implemented nextcloud oauth login

markdownblog/markdownblog/settings.py

@@ -116,7 +116,7 @@ AUTH_PASSWORD_VALIDATORS = [
 
 LANGUAGE_CODE = 'en-us'
 
-TIME_ZONE = 'UTC'
+TIME_ZONE = os.environ['TIMEZONE']
 
 USE_I18N = True
 
@@ -155,9 +155,8 @@ if os.environ['ENABLE_NEXTCLOUD_OAUTH'] == "True":
     AUTHLIB_OAUTH_CLIENTS['nextcloud'] = {
         'client_id': os.environ['NC_OAUTH_CLIENT_ID'],  # "Client Identifier" in Nextcloud
         'client_secret': os.environ['NC_OAUTH_CLIENT_SECRET'],  # "Secret" in Nextcloud
-        'request_token_url': os.environ['NC_BASE_URL'] + '/index.php/apps/oauth2/api/v1/token',
-        'request_token_params': None,
         'access_token_url': os.environ['NC_BASE_URL'] + '/index.php/apps/oauth2/api/v1/token',
+        'request_token_params': None,
         'access_token_params': None,
         'refresh_token_url': None,
         'authorize_url': os.environ['NC_BASE_URL'] + '/index.php/apps/oauth2/authorize',

markdownblog/markdownblog/urls.py

@@ -11,5 +11,5 @@ urlpatterns = [
     path('accounts/', include('django.contrib.auth.urls')),
     path('accounts/2fa/', include(django_2fa.urls)),
     path('accounts/oauth/<str:provider>/', oauth_view, name='oauth'),
-    path('accounts/oauth/<str:provider>/authorize/',oauth_authorize, name='oauth_authorize')
+    path('accounts/oauth/<str:provider>/callback',oauth_authorize, name='oauth_authorize')
 ]

markdownblog/markdownblog/views.py

@@ -1,11 +1,14 @@
 from django.conf import settings
+from django.contrib.auth.models import User
 from django.contrib.auth.views import LoginView
 from django.shortcuts import render, redirect
 from django.contrib.auth import authenticate, login
 from authlib.integrations.django_client import OAuth
+from django.urls import reverse
 
 oauth = OAuth()
 
+
 def login_view(request):
     context = {'AUTHLIB_OAUTH_CLIENTS': settings.AUTHLIB_OAUTH_CLIENTS, 'form': LoginView.authentication_form}
 
@@ -30,19 +33,29 @@ def login_view(request):
 def oauth_view(request, provider):
     context = {'AUTHLIB_OAUTH_CLIENTS': settings.AUTHLIB_OAUTH_CLIENTS, 'form': LoginView.authentication_form}
 
-    if provider == 'nextcloud':
+    # check if provider is configured and supported
+    if provider == 'nextcloud' and 'nextcloud' in settings.AUTHLIB_OAUTH_CLIENTS:
         oauth.register("nextcloud")
-        redirect_uri = request.build_absolute_uri("/accounts/oauth/nextcloud/authorize/")
+        redirect_uri = request.build_absolute_uri(reverse('oauth_authorize', args={'provider': 'nextcloud'}))
         return oauth.nextcloud.authorize_redirect(request, redirect_uri)
     else:
         context['error'] = f'Unknown oauth provider \"{provider}\"'
         return render(request, 'registration/login.html', context)
 
+
 def oauth_authorize(request, provider):
-    if provider == 'nextcloud':
+    # handle oauth callback
+    if provider == 'nextcloud' and 'nextcloud' in settings.AUTHLIB_OAUTH_CLIENTS:
         token = oauth.nextcloud.authorize_access_token(request)
-        resp = oauth.nextcloud.get('user', token=token)
-    resp.raise_for_status()
-    profile = resp.json()
-    # do something with the token and profile
-    return '...'
+        # extract username
+        oauth_username = token['user_id']
+        # create user if necessary
+        newuser, _ = User.objects.get_or_create(username=oauth_username)
+        login(request, newuser)
+    else:
+        # return an error if provider is not configured
+        context = {'AUTHLIB_OAUTH_CLIENTS': settings.AUTHLIB_OAUTH_CLIENTS, 'form': LoginView.authentication_form,
+                   'error': f'Unknown oauth provider \"{provider}\"'}
+        return render(request, 'registration/login.html', context)
+
+    return redirect(reverse('index'))