From 5d5d172b3b4a9bfce82a9da61deb8a78c800f914 Mon Sep 17 00:00:00 2001 From: "google-labs-jules[bot]" <161369871+google-labs-jules[bot]@users.noreply.github.com> Date: Sat, 31 May 2025 02:31:01 +0000 Subject: [PATCH 1/4] feat: Initial OIDC integration with django-allauth I've added django-allauth and configured it for OIDC authentication. This included changes to settings, URLs, and login templates to support OIDC. I verified that the User model and UserSettings creation are compatible. I also added documentation for OIDC environment variables to README.md. --- .env.example | 5 +++++ =0.58.2 | 6 ++++++ README.md | 20 +++++++++++++++++ app/WYGIWYH/settings.py | 39 ++++++++++++++++++++++++++++++++++ app/WYGIWYH/urls.py | 1 + app/templates/users/login.html | 21 ++++++++++++++++++ requirements.txt | 2 ++ 7 files changed, 94 insertions(+) create mode 100644 =0.58.2 diff --git a/.env.example b/.env.example index 4199907..0df5ff7 100644 --- a/.env.example +++ b/.env.example @@ -31,3 +31,8 @@ ENABLE_SOFT_DELETE=false KEEP_DELETED_TRANSACTIONS_FOR=365 TASK_WORKERS=1 # This only work if you're using the single container option. Increase to have more open queues via procrastinate, you probably don't need to increase this. + +# OIDC Configuration +OIDC_CLIENT_ID="" +OIDC_CLIENT_SECRET="" +OIDC_SERVER_URL="" diff --git a/=0.58.2 b/=0.58.2 new file mode 100644 index 0000000..d4bc4b3 --- /dev/null +++ b/=0.58.2 @@ -0,0 +1,6 @@ +Defaulting to user installation because normal site-packages is not writeable +Requirement already satisfied: django-allauth in /home/jules/.local/lib/python3.10/site-packages (65.8.1) +Requirement already satisfied: Django>=4.2.16 in /home/jules/.local/lib/python3.10/site-packages (from django-allauth) (5.1.9) +Requirement already satisfied: asgiref>=3.8.1 in /home/jules/.local/lib/python3.10/site-packages (from django-allauth) (3.8.1) +Requirement already satisfied: typing-extensions>=4 in /usr/local/lib/python3.10/dist-packages (from asgiref>=3.8.1->django-allauth) (4.13.2) +Requirement already satisfied: sqlparse>=0.3.1 in /home/jules/.local/lib/python3.10/site-packages (from Django>=4.2.16->django-allauth) (0.5.3) diff --git a/README.md b/README.md index f93ca56..de98b4b 100644 --- a/README.md +++ b/README.md @@ -144,6 +144,26 @@ To create the first user, open the container's console using Unraid's UI, by cli | ADMIN_EMAIL | string | None | Automatically creates an admin account with this email. Must have `ADMIN_PASSWORD` also set. | | ADMIN_PASSWORD | string | None | Automatically creates an admin account with this password. Must have `ADMIN_EMAIL` also set. | +## OIDC Configuration + +WYGIWYH supports login via OpenID Connect (OIDC) through `django-allauth`. This allows users to authenticate using an external OIDC provider. + +To configure OIDC, you need to set the following environment variables: + +| Variable | Description | +|----------------------|-----------------------------------------------------------------------------| +| `OIDC_CLIENT_ID` | The Client ID provided by your OIDC provider. | +| `OIDC_CLIENT_SECRET` | The Client Secret provided by your OIDC provider. | +| `OIDC_SERVER_URL` | The base URL of your OIDC provider's discovery document or authorization server (e.g., `https://your-provider.com/auth/realms/your-realm`). `django-allauth` will use this to discover the necessary endpoints (authorization, token, userinfo, etc.). | + +**Callback URL (Redirect URI):** + +When configuring your OIDC provider, you will need to provide a callback URL (also known as a Redirect URI). For WYGIWYH, using `django-allauth` with the provider ID 'oidc' (as configured in `settings.py`), the default callback URL is: + +`https://your.wygiwyh.domain/accounts/oidc/login/callback/` + +Replace `https://your.wygiwyh.domain` with the actual URL where your WYGIWYH instance is accessible. + # How it works Check out our [Wiki](https://github.com/eitchtee/WYGIWYH/wiki) for more information. diff --git a/app/WYGIWYH/settings.py b/app/WYGIWYH/settings.py index be6886b..52bbf76 100644 --- a/app/WYGIWYH/settings.py +++ b/app/WYGIWYH/settings.py @@ -42,6 +42,7 @@ INSTALLED_APPS = [ "django.contrib.contenttypes", "django.contrib.sessions", "django.contrib.messages", + "django.contrib.sites", "whitenoise.runserver_nostatic", "django.contrib.staticfiles", "webpack_boilerplate", @@ -74,8 +75,14 @@ INSTALLED_APPS = [ "apps.calendar_view.apps.CalendarViewConfig", "apps.dca.apps.DcaConfig", "pwa", + "allauth", + "allauth.account", + "allauth.socialaccount", + "allauth.socialaccount.providers.openid_connect", ] +SITE_ID = 1 + MIDDLEWARE = [ "django_browser_reload.middleware.BrowserReloadMiddleware", "apps.common.middleware.thread_local.ThreadLocalMiddleware", @@ -91,6 +98,7 @@ MIDDLEWARE = [ "django.contrib.messages.middleware.MessageMiddleware", "django.middleware.clickjacking.XFrameOptionsMiddleware", "hijack.middleware.HijackUserMiddleware", + "allauth.account.middleware.AccountMiddleware", ] ROOT_URLCONF = "WYGIWYH.urls" @@ -307,6 +315,37 @@ DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField" LOGIN_REDIRECT_URL = "/" LOGIN_URL = "/login/" +LOGOUT_REDIRECT_URL = "/login/" + +# Allauth settings +AUTHENTICATION_BACKENDS = [ + "django.contrib.auth.backends.ModelBackend", # Keep default + "allauth.account.auth_backends.AuthenticationBackend", +] + +SOCIALACCOUNT_PROVIDERS = { + 'oidc': { + 'APPS': [ + { + 'provider_id': 'oidc', + 'name': 'OpenID Connect', + 'client_id': os.getenv('OIDC_CLIENT_ID'), + 'secret': os.getenv('OIDC_CLIENT_SECRET'), + 'settings': { + 'server_url': os.getenv('OIDC_SERVER_URL'), + } + } + ] + } +} + +ACCOUNT_AUTHENTICATION_METHOD = 'email' +ACCOUNT_EMAIL_REQUIRED = True +ACCOUNT_USERNAME_REQUIRED = False +ACCOUNT_USER_MODEL_USERNAME_FIELD = None +ACCOUNT_EMAIL_VERIFICATION = 'optional' +SOCIALACCOUNT_ADAPTER = 'allauth.socialaccount.adapter.DefaultSocialAccountAdapter' +ACCOUNT_ADAPTER = 'allauth.account.adapter.DefaultAccountAdapter' # CRISPY FORMS CRISPY_ALLOWED_TEMPLATE_PACKS = ["bootstrap5", "crispy_forms/pure_text"] diff --git a/app/WYGIWYH/urls.py b/app/WYGIWYH/urls.py index a9612fb..24bcaee 100644 --- a/app/WYGIWYH/urls.py +++ b/app/WYGIWYH/urls.py @@ -36,6 +36,7 @@ urlpatterns = [ SpectacularSwaggerView.as_view(url_name="schema"), name="swagger-ui", ), + path('accounts/', include('allauth.urls')), # allauth urls path("", include("apps.transactions.urls")), path("", include("apps.common.urls")), path("", include("apps.users.urls")), diff --git a/app/templates/users/login.html b/app/templates/users/login.html index 341884c..ce54b57 100644 --- a/app/templates/users/login.html +++ b/app/templates/users/login.html @@ -2,6 +2,7 @@ {% load i18n %} {% load settings %} {% load crispy_forms_tags %} +{% load socialaccount %} {% block title %}Login{% endblock %} @@ -25,6 +26,26 @@

Login

{% crispy form %} + +
+

{% translate "Or login with:" %}

+ {% get_providers as socialaccount_providers %} + {% if socialaccount_providers %} + + {% else %} +

{% translate "Social login is not configured." %}

+ {% endif %} +
diff --git a/requirements.txt b/requirements.txt index 67eded0..db26aef 100644 --- a/requirements.txt +++ b/requirements.txt @@ -21,6 +21,8 @@ watchfiles==0.24.0 # https://github.com/samuelcolvin/watchfiles procrastinate[django]~=2.15.1 requests~=2.32.3 +django-allauth>=0.58.2 +requests-oauthlib>=1.3.1 pytz python-dateutil~=2.9.0.post0 From c8d316857fcb2dcee31129d6c49198859f7fe6e2 Mon Sep 17 00:00:00 2001 From: Herculino Trotta Date: Mon, 16 Jun 2025 21:33:59 -0300 Subject: [PATCH 2/4] feat: changes --- =0.58.2 | 6 --- README.md | 19 ++++--- app/WYGIWYH/settings.py | 52 +++++++++++-------- app/WYGIWYH/urls.py | 2 +- app/apps/common/apps.py | 14 +++++ .../0021_alter_usersettings_timezone.py | 18 +++++++ app/templates/users/login.html | 36 ++++++------- requirements.txt | 3 +- 8 files changed, 92 insertions(+), 58 deletions(-) delete mode 100644 =0.58.2 create mode 100644 app/apps/users/migrations/0021_alter_usersettings_timezone.py diff --git a/=0.58.2 b/=0.58.2 deleted file mode 100644 index d4bc4b3..0000000 --- a/=0.58.2 +++ /dev/null @@ -1,6 +0,0 @@ -Defaulting to user installation because normal site-packages is not writeable -Requirement already satisfied: django-allauth in /home/jules/.local/lib/python3.10/site-packages (65.8.1) -Requirement already satisfied: Django>=4.2.16 in /home/jules/.local/lib/python3.10/site-packages (from django-allauth) (5.1.9) -Requirement already satisfied: asgiref>=3.8.1 in /home/jules/.local/lib/python3.10/site-packages (from django-allauth) (3.8.1) -Requirement already satisfied: typing-extensions>=4 in /usr/local/lib/python3.10/dist-packages (from asgiref>=3.8.1->django-allauth) (4.13.2) -Requirement already satisfied: sqlparse>=0.3.1 in /home/jules/.local/lib/python3.10/site-packages (from Django>=4.2.16->django-allauth) (0.5.3) diff --git a/README.md b/README.md index de98b4b..7a7a42c 100644 --- a/README.md +++ b/README.md @@ -148,21 +148,26 @@ To create the first user, open the container's console using Unraid's UI, by cli WYGIWYH supports login via OpenID Connect (OIDC) through `django-allauth`. This allows users to authenticate using an external OIDC provider. +> [!NOTE] +> Currently only OpenID Connect is supported as a provider, open an issue if you need something else. + To configure