Mitja Nikolaus | 6a67913 | 2018-08-30 14:35:29 +0200 | [diff] [blame] | 1 | """Allauth adapter for authenticating requests using Google OAuth.""" |
| 2 | |
Dirk Vogt | 57a615d | 2017-05-04 22:29:54 +0200 | [diff] [blame] | 3 | from allauth.socialaccount.adapter import DefaultSocialAccountAdapter |
| 4 | from allauth.account.adapter import DefaultAccountAdapter |
Mitja Nikolaus | 6a67913 | 2018-08-30 14:35:29 +0200 | [diff] [blame] | 5 | from allauth.socialaccount.forms import SignupForm |
| 6 | from allauth.socialaccount.models import SocialLogin |
Dirk Vogt | 57a615d | 2017-05-04 22:29:54 +0200 | [diff] [blame] | 7 | from django.core.exceptions import PermissionDenied |
| 8 | from django.contrib.auth.models import Group |
Mitja Nikolaus | 6a67913 | 2018-08-30 14:35:29 +0200 | [diff] [blame] | 9 | from django.http import HttpRequest |
Dirk Vogt | 57a615d | 2017-05-04 22:29:54 +0200 | [diff] [blame] | 10 | |
Mitja Nikolaus | 78e3a05 | 2018-09-05 12:18:35 +0200 | [diff] [blame] | 11 | FP_STAFF_GROUP_NAME = "FairphoneSoftwareTeam" |
| 12 | |
Mitja Nikolaus | cb50f2c | 2018-08-24 13:54:48 +0200 | [diff] [blame] | 13 | |
Dirk Vogt | 57a615d | 2017-05-04 22:29:54 +0200 | [diff] [blame] | 14 | class FairphoneAccountAdapter(DefaultSocialAccountAdapter): |
Mitja Nikolaus | 6a67913 | 2018-08-30 14:35:29 +0200 | [diff] [blame] | 15 | """Account adapter for existing Google accounts.""" |
| 16 | |
Dirk Vogt | 57a615d | 2017-05-04 22:29:54 +0200 | [diff] [blame] | 17 | def is_open_for_signup(self, request, sociallogin): |
Mitja Nikolaus | 6a67913 | 2018-08-30 14:35:29 +0200 | [diff] [blame] | 18 | """Allow signup.""" |
Dirk Vogt | 57a615d | 2017-05-04 22:29:54 +0200 | [diff] [blame] | 19 | return True |
Mitja Nikolaus | cb50f2c | 2018-08-24 13:54:48 +0200 | [diff] [blame] | 20 | |
Mitja Nikolaus | 6a67913 | 2018-08-30 14:35:29 +0200 | [diff] [blame] | 21 | def save_user( |
| 22 | self, |
| 23 | request: HttpRequest, |
| 24 | sociallogin: SocialLogin, |
| 25 | form: SignupForm = None, |
| 26 | ): |
| 27 | """Save a user to the database. |
| 28 | |
| 29 | Additionally add the user to the FairphoneSoftwareTeam group if his |
| 30 | or her account was issued by Fairphone, i.e. ends with "@fairphone.com". |
| 31 | |
| 32 | Args: |
| 33 | request: The HTTP request. |
| 34 | sociallogin: |
| 35 | SocialLogin instance representing a Google user that is in |
| 36 | the process of being logged in. |
| 37 | form: Request form (not used). |
| 38 | |
| 39 | Returns: The newly created user from the local database. |
| 40 | |
| 41 | """ |
Mitja Nikolaus | e7d3c76 | 2018-08-30 17:29:27 +0200 | [diff] [blame] | 42 | user = DefaultSocialAccountAdapter.save_user( |
Mitja Nikolaus | cb50f2c | 2018-08-24 13:54:48 +0200 | [diff] [blame] | 43 | self, request, sociallogin, form=None |
| 44 | ) |
Mitja Nikolaus | e7d3c76 | 2018-08-30 17:29:27 +0200 | [diff] [blame] | 45 | if user.email.split("@")[1] == "fairphone.com": |
Mitja Nikolaus | 78e3a05 | 2018-09-05 12:18:35 +0200 | [diff] [blame] | 46 | group = Group.objects.get(name=FP_STAFF_GROUP_NAME) |
Mitja Nikolaus | e7d3c76 | 2018-08-30 17:29:27 +0200 | [diff] [blame] | 47 | group.user_set.add(user) |
| 48 | return user |
Mitja Nikolaus | cb50f2c | 2018-08-24 13:54:48 +0200 | [diff] [blame] | 49 | |
Mitja Nikolaus | 6a67913 | 2018-08-30 14:35:29 +0200 | [diff] [blame] | 50 | def populate_user( |
| 51 | self, request: HttpRequest, sociallogin: SocialLogin, data: dict |
| 52 | ): |
| 53 | """Populate an already existing user instance. |
| 54 | |
| 55 | The permission is denied if the Google account was not issued by |
| 56 | Fairphone, i.e. does not end with "@fairphone.com". |
| 57 | |
| 58 | Args: |
| 59 | request: The HTTP request. |
| 60 | sociallogin: |
| 61 | SocialLogin instance representing a Google user that is in |
| 62 | the process of being logged in. |
| 63 | data: Common user data fields. |
| 64 | |
| 65 | Returns: The user from the database. |
| 66 | |
| 67 | """ |
Mitja Nikolaus | e7d3c76 | 2018-08-30 17:29:27 +0200 | [diff] [blame] | 68 | user = DefaultSocialAccountAdapter.populate_user( |
Mitja Nikolaus | cb50f2c | 2018-08-24 13:54:48 +0200 | [diff] [blame] | 69 | self, request, sociallogin, data |
| 70 | ) |
Mitja Nikolaus | e7d3c76 | 2018-08-30 17:29:27 +0200 | [diff] [blame] | 71 | if not user.email.split("@")[1] == "fairphone.com": |
Mitja Nikolaus | cb50f2c | 2018-08-24 13:54:48 +0200 | [diff] [blame] | 72 | raise PermissionDenied() |
Mitja Nikolaus | e7d3c76 | 2018-08-30 17:29:27 +0200 | [diff] [blame] | 73 | return user |
Dirk Vogt | 57a615d | 2017-05-04 22:29:54 +0200 | [diff] [blame] | 74 | |
Mitja Nikolaus | cb50f2c | 2018-08-24 13:54:48 +0200 | [diff] [blame] | 75 | |
Dirk Vogt | 57a615d | 2017-05-04 22:29:54 +0200 | [diff] [blame] | 76 | class FormAccountAdapter(DefaultAccountAdapter): |
Mitja Nikolaus | 6a67913 | 2018-08-30 14:35:29 +0200 | [diff] [blame] | 77 | """Account adapter for signing up using a form. |
| 78 | |
| 79 | Signup is not allowed using Hiccup, only existing Fairphone Google accounts |
| 80 | can be used. |
| 81 | """ |
| 82 | |
Dirk Vogt | 57a615d | 2017-05-04 22:29:54 +0200 | [diff] [blame] | 83 | def is_open_for_signup(self, request): |
Mitja Nikolaus | 6a67913 | 2018-08-30 14:35:29 +0200 | [diff] [blame] | 84 | """Do not allow signup.""" |
Dirk Vogt | 57a615d | 2017-05-04 22:29:54 +0200 | [diff] [blame] | 85 | return False |