" type="image/png" href="{% static 'android-chrome-192x192.png' %}" sizes="192x192" />
|
||||||
|
|
||||||
|
<!-- CSS -->
|
||||||
|
<link href="{% sass_src 'bulma/bulma.scss' %}" rel="stylesheet" type="text/css" />
|
||||||
|
<link href="{% static 'tabler-icons/tabler-icons.min.css' %}" rel="stylesheet" type="text/css" />
|
13
src/shared/templates/allauth/elements/button.html
Normal file
13
src/shared/templates/allauth/elements/button.html
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
{% load allauth %}
|
||||||
|
{% comment %} djlint:off {% endcomment %}
|
||||||
|
<{% if attrs.href %}a href="{{ attrs.href }}"{% else %}button{% endif %}
|
||||||
|
{% if attrs.form %}form="{{ attrs.form }}"{% endif %}
|
||||||
|
{% if attrs.id %}id="{{ attrs.id }}"{% endif %}
|
||||||
|
{% if attrs.name %}name="{{ attrs.name }}"{% endif %}
|
||||||
|
{% if attrs.value %}value="{{ attrs.value }}"{% endif %}
|
||||||
|
{% if attrs.type %}type="{{ attrs.type }}"{% endif %}
|
||||||
|
class="button is-fullwidth"
|
||||||
|
>
|
||||||
|
{% slot %}
|
||||||
|
{% endslot %}
|
||||||
|
</{% if attrs.href %}a{% else %}button{% endif %}>
|
1
src/shared/templates/allauth/elements/fields.html
Normal file
1
src/shared/templates/allauth/elements/fields.html
Normal file
|
@ -0,0 +1 @@
|
||||||
|
{% include "bulma/form.html" with form=attrs.form %}
|
1
src/shared/templates/allauth/elements/provider.html
Normal file
1
src/shared/templates/allauth/elements/provider.html
Normal file
|
@ -0,0 +1 @@
|
||||||
|
<a class="cell button is-primary is-light" title="{{ attrs.name }}" href="{{ attrs.href }}">{{ attrs.name }}</a>
|
6
src/shared/templates/allauth/elements/provider_list.html
Normal file
6
src/shared/templates/allauth/elements/provider_list.html
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
{% load allauth %}
|
||||||
|
|
||||||
|
<div class="grid mt-5">
|
||||||
|
{% slot default %}
|
||||||
|
{% endslot %}
|
||||||
|
</div>
|
77
src/shared/templates/allauth/layouts/base.html
Normal file
77
src/shared/templates/allauth/layouts/base.html
Normal file
|
@ -0,0 +1,77 @@
|
||||||
|
{% load django_browser_reload i18n sass_tags static %}
|
||||||
|
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="fr">
|
||||||
|
<head>
|
||||||
|
<meta charset="UTF-8" />
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
||||||
|
<meta name="keywords" content="dgnum,dgsi,ens" />
|
||||||
|
<meta name="description" content="Système d'information de la DGNum" />
|
||||||
|
<title>DGNum</title>
|
||||||
|
|
||||||
|
{% include "_links.html" %}
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
{% include "_hero.html" %}
|
||||||
|
|
||||||
|
<section class="section container">
|
||||||
|
<nav class="level">
|
||||||
|
{% if user.is_authenticated %}
|
||||||
|
{% url 'account_email' as email_url %}
|
||||||
|
{% if email_url %}
|
||||||
|
<li class="level-item button is-light">
|
||||||
|
<a href="{{ email_url }}">{% trans "Change Email" %}</a>
|
||||||
|
</li>
|
||||||
|
{% endif %}
|
||||||
|
{% url 'account_change_password' as change_password_url %}
|
||||||
|
{% if change_password_url %}
|
||||||
|
<li class="level-item button is-light">
|
||||||
|
<a href="{{ change_password_url }}">{% trans "Change Password" %}</a>
|
||||||
|
</li>
|
||||||
|
{% endif %}
|
||||||
|
{% url 'mfa_index' as mfa_url %}
|
||||||
|
{% if mfa_url %}
|
||||||
|
<li class="level-item button is-light">
|
||||||
|
<a href="{{ mfa_url }}">{% trans "Two-Factor Authentication" %}</a>
|
||||||
|
</li>
|
||||||
|
{% endif %}
|
||||||
|
{% url 'usersessions_list' as usersessions_list_url %}
|
||||||
|
{% if usersessions_list_url %}
|
||||||
|
<li class="level-item button is-light">
|
||||||
|
<a href="{{ usersessions_list_url }}">{% trans "Sessions" %}</a>
|
||||||
|
</li>
|
||||||
|
{% endif %}
|
||||||
|
{% url 'account_logout' as logout_url %}
|
||||||
|
{% if logout_url %}
|
||||||
|
<li class="level-item button is-light">
|
||||||
|
<a href="{{ logout_url }}">{% trans "Sign Out" %}</a>
|
||||||
|
</li>
|
||||||
|
{% endif %}
|
||||||
|
{% else %}
|
||||||
|
{% url 'account_login' as login_url %}
|
||||||
