WIP

5c2354b0 · Daniel Palomar · 1edcdf4a · 5c2354b0 · 5c2354b0 · 5c2354b0
Commit 5c2354b0 authored 2 years ago by Daniel Palomar
--- a/demo/README.md
+++ b/demo/README.md
 # SomOffice Demo App

+Features:
+
+* Login with Keycloak
+
 ## Setup

 1. Install pyenv:
@@ -46,6 +50,13 @@ pyenv exec python manage.py migrate
 ```

 ## Run AppServer
+In one shell start a Keycloak server:
+
+```bash
+
+docker run -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:18.0.1 start-dev
+
+```
 ```bash

 pyenv exec python manage.py runserver 0.0.0.0:8000
@@ -53,6 +64,21 @@ pyenv exec python manage.py runserver 0.0.0.0:8000
 ```

 ## Usage
+### Create user
+```sh
+
+curl -X POST \
+  -H 'Accept: application/json' \
+  -H 'Content-Type: application/json;charset=utf-8' \
+  --data-raw '
+  {
+    "username": "demo5",
+    "password": "demo",
+    "locale": "ca"
+  }' \
+  localhost:8000/api/admin/import_user/
+
+```
 ### Login

 curl -X GET \

--- a/demo/demo/domain/auth.py
+++ b/demo/demo/domain/auth.py
@@ -18,7 +18,6 @@ class FakeAuthenticationRemoteBackend(RemoteUserBackend):
        authenticate() (which passes it on to the backend).
        """
        user = super().authenticate(request, username)
-        user.profile = object
        return user

    def clean_username(self, username):

--- a/demo/demo/settings.py
+++ b/demo/demo/settings.py
@@ -15,6 +15,9 @@ import os
 from django.utils.translation import gettext_lazy as _
 from datetime import timedelta

+# Import from keycloak_oidc settings and use the defaults
+from keycloak_oidc.default_settings import *
+

 BASE_DIR = os.path.dirname(os.path.dirname(__file__))

@@ -27,7 +30,7 @@ SECRET_KEY = 'e12261a4e417683eafd18d9da9e89b978fb9e663'
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True

-ALLOWED_HOSTS = []
+ALLOWED_HOSTS = ['*']

 # Application definition

@@ -40,6 +43,7 @@ INSTALLED_APPS = (
    'django.contrib.staticfiles',
    'rest_framework',
    "django_rest_passwordreset",
+    'keycloak_oidc',  # load after auth!
    'django_somoffice',
    'demo',
 )
@@ -53,10 +57,12 @@ MIDDLEWARE = (
    "django.contrib.messages.middleware.MessageMiddleware",
    "django.middleware.clickjacking.XFrameOptionsMiddleware",
    "django_somoffice.core.http.locale_middleware",
+    "mozilla_django_oidc.middleware.SessionRefresh",
 )

-# For backwards compatibility for Django 1.8
-MIDDLEWARE_CLASSES = MIDDLEWARE
+AUTHENTICATION_BACKENDS = [
+    'keycloak_oidc.auth.OIDCAuthenticationBackend',
+]

 ROOT_URLCONF = 'demo.urls'

@@ -108,10 +114,6 @@ AUTH_PASSWORD_VALIDATORS = [
    },
 ]

-AUTHENTICATION_BACKENDS = [
-    "demo.domain.auth.FakeAuthenticationRemoteBackend",
-]
-
 # Static files (CSS, JavaScript, Images)
 # https://docs.djangoproject.com/en/1.7/howto/static-files/

@@ -170,3 +172,26 @@ SOMOFFICE_RESOURCE_PROVIDERS = {
    "discovery_channels": "demo.providers.discovery_channels.DiscoveryChannelsProvider",  # noqa
    "profile": "demo.providers.profile.ProfileProvider",
 }
+
+REST_FRAMEWORK = dict(
+    DEFAULT_AUTHENTICATION_CLASSES=(
+        'mozilla_django_oidc.contrib.drf.OIDCAuthentication',
+        'rest_framework.authentication.SessionAuthentication'
+    )
+)
+
+KEYCLOAK_SERVER_URL = "http://localhost:8080"
+KEYCLOAK_CLIENT_ID = "django-somoffice"
+KEYCLOAK_CLIENT_SECRET = "6CulK9DvVpGxxjxxlyjX2BElif4vjxQv"
+KEYCLOAK_REALM = "somoffice-demo"
+KEYCLOAK_ADMIN_USER = "admin"
+KEYCLOAK_ADMIN_PASSWORD = "admin"
+
+OIDC_RP_CLIENT_ID = "django-somoffice"
+OIDC_RP_CLIENT_SECRET = "6CulK9DvVpGxxjxxlyjX2BElif4vjxQv"
+
+OIDC_OP_AUTHORIZATION_ENDPOINT = 'http://localhost:8080/auth/realms/somoffice-demo/protocol/openid-connect/auth'
