sinfonie/photo26
1
0
Fork 0
Code Issues Pull requests Projects Releases 2 Packages Wiki Activity Actions

fix alloauth
All checks were successful
Docker / build (release) Successful in 9s
Details

Browse source
This commit is contained in:
krek0 2026-05-16 20:09:23 +02:00
parent 1de1cb4086
commit b386525e0c
10 changed files with 51 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

3
.env.example
View file

@ -39,7 +39,8 @@ OAUTH_ONLY=False
#OAUTH_BUTTON_TEXT=Login with OAuth #OAUTH_BUTTON_TEXT=Login with OAuth
#OAUTH_BUTTON_IMAGE= #OAUTH_BUTTON_IMAGE=
# Space-separated OAuth2 scopes # Space-separated OAuth2 scopes
#OAUTH_SCOPE=openid profile email #OAUTH_SCOPE=openid profile email groups
#OAUTH_ADMIN_GROUP=Admins
# Database engine: 'sqlite' or 'postgres' # Database engine: 'sqlite' or 'postgres'
DB_ENGINE=sqlite DB_ENGINE=sqlite

6
allauth_oauth/provider.py
View file

@ -18,14 +18,12 @@ class OAuthProvider(OAuth2Provider):
account_class = OAuthAccount account_class = OAuthAccount
def extract_uid(self, data): def extract_uid(self, data):
return str(data["username"]) return str(data["preferred_username"])
def extract_common_fields(self, data): def extract_common_fields(self, data):
return dict( return dict(
email=data.get("email"), email=data.get("email"),
username=data.get("username"), username=data.get("preferred_username"),
last_name=data.get("last_name"),
first_name=data.get("first_name"),
) )
def get_default_scope(self): def get_default_scope(self):

12
allauth_oauth/signals.py
View file

@ -2,7 +2,9 @@
# Copyright (C) 2022 Amicale des élèves de l'ENS Paris-Saclay # Copyright (C) 2022 Amicale des élèves de l'ENS Paris-Saclay
# SPDX-License-Identifier: GPL-3.0-or-later # SPDX-License-Identifier: GPL-3.0-or-later
from allauth.account.models import EmailAddress
from allauth.socialaccount.signals import pre_social_login from allauth.socialaccount.signals import pre_social_login
from django.conf import settings
from django.dispatch import receiver from django.dispatch import receiver
@ -19,11 +21,19 @@ def sync_user_fields(sender, request, sociallogin, **kwargs):
if email and user.email != email: if email and user.email != email:
user.email = email user.email = email
changed = True changed = True
EmailAddress.objects.filter(user=user).update(email=email)
username = data.get("username") username = data.get("preferred_username")
if username and user.username != username: if username and user.username != username:
user.username = username user.username = username
changed = True changed = True
admin_group = settings.OAUTH_ADMIN_GROUP
if admin_group:
is_staff = admin_group in data.get("groups", [])
if user.is_staff != is_staff:
user.is_staff = is_staff
changed = True
if changed: if changed:
user.save() user.save()

16
allauth_oauth/views.py
View file

@ -4,6 +4,7 @@
import requests import requests
from allauth.socialaccount import app_settings from allauth.socialaccount import app_settings
from django.core.exceptions import ImproperlyConfigured
from allauth.socialaccount.providers.oauth2.views import ( from allauth.socialaccount.providers.oauth2.views import (
OAuth2Adapter, OAuth2Adapter,
OAuth2CallbackView, OAuth2CallbackView,
@ -31,20 +32,27 @@ class OAuthAdapter(OAuth2Adapter):
@property @property
def domain(self): def domain(self):
return self.settings.get("DOMAIN", "") domain = self.settings.get("DOMAIN", "")
if not domain:
raise ImproperlyConfigured(
"OAUTH_SERVER_URL is not configured. Set it in your .env file."
)
return domain
@property @property
def access_token_url(self): def access_token_url(self):
return f"https://{self.domain}/o/token/" return f"https://{self.domain}/application/o/token/"
@property @property
def authorize_url(self): def authorize_url(self):
return f"https://{self.domain}/o/authorize/" return f"https://{self.domain}/application/o/authorize/"
@property @property
def profile_url(self): def profile_url(self):
return f"https://{self.domain}/api/me/" return f"https://{self.domain}/application/o/userinfo/"
OAuthProvider.oauth2_adapter_class = OAuthAdapter
oauth2_login = OAuth2LoginView.adapter_view(OAuthAdapter) oauth2_login = OAuth2LoginView.adapter_view(OAuthAdapter)
oauth2_callback = OAuth2CallbackView.adapter_view(OAuthAdapter) oauth2_callback = OAuth2CallbackView.adapter_view(OAuthAdapter)

