fix oauth
All checks were successful
Docker / build (release) Successful in 9s

This commit is contained in:
krek0 2026-05-17 06:36:48 +02:00
parent 1de1cb4086
commit 997fd760d2
11 changed files with 99 additions and 37 deletions

View file

@ -6,7 +6,6 @@ from allauth.account.models import EmailAddress
from allauth.socialaccount.providers.base import ProviderAccount
from allauth.socialaccount.providers.oauth2.provider import OAuth2Provider
class OAuthAccount(ProviderAccount):
def to_str(self):
return self.account.extra_data.get("username")
@ -18,14 +17,12 @@ class OAuthProvider(OAuth2Provider):
account_class = OAuthAccount
def extract_uid(self, data):
return str(data["username"])
return str(data["preferred_username"])
def extract_common_fields(self, data):
return dict(
email=data.get("email"),
username=data.get("username"),
last_name=data.get("last_name"),
first_name=data.get("first_name"),
username=data.get("preferred_username"),
)
def get_default_scope(self):

View file

@ -2,7 +2,10 @@
# Copyright (C) 2022 Amicale des élèves de l'ENS Paris-Saclay
# SPDX-License-Identifier: GPL-3.0-or-later
from allauth.account.models import EmailAddress
from allauth.socialaccount.signals import pre_social_login
from django.conf import settings
from django.contrib.auth.models import Group
from django.dispatch import receiver
@ -19,11 +22,30 @@ def sync_user_fields(sender, request, sociallogin, **kwargs):
if email and user.email != email:
user.email = email
changed = True
EmailAddress.objects.filter(user=user).update(email=email)
username = data.get("username")
username = data.get("preferred_username")
if username and user.username != username:
user.username = username
changed = True
staff_groups = settings.OAUTH_STAFF_GROUPS
if staff_groups:
oauth_groups = set(data.get("groups", []))
is_staff = bool(oauth_groups & set(staff_groups))
if user.is_staff != is_staff:
user.is_staff = is_staff
changed = True
if changed:
user.save()
group_map = settings.OAUTH_GROUP_MAP
if group_map:
oauth_groups = set(data.get("groups", []))
for oauth_group, django_group_name in group_map.items():
django_group, _ = Group.objects.get_or_create(name=django_group_name)
if oauth_group in oauth_groups:
user.groups.add(django_group)
else:
user.groups.remove(django_group)

View file

@ -4,6 +4,7 @@
import requests
from allauth.socialaccount import app_settings
from django.core.exceptions import ImproperlyConfigured
from allauth.socialaccount.providers.oauth2.views import (
OAuth2Adapter,
OAuth2CallbackView,
@ -31,20 +32,27 @@ class OAuthAdapter(OAuth2Adapter):
@property
def domain(self):
return self.settings.get("DOMAIN", "")
domain = self.settings.get("DOMAIN", "")
if not domain:
raise ImproperlyConfigured(
"OAUTH_SERVER_URL is not configured. Set it in your .env file."
)
return domain
@property
def access_token_url(self):
return f"https://{self.domain}/o/token/"
return self.settings.get("TOKEN_URL", f"https://{self.domain}/application/o/token/")
@property
def authorize_url(self):
return f"https://{self.domain}/o/authorize/"
return self.settings.get("AUTHORIZE_URL", f"https://{self.domain}/application/o/authorize/")
@property
def profile_url(self):
return f"https://{self.domain}/api/me/"
return self.settings.get("PROFILE_URL", f"https://{self.domain}/application/o/userinfo/")
OAuthProvider.oauth2_adapter_class = OAuthAdapter
oauth2_login = OAuth2LoginView.adapter_view(OAuthAdapter)
oauth2_callback = OAuth2CallbackView.adapter_view(OAuthAdapter)