Merge pull request #75 from CatalystCode/feature/social

Feature/Add social login via Github and Active Directory

app/app/settings.py

@@ -49,7 +49,8 @@ INSTALLED_APPS = [
     'server.apps.ServerConfig',
     'widget_tweaks',
     'rest_framework',
-    'django_filters'
+    'django_filters',
+    'social_django',
 ]
 
 MIDDLEWARE = [
@@ -60,6 +61,7 @@ MIDDLEWARE = [
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
+    'social_django.middleware.SocialAuthExceptionMiddleware',
 ]
 
 ROOT_URLCONF = 'app.urls'
@@ -75,6 +77,8 @@ TEMPLATES = [
                 'django.template.context_processors.request',
                 'django.contrib.auth.context_processors.auth',
                 'django.contrib.messages.context_processors.messages',
+                'social_django.context_processors.backends',
+                'social_django.context_processors.login_redirect',
             ],
         },
     },
@@ -86,6 +90,18 @@ STATICFILES_DIRS = [
 
 WSGI_APPLICATION = 'app.wsgi.application'
 
+AUTHENTICATION_BACKENDS = [
+    'social_core.backends.github.GithubOAuth2',
+    'social_core.backends.azuread_tenant.AzureADTenantOAuth2',
+    'django.contrib.auth.backends.ModelBackend',
+]
+
+SOCIAL_AUTH_GITHUB_KEY = os.getenv('OAUTH_GITHUB_KEY')
+SOCIAL_AUTH_GITHUB_SECRET = os.getenv('OAUTH_GITHUB_SECRET')
+
+SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_KEY = os.getenv('OAUTH_AAD_KEY')
+SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_SECRET = os.getenv('OAUTH_AAD_SECRET')
+SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_TENANT_ID = os.getenv('OAUTH_AAD_TENANT')
 
 # Database
 # https://docs.djangoproject.com/en/2.0/ref/settings/#databases

app/app/urls.py

@@ -15,15 +15,16 @@ Including another URLconf
 """
 from django.contrib import admin
 from django.urls import path, include
-from django.contrib.auth.views import LoginView, PasswordResetView, LogoutView
+from django.contrib.auth.views import PasswordResetView, LogoutView
+from server.views import LoginView
 from server.urls import router
 
 
 urlpatterns = [
     path('', include('server.urls')),
     path('admin/', admin.site.urls),
-    path('login/', LoginView.as_view(template_name='login.html',
-                                     redirect_authenticated_user=True), name='login'),
+    path('social/', include('social_django.urls')),
+    path('login/', LoginView.as_view(), name='login'),
     path('logout/', LogoutView.as_view(), name='logout'),
     path('password_reset/', PasswordResetView.as_view(), name='password_reset'),
     path('api-auth/', include('rest_framework.urls')),

app/server/templates/base.html

@@ -18,8 +18,8 @@
   <link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.0.13/css/all.css" integrity="sha384-DNOHZ68U8hZfKXOrtjWvjxusGo9WQnrNx2sqG0tfsghAvtVlRW3tvkXWZh58N9jp"
     crossorigin="anonymous">
   <link href="https://fonts.googleapis.com/css?family=Open+Sans:300,400,700" rel="stylesheet">
-  <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/bulma/0.7.1/css/bulma.min.css" crossorigin="anonymous"
-  />
+  <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/bulma/0.7.1/css/bulma.min.css" crossorigin="anonymous">
+  <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bulma-extensions@4.0.1/bulma-divider/dist/css/bulma-divider.min.css" crossorigin="anonymous">
   <link rel="stylesheet" href="{% static 'css/forum.css' %}">
   <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.3.3/css/swiper.min.css">
   <!-- favicon settings -->

app/server/templates/login.html

@@ -49,6 +49,21 @@
           <input class="button is-block is-primary is-middle is-fullwidth" type="submit" value="Login" />
           <input type="hidden" name="next" value="{{ next }}" />
         </form>
+        {% if social_login_enabled %}
+        <div class="is-divider" data-content="OR"></div>
+        {% endif %}
+        {% if github_login %}
+        <a href="{% url 'social:begin' 'github' %}" class="button is-fullwidth mb10">
+          <span class="icon"><i class="fab fa-github"></i></span>
+          <span>Login with Github</span>
+        </a>
+        {% endif %}
+        {% if aad_login %}
+        <a href="{% url 'social:begin' 'azuread-tenant-oauth2' %}" class="button is-fullwidth mb10">
+          <span class="icon"><i class="fab fa-microsoft"></i></span>
+          <span>Login with Active Directory</span>
+        </a>
+        {% endif %}
       </div>
     </div>
   </div>

app/server/views.py

@@ -4,6 +4,7 @@ from io import TextIOWrapper
 import itertools as it
 import logging
 
+from django.contrib.auth.views import LoginView as BaseLoginView
 from django.urls import reverse
 from django.http import HttpResponse, HttpResponseRedirect
 from django.shortcuts import get_object_or_404
@@ -179,6 +180,21 @@ class DataDownloadFile(SuperUserMixin, LoginRequiredMixin, View):
         return response
 
 
+class LoginView(BaseLoginView):
+    template_name = 'login.html'
+    redirect_authenticated_user = True
+    extra_context = {
+        'github_login': bool(settings.SOCIAL_AUTH_GITHUB_KEY),
+        'aad_login': bool(settings.SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_TENANT_ID),
+    }
+
+    def get_context_data(self, **kwargs):
+        context = super(LoginView, self).get_context_data(**kwargs)
+        context['social_login_enabled'] = any(value for key, value in context.items()
+                                              if key.endswith('_login'))
+        return context
+
+
 class DemoTextClassification(TemplateView):
     template_name = 'demo/demo_text_classification.html'
 

requirements.txt

@@ -13,6 +13,8 @@ psycopg2==2.7.5
 python-dateutil==2.7.3
 pytz==2018.4
 six==1.11.0
+social-auth-app-django==3.1.0
+social-auth-core[azuread]==3.0.0
 text-unidecode==1.2
 tornado==5.0.2
 whitenoise==3.3.1