5
photo21/settings.py
View file

@ -64,6 +64,7 @@ OAUTH_SERVER_URL = config("OAUTH_SERVER_URL", default="")
OAUTH_BUTTON_TEXT = config("OAUTH_BUTTON_TEXT", default="Login with OAuth") OAUTH_BUTTON_TEXT = config("OAUTH_BUTTON_TEXT", default="Login with OAuth")
OAUTH_BUTTON_IMAGE = config("OAUTH_BUTTON_IMAGE", default="") OAUTH_BUTTON_IMAGE = config("OAUTH_BUTTON_IMAGE", default="")
OAUTH_SCOPE = config("OAUTH_SCOPE", default="openid profile email", cast=Csv(delimiter=" ")) OAUTH_SCOPE = config("OAUTH_SCOPE", default="openid profile email", cast=Csv(delimiter=" "))
OAUTH_ADMIN_GROUP = config("OAUTH_ADMIN_GROUP", default="")
INSTALLED_APPS = [ INSTALLED_APPS = [
"django.contrib.admin", "django.contrib.admin",
@ -118,6 +119,7 @@ TEMPLATES = [
"django.template.context_processors.request", "django.template.context_processors.request",
"django.contrib.auth.context_processors.auth", "django.contrib.auth.context_processors.auth",
"django.contrib.messages.context_processors.messages", "django.contrib.messages.context_processors.messages",
"photo21.views.oauth_context",
], ],
}, },
}, },
@ -282,6 +284,9 @@ ACCOUNT_FORMS = {"signup": "photo21.forms.CustomSignupForm"}
if OAUTH_ENABLED: if OAUTH_ENABLED:
SOCIALACCOUNT_ONLY = OAUTH_ONLY SOCIALACCOUNT_ONLY = OAUTH_ONLY
if OAUTH_ONLY:
ACCOUNT_EMAIL_VERIFICATION = 'none'
SOCIALACCOUNT_LOGIN_ON_GET = True
SOCIALACCOUNT_PROVIDERS = { SOCIALACCOUNT_PROVIDERS = {
"oauth": { "oauth": {
"SCOPE": OAUTH_SCOPE, "SCOPE": OAUTH_SCOPE,

6
photo21/templates/account/login.html
View file

@ -15,10 +15,12 @@ SPDX-License-Identifier: GPL-3.0-or-later
<div class="d-grid col-6 mx-auto"> <div class="d-grid col-6 mx-auto">
{% include "socialaccount/snippets/provider_list.html" with process="login" %} {% include "socialaccount/snippets/provider_list.html" with process="login" %}
</div> </div>
{% if not SOCIALACCOUNT_ONLY %}
<hr/> <hr/>
<p>{% blocktrans trimmed with site.name as site_name %}Please sign in with one <p>{% blocktrans trimmed with site.name as site_name %}Please sign in with one
of your existing third party accounts. Or, <a href="{{ signup_url }}">sign up</a> of your existing third party accounts. Or, <a href="{{ signup_url }}">sign up</a>
for a {{ site_name }} account and sign in below:{% endblocktrans %}</p> for a {{ site_name }} account and sign in below:{% endblocktrans %}</p>
{% endif %}
{% include "socialaccount/snippets/login_extra.html" %} {% include "socialaccount/snippets/login_extra.html" %}
@ -27,6 +29,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
<a href="{{ signup_url }}">sign up</a> first.{% endblocktrans %}</p> <a href="{{ signup_url }}">sign up</a> first.{% endblocktrans %}</p>
{% endif %} {% endif %}
{% if not SOCIALACCOUNT_ONLY %}
<form method="post" action="{% url 'account_login' %}">{% csrf_token %} <form method="post" action="{% url 'account_login' %}">{% csrf_token %}
{{ form|crispy }} {{ form|crispy }}
{% if redirect_field_value %} {% if redirect_field_value %}
@ -36,7 +39,8 @@ SPDX-License-Identifier: GPL-3.0-or-later
<button type="submit" class="btn btn-primary btn-lg my-2">{% trans "Sign In" %}</button> <button type="submit" class="btn btn-primary btn-lg my-2">{% trans "Sign In" %}</button>
</div> </div>
</form> </form>
<a class="link-secondary" href="{% url 'account_reset_password' %}">{% trans "Forgot Password?" %}</a> {% url 'account_reset_password' as reset_url %}{% if reset_url %}<a class="link-secondary" href="{{ reset_url }}">{% trans "Forgot Password?" %}</a>{% endif %}
{% endif %}
</div> </div>
</div> </div>
<!-- <p class="small text-center mt-1">{% trans "If any problem, please contact the server owners at" %} <code>photos[at]crans.org</code>.</p> --> <!-- <p class="small text-center mt-1">{% trans "If any problem, please contact the server owners at" %} <code>photos[at]crans.org</code>.</p> -->

