Merge pull request #1 from Valdemal/social-auth

Social auth

Author: Valdemal

client/main/oauth_backend.py

@@ -0,0 +1,35 @@
+import requests
+from django.conf import settings
+from social_core.backends.oauth import BaseOAuth2
+
+
+class DjangoOAuthToolkitBackend(BaseOAuth2):
+    name = 'django'
+    AUTHORIZATION_URL = settings.OAUTH2_BACKEND['AUTHORIZATION_URL']
+    ACCESS_TOKEN_URL = settings.OAUTH2_BACKEND['ACCESS_TOKEN_URL']
+    USER_DETAILS_URL = settings.OAUTH2_BACKEND['USER_DETAILS_URL']
+    ACCESS_TOKEN_METHOD = 'POST'
+
+    def get_user_details(self, response):
+        resp = requests.get(self.USER_DETAILS_URL, headers={
+            'Authorization': f'Bearer {response["access_token"]}',
+        })
+
+        resp.raise_for_status()
+
+        user_details = resp.json()
+        user_details['fullname'] = user_details['first_name'] + ' ' + user_details['last_name']
+
+        return user_details
+
+    def get_key_and_secret(self):
+        return settings.OAUTH2_BACKEND['CLIENT_ID'], settings.OAUTH2_BACKEND['CLIENT_SECRET']
+
+    # todo: Нужно будет получать uid
+    def get_user_id(self, details, response):
+        return details['id']
+
+
+
+
+

client/main/settings/__init__.py

@@ -0,0 +1,2 @@
+from .general import *
+from .authentication import *

client/main/settings/authentication.py

@@ -0,0 +1,16 @@
+LOGIN_URL = 'social/login/django/'
+
+SOCIAL_AUTH_URL_NAMESPACE = 'social'
+
+AUTHENTICATION_BACKENDS = (
+    "main.oauth_backend.DjangoOAuthToolkitBackend",
+    "django.contrib.auth.backends.ModelBackend"
+)
+
+OAUTH2_BACKEND = {
+    'CLIENT_ID': 'r3CuSXmOtHOGn0XWTy1MmmwzT3RI7I0Hu4i6LIqP',
+    'CLIENT_SECRET': 'client_secret&%$=',
+    'AUTHORIZATION_URL': 'http://127.0.0.1:8000/oauth/authorize/',
+    'ACCESS_TOKEN_URL': 'http://provider-nginx:8000/oauth/token/',
+    'USER_DETAILS_URL': 'http://provider-nginx:8000/api/users/me/'
+}

client/main/settings.py renamed to client/main/settings/general.py

@@ -1,7 +1,7 @@
 import os
 from pathlib import Path
 
-BASE_DIR = Path(__file__).resolve().parent.parent
+BASE_DIR = Path(__file__).resolve().parent.parent.parent
 
 SECRET_KEY = 'django-insecure-gr5(f&_g8bi6$y355u(c6p#ys83!t4*^45+i(jfa($83b=ljng'
 
@@ -16,17 +16,15 @@
     'django.contrib.sessions',
     'django.contrib.messages',
     'django.contrib.staticfiles',
-    'oauth2_provider',
+
+    # Сторонние пакеты
     'rest_framework',
     'drf_spectacular',
-]
 
-OAUTH2_PROVIDER = {
-    'RESOURCE_SERVER_INTROSPECTION_URL': 'http://provider-nginx:8000/oauth/introspect/',
-    'RESOURCE_SERVER_INTROSPECTION_CREDENTIALS': (
-        os.getenv('CLIENT_ID'), os.getenv('CLIENT_SECRET')
-    )
-}
+    # OAuth
+    'oauth2_provider',
+    'social_django',
+]
 
 REST_FRAMEWORK = {
     'DEFAULT_AUTHENTICATION_CLASSES': (
@@ -35,6 +33,8 @@
     'DEFAULT_SCHEMA_CLASS': 'drf_spectacular.openapi.AutoSchema',
 }
 
+SESSION_COOKIE_NAME = 'clientsessionid'
+
 SPECTACULAR_SETTINGS = {
     'TITLE': 'OAuth 2.0 Client API',
     'VERSION': '1.0.0',
@@ -69,14 +69,16 @@
 TEMPLATES = [
     {
         'BACKEND': 'django.template.backends.django.DjangoTemplates',
-        'DIRS': [],
+        'DIRS': [os.path.join(BASE_DIR, 'templates')],
         'APP_DIRS': True,
         'OPTIONS': {
             'context_processors': [
                 'django.template.context_processors.debug',
                 'django.template.context_processors.request',
                 'django.contrib.auth.context_processors.auth',
                 'django.contrib.messages.context_processors.messages',
+                'social_django.context_processors.backends',
+                'social_django.context_processors.login_redirect',
             ],
         },
     },
@@ -97,20 +99,6 @@
 # Password validation
 # https://docs.djangoproject.com/en/4.1/ref/settings/#auth-password-validators
 
-AUTH_PASSWORD_VALIDATORS = [
-    {
-        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
-    },
-    {
-        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
-    },
-    {
-        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
-    },
-    {
-        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
-    },
-]
 
 # Internationalization
 # https://docs.djangoproject.com/en/4.1/topics/i18n/

client/main/urls.py

@@ -3,14 +3,17 @@
 from drf_spectacular.views import SpectacularAPIView, SpectacularSwaggerView
 from rest_framework import routers
 
