WIP adding a frontpage to prompt login

controlpanel/core/auth/oidc.py

@@ -13,6 +13,7 @@
     "azure",
     client_id=settings.AUTHLIB_OAUTH_CLIENTS["azure"]["client_id"],
     # client_secret is not needed for PKCE flow
+    # TODO add this in?
     server_metadata_url=settings.AUTHLIB_OAUTH_CLIENTS["azure"]["server_metadata_url"],
     client_kwargs=settings.AUTHLIB_OAUTH_CLIENTS["azure"]["client_kwargs"],
 )

controlpanel/interfaces/web/auth/mixins.py

@@ -10,7 +10,7 @@ class OIDCLoginRequiredMixin(LoginRequiredMixin):
 
     def dispatch(self, request, *args, **kwargs):
         if not request.user.is_authenticated:
-            return redirect(reverse("login"))
+            return redirect(reverse("login-prompt"))
         if OIDCSessionValidator(request).expired():
-            return redirect(reverse("login"))
+            return redirect(reverse("login-prompt"))
         return super().dispatch(request, *args, **kwargs)

controlpanel/interfaces/web/context_processors.py

@@ -2,31 +2,33 @@
 
 
 def nav_items(request):
+    if not request.user.is_authenticated:
+        return {}
     quicksight_url = reverse("quicksight")
     datasources_url = reverse("datasources-list")
     return {
         "nav_items": [
             {"name": "Home", "url": "/", "active": request.get_full_path() == "/"},
-            {
-                "name": "Datasources",
-                "url": datasources_url,
-                "active": datasources_url in request.get_full_path(),
-            },
             {
                 "name": "Quicksight",
                 "url": quicksight_url,
                 "active": request.get_full_path() == quicksight_url,
             },
+            {
+                "name": "Datasources",
+                "url": datasources_url,
+                "active": datasources_url in request.get_full_path(),
+            },
         ]
     }
 
 
 def header_context(request):
-    is_logged_in = request.user.is_authenticated
+    is_logged_in = request.user and request.user.is_authenticated
     return {
         "header_nav_items": [
             {
-                "name": request.user.name,
+                "name": request.user.name if is_logged_in else "",
                 "url": "",
             },
             {

controlpanel/interfaces/web/templates/home.html

@@ -3,6 +3,7 @@
 {% extends "base.html" %}
 
 {% block content %}
+<h1 class="govuk-heading-xl">Welcome</h1>
 
 {% if user.is_authenticated %}
 <pre>
@@ -11,12 +12,7 @@
 {{ user.user_id }}
 </pre>
 
-<h1 class="govuk-heading-xl">User list</h1>
-{% for user in users %}
-    <li>{{ user.name }}: {{ user.nickname }}, {{ user.email }} </li>
-{% endfor %}
 <hr>
-<a href="{% url 'logout' %}">logout</a>
 <br/>
 {% else %}
 <a href="{% url 'login' %}">login</a>

controlpanel/interfaces/web/templates/login.html

@@ -0,0 +1,7 @@
+{% extends "base.html" %}
+
+{% block content %}
+<h1 class="govuk-heading-xl">Analytical Platform Dashboard</h1>
+
+<p><a class="govuk-button" href="{% url 'login' %}">Sign in</a></p>
+{% endblock content %}

controlpanel/interfaces/web/urls.py

@@ -6,11 +6,13 @@
     DatasourcesList,
     DatasourcesManage,
     IndexView,
+    LoginPromptView,
     QuicksightView,
 )
 
 urlpatterns = [
     path("", IndexView.as_view(), name="index"),
+    path("login/prompt/", LoginPromptView.as_view(), name="login-prompt"),
     path("login/", auth.OIDCLoginView.as_view(), name="login"),
     path("authenticate/", auth.OIDCAuthenticationView.as_view(), name="authenticate"),
     path("logout/", auth.LogoutView.as_view(), name="logout"),

controlpanel/interfaces/web/views.py

@@ -25,6 +25,10 @@ def get_context_data(self, **kwargs: Any) -> dict[str, Any]:
         return context
 
 
+class LoginPromptView(TemplateView):
+    template_name = "login.html"
+
+
 class QuicksightView(OIDCLoginRequiredMixin, TemplateView):
     template_name = "quicksight.html"
 
@@ -35,7 +39,7 @@ def get_context_data(self, **kwargs: Any) -> dict[str, Any]:
         session_name = "michaeljcollinsuk"
         try:
             response = qs.register_user(
-                IdentityType='IAM',
+                IdentityType="IAM",
                 IamArn=f"arn:aws:iam::525294151996:role/{rolename}",
                 SessionName=session_name,
                 Email="[email protected]",
@@ -51,7 +55,7 @@ def get_context_data(self, **kwargs: Any) -> dict[str, Any]:
         response = qs.generate_embed_url_for_registered_user(
             **{
                 "AwsAccountId": os.environ.get("QUICKSIGHT_ACCOUNT_ID"),
-                "UserArn": f"arn:aws:quicksight:eu-west-1:525294151996:user/default/{rolename}/{session_name}",
+                "UserArn": f"arn:aws:quicksight:eu-west-1:525294151996:user/default/{rolename}/{session_name}",  # noqa
                 "ExperienceConfiguration": {"QuickSightConsole": {"InitialPath": "/start"}},
             }
         )
@@ -70,9 +74,10 @@ def describe_policy_assignment(self, qs, name):
         return qs.describe_iam_policy_assignment(
             AwsAccountId=os.environ.get("QUICKSIGHT_ACCOUNT_ID"),
             Namespace="default",
-            AssignmentName="michael-test-1"
+            AssignmentName="michael-test-1",
         )
 
+
 class DatasourcesList(OIDCLoginRequiredMixin, ListView):
     template_name = "datasources-list.html"
     model = Datasource

controlpanel/settings/common.py

@@ -218,7 +218,6 @@
 )
 AZURE_LOGOUT_URL = f"https://login.microsoftonline.com/{AZURE_TENANT_ID}/oauth2/v2.0/logout"
 AZURE_CODE_CHALLENGE_METHOD = os.environ.get("AZURE_CODE_CHALLENGE_METHOD", "S256")
-
 AUTHLIB_OAUTH_CLIENTS = {
     "azure": {
         "client_id": AZURE_CLIENT_ID,