[PATCH V2] Make it possible, via a config setting, to use OpenID for authentication
Guilherme Salgado
guilherme.salgado at linaro.org
Tue Apr 19 22:38:38 EST 2011
The default still is to authenticate against the local user database, though.
Signed-off-by: Guilherme Salgado <guilherme.salgado at linaro.org>
---
This second version leaves the 'register' link untouched but makes it point to
a new page when patchwork is configured to use OpenID for authentication. That
new page just explains that OpenID is used and ask the user to just login.
apps/patchwork/context_processors.py | 12 ++++++++++--
apps/settings.py | 17 ++++++++++++++++-
apps/urls.py | 6 ++++++
3 files changed, 32 insertions(+), 3 deletions(-)
diff --git a/apps/patchwork/context_processors.py b/apps/patchwork/context_processors.py
index f4ab5a9..e6021e5 100644
--- a/apps/patchwork/context_processors.py
+++ b/apps/patchwork/context_processors.py
@@ -17,9 +17,10 @@
# along with Patchwork; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+from django.conf import settings
+from django.core.urlresolvers import reverse
from patchwork.models import Bundle
-from patchwork.utils import order_map, get_order
def bundle(request):
user = request.user
@@ -28,5 +29,12 @@ def bundle(request):
return {'bundles': Bundle.objects.filter(owner = user)}
-def patchlists(request):
+def register_url(request):
+ if settings.LOGIN_URL.startswith('/openid'):
+ return dict(register_url=reverse('openid_register'))
+ else:
+ return dict(register_url=reverse('registration_register'))
+
+def login_url(request):
+ return dict(login_url=settings.LOGIN_URL)
diff --git a/apps/settings.py b/apps/settings.py
index fd234af..bc16909 100644
--- a/apps/settings.py
+++ b/apps/settings.py
@@ -67,6 +67,18 @@ ROOT_URLCONF = 'apps.urls'
LOGIN_URL = '/accounts/login'
LOGIN_REDIRECT_URL = '/user/'
+# To make your Patchwork instance an OpenID relying party, you need to
+# uncomment the lines below in your local_settings.py, and
+# - Add 'django_openid_auth' to INSTALLED_APPS;
+# - Add 'django_openid_auth.auth.OpenIDBackend' to AUTHENTICATION_BACKENDS;
+# - Uncomment the '^openid/' url pattern in apps/urls.py
+# OPENID_CREATE_USERS = True
+# OPENID_UPDATE_DETAILS_FROM_SREG = True
+# LOGIN_URL = '/openid/login/'
+# The line below is optional and will cause the given URL to be always used as
+# the OpenID provider, so users won't have to enter their identity URL.
+# OPENID_SSO_SERVER_URL = 'https://login.launchpad.net/'
+
# If you change the ROOT_DIR setting in your local_settings.py, you'll need to
# re-define the variables that use this (MEDIA_ROOT and TEMPLATE_DIRS) too.
ROOT_DIR = '/srv/patchwork'
@@ -85,7 +97,10 @@ TEMPLATE_CONTEXT_PROCESSORS = (
"django.core.context_processors.auth",
"django.core.context_processors.debug",
"django.core.context_processors.i18n",
- "django.core.context_processors.media")
+ "django.core.context_processors.media",
+ "patchwork.context_processors.login_url",
+ "patchwork.context_processors.register_url",
+ )
AUTH_PROFILE_MODULE = "patchwork.userprofile"
diff --git a/apps/urls.py b/apps/urls.py
index 3894708..48e26ea 100644
--- a/apps/urls.py
+++ b/apps/urls.py
@@ -22,6 +22,7 @@ import os
from django.conf.urls.defaults import *
from django.conf import settings
from django.contrib import admin
+from django.views.generic.simple import direct_to_template
from registration.views import register
from patchwork.forms import RegistrationForm
@@ -40,6 +41,11 @@ urlpatterns = patterns('',
name='registration_register'),
(r'^accounts/', include('registration.urls')),
+ # Uncomment the lines below to use OpenID for authentication.
+ # (r'^openid/', include('django_openid_auth.urls')),
+ # url(r'^openid/register/$', direct_to_template,
+ # {'template': 'patchwork/openid-register.html'},
+ # name='openid_register'),
# Uncomment this for admin:
(r'^admin/', include(admin.site.urls)),
diff --git a/docs/INSTALL b/docs/INSTALL
index ee87e4d..d482a3c 100644
--- a/docs/INSTALL
+++ b/docs/INSTALL
@@ -92,6 +92,21 @@ in brackets):
cd ../python
ln -s ../packages/django-registration/registration ./registration
+ Two other libraries we may use, in case you use OpenID for
+ authentication, are django-openid-auth and the Python OpenID library.
