feat: changes

2026-05-06 07:53:49 +02:00 · 2025-06-16 21:33:59 -03:00
parent 5d5d172b3b
commit c8d316857f
8 changed files with 92 additions and 58 deletions
--- a/=0.58.2
+++ b/=0.58.2
@@ -1,6 +0,0 @@
-Defaulting to user installation because normal site-packages is not writeable
-Requirement already satisfied: django-allauth in /home/jules/.local/lib/python3.10/site-packages (65.8.1)
-Requirement already satisfied: Django>=4.2.16 in /home/jules/.local/lib/python3.10/site-packages (from django-allauth) (5.1.9)
-Requirement already satisfied: asgiref>=3.8.1 in /home/jules/.local/lib/python3.10/site-packages (from django-allauth) (3.8.1)
-Requirement already satisfied: typing-extensions>=4 in /usr/local/lib/python3.10/dist-packages (from asgiref>=3.8.1->django-allauth) (4.13.2)
-Requirement already satisfied: sqlparse>=0.3.1 in /home/jules/.local/lib/python3.10/site-packages (from Django>=4.2.16->django-allauth) (0.5.3)
--- a/README.md
+++ b/README.md
@@ -148,21 +148,26 @@ To create the first user, open the container's console using Unraid's UI, by cli

 WYGIWYH supports login via OpenID Connect (OIDC) through `django-allauth`. This allows users to authenticate using an external OIDC provider.

+> [!NOTE]
+> Currently only OpenID Connect is supported as a provider, open an issue if you need something else.
+
 To configure OIDC, you need to set the following environment variables:

-| Variable             | Description                                                                 |
-|----------------------|-----------------------------------------------------------------------------|
-| `OIDC_CLIENT_ID`     | The Client ID provided by your OIDC provider.                               |
-| `OIDC_CLIENT_SECRET` | The Client Secret provided by your OIDC provider.                           |
+| Variable             | Description                                                                                                                                                                                                                                            |
+|----------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `OIDC_CLIENT_NAME`   | The name of the provider. will be displayed in the login page. Defaults to `OpenID Connect`                                                                                                                                                            |
+| `OIDC_CLIENT_ID`     | The Client ID provided by your OIDC provider.                                                                                                                                                                                                          |
+| `OIDC_CLIENT_SECRET` | The Client Secret provided by your OIDC provider.                                                                                                                                                                                                      |
 | `OIDC_SERVER_URL`    | The base URL of your OIDC provider's discovery document or authorization server (e.g., `https://your-provider.com/auth/realms/your-realm`). `django-allauth` will use this to discover the necessary endpoints (authorization, token, userinfo, etc.). |
+| `OIDC_ALLOW_SIGNUP`  | Allow the automatic creation of inexistent accounts on a successfull authentication. Defaults to `true`.                                                                                                                                               |

 **Callback URL (Redirect URI):**

-When configuring your OIDC provider, you will need to provide a callback URL (also known as a Redirect URI). For WYGIWYH, using `django-allauth` with the provider ID 'oidc' (as configured in `settings.py`), the default callback URL is:
+When configuring your OIDC provider, you will need to provide a callback URL (also known as a Redirect URI). For WYGIWYH, the default callback URL is:

-`https://your.wygiwyh.domain/accounts/oidc/login/callback/`
+`https://your.wygiwyh.domain/daa/accounts/oidc/<OIDC_CLIENT_NAME>/login/callback/`

-Replace `https://your.wygiwyh.domain` with the actual URL where your WYGIWYH instance is accessible.
+Replace `https://your.wygiwyh.domain` with the actual URL where your WYGIWYH instance is accessible. And `<OIDC_CLIENT_NAME>` with the slugfied value set in OIDC_CLIENT_NAME or the default `openid-connect` if you haven't set this variable.

 # How it works

--- a/app/WYGIWYH/settings.py
+++ b/app/WYGIWYH/settings.py
@@ -14,6 +14,7 @@ import os
 import sys
 from pathlib import Path

+from django.utils.text import slugify

 SITE_TITLE = "WYGIWYH"
 TITLE_SEPARATOR = "::"
@@ -62,7 +63,6 @@ INSTALLED_APPS = [
    "apps.transactions.apps.TransactionsConfig",
    "apps.currencies.apps.CurrenciesConfig",
    "apps.accounts.apps.AccountsConfig",
-    "apps.common.apps.CommonConfig",
    "apps.net_worth.apps.NetWorthConfig",
    "apps.import_app.apps.ImportConfig",
    "apps.export_app.apps.ExportConfig",
@@ -79,6 +79,7 @@ INSTALLED_APPS = [
    "allauth.account",
    "allauth.socialaccount",
    "allauth.socialaccount.providers.openid_connect",
+    "apps.common.apps.CommonConfig",
 ]

 SITE_ID = 1
@@ -319,33 +320,38 @@ LOGOUT_REDIRECT_URL = "/login/"

 # Allauth settings
 AUTHENTICATION_BACKENDS = [
-    "django.contrib.auth.backends.ModelBackend", # Keep default
+    "django.contrib.auth.backends.ModelBackend",  # Keep default
    "allauth.account.auth_backends.AuthenticationBackend",
 ]

-SOCIALACCOUNT_PROVIDERS = {
-    'oidc': {
-        'APPS': [
-            {
-                'provider_id': 'oidc',
-                'name': 'OpenID Connect',
-                'client_id': os.getenv('OIDC_CLIENT_ID'),
-                'secret': os.getenv('OIDC_CLIENT_SECRET'),
-                'settings': {
-                    'server_url': os.getenv('OIDC_SERVER_URL'),
-                }
-            }
-        ]
-    }
-}
+SOCIALACCOUNT_PROVIDERS = {"openid_connect": {"APPS": []}}

