backoffice: Addition of headless allauth for ORCID login

* ref: cern-sis/issues-inspire/issues/509
inspirehep · Sep 25, 2024 · b0bc197 · b0bc197
1 parent 2e9d815
commit b0bc197
Show file tree

Hide file tree

Showing 7 changed files with 37 additions and 70 deletions.
diff --git a/backoffice/.envs/local/.django b/backoffice/.envs/local/.django
@@ -24,3 +24,6 @@ AIRFLOW_BASE_URL=http://airflow-webserver:8080
 AIRFLOW_TOKEN=YWlyZmxvdzphaXJmbG93
 
 SERVICENOW_URL=https://cerntraining.service-now.com
+
+# Frontend
+FRONTEND_LOGIN_SUCCESS=http://127.0.0.1:5000/success
diff --git a/backoffice/config/settings/base.py b/backoffice/config/settings/base.py
@@ -95,6 +95,7 @@
     "allauth",
     "allauth.account",
     "allauth.socialaccount",
+    "allauth.headless",
     "django_celery_beat",
     "rest_framework",
     "rest_framework.authtoken",
@@ -127,7 +128,7 @@
 # https://docs.djangoproject.com/en/dev/ref/settings/#auth-user-model
 AUTH_USER_MODEL = "users.User"
 # https://docs.djangoproject.com/en/dev/ref/settings/#login-redirect-url
-LOGIN_REDIRECT_URL = "users:redirect"
+LOGIN_REDIRECT_URL = env("FRONTEND_LOGIN_SUCCESS", default="users:redirect")
 # https://docs.djangoproject.com/en/dev/ref/settings/#login-url
 LOGIN_URL = "account_login"
 
@@ -331,7 +332,7 @@
 # https://django-allauth.readthedocs.io/en/latest/configuration.html
 ACCOUNT_USER_MODEL_USERNAME_FIELD = None
 # https://django-allauth.readthedocs.io/en/latest/configuration.html
-ACCOUNT_EMAIL_VERIFICATION = "mandatory"
+ACCOUNT_EMAIL_VERIFICATION = False
 # https://django-allauth.readthedocs.io/en/latest/configuration.html
 ACCOUNT_ADAPTER = "backoffice.users.adapters.AccountAdapter"
 # https://django-allauth.readthedocs.io/en/latest/forms.html

diff --git a/backoffice/config/settings/local.py b/backoffice/config/settings/local.py
@@ -70,3 +70,18 @@
 # ------------------------------------------------------------------------------
 # http://whitenoise.evans.io/en/latest/django.html#using-whitenoise-in-development
 INSTALLED_APPS = ["whitenoise.runserver_nostatic"] + INSTALLED_APPS  # noqa: F405
+
+# ORCID
+# ----------
+SOCIALACCOUNT_PROVIDERS = {
+    "orcid": {
+        # For each OAuth based provider, either add a ``SocialApp``
+        # (``socialaccount`` app) containing the required client
+        # credentials, or list them here:
+        "APP": {
+            "client_id": env("ORCID_CLIENT_ID", default=""),
+            "secret": env("ORCID_CLIENT_SECRET", default=""),
+        },
+        "BASE_DOMAIN": "sandbox.orcid.org"
+    }
+}
diff --git a/backoffice/config/urls.py b/backoffice/config/urls.py
@@ -1,3 +1,4 @@
+from allauth.socialaccount.providers.orcid.views import oauth2_login
 from django.conf import settings
 from django.conf.urls.static import static
 from django.contrib import admin
@@ -8,6 +9,8 @@
 from drf_spectacular.views import SpectacularAPIView, SpectacularSwaggerView
 from rest_framework.authtoken.views import obtain_auth_token
 from rest_framework_simplejwt.views import TokenObtainPairView, TokenRefreshView
+from django.views.decorators.csrf import csrf_exempt
+
 
 urlpatterns = [
     path("", TemplateView.as_view(template_name="pages/home.html"), name="home"),
@@ -18,6 +21,7 @@
     path(settings.ADMIN_URL, admin.site.urls),
     # User management
     path("users/", include("backoffice.users.urls", namespace="users")),
+    path("accounts/orcid/login/", csrf_exempt(oauth2_login), name="orcid_login"),
     path("accounts/", include("allauth.urls")),
     path("", include("django_prometheus.urls")),
 ] + static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
@@ -40,6 +44,7 @@
     ),
     path("api/token/", TokenObtainPairView.as_view(), name="token_obtain_pair"),
     path("api/token/refresh/", TokenRefreshView.as_view(), name="token_refresh"),
+    path("api/_allauth/", include("allauth.headless.urls")),
 ]
 
 

diff --git a/backoffice/poetry.lock b/backoffice/poetry.lock
diff --git a/backoffice/pyproject.toml b/backoffice/pyproject.toml
@@ -125,7 +125,6 @@ uvicorn = {version = "0.23.2", extras = ["standard"]}
 django = "4.2.6"
 django-environ = "0.11.2"
 django-model-utils = "4.3.1"
-django-allauth = "0.57.0"
 django-crispy-forms = "2.1"
 crispy-bootstrap5 = "0.7"
 django-redis = "5.4.0"
@@ -151,6 +150,7 @@ opensearch-py = "2.6.0"
 djangorestframework-simplejwt = "^5.3.1"
 django-json-widget = "^2.0.1"
 sentry-sdk = "1.19.1"
+django-allauth = {version = "65.0.1", extras = ["headless"]}
 
 [tool.poetry.dev-dependencies]
 factory-boy = "3.3.0"

diff --git a/ruff.toml b/ruff.toml
@@ -1,5 +1,5 @@
 target-version = "py311"
-ignore = ["PT009"]
+lint.ignore = ["PT009"]
 
 [lint.flake8-tidy-imports]
 ban-relative-imports = "all"