Install and configure django-allauth.

96edb165 · Tom Teichler · f7485aa0 · 96edb165 · 96edb165 · 96edb165
Verified Commit 96edb165 authored 4 years ago by Tom Teichler
--- a/aleksis/core/menus.py
+++ b/aleksis/core/menus.py
@@ -9,6 +9,15 @@ MENUS = {
            "icon": "lock_open",
            "validators": ["menu_generator.validators.is_anonymous"],
        },
+        {
+            "name": _("Sign up"),
+            "url": "account_signup",
+            "icon": "how_to_reg",
+            "validators":
+            ["menu_generator.validators.is_anonymous",
+            ("aleksis.core.util.predicates.permission_validator", "core.can_register"),
+            ],
+        },
        {
            "name": _("Dashboard"),
            "url": "index",

--- a/aleksis/core/rules.py
+++ b/aleksis/core/rules.py
@@ -309,3 +309,7 @@ rules.add_perm("core.delete_dashboardwidget", delete_dashboard_widget_predicate)

 edit_default_dashboard_predicate = has_person & has_global_perm("core.edit_default_dashboard")
 rules.add_perm("core.edit_default_dashboard", edit_default_dashboard_predicate)
+
+# django-allauth
+can_register_predicate = is_site_preference_enabled(section="auth", pref="signup_enabled")
+rules.add_perm("core.can_register", can_register_predicate)
--- a/aleksis/core/settings.py
+++ b/aleksis/core/settings.py
@@ -99,6 +99,9 @@ INSTALLED_APPS = [
    "django_otp",
    "otp_yubikey",
    "aleksis.core",
+    "allauth",
+    "allauth.account",
+    "allauth.socialaccount",
    "health_check",
    "health_check.db",
    "health_check.cache",
@@ -220,6 +223,47 @@ AUTH_PASSWORD_VALIDATORS = [
 # Authentication backends are dynamically populated
 AUTHENTICATION_BACKENDS = []

+# Configuration for django-allauth.
+
+# Add configured social auth providers to INSTALLED_APPS
+for provider in _settings.get("auth.providers", {}).keys():
+    INSTALLED_APPS.append(f"allauth.socialaccount.providers.{provider}")
+
+# Get social auth providers from config
+SOCIALAUTH_PROVIDERS = {
+    f"{provider}": {"APP": config} for provider, config in _settings.get("auth.providers", {})
+}
+
+# Allow login by either username or email
+ACCOUNT_AUTHENTICATION_METHOD = _settings.get("auth.registration.method", "username_email")
+
+# Require email address to sign up
+ACCOUNT_EMAIL_REQUIRED = _settings.get("auth.registration.email_required", True)
+SOCIALACCOUNT_EMAIL_REQUIRED = _settings.get("auth.registration.email_required", True)
+
+# Require email verification after sigm up
+ACCOUNT_EMAIL_VERIFICATION = _settings.get("auth.registration.email_verification", "mandatory")
+SOCIALACCOUNT_EMAIL_VERIFICATION = _settings.get(
+    "auth.registration.email_verification", "mandatory"
+)
+
+# Email subject prefix for verification mails
+ACCOUNT_EMAIL_SUBJECT_PREFIX = _settings.get("auth.registration.subject", "[AlekSIS]")
+
+# Max attempts before login timeout
+ACCOUNT_LOGIN_ATTEMPTS_LIMIT = _settings.get("auth.login.login_limit", 5)
+
+# Login timeout after max attempts in seconds
+ACCOUNT_LOGIN_ATTEMPTS_TIMEOUT = _settings.get("auth.login.login_timeout", 300)
+
+# Email confirmation field in form
+ACCOUNT_SIGNUP_EMAIL_ENTER_TWICE = True
+
+# Enforce uniqueness of email addresses
+ACCOUNT_UNIQUE_EMAIL = _settings.get("auth.login.registration.unique_email", True)
+
+# LDAP config
+
 if _settings.get("ldap.uri", None):
    # LDAP dependencies are not necessarily installed, so import them here
    import ldap  # noqa
@@ -311,6 +355,9 @@ merge_app_settings("AUTHENTICATION_BACKENDS", CUSTOM_AUTHENTICATION_BACKENDS)
 # to verify passwords first
 AUTHENTICATION_BACKENDS.append("django.contrib.auth.backends.ModelBackend")