-from main.views import UserViewSet
+from .views import UserViewSet, index, logout
 
 router = routers.DefaultRouter()
 router.register(r'users', UserViewSet)
 
 urlpatterns = [
+    path('', index, name='index'),
     path('admin/', admin.site.urls),
-    path('api/', include(router.urls)),
+    path('api/', include(router.urls), name='api'),
+    path('social/', include('social_django.urls'), name='social'),
+    path('logout/', logout, name='logout')
 ]
 
 urlpatterns += [

client/main/views.py

@@ -1,8 +1,11 @@
+from django.contrib.auth import logout as auth_logout
+from django.contrib.auth.decorators import login_required
 from django.contrib.auth.models import User
+from django.shortcuts import render, redirect
 from oauth2_provider.contrib.rest_framework import TokenHasReadWriteScope
 from rest_framework import viewsets, permissions
 
-from main.serializers import UserSerializer
+from .serializers import UserSerializer
 
 
 class UserViewSet(viewsets.ModelViewSet):
@@ -14,3 +17,13 @@ class UserViewSet(viewsets.ModelViewSet):
     permission_classes = [permissions.IsAuthenticated, TokenHasReadWriteScope]
     required_scopes = ['test']
 
+
+@login_required
+def index(request):
+    return render(request, 'index.html', context={'user': request.user})
+
+
+def logout(request):
+    """Logs out user"""
+    auth_logout(request)
+    return redirect('index')

client/templates/index.html

@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>Клиент OAuth</title>
+</head>
+<body>
+<h1>Клиент OAuth</h1>
+<hr>
+<h3>Данные пользователя</h3>
+<p>Логин: {{ user.username }}</p>
+<p>Имя: {{ user.first_name }}</p>
+<p>Фамилия: {{ user.last_name }}</p>
+<hr>
+<a href="{% url 'docs' %}">API</a>
+<a href="{% url 'admin:index' %}">admin</a>
+<a href="{% url 'logout' %}">Выйти</a>
+</body>
+</html>

docker-compose.yml

@@ -8,12 +8,15 @@ services:
     command: gunicorn main.wsgi:application --bind 0.0.0.0:8000
     volumes:
       - ./provider:/usr/src/provider
+      - static_volume:/usr/src/static
     expose:
       - 8000
 
   provider-nginx:
     container_name: oauth-example-provider-nginx
     build: ./provider/nginx
+    volumes:
+      - static_volume:/usr/src/static
     ports:
       - "8000:8000"
     depends_on:
@@ -27,7 +30,11 @@ services:
     command: python manage.py runserver 0.0.0.0:80
     volumes:
       - ./client:/usr/src/client
+      - static_volume:/usr/src/static
     ports:
       - "80:80"
     depends_on:
       - provider
+
+volumes:
+  static_volume:

provider/main/serializers.py

@@ -0,0 +1,8 @@
+from django.contrib.auth.models import User
+from rest_framework import serializers
+
+
+class UserSerializer(serializers.HyperlinkedModelSerializer):
+    class Meta:
+        model = User
+        fields = ['username', 'email', 'first_name', 'last_name', 'is_staff', 'id']

provider/main/settings.py

@@ -1,3 +1,4 @@
+import os
 from pathlib import Path
 
 # Build paths inside the project like this: BASE_DIR / 'subdir'.
@@ -24,6 +25,8 @@
 
     'rest_framework',
     'corsheaders',
+    'djoser',
+    'drf_spectacular',
 
     'oauth2_provider',
 )
@@ -44,16 +47,14 @@
 TEMPLATES = [
     {
         'BACKEND': 'django.template.backends.django.DjangoTemplates',
-        'DIRS': [],
+        'DIRS': [os.path.join(BASE_DIR, 'templates')],
         'APP_DIRS': True,
         'OPTIONS': {
             'context_processors': [
                 'django.template.context_processors.debug',
                 'django.template.context_processors.request',
                 'django.contrib.auth.context_processors.auth',
                 'django.contrib.messages.context_processors.messages',
-                'social_django.context_processors.backends',
-                'social_django.context_processors.login_redirect',
             ],
         },
     },
@@ -98,6 +99,7 @@
         'test': 'test api',
         'introspection': 'Introspect token Scope',
     },
+    'PKCE_REQUIRED': False,
 }
 
 REST_FRAMEWORK = {
@@ -106,6 +108,22 @@
         'rest_framework.authentication.SessionAuthentication',
         'oauth2_provider.contrib.rest_framework.OAuth2Authentication',
     ],
+    'DEFAULT_SCHEMA_CLASS': 'drf_spectacular.openapi.AutoSchema',
+}
+
+DJOSER = {
+    'SERIALIZERS': {
+        'user': 'main.serializers.UserSerializer',
+        'current_user': 'main.serializers.UserSerializer',
+    }
+}
+
+SPECTACULAR_SETTINGS = {
+    'TITLE': 'OAuth 2.0 Provider API',
+    'VERSION': '1.0.0',
+    'SERVE_INCLUDE_SCHEMA': False,
+    'COMPONENT_SPLIT_REQUEST': True,
+    'SCHEMA_PATH_PREFIX': '/api/',
 }
 
 LANGUAGE_CODE = 'ru'
@@ -117,9 +135,11 @@
 USE_TZ = True
 
 STATIC_URL = 'static/'
+STATIC_ROOT = BASE_DIR.parent / 'static/'
+
 
 DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
 
 CORS_ALLOW_ALL_ORIGINS = True
 
-CSRF_TRUSTED_ORIGINS = ['http://127.0.0.1:8000']
+CSRF_TRUSTED_ORIGINS = ['http://127.0.0.1:8000']