OIDC, you need to set the following environment variables: -| Variable | Description | -|----------------------|-----------------------------------------------------------------------------| -| `OIDC_CLIENT_ID` | The Client ID provided by your OIDC provider. | -| `OIDC_CLIENT_SECRET` | The Client Secret provided by your OIDC provider. | +| Variable | Description | +|----------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `OIDC_CLIENT_NAME` | The name of the provider. will be displayed in the login page. Defaults to `OpenID Connect` | +| `OIDC_CLIENT_ID` | The Client ID provided by your OIDC provider. | +| `OIDC_CLIENT_SECRET` | The Client Secret provided by your OIDC provider. | | `OIDC_SERVER_URL` | The base URL of your OIDC provider's discovery document or authorization server (e.g., `https://your-provider.com/auth/realms/your-realm`). `django-allauth` will use this to discover the necessary endpoints (authorization, token, userinfo, etc.). | +| `OIDC_ALLOW_SIGNUP` | Allow the automatic creation of inexistent accounts on a successfull authentication. Defaults to `true`. | **Callback URL (Redirect URI):** -When configuring your OIDC provider, you will need to provide a callback URL (also known as a Redirect URI). For WYGIWYH, using `django-allauth` with the provider ID 'oidc' (as configured in `settings.py`), the default callback URL is: +When configuring your OIDC provider, you will need to provide a callback URL (also known as a Redirect URI). For WYGIWYH, the default callback URL is: -`https://your.wygiwyh.domain/accounts/oidc/login/callback/` +`https://your.wygiwyh.domain/daa/accounts/oidc//login/callback/` -Replace `https://your.wygiwyh.domain` with the actual URL where your WYGIWYH instance is accessible. +Replace `https://your.wygiwyh.domain` with the actual URL where your WYGIWYH instance is accessible. And `` with the slugfied value set in OIDC_CLIENT_NAME or the default `openid-connect` if you haven't set this variable. # How it works diff --git a/app/WYGIWYH/settings.py b/app/WYGIWYH/settings.py index 52bbf76..67c47ff 100644 --- a/app/WYGIWYH/settings.py +++ b/app/WYGIWYH/settings.py @@ -14,6 +14,7 @@ import os import sys from pathlib import Path +from django.utils.text import slugify SITE_TITLE = "WYGIWYH" TITLE_SEPARATOR = "::" @@ -62,7 +63,6 @@ INSTALLED_APPS = [ "apps.transactions.apps.TransactionsConfig", "apps.currencies.apps.CurrenciesConfig", "apps.accounts.apps.AccountsConfig", - "apps.common.apps.CommonConfig", "apps.net_worth.apps.NetWorthConfig", "apps.import_app.apps.ImportConfig", "apps.export_app.apps.ExportConfig", @@ -79,6 +79,7 @@ INSTALLED_APPS = [ "allauth.account", "allauth.socialaccount", "allauth.socialaccount.providers.openid_connect", + "apps.common.apps.CommonConfig", ] SITE_ID = 1 @@ -319,33 +320,38 @@ LOGOUT_REDIRECT_URL = "/login/" # Allauth settings AUTHENTICATION_BACKENDS = [ - "django.contrib.auth.backends.ModelBackend", # Keep default + "django.contrib.auth.backends.ModelBackend", # Keep default "allauth.account.auth_backends.AuthenticationBackend", ] -SOCIALACCOUNT_PROVIDERS = { - 'oidc': { - 'APPS': [ - { - 'provider_id': 'oidc', - 'name': 'OpenID Connect', - 'client_id': os.getenv('OIDC_CLIENT_ID'), - 'secret': os.getenv('OIDC_CLIENT_SECRET'), - 'settings': { - 'server_url': os.getenv('OIDC_SERVER_URL'), - } - } - ] - } -} +SOCIALACCOUNT_PROVIDERS = {"openid_connect": {"APPS": []}} -ACCOUNT_AUTHENTICATION_METHOD = 'email' -ACCOUNT_EMAIL_REQUIRED = True -ACCOUNT_USERNAME_REQUIRED = False +if ( + os.getenv("OIDC_CLIENT_ID") + and os.getenv("OIDC_CLIENT_SECRET") + and os.getenv("OIDC_SERVER_URL") +): + SOCIALACCOUNT_PROVIDERS["openid_connect"]["APPS"].append( + { + "provider_id": slugify(os.getenv("OIDC_CLIENT_NAME", "OpenID Connect")), + "name": os.getenv("OIDC_CLIENT_NAME", "OpenID Connect"), + "client_id": os.getenv("OIDC_CLIENT_ID"), + "secret": os.getenv("OIDC_CLIENT_SECRET"), + "settings": { + "server_url": os.getenv("OIDC_SERVER_URL"), + }, + } + ) + +ACCOUNT_LOGIN_METHODS = {"email"} +ACCOUNT_SIGNUP_FIELDS = ["email*", "password1*", "password2*"] ACCOUNT_USER_MODEL_USERNAME_FIELD = None -ACCOUNT_EMAIL_VERIFICATION = 'optional' -SOCIALACCOUNT_ADAPTER = 'allauth.socialaccount.adapter.DefaultSocialAccountAdapter' -ACCOUNT_ADAPTER = 'allauth.account.adapter.DefaultAccountAdapter' +ACCOUNT_EMAIL_VERIFICATION = "optional" +SOCIALACCOUNT_ADAPTER = "allauth.socialaccount.adapter.DefaultSocialAccountAdapter" +SOCIALACCOUNT_LOGIN_ON_GET = True +SOCIALACCOUNT_AUTO_SIGNUP = os.getenv("OIDC_ALLOW_SIGNUP", "true").lower() == "true" +ACCOUNT_ADAPTER = "allauth.account.adapter.DefaultAccountAdapter" + # CRISPY FORMS CRISPY_ALLOWED_TEMPLATE_PACKS = ["bootstrap5", "crispy_forms/pure_text"] diff --git a/app/WYGIWYH/urls.py b/app/WYGIWYH/urls.py index 24bcaee..c60c519 100644 --- a/app/WYGIWYH/urls.py +++ b/app/WYGIWYH/urls.py @@ -36,7 +36,7 @@ urlpatterns = [ SpectacularSwaggerView.as_view(url_name="schema"), name="swagger-ui", ), - path('accounts/', include('allauth.urls')), # allauth urls + path("daa/accounts/", include("allauth.urls")), # allauth urls path("", include("apps.transactions.urls")), path("", include("apps.common.urls")), path("", include("apps.users.urls")), diff --git a/app/apps/common/apps.py b/app/apps/common/apps.py index df04969..76c08b2 100644 --- a/app/apps/common/apps.py +++ b/app/apps/common/apps.py @@ -4,3 +4,17 @@ from django.apps import AppConfig class CommonConfig(AppConfig): default_auto_field = "django.db.models.BigAutoField" name = "apps.common" + + def ready(self): + from django.contrib import admin + from django.contrib.sites.models import Site + from allauth.socialaccount.models import ( + SocialAccount, + SocialApp, + SocialToken, + ) + + admin.site.unregister(Site) + admin.site.unregister(SocialAccount) + admin.site.unregister(SocialApp) + admin.site.unregister(SocialToken) diff --git a/app/apps/users/migrations/0021_alter_usersettings_timezone.py b/app/apps/users/migrations/0021_alter_usersettings_timezone.py new file mode 100644 index 0000000..7a764d9 --- /dev/null +++ b/app/apps/users/migrations/0021_alter_usersettings_timezone.py @@ -0,0 +1,18 @@ +# Generated by Django 5.1.11 on 2025-06-16 02:28 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('users', '0020_alter_usersettings_language'), + ] + + operations = [ + migrations.AlterField( + model_name='usersettings', + name='timezone', + field=models.CharField(choices=[('auto', 'Auto'), ('Africa/Abidjan', 'Africa/Abidjan'), ('Africa/Accra', 'Africa/Accra'), ('Africa/Addis_Ababa', 'Africa/Addis_Ababa'), ('Africa/Algiers', 'Africa/Algiers'), ('Africa/Asmara', 'Africa/Asmara'), ('Africa/Bamako', 'Africa/Bamako'), ('Africa/Bangui', 'Africa/Bangui'), ('Africa/Banjul', 'Africa/Banjul'), ('Africa/Bissau', 'Africa/Bissau'), ('Africa/Blantyre', 'Africa/Blantyre'), ('Africa/Brazzaville', 'Africa/Brazzaville'), ('Africa/Bujumbura', 'Africa/Bujumbura'), ('Africa/Cairo', 'Africa/Cairo'), ('Africa/Casablanca', 'Africa/Casablanca'), ('Africa/Ceuta', 'Africa/Ceuta'), ('Africa/Conakry', 'Africa/Conakry'), ('Africa/Dakar', 'Africa/Dakar'), ('Africa/Dar_es_Salaam', 'Africa/Dar_es_Salaam'), ('Africa/Djibouti', 'Africa/Djibouti'), ('Africa/Douala', 'Africa/Douala'), ('Africa/El_Aaiun', 'Africa/El_Aaiun'), ('Africa/Freetown', 'Africa/Freetown'), ('Africa/Gaborone', 'Africa/Gaborone'), ('Africa/Harare', 'Africa/Harare'), ('Africa/Johannesburg', 'Africa/Johannesburg'), ('Africa/Juba', 'Africa/Juba'), ('Africa/Kampala', 'Africa/Kampala'), ('Africa/Khartoum', 'Africa/Khartoum'), ('Africa/Kigali', 'Africa/Kigali'), ('Africa/Kinshasa', 'Africa/Kinshasa'), ('Africa/Lagos', 'Africa/Lagos'), ('Africa/Libreville', 'Africa/Libreville'), ('Africa/Lome', 'Africa/Lome'), ('Africa/Luanda', 'Africa/Luanda'), ('Africa/Lubumbashi', 'Africa/Lubumbashi'), ('Africa/Lusaka', 'Africa/Lusaka'), ('Africa/Malabo', 'Africa/Malabo'), ('Africa/Maputo', 'Africa/Maputo'), ('Africa/Maseru', 'Africa/Maseru'), ('Africa/Mbabane', 'Africa/Mbabane'), ('Africa/Mogadishu', 'Africa/Mogadishu'), ('Africa/Monrovia', 'Africa/Monrovia'), ('Africa/Nairobi', 'Africa/Nairobi'), ('Africa/Ndjamena', 'Africa/Ndjamena'), ('Africa/Niamey', 'Africa/Niamey'), ('Africa/Nouakchott', 'Africa/Nouakchott'), ('Africa/Ouagadougou', 'Africa/Ouagadougou'), ('Africa/Porto-Novo', 'Africa/Porto-Novo'), ('Africa/Sao_Tome', 'Africa/Sao_Tome'), ('Africa/Tripoli', 'Africa/Tripoli'), ('Africa/Tunis', 'Africa/Tunis'), ('Africa/Windhoek', 'Africa/Windhoek'), ('America/Adak', 'America/Adak'), ('America/Anchorage', 'America/Anchorage'), ('America/Anguilla', 'America/Anguilla'), ('America/Antigua', 'America/Antigua'), ('America/Araguaina', 'America/Araguaina'), ('America/Argentina/Buenos_Aires', 'America/Argentina/Buenos_Aires'), ('America/Argentina/Catamarca', 'America/Argentina/Catamarca'), ('America/Argentina/Cordoba', 'America/Argentina/Cordoba'), ('America/Argentina/Jujuy', 'America/Argentina/Jujuy'), ('America/Argentina/La_Rioja', 'America/Argentina/La_Rioja'), ('America/Argentina/Mendoza', 'America/Argentina/Mendoza'), ('America/Argentina/Rio_Gallegos', 'America/Argentina/Rio_Gallegos'), ('America/Argentina/Salta', 'America/Argentina/Salta'), ('America/Argentina/San_Juan', 'America/Argentina/San_Juan'), ('America/Argentina/San_Luis', 'America/Argentina/San_Luis'), ('America/Argentina/Tucuman', 