added SSO support using Python Social Auth including custom backend for EF Identity

2024-09-10 00:37:45 +02:00 · 2024-09-10 00:37:45 +02:00 · 09b2375d79
commit 09b2375d79
parent 42da0ffa27
10 changed files with 119 additions and 9 deletions
--- a/src/c3nav/site/static/site/css/c3nav.scss
+++ b/src/c3nav/site/static/site/css/c3nav.scss
@ -160,7 +160,7 @@ main.account form {
    max-width: 400px;
 }

-#modal-content form button[type=submit], #modal-content .answers .button {
+#modal-content form button[type=submit], #modal-content form .button.sso, #modal-content .answers .button {
    display: block;
    width: 100%;
 }
@ -1343,7 +1343,7 @@ main .narrow p, main .narrow form, main .narrow button {
    margin-bottom: 1.0rem;
 }

-main .narrow form button {
+main .narrow form button, main .narrow form .button {
    width: 100%;
 }

--- a/src/c3nav/site/static/site/js/c3nav.js
+++ b/src/c3nav/site/static/site/js/c3nav.js
@ -1344,7 +1344,7 @@ c3nav = {
    _modal_link_click: function (e) {
        var location = $(this).attr('href');
        if ($(this).is('[target]') || c3nav._href_modal_open_tab(location)) {
-            $(this).attr('target', '_blank');
+            if(!$(this).is('[target]')) $(this).attr('target', '_blank');
            return;
        }
        e.preventDefault();
--- a/src/c3nav/site/templates/site/account_form.html
+++ b/src/c3nav/site/templates/site/account_form.html
@ -17,6 +17,11 @@
        {% csrf_token %}
        {{ form.as_p }}
        <button type="submit">{{ title }}</button>
+        {% if sso_services %}
+        {% for sso_service_id, sso_service_name in sso_services.items %}
+            <a href="{% url "social:begin" sso_service_id %}?{{ redirect_query }}" class="button sso" target="_self">Login with {{ sso_service_name }}</a>
+        {% endfor %}
+        {% endif %}
        {% if bottom_link_url %}
            <a href="{{ bottom_link_url }}?{{ request.META.QUERY_STRING }}">{{ bottom_link_text }}</a>
        {% endif %}
--- a/src/c3nav/site/views.py
+++ b/src/c3nav/site/views.py
@ -6,7 +6,7 @@ from urllib.parse import urlparse
 import qrcode
 from django.conf import settings
 from django.contrib import messages
-from django.contrib.auth import login, logout
+from django.contrib.auth import REDIRECT_FIELD_NAME, login, logout
 from django.contrib.auth.decorators import login_required
 from django.contrib.auth.forms import AuthenticationForm, PasswordChangeForm, UserCreationForm
 from django.core.cache import cache
@ -14,7 +14,7 @@ from django.core.exceptions import ObjectDoesNotExist, SuspiciousOperation, Vali
 from django.core.paginator import Paginator
 from django.core.serializers.json import DjangoJSONEncoder
 from django.db import transaction
-from django.http import Http404, HttpResponse, HttpResponseBadRequest
+from django.http import Http404, HttpResponse, HttpResponseBadRequest, QueryDict
 from django.middleware import csrf
 from django.shortcuts import get_object_or_404, redirect, render
 from django.urls import reverse
@ -32,8 +32,8 @@ from c3nav.control.forms import AccessPermissionForm, SignedPermissionDataError
 from c3nav.mapdata.grid import grid
 from c3nav.mapdata.models import Location, Source
 from c3nav.mapdata.models.access import AccessPermission, AccessPermissionToken
-from c3nav.mapdata.models.locations import LocationRedirect, Position, SpecificLocation, get_position_secret, \
-    LocationGroup
+from c3nav.mapdata.models.locations import (LocationGroup, LocationRedirect, Position, SpecificLocation,
+                                            get_position_secret)
 from c3nav.mapdata.models.report import Report, ReportUpdate
 from c3nav.mapdata.utils.locations import (get_location_by_id_for_request, get_location_by_slug_for_request,
                                           levels_by_short_label_for_request)
@ -303,9 +303,19 @@ def login_view(request):
    else:
        form = AuthenticationForm(request)

+    redirect_path = request.GET.get(REDIRECT_FIELD_NAME, '/account/')
+    if referer := request.headers.get('Referer', None):
+        referer = urlparse(referer)
+        if referer.netloc == request.META['HTTP_HOST']:
+            redirect_path = f'{referer.path}?{referer.query}' if referer.query else referer.path
+    redirect_query = QueryDict(mutable=True)
+    redirect_query[REDIRECT_FIELD_NAME] = redirect_path
+
    ctx = {
        'title': _('Log in'),
        'form': form,
+        'redirect_path': redirect_path,
+        'redirect_query': redirect_query.urlencode(safe="/")
    }

    if settings.USER_REGISTRATION:
@ -314,6 +324,10 @@ def login_view(request):
            'bottom_link_text': _('Create new account')
        })

+    if settings.SSO_ENABLED:
+        from c3nav.control.sso import get_sso_services
+        ctx['sso_services'] = get_sso_services()
+
    return render(request, 'site/account_form.html', ctx)