From 4a8ec631c3594b9c96134529ea9ddff653438633 Mon Sep 17 00:00:00 2001 From: mdoglio Date: Tue, 13 Aug 2013 16:06:00 +0100 Subject: [PATCH] add persona authentication service --- requirements/pure.txt | 1 + treeherder/settings/base.py | 30 ++++++++- treeherder/settings/local.sample.py | 5 ++ treeherder/webapp/templates/admin/login.html | 64 ++++++++++++++++++++ treeherder/webapp/urls.py | 5 ++ 5 files changed, 104 insertions(+), 1 deletion(-) create mode 100644 treeherder/webapp/templates/admin/login.html diff --git a/requirements/pure.txt b/requirements/pure.txt index 5ee8024a2..43f97f1d2 100644 --- a/requirements/pure.txt +++ b/requirements/pure.txt @@ -4,5 +4,6 @@ python-memcached==1.48 mozillapulse==0.61 djangorestframework==2.3.5 django-cors-headers==0.11 +django-browserid==0.8 git+git://github.com/jeads/datasource@143ac08d11 diff --git a/treeherder/settings/base.py b/treeherder/settings/base.py index 74b0a953d..dd4eff894 100644 --- a/treeherder/settings/base.py +++ b/treeherder/settings/base.py @@ -60,6 +60,11 @@ TEMPLATE_DIRS = [ path("webapp", "templates") ] +TEMPLATE_CONTEXT_PROCESSORS = ( + 'django.contrib.auth.context_processors.auth', + 'django_browserid.context_processors.browserid' +) + MIDDLEWARE_CLASSES = [ 'django.middleware.common.CommonMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', @@ -71,6 +76,25 @@ MIDDLEWARE_CLASSES = [ # 'django.middleware.clickjacking.XFrameOptionsMiddleware', ] +AUTHENTICATION_BACKENDS = ( + 'django_browserid.auth.BrowserIDBackend', + 'django.contrib.auth.backends.ModelBackend' +) + +# this tells browserid to not create users. +# a user must be created first in the admin +# and then can be recognized with persona login +BROWSERID_CREATE_USER = False + +# Path to redirect to on successful login. +LOGIN_REDIRECT_URL = '/' + +# Path to redirect to on unsuccessful login attempt. +LOGIN_REDIRECT_URL_FAILURE = '/' + +# Path to redirect to on logout. +LOGOUT_REDIRECT_URL = '/' + INSTALLED_APPS = [ 'django.contrib.auth', 'django.contrib.contenttypes', @@ -85,6 +109,7 @@ INSTALLED_APPS = [ 'south', 'rest_framework', 'corsheaders', + 'django_browserid', # treeherder apps 'treeherder.model', 'treeherder.webapp', @@ -148,7 +173,7 @@ REST_FRAMEWORK = { ) } -API_HOSTNAME = "http://localhost" +SITE_URL = "http://local.treeherder.mozilla.org" # this setting allows requests from any host CORS_ORIGIN_ALLOW_ALL = True @@ -193,3 +218,6 @@ BROKER_URL = 'amqp://{0}:{1}@{2}:{3}/{4}'.format( RABBITMQ_PORT, RABBITMQ_VHOST ) + +API_HOSTNAME = SITE_URL +ALLOWED_HOSTS = [SITE_URL] diff --git a/treeherder/settings/local.sample.py b/treeherder/settings/local.sample.py index 900d04e5d..ec966a362 100644 --- a/treeherder/settings/local.sample.py +++ b/treeherder/settings/local.sample.py @@ -21,3 +21,8 @@ SECRET_KEY = os.environ.get("TREEHERDER_DJANGO_SECRET_KEY", "") # Make this unique so that if you execute the tests against a shared database, # you don't conflict with other people running the tests simultaneously. TEST_DB_PREFIX = "" + +SITE_URL = "http://dev.treeherder.mozilla.org" + +TREEHERDER_RO_DATABASE_USER = os.environ.get("TREEHERDER_RO_DATABASE_USER", "TREEHERDER_DATABASE_USER") +TREEHERDER_RO_DATABASE_PASSWORD = os.environ.get("TREEHERDER_RO_DATABASE_PASSWORD", "TREEHERDER_DATABASE_PASSWORD") diff --git a/treeherder/webapp/templates/admin/login.html b/treeherder/webapp/templates/admin/login.html new file mode 100644 index 000000000..914fefec3 --- /dev/null +++ b/treeherder/webapp/templates/admin/login.html @@ -0,0 +1,64 @@ +{% extends "admin/base_site.html" %} +{% load browserid %} +{% load i18n admin_static %} +{% load url from future %} + +{% block extrastyle %}{{ block.super }}{% endblock %} + +{% block extrahead %}{{ block.super }}{% browserid_info %}{% endblock %} + +{% block bodyclass %}login{% endblock %} + +{% block nav-global %}{% endblock %} + +{% block content_title %}{% endblock %} + +{% block breadcrumbs %}{% endblock %} + +{% block content %} +{% if form.errors and not form.non_field_errors and not form.this_is_the_login_form.errors %} +

+{% blocktrans count counter=form.errors.items|length %}Please correct the error below.{% plural %}Please correct the errors below.{% endblocktrans %} +

+{% endif %} + +{% if form.non_field_errors or form.this_is_the_login_form.errors %} +{% for error in form.non_field_errors|add:form.this_is_the_login_form.errors %} +

+ {{ error }} +

+{% endfor %} +{% endif %} + +
+
{% csrf_token %} +
+ {% if not form.this_is_the_login_form.errors %}{{ form.username.errors }}{% endif %} + {{ form.username }} +
+
+ {% if not form.this_is_the_login_form.errors %}{{ form.password.errors }}{% endif %} + {{ form.password }} + + +
+ {% url 'admin_password_reset' as password_reset_url %} + {% if password_reset_url %} + + {% endif %} +
+ +
+

or

+

{% browserid_login text='login with Persona' %}

+
+ + + + {% browserid_js %} +
+{% endblock %} diff --git a/treeherder/webapp/urls.py b/treeherder/webapp/urls.py index 01be09a1f..2220654e7 100644 --- a/treeherder/webapp/urls.py +++ b/treeherder/webapp/urls.py @@ -1,10 +1,15 @@ from django.conf.urls import patterns, include, url +from django.views.generic import TemplateView, RedirectView from django.contrib import admin + from .api import urls as api_urls admin.autodiscover() urlpatterns = patterns('', url(r'^api/', include(api_urls)), + url(r'^browserid/', include('django_browserid.urls')), url(r'^admin/', include(admin.site.urls)), + # by default redirect all request on / to /admin/ + url(r'^$', RedirectView.as_view(url='/admin/')) )