Merge lp:~vorlon/summit/oauth2-support into lp:summit

Proposed by Steve Langasek
Status: Needs review
Proposed branch: lp:~vorlon/summit/oauth2-support
Merge into: lp:summit
Diff against target: 197 lines (+95/-2)
9 files modified
requirements.txt (+1/-0)
summit/common/context_processors.py (+4/-0)
summit/common/templates/base.html (+1/-1)
summit/common/templates/done.html (+10/-0)
summit/common/templates/login.html (+13/-0)
summit/schedule/templates/schedule/actions.html (+1/-1)
summit/settings.py (+5/-0)
summit/social-backends/debian.py (+55/-0)
summit/urls.py (+5/-0)
To merge this branch: bzr merge lp:~vorlon/summit/oauth2-support
Reviewer Review Type Date Requested Status
Summit Hackers Pending
Review via email: mp+215534@code.launchpad.net

Description of the change

Preliminary support for oauth2. This pulls in a new django module dependency, and also only works if you also register and add in oauth2 keys, which you need to get from your oauth2 provider.

To post a comment you must log in.
lp:~vorlon/summit/oauth2-support updated
226. By Steve Langasek

Replace another reference to /openid/login with login_url

Unmerged revisions

226. By Steve Langasek

Replace another reference to /openid/login with login_url

225. By Steve Langasek

Initial support for Debian SSO

224. By Steve Langasek

Simplify the oauth2 support

we don't actually need separate url handlers, we can just include the
upstream ones and set LOGIN_URL to whichever provider we want (e.g.,
/login/google-oauth2) in our individual django app. If someone really
wants to have multiple auth providers from the same app, they can figure
that out on their own, but currently it doesn't look like an interesting use
case.

223. By Steve Langasek

Make the 'login' link on the navbar configurable via LOGIN_URL in settings.