-ACCOUNT_AUTHENTICATION_METHOD = 'email'
-ACCOUNT_EMAIL_REQUIRED = True
-ACCOUNT_USERNAME_REQUIRED = False
+if (
+    os.getenv("OIDC_CLIENT_ID")
+    and os.getenv("OIDC_CLIENT_SECRET")
+    and os.getenv("OIDC_SERVER_URL")
+):
+    SOCIALACCOUNT_PROVIDERS["openid_connect"]["APPS"].append(
+        {
+            "provider_id": slugify(os.getenv("OIDC_CLIENT_NAME", "OpenID Connect")),
+            "name": os.getenv("OIDC_CLIENT_NAME", "OpenID Connect"),
+            "client_id": os.getenv("OIDC_CLIENT_ID"),
+            "secret": os.getenv("OIDC_CLIENT_SECRET"),
+            "settings": {
+                "server_url": os.getenv("OIDC_SERVER_URL"),
+            },
+        }
+    )
+
+ACCOUNT_LOGIN_METHODS = {"email"}
+ACCOUNT_SIGNUP_FIELDS = ["email*", "password1*", "password2*"]
 ACCOUNT_USER_MODEL_USERNAME_FIELD = None
-ACCOUNT_EMAIL_VERIFICATION = 'optional'
-SOCIALACCOUNT_ADAPTER = 'allauth.socialaccount.adapter.DefaultSocialAccountAdapter'
-ACCOUNT_ADAPTER = 'allauth.account.adapter.DefaultAccountAdapter'
+ACCOUNT_EMAIL_VERIFICATION = "optional"
+SOCIALACCOUNT_ADAPTER = "allauth.socialaccount.adapter.DefaultSocialAccountAdapter"
+SOCIALACCOUNT_LOGIN_ON_GET = True
+SOCIALACCOUNT_AUTO_SIGNUP = os.getenv("OIDC_ALLOW_SIGNUP", "true").lower() == "true"
+ACCOUNT_ADAPTER = "allauth.account.adapter.DefaultAccountAdapter"
+

 # CRISPY FORMS
 CRISPY_ALLOWED_TEMPLATE_PACKS = ["bootstrap5", "crispy_forms/pure_text"]
--- a/app/WYGIWYH/urls.py
+++ b/app/WYGIWYH/urls.py
@@ -36,7 +36,7 @@ urlpatterns = [
        SpectacularSwaggerView.as_view(url_name="schema"),
        name="swagger-ui",
    ),
-    path('accounts/', include('allauth.urls')), # allauth urls
+    path("daa/accounts/", include("allauth.urls")),  # allauth urls
    path("", include("apps.transactions.urls")),
    path("", include("apps.common.urls")),
    path("", include("apps.users.urls")),
--- a/app/apps/common/apps.py
+++ b/app/apps/common/apps.py
@@ -4,3 +4,17 @@ from django.apps import AppConfig
 class CommonConfig(AppConfig):
    default_auto_field = "django.db.models.BigAutoField"
    name = "apps.common"
+
+    def ready(self):
+        from django.contrib import admin
+        from django.contrib.sites.models import Site
+        from allauth.socialaccount.models import (
+            SocialAccount,
+            SocialApp,
+            SocialToken,
+        )
+
+        admin.site.unregister(Site)
+        admin.site.unregister(SocialAccount)
+        admin.site.unregister(SocialApp)
+        admin.site.unregister(SocialToken)
--- a/app/apps/users/migrations/0021_alter_usersettings_timezone.py
+++ b/app/apps/users/migrations/0021_alter_usersettings_timezone.py
--- a/app/templates/users/login.html
+++ b/app/templates/users/login.html
@@ -27,25 +27,23 @@
              <h1 class="h2 card-title text-center mb-4">Login</h1>
              {% crispy form %}

-              <div class="mt-3">
-                <h2>{% translate "Or login with:" %}</h2>
-                {% get_providers as socialaccount_providers %}
-                {% if socialaccount_providers %}
-                    <ul class="socialaccount_providers list-unstyled">
-                        {% for provider in socialaccount_providers %}
-                            {% if provider.id == 'oidc' %}
-                            <li class="mt-2">
-                                <a title="{{provider.name}}" class="btn btn-outline-primary w-100 socialaccount_provider {{provider.id}}" href="{% provider_login_url provider.id process="login" %}">
-                                    Login with {{provider.name}}
-                                </a>
-                            </li>
-                            {% endif %}
-                        {% endfor %}
-                    </ul>
-                {% else %}
-                    <p>{% translate "Social login is not configured." %}</p>
-                {% endif %}
-              </div>
+              {% get_providers as socialaccount_providers %}
+              {% if socialaccount_providers %}
+                <div class="mt-3">
+                  <hr>
+                  <ul class="socialaccount_providers list-unstyled">
+                    {% for provider in socialaccount_providers %}
+                      <li class="mt-2">
+                        <a title="{{ provider.name }}"
+                           class="btn btn-outline-primary w-100 socialaccount_provider {{ provider.id }}"
+                           href="{% provider_login_url provider %}">
+                          {% translate 'Login with' %} {{ provider.name }}
+                        </a>
+                      </li>
+                    {% endfor %}
+                  </ul>
+                </div>
+              {% endif %}
            </div>
          </div>
        </div>
--- a/requirements.txt
+++ b/requirements.txt
@@ -21,8 +21,7 @@ watchfiles==0.24.0  # https://github.com/samuelcolvin/watchfiles
 procrastinate[django]~=2.15.1

 requests~=2.32.3
-django-allauth>=0.58.2
-requests-oauthlib>=1.3.1
+django-allauth[socialaccount]~=65.9.0

 pytz
 python-dateutil~=2.9.0.post0