Skip to content

Commit 57a5bc5

Browse files
author
Stuart J Mackintosh
authored
Merge pull request #5 from saundersmatt/oidc
Implement test OIDC functionality
2 parents b7187ce + 58b5eb8 commit 57a5bc5

File tree

8 files changed

+201
-7
lines changed

8 files changed

+201
-7
lines changed

c19-backend/C19/settings.py

Lines changed: 20 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@
2525
# SECURITY WARNING: don't run with debug turned on in production!
2626
DEBUG = True
2727

28-
ALLOWED_HOSTS = []
28+
ALLOWED_HOSTS = ['*']
2929

3030

3131
# Application definition
@@ -37,10 +37,9 @@
3737
'django.contrib.sessions',
3838
'django.contrib.messages',
3939
'django.contrib.staticfiles',
40-
40+
'mozilla_django_oidc',
4141
'corsheaders',
4242
'rest_framework',
43-
4443
'api',
4544
]
4645

@@ -60,7 +59,7 @@
6059
TEMPLATES = [
6160
{
6261
'BACKEND': 'django.template.backends.django.DjangoTemplates',
63-
'DIRS': [],
62+
'DIRS': [os.path.join(BASE_DIR, 'templates')],
6463
'APP_DIRS': True,
6564
'OPTIONS': {
6665
'context_processors': [
@@ -140,5 +139,22 @@
140139
base_url=os.environ['C19_BACKEND_EHRBASE_URL'],
141140
)
142141

142+
# mozilla-django-oidc
143+
144+
AUTHENTICATION_BACKENDS = (
145+
'mozilla_django_oidc.auth.OIDCAuthenticationBackend',
146+
)
147+
148+
OIDC_RP_CLIENT_ID = os.environ['OIDC_RP_CLIENT_ID']
149+
OIDC_RP_CLIENT_SECRET = os.environ['OIDC_RP_CLIENT_SECRET']
150+
OIDC_RP_SIGN_ALGO = os.environ['OIDC_RP_SIGN_ALGO']
151+
OIDC_RP_IDP_SIGN_KEY = os.environ['OIDC_RP_IDP_SIGN_KEY']
152+
OIDC_OP_AUTHORIZATION_ENDPOINT = os.environ['OIDC_OP_AUTHORIZATION_ENDPOINT']
153+
OIDC_OP_TOKEN_ENDPOINT = os.environ['OIDC_OP_TOKEN_ENDPOINT']
154+
OIDC_OP_USER_ENDPOINT = os.environ['OIDC_OP_USER_ENDPOINT']
155+
156+
LOGOUT_REDIRECT_URL = '/'
157+
LOGIN_REDIRECT_URL = '/'
158+
143159
CORS_ORIGIN_WHITELIST = tuple(
144160
os.environ['C19_BACKEND_CORS_ORIGIN_WHITELIST'].split('|'))

c19-backend/C19/urls.py

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,13 @@
1616
from django.contrib import admin
1717
from django.urls import path, include
1818

19+
from .views import HomePageView
20+
21+
1922
urlpatterns = [
23+
path('oidc/', include('mozilla_django_oidc.urls')),
2024
path('admin/', admin.site.urls),
21-
path('api/', include('api.urls'))
25+
path('api/', include('api.urls')),
26+
path('', HomePageView.as_view(), name='home')
27+
2228
]

c19-backend/C19/views.py

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
from django.views.generic.base import TemplateView
2+
3+
4+
class HomePageView(TemplateView):
5+
6+
template_name = "home.html"

c19-backend/requirements.txt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,4 +6,5 @@ pydevd-pycharm~=193.6494.30
66
toolz
77
attrs
88
djangorestframework-simplejwt==4.4.0
9+
mozilla-django-oidc
910
django-cors-headers==3.2.1

c19-backend/templates/home.html

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
<html>
2+
<body>
3+
<div>
4+
Welcome to testrp!
5+
</div>
6+
<div>
7+
{% if request.user.is_authenticated %}
8+
<p>Current user: {{ user.email }}</p>
9+
<div>
10+
<form action="/oidc/logout/" method="POST">
11+
{% csrf_token %}
12+
<input type="submit" value="Logout"/>
13+
</form>
14+
</div>
15+
{% else %}
16+
<a href="{% url 'oidc_authentication_init' %}">
17+
Login
18+
</a>
19+
{% endif %}
20+
</div>
21+
</body>
22+
</html>

