diff --git a/wger/core/forms.py b/wger/core/forms.py index 8deebfbb5..dfe8c7ff8 100644 --- a/wger/core/forms.py +++ b/wger/core/forms.py @@ -39,6 +39,7 @@ from crispy_forms.helper import FormHelper from crispy_forms.layout import ( HTML, + Button, ButtonHolder, Column, Fieldset, @@ -52,6 +53,10 @@ # wger from wger.core.models import UserProfile +#OIDC +from django.urls import reverse +from django.shortcuts import redirect + class UserLoginForm(AuthenticationForm): """ @@ -67,6 +72,14 @@ def __init__(self, authenticate_on_clean=True, *args, **kwargs): self.helper = FormHelper() self.helper.add_input(Submit('submit', _('Login'), css_class='btn-success btn-block')) + self.helper.add_input( + Button( + 'authentik_login', + _('Login with Authentik'), + css_class='btn btn-primary btn-block', + onclick=f"window.location.href='{reverse('oidc_authentication_init')}'" + ) + ) self.helper.form_class = 'wger-form' self.helper.layout = Layout( Row( @@ -84,6 +97,7 @@ def clean(self): See https://github.com/wger-project/wger/issues/1163 """ + if self.authenticate_on_clean: self.authenticate(self.request) return self.cleaned_data diff --git a/wger/core/templates/base.html b/wger/core/templates/base.html index aa822b904..14c56bc31 100644 --- a/wger/core/templates/base.html +++ b/wger/core/templates/base.html @@ -3,8 +3,6 @@ {% block template %} - - {% if trainer_identity %}
{% blocktranslate with current_user=user|format_username %}You are diff --git a/wger/core/templates/index.html b/wger/core/templates/index.html index b1e5641c4..c987e2c31 100644 --- a/wger/core/templates/index.html +++ b/wger/core/templates/index.html @@ -1,7 +1,12 @@ {% extends "base_wide.html" %} {% load i18n static wger_extras %} -{% block title %}{% translate "Dashboard" %}{% endblock %} +{% block title %} +{% if user.is_authenticated %} +

Welcome, {{ user }}

+{% endif %} +{% translate "Dashboard" %} +{% endblock %} {# #} {# Header #} diff --git a/wger/core/templates/user/login.html b/wger/core/templates/user/login.html index d4b7e17a1..db1d64c9f 100644 --- a/wger/core/templates/user/login.html +++ b/wger/core/templates/user/login.html @@ -11,7 +11,6 @@ {% crispy form %} {% endblock %} - {% block sidebar %}

{% translate "No account?" %}

diff --git a/wger/core/urls.py b/wger/core/urls.py index 65dc5faca..96d1f4858 100644 --- a/wger/core/urls.py +++ b/wger/core/urls.py @@ -15,6 +15,7 @@ # You should have received a copy of the GNU Affero General Public License # Django +from django.contrib import admin from django.conf.urls import include from django.contrib.auth import views from django.urls import ( diff --git a/wger/core/views/user.py b/wger/core/views/user.py index dda9f59f9..d4a317b30 100644 --- a/wger/core/views/user.py +++ b/wger/core/views/user.py @@ -207,8 +207,8 @@ def trainer_login(request, user_pk): # authentication backend if own: del request.session['trainer.identity'] + # django_login(request, user, 'django.contrib.auth.backends.ModelBackend') django_login(request, user, 'django.contrib.auth.backends.ModelBackend') - if not own: request.session['trainer.identity'] = orig_user_pk if request.GET.get('next'): diff --git a/wger/settings_global.py b/wger/settings_global.py index 190408139..a1cf7c3b7 100644 --- a/wger/settings_global.py +++ b/wger/settings_global.py @@ -20,6 +20,11 @@ import sys from datetime import timedelta +# OIDC +import environ +env = environ.Env() +environ.Env.read_env() + # wger from wger import get_version from wger.utils.constants import DOWNLOAD_INGREDIENT_WGER @@ -42,6 +47,8 @@ WSGI_APPLICATION = 'wger.wsgi.application' INSTALLED_APPS = [ + 'mozilla_django_oidc', + 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.messages', @@ -117,6 +124,7 @@ ] MIDDLEWARE = [ + # Prometheus 'django_prometheus.middleware.PrometheusBeforeMiddleware', @@ -128,6 +136,9 @@ # Django Admin 'django.contrib.auth.middleware.AuthenticationMiddleware', + # middleware involving session and authentication must come first + 'mozilla_django_oidc.middleware.SessionRefresh', + # Javascript Header. Sends helper headers for AJAX 'wger.utils.middleware.JavascriptAJAXRedirectionMiddleware', @@ -151,9 +162,10 @@ ] AUTHENTICATION_BACKENDS = ( + 'mozilla_django_oidc.auth.OIDCAuthenticationBackend', 'axes.backends.AxesStandaloneBackend', # should be the first one in the list 'django.contrib.auth.backends.ModelBackend', - 'wger.utils.helpers.EmailAuthBackend', + 'wger.utils.helpers.EmailAuthBackend' ) TEMPLATES = [ @@ -207,6 +219,7 @@ LOGIN_URL = '/user/login' LOGIN_REDIRECT_URL = '/' + # # Internationalization # @@ -587,3 +600,12 @@ def email_verified_callback(user): # Whether the application is being run regularly or during tests TESTING = len(sys.argv) > 1 and sys.argv[1] == 'test' + +# OIDC +OIDC_RP_CLIENT_ID = env("OIDC_RP_CLIENT_ID") +OIDC_RP_CLIENT_SECRET = env("OIDC_RP_CLIENT_SECRET") +OIDC_OP_AUTHORIZATION_ENDPOINT = env("OIDC_OP_AUTHORIZATION_ENDPOINT") +OIDC_OP_USER_ENDPOINT = env("OIDC_OP_USER_ENDPOINT") +OIDC_OP_TOKEN_ENDPOINT = env("OIDC_OP_TOKEN_ENDPOINT") +OIDC_RP_SIGN_ALGO = env('OIDC_RP_SIGN_ALGO') +OIDC_OP_JWKS_ENDPOINT = env('OIDC_OP_JWKS_ENDPOINT') diff --git a/wger/urls.py b/wger/urls.py index 9e83e30a9..d31a93f42 100644 --- a/wger/urls.py +++ b/wger/urls.py @@ -16,6 +16,7 @@ # along with Workout Manager. If not, see . # Django +from django.contrib import admin from django.conf import settings from django.conf.urls import include from django.conf.urls.i18n import i18n_patterns @@ -217,6 +218,8 @@ # The actual URLs # urlpatterns = i18n_patterns( + path('oidc/', include('mozilla_django_oidc.urls')), + path('admin/', admin.site.urls), path('', include(('wger.core.urls', 'core'), namespace='core')), path('routine/', include(('wger.manager.urls', 'manager'), namespace='manager')), path('exercise/', include(('wger.exercises.urls', 'exercise'), namespace='exercise')), @@ -251,7 +254,7 @@ path('api/v2/', include(router.urls)), # The api user login path( - 'api/v2/login/', core_api_views.UserAPILoginView.as_view({'post': 'post'}), name='api_user' + 'api/v2/ /', core_api_views.UserAPILoginView.as_view({'post': 'post'}), name='api_user' ), path( 'api/v2/register/',