Merge pull request #5 from saundersmatt/oidc

Stuart J Mackintosh · web-flow · commit 57a5bc5d4518 · 2020-03-19T17:10:03.000Z
Implement test OIDC functionality
diff --git a/c19-backend/C19/settings.py b/c19-backend/C19/settings.py
@@ -25,7 +25,7 @@
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True
 
-ALLOWED_HOSTS = []
+ALLOWED_HOSTS = ['*']
 
 
 # Application definition
@@ -37,10 +37,9 @@
     'django.contrib.sessions',
     'django.contrib.messages',
     'django.contrib.staticfiles',
-
+    'mozilla_django_oidc',
     'corsheaders',
     'rest_framework',
-
     'api',
 ]
 
@@ -60,7 +59,7 @@
 TEMPLATES = [
     {
         'BACKEND': 'django.template.backends.django.DjangoTemplates',
-        'DIRS': [],
+        'DIRS': [os.path.join(BASE_DIR, 'templates')],
         'APP_DIRS': True,
         'OPTIONS': {
             'context_processors': [
@@ -140,5 +139,22 @@
     base_url=os.environ['C19_BACKEND_EHRBASE_URL'],
 )
 
+# mozilla-django-oidc
+
+AUTHENTICATION_BACKENDS = (
+    'mozilla_django_oidc.auth.OIDCAuthenticationBackend',
+)
+
+OIDC_RP_CLIENT_ID = os.environ['OIDC_RP_CLIENT_ID']
+OIDC_RP_CLIENT_SECRET = os.environ['OIDC_RP_CLIENT_SECRET']
+OIDC_RP_SIGN_ALGO = os.environ['OIDC_RP_SIGN_ALGO']
+OIDC_RP_IDP_SIGN_KEY = os.environ['OIDC_RP_IDP_SIGN_KEY']
+OIDC_OP_AUTHORIZATION_ENDPOINT = os.environ['OIDC_OP_AUTHORIZATION_ENDPOINT']
+OIDC_OP_TOKEN_ENDPOINT = os.environ['OIDC_OP_TOKEN_ENDPOINT']
+OIDC_OP_USER_ENDPOINT = os.environ['OIDC_OP_USER_ENDPOINT']
+
+LOGOUT_REDIRECT_URL = '/'
+LOGIN_REDIRECT_URL = '/'
+
 CORS_ORIGIN_WHITELIST = tuple(
     os.environ['C19_BACKEND_CORS_ORIGIN_WHITELIST'].split('|'))
diff --git a/c19-backend/C19/urls.py b/c19-backend/C19/urls.py
@@ -16,7 +16,13 @@
 from django.contrib import admin
 from django.urls import path, include
 