docker-compose.yml

Lines changed: 20 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,10 +7,18 @@ services:
77
DJANGO_POSTGRES_PASSWORD: ${DJANGO_POSTGRES_PASSWORD}
88
DJANGO_POSTGRES_DB: ${DJANGO_POSTGRES_DB}
99
C19_BACKEND_SECRET_KEY: ${C19_BACKEND_SECRET_KEY}
10+
C19_API_EHRBASE_URL: http://ehrbase:8080
11+
OIDC_RP_CLIENT_ID: ${OIDC_RP_CLIENT_ID}
12+
OIDC_RP_CLIENT_SECRET: ${OIDC_RP_CLIENT_SECRET}
13+
OIDC_RP_SIGN_ALGO: ${OIDC_RP_SIGN_ALGO}
14+
OIDC_RP_IDP_SIGN_KEY: ${OIDC_RP_IDP_SIGN_KEY}
15+
OIDC_OP_AUTHORIZATION_ENDPOINT: ${OIDC_OP_AUTHORIZATION_ENDPOINT}
16+
OIDC_OP_TOKEN_ENDPOINT: ${OIDC_OP_TOKEN_ENDPOINT}
17+
OIDC_OP_USER_ENDPOINT: ${OIDC_OP_USER_ENDPOINT}
1018
C19_BACKEND_EHRBASE_URL: http://ehrbase:8080
1119
C19_BACKEND_CORS_ORIGIN_WHITELIST: ${C19_BACKEND_CORS_ORIGIN_WHITELIST}
12-
# volumes:
13-
# - ./django/C19:/app
20+
volumes:
21+
- ./c19-backend:/app
1422
ports:
1523
- ${C19_BACKEND_PORT}:8000
1624
depends_on:
@@ -58,6 +66,16 @@ services:
5866
- ehrbase_net
5967
restart: always
6068

69+
testprovider:
70+
stdin_open: true
71+
tty: true
72+
image: mozilla/oidc-testprovider:oidc_testprovider-latest
73+
ports:
74+
- "${TESTPROVIDER_PORT}:8080"
75+
networks:
76+
- django_net
77+
78+
6179
networks:
6280
django_net:
6381
ehrbase_net:

docs/examples/dotenv

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,3 +19,13 @@ SYSTEM_NAME=local.ehrbase.org
1919

2020
C19_BACKEND_PORT=8000
2121
EHRBASE_PORT=8001
22+
23+
OIDC_RP_CLIENT_ID=1
24+
OIDC_RP_CLIENT_SECRET=bd01adf93cfb
25+
OIDC_RP_SIGN_ALGO=HS256
26+
OIDC_RP_IDP_SIGN_KEY=None
27+
OIDC_OP_AUTHORIZATION_ENDPOINT=http://testprovider:8080/openid/authorize
28+
OIDC_OP_TOKEN_ENDPOINT=http://testprovider:8080/openid/token
29+
OIDC_OP_USER_ENDPOINT=http://testprovider:8080/openid/userinfo
30+
31+
TESTPROVIDER_PORT=8080