|
{% if login_url %}
|
||||||
|
<li class="level-item button is-light has-text-weight-bold">
|
||||||
|
<a href="{{ login_url }}">{% trans "Sign In" %}</a>
|
||||||
|
</li>
|
||||||
|
{% endif %}
|
||||||
|
{% url 'account_signup' as signup_url %}
|
||||||
|
{% if signup_url %}
|
||||||
|
<li class="level-item button is-light has-text-weight-bold">
|
||||||
|
<a href="{{ signup_url }}">{% trans "Sign Up" %}</a>
|
||||||
|
</li>
|
||||||
|
{% endif %}
|
||||||
|
{% endif %}
|
||||||
|
</nav>
|
||||||
|
|
||||||
|
<hr>
|
||||||
|
|
||||||
|
<div class="content">
|
||||||
|
{% block content %}
|
||||||
|
{% endblock content %}
|
||||||
|
</div>
|
||||||
|
</section>
|
||||||
|
|
||||||
|
{% include "_footer.html" %}
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -1,5 +1,3 @@
|
||||||
{% load django_browser_reload sass_tags static %}
|
|
||||||
|
|
||||||
<!DOCTYPE html>
|
<!DOCTYPE html>
|
||||||
<html lang="fr">
|
<html lang="fr">
|
||||||
<head>
|
<head>
|
||||||
|
@ -9,48 +7,17 @@
|
||||||
<meta name="description" content="Système d'information de la DGNum" />
|
<meta name="description" content="Système d'information de la DGNum" />
|
||||||
<title>DGNum</title>
|
<title>DGNum</title>
|
||||||
|
|
||||||
<!-- Icons -->
|
{% include "_links.html" %}
|
||||||
<link href="{% static 'favicon.ico' %}" rel="icon" />
|
|
||||||
<link href="{% static 'apple-touch-icon.png' %}" rel="apple-touch-icon" />
|
|
||||||
<link rel="icon"
|
|
||||||
type="image/png"
|
|
||||||
href="{% static 'favicon-16x16.png' %}"
|
|
||||||
sizes="16x16" />
|
|
||||||
<link rel="icon"
|
|
||||||
type="image/png"
|
|
||||||
href="{% static 'favicon-32x32.png' %}"
|
|
||||||
sizes="32x32" />
|
|
||||||
<link rel="icon"
|
|
||||||
type="image/png"
|
|
||||||
href="{% static 'android-chrome-192x192.png' %}"
|
|
||||||
sizes="192x192" />
|
|
||||||
|
|
||||||
<!-- CSS -->
|
|
||||||
<link href="{% sass_src 'bulma/bulma.scss' %}"
|
|
||||||
rel="stylesheet"
|
|
||||||
type="text/css" />
|
|
||||||
</head>
|
</head>
|
||||||
|
|
||||||
<body>
|
<body>
|
||||||
<section class="hero is-dark is-primary">
|
{% include "_hero.html" %}
|
||||||
<div class="hero-body">
|
|
||||||
<div class="container">
|
|
||||||
<h1 class="title">
|
|
||||||
<a href="{% url 'index' %}" class="has-text-dark">Dossier Général des Services Informagiques</a>
|
|
||||||
</h1>
|
|
||||||
<h2 class="subtitle">Système d'information de la DGNum</h2>
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
</section>
|
|
||||||
|
|
||||||
<section class="section">
|
<section class="section">
|
||||||
{% block content %}
|
{% block content %}
|
||||||
{% endblock content %}
|
{% endblock content %}
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<footer class="footer has-text-centered">
|
{% include "_footer.html" %}
|
||||||
<b>Logiciel développé pour et par la <a href="https://dgnum.eu">DGNum</a>.</b>
|
|
||||||
{% django_browser_reload_script %}
|
|
||||||
</footer>
|
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
@ -0,0 +1,29 @@
|
||||||
|
{% extends "base.html" %}
|
||||||
|
|
||||||
|
{% load i18n socialaccount %}
|
||||||
|
|
||||||
|
{% block content %}
|
||||||
|
<div class="fixed-grid">
|
||||||
|
<div class="grid">
|
||||||
|
<a href="{% provider_login_url 'kanidm' %}"
|
||||||
|
class="cell has-background-primary-dark p-6 has-radius-normal has-text-centered has-text-white">
|
||||||
|
<span class="icon-text">
|
||||||
|
<span class="icon">
|
||||||
|
<i class="ti ti-login"></i>
|
||||||
|
</span>
|
||||||
|
<span><b>{% trans "Connexion via la DGNum" %}</b></span>
|
||||||
|
</span>
|
||||||
|
</a>
|
||||||
|
|
||||||
|
<a href="{% provider_login_url 'kanidm' %}"
|
||||||
|
class="cell has-background-primary p-6 has-radius-normal has-text-centered has-text-white">
|
||||||
|
<span class="icon-text">
|
||||||
|
<span class="icon">
|
||||||
|
<i class="ti ti-login"></i>
|
||||||
|
</span>
|
||||||
|
<span><b>{% trans "Connexion via l'ENS" %}</b></span>
|
||||||
|
</span>
|
||||||
|
</a>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
{% endblock content %}
|
Loading…
Reference in a new issue