+from .views import HomePageView
+
+
 urlpatterns = [
+    path('oidc/', include('mozilla_django_oidc.urls')),
     path('admin/', admin.site.urls),
-    path('api/', include('api.urls'))
+    path('api/', include('api.urls')),
+    path('', HomePageView.as_view(), name='home')
+    
 ]
diff --git a/c19-backend/C19/views.py b/c19-backend/C19/views.py
@@ -0,0 +1,6 @@
+from django.views.generic.base import TemplateView
+
+
+class HomePageView(TemplateView):
+
+    template_name = "home.html"
diff --git a/c19-backend/requirements.txt b/c19-backend/requirements.txt
@@ -6,4 +6,5 @@ pydevd-pycharm~=193.6494.30
 toolz
 attrs
 djangorestframework-simplejwt==4.4.0
+mozilla-django-oidc
 django-cors-headers==3.2.1
diff --git a/c19-backend/templates/home.html b/c19-backend/templates/home.html
@@ -0,0 +1,22 @@
+<html>
+  <body>
+    <div>
+      Welcome to testrp!
+    </div>
+    <div>
+      {% if request.user.is_authenticated %}
+        <p>Current user: {{ user.email }}</p>
+        <div>
+          <form action="/oidc/logout/" method="POST">
+            {% csrf_token %}
+            <input type="submit" value="Logout"/>
+          </form>
+        </div>
+      {% else %}
+        <a href="{% url 'oidc_authentication_init' %}">
+          Login
+        </a>
+      {% endif %}
+    </div>
+  </body>
+</html>
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -7,10 +7,18 @@ services:
       DJANGO_POSTGRES_PASSWORD: ${DJANGO_POSTGRES_PASSWORD}
       DJANGO_POSTGRES_DB: ${DJANGO_POSTGRES_DB}
       C19_BACKEND_SECRET_KEY: ${C19_BACKEND_SECRET_KEY}
+      C19_API_EHRBASE_URL: http://ehrbase:8080
+      OIDC_RP_CLIENT_ID: ${OIDC_RP_CLIENT_ID}
+      OIDC_RP_CLIENT_SECRET: ${OIDC_RP_CLIENT_SECRET}
+      OIDC_RP_SIGN_ALGO: ${OIDC_RP_SIGN_ALGO}
+      OIDC_RP_IDP_SIGN_KEY: ${OIDC_RP_IDP_SIGN_KEY}
+      OIDC_OP_AUTHORIZATION_ENDPOINT: ${OIDC_OP_AUTHORIZATION_ENDPOINT}
+      OIDC_OP_TOKEN_ENDPOINT: ${OIDC_OP_TOKEN_ENDPOINT}
+      OIDC_OP_USER_ENDPOINT: ${OIDC_OP_USER_ENDPOINT}
       C19_BACKEND_EHRBASE_URL: http://ehrbase:8080
       C19_BACKEND_CORS_ORIGIN_WHITELIST: ${C19_BACKEND_CORS_ORIGIN_WHITELIST}
-      # volumes:
-      #   - ./django/C19:/app
+    volumes:
+      - ./c19-backend:/app
     ports:
       - ${C19_BACKEND_PORT}:8000
     depends_on:
@@ -58,6 +66,16 @@ services:
       - ehrbase_net
     restart: always
 
+  testprovider:
+    stdin_open: true
+    tty: true
+    image: mozilla/oidc-testprovider:oidc_testprovider-latest
+    ports:
+      - "${TESTPROVIDER_PORT}:8080"
+    networks:
+      - django_net
+  
+
 networks:
   django_net:
   ehrbase_net:
diff --git a/docs/examples/dotenv b/docs/examples/dotenv
@@ -19,3 +19,13 @@ SYSTEM_NAME=local.ehrbase.org
 
