From patchwork Tue Apr 19 12:38:38 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Guilherme Salgado X-Patchwork-Id: 91966 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from ozlabs.org (localhost [IPv6:::1]) by ozlabs.org (Postfix) with ESMTP id 99D66B7024 for ; Tue, 19 Apr 2011 22:38:45 +1000 (EST) Received: from adelie.canonical.com (adelie.canonical.com [91.189.90.139]) by ozlabs.org (Postfix) with ESMTP id D4398B7007 for ; Tue, 19 Apr 2011 22:38:43 +1000 (EST) Received: from youngberry.canonical.com ([91.189.89.112]) by adelie.canonical.com with esmtp (Exim 4.71 #1 (Debian)) id 1QCACY-0000HM-2O; Tue, 19 Apr 2011 12:38:42 +0000 Received: from [187.126.166.24] (helo=feioso) by youngberry.canonical.com with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1QCACX-0006Wn-FT; Tue, 19 Apr 2011 12:38:42 +0000 Received: from localhost6.localdomain6 (localhost.localdomain [127.0.0.1]) by feioso (Postfix) with ESMTP id 8EDC3402CB; Tue, 19 Apr 2011 09:38:38 -0300 (BRT) Subject: [PATCH V2] Make it possible, via a config setting, to use OpenID for authentication To: patchwork@lists.ozlabs.org From: Guilherme Salgado Date: Tue, 19 Apr 2011 09:38:38 -0300 Message-ID: <20110419123739.6083.50050.stgit@localhost6.localdomain6> User-Agent: StGit/0.15 MIME-Version: 1.0 Cc: patches@linaro.org X-BeenThere: patchwork@lists.ozlabs.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Patchwork development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: patchwork-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: patchwork-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org The default still is to authenticate against the local user database, though. Signed-off-by: Guilherme Salgado --- This second version leaves the 'register' link untouched but makes it point to a new page when patchwork is configured to use OpenID for authentication. That new page just explains that OpenID is used and ask the user to just login. apps/patchwork/context_processors.py | 12 ++++++++++-- apps/settings.py | 17 ++++++++++++++++- apps/urls.py | 6 ++++++ 3 files changed, 32 insertions(+), 3 deletions(-) diff --git a/apps/patchwork/context_processors.py b/apps/patchwork/context_processors.py index f4ab5a9..e6021e5 100644 --- a/apps/patchwork/context_processors.py +++ b/apps/patchwork/context_processors.py @@ -17,9 +17,10 @@ # along with Patchwork; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +from django.conf import settings +from django.core.urlresolvers import reverse from patchwork.models import Bundle -from patchwork.utils import order_map, get_order def bundle(request): user = request.user @@ -28,5 +29,12 @@ def bundle(request): return {'bundles': Bundle.objects.filter(owner = user)} -def patchlists(request): +def register_url(request): + if settings.LOGIN_URL.startswith('/openid'): + return dict(register_url=reverse('openid_register')) + else: + return dict(register_url=reverse('registration_register')) + +def login_url(request): + return dict(login_url=settings.LOGIN_URL) diff --git a/apps/settings.py b/apps/settings.py index fd234af..bc16909 100644 --- a/apps/settings.py +++ b/apps/settings.py @@ -67,6 +67,18 @@ ROOT_URLCONF = 'apps.urls' LOGIN_URL = '/accounts/login' LOGIN_REDIRECT_URL = '/user/' +# To make your Patchwork instance an OpenID relying party, you need to +# uncomment the lines below in your local_settings.py, and +# - Add 'django_openid_auth' to INSTALLED_APPS; +# - Add 'django_openid_auth.auth.OpenIDBackend' to AUTHENTICATION_BACKENDS; +# - Uncomment the '^openid/' url pattern in apps/urls.py +# OPENID_CREATE_USERS = True +# OPENID_UPDATE_DETAILS_FROM_SREG = True +# LOGIN_URL = '/openid/login/' +# The line below is optional and will cause the given URL to be always used as +# the OpenID provider, so users won't have to enter their identity URL. +# OPENID_SSO_SERVER_URL = 'https://login.launchpad.net/' + # If you change the ROOT_DIR setting in your local_settings.py, you'll need to # re-define the variables that use this (MEDIA_ROOT and TEMPLATE_DIRS) too. ROOT_DIR = '/srv/patchwork' @@ -85,7 +97,10 @@ TEMPLATE_CONTEXT_PROCESSORS = ( "django.core.context_processors.auth", "django.core.context_processors.debug", "django.core.context_processors.i18n", - "django.core.context_processors.media") + "django.core.context_processors.media", + "patchwork.context_processors.login_url", + "patchwork.context_processors.register_url", + ) AUTH_PROFILE_MODULE = "patchwork.userprofile" diff --git a/apps/urls.py b/apps/urls.py index 3894708..48e26ea 100644 --- a/apps/urls.py +++ b/apps/urls.py @@ -22,6 +22,7 @@ import os from django.conf.urls.defaults import * from django.conf import settings from django.contrib import admin +from django.views.generic.simple import direct_to_template from registration.views import register from patchwork.forms import RegistrationForm @@ -40,6 +41,11 @@ urlpatterns = patterns('', name='registration_register'), (r'^accounts/', include('registration.urls')), + # Uncomment the lines below to use OpenID for authentication. + # (r'^openid/', include('django_openid_auth.urls')), + # url(r'^openid/register/$', direct_to_template, + # {'template': 'patchwork/openid-register.html'}, + # name='openid_register'), # Uncomment this for admin: (r'^admin/', include(admin.site.urls)), diff --git a/docs/INSTALL b/docs/INSTALL index ee87e4d..d482a3c 100644 --- a/docs/INSTALL +++ b/docs/INSTALL @@ -92,6 +92,21 @@ in brackets): cd ../python ln -s ../packages/django-registration/registration ./registration + Two other libraries we may use, in case you use OpenID for + authentication, are django-openid-auth and the Python OpenID library. + The former is named python-django-openid-auth in Debian/Ubuntu and the + latter python-openid, but if they're not available in your + distribution, you can follow the steps below to get them: + + cd lib/packages + wget http://launchpad.net/django-openid-auth/trunk/0.3/+download/django-openid-auth-0.3.tar.gz + wget --no-check-certificate https://github.com/openid/python-openid/tarball/2.2.5 -O python-openid-2.2.5.tgz + tar zxvf django-openid-auth-0.3.tar.gz + tar zxvf python-openid-2.2.5.tgz + cd ../python + ln -s ../packages/django-openid-auth-0.3/django_openid_auth ./django_openid_auth + ln -s ../packages/openid-python-openid-b666238/openid ./openid + We also use some Javascript libraries: cd lib/packages @@ -144,9 +159,15 @@ in brackets): Postgresql: psql -f lib/sql/grant-all.postgres.sql patchwork + # If your instance uses OpenID for authentication, you'll also need + # the following line + psql -f lib/sql/grant-openid.postgres.sql patchwork MySQL: mysql patchwork < lib/sql/grant-all.mysql.sql + # If your instance uses OpenID for authentication, you'll also need + # the following line + mysql patchwork < lib/sql/grant-openid.mysql.sql 3. Apache setup diff --git a/lib/sql/grant-openid.mysql.sql b/lib/sql/grant-openid.mysql.sql new file mode 100644 index 0000000..9a7edbf --- /dev/null +++ b/lib/sql/grant-openid.mysql.sql @@ -0,0 +1,7 @@ +BEGIN; +GRANT SELECT, UPDATE, INSERT, DELETE ON django_openid_auth_nonce TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON django_openid_auth_useropenid TO 'www-data'@localhost; +GRANT SELECT, UPDATE, INSERT, DELETE ON django_openid_auth_association TO 'www-data'@localhost; + +COMMIT; + diff --git a/lib/sql/grant-openid.postgres.sql b/lib/sql/grant-openid.postgres.sql new file mode 100644 index 0000000..e854f17 --- /dev/null +++ b/lib/sql/grant-openid.postgres.sql @@ -0,0 +1,15 @@ +BEGIN; +-- give necessary permissions to the web server. Becuase the admin is all +-- web-based, these need to be quite permissive +GRANT SELECT, UPDATE, INSERT, DELETE ON + django_openid_auth_nonce, + django_openid_auth_useropenid, + django_openid_auth_association, +TO "www-data"; +GRANT SELECT, UPDATE ON + django_openid_auth_association_id_seq, + django_openid_auth_nonce_id_seq, + django_openid_auth_useropenid_id_seq, +TO "www-data"; + +COMMIT; diff --git a/templates/base.html b/templates/base.html index e14470e..cc6c19f 100644 --- a/templates/base.html +++ b/templates/base.html @@ -28,9 +28,9 @@ profile :: logout {% else %} - login + login
- register + register {% endif %}
diff --git a/templates/patchwork/openid-register.html b/templates/patchwork/openid-register.html new file mode 100644 index 0000000..98d372e --- /dev/null +++ b/templates/patchwork/openid-register.html @@ -0,0 +1,11 @@ +{% extends "base.html" %} + +{% block title %}Register{% endblock %} +{% block heading %}Register{% endblock %} + +{% block body %} +

No need to register

+ +

This Patchwork instance uses OpenID for authentication, so you can just +login.

+{% endblock %}