+OIDC_OP_TOKEN_ENDPOINT = 'http://localhost:8080/auth/realms/somoffice-demo/protocol/openid-connect/token'
+OIDC_OP_USER_ENDPOINT = 'http://localhost:8080/auth/realms/somoffice-demo/protocol/openid-connect/userinfo'
+OIDC_OP_JWKS_ENDPOINT = 'http://localhost:8080/auth/realms/somoffice-demo/protocol/openid-connect/certs'
+OIDC_OP_LOGOUT_ENDPOINT = 'http://localhost:8080/auth/realms/somoffice-demo/protocol/openid-connect/logout'
\ No newline at end of file
--- a/demo/demo/urls.py
+++ b/demo/demo/urls.py
@@ -8,5 +8,11 @@ urlpatterns = [
    path(base_path + "import_user/", views.import_user),
    path(base_path + "user/", views.get_user),
    path(base_path + "change_user_email", views.change_user_email),
+    path(base_path + "oidc/callback/", views.keycloak_authenticate_response),
    path("", include("django_somoffice.urls")),
+    path(base_path + 'oidc/', include('keycloak_oidc.urls')),
 ]
+
+
+# URL login
+# https://staging-opencell.coopdevs.org/auth/realms/somoffice-demo/protocol/openid-connect/auth?response_type=code&client_id=django-somoffice&redirect_uri=http%3A%2F%2Flocalhost:8000%2Fapi%2Fadmin%2Fkeycloak/&state=f0eb39af-1abe-4b75-b093-9bd0211c66d3&login=true&scope=openid
\ No newline at end of file
--- a/demo/demo/views.py
+++ b/demo/demo/views.py
+import json
 from django.views.decorators.http import require_POST, require_GET
 from django.http import JsonResponse
 from django.views.decorators.csrf import csrf_exempt
-from basicauth.decorators import basic_auth_required
+
 from demo.serializers.user import UserSerializer
+from django_somoffice.models import User

+from django.contrib.auth.decorators import login_required

 @csrf_exempt
-@basic_auth_required
 @require_POST
 def import_user(request):
+    data = json.loads(request.body)
+    user = User(
+        username=data["username"],
+        password=data["password"]
+    )
+    user.save()
+
+    user.profile.preferredLocale = data["locale"]
+    user.profile.save()
    return JsonResponse({"msg": "ok"})


 @require_GET
-@basic_auth_required
 @csrf_exempt
 def get_user(request):
    return JsonResponse(
-       UserSerializer(user).data
+       UserSerializer(None).data
    )


 @require_POST
-@basic_auth_required
 @csrf_exempt
 def change_user_email(request):
    return JsonResponse({"msg": "ok"})
+
+
+@require_GET
+@csrf_exempt
+def keycloak_authenticate_response_old(request):
+    print(request)
+    return JsonResponse({"msg": "ok"})
+
+@require_GET
+@login_required
+def keycloak_authenticate_response(request):
+    return JsonResponse({"msg": "ok"})
\ No newline at end of file
--- a/demo/docker-compose.yml
+++ b/demo/docker-compose.yml
+version: '3'
+
+volumes:
+  postgres_data:
+      driver: local
+
+services:
+  postgres:
+      image: postgres
+      volumes:
+        - postgres_data:/var/lib/postgresql/data
+      environment:
+        POSTGRES_DB: keycloak
+        POSTGRES_USER: postgres
+        POSTGRES_PASSWORD: postgres
+  keycloak:
+      image: jboss/keycloak:16.1.1
+      environment:
+        DB_VENDOR: POSTGRES
+        DB_ADDR: postgres
+        DB_DATABASE: keycloak
+        DB_USER: postgres
+        DB_SCHEMA: public
+        DB_PASSWORD: postgres
+        KEYCLOAK_USER: admin
+        KEYCLOAK_PASSWORD: admin
+      ports:
+        - 8080:8080
+      depends_on:
+        - postgres
--- a/demo/requirements.txt
+++ b/demo/requirements.txt
@@ -3,3 +3,6 @@ djangorestframework==3.9.2
 django-basicauth==0.5.2
 -e ../../django-somoffice-app
 # django-somoffice @ git+https://git.coopdevs.org/coopdevs/comunitats-energetiques/somoffice/django-somoffice-app.git@master
+
+python-keycloak==0.18.0
+datapunt_keycloak_oidc
\ No newline at end of file