✨ [#3] added oidc

maykinmedia · May 14, 2024 · 0658e87 · 0658e87
1 parent 2d0c1af
commit 0658e87
Show file tree

Hide file tree

Showing 7 changed files with 81 additions and 5 deletions.
diff --git a/src/referentielijsten/accounts/tests/test_oidc.py b/src/referentielijsten/accounts/tests/test_oidc.py
@@ -0,0 +1,42 @@
+from django.urls import reverse
+from django.utils.translation import gettext as _
+
+from django_webtest import WebTest
+from mozilla_django_oidc_db.models import OpenIDConnectConfig
+
+
+class OIDCLoginButtonTestCase(WebTest):
+    def test_oidc_button_disabled(self):
+        config = OpenIDConnectConfig.get_solo()
+        config.enabled = False
+        config.save()
+
+        response = self.app.get(reverse("admin:login"))
+
+        oidc_login_link = response.html.find(
+            "a", string=_("Login with organization account")
+        )
+
+        # Verify that the login button is not visible
+        self.assertIsNone(oidc_login_link)
+
+    def test_oidc_button_enabled(self):
+        config = OpenIDConnectConfig.get_solo()
+        config.enabled = True
+        config.oidc_op_token_endpoint = "https://some.endpoint.nl/"
+        config.oidc_op_user_endpoint = "https://some.endpoint.nl/"
+        config.oidc_rp_client_id = "id"
+        config.oidc_rp_client_secret = "secret"
+        config.save()
+
+        response = self.app.get(reverse("admin:login"))
+
+        oidc_login_link = response.html.find(
+            "a", string=_("Login with organization account")
+        )
+
+        # Verify that the login button is visible
+        self.assertIsNotNone(oidc_login_link)
+        self.assertEqual(
+            oidc_login_link.attrs["href"], reverse("oidc_authentication_init")
+        )
diff --git a/src/referentielijsten/conf/base.py b/src/referentielijsten/conf/base.py
@@ -108,13 +108,14 @@
     "ordered_model",
     "django_admin_index",
     "django.contrib.admin",
-    # 'django.contrib.admindocs',
-    # 'django.contrib.humanize',
-    # 'django.contrib.sitemaps',
     # External applications.
     "axes",
+    "mozilla_django_oidc",
+    "mozilla_django_oidc_db",
     "drf_spectacular",
     "rest_framework",
+    "solo",
+    "django_jsonform",
     "vng_api_common",
     # Project applications.
     "referentielijsten.accounts",
@@ -129,6 +130,7 @@
     "django.middleware.common.CommonMiddleware",
     "django.middleware.csrf.CsrfViewMiddleware",
     "django.contrib.auth.middleware.AuthenticationMiddleware",
+    "mozilla_django_oidc_db.middleware.SessionRefresh",
     "maykin_2fa.middleware.OTPMiddleware",
     "django.contrib.messages.middleware.MessageMiddleware",
     "django.middleware.clickjacking.XFrameOptionsMiddleware",
@@ -284,6 +286,10 @@
             "level": "INFO",
             "propagate": True,
         },
+        "mozilla_django_oidc": {
+            "handlers": ["project"],
+            "level": "DEBUG",
+        },
     },
 }
 
@@ -450,6 +456,13 @@
     ELASTIC_APM["ENABLED"] = False
     ELASTIC_APM["SERVER_URL"] = "http://localhost:8200"
 
+#
+# Mozilla Django OIDC DB settings
+#
+OIDC_AUTHENTICATE_CLASS = "mozilla_django_oidc_db.views.OIDCAuthenticationRequestView"
+MOZILLA_DJANGO_OIDC_DB_CACHE = "oidc"
+MOZILLA_DJANGO_OIDC_DB_CACHE_TIMEOUT = 5 * 60
+
 # Subpath (optional)
 # This environment variable can be configured during deployment.
 SUBPATH = config("SUBPATH", None)

diff --git a/src/referentielijsten/conf/dev.py b/src/referentielijsten/conf/dev.py
@@ -67,6 +67,7 @@
 CACHES = {
     "default": {"BACKEND": "django.core.cache.backends.locmem.LocMemCache"},
     "axes": {"BACKEND": "django.core.cache.backends.dummy.DummyCache"},
+    "oidc": {"BACKEND": "django.core.cache.backends.locmem.LocMemCache"},
 }
 
 #

diff --git a/src/referentielijsten/fixtures/default_admin_index.json b/src/referentielijsten/fixtures/default_admin_index.json
@@ -17,6 +17,10 @@
                 [
                     "auth",
                     "group"
+                ],
+                [
+                    "mozilla_django_oidc_db",
+                    "openidconnectconfig"
                 ]
             ]
         }

diff --git a/src/referentielijsten/scss/admin/_app_overrides.scss b/src/referentielijsten/scss/admin/_app_overrides.scss
@@ -122,3 +122,10 @@ $djai-border-width: 8px;
     }
   }
 }
+
+/* Extra login links in admin login screen */
+.admin-login-option {
+  text-align: center;
+  clear: both;
+  padding-top: 1em;
+}
diff --git a/src/referentielijsten/templates/maykin_2fa/login.html b/src/referentielijsten/templates/maykin_2fa/login.html
@@ -1,5 +1,5 @@
 {% extends "maykin_2fa/login.html" %}
-{% load i18n %}
+{% load solo_tags i18n %}
 
 
 {% block footer %}
@@ -8,7 +8,15 @@
 
 
 {% block extra_login_options %}
-{#Include additional (OIDC) authentication options here #}
+
+{% get_solo 'mozilla_django_oidc_db.OpenIDConnectConfig' as oidc_config %}
+{% if oidc_config.enabled %}
+<div class="admin-login-option">{% trans "or" %}</div>
+<div class="admin-login-option">
+    <a href="{% url 'oidc_authentication_init' %}">{% trans "Login with organization account" %}</a>
+</div>
+{% endif %}
+
 {% endblock %}
 
 

diff --git a/src/referentielijsten/urls.py b/src/referentielijsten/urls.py
@@ -62,6 +62,7 @@
         ),
     ),
     path("ref/", include("vng_api_common.urls")),
+    path("oidc/", include("mozilla_django_oidc.urls")),
 ]
 
 # NOTE: The staticfiles_urlpatterns also discovers static files (ie. no need to run collectstatic). Both the static
-Original file line number
+Diff line change
@@ Expand Up / @@ -17,6 +17,10 @@ @@
                     [
                         "auth",
                         "group"
+                    ],
+                    [
+                        "mozilla_django_oidc_db",
+                        "openidconnectconfig"
                     ]
                 ]
             }
@@ Expand Down @@