'America/Argentina/Tucuman'), ('America/Argentina/Ushuaia', 'America/Argentina/Ushuaia'), ('America/Aruba', 'America/Aruba'), ('America/Asuncion', 'America/Asuncion'), ('America/Atikokan', 'America/Atikokan'), ('America/Bahia', 'America/Bahia'), ('America/Bahia_Banderas', 'America/Bahia_Banderas'), ('America/Barbados', 'America/Barbados'), ('America/Belem', 'America/Belem'), ('America/Belize', 'America/Belize'), ('America/Blanc-Sablon', 'America/Blanc-Sablon'), ('America/Boa_Vista', 'America/Boa_Vista'), ('America/Bogota', 'America/Bogota'), ('America/Boise', 'America/Boise'), ('America/Cambridge_Bay', 'America/Cambridge_Bay'), ('America/Campo_Grande', 'America/Campo_Grande'), ('America/Cancun', 'America/Cancun'), ('America/Caracas', 'America/Caracas'), ('America/Cayenne', 'America/Cayenne'), ('America/Cayman', 'America/Cayman'), ('America/Chicago', 'America/Chicago'), ('America/Chihuahua', 'America/Chihuahua'), ('America/Ciudad_Juarez', 'America/Ciudad_Juarez'), ('America/Costa_Rica', 'America/Costa_Rica'), ('America/Coyhaique', 'America/Coyhaique'), ('America/Creston', 'America/Creston'), ('America/Cuiaba', 'America/Cuiaba'), ('America/Curacao', 'America/Curacao'), ('America/Danmarkshavn', 'America/Danmarkshavn'), ('America/Dawson', 'America/Dawson'), ('America/Dawson_Creek', 'America/Dawson_Creek'), ('America/Denver', 'America/Denver'), ('America/Detroit', 'America/Detroit'), ('America/Dominica', 'America/Dominica'), ('America/Edmonton', 'America/Edmonton'), ('America/Eirunepe', 'America/Eirunepe'), ('America/El_Salvador', 'America/El_Salvador'), ('America/Fort_Nelson', 'America/Fort_Nelson'), ('America/Fortaleza', 'America/Fortaleza'), ('America/Glace_Bay', 'America/Glace_Bay'), ('America/Goose_Bay', 'America/Goose_Bay'), ('America/Grand_Turk', 'America/Grand_Turk'), ('America/Grenada', 'America/Grenada'), ('America/Guadeloupe', 'America/Guadeloupe'), ('America/Guatemala', 'America/Guatemala'), ('America/Guayaquil', 'America/Guayaquil'), ('America/Guyana', 'America/Guyana'), ('America/Halifax', 'America/Halifax'), ('America/Havana', 'America/Havana'), ('America/Hermosillo', 'America/Hermosillo'), ('America/Indiana/Indianapolis', 'America/Indiana/Indianapolis'), ('America/Indiana/Knox', 'America/Indiana/Knox'), ('America/Indiana/Marengo', 'America/Indiana/Marengo'), ('America/Indiana/Petersburg', 'America/Indiana/Petersburg'), ('America/Indiana/Tell_City', 'America/Indiana/Tell_City'), ('America/Indiana/Vevay', 'America/Indiana/Vevay'), ('America/Indiana/Vincennes', 'America/Indiana/Vincennes'), ('America/Indiana/Winamac', 'America/Indiana/Winamac'), ('America/Inuvik', 'America/Inuvik'), ('America/Iqaluit', 'America/Iqaluit'), ('America/Jamaica', 'America/Jamaica'), ('America/Juneau', 'America/Juneau'), ('America/Kentucky/Louisville', 'America/Kentucky/Louisville'), ('America/Kentucky/Monticello', 'America/Kentucky/Monticello'), ('America/Kralendijk', 'America/Kralendijk'), ('America/La_Paz', 'America/La_Paz'), ('America/Lima', 'America/Lima'), ('America/Los_Angeles', 'America/Los_Angeles'), ('America/Lower_Princes', 'America/Lower_Princes'), ('America/Maceio', 'America/Maceio'), ('America/Managua', 'America/Managua'), ('America/Manaus', 'America/Manaus'), ('America/Marigot', 'America/Marigot'), ('America/Martinique', 'America/Martinique'), ('America/Matamoros', 'America/Matamoros'), ('America/Mazatlan', 'America/Mazatlan'), ('America/Menominee', 'America/Menominee'), ('America/Merida', 'America/Merida'), ('America/Metlakatla', 'America/Metlakatla'), ('America/Mexico_City', 'America/Mexico_City'), ('America/Miquelon', 'America/Miquelon'), ('America/Moncton', 'America/Moncton'), ('America/Monterrey', 'America/Monterrey'), ('America/Montevideo', 'America/Montevideo'), ('America/Montserrat', 'America/Montserrat'), ('America/Nassau', 'America/Nassau'), ('America/New_York', 'America/New_York'), ('America/Nome', 'America/Nome'), ('America/Noronha', 'America/Noronha'), ('America/North_Dakota/Beulah', 'America/North_Dakota/Beulah'), ('America/North_Dakota/Center', 'America/North_Dakota/Center'), ('America/North_Dakota/New_Salem', 'America/North_Dakota/New_Salem'), ('America/Nuuk', 'America/Nuuk'), ('America/Ojinaga', 'America/Ojinaga'), ('America/Panama', 'America/Panama'), ('America/Paramaribo', 'America/Paramaribo'), ('America/Phoenix', 'America/Phoenix'), ('America/Port-au-Prince', 'America/Port-au-Prince'), ('America/Port_of_Spain', 'America/Port_of_Spain'), ('America/Porto_Velho', 'America/Porto_Velho'), ('America/Puerto_Rico', 'America/Puerto_Rico'), ('America/Punta_Arenas', 'America/Punta_Arenas'), ('America/Rankin_Inlet', 'America/Rankin_Inlet'), ('America/Recife', 'America/Recife'), ('America/Regina', 