commit 1352d58e03d27c2df73402cf758274c3bd3584c7 Author: alpcentaur Date: Sun Oct 22 17:40:45 2023 +0000 full example with one little change in code to make it work, some changes in the settings file diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..5bc2900 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +.idea/ +db.sqlite3 +venv2/ + diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..5b41875 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2021 Songrong Jiang + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..be931cd --- /dev/null +++ b/README.md @@ -0,0 +1,33 @@ +# Wikimedia OAuth2 Django Demo +A minimal prototype showing how to authenticate wikimedia +users with OAuth2 + + + + +## Quick Start +1. Create virtual environment +```bash +virtualenv --python=python3.9 venv +``` +1. Install requirements +```bash +pip install -r requirements.txt +``` +1. Run the server +```bash +python manage.py migrate +python manage.py runserver +``` + +## Behind the scene +The OAuth2 configuration is located at settings.py + +The default session backend is sqlite3. + + +The base for this prototype was done by songrgg, who published +his code on Microsoft's Github. His Blog Post you can find here: +https://songrgg.github.io/programming/django-oauth-client-setup + + diff --git a/manage.py b/manage.py new file mode 100755 index 0000000..18bab63 --- /dev/null +++ b/manage.py @@ -0,0 +1,21 @@ +#!/usr/bin/env python +"""Django's command-line utility for administrative tasks.""" +import os +import sys + + +def main(): + os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'oauth_demo.settings') + try: + from django.core.management import execute_from_command_line + except ImportError as exc: + raise ImportError( + "Couldn't import Django. Are you sure it's installed and " + "available on your PYTHONPATH environment variable? Did you " + "forget to activate a virtual environment?" + ) from exc + execute_from_command_line(sys.argv) + + +if __name__ == '__main__': + main() diff --git a/oauth_demo/__init__.py b/oauth_demo/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/oauth_demo/__pycache__/__init__.cpython-37.pyc b/oauth_demo/__pycache__/__init__.cpython-37.pyc new file mode 100644 index 0000000..a8ec81b Binary files /dev/null and b/oauth_demo/__pycache__/__init__.cpython-37.pyc differ diff --git a/oauth_demo/__pycache__/__init__.cpython-39.pyc b/oauth_demo/__pycache__/__init__.cpython-39.pyc new file mode 100644 index 0000000..183473a Binary files /dev/null and b/oauth_demo/__pycache__/__init__.cpython-39.pyc differ diff --git a/oauth_demo/__pycache__/settings.cpython-37.pyc b/oauth_demo/__pycache__/settings.cpython-37.pyc new file mode 100644 index 0000000..7991c80 Binary files /dev/null and b/oauth_demo/__pycache__/settings.cpython-37.pyc differ diff --git a/oauth_demo/__pycache__/settings.cpython-39.pyc b/oauth_demo/__pycache__/settings.cpython-39.pyc new file mode 100644 index 0000000..9f184a9 Binary files /dev/null and b/oauth_demo/__pycache__/settings.cpython-39.pyc differ diff --git a/oauth_demo/__pycache__/urls.cpython-37.pyc b/oauth_demo/__pycache__/urls.cpython-37.pyc new file mode 100644 index 0000000..023c626 Binary files /dev/null and b/oauth_demo/__pycache__/urls.cpython-37.pyc differ diff --git a/oauth_demo/__pycache__/urls.cpython-39.pyc b/oauth_demo/__pycache__/urls.cpython-39.pyc new file mode 100644 index 0000000..2904fed Binary files /dev/null and b/oauth_demo/__pycache__/urls.cpython-39.pyc differ diff --git a/oauth_demo/__pycache__/views.cpython-37.pyc b/oauth_demo/__pycache__/views.cpython-37.pyc new file mode 100644 index 0000000..bddca86 Binary files /dev/null and b/oauth_demo/__pycache__/views.cpython-37.pyc differ diff --git