diff --git a/markdownblog/markdownblog/settings.py b/markdownblog/markdownblog/settings.py index dafa80c..f66bc1d 100644 --- a/markdownblog/markdownblog/settings.py +++ b/markdownblog/markdownblog/settings.py @@ -116,7 +116,7 @@ AUTH_PASSWORD_VALIDATORS = [ LANGUAGE_CODE = 'en-us' -TIME_ZONE = 'UTC' +TIME_ZONE = os.environ['TIMEZONE'] USE_I18N = True @@ -155,9 +155,8 @@ if os.environ['ENABLE_NEXTCLOUD_OAUTH'] == "True": AUTHLIB_OAUTH_CLIENTS['nextcloud'] = { 'client_id': os.environ['NC_OAUTH_CLIENT_ID'], # "Client Identifier" in Nextcloud 'client_secret': os.environ['NC_OAUTH_CLIENT_SECRET'], # "Secret" in Nextcloud - 'request_token_url': os.environ['NC_BASE_URL'] + '/index.php/apps/oauth2/api/v1/token', - 'request_token_params': None, 'access_token_url': os.environ['NC_BASE_URL'] + '/index.php/apps/oauth2/api/v1/token', + 'request_token_params': None, 'access_token_params': None, 'refresh_token_url': None, 'authorize_url': os.environ['NC_BASE_URL'] + '/index.php/apps/oauth2/authorize', diff --git a/markdownblog/markdownblog/urls.py b/markdownblog/markdownblog/urls.py index 33ae98f..ed0b0b2 100644 --- a/markdownblog/markdownblog/urls.py +++ b/markdownblog/markdownblog/urls.py @@ -11,5 +11,5 @@ urlpatterns = [ path('accounts/', include('django.contrib.auth.urls')), path('accounts/2fa/', include(django_2fa.urls)), path('accounts/oauth//', oauth_view, name='oauth'), - path('accounts/oauth//authorize/',oauth_authorize, name='oauth_authorize') + path('accounts/oauth//callback',oauth_authorize, name='oauth_authorize') ] diff --git a/markdownblog/markdownblog/views.py b/markdownblog/markdownblog/views.py index 8305fc8..a377029 100644 --- a/markdownblog/markdownblog/views.py +++ b/markdownblog/markdownblog/views.py @@ -1,11 +1,14 @@ from django.conf import settings +from django.contrib.auth.models import User from django.contrib.auth.views import LoginView from django.shortcuts import render, redirect from django.contrib.auth import authenticate, login from authlib.integrations.django_client import OAuth +from django.urls import reverse oauth = OAuth() + def login_view(request): context = {'AUTHLIB_OAUTH_CLIENTS': settings.AUTHLIB_OAUTH_CLIENTS, 'form': LoginView.authentication_form} @@ -30,19 +33,29 @@ def login_view(request): def oauth_view(request, provider): context = {'AUTHLIB_OAUTH_CLIENTS': settings.AUTHLIB_OAUTH_CLIENTS, 'form': LoginView.authentication_form} - if provider == 'nextcloud': + # check if provider is configured and supported + if provider == 'nextcloud' and 'nextcloud' in settings.AUTHLIB_OAUTH_CLIENTS: oauth.register("nextcloud") - redirect_uri = request.build_absolute_uri("/accounts/oauth/nextcloud/authorize/") + redirect_uri = request.build_absolute_uri(reverse('oauth_authorize', args={'provider': 'nextcloud'})) return oauth.nextcloud.authorize_redirect(request, redirect_uri) else: context['error'] = f'Unknown oauth provider \"{provider}\"' return render(request, 'registration/login.html', context) + def oauth_authorize(request, provider): - if provider == 'nextcloud': + # handle oauth callback + if provider == 'nextcloud' and 'nextcloud' in settings.AUTHLIB_OAUTH_CLIENTS: token = oauth.nextcloud.authorize_access_token(request) - resp = oauth.nextcloud.get('user', token=token) - resp.raise_for_status() - profile = resp.json() - # do something with the token and profile - return '...' \ No newline at end of file + # extract username + oauth_username = token['user_id'] + # create user if necessary + newuser, _ = User.objects.get_or_create(username=oauth_username) + login(request, newuser) + else: + # return an error if provider is not configured + context = {'AUTHLIB_OAUTH_CLIENTS': settings.AUTHLIB_OAUTH_CLIENTS, 'form': LoginView.authentication_form, + 'error': f'Unknown oauth provider \"{provider}\"'} + return render(request, 'registration/login.html', context) + + return redirect(reverse('index'))