'America/Regina'), ('America/Resolute', 'America/Resolute'), ('America/Rio_Branco', 'America/Rio_Branco'), ('America/Santarem', 'America/Santarem'), ('America/Santiago', 'America/Santiago'), ('America/Santo_Domingo', 'America/Santo_Domingo'), ('America/Sao_Paulo', 'America/Sao_Paulo'), ('America/Scoresbysund', 'America/Scoresbysund'), ('America/Sitka', 'America/Sitka'), ('America/St_Barthelemy', 'America/St_Barthelemy'), ('America/St_Johns', 'America/St_Johns'), ('America/St_Kitts', 'America/St_Kitts'), ('America/St_Lucia', 'America/St_Lucia'), ('America/St_Thomas', 'America/St_Thomas'), ('America/St_Vincent', 'America/St_Vincent'), ('America/Swift_Current', 'America/Swift_Current'), ('America/Tegucigalpa', 'America/Tegucigalpa'), ('America/Thule', 'America/Thule'), ('America/Tijuana', 'America/Tijuana'), ('America/Toronto', 'America/Toronto'), ('America/Tortola', 'America/Tortola'), ('America/Vancouver', 'America/Vancouver'), ('America/Whitehorse', 'America/Whitehorse'), ('America/Winnipeg', 'America/Winnipeg'), ('America/Yakutat', 'America/Yakutat'), ('Antarctica/Casey', 'Antarctica/Casey'), ('Antarctica/Davis', 'Antarctica/Davis'), ('Antarctica/DumontDUrville', 'Antarctica/DumontDUrville'), ('Antarctica/Macquarie', 'Antarctica/Macquarie'), ('Antarctica/Mawson', 'Antarctica/Mawson'), ('Antarctica/McMurdo', 'Antarctica/McMurdo'), ('Antarctica/Palmer', 'Antarctica/Palmer'), ('Antarctica/Rothera', 'Antarctica/Rothera'), ('Antarctica/Syowa', 'Antarctica/Syowa'), ('Antarctica/Troll', 'Antarctica/Troll'), ('Antarctica/Vostok', 'Antarctica/Vostok'), ('Arctic/Longyearbyen', 'Arctic/Longyearbyen'), ('Asia/Aden', 'Asia/Aden'), ('Asia/Almaty', 'Asia/Almaty'), ('Asia/Amman', 'Asia/Amman'), ('Asia/Anadyr', 'Asia/Anadyr'), ('Asia/Aqtau', 'Asia/Aqtau'), ('Asia/Aqtobe', 'Asia/Aqtobe'), ('Asia/Ashgabat', 'Asia/Ashgabat'), ('Asia/Atyrau', 'Asia/Atyrau'), ('Asia/Baghdad', 'Asia/Baghdad'), ('Asia/Bahrain', 'Asia/Bahrain'), ('Asia/Baku', 'Asia/Baku'), ('Asia/Bangkok', 'Asia/Bangkok'), ('Asia/Barnaul', 'Asia/Barnaul'), ('Asia/Beirut', 'Asia/Beirut'), ('Asia/Bishkek', 'Asia/Bishkek'), ('Asia/Brunei', 'Asia/Brunei'), ('Asia/Chita', 'Asia/Chita'), ('Asia/Colombo', 'Asia/Colombo'), ('Asia/Damascus', 'Asia/Damascus'), ('Asia/Dhaka', 'Asia/Dhaka'), ('Asia/Dili', 'Asia/Dili'), ('Asia/Dubai', 'Asia/Dubai'), ('Asia/Dushanbe', 'Asia/Dushanbe'), ('Asia/Famagusta', 'Asia/Famagusta'), ('Asia/Gaza', 'Asia/Gaza'), ('Asia/Hebron', 'Asia/Hebron'), ('Asia/Ho_Chi_Minh', 'Asia/Ho_Chi_Minh'), ('Asia/Hong_Kong', 'Asia/Hong_Kong'), ('Asia/Hovd', 'Asia/Hovd'), ('Asia/Irkutsk', 'Asia/Irkutsk'), ('Asia/Jakarta', 'Asia/Jakarta'), ('Asia/Jayapura', 'Asia/Jayapura'), ('Asia/Jerusalem', 'Asia/Jerusalem'), ('Asia/Kabul', 'Asia/Kabul'), ('Asia/Kamchatka', 'Asia/Kamchatka'), ('Asia/Karachi', 'Asia/Karachi'), ('Asia/Kathmandu', 'Asia/Kathmandu'), ('Asia/Khandyga', 'Asia/Khandyga'), ('Asia/Kolkata', 'Asia/Kolkata'), ('Asia/Krasnoyarsk', 'Asia/Krasnoyarsk'), ('Asia/Kuala_Lumpur', 'Asia/Kuala_Lumpur'), ('Asia/Kuching', 'Asia/Kuching'), ('Asia/Kuwait', 'Asia/Kuwait'), ('Asia/Macau', 'Asia/Macau'), ('Asia/Magadan', 'Asia/Magadan'), ('Asia/Makassar', 'Asia/Makassar'), ('Asia/Manila', 'Asia/Manila'), ('Asia/Muscat', 'Asia/Muscat'), ('Asia/Nicosia', 'Asia/Nicosia'), ('Asia/Novokuznetsk', 'Asia/Novokuznetsk'), ('Asia/Novosibirsk', 'Asia/Novosibirsk'), ('Asia/Omsk', 'Asia/Omsk'), ('Asia/Oral', 'Asia/Oral'), ('Asia/Phnom_Penh', 'Asia/Phnom_Penh'), ('Asia/Pontianak', 'Asia/Pontianak'), ('Asia/Pyongyang', 'Asia/Pyongyang'), ('Asia/Qatar', 'Asia/Qatar'), ('Asia/Qostanay', 'Asia/Qostanay'), ('Asia/Qyzylorda', 'Asia/Qyzylorda'), ('Asia/Riyadh', 'Asia/Riyadh'), ('Asia/Sakhalin', 'Asia/Sakhalin'), ('Asia/Samarkand', 'Asia/Samarkand'), ('Asia/Seoul', 'Asia/Seoul'), ('Asia/Shanghai', 'Asia/Shanghai'), ('Asia/Singapore', 'Asia/Singapore'), ('Asia/Srednekolymsk', 'Asia/Srednekolymsk'), ('Asia/Taipei', 'Asia/Taipei'), ('Asia/Tashkent', 'Asia/Tashkent'), ('Asia/Tbilisi', 'Asia/Tbilisi'), ('Asia/Tehran', 'Asia/Tehran'), ('Asia/Thimphu', 'Asia/Thimphu'), ('Asia/Tokyo', 'Asia/Tokyo'), ('Asia/Tomsk', 'Asia/Tomsk'), ('Asia/Ulaanbaatar', 'Asia/Ulaanbaatar'), ('Asia/Urumqi', 'Asia/Urumqi'), ('Asia/Ust-Nera', 'Asia/Ust-Nera'), ('Asia/Vientiane', 'Asia/Vientiane'), ('Asia/Vladivostok', 'Asia/Vladivostok'), ('Asia/Yakutsk', 'Asia/Yakutsk'), ('Asia/Yangon', 'Asia/Yangon'), ('Asia/Yekaterinburg', 'Asia/Yekaterinburg'), ('Asia/Yerevan', 'Asia/Yerevan'), ('Atlantic/Azores', 'Atlantic/Azores'), ('Atlantic/Bermuda', 'Atlantic/Bermuda'), ('Atlantic/Canary', 'Atlantic/Canary'), ('Atlantic/Cape_Verde', 'Atlantic/Cape_Verde'), ('Atlantic/Faroe', 