a/oauth_demo/__pycache__/views.cpython-39.pyc b/oauth_demo/__pycache__/views.cpython-39.pyc new file mode 100644 index 0000000..5f4ec2b Binary files /dev/null and b/oauth_demo/__pycache__/views.cpython-39.pyc differ diff --git a/oauth_demo/__pycache__/wsgi.cpython-37.pyc b/oauth_demo/__pycache__/wsgi.cpython-37.pyc new file mode 100644 index 0000000..2b09fb9 Binary files /dev/null and b/oauth_demo/__pycache__/wsgi.cpython-37.pyc differ diff --git a/oauth_demo/__pycache__/wsgi.cpython-39.pyc b/oauth_demo/__pycache__/wsgi.cpython-39.pyc new file mode 100644 index 0000000..e30f829 Binary files /dev/null and b/oauth_demo/__pycache__/wsgi.cpython-39.pyc differ diff --git a/oauth_demo/asgi.py b/oauth_demo/asgi.py new file mode 100644 index 0000000..2ff9254 --- /dev/null +++ b/oauth_demo/asgi.py @@ -0,0 +1,16 @@ +""" +ASGI config for oauth_demo project. + +It exposes the ASGI callable as a module-level variable named ``application``. + +For more information on this file, see +https://docs.djangoproject.com/en/3.0/howto/deployment/asgi/ +""" + +import os + +from django.core.asgi import get_asgi_application + +os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'oauth_demo.settings') + +application = get_asgi_application() diff --git a/oauth_demo/middleware/__init__.py b/oauth_demo/middleware/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/oauth_demo/middleware/__pycache__/__init__.cpython-37.pyc b/oauth_demo/middleware/__pycache__/__init__.cpython-37.pyc new file mode 100644 index 0000000..89feafa Binary files /dev/null and b/oauth_demo/middleware/__pycache__/__init__.cpython-37.pyc differ diff --git a/oauth_demo/middleware/__pycache__/__init__.cpython-39.pyc b/oauth_demo/middleware/__pycache__/__init__.cpython-39.pyc new file mode 100644 index 0000000..3497b93 Binary files /dev/null and b/oauth_demo/middleware/__pycache__/__init__.cpython-39.pyc differ diff --git a/oauth_demo/middleware/__pycache__/oauth.cpython-37.pyc b/oauth_demo/middleware/__pycache__/oauth.cpython-37.pyc new file mode 100644 index 0000000..fa9291c Binary files /dev/null and b/oauth_demo/middleware/__pycache__/oauth.cpython-37.pyc differ diff --git a/oauth_demo/middleware/__pycache__/oauth.cpython-39.pyc b/oauth_demo/middleware/__pycache__/oauth.cpython-39.pyc new file mode 100644 index 0000000..e996f35 Binary files /dev/null and b/oauth_demo/middleware/__pycache__/oauth.cpython-39.pyc differ diff --git a/oauth_demo/middleware/oauth.py b/oauth_demo/middleware/oauth.py new file mode 100644 index 0000000..51cb99c --- /dev/null +++ b/oauth_demo/middleware/oauth.py @@ -0,0 +1,84 @@ +from authlib.integrations.base_client import OAuthError +from authlib.integrations.django_client import OAuth +from authlib.oauth2.rfc6749 import OAuth2Token +from django.shortcuts import redirect +from django.utils.deprecation import MiddlewareMixin +from oauth_demo import settings +from oauth_demo import views + + +class OAuthMiddleware(MiddlewareMixin): + + def __init__(self, get_response=None): + super().__init__(get_response) + self.oauth = OAuth() + + def process_request(self, request): + if settings.OAUTH_URL_WHITELISTS is not None: + for w in settings.OAUTH_URL_WHITELISTS: + if request.path.startswith(w): + return self.get_response(request) + + def update_token(token, refresh_token, access_token): + request.session['token'] = token + print('oioi') + print('oi token', token) + return None + + sso_client = self.oauth.register( + settings.OAUTH_CLIENT_NAME, overwrite=True, **settings.OAUTH_CLIENT, update_token=update_token + ) + + if request.path.startswith('/oauth/callback'): + print('oi') + self.clear_session(request) + request.session['token'] = sso_client.authorize_access_token(request) + print('blub', request.session['token']) + print('user', self.get_current_user(sso_client, request)) + if