feat: changes

=0.58.2

@@ -1,6 +0,0 @@
-Defaulting to user installation because normal site-packages is not writeable
-Requirement already satisfied: django-allauth in /home/jules/.local/lib/python3.10/site-packages (65.8.1)
-Requirement already satisfied: Django>=4.2.16 in /home/jules/.local/lib/python3.10/site-packages (from django-allauth) (5.1.9)
-Requirement already satisfied: asgiref>=3.8.1 in /home/jules/.local/lib/python3.10/site-packages (from django-allauth) (3.8.1)
-Requirement already satisfied: typing-extensions>=4 in /usr/local/lib/python3.10/dist-packages (from asgiref>=3.8.1->django-allauth) (4.13.2)
-Requirement already satisfied: sqlparse>=0.3.1 in /home/jules/.local/lib/python3.10/site-packages (from Django>=4.2.16->django-allauth) (0.5.3)

README.md

@@ -148,21 +148,26 @@ To create the first user, open the container's console using Unraid's UI, by cli
 
 WYGIWYH supports login via OpenID Connect (OIDC) through `django-allauth`. This allows users to authenticate using an external OIDC provider.
 
+> [!NOTE]
+> Currently only OpenID Connect is supported as a provider, open an issue if you need something else.
+
 To configure OIDC, you need to set the following environment variables:
 
-| Variable             | Description                                                                 |
+| Variable             | Description                                                                                                                                                                                                                                            |
-|----------------------|-----------------------------------------------------------------------------|
+|----------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `OIDC_CLIENT_ID`     | The Client ID provided by your OIDC provider.                               |
+| `OIDC_CLIENT_NAME`   | The name of the provider. will be displayed in the login page. Defaults to `OpenID Connect`                                                                                                                                                            |
-| `OIDC_CLIENT_SECRET` | The Client Secret provided by your OIDC provider.                           |
+| `OIDC_CLIENT_ID`     | The Client ID provided by your OIDC provider.                                                                                                                                                                                                          |
+| `OIDC_CLIENT_SECRET` | The Client Secret provided by your OIDC provider.                                                                                                                                                                                                      |
 | `OIDC_SERVER_URL`    | The base URL of your OIDC provider's discovery document or authorization server (e.g., `https://your-provider.com/auth/realms/your-realm`). `django-allauth` will use this to discover the necessary endpoints (authorization, token, userinfo, etc.). |
+| `OIDC_ALLOW_SIGNUP`  | Allow the automatic creation of inexistent accounts on a successfull authentication. Defaults to `true`.                                                                                                                                               |
 
 **Callback URL (Redirect URI):**
 
-When configuring your OIDC provider, you will need to provide a callback URL (also known as a Redirect URI). For WYGIWYH, using `django-allauth` with the provider ID 'oidc' (as configured in `settings.py`), the default callback URL is:
+When configuring your OIDC provider, you will need to provide a callback URL (also known as a Redirect URI). For WYGIWYH, the default callback URL is:
 
-`https://your.wygiwyh.domain/accounts/oidc/login/callback/`
+`https://your.wygiwyh.domain/daa/accounts/oidc/<OIDC_CLIENT_NAME>/login/callback/`
 
-Replace `https://your.wygiwyh.domain` with the actual URL where your WYGIWYH instance is accessible.
+Replace `https://your.wygiwyh.domain` with the actual URL where your WYGIWYH instance is accessible. And `<OIDC_CLIENT_NAME>` with the slugfied value set in OIDC_CLIENT_NAME or the default `openid-connect` if you haven't set this variable.
 
 # How it works
 

app/WYGIWYH/settings.py

@@ -14,6 +14,7 @@ import os
 import sys
 from pathlib import Path
 
+from django.utils.text import slugify
 
 SITE_TITLE = "WYGIWYH"
 TITLE_SEPARATOR = "::"
@@ -62,7 +63,6 @@ INSTALLED_APPS = [
     "apps.transactions.apps.TransactionsConfig",
     "apps.currencies.apps.CurrenciesConfig",
     "apps.accounts.apps.AccountsConfig",
-    "apps.common.apps.CommonConfig",
     "apps.net_worth.apps.NetWorthConfig",
     "apps.import_app.apps.ImportConfig",
     "apps.export_app.apps.ExportConfig",
@@ -79,6 +79,7 @@ INSTALLED_APPS = [
     "allauth.account",
     "allauth.socialaccount",
     "allauth.socialaccount.providers.openid_connect",
+    "apps.common.apps.CommonConfig",
 ]
 
 SITE_ID = 1
@@ -319,33 +320,38 @@ LOGOUT_REDIRECT_URL = "/login/"
 
 # Allauth settings
 AUTHENTICATION_BACKENDS = [
-    "django.contrib.auth.backends.ModelBackend", # Keep default
+    "django.contrib.auth.backends.ModelBackend",  # Keep default
     "allauth.account.auth_backends.AuthenticationBackend",
 ]
 
-SOCIALACCOUNT_PROVIDERS = {
+SOCIALACCOUNT_PROVIDERS = {"openid_connect": {"APPS": []}}
-    'oidc': {
-        'APPS': [
-            {
-                'provider_id': 'oidc',
-                'name': 'OpenID Connect',
-                'client_id': os.getenv('OIDC_CLIENT_ID'),
-                'secret': os.getenv('OIDC_CLIENT_SECRET'),
-                'settings': {
-                    'server_url': os.getenv('OIDC_SERVER_URL'),
-                }
-            }
-        ]
-    }
-}
 
