Allauth: tune login/connect sorting, naming, and add GitHub App/Oauth modal (#609)

- Requires readthedocs/readthedocs.org#12242
- Requires
readthedocs/readthedocs-corporate#2007
- Fixes #608 
- Fixes #379 
- Fixes #588 

----

Work left:

- [x] Test with SAML providers
- [x] **On or before release, all database SocialApps need settings in
JSON field for `{"hidden": true}` and testing on actual auth.**
- Instead of relying on `hidden`, SAML providers were filtered from
`get_providers`

### Examples

#### Business with Google provider and GitHub modal button


![image](https://github.com/user-attachments/assets/c3f7ac6f-5979-4940-af29-96508c253ace)

#### Business when no modal is needed


![image](https://github.com/user-attachments/assets/0168c6bf-be63-440b-bda2-c96d10848071)

#### GitHub modal


![image](https://github.com/user-attachments/assets/c076c87d-8ccf-41ae-bdeb-a3d0f1080fa9)

#### Social account list


![image](https://github.com/user-attachments/assets/d1a53a83-3a9e-49fe-94e8-880486d05c0f)

---------

Co-authored-by: Santos Gallegos <[email protected]>

Author: agjohnson

readthedocsext/theme/templates/socialaccount/partials/social_account_list.html

@@ -1,24 +1,24 @@
 {% extends "includes/crud/table_list.html" %}
 
-{% load i18n %}
-{% load gravatar %}
+{% load blocktrans trans from i18n %}
 {% load can_be_disconnected from readthedocs.socialaccounts %}
 
-{% load core_tags %}
-{% load privacy_tags %}
-{% load projects_tags %}
-{% load ext_theme_tags %}
+{% load get_account_username from ext_theme_tags %}
 
 {% block top_menu %}
-  {% if form.non_field_errors %}<div class="ui error message">{{ form.non_field_errors }}</div>{% endif %}
+  {% if form.non_field_errors %}
+    <div class="ui error message">{{ form.non_field_errors }}</div>
+  {% endif %}
   {{ block.super }}
 {% endblock top_menu %}
 {% block top_left_menu_items %}
 {% endblock top_left_menu_items %}
 
 {% block create_button %}
   <div class="ui green button"
-       data-bind="click: $root.show_modal('socialaccount-connections')">{% trans "Add new connection" %}</div>
+       data-bind="click: $root.show_modal('socialaccount-connections')">
+    {% trans "Add new connection" %}
+  </div>
 {% endblock create_button %}
 
 {% block list_placeholder_icon_class %}
@@ -56,11 +56,19 @@
 {% endblock list_item_right_menu %}
 
 {% block list_item_image %}
-  <img class="ui rounded image"
-       src="{{ object.get_avatar_url }}"
-       height="28"
-       alt="{% trans "Social account avatar" %}"
-       width="28" />
+  {% with avatar_url=object.get_avatar_url %}
+    {% if avatar_url %}
+      <img class="ui rounded image"
+           src="{{ avatar_url }}"
+           height="28"
+           alt="{% trans "Social account avatar" %}"
+           width="28" />
+    {% else %}
+      <div class="ui center aligned image">
+        <i class="fad fa-user icon"></i>
+      </div>
+    {% endif %}
+  {% endwith %}
 {% endblock list_item_image %}
 
 {% block list_item_header %}
@@ -73,12 +81,19 @@
 {% endblock list_item_header %}
 
 {% block list_item_meta_items %}
-  {% with object.get_provider_account as provider %}
-    <span class="ui label">
-      {# get_brand.name|lower here because we can't use `id`, `Bitbucket2Provider.id == 'bitbucket_oauth2'` #}
-      <i class="fa-brands fa-{{ provider.get_brand.name|lower }} icon"></i>
-      {{ provider.get_brand.name }}
-    </span>
+  {% with provider=object.get_provider %}
+    {% if provider.app.pk and provider.id == "saml" %}
+      <span class="ui label">
+        <i class="fas fa-users icon"></i>
+        {% trans "SAML" %}
+      </span>
+    {% else %}
+      {# Provider is not a database provider #}
+      <span class="ui label">
+        <i class="fa-brands fa-{{ provider.name|lower }} icon"></i>
+        {{ provider.app.name|default:provider.name }}
+      </span>
+    {% endif %}
   {% endwith %}
 {% endblock list_item_meta_items %}
 

readthedocsext/theme/templates/socialaccount/snippets/provider_list.html

@@ -1,29 +1,142 @@
-{% load get_providers provider_login_url from socialaccount %}
 {% load trans blocktrans from i18n %}
+{% load get_github_providers get_providers from ext_theme_tags %}
 