+# Authentication backend for django-allauth.
+AUTHENTICATION_BACKENDS.append("allauth.account.auth_backends.AuthenticationBackend")
+
 # Structure of items: backend, URL name, icon name, button title
 ALTERNATIVE_LOGIN_VIEWS = []
 merge_app_settings("ALTERNATIVE_LOGIN_VIEWS", ALTERNATIVE_LOGIN_VIEWS, True)

--- a/aleksis/core/templates/account/account_inactive.html
+++ b/aleksis/core/templates/account/account_inactive.html
+{% extends "core/base.html" %}
+
+{% load i18n material_form %}
+
+{% block browser_title %}{% trans "Account inactive" %}{% endblock %}
+{% block page_title %}{% trans "Account inactive" %}{% endblock %}
+
+{% block content %}
+  <div class="container">
+    <div class="card red">
+      <div class="card-content white-text">
+        <div class="material-icons small left">error_outline</div>
+        <span class="card-title">{% blocktrans %}Account inactive.{% endblocktrans %}</span>
+        <p>
+          {% blocktrans %}
+            This account is currently inactive. If you think this is an
+            error, please contact one of your site administrators.
+          {% endblocktrans %}
+        </p>
+        {% include "core/partials/admins_list.html" %}
+      </div>
+    </div>
+  </div>
+{% endblock %}
--- a/aleksis/core/templates/account/email/base_message.txt
+++ b/aleksis/core/templates/account/email/base_message.txt
+{% load i18n %}
+
+{% autoescape off %}
+
+{% blocktrans %}Hello!{% endblocktrans %}
+
+{% block content %}{% endblock %}
+
+{% trans "Your AlekSIS team" %}
+{% endautoescape %}
--- a/aleksis/core/templates/account/logout.html
+++ b/aleksis/core/templates/account/logout.html
+{% extends "core/base.html" %}
+
+{% load i18n %}
+
+{% block browser_title %}{% trans "Sign out" %}{% endblock %}
+{% block page_title %}{% trans "Sign out" %}{% endblock %}
+
+{% block content %}
+  <div class="alert warning">
+    <p>
+      <i class="material-icons left">warning</i>
+      {% blocktrans %}Already sure you want to sign out?{% endblocktrans %}
+    </p>
+  </div>
+
+  <form method="post" action="{% url 'account_logout' %}">
+    {% csrf_token %}
+    {% if redirect_field_value %}
+      <input type="hidden" name="{{ redirect_field_name }}" value="{{ redirect_field_value }}" />
+    {% endif %}
+    {% trans "Sign out" as caption %}
+    {% include "core/partials/save_button.html" with caption=caption icon="exit_to_app" %}
+  </form>
+
+{% endblock %}
--- a/aleksis/core/templates/account/password_change.html
+++ b/aleksis/core/templates/account/password_change.html
+{% extends "core/base.html" %}
+
+{% load i18n materia_form %}
+
+{% block browser_title %}{% trans "Change password" %}{% endblock %}
+{% block page_title %}{% trans "Change password" %}{% endblock %}
+
+{% block content %}
+  <div class="alert warning">
+    <p>
+      <i class="material-icons left">warning</i>
+      {% blocktrans %}Forgot your current password? Click here to reset it: <a href="{% url 'account_reset_password' %}">"Forgot Password?</a></a>.{% endblocktrans %}
+    </p>
+  </div>
+
+  <form method="post" action="{% url 'account_change_password' %}">
+    {% csrf_token %}
+    {% form form=form %}
+    {% trans "Change password" as caption %}
+    {% include "core/partials/save_button.html" with caption=caption icon="priotity_high" %}
+  </form>
+
+{% endblock %}
--- a/aleksis/core/templates/account/password_reset.html
+++ b/aleksis/core/templates/account/password_reset.html
+{% extends "core/base.html" %}
+
+{% load i18n material_form %}
+
+{% block browser_title %}{% trans "Reset password" %}{% endblock %}
+{% block page_title %}{% trans "Reset password" %}{% endblock %}
+
+{% block content %}
+  <div class="alert warning">
+    <p>
+      <i class="material-icons left">warning</i>
+      {% blocktrans %}Forgotten your password? Enter your e-mail address below, and we'll send you an e-mail allowing you to reset it..{% endblocktrans %}
+    </p>
+  </div>
+
+  <div class="alert warning">
+    <p>
+      <i class="material-icons left">warning</i>
+      {% blocktrans %}Please contact one of your site administrators, if you
+      have any troblue resetting your password:{% endblocktrans %}
+    </p>
+    {% include "core/partials/admins_list.html" %}
+  </div>
+
+  <form method="post" action="{% url 'account_reset_password' %}" class="password_reset">
+    {% csrf_token %}
+    {% form form=form %}
+    {% trans "Reset password" as caption %}