222. By Steve Langasek

Initial support for oauth2 (using the Google backend for testing)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'requirements.txt'
2--- requirements.txt 2014-05-04 14:00:34 +0000
3+++ requirements.txt 2014-05-18 00:12:52 +0000
4@@ -12,6 +12,7 @@
5 bzr>=2.4b
6 distribute==0.6.10
7 django-openid-auth==0.5
8+python-social-auth
9 # psycopg2==2.0.13 - only needed for production like environments
10 python-openid==2.2.4
11 pytz==2010b
12
13=== modified file 'summit/common/context_processors.py'
14--- summit/common/context_processors.py 2013-03-07 01:48:40 +0000
15+++ summit/common/context_processors.py 2014-05-18 00:12:52 +0000
16@@ -38,6 +38,10 @@
17 return {'login_next': request.get_full_path()}
18
19
20+def login_url(request):
21+ return {'login_url': settings.LOGIN_URL}
22+
23+
24 def summit_version(request):
25 """
26 add The Summit Scheduler version to template context processor.
27
28=== modified file 'summit/common/templates/base.html'
29--- summit/common/templates/base.html 2013-08-28 10:37:08 +0000
30+++ summit/common/templates/base.html 2014-05-18 00:12:52 +0000
31@@ -35,7 +35,7 @@
32 {% endif %}
33 <a class="top-login-item" href="{% url logout %}" title="Log Out: {{ user.username }}">Log out</a>
34 {% else %}
35- <a class="top-login-item" href="/openid/login/?next={{login_next}}" title="Log In">Log in</a>
36+ <a class="top-login-item" href="{{login_url}}?next={{login_next}}" title="Log In">Log in</a>
37 {% endif %}
38 {% endblock %}
39 {% block main_nav_links %}
40
41=== added file 'summit/common/templates/done.html'
42--- summit/common/templates/done.html 1970-01-01 00:00:00 +0000
43+++ summit/common/templates/done.html 2014-05-18 00:12:52 +0000
44@@ -0,0 +1,10 @@
45+{% extends "website_base.html" %}
46+{% load url from future %}
47+
48+{% block title %}Logged In{% endblock %}
49+
50+{% block content %}
51+ <p>
52+ You are logged in as {{ user.username }}! (<a href="/logout/">Logout</a>)
53+ </p>
54+{% endblock %}
55
56=== added file 'summit/common/templates/login.html'
57--- summit/common/templates/login.html 1970-01-01 00:00:00 +0000
58+++ summit/common/templates/login.html 2014-05-18 00:12:52 +0000
59@@ -0,0 +1,13 @@
60+{% extends "website_base.html" %}
61+{% load url from future %}
62+
63+{% block title %}Login{% endblock %}
64+
65+{% block content %}
66+ <form action="{% url 'social:begin' 'google-oauth2' %}" method="post">
67+ {% csrf_token %}
68+ <div>
69+ <input type="submit" value="Log in through Google"/>
70+ </div>
71+ </form>
72+{% endblock %}
73
74=== modified file 'summit/schedule/templates/schedule/actions.html'
75--- summit/schedule/templates/schedule/actions.html 2013-05-09 23:50:37 +0000
76+++ summit/schedule/templates/schedule/actions.html 2014-05-18 00:12:52 +0000
77@@ -38,7 +38,7 @@
78 {% endif %}
79 {% else %}
80 {% if not user.is_authenticated %}
81- <p><a href="/openid/login?next={{login_next}}">Log in now</a></p>
82+ <p><a href="{{login_url}}?next={{login_next}}">Log in now</a></p>
83 {% endif %}
84 {% endifequal %}
85
86
87=== modified file 'summit/settings.py'
88--- summit/settings.py 2013-11-15 14:54:49 +0000
89+++ summit/settings.py 2014-05-18 00:12:52 +0000
90@@ -95,10 +95,13 @@
91 "django.contrib.messages.context_processors.messages",
92 "common.context_processors.next_summit",
93 "common.context_processors.login_redirect",
94+ "common.context_processors.login_url",
95 "common.context_processors.url_base",
96 "common.context_processors.summit_version",
97 "common.context_processors.site_menu",
98 "common.context_processors.track_display_name",
99+ "social.apps.django_app.context_processors.backends",
100+ "social.apps.django_app.context_processors.login_redirect",
101 )
102
103 MIDDLEWARE_CLASSES = (
104@@ -123,6 +126,7 @@
105 'django.contrib.messages',
106 'django.contrib.sessions',
107 'django_openid_auth',
108+ 'social.apps.django_app.default',
109 'django.contrib.admin',
110 'django.contrib.sites',
111 'django.contrib.staticfiles',
112@@ -140,6 +144,7 @@
113 TEST_RUNNER = "local_tests.LocalAppsTestSuiteRunner"
114
115 AUTHENTICATION_BACKENDS = (
116+ 'social-backends.debian.DebianOAuth2',
117 'django_openid_auth.auth.OpenIDBackend',
118 'django.contrib.auth.backends.ModelBackend',
119 )
120
121=== added directory 'summit/social-backends'
122=== added file 'summit/social-backends/__init__.py'
123=== added file 'summit/social-backends/debian.py'
124--- summit/social-backends/debian.py 1970-01-01 00:00:00 +0000
125+++ summit/social-backends/debian.py 2014-05-18 00:12:52 +0000
126@@ -0,0 +1,55 @@
127+"""
128+Debian OAuth2 SSO backend
129+Based on the Google backend for python-social-auth
130+"""
131+from requests import HTTPError
132+
133+from social.backends.oauth import BaseOAuth2
134+from social.exceptions import AuthMissingParameter, AuthCanceled
135+
136+
137+class DebianOAuth2(BaseOAuth2):
138+ """Debian OAuth2 authentication backend"""
139+ name = 'debian-oauth2'
140+ REDIRECT_STATE = False
141+ AUTHORIZATION_URL = 'https://sso.debian.org/o/authorize'
142+ ACCESS_TOKEN_URL = 'https://sso.debian.org/o/token/'
143+ ACCESS_TOKEN_METHOD = 'POST'
144+ # FIXME: unconfirmed
145+ REVOKE_TOKEN_URL = 'https://sso.debian.org/o/revoke'
146+ REVOKE_TOKEN_METHOD = 'GET'
147+ DEFAULT_SCOPE = ['openid email profile']
148+ EXTRA_DATA = [
149+ ('refresh_token', 'refresh_token', True),
150+ ('expires_in', 'expires'),
151+ ('token_type', 'token_type', True)
152+ ]
153+
154+ def revoke_token_params(self, token, uid):
155+ return {'token': token}
156+
157+ def revoke_token_headers(self, token, uid):
158+ return {'Content-type': 'application/json'}
159+
160+ def get_user_id(self, details, response):
161+ """Use Debian email as unique id"""
162+ if self.setting('USE_UNIQUE_USER_ID', False):
163+ return response['id']
164+ else:
165+ return details['email']
166+
167+ def get_user_details(self, response):
168+ """Return user details from Debian account"""
169+ email = response.get('email', '')
170+ return {'username': email.split('@', 1)[0],
171+ 'email': email,
172+ 'fullname': response.get('name', ''),
173+ 'first_name': response.get('given_name', ''),
174+ 'last_name': response.get('family_name', '')}
175+
176+ def user_data(self, access_token, *args, **kwargs):
177+ """Return user data from Debian SSO API"""
178+ return self.get_json(
179+ 'https://sso.debian.org/api/v1/people/getOpenIdConnect',
180+ params={'access_token': access_token, 'alt': 'json'}
181+ )
182
183=== modified file 'summit/urls.py'
184--- summit/urls.py 2013-05-10 14:45:54 +0000
185+++ summit/urls.py 2014-05-18 00:12:52 +0000
186@@ -61,6 +61,11 @@
187 )
188
189 urlpatterns += patterns(
190+ '',
191+ url(r'', include('social.apps.django_app.urls', namespace='social')),
192+)
193+
194+urlpatterns += patterns(
195 'summit.schedule.views',
196 url(r'^today/(?P<summit_name>[\w-]+)/$', 'today_view', name='today'),
197 url(r'^past/', 'past', name='past'),

Subscribers

People subscribed via source and target branches