add sso auth to help

Author: aottr

core/migrations/0009_oauth2user_alter_mailtemplate_language.py

@@ -0,0 +1,31 @@
+# Generated by Django 5.0.3 on 2025-04-10 19:32
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0008_pawuser_receive_email_notifications'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Oauth2User',
+            fields=[
+                ('paw_user', models.OneToOneField(on_delete=django.db.models.deletion.CASCADE, primary_key=True, serialize=False, to=settings.AUTH_USER_MODEL)),
+                ('oauth2_id', models.CharField(max_length=255)),
+            ],
+            options={
+                'verbose_name': 'OAuth2 User',
+                'db_table': 'oauth2_user',
+            },
+        ),
+        migrations.AlterField(
+            model_name='mailtemplate',
+            name='language',
+            field=models.CharField(choices=[('en', 'English'), ('fr', 'French'), ('de', 'German'), ('nl', 'Dutch')], default='en', max_length=2),
+        ),
+    ]

core/migrations/0010_pawuser_display_name.py

@@ -0,0 +1,18 @@
+# Generated by Django 5.0.3 on 2025-04-10 19:52
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0009_oauth2user_alter_mailtemplate_language'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='pawuser',
+            name='display_name',
+            field=models.CharField(blank=True, max_length=100, null=True),
+        ),
+    ]

core/models.py

@@ -9,10 +9,10 @@ class PawUser(AbstractUser):
     profile_picture = models.ImageField(
         upload_to='profile_pics/', null=True, blank=True)
     language = models.CharField(max_length=2, default='en')
+    display_name = models.CharField(max_length=100, null=True, blank=True)
     telegram_username = models.CharField(max_length=50, null=True, blank=True)
     use_darkmode = models.BooleanField(default=False)
     receive_email_notifications = models.BooleanField(default=True)
-
     def __str__(self):
         return self.username
 
@@ -29,6 +29,18 @@ class Meta:
         db_table = "google_sso_user"
         verbose_name = _("Google SSO User")
 
+class Oauth2User(models.Model):
+    paw_user = models.OneToOneField(
+        PawUser, on_delete=models.CASCADE, primary_key=True)
+    oauth2_id = models.CharField(max_length=255)
+
+    def __str__(self):
+        return self.paw_user.username
+
+    class Meta:
+        db_table = "oauth2_user"
+        verbose_name = _("OAuth2 User")
+
 class MailTemplate(models.Model):
     event = models.CharField(max_length=100)
     language = models.CharField(max_length=2, default='en', choices=settings.LANGUAGES)

core/urls.py

@@ -1,6 +1,6 @@
 from django.urls import path
 
-from .views import home_view, logout_view, settings_view, register_view, login_view, google_callback_view
+from .views import home_view, logout_view, settings_view, register_view, login_view, google_callback_view, oauth2_callback_view
 
 urlpatterns = [
     path("", home_view, name="home"),
@@ -9,4 +9,5 @@
     path("login", login_view, name="login"),
     path("logout", logout_view, name="logout"),
     path("callback/google", google_callback_view, name="google_callback"),
+    path("callback/oauth2", oauth2_callback_view, name="oauth2_callback"),
 ]

core/utils/oauth2.py

@@ -0,0 +1,38 @@
+from dataclasses import dataclass
+from typing import Optional
+
+from django.utils.translation import gettext_lazy as _
+from requests_oauthlib import OAuth2Session
+from django.conf import settings
+
+@dataclass
+class OAuth2:
+    _oauth2_session: OAuth2Session = None
+
+    @property
+    def oauth2_session(self) -> OAuth2Session:
+        if not self._oauth2_session:
+            self._oauth2_session = OAuth2Session(
+                client_id=settings.OAUTH2_CLIENT_ID,
+                redirect_uri=settings.OAUTH2_REDIRECT_URI,
+                scope=settings.OAUTH2_SCOPE,
+            )
+        return self._oauth2_session
+    
+    def get_authorization_url(self) -> tuple[str, str]:
+        return self.oauth2_session.authorization_url(
+            settings.OAUTH2_AUTH_URL,
+        )
+
+    def fetch_token(self, code: str) -> str:
+        token = self.oauth2_session.fetch_token(
+            token_url=settings.OAUTH2_TOKEN_URL,
+            client_id=settings.OAUTH2_CLIENT_ID,
+            client_secret=settings.OAUTH2_CLIENT_SECRET,
+            code=code,
+        )
+        return token
+
+    def get_user_info(self) -> dict:
+        return self.oauth2_session.get(
+            settings.OAUTH2_USERINFO_URL).json()

