Merge pull request #227 from hydroserver2/238-workspaces

kjlippold · web-flow · commit 4b247bd3f279 · 2025-02-26T14:56:34.000-08:00
238 workspaces
diff --git a/hydroserver/settings.py b/hydroserver/settings.py
@@ -63,6 +63,7 @@
     "allauth.socialaccount.providers.orcid",
     "iam.auth.providers.hydroshare",
     "iam.auth.providers.orcidsandbox",
+    "iam.auth.providers.utahid",
     "corsheaders",
     "easyaudit",
     "sensorthings",
@@ -254,7 +255,7 @@
             "OPTIONS": {
                 "bucket_name": config("MEDIA_BUCKET_NAME", default=None),
                 "location": "media",
-                "default_acl": "authenticatedRead"
+                "default_acl": "publicRead"
             },
         },
         "staticfiles": {
diff --git a/iam/auth/providers/utahid/provider.py b/iam/auth/providers/utahid/provider.py
@@ -0,0 +1,31 @@
+from allauth.socialaccount.providers.base import ProviderAccount
+from allauth.socialaccount.providers.oauth2.provider import OAuth2Provider
+from iam.auth.providers.utahid.views import UtahIdOAuth2Adapter
+
+
+class UtahIdAccount(ProviderAccount):
+    def to_str(self):
+        return self.account.extra_data.get("name", super().to_str())
+
+
+class UtahIdProvider(OAuth2Provider):
+    id = "utahid"
+    name = "UtahID"
+    account_class = UtahIdAccount
+    oauth2_adapter_class = UtahIdOAuth2Adapter
+
+    def get_default_scope(self):
+        return ["openid", "email", "profile"]
+
+    def extract_uid(self, data):
+        return str(data["sub"])
+
+    def extract_common_fields(self, data):
+        return dict(
+            email=data.get("email"),
+            last_name=data.get("family_name"),
+            first_name=data.get("given_name"),
+        )
+
+
+provider_classes = [UtahIdProvider]
diff --git a/iam/auth/providers/utahid/urls.py b/iam/auth/providers/utahid/urls.py
@@ -0,0 +1,5 @@
+from allauth.socialaccount.providers.oauth2.urls import default_urlpatterns
+from .provider import UtahIdProvider
+
+
+urlpatterns = default_urlpatterns(UtahIdProvider)
diff --git a/iam/auth/providers/utahid/views.py b/iam/auth/providers/utahid/views.py
@@ -0,0 +1,22 @@
+import requests
+from allauth.socialaccount.providers.oauth2.views import OAuth2Adapter, OAuth2LoginView, OAuth2CallbackView
+
+
+class UtahIdOAuth2Adapter(OAuth2Adapter):
+    provider_id = "utahid"
+
+    access_token_url = "https://login.dts.utah.gov:443/sso/oauth2/access_token"
+    authorize_url = "https://login.dts.utah.gov:443/sso/oauth2/authorize"
+    profile_url = "https://login.dts.utah.gov:443/sso/oauth2/userinfo"
+
+    def complete_login(self, request, app, token, **kwargs):
+        headers = {"Authorization": f"Bearer {token.token}"}
+        response = requests.get(self.profile_url, headers=headers)
+        response.raise_for_status()
+        extra_data = response.json()
+
+        return self.get_provider().sociallogin_from_response(request, extra_data)
+
+
+oauth2_login = OAuth2LoginView.adapter_view(UtahIdOAuth2Adapter)
+oauth2_callback = OAuth2CallbackView.adapter_view(UtahIdOAuth2Adapter)
diff --git a/iam/static/providers/utahid.png b/iam/static/providers/utahid.png