+    {% include "core/partials/save_button.html" with caption=caption icon="priotity_high" %}
+  </form>
+
+{% endblock %}
--- a/aleksis/core/templates/account/password_reset_done.html
+++ b/aleksis/core/templates/account/password_reset_done.html
+{% extends "core/base.html" %}
+
+{% load i18n %}
+
+{% block browser_title %}{% trans "Reset password" %}{% endblock %}
+{% block page_title %}{% trans "Reset password" %}{% endblock %}
+
+{% block content %}
+
+  <div class="container">
+    <div class="card green">
+      <div class="card-content white-text">
+        <div class="material-icons small left">success</div>
+        <span class="card-title">{% blocktrans %}Password reset mail sent!{% endblock %}</span>
+        <p>
+          {% blocktrans %}
+            We have sent you an e-mail. Please contact one of your site
+            administrators if you do not receive it within a few minutes.
+          {% endblocktrans %}
+        </p>
+        {% include "core/partials/admins_list.html" %}
+      </div>
+    </div>
+  </div>
+
+{% endblock %}
--- a/aleksis/core/templates/account/password_reset_from_key.html
+++ b/aleksis/core/templates/account/password_reset_from_key.html
+{% extends "core/base.html" %}
+
+{% load i18n %}
+
+{% block browser_title %}{% trans "Change password" %}{% endblock %}
+{% block page_title %}{% trans "Change password" %}{% endblock %}
+
+{% block content %}
+  {% if token_fail %}
+    <div class="container">
+      <div class="card red">
+        <div class="card-content white-text">
+          <div class="material-icons small left">error_outline</div>
+          <span class="card-title">{% blocktrans %}Bad token!{% endblocktrans %}</span>
+          <p>
+            {% url 'account_reset_password' as passwd_reset_url %}
+            {% blocktrans %}
+              The password reset link was invalid, possibly because it has already been used. Please request a <a href="{{ passwd_reset_url }}">new password reset</a>.
+            {% endblocktrans %}
+          </p>
+          <p>
+            {% blocktrans %}
+              If this issue persists, please contact one of your site
+              administrators
+            {% endblocktrans %}
+          </p>
+          {% include "core/partials/admins_list.html" %}
+        </div>
+      </div>
+    </div>
+  {% else  %}
+    {% if form %}
+      <form method="post" action="{% url 'account_change_password' %}">
+        {% csrf_token %}
+        {% trans "Change password" as caption %}
+        {% include "core/partials/save_button.html" with caption=caption icon="priotity_high" %}
+      </form>
+    {% else %}
+      <div class="alert success">
+        <p>
+          <i class="material-icons left">success</i>
+          {% blocktrans %}
+            Your password is now changed!
+          {% endblocktrans %}
+        </p>
+      </div>
+    {% endif %}
+  {% endif %}
+
+{% endblock %}
--- a/aleksis/core/templates/account/password_reset_from_key_done.html
+++ b/aleksis/core/templates/account/password_reset_from_key_done.html
+{% extends "core/base.html" %}
+
+{% load i18n %}
+
+{% block browser_title %}{% trans "Change password" %}{% endblock %}
+{% block page_title %}{% trans "Change password" %}{% endblock %}
+
+{% block content %}
+  <div class="container">
+    <div class="card green">
+      <div class="card-content white-text">
+        <div class="material-icons small left">success</div>
+        <span class="card-title">{% blocktrans %}Password changed!{% endblocktrans %}</span>
+        <p>
+          {% blocktrans %}
+            Your password is now changed!
+          {% endblocktrans %}
+        </p>
+      </div>
+    </div>
+  </div>
+{% endblock %}
--- a/aleksis/core/templates/account/password_set.html
+++ b/aleksis/core/templates/account/password_set.html
+{% extends "core/base.html" %}
+
+{% load i18n material_form %}
+
+{% block browser_title %}{% trans "Set password" %}{% endblock %}
+{% block page_title %}{% trans "Set password" %}{% endblock %}
+
+{% block content %}
+  <form method="post" action="{% url 'account_set_password' %}">
+    {% csrf_token %}
+    {% form form=form %}
+    {% trans "Set password" as caption %}
+    {% include "core/partials/save_button.html" with caption=caption icon="priotity_high" %}
+  </form>
+
+{% endblock %}
--- a/aleksis/core/templates/account/signup.html
+++ b/aleksis/core/templates/account/signup.html
+{% extends "core/base.html" %}