core/views.py

@@ -1,8 +1,10 @@
 from django.shortcuts import render, redirect
 from django.contrib.auth import logout, login
+
+from core.utils.oauth2 import OAuth2
 from .forms import UserChangeForm, RegisterForm, AccountFinishForm
 from django.contrib.auth.forms import AuthenticationForm
-from .models import PawUser, GoogleSSOUser
+from .models import Oauth2User, PawUser, GoogleSSOUser
 from django.utils import translation
 from django.conf import settings
 from django.contrib.auth.decorators import login_required
@@ -51,6 +53,12 @@ def login_view(request):
         request.session["sso_state"] = state
         # request.session["sso_next_url"] = next_path
         request.session.save()
+    
+    if settings.OAUTH2_ENABLED:
+        oauth_sso = OAuth2()
+        oauth2_auth_url, state = oauth_sso.get_authorization_url()
+        request.session["oauth_state"] = state
+        request.session.save()
 
     if request.method == "POST":
         form = AuthenticationForm(request=request, data=request.POST)
@@ -61,8 +69,47 @@ def login_view(request):
     else:
         form = AuthenticationForm()
 
-    return render(request, "core/login.html", {"form": form, "google_sso_enabled": settings.GOOGLE_OAUTH_ENABLED, "google_sso_auth_url": auth_url})
+    return render(request, "core/login.html", {
+        "form": form, 
+        "google_sso_enabled": settings.GOOGLE_OAUTH_ENABLED, 
+        "google_sso_auth_url": auth_url,
+        "oauth2_enabled": settings.OAUTH2_ENABLED,
+        "oauth2_auth_url": oauth2_auth_url,
+        })
+
+def oauth2_callback_view(request):
+
+    if not settings.OAUTH2_ENABLED:
+        return redirect("login")
+    state = request.GET.get("state")
 
+    if state != request.session.get("oauth_state"):
+        return redirect("login")
+    try:
+        oauth_sso = OAuth2()
+        _ = oauth_sso.fetch_token(request.GET.get("code"))
+        user_info = oauth_sso.get_user_info()
+    except Exception:
+            return redirect("login")
+    print(user_info)
+    # Check if user already exists
+    oauth2_user = Oauth2User.objects.filter(oauth2_id=user_info["sub"]).first()
+    if oauth2_user:
+        login(request, oauth2_user.paw_user)
+        return redirect("home")
+    
+    # Create user if not exists
+    unique_username = PawUser.objects.filter(username=user_info["nickname"]).exists()
+    # TODO: Set up account finish form
+    user, created = PawUser.objects.get_or_create(email=user_info["email"], defaults={
+        "username": user_info["nickname"] if not unique_username else user_info["email"],
+        "display_name": user_info["name"],
+        })
+    if created:
+        Oauth2User.objects.create(paw_user=user, oauth2_id=user_info["sub"])
+    
+    login(request, user)
+    return redirect("home")
 
 def google_callback_view(request):
 
@@ -121,7 +168,7 @@ def settings_view(request):
                 translation.activate(form.cleaned_data["language"])
                 changed_user_language = True
 
-            if not hasattr(request.user, 'googlessouser'):
+            if not hasattr(request.user, 'googlessouser') and not hasattr(request.user, 'oauth2user'):
                 request.user.email = form.cleaned_data["email"]
 
             request.user.language = form.cleaned_data["language"]

fbl_integration/templates/partials/sso_login.html

@@ -0,0 +1,12 @@
+{% block attendee_login %}
+{% load i18n %}
+
+{% if oauth2_enabled %}
+<a href="{{ oauth2_auth_url }}" class="btn w-full bg-slate-900 hover:bg-slate-800 border-slate-800 text-white">
+  <img src="https://i.imgur.com/kxouY5R.png" class="w-6 h-6" alt="FBL Logo">
+  {% trans 'Log in with SSO' %}
+</a>
+{% endif %}
+
+  {% if general_login %}<div class="divider">{% trans "I don\'t have a seat for this years FBL" %}</div>{% endif %}
+{% endblock %}