fix oauth

allauth_oauth/provider.py

@@ -6,7 +6,6 @@ from allauth.account.models import EmailAddress
 from allauth.socialaccount.providers.base import ProviderAccount
 from allauth.socialaccount.providers.oauth2.provider import OAuth2Provider
 
-
 class OAuthAccount(ProviderAccount):
     def to_str(self):
         return self.account.extra_data.get("username")
@@ -18,14 +17,12 @@ class OAuthProvider(OAuth2Provider):
     account_class = OAuthAccount
 
     def extract_uid(self, data):
-        return str(data["username"])
+        return str(data["preferred_username"])
 
     def extract_common_fields(self, data):
         return dict(
             email=data.get("email"),
-            username=data.get("username"),
-            last_name=data.get("last_name"),
-            first_name=data.get("first_name"),
+            username=data.get("preferred_username"),
         )
 
     def get_default_scope(self):

allauth_oauth/signals.py

@@ -2,7 +2,10 @@
 # Copyright (C) 2022  Amicale des élèves de l'ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
+from allauth.account.models import EmailAddress
 from allauth.socialaccount.signals import pre_social_login
+from django.conf import settings
+from django.contrib.auth.models import Group
 from django.dispatch import receiver
 
 
@@ -19,11 +22,30 @@ def sync_user_fields(sender, request, sociallogin, **kwargs):
     if email and user.email != email:
         user.email = email
         changed = True
+        EmailAddress.objects.filter(user=user).update(email=email)
 
-    username = data.get("username")
+    username = data.get("preferred_username")
     if username and user.username != username:
         user.username = username
         changed = True
 
+    staff_groups = settings.OAUTH_STAFF_GROUPS
+    if staff_groups:
+        oauth_groups = set(data.get("groups", []))
+        is_staff = bool(oauth_groups & set(staff_groups))
+        if user.is_staff != is_staff:
+            user.is_staff = is_staff
+            changed = True
+
     if changed:
         user.save()
+
+    group_map = settings.OAUTH_GROUP_MAP
+    if group_map:
+        oauth_groups = set(data.get("groups", []))
+        for oauth_group, django_group_name in group_map.items():
+            django_group, _ = Group.objects.get_or_create(name=django_group_name)
+            if oauth_group in oauth_groups:
+                user.groups.add(django_group)
+            else:
+                user.groups.remove(django_group)

allauth_oauth/views.py

@@ -4,6 +4,7 @@
 
 import requests
 from allauth.socialaccount import app_settings
+from django.core.exceptions import ImproperlyConfigured
 from allauth.socialaccount.providers.oauth2.views import (
     OAuth2Adapter,
     OAuth2CallbackView,
@@ -31,20 +32,27 @@ class OAuthAdapter(OAuth2Adapter):
 
     @property
     def domain(self):
-        return self.settings.get("DOMAIN", "")
+        domain = self.settings.get("DOMAIN", "")
+        if not domain:
+            raise ImproperlyConfigured(
+                "OAUTH_SERVER_URL is not configured. Set it in your .env file."
+            )
+        return domain
 
     @property
     def access_token_url(self):
-        return f"https://{self.domain}/o/token/"
+        return self.settings.get("TOKEN_URL", f"https://{self.domain}/application/o/token/")
 
     @property
     def authorize_url(self):
-        return f"https://{self.domain}/o/authorize/"
+        return self.settings.get("AUTHORIZE_URL", f"https://{self.domain}/application/o/authorize/")
 
     @property
     def profile_url(self):
-        return f"https://{self.domain}/api/me/"
+        return self.settings.get("PROFILE_URL", f"https://{self.domain}/application/o/userinfo/")
 
 
+OAuthProvider.oauth2_adapter_class = OAuthAdapter
+
 oauth2_login = OAuth2LoginView.adapter_view(OAuthAdapter)
 oauth2_callback = OAuth2CallbackView.adapter_view(OAuthAdapter)