+
+{% load i18n material_form %}
+
+{% block browser_title %}{% trans "Signup" %}{% endblock %}
+{% block page_title %}{% trans "Signup" %}{% endblock %}
+
+{% block content %}
+  <div class="alert warning">
+    <p>
+      <i class="material-icons left">warning</i>
+      {% blocktrans %}Already have an account? Then please <a href="{{ login_url }}">sign in</a>.{% endblocktrans %}
+    </p>
+  </div>
+
+  <form method="post" action="{% url 'account_signup' %}">
+    {% csrf_token %}
+    {% form form=form %}{% endform %}
+    <input type="hidden" name="{{ redirect_field_name }}" value="{{ redirect_field_value }}" />
+    {% trans "Sign up" as caption %}
+    {% include "core/partials/save_button.html" with caption=caption icon="how_to_reg" %}
+  </form>
+
+{% endblock %}
--- a/aleksis/core/templates/account/signup_closed.html
+++ b/aleksis/core/templates/account/signup_closed.html
+{% extends "core/base.html" %}
+
+{% load i18n material_form %}
+
+{% block browser_title %}{% trans "Signup closed" %}{% endblock %}
+{% block page_title %}{% trans "Signup closed" %}{% endblock %}
+
+{% block content %}
+  <div class="container">
+    <div class="card red">
+      <div class="card-content white-text">
+        <div class="material-icons small left">error_outline</div>
+        <span class="card-title">{% blocktrans %}Signup closed.{% endblocktrans %}</span>
+        <p>
+          {% blocktrans %}
+            This sign up is currently closed. If you think this is an
+            error, please contact one of your site administrators.
+          {% endblocktrans %}
+        </p>
+        {% include "core/partials/admins_list.html" %}
+      </div>
+    </div>
+  </div>
+{% endblock %}
--- a/aleksis/core/templates/account/verification_email_required.html
+++ b/aleksis/core/templates/account/verification_email_required.html
+{% extends "core/base.html" %}
+
+{% load i18n %}
+
+{% block browser_title %}{% trans "Reset password" %}{% endblock %}
+{% block page_title %}{% trans "Reset password" %}{% endblock %}
+
+{% block content %}
+
+  <div class="container">
+    <div class="card green">
+      <div class="card-content white-text">
+        <div class="material-icons small left">success</div>
+        <span class="card-title">{% blocktrans %}Password reset mail sent!{% endblock %}</span>
+        <p>
+          {% blocktrans %}
+            We have sent you an e-mail. Please contact one of your site
+            administrators if you do not receive it within a few minutes.
+          {% endblocktrans %}
+        </p>
+        {% include "core/partials/admins_list.html" %}
+      </div>
+    </div>
+  </div>
+
+{% endblock %}
--- a/aleksis/core/templates/account/verification_sent.html
+++ b/aleksis/core/templates/account/verification_sent.html
+{% extends "core/base.html" %}
+
+{% load i18n %}
+
+{% block browser_title %}{% trans "Verify your email address" %}{% endblock %}
+{% block page_title %}{% trans "Verify your email address" %}{% endblock %}
+
+{% block content %}
+
+  <div class="container">
+    <div class="card red">
+      <div class="card-content white-text">
+        <div class="material-icons small left">error_outline</div>
+        <span class="card-title">{% blocktrans %}Verify your email!{% endblock %}</span>
+        <p>
+          {% blocktrans %}
+            This part of the site requires us to verify that you are who you claim to be.
+            For this purpose, we require that you verify ownership of your e-mail address.
+          {% endblocktrans %}
+        </p>
+        <p>
+          {% blocktrans %}
+            We have sent an e-mail to you for verification.
+            Please click on the link inside this e-mail. Please
+            contact us if you do not receive it within a few minutes.
+          {% endblocktrans %}
+        </p>
+        <p>
+          {% url 'account_email' as email_url %}
+          {% blocktrans %}<strong>Note:</strong> you can still <a href="{{ email_url }}">change your e-mail address</a>.{% endblocktrans %}
+        </p>
+        {% include "core/partials/admins_list.html" %}
+      </div>
+    </div>
+  </div>
+
+{% endblock %}
--- a/aleksis/core/templates/two_factor/core/login.html
+++ b/aleksis/core/templates/two_factor/core/login.html
 {# -*- engine:django -*- #}
 {% extends "two_factor/_base_focus.html" %}
-{% load i18n two_factor %}
+{% load i18n two_factor account socialaccount %}