-{% get_providers as socialaccount_providers %}
+{% comment %}
+  ``get_providers`` filters out providers marked as hidden in our settings file.
+  ``get_github_providers`` is just used for the modal and can be removed eventually.
+{% endcomment %}
+{% get_providers process=process as providers %}
+{% get_github_providers process=process as providers_github %}
 
-{% for provider in socialaccount_providers %}
-  {% comment %}
-    - OpenID is not implemented.
-    - SAML is handled in another view, we don't want to list all SAML integrations here.
-    - GitHub App is not exposed to users yet.
-  {% endcomment %}
-  {% if provider.id != 'saml' and provider.id != 'githubapp' %}
-    {% if allowed_providers and provider.id in allowed_providers or not allowed_providers %}
-      <li class="item">
-        <form class="ui form"
-              method="post"
-              action="{% provider_login_url provider.id process=process scope=scope auth_params=auth_params %}">
-          {% csrf_token %}
-          <button class="ui button" type="submit" title="{{ provider.name }}">
-            <i class="fa-brands fa-{{ provider.name|lower }} icon"></i>
-            {% blocktrans trimmed with provider_name=provider.name verbiage=verbiage|default:'Connect to' %}
-              {{ verbiage }} {{ provider_name }}
-            {% endblocktrans %}
-          </button>
-        </form>
-      </li>
-    {% endif %}
+{% comment %}
+  If both GitHub providers are configured, and they are not ``hidden=True`` or
+  ``hidden_on_{process}=True`` in settings, we'll show these providers in a modal.
+{% endcomment %}
+{% get_providers process=process as providers %}
+{% if providers_github|length == 2 %}
+  {% trans "GitHub" as provider_name %}
+  <li class="item">
+    <a class="ui button"
+       data-bind="click: $root.show_modal('github-select')"
+       title="{{ provider_name }}">
+      <i class="fa-brands fa-github icon"></i>
+      {% blocktrans trimmed with provider_name=provider_name verbiage=verbiage|default:'Connect to' %}
+        {{ verbiage }} {{ provider_name }}
+      {% endblocktrans %}
+    </a>
+  </li>
+  <div class="ui tiny modal" data-modal-id="github-select">
+    <div class="header">
+      {% blocktrans trimmed with verbiage=verbiage|default:'Connect to' provider_name=provider_name %}
+        {{ verbiage }} {{ provider_name }}
+      {% endblocktrans %}
+    </div>
+    <div class="content">
+      <p>
+        {% blocktrans trimmed %}
+          Read the Docs now supports two methods for connecting your GitHub account:
+        {% endblocktrans %}
+      </p>
+      <div class="ui segment">
+        <div class="ui small divided items">
+          {% for provider in providers_github %}
+            <div class="item">
+              <div class="content">
+                <div class="header">
+                  {% if provider.id == "github" %}
+                    {% blocktrans trimmed %}
+                      Our GitHub OAuth app
+                    {% endblocktrans %}
+                    <span class="ui compact small basic label">Default</span>
+                  {% elif provider.id == "githubapp" %}
+                    {% blocktrans trimmed %}
+                      Our GitHub App
+                    {% endblocktrans %}
+                    <span class="ui violet compact small basic label">Beta</span>
+                  {% endif %}
+                </div>
+                <div class="description">
+                  <p>
+                    {# As we progress in a beta test period, the connect text should be tuned to make GHA sound like less of a beta feature. #}
+                    {% with is_early_beta=False %}
+                      {% if provider.id == "github" %}
+                        {% if process == "connect" and is_early_beta %}
+                          {% blocktrans trimmed %}
+                            For new users and users reconnecting a previously connected GitHub account.
+                          {% endblocktrans %}
+                        {% elif process == "connect" and not is_early_beta %}
+                          {% blocktrans trimmed %}
+                            For users reconnecting a previously connected GitHub account and users unable to switch to our new app.
+                          {% endblocktrans %}
+                          <i>
+                            {% blocktrans trimmed %}
+                              We recommend new users connect their account using our GitHub App.
+                            {% endblocktrans %}
+                          </i>
+                        {% else %}
+                          {% blocktrans trimmed %}
+                            For users that connected their GitHub accounts before June 24, 2025.
+                          {% endblocktrans %}
+                        {% endif %}
+                      {% elif provider.id == "githubapp" %}
+                        {% if process == "connect" and is_early_beta %}
+                          {% blocktrans trimmed %}
+                            For users that would like early access to our new app and would like to test new features.
+                          {% endblocktrans %}
+                          <i>
+                            {% blocktrans trimmed %}
+                              We recommend only advanced users use this method.
+                            {% endblocktrans %}
+                          </i>
+                        {% elif process == "connect" and not is_early_beta %}
+                          {% blocktrans trimmed %}
+                            For users that want granular control of permissions to repositories.
+                          {% endblocktrans %}
+                        {% else %}
+                          {% blocktrans trimmed %}
+                            For users that have switched their connected GitHub accounts already.
+                          {% endblocktrans %}
+                        {% endif %}
+                      {% endif %}
+                    {% endwith %}
+                  </p>
+                </div>
+                <div class="extra">
+                  {% with button_classes=forloop.first|yesno:"right floated primary,right floated basic" %}
+                    {% include "socialaccount/snippets/provider_list_item.html" with process=process verbiage=text_log_in provider=provider button_classes=button_classes %}
+                  {% endwith %}
+                </div>
+              </div>
+            </div>
+          {% endfor %}
+        </div>
+      </div>
+
+      <div class="ui info message">
+        <i class="fas fa-info-circle icon"></i>
+        To learn more about our new GitHub App integration,
+        <a href="https://about.readthedocs.com/blog/2025/06/announcing-our-github-app-beta/">read our beta announcement</a>
+      </div>
+    </div>
+    <div class="actions">
+      <div class="ui cancel button">{% trans "Cancel" %}</div>
+    </div>
+  </div>
+{% endif %}
+
+{# This is the basic list but with sorting now. If there is a modal above, we skip the GitHub providers here #}
+{% for provider in providers %}
+  {% if providers_github|length == 2 and "github" in provider.id %}
+    {% comment %}
+      TODO remove this after we are mostly using GHA and don't need a modal
+
+      Skip any provider that is in the modal above if the modal is in use. This
+      adjusts for when one provider is shown on connect but the modal is used
+      on login.
+    {% endcomment %}
+  {% else %}
+    <li class="item">
+      {% include "socialaccount/snippets/provider_list_item.html" with process=process verbiage=text_log_in provider=provider %}
+    </li>
   {% endif %}
 {% endfor %}