7
photo21/templates/base.html
View file

@ -100,15 +100,16 @@ SPDX-License-Identifier: GPL-3.0-or-later
{% trans "Log in" %} {% trans "Log in" %}
</a> </a>
</li> </li>
<li class="nav-item"> {% url 'account_signup' as signup_url %}
<a class="nav-link" href="{% url 'account_signup' %}"> {% if signup_url %}<li class="nav-item">
<a class="nav-link" href="{{ signup_url }}">
<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-person-plus" viewBox="0 0 16 16"> <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-person-plus" viewBox="0 0 16 16">
<path d="M6 8a3 3 0 1 0 0-6 3 3 0 0 0 0 6zm2-3a2 2 0 1 1-4 0 2 2 0 0 1 4 0zm4 8c0 1-1 1-1 1H1s-1 0-1-1 1-4 6-4 6 3 6 4zm-1-.004c-.001-.246-.154-.986-.832-1.664C9.516 10.68 8.289 10 6 10c-2.29 0-3.516.68-4.168 1.332-.678.678-.83 1.418-.832 1.664h10z"/> <path d="M6 8a3 3 0 1 0 0-6 3 3 0 0 0 0 6zm2-3a2 2 0 1 1-4 0 2 2 0 0 1 4 0zm4 8c0 1-1 1-1 1H1s-1 0-1-1 1-4 6-4 6 3 6 4zm-1-.004c-.001-.246-.154-.986-.832-1.664C9.516 10.68 8.289 10 6 10c-2.29 0-3.516.68-4.168 1.332-.678.678-.83 1.418-.832 1.664h10z"/>
<path fill-rule="evenodd" d="M13.5 5a.5.5 0 0 1 .5.5V7h1.5a.5.5 0 0 1 0 1H14v1.5a.5.5 0 0 1-1 0V8h-1.5a.5.5 0 0 1 0-1H13V5.5a.5.5 0 0 1 .5-.5z"/> <path fill-rule="evenodd" d="M13.5 5a.5.5 0 0 1 .5.5V7h1.5a.5.5 0 0 1 0 1H14v1.5a.5.5 0 0 1-1 0V8h-1.5a.5.5 0 0 1 0-1H13V5.5a.5.5 0 0 1 .5-.5z"/>
</svg> </svg>
{% trans "Sign up" %} {% trans "Sign up" %}
</a> </a>
</li> </li>{% endif %}
{% endif %} {% endif %}
</ul> </ul>
</div> </div>

2
photo21/templates/socialaccount/snippets/provider_list.html
View file

@ -17,5 +17,5 @@ SPDX-License-Identifier: GPL-3.0-or-later
{% endfor %} {% endfor %}
{% endif %} {% endif %}
<a title="{{provider.name}}" class="btn btn-success" <a title="{{provider.name}}" class="btn btn-success"
href="{% provider_login_url provider.id process=process scope=scope auth_params=auth_params %}">{% trans "Sign in with" %} {{provider.name}}</a> href="{% provider_login_url provider.id process=process scope=scope auth_params=auth_params %}">{{ OAUTH_BUTTON_TEXT|default:provider.name }}</a>
{% endfor %} {% endfor %}

2
photo21/urls.py
View file

@ -24,6 +24,8 @@ urlpatterns = [
path("", IndexView.as_view(), name="index"), path("", IndexView.as_view(), name="index"),
path("", include("photologue.urls", namespace="photologue")), path("", include("photologue.urls", namespace="photologue")),
path("accounts/", include("allauth.urls")), path("accounts/", include("allauth.urls")),
path("accounts/", include("allauth_oauth.urls")),
path("i18n/", include("django.conf.urls.i18n")), path("i18n/", include("django.conf.urls.i18n")),
path("jsi18n/", JavaScriptCatalog.as_view(), name="javascript-catalog"), path("jsi18n/", JavaScriptCatalog.as_view(), name="javascript-catalog"),
path("admin/doc/", include("django.contrib.admindocs.urls")), path("admin/doc/", include("django.contrib.admindocs.urls")),

7
photo21/views.py
View file

@ -69,3 +69,10 @@ class IndexView(LoginRequiredMixin, ListView):
context["superusers"] = superusers context["superusers"] = superusers
return context return context
def oauth_context(request):
return {
"OAUTH_BUTTON_TEXT": getattr(settings, "OAUTH_BUTTON_TEXT", ""),
"OAUTH_BUTTON_IMAGE": getattr(settings, "OAUTH_BUTTON_IMAGE", ""),
}