add ocid based login

pandora/app/oidc.py

@@ -0,0 +1,34 @@
+import unicodedata
+
+from django.contrib.auth import get_user_model
+
+import mozilla_django_oidc.auth
+
+from user.utils import prepare_user
+
+User = get_user_model()
+
+
+class OIDCAuthenticationBackend(mozilla_django_oidc.auth.OIDCAuthenticationBackend):
+    def create_user(self, claims):
+        user = super(OIDCAuthenticationBackend, self).create_user(claims)
+        username = claims.get("preferred_username")
+        n = 1
+        if username and username != user.username:
+            uname = username
+            while User.objects.filter(username=uname).exclude(id=user.id).exists():
+                n += 1
+                uname = '%s (%s)' % (username, n)
+            user.username = uname
+            user.save()
+        prepare_user(user)
+        return user
+
+    def update_user(self, user, claims):
+        print("update user", user, claims)
+        #user.save()
+        return user
+
+
+def generate_username(email):
+    return unicodedata.normalize('NFKC', email)[:150]

pandora/app/views.py

@@ -184,6 +184,7 @@ def init(request, data):
         except:
             pass
 
+    config['site']['oidc'] = bool(getattr(settings, 'OIDC_RP_CLIENT_ID', False))
     response['data']['site'] = config
     response['data']['user'] = init_user(request.user, request)
     request.session['last_init'] = str(datetime.now())

pandora/settings.py

@@ -111,6 +111,7 @@ ROOT_URLCONF = 'urls'
 
 INSTALLED_APPS = (
     'django.contrib.auth',
+    'mozilla_django_oidc',
     'django.contrib.contenttypes',
     'django.contrib.sessions',
     'django.contrib.sites',
@@ -158,6 +159,27 @@ INSTALLED_APPS = (
 )
 
 AUTH_USER_MODEL = 'system.User'
+AUTH_PROFILE_MODULE = 'user.UserProfile'
+AUTH_CHECK_USERNAME = True
+
+AUTHENTICATION_BACKENDS = (
+    'django.contrib.auth.backends.ModelBackend',
+)
+
+# OpenID Connect login support
+LOGIN_REDIRECT_URL = "/grid"
+LOGOUT_REDIRECT_URL = "/grid"
+OIDC_USERNAME_ALGO = "app.oidc.generate_username"
+OIDC_RP_CLIENT_ID = None
+
+# define those in local_settings to enable OCID based login
+#OIDC_RP_CLIENT_ID = '<client id>'
+#OIDC_RP_CLIENT_SECRET = '<client secret>'
+#OIDC_RP_SIGN_ALGO = "RS256"
+#OIDC_OP_JWKS_ENDPOINT = "<jwks endpoint>"
+#OIDC_OP_AUTHORIZATION_ENDPOINT = "<authorization endpoint>"
+#OIDC_OP_TOKEN_ENDPOINT = "<token endpoint>"
+#OIDC_OP_USER_ENDPOINT = "<user endpoint>"
 
 # Log errors into db
 LOGGING = {
@@ -193,8 +215,6 @@ CACHES = {
 DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField"
 
 
-AUTH_PROFILE_MODULE = 'user.UserProfile'
-AUTH_CHECK_USERNAME = True
 FFMPEG = 'ffmpeg'
 FFPROBE = 'ffprobe'
 USE_VP9 = True
@@ -323,3 +343,7 @@ except NameError:
 
 INSTALLED_APPS = tuple(list(INSTALLED_APPS) + LOCAL_APPS)
 
+if OIDC_RP_CLIENT_ID:
+    AUTHENTICATION_BACKENDS = list(AUTHENTICATION_BACKENDS) + [
+        'app.oidc.OIDCAuthenticationBackend'
+    ]

pandora/urls.py

@@ -2,7 +2,7 @@
 import os
 import importlib
 
-from django.urls import path, re_path
+from django.urls import path, re_path, include
 from oxdjango.http import HttpFileResponse
 
 from django.conf import settings
@@ -36,6 +36,8 @@ def serve_static_file(path, location, content_type):
 urlpatterns = [
     #path('admin/', admin.site.urls),
 
+    path('oidc/', include('mozilla_django_oidc.urls')),
+
     re_path(r'^api/locale.(?P<lang>.*).json$', translation.views.locale_json),
     re_path(r'^api/upload/text/?$', text.views.upload),
     re_path(r'^api/upload/document/?$', document.views.upload),