'Atlantic/Faroe'), ('Atlantic/Madeira', 'Atlantic/Madeira'), ('Atlantic/Reykjavik', 'Atlantic/Reykjavik'), ('Atlantic/South_Georgia', 'Atlantic/South_Georgia'), ('Atlantic/St_Helena', 'Atlantic/St_Helena'), ('Atlantic/Stanley', 'Atlantic/Stanley'), ('Australia/Adelaide', 'Australia/Adelaide'), ('Australia/Brisbane', 'Australia/Brisbane'), ('Australia/Broken_Hill', 'Australia/Broken_Hill'), ('Australia/Darwin', 'Australia/Darwin'), ('Australia/Eucla', 'Australia/Eucla'), ('Australia/Hobart', 'Australia/Hobart'), ('Australia/Lindeman', 'Australia/Lindeman'), ('Australia/Lord_Howe', 'Australia/Lord_Howe'), ('Australia/Melbourne', 'Australia/Melbourne'), ('Australia/Perth', 'Australia/Perth'), ('Australia/Sydney', 'Australia/Sydney'), ('Canada/Atlantic', 'Canada/Atlantic'), ('Canada/Central', 'Canada/Central'), ('Canada/Eastern', 'Canada/Eastern'), ('Canada/Mountain', 'Canada/Mountain'), ('Canada/Newfoundland', 'Canada/Newfoundland'), ('Canada/Pacific', 'Canada/Pacific'), ('Europe/Amsterdam', 'Europe/Amsterdam'), ('Europe/Andorra', 'Europe/Andorra'), ('Europe/Astrakhan', 'Europe/Astrakhan'), ('Europe/Athens', 'Europe/Athens'), ('Europe/Belgrade', 'Europe/Belgrade'), ('Europe/Berlin', 'Europe/Berlin'), ('Europe/Bratislava', 'Europe/Bratislava'), ('Europe/Brussels', 'Europe/Brussels'), ('Europe/Bucharest', 'Europe/Bucharest'), ('Europe/Budapest', 'Europe/Budapest'), ('Europe/Busingen', 'Europe/Busingen'), ('Europe/Chisinau', 'Europe/Chisinau'), ('Europe/Copenhagen', 'Europe/Copenhagen'), ('Europe/Dublin', 'Europe/Dublin'), ('Europe/Gibraltar', 'Europe/Gibraltar'), ('Europe/Guernsey', 'Europe/Guernsey'), ('Europe/Helsinki', 'Europe/Helsinki'), ('Europe/Isle_of_Man', 'Europe/Isle_of_Man'), ('Europe/Istanbul', 'Europe/Istanbul'), ('Europe/Jersey', 'Europe/Jersey'), ('Europe/Kaliningrad', 'Europe/Kaliningrad'), ('Europe/Kirov', 'Europe/Kirov'), ('Europe/Kyiv', 'Europe/Kyiv'), ('Europe/Lisbon', 'Europe/Lisbon'), ('Europe/Ljubljana', 'Europe/Ljubljana'), ('Europe/London', 'Europe/London'), ('Europe/Luxembourg', 'Europe/Luxembourg'), ('Europe/Madrid', 'Europe/Madrid'), ('Europe/Malta', 'Europe/Malta'), ('Europe/Mariehamn', 'Europe/Mariehamn'), ('Europe/Minsk', 'Europe/Minsk'), ('Europe/Monaco', 'Europe/Monaco'), ('Europe/Moscow', 'Europe/Moscow'), ('Europe/Oslo', 'Europe/Oslo'), ('Europe/Paris', 'Europe/Paris'), ('Europe/Podgorica', 'Europe/Podgorica'), ('Europe/Prague', 'Europe/Prague'), ('Europe/Riga', 'Europe/Riga'), ('Europe/Rome', 'Europe/Rome'), ('Europe/Samara', 'Europe/Samara'), ('Europe/San_Marino', 'Europe/San_Marino'), ('Europe/Sarajevo', 'Europe/Sarajevo'), ('Europe/Saratov', 'Europe/Saratov'), ('Europe/Simferopol', 'Europe/Simferopol'), ('Europe/Skopje', 'Europe/Skopje'), ('Europe/Sofia', 'Europe/Sofia'), ('Europe/Stockholm', 'Europe/Stockholm'), ('Europe/Tallinn', 'Europe/Tallinn'), ('Europe/Tirane', 'Europe/Tirane'), ('Europe/Ulyanovsk', 'Europe/Ulyanovsk'), ('Europe/Vaduz', 'Europe/Vaduz'), ('Europe/Vatican', 'Europe/Vatican'), ('Europe/Vienna', 'Europe/Vienna'), ('Europe/Vilnius', 'Europe/Vilnius'), ('Europe/Volgograd', 'Europe/Volgograd'), ('Europe/Warsaw', 'Europe/Warsaw'), ('Europe/Zagreb', 'Europe/Zagreb'), ('Europe/Zurich', 'Europe/Zurich'), ('GMT', 'GMT'), ('Indian/Antananarivo', 'Indian/Antananarivo'), ('Indian/Chagos', 'Indian/Chagos'), ('Indian/Christmas', 'Indian/Christmas'), ('Indian/Cocos', 'Indian/Cocos'), ('Indian/Comoro', 'Indian/Comoro'), ('Indian/Kerguelen', 'Indian/Kerguelen'), ('Indian/Mahe', 'Indian/Mahe'), ('Indian/Maldives', 'Indian/Maldives'), ('Indian/Mauritius', 'Indian/Mauritius'), ('Indian/Mayotte', 'Indian/Mayotte'), ('Indian/Reunion', 'Indian/Reunion'), ('Pacific/Apia', 'Pacific/Apia'), ('Pacific/Auckland', 'Pacific/Auckland'), ('Pacific/Bougainville', 'Pacific/Bougainville'), ('Pacific/Chatham', 'Pacific/Chatham'), ('Pacific/Chuuk', 'Pacific/Chuuk'), ('Pacific/Easter', 'Pacific/Easter'), ('Pacific/Efate', 'Pacific/Efate'), ('Pacific/Fakaofo', 'Pacific/Fakaofo'), ('Pacific/Fiji', 'Pacific/Fiji'), ('Pacific/Funafuti', 'Pacific/Funafuti'), ('Pacific/Galapagos', 'Pacific/Galapagos'), ('Pacific/Gambier', 'Pacific/Gambier'), ('Pacific/Guadalcanal', 'Pacific/Guadalcanal'), ('Pacific/Guam', 'Pacific/Guam'), ('Pacific/Honolulu', 'Pacific/Honolulu'), ('Pacific/Kanton', 'Pacific/Kanton'), ('Pacific/Kiritimati', 'Pacific/Kiritimati'), ('Pacific/Kosrae', 'Pacific/Kosrae'), ('Pacific/Kwajalein', 'Pacific/Kwajalein'), ('Pacific/Majuro', 'Pacific/Majuro'), ('Pacific/Marquesas', 'Pacific/Marquesas'), ('Pacific/Midway', 'Pacific/Midway'), ('Pacific/Nauru', 'Pacific/Nauru'), ('Pacific/Niue', 'Pacific/Niue'), ('Pacific/Norfolk', 'Pacific/Norfolk'), ('Pacific/Noumea', 