From 9586e84fde450e2fbd125a273412d318e367b6d4 Mon Sep 17 00:00:00 2001 From: SilviaAmAm Date: Wed, 2 Oct 2024 14:38:51 +0200 Subject: [PATCH] :wrench: [#390] Configure OIDC --- backend/src/openarchiefbeheer/conf/base.py | 13 ++++++++++++- .../templates/maykin_2fa/login.html | 11 ++++++++--- backend/src/openarchiefbeheer/urls.py | 3 +++ 3 files changed, 23 insertions(+), 4 deletions(-) diff --git a/backend/src/openarchiefbeheer/conf/base.py b/backend/src/openarchiefbeheer/conf/base.py index 576194e5..0128b680 100644 --- a/backend/src/openarchiefbeheer/conf/base.py +++ b/backend/src/openarchiefbeheer/conf/base.py @@ -128,6 +128,9 @@ "django_filters", "solo", "ordered_model", + "django_jsonform", + "mozilla_django_oidc", + "mozilla_django_oidc_db", # Project applications. "openarchiefbeheer.accounts", "openarchiefbeheer.destruction", @@ -151,6 +154,7 @@ "django.contrib.messages.middleware.MessageMiddleware", "django.middleware.clickjacking.XFrameOptionsMiddleware", "hijack.middleware.HijackUserMiddleware", + "mozilla_django_oidc_db.middleware.SessionRefresh", # should be last according to docs "axes.middleware.AxesMiddleware", "djangorestframework_camel_case.middleware.CamelCaseMiddleWare", @@ -322,6 +326,7 @@ "axes.backends.AxesBackend", "openarchiefbeheer.accounts.backends.UserModelEmailBackend", "django.contrib.auth.backends.ModelBackend", + "mozilla_django_oidc_db.backends.OIDCAuthenticationBackend", ] SESSION_COOKIE_NAME = "openarchiefbeheer_sessionid" @@ -458,7 +463,7 @@ # add entries from AUTHENTICATION_BACKENDS that already enforce their own two-factor # auth, avoiding having some set up MFA again in the project. MAYKIN_2FA_ALLOW_MFA_BYPASS_BACKENDS = [ - # "mozilla_django_oidc_db.backends.OIDCAuthenticationBackend", + "mozilla_django_oidc_db.backends.OIDCAuthenticationBackend", ] # @@ -622,3 +627,9 @@ "schedule": crontab(hour="12", minute="0"), }, } + +# +# Django OIDC +# +OIDC_AUTHENTICATE_CLASS = "mozilla_django_oidc_db.views.OIDCAuthenticationRequestView" +OIDC_CALLBACK_CLASS = "mozilla_django_oidc_db.views.OIDCCallbackView" \ No newline at end of file diff --git a/backend/src/openarchiefbeheer/templates/maykin_2fa/login.html b/backend/src/openarchiefbeheer/templates/maykin_2fa/login.html index 93586c74..60c794dd 100644 --- a/backend/src/openarchiefbeheer/templates/maykin_2fa/login.html +++ b/backend/src/openarchiefbeheer/templates/maykin_2fa/login.html @@ -1,6 +1,5 @@ {% extends "maykin_2fa/login.html" %} -{% load i18n %} - +{% load i18n solo_tags %} {% block footer %} @@ -8,7 +7,13 @@ {% block extra_login_options %} -{#Include additional (OIDC) authentication options here #} +{% get_solo 'mozilla_django_oidc_db.OpenIDConnectConfig' as oidc_config %} + +{% if oidc_config.enabled %} +
+ {% trans "Login with OIDC" %} +
+{% endif %} {% endblock %} diff --git a/backend/src/openarchiefbeheer/urls.py b/backend/src/openarchiefbeheer/urls.py index a8d38347..89818b7a 100644 --- a/backend/src/openarchiefbeheer/urls.py +++ b/backend/src/openarchiefbeheer/urls.py @@ -6,6 +6,7 @@ from django.contrib.staticfiles.urls import staticfiles_urlpatterns from django.urls import include, path from django.views.generic.base import TemplateView +from mozilla_django_oidc_db.views import AdminLoginFailure from maykin_2fa import monkeypatch_admin from maykin_2fa.urls import urlpatterns, webauthn_urlpatterns @@ -39,6 +40,7 @@ path("admin/", include((webauthn_urlpatterns, "two_factor"))), path("admin/hijack/", include("hijack.urls")), path("admin/", admin.site.urls), + path("admin/login/failure/", AdminLoginFailure.as_view(), name="admin-oidc-error"), path( "reset///", auth_views.PasswordResetConfirmView.as_view(), @@ -49,6 +51,7 @@ auth_views.PasswordResetCompleteView.as_view(), name="password_reset_complete", ), + path("oidc/", include("mozilla_django_oidc.urls")), path("api/", include("openarchiefbeheer.api.urls", namespace="api")), # Simply show the master template. path("", TemplateView.as_view(template_name="master.html"), name="root"),