GitLocker: The Coding Marketplace

Description:

dsmdjangosocialauth 1.0.28

Djagno DSM Authentication
Requirements

python >= 3.6
django >= 2.0
social-auth-app-django
djangorestframework-simplejwt

Installation
pip install dsm-django-socialauth

Usage
Prerequisite

must be PROTOCOL://HOST/oauth/complete/dsmauth/

note: Callback URL must be same with decarelation in urls.py
in this example use http://127.0.0.1/oauth/complete/dsmauth/

in setting.py
INSTALLED_APPS = [
'dsmauth', # must be top of installed app
...
'social_django',
'rest_framework', # optional for use /authen/api/account/me/
...
]

add authentication backend in setting.py
AUTHENTICATION_BACKENDS = [
...
'django.contrib.auth.backends.ModelBackend',
'dsmauth.backend.dsmOAuth2',
...
]

set client id and client secret in setting.py
SOCIAL_AUTH_DSMAUTH_KEY = '<client_id>'
SOCIAL_AUTH_DSMAUTH_SECRET = '<client_secret>'

Sample SOCIAL_AUTH_PIPELINE
SOCIAL_AUTH_PIPELINE = [
'social_core.pipeline.social_auth.social_details',
'social_core.pipeline.social_auth.social_uid',
'social_core.pipeline.social_auth.social_user',
'social_core.pipeline.user.get_username',
'social_core.pipeline.user.create_user',
'social_core.pipeline.social_auth.associate_user',
'social_core.pipeline.social_auth.load_extra_data',
'social_core.pipeline.user.user_details',
'social_core.pipeline.social_auth.associate_by_email',
]

Add login redirect
LOGIN_REDIRECT_URL='<path to redirect>'

Setauth server name and url
OAUTH_DSM_SERVER_BASEURL = 'oauth.data.storemesh.com'
BASE_BACKEND_URL = '<backend domain> eg http://localhost:8000'

(optional) If use in internal ip address for DSM VMs
OAUTH_DSM_SCHEME = "<http or https>"
OAUTH_INTERNAL_IP = "<internal oauth provider ip address>"

add setting authen via simple jwt
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': [
'rest_framework_simplejwt.authentication.JWTAuthentication',
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.BasicAuthentication',
],
}

from datetime import timedelta
SIMPLE_JWT = {
'ACCESS_TOKEN_LIFETIME': timedelta(hours=1),
'REFRESH_TOKEN_LIFETIME': timedelta(days=1),
'ROTATE_REFRESH_TOKENS': False,
'BLACKLIST_AFTER_ROTATION': True,

'ALGORITHM': 'HS256',
'SIGNING_KEY': SECRET_KEY,
'VERIFYING_KEY': None,
'AUDIENCE': None,
'ISSUER': None,

'AUTH_HEADER_TYPES': ('Bearer',),
'USER_ID_FIELD': 'id',
'USER_ID_CLAIM': 'user_id',

'UPDATE_LAST_LOGIN':True
}

See more detail about social-app-django in (https://github.com/python-social-auth/social-app-django)

in urls.py
from django.urls import path, include
from dsmauth.complete import complete

urlpatterns = [
...
path('oauth/complete/<str:backend>/', complete, name='complete'),
path('oauth/', include('social_django.urls', namespace='social')),
path('authen/', include('dsmauth.urls'))

...
]

in template

template

...
<a href="{% url 'social:begin' 'dsmauth' %}">Login with DSM</a>
<a href="{% url 'logout' %}"> LOGOUT</a>
...

signin with next

...
<a
href="{% url 'social:begin' 'dsmauth' %}?next={{ request.scheme }}://{{ request.get_host }}{% url 'admin:index' %}"
>
Login with dsm
</a>
...

If use backend-frontend (Client Site Render)
can use authentication with JWT
in settings.py
BASE_FRONTEND_URL='http://localhost:3000/'

Authentication step

frontend href to <BACKEND_URL>/oauth/login/dsmauth

optional <BACKEND_URL>/oauth/login/dsmauth/?callback=<FRONTEND_URI>

FRONTEND_URI : domain frontend or localhost:xxxx
default: use in backend settings BASE_FRONTEND_URL and BASE_BACKEND_URL

backend authentication with oauth server
if authen complete backend callback to frontend <BASE_FRONTEND_URL>/callback?token=<REFRESH_TOKEN>

note BASE_FRONTEND_URL in backend/settings.py previous step

frontend request access token with refresh token via

request

[POST] : <BACKEND_URL>/authen/token/refresh/
body : {
"refresh" : "<REFRESH_TOKEN IN STEP 3>"
}

reponse

{
"access": "eyJ0eXAiOiJKV1Qi...ifZOpwg"
}

frontend collect access(access token) for request api

How to use

request to backend

URL : <BACKEND>/api/xxx
HEADER : {
'Authorization': "Bearer <ACCESS_TOKEN>"
}

logout / sign out

logout href to <BACKEND_URL>/authen/logout/

optional <BACKEND_URL>/authen/logout/?callback=<FRONTEND_URI>

FRONTEND_URI : domain frontend or localhost:xxxx
default: use in backend settings BASE_FRONTEND_URL and BASE_BACKEND_URL

Optional setup log
add settings in settings.py
MIDDLEWARE = [
...
'dsmauth.middleware.LogHeaderMiddleware',
...
]

it's can get log in response header

X-Username : (string) username ex mike
X-Error : (string) short traceback python exception ex
File /backend/searchapp/views.py, line 6, in error
i = 10/0
ZeroDivisionError: division by zero

Optional use JWT middleware
MIDDLEWARE = [
...
'dsmauth.middleware.JWTauthenticationMiddleware',
...
]

if pass jwt token in header can use request.user
SignIn Admin via Oauth

edit urls.py

...
admin.site.login_template = 'admin/custom-login.html'
admin.site.index_template = 'admin/custom-index.html'
admin.site.site_title = "<PROJECT NAME>"
admin.site.site_header = "<PROJECT NAME>"
...

Get user info
[GET]: <BASE_URI>/authen/api/account/me/
{
"id": 1,
"user": "system_admin",
"first_name": "system",
"last_name": "admin",
"email": "system_admin@email.com",
"image": null,
"role": [
{
"name": "DataUser"
},
{
"name": "SystemAdmin"
}
],
"permission": [
3,
7
]
}