-ACCOUNT_AUTHENTICATION_METHOD = 'email'
+if (
-ACCOUNT_EMAIL_REQUIRED = True
+    os.getenv("OIDC_CLIENT_ID")
-ACCOUNT_USERNAME_REQUIRED = False
+    and os.getenv("OIDC_CLIENT_SECRET")
+    and os.getenv("OIDC_SERVER_URL")
+):
+    SOCIALACCOUNT_PROVIDERS["openid_connect"]["APPS"].append(
+        {
+            "provider_id": slugify(os.getenv("OIDC_CLIENT_NAME", "OpenID Connect")),
+            "name": os.getenv("OIDC_CLIENT_NAME", "OpenID Connect"),
+            "client_id": os.getenv("OIDC_CLIENT_ID"),
+            "secret": os.getenv("OIDC_CLIENT_SECRET"),
+            "settings": {
+                "server_url": os.getenv("OIDC_SERVER_URL"),
+            },
+        }
+    )
+
+ACCOUNT_LOGIN_METHODS = {"email"}
+ACCOUNT_SIGNUP_FIELDS = ["email*", "password1*", "password2*"]
 ACCOUNT_USER_MODEL_USERNAME_FIELD = None
-ACCOUNT_EMAIL_VERIFICATION = 'optional'
+ACCOUNT_EMAIL_VERIFICATION = "optional"
-SOCIALACCOUNT_ADAPTER = 'allauth.socialaccount.adapter.DefaultSocialAccountAdapter'
+SOCIALACCOUNT_ADAPTER = "allauth.socialaccount.adapter.DefaultSocialAccountAdapter"
-ACCOUNT_ADAPTER = 'allauth.account.adapter.DefaultAccountAdapter'
+SOCIALACCOUNT_LOGIN_ON_GET = True
+SOCIALACCOUNT_AUTO_SIGNUP = os.getenv("OIDC_ALLOW_SIGNUP", "true").lower() == "true"
+ACCOUNT_ADAPTER = "allauth.account.adapter.DefaultAccountAdapter"
+
 
 # CRISPY FORMS
 CRISPY_ALLOWED_TEMPLATE_PACKS = ["bootstrap5", "crispy_forms/pure_text"]

app/WYGIWYH/urls.py

@@ -36,7 +36,7 @@ urlpatterns = [
         SpectacularSwaggerView.as_view(url_name="schema"),
         name="swagger-ui",
     ),
-    path('accounts/', include('allauth.urls')), # allauth urls
+    path("daa/accounts/", include("allauth.urls")),  # allauth urls
     path("", include("apps.transactions.urls")),
     path("", include("apps.common.urls")),
     path("", include("apps.users.urls")),

app/apps/common/apps.py

@@ -4,3 +4,17 @@ from django.apps import AppConfig
 class CommonConfig(AppConfig):
     default_auto_field = "django.db.models.BigAutoField"
     name = "apps.common"
+
+    def ready(self):
+        from django.contrib import admin
+        from django.contrib.sites.models import Site
+        from allauth.socialaccount.models import (
+            SocialAccount,
+            SocialApp,
+            SocialToken,
+        )
+
+        admin.site.unregister(Site)
+        admin.site.unregister(SocialAccount)
+        admin.site.unregister(SocialApp)
+        admin.site.unregister(SocialToken)

app/templates/users/login.html

@@ -27,25 +27,23 @@
               <h1 class="h2 card-title text-center mb-4">Login</h1>
               {% crispy form %}
 
-              <div class="mt-3">
+              {% get_providers as socialaccount_providers %}
-                <h2>{% translate "Or login with:" %}</h2>
+              {% if socialaccount_providers %}
-                {% get_providers as socialaccount_providers %}
+                <div class="mt-3">
-                {% if socialaccount_providers %}
+                  <hr>
-                    <ul class="socialaccount_providers list-unstyled">
+                  <ul class="socialaccount_providers list-unstyled">
-                        {% for provider in socialaccount_providers %}
+                    {% for provider in socialaccount_providers %}
-                            {% if provider.id == 'oidc' %}
+                      <li class="mt-2">
-                            <li class="mt-2">
+                        <a title="{{ provider.name }}"
-                                <a title="{{provider.name}}" class="btn btn-outline-primary w-100 socialaccount_provider {{provider.id}}" href="{% provider_login_url provider.id process="login" %}">
+                           class="btn btn-outline-primary w-100 socialaccount_provider {{ provider.id }}"
-                                    Login with {{provider.name}}
+                           href="{% provider_login_url provider %}">
-                                </a>
+                          {% translate 'Login with' %} {{ provider.name }}
-                            </li>
+                        </a>
-                            {% endif %}
+                      </li>
-                        {% endfor %}
+                    {% endfor %}
-                    </ul>
+                  </ul>
-                {% else %}
+                </div>
-                    <p>{% translate "Social login is not configured." %}</p>
+              {% endif %}
-                {% endif %}
-              </div>
             </div>
           </div>
         </div>

requirements.txt

@@ -21,8 +21,7 @@ watchfiles==0.24.0  # https://github.com/samuelcolvin/watchfiles
 procrastinate[django]~=2.15.1
 
 requests~=2.32.3
-django-allauth>=0.58.2
+django-allauth[socialaccount]~=65.9.0
-requests-oauthlib>=1.3.1
 
 pytz
 python-dateutil~=2.9.0.post0