docs/examples/fixtures.json

Lines changed: 115 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,115 @@
1+
[
2+
{
3+
"model": "sites.site",
4+
"pk": 1,
5+
"fields": {
6+
"domain": "testprovider:8080",
7+
"name": "testprovider"
8+
}
9+
},
10+
{
11+
"model": "oidc_provider.responsetype",
12+
"pk": 1,
13+
"fields": {
14+
"value": "code",
15+
"description": "code (Authorization Code Flow)"
16+
}
17+
},
18+
{
19+
"model": "oidc_provider.responsetype",
20+
"pk": 2,
21+
"fields": {
22+
"value": "id_token",
23+
"description": "id_token (Implicit Flow)"
24+
}
25+
},
26+
{
27+
"model": "oidc_provider.responsetype",
28+
"pk": 3,
29+
"fields": {
30+
"value": "id_token token",
31+
"description": "id_token token (Implicit Flow)"
32+
}
33+
},
34+
{
35+
"model": "oidc_provider.responsetype",
36+
"pk": 4,
37+
"fields": {
38+
"value": "code token",
39+
"description": "code token (Hybrid Flow)"
40+
}
41+
},
42+
{
43+
"model": "oidc_provider.responsetype",
44+
"pk": 5,
45+
"fields": {
46+
"value": "code id_token",
47+
"description": "code id_token (Hybrid Flow)"
48+
}
49+
},
50+
{
51+
"model": "oidc_provider.responsetype",
52+
"pk": 6,
53+
"fields": {
54+
"value": "code id_token token",
55+
"description": "code id_token token (Hybrid Flow)"
56+
}
57+
},
58+
{
59+
"model": "oidc_provider.client",
60+
"pk": 1,
61+
"fields": {
62+
"name": "testrpHS256",
63+
"owner": null,
64+
"client_type": "confidential",
65+
"client_id": "1",
66+
"client_secret": "bd01adf93cfb",
67+
"jwt_alg": "HS256",
68+
"date_created": "2017-11-10",
69+
"website_url": "",
70+
"terms_url": "",
71+
"contact_email": "",
72+
"logo": "",
73+
"reuse_consent": true,
74+
"require_consent": true,
75+
"_redirect_uris": "http://c19-backend:8000/oidc/callback/",
76+
"_post_logout_redirect_uris": "",
77+
"_scope": "",
78+
"response_types": [
79+
1
80+
]
81+
}
82+
},
83+
{
84+
"model": "oidc_provider.client",
85+
"pk": 2,
86+
"fields": {
87+
"name": "testrpRS256",
88+
"owner": null,
89+
"client_type": "confidential",
90+
"client_id": "2",
91+
"client_secret": "a6b4dad2f215",
92+
"jwt_alg": "RS256",
93+
"date_created": "2017-11-10",
94+
"website_url": "",
95+
"terms_url": "",
96+
"contact_email": "",
97+
"logo": "",
98+
"reuse_consent": true,
99+
"require_consent": true,
100+
"_redirect_uris": "http://c19-backend:8000/oidc/callback/",
101+
"_post_logout_redirect_uris": "",
102+
"_scope": "",
103+
"response_types": [
104+
1
105+
]
106+
}
107+
},
108+
{
109+
"model": "oidc_provider.rsakey",
110+
"pk": 3,
111+
"fields": {
112+
"key": "-----BEGIN RSA PRIVATE KEY-----\nMIICXAIBAAKBgQDAAgiIdiJG7GSMKTRbnGjWpHp1ulJ43/iQjDywWh5MP3in2PK8\nPVI6ItxIFLV81nWZMymA7hjfP7adOlxKY6rI+fExn8cTimI3W/oX6mHrPXm52uj/\nwe839pxxkeD7cmWgaif9Sujuy5AHUuUM1BTlO55POHkmhWyYMKC2P29qgQIDAQAB\nAoGAUHdJri6b1M8yoA6Qk6frw7AwZfAMqf1qxOEQefN6aQfcf7MKntqwAA8l88tB\n96xEokxvo0mlAMJJvIB9tusn4dIHKpmQGacQWVd/KONxPkvyuGgQXX5KCusZTbg7\ni6YQM52RGbExVFWLdGYJRBvzyfRkWX0b4LiderPZUiD6J/UCQQDZIgnLqYyGw3Ro\nnNboWYyOtLhKMF59f/0aSMXLlWdsnFG8kVm/7tw6jcDBalELci/+ExL2JACGwDea\n8DpvWiEDAkEA4mCovWmMDiS8tQCeY5NDic1wMp51+Ya8RX47bvb5F+X7SSE9L87y\n6eU9zVBSY8F+9npkvrxoU9PlKbS3Lzz1KwJAZ5/8BsuS+lnbe3Wmhtr93rlW3mk5\nHzHu7BVg+GkEI+xygcjoiVYImpU+MdB4fzrutpYJzZie+7BOmU4exTfBWwJBAKj+\nN3mO/Xrhee41VAhJuzV4I7XmDXQFXS8TmRKxVCq/COQC6EZ0W2q4M3a964OEw18E\n54hr5gYOPRjxS378JpkCQDjKw2Vyw0S0M8O2hOGuNsUtlGApYKt2iA41jGUf7bvO\nWz/tQuEIXQMd4e9zxNxOzPJOtjR1gyPZyi/FvsgDJDU=\n-----END RSA PRIVATE KEY-----"
113+
}
114+
}
115+
]

0 commit comments

Comments
 (0)