 C19_BACKEND_PORT=8000
 EHRBASE_PORT=8001
+
+OIDC_RP_CLIENT_ID=1
+OIDC_RP_CLIENT_SECRET=bd01adf93cfb
+OIDC_RP_SIGN_ALGO=HS256
+OIDC_RP_IDP_SIGN_KEY=None
+OIDC_OP_AUTHORIZATION_ENDPOINT=http://testprovider:8080/openid/authorize
+OIDC_OP_TOKEN_ENDPOINT=http://testprovider:8080/openid/token
+OIDC_OP_USER_ENDPOINT=http://testprovider:8080/openid/userinfo
+
+TESTPROVIDER_PORT=8080
diff --git a/docs/examples/fixtures.json b/docs/examples/fixtures.json
@@ -0,0 +1,115 @@
+[
+    {
+      "model": "sites.site",
+      "pk": 1,
+      "fields": {
+        "domain": "testprovider:8080",
+        "name": "testprovider"
+      }
+    },
+    {
+      "model": "oidc_provider.responsetype",
+      "pk": 1,
+      "fields": {
+        "value": "code",
+        "description": "code (Authorization Code Flow)"
+      }
+    },
+    {
+      "model": "oidc_provider.responsetype",
+      "pk": 2,
+      "fields": {
+        "value": "id_token",
+        "description": "id_token (Implicit Flow)"
+      }
+    },
+    {
+      "model": "oidc_provider.responsetype",
+      "pk": 3,
+      "fields": {
+        "value": "id_token token",
+        "description": "id_token token (Implicit Flow)"
+      }
+    },
+    {
+      "model": "oidc_provider.responsetype",
+      "pk": 4,
+      "fields": {
+        "value": "code token",
+        "description": "code token (Hybrid Flow)"
+      }
+    },
+    {
+      "model": "oidc_provider.responsetype",
+      "pk": 5,
+      "fields": {
+        "value": "code id_token",
+        "description": "code id_token (Hybrid Flow)"
+      }
+    },
+    {
+      "model": "oidc_provider.responsetype",
+      "pk": 6,
+      "fields": {
+        "value": "code id_token token",
+        "description": "code id_token token (Hybrid Flow)"
+      }
+    },
+    {
+      "model": "oidc_provider.client",
+      "pk": 1,
+      "fields": {
+        "name": "testrpHS256",
+        "owner": null,
+        "client_type": "confidential",
+        "client_id": "1",
+        "client_secret": "bd01adf93cfb",
+        "jwt_alg": "HS256",
+        "date_created": "2017-11-10",
+        "website_url": "",
+        "terms_url": "",
+        "contact_email": "",
+        "logo": "",
+        "reuse_consent": true,
+        "require_consent": true,
+        "_redirect_uris": "http://c19-backend:8000/oidc/callback/",
+        "_post_logout_redirect_uris": "",
+        "_scope": "",
+        "response_types": [
+          1
+        ]
+      }
+    },
+    {
+      "model": "oidc_provider.client",
+      "pk": 2,
+      "fields": {
+        "name": "testrpRS256",
+        "owner": null,
+        "client_type": "confidential",
+        "client_id": "2",
+        "client_secret": "a6b4dad2f215",
+        "jwt_alg": "RS256",
+        "date_created": "2017-11-10",
+        "website_url": "",
+        "terms_url": "",
+        "contact_email": "",
+        "logo": "",
+        "reuse_consent": true,
+        "require_consent": true,
+        "_redirect_uris": "http://c19-backend:8000/oidc/callback/",
+        "_post_logout_redirect_uris": "",
+        "_scope": "",
+        "response_types": [
+          1
+        ]
+      }
+    },
+    {
+      "model": "oidc_provider.rsakey",
+      "pk": 3,
+      "fields": {
+        "key": "-----BEGIN RSA PRIVATE KEY-----\nMIICXAIBAAKBgQDAAgiIdiJG7GSMKTRbnGjWpHp1ulJ43/iQjDywWh5MP3in2PK8\nPVI6ItxIFLV81nWZMymA7hjfP7adOlxKY6rI+fExn8cTimI3W/oX6mHrPXm52uj/\nwe839pxxkeD7cmWgaif9Sujuy5AHUuUM1BTlO55POHkmhWyYMKC2P29qgQIDAQAB\nAoGAUHdJri6b1M8yoA6Qk6frw7AwZfAMqf1qxOEQefN6aQfcf7MKntqwAA8l88tB\n96xEokxvo0mlAMJJvIB9tusn4dIHKpmQGacQWVd/KONxPkvyuGgQXX5KCusZTbg7\ni6YQM52RGbExVFWLdGYJRBvzyfRkWX0b4LiderPZUiD6J/UCQQDZIgnLqYyGw3Ro\nnNboWYyOtLhKMF59f/0aSMXLlWdsnFG8kVm/7tw6jcDBalELci/+ExL2JACGwDea\n8DpvWiEDAkEA4mCovWmMDiS8tQCeY5NDic1wMp51+Ya8RX47bvb5F+X7SSE9L87y\n6eU9zVBSY8F+9npkvrxoU9PlKbS3Lzz1KwJAZ5/8BsuS+lnbe3Wmhtr93rlW3mk5\nHzHu7BVg+GkEI+xygcjoiVYImpU+MdB4fzrutpYJzZie+7BOmU4exTfBWwJBAKj+\nN3mO/Xrhee41VAhJuzV4I7XmDXQFXS8TmRKxVCq/COQC6EZ0W2q4M3a964OEw18E\n54hr5gYOPRjxS378JpkCQDjKw2Vyw0S0M8O2hOGuNsUtlGApYKt2iA41jGUf7bvO\nWz/tQuEIXQMd4e9zxNxOzPJOtjR1gyPZyi/FvsgDJDU=\n-----END RSA PRIVATE KEY-----"
+      }
+    }
+  ]