self.get_current_user(sso_client, request) is not None: + redirect_uri = request.session.pop('redirect_uri', None) + if redirect_uri is not None: + return redirect(redirect_uri) + return redirect(views.index) + + if request.session.get('token', None) is not None: + current_user = self.get_current_user(sso_client, request) + if current_user is not None: + return self.get_response(request) + + # remember redirect URI for redirecting to the original URL. + request.session['redirect_uri'] = request.path + return sso_client.authorize_redirect(request, settings.OAUTH_CLIENT['redirect_uri']) + + # fetch current login user info + # 1. check if it's in cache + # 2. fetch from remote API when it's not in cache + @staticmethod + def get_current_user(sso_client, request): + token = request.session.get('token', None) + if token is None or 'access_token' not in token: + return None + + if not OAuth2Token.from_dict(token).is_expired() and 'user' in request.session: + return request.session['user'] + + try: + res = sso_client.get(settings.OAUTH_CLIENT['userinfo_endpoint'], token=OAuth2Token(token)) + print('json oi oi' , res.json()) + if res.ok: + request.session['user'] = res.json() + return res.json() + except OAuthError as e: + print(e) + return None + + @staticmethod + def clear_session(request): + try: + del request.session['user'] + del request.session['token'] + except KeyError: + pass + + def __del__(self): + print('destroyed') diff --git a/oauth_demo/settings.py b/oauth_demo/settings.py new file mode 100644 index 0000000..0fb2342 --- /dev/null +++ b/oauth_demo/settings.py @@ -0,0 +1,145 @@ +""" +Django settings for oauth_demo project. + +Generated by 'django-admin startproject' using Django 3.0.5. + +For more information on this file, see +https://docs.djangoproject.com/en/3.0/topics/settings/ + +For the full list of settings and their values, see +https://docs.djangoproject.com/en/3.0/ref/settings/ +""" + +import os + +# Build paths inside the project like this: os.path.join(BASE_DIR, ...) +BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) + + +# Quick-start development settings - unsuitable for production +# See https://docs.djangoproject.com/en/3.0/howto/deployment/checklist/ + +# SECURITY WARNING: keep the secret key used in production secret! +SECRET_KEY = '#jk+74g_ilb4h)f!_20mmcg^5-+veuj2(v%0ufymq+r%mc3im-' + +# SECURITY WARNING: don't run with debug turned on in production! +DEBUG = True + +ALLOWED_HOSTS = [] + + +# Application definition + +INSTALLED_APPS = [ + 'django.contrib.admin', + 'django.contrib.auth', + 'django.contrib.contenttypes', + 'django.contrib.sessions', + 'django.contrib.messages', + 'django.contrib.staticfiles', +] + +MIDDLEWARE = [ + 'django.middleware.security.SecurityMiddleware', + 'django.contrib.sessions.middleware.SessionMiddleware', + 'django.middleware.common.CommonMiddleware', + 'django.middleware.csrf.CsrfViewMiddleware', + 'django.contrib.auth.middleware.AuthenticationMiddleware', + 'django.contrib.messages.middleware.MessageMiddleware', + 'django.middleware.clickjacking.XFrameOptionsMiddleware', + 'oauth_demo.middleware.oauth.OAuthMiddleware' +] + +ROOT_URLCONF = 'oauth_demo.urls' + +TEMPLATES = [ + { + 'BACKEND': 'django.template.backends.django.DjangoTemplates', + 'DIRS': [os.path.join(BASE_DIR, 'templates')] + , + 'APP_DIRS': True, + 'OPTIONS': { + 'context_processors': [ + 'django.template.context_processors.debug', + 'django.template.context_processors.request', + 'django.contrib.auth.context_processors.auth', + 'django.contrib.messages.context_processors.messages', + ], + }, + }, +] + +WSGI_APPLICATION = 'oauth_demo.wsgi.application' + + +# Database +# https://docs.djangoproject.com/en/3.0/ref/settings/#databases + +DATABASES = { + 'default': { + 'ENGINE': 'django.db.backends.sqlite3', + 'NAME': os.path.join(BASE_DIR, 'db.sqlite3'), + } +} + + +# Password validation +# https://docs.djangoproject.com/en/3.0/ref/settings/#auth-password-validators + +AUTH_PASSWORD_VALIDATORS = [ + { + 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator', + }, + { + 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', + }, + { + 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator', + }, + { + 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator', + }, +] + + +# Internationalization +# https://docs.djangoproject.com/en/3.0/topics/i18n/ + +LANGUAGE_CODE = 'en-us' + +TIME_ZONE = 'UTC' + +USE_I18N = True + +USE_L10N = True + +USE_TZ = True + + +# Static files (CSS, JavaScript, Images) +# https://docs.djangoproject.com/en/3.0/howto/static-files/ + +STATIC_URL = '/static/' + +# OAuth Settings +OAUTH_URL_WHITELISTS = [] + +OAUTH_CLIENT_NAME = '' + + +OAUTH_CLIENT = { + 'client_id': '', + 'client_secret': '', + 'access_token_url': 'https://meta.wikimedia.org/w/rest.php/oauth2/access_token', + 'authorize_url': 'https://meta.wikimedia.org/w/rest.php/oauth2/authorize', + 'api_base_url': 'https://meta.wikimedia.org/w/rest.php/oauth2/resource', + 'redirect_uri': 'http://localhost:8000/oauth/callback', + 'client_kwargs': { + 'scope': 'basic', + 'token_placement': 'header' + }, + 'userinfo_endpoint': 'resource/profile', +} + +OAUTH_COOKIE_SESSION_ID = 'sso_session_id' + diff --git a/oauth_demo/urls.py b/oauth_demo/urls.py new file mode 100644 index 0000000..1652f60 --- /dev/null +++ b/oauth_demo/urls.py @@ -0,0 +1,23 @@ +"""oauth_demo URL Configuration + +The `urlpatterns` list routes URLs to views. For more information please see: + https://docs.djangoproject.com/en/3.0/topics/http/urls/ +Examples: +Function views + 1. Add an import: from my_app import views + 2. Add a URL to urlpatterns: path('', views.home, name='home') +Class-based views + 1. Add an import: from other_app.views import Home + 2. Add a URL to urlpatterns: path('', Home.as_view(), name='home') +Including another URLconf + 1. Import the include() function: from django.urls import include, path + 2. Add a URL to urlpatterns: path('blog/', include('blog.urls')) +""" +from django.contrib import admin +from django.urls import path +from oauth_demo.views import index + +urlpatterns = [ + path('', index), + path('admin/', admin.site.urls), +] diff --git a/oauth_demo/views.py b/oauth_demo/views.py new file mode 100644 index 0000000..4e1b8f6 --- /dev/null +++ b/oauth_demo/views.py @@ -0,0 +1,6 @@ +from django.http import HttpResponse + + +def index(request): + msg = "Hello %s, you're logined." % request.session['user']['username'] + return HttpResponse(msg) diff --git a/oauth_demo/wsgi.py b/oauth_demo/wsgi.py new file mode 100644 index 0000000..b3bad92 --- /dev/null +++ b/oauth_demo/wsgi.py @@ -0,0 +1,16 @@ +""" +WSGI config for oauth_demo project. + +It exposes the WSGI callable as a module-level variable named ``application``. + +For more information on this file, see +https://docs.djangoproject.com/en/3.0/howto/deployment/wsgi/ +""" + +import os + +from django.core.wsgi import get_wsgi_application + +os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'oauth_demo.settings') + +application = get_wsgi_application() diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..08c13a2 --- /dev/null +++ b/requirements.txt @@ -0,0 +1,16 @@ +asgiref==3.7.2 +Authlib==1.2.1 +certifi==2023.7.22 +cffi==1.16.0 +chardet==5.2.0 +charset-normalizer==3.3.0 +cryptography==41.0.4 +Django==4.2.6 +idna==3.4 +pycparser==2.21 +pytz==2023.3.post1 +requests==2.31.0 +six==1.16.0 +sqlparse==0.4.4 +typing_extensions==4.8.0 +urllib3==2.0.6