+ The former is named python-django-openid-auth in Debian/Ubuntu and the
+ latter python-openid, but if they're not available in your
+ distribution, you can follow the steps below to get them:
+
+ cd lib/packages
+ wget http://launchpad.net/django-openid-auth/trunk/0.3/+download/django-openid-auth-0.3.tar.gz
+ wget --no-check-certificate https://github.com/openid/python-openid/tarball/2.2.5 -O python-openid-2.2.5.tgz
+ tar zxvf django-openid-auth-0.3.tar.gz
+ tar zxvf python-openid-2.2.5.tgz
+ cd ../python
+ ln -s ../packages/django-openid-auth-0.3/django_openid_auth ./django_openid_auth
+ ln -s ../packages/openid-python-openid-b666238/openid ./openid
+
We also use some Javascript libraries:
cd lib/packages
@@ -144,9 +159,15 @@ in brackets):
Postgresql:
psql -f lib/sql/grant-all.postgres.sql patchwork
+ # If your instance uses OpenID for authentication, you'll also need
+ # the following line
+ psql -f lib/sql/grant-openid.postgres.sql patchwork
MySQL:
mysql patchwork < lib/sql/grant-all.mysql.sql
+ # If your instance uses OpenID for authentication, you'll also need
+ # the following line
+ mysql patchwork < lib/sql/grant-openid.mysql.sql
3. Apache setup
diff --git a/lib/sql/grant-openid.mysql.sql b/lib/sql/grant-openid.mysql.sql
new file mode 100644
index 0000000..9a7edbf
--- /dev/null
+++ b/lib/sql/grant-openid.mysql.sql
@@ -0,0 +1,7 @@
+BEGIN;
+GRANT SELECT, UPDATE, INSERT, DELETE ON django_openid_auth_nonce TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON django_openid_auth_useropenid TO 'www-data'@localhost;
+GRANT SELECT, UPDATE, INSERT, DELETE ON django_openid_auth_association TO 'www-data'@localhost;
+
+COMMIT;
+
diff --git a/lib/sql/grant-openid.postgres.sql b/lib/sql/grant-openid.postgres.sql
new file mode 100644
index 0000000..e854f17
--- /dev/null
+++ b/lib/sql/grant-openid.postgres.sql
@@ -0,0 +1,15 @@
+BEGIN;
+-- give necessary permissions to the web server. Becuase the admin is all
+-- web-based, these need to be quite permissive
+GRANT SELECT, UPDATE, INSERT, DELETE ON
+ django_openid_auth_nonce,
+ django_openid_auth_useropenid,
+ django_openid_auth_association,
+TO "www-data";
+GRANT SELECT, UPDATE ON
+ django_openid_auth_association_id_seq,
+ django_openid_auth_nonce_id_seq,
+ django_openid_auth_useropenid_id_seq,
+TO "www-data";
+
+COMMIT;
diff --git a/templates/base.html b/templates/base.html
index e14470e..cc6c19f 100644
--- a/templates/base.html
+++ b/templates/base.html
@@ -28,9 +28,9 @@
<a href="{% url patchwork.views.user.profile %}">profile</a> ::
<a href="{% url auth_logout %}">logout</a>
{% else %}
- <a href="{% url auth_login %}">login</a>
+ <a href="{{ login_url }}">login</a>
<br/>
- <a href="{% url registration_register %}">register</a>
+ <a href="{{ register_url }}">register</a>
{% endif %}
</div>
<div style="clear: both;"></div>
diff --git a/templates/patchwork/openid-register.html b/templates/patchwork/openid-register.html
new file mode 100644
index 0000000..98d372e
--- /dev/null
+++ b/templates/patchwork/openid-register.html
@@ -0,0 +1,11 @@
+{% extends "base.html" %}
+
+{% block title %}Register{% endblock %}
+{% block heading %}Register{% endblock %}
+
+{% block body %}
+<h2>No need to register</h2>
+
+<p>This Patchwork instance uses OpenID for authentication, so you can just
+<a href="{{ login_url }}">login</a>.</p>
+{% endblock %}
More information about the Patchwork
mailing list