'Pacific/Noumea'), ('Pacific/Pago_Pago', 'Pacific/Pago_Pago'), ('Pacific/Palau', 'Pacific/Palau'), ('Pacific/Pitcairn', 'Pacific/Pitcairn'), ('Pacific/Pohnpei', 'Pacific/Pohnpei'), ('Pacific/Port_Moresby', 'Pacific/Port_Moresby'), ('Pacific/Rarotonga', 'Pacific/Rarotonga'), ('Pacific/Saipan', 'Pacific/Saipan'), ('Pacific/Tahiti', 'Pacific/Tahiti'), ('Pacific/Tarawa', 'Pacific/Tarawa'), ('Pacific/Tongatapu', 'Pacific/Tongatapu'), ('Pacific/Wake', 'Pacific/Wake'), ('Pacific/Wallis', 'Pacific/Wallis'), ('US/Alaska', 'US/Alaska'), ('US/Arizona', 'US/Arizona'), ('US/Central', 'US/Central'), ('US/Eastern', 'US/Eastern'), ('US/Hawaii', 'US/Hawaii'), ('US/Mountain', 'US/Mountain'), ('US/Pacific', 'US/Pacific'), ('UTC', 'UTC')], default='auto', max_length=50, verbose_name='Time Zone'), + ), + ] diff --git a/app/templates/users/login.html b/app/templates/users/login.html index ce54b57..8c74dc0 100644 --- a/app/templates/users/login.html +++ b/app/templates/users/login.html @@ -27,25 +27,23 @@

Login

{% crispy form %} -
-

{% translate "Or login with:" %}

- {% get_providers as socialaccount_providers %} - {% if socialaccount_providers %} - - {% else %} -

{% translate "Social login is not configured." %}

- {% endif %} -
+ {% get_providers as socialaccount_providers %} + {% if socialaccount_providers %} +
+
+ +
+ {% endif %} diff --git a/requirements.txt b/requirements.txt index db26aef..06a7a5e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -21,8 +21,7 @@ watchfiles==0.24.0 # https://github.com/samuelcolvin/watchfiles procrastinate[django]~=2.15.1 requests~=2.32.3 -django-allauth>=0.58.2 -requests-oauthlib>=1.3.1 +django-allauth[socialaccount]~=65.9.0 pytz python-dateutil~=2.9.0.post0 From 4291a5b97d0ab0043dffbb72099e7e8c6b7979dc Mon Sep 17 00:00:00 2001 From: Herculino Trotta Date: Mon, 16 Jun 2025 22:20:10 -0300 Subject: [PATCH 3/4] feat: allow only social auth with django-allauth --- app/WYGIWYH/settings.py | 6 +++--- app/WYGIWYH/urls.py | 10 +++++++++- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/app/WYGIWYH/settings.py b/app/WYGIWYH/settings.py index 67c47ff..79d3e89 100644 --- a/app/WYGIWYH/settings.py +++ b/app/WYGIWYH/settings.py @@ -346,12 +346,12 @@ if ( ACCOUNT_LOGIN_METHODS = {"email"} ACCOUNT_SIGNUP_FIELDS = ["email*", "password1*", "password2*"] ACCOUNT_USER_MODEL_USERNAME_FIELD = None -ACCOUNT_EMAIL_VERIFICATION = "optional" -SOCIALACCOUNT_ADAPTER = "allauth.socialaccount.adapter.DefaultSocialAccountAdapter" +ACCOUNT_EMAIL_VERIFICATION = "none" SOCIALACCOUNT_LOGIN_ON_GET = True +SOCIALACCOUNT_ONLY = True SOCIALACCOUNT_AUTO_SIGNUP = os.getenv("OIDC_ALLOW_SIGNUP", "true").lower() == "true" ACCOUNT_ADAPTER = "allauth.account.adapter.DefaultAccountAdapter" - +SOCIALACCOUNT_ADAPTER = "allauth.socialaccount.adapter.DefaultSocialAccountAdapter" # CRISPY FORMS CRISPY_ALLOWED_TEMPLATE_PACKS = ["bootstrap5", "crispy_forms/pure_text"] diff --git a/app/WYGIWYH/urls.py b/app/WYGIWYH/urls.py index c60c519..f0294ee 100644 --- a/app/WYGIWYH/urls.py +++ b/app/WYGIWYH/urls.py @@ -21,6 +21,8 @@ from drf_spectacular.views import ( SpectacularAPIView, SpectacularSwaggerView, ) +from allauth.socialaccount.providers.openid_connect.views import login, callback + urlpatterns = [ path("admin/", admin.site.urls), @@ -36,7 +38,13 @@ urlpatterns = [ SpectacularSwaggerView.as_view(url_name="schema"), name="swagger-ui", ), - path("daa/accounts/", include("allauth.urls")), # allauth urls + path("auth/", include("allauth.urls")), # allauth urls + # path("auth/oidc//login/", login, name="openid_connect_login"), + # path( + # "auth/oidc//login/callback/", + # callback, + # name="openid_connect_callback", + # ), path("", include("apps.transactions.urls")), path("", include("apps.common.urls")), path("", include("apps.users.urls")), From e137666e99f6247e9ba901bf963018dd7951ea07 Mon Sep 17 00:00:00 2001 From: Herculino Trotta Date: Mon, 16 Jun 2025 22:27:42 -0300 Subject: [PATCH 4/4] docs: add missing oidc variables to example env --- .env.example | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/.env.example b/.env.example index 0df5ff7..d4f6da8 100644 --- a/.env.example +++ b/.env.example @@ -32,7 +32,9 @@ KEEP_DELETED_TRANSACTIONS_FOR=365 TASK_WORKERS=1 # This only work if you're using the single container option. Increase to have more open queues via procrastinate, you probably don't need to increase this. -# OIDC Configuration -OIDC_CLIENT_ID="" -OIDC_CLIENT_SECRET="" -OIDC_SERVER_URL="" +# OIDC Configuration. Uncomment the lines below if you want to add OIDC login to your instance +#OIDC_CLIENT_NAME="" +#OIDC_CLIENT_ID="" +#OIDC_CLIENT_SECRET="" +#OIDC_SERVER_URL="" +#OIDC_ALLOW_SIGNUP=true