 {% block browser_title %}
  {% trans "Login" %}
 {% endblock %}

 {% block content %}
+  {% get_providers as socialaccount_providers %}
+
  <h4>{% trans "Login" %}</h4>

  {% if wizard.steps.current == "auth" and user.is_authenticated %}
@@ -24,6 +26,8 @@
        {% blocktrans %}Please login to see this page.{% endblocktrans %}
      </p>
    </div>
+
+    {% include "socialaccount/snippets/provider_list.html" with process="login" %}
  {% endif %}

  {% if wizard.steps.current == 'auth' and ALTERNATIVE_LOGIN_VIEWS %}

--- a/aleksis/core/urls.py
+++ b/aleksis/core/urls.py
@@ -19,6 +19,7 @@ urlpatterns = [
    path("", include("django_prometheus.urls")),
    path("", include("pwa.urls"), name="pwa"),
    path("about/", views.about, name="about_aleksis"),
+    path("accounts/", include("allauth.urls")),
    path("admin/", admin.site.urls),
    path("data_management/", views.data_management, name="data_management"),
    path("status/", views.SystemStatus.as_view(), name="system_status"),

--- a/poetry.lock
+++ b/poetry.lock
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -94,6 +94,7 @@ django-prometheus = "^2.1.0"
 importlib-metadata = {version = "^3.0.0", python = "<3.9"}
 django-model-utils = "^4.0.0"
 bs4 = "^0.0.1"
+django-allauth = "^0.44.0"

 [tool.poetry.extras]
 ldap = ["django-auth-ldap"]