Added oauth / open id connect provider support

memberportal/membermatters/oidc_provider_settings.py

@@ -0,0 +1,10 @@
+def userinfo(claims, user):
+    # Populate claims dict.
+    claims["name"] = "{0} {1}".format(user.profile.first_name, user.profile.last_name)
+    claims["given_name"] = user.profile.first_name or "NO_FIRSTNAME"
+    claims["family_name"] = user.profile.last_name or "NO_LASTNAME"
+    claims["nickname"] = user.profile.screen_name or "NO_SCREENNAME"
+    claims["email"] = user.email
+    claims["phone_number"] = user.profile.phone or "NO_PHONENUMBER"
+
+    return claims

memberportal/membermatters/settings.py

@@ -56,6 +56,7 @@
     "django.contrib.messages",
     "django.contrib.staticfiles",
     "django.contrib.humanize",
+    "oidc_provider",
     "channels",
     "profile",
     "access",
@@ -270,7 +271,7 @@
     "MM_STATIC_LOCATION", "/usr/src/app/memberportal/membermatters/static"
 )
 LOGIN_REDIRECT_URL = "/"
-LOGIN_URL = "/signin"
+LOGIN_URL = "/login"
 MEDIA_URL = "/media/"
 MEDIA_ROOT = os.environ.get("MM_MEDIA_LOCATION", "/usr/src/data/media/")
 
@@ -287,3 +288,8 @@
 CONSTANCE_BACKEND = "membermatters.constance_backend.DatabaseBackend"
 CONSTANCE_CONFIG = CONSTANCE_CONFIG
 CONSTANCE_CONFIG_FIELDSETS = CONSTANCE_CONFIG_FIELDSETS
+
+OIDC_USERINFO = "membermatters.oidc_provider_settings.userinfo"
+
+# Needed for testing OIDC on local development environment with ngrok (oauth requires HTTPS)
+# SITE_URL = "https://1bd0-122-148-148-138.ngrok-free.app"

memberportal/membermatters/urls.py

@@ -38,6 +38,7 @@ def safe_constance_get(fld: str):
 #     pass
 
 urlpatterns = [
+    path("openid/", include("oidc_provider.urls", namespace="oidc_provider")),
     path("", include("access.urls")),
     path("", include("memberbucks.urls")),
     path("", include("api_spacedirectory.urls")),

memberportal/requirements.txt

@@ -27,3 +27,4 @@ redis~=4.3.1
 twilio~=7.9.2
 django-prometheus==2.2.0
 psycopg2-binary~=2.9.6
+django-oidc-provider~=0.8.0

src-frontend/quasar.config.js

@@ -134,6 +134,10 @@ module.exports = configure(async function (ctx) {
           target: 'http://127.0.0.1:8000',
           changeOrigin: true,
         },
+        '/openid': {
+          target: 'http://127.0.0.1:8000',
+          changeOrigin: true,
+        },
         '/static': {
           target: 'http://127.0.0.1:8000',
           changeOrigin: true,

src-frontend/src/components/LoginCard.vue

@@ -322,6 +322,12 @@ export default defineComponent({
 
       this.loginComplete = true;
       this.$emit('login-complete');
+
+      // oidc login redirect
+      if (this.$route.query.next)
+        window.location.replace(this.$route.query.next as string);
+
+      // our own login redirect
       if (this.$route.query.nextUrl) {
         this.setLoggedIn(true);
         this.$router.push(this.$route.query.nextUrl as string);