feat: oauth provider

jdav_web/jdav_web/settings/__init__.py

@@ -58,6 +58,7 @@ base_settings = [
     'components/emails.py',
     'components/texts.py',
     'components/locale.py',
+    'components/oauth.py',
 ]
 
 include(*base_settings)

jdav_web/jdav_web/settings/components/base.py

@@ -52,6 +52,7 @@ INSTALLED_APPS = [
     'django_celery_beat',
     'rules',
     'jet',
+    'oauth2_provider',
     'django.contrib.admin',
     'django.contrib.auth',
     'django.contrib.contenttypes',
@@ -196,3 +197,5 @@ STARTPAGE_URL_NAME_PATTERN = "[\w\-: *]"
 
 # admins to contact on error messages
 ADMINS = get_var('section', 'admins', default=[])
+
+LOGIN_URL = '/de/kompass/login/'

jdav_web/jdav_web/settings/components/oauth.py

@@ -0,0 +1,11 @@
+OAUTH2_PROVIDER = {
+    "OIDC_ENABLED": True,
+    "PKCE_REQUIRED": False,
+    "OAUTH2_VALIDATOR_CLASS": "logindata.oauth.CustomOAuth2Validator",
+    "OIDC_RSA_PRIVATE_KEY": get_var('oauth', 'oidc_rsa_private_key', default=''),
+    "SCOPES": {
+        "openid": "OpenID Connect scope",
+        "profile": "profile scope",
+        "email": "email scope",
+    },
+}

jdav_web/jdav_web/urls.py

@@ -13,13 +13,14 @@ Including another URLconf
     1. Import the include() function: from django.conf.urls import url, include
     2. Add a URL to urlpatterns:  url(r'^blog/', include('blog.urls'))
 """
-from django.urls import re_path, include
+from django.urls import path, re_path, include
 from django.contrib import admin
 from django.conf.urls.static import static
 from django.conf.urls.i18n import i18n_patterns
 from django.conf import settings
 from django.utils.translation import gettext_lazy as _
 from django.views.generic.base import RedirectView
+from oauth2_provider import urls as oauth2_urls
 from .views import media_access
 
 admin.site.index_title = _('Startpage')
@@ -36,6 +37,7 @@ urlpatterns = i18n_patterns(
     re_path(r'^LBAlpin/Programm(/)?(20)?[0-9]{0,2}', include('ludwigsburgalpin.urls',
             namespace="ludwigsburgalpin")),
     re_path(r'^_nested_admin/', include('nested_admin.urls')),
+    path('o/', include(oauth2_urls)),
     re_path(r'^', include('startpage.urls', namespace="startpage")),
 )
 

jdav_web/logindata/oauth.py

@@ -0,0 +1,11 @@
+from oauth2_provider.oauth2_validators import OAuth2Validator
+
+
+class CustomOAuth2Validator(OAuth2Validator):
+    # Set `oidc_claim_scope = None` to ignore scopes that limit which claims to return,
+    # otherwise the OIDC standard scopes are used.
+
+    def get_additional_claims(self, request):
+        return {
+            "preferred_username": request.user.username
+        }

requirements.txt

@@ -9,6 +9,7 @@ billiard==3.6.4.0
 bleach==6.0.0
 celery==5.2.3
 certifi==2021.10.8
+cffi==1.17.1
 charset-normalizer==2.0.10
 click==8.0.3
 click-didyoumean==0.3.0
@@ -16,6 +17,7 @@ click-plugins==1.1.1
 click-repl==0.2.0
 coverage==7.5.4
 cron-descriptor==1.2.35
+cryptography==44.0.2
 Deprecated==1.2.13
 Django==4.2.20
 django-appconf==1.0.5
@@ -25,6 +27,7 @@ django-jet-reboot==1.3.10
 django-markdownify==0.9.3
 django-markdownx==4.0.2
 django-nested-admin==4.0.2
+django-oauth-toolkit==3.0.1
 django-split-settings==1.2.0
 django-timezone-field==5.0
 docutils==0.21.2
@@ -34,15 +37,18 @@ imagesize==1.4.1
 importlib-metadata==6.2.0
 importlib_resources==6.5.2
 Jinja2==3.1.4
+jwcrypto==1.5.6
 kombu==5.2.3
 Markdown==3.4.3
 MarkupSafe==3.0.2
 mysqlclient==2.1.0
+oauthlib==3.2.2
 openpyxl==3.1.5
 packaging==24.2
 Pillow==9.0.0
 prompt-toolkit==3.0.24
 pycountry==24.6.1
+pycparser==2.22
 Pygments==2.18.0
 pymemcache==4.0.0
 pyparsing==3.0.6