readthedocsext/theme/templates/socialaccount/snippets/provider_list_item.html

@@ -0,0 +1,20 @@
+{% load provider_login_url from socialaccount %}
+{% load blocktrans trans from i18n %}
+
+{% if allowed_providers and provider.id in allowed_providers or not allowed_providers %}
+  <form class="ui form"
+        method="post"
+        action="{% provider_login_url provider.id process=process scope=scope auth_params=auth_params %}">
+    {% csrf_token %}
+
+    <button class="ui {{ button_classes }} button"
+            type="submit"
+            title="{{ provider.name }}">
+      <i class="fa-brands fa-{{ provider.name|lower }} icon"></i>
+      {% blocktrans trimmed with provider_name=provider.app.name|default:provider.name verbiage=verbiage|default:'Connect to' %}
+        {{ verbiage }} {{ provider_name }}
+      {% endblocktrans %}
+    </button>
+
+  </form>
+{% endif %}

readthedocsext/theme/templatetags/ext_theme_tags.py

@@ -10,7 +10,9 @@
 )
 from django.templatetags.static import StaticNode, PrefixNode
 from django.forms import boundfield
-
+from allauth.socialaccount.templatetags.socialaccount import (
+    get_providers as base_get_providers,
+)
 
 log = logging.getLogger(__name__)
 register = template.Library()
@@ -134,6 +136,45 @@ def get_spam_score(project):
     return spam_score(project)
 
 
+@register.simple_tag(takes_context=True)
+def get_providers(context, process="login"):
+    """
+    Adds additional app setting support and sorting to the Allauth provider list tag.
+
+    There are multiple app settings checked to determine if we show the
+    provider to the user and which order:
+
+    ``hidden`` (bool)
+        This comes from the base Allauth tag
+
+    ``hidden_on_login``/``hidden_on_connect``/``hidden_on_{process}`` (bool)
+        Hide the provider from the Allauth process view
+
+    ``priority``
+        Priority order value for list of providers, higher values are lower in priority on the list.
+
+    Additionally, filter out providers from the database -- applications that
+    have a ``pk`` -- these are per-user applications like SAML.
+    """
+    # The base Allauth ``get_providers`` tag filters out providers marked as hidden in our settings file.
+    providers = [
+        provider
+        for provider in base_get_providers(context)
+        if not provider.app.settings.get(f"hidden_on_{process}", False)
+        and not provider.app.pk
+    ]
+    return sorted(
+        providers, key=lambda provider: provider.app.settings.get("priority", 100)
+    )
+
+
+# TODO remove this after we don't need to separate the providers with a modal
+@register.simple_tag(takes_context=True)
+def get_github_providers(context, process="login"):
+    providers = get_providers(context, process)
+    return list(filter(lambda provider: "github" in provider.id, providers))
+
+
 # Simple solution to not supported "zh" language code.
 #
 # When `project.language="zh"` the Django `language_name_local` raises an exception and returns 500.