setting up sso client authentication integration

uktrade · Nov 14, 2024 · 85e195a · 85e195a
1 parent 905da4b
commit 85e195a
Show file tree

Hide file tree

Showing 6 changed files with 88 additions and 2 deletions.
diff --git a/.env.example b/.env.example
@@ -11,4 +11,12 @@ VITE_DEV=True
 VITE_DEV_SERVER_URL=http://localhost:5173
 
 # Sentry
-SENTRY_DSN=
+SENTRY_DSN=
+
+# authbroker config
+AUTHBROKER_URL=speak-to-webops-team-for-access
+AUTHBROKER_CLIENT_ID=speak-to-webops-team-for-access
+AUTHBROKER_CLIENT_SECRET=speak-to-webops-team-for-access
+AUTHBROKER_STAFF_SSO_SCOPE=any-additional-scope-values
+AUTHBROKER_ANONYMOUS_PATHS=(Tuple/list of paths that should be unprotected)
+AUTHBROKER_ANONYMOUS_URL_NAMES=(list of url names that should be unprotected)
diff --git a/config/settings/base.py b/config/settings/base.py
@@ -18,6 +18,7 @@
 import sentry_sdk
 from dbt_copilot_python.database import database_url_from_env
 from dbt_copilot_python.network import is_copilot, setup_allowed_hosts
+from django.urls import reverse_lazy
 from sentry_sdk.integrations.django import DjangoIntegration
 from sentry_sdk.integrations.redis import RedisIntegration
 
@@ -60,6 +61,7 @@
     "django.contrib.staticfiles",
     "django.contrib.postgres",
     "core.apps.CoreConfig",
+    "authbroker_client",
 ]
 
 MIDDLEWARE: list[str] = [
@@ -70,6 +72,7 @@
     "django.contrib.auth.middleware.AuthenticationMiddleware",
     "django.contrib.messages.middleware.MessageMiddleware",
     "django.middleware.clickjacking.XFrameOptionsMiddleware",
+    "authbroker_client.middleware.ProtectAllViewsMiddleware",
 ]
 
 TEMPLATES: list[dict[str, Any]] = [
@@ -88,6 +91,25 @@
     },
 ]
 
+AUTHENTICATION_BACKENDS = [
+    "django.contrib.auth.backends.ModelBackend",
+    "authbroker_client.backends.AuthbrokerBackend",
+]
+
+
+LOGIN_URL = reverse_lazy("authbroker_client:login")
+LOGIN_REDIRECT_URL = "/"
+
+
+# authbroker config
+AUTHBROKER_URL = env("AUTHBROKER_URL")
+AUTHBROKER_CLIENT_ID = env("AUTHBROKER_CLIENT_ID")
+AUTHBROKER_CLIENT_SECRET = env("AUTHBROKER_CLIENT_SECRET")
+AUTHBROKER_STAFF_SSO_SCOPE = env("AUTHBROKER_STAFF_SSO_SCOPE")
+AUTHBROKER_ANONYMOUS_PATHS = env("AUTHBROKER_ANONYMOUS_PATHS")
+AUTHBROKER_ANONYMOUS_URL_NAMES = env("AUTHBROKER_ANONYMOUS_URL_NAMES")
+
+
 # Sentry
 # https://docs.sentry.io/platforms/python/integrations/django/
 SENTRY_DSN: str = env.str("SENTRY_DSN")

diff --git a/config/urls.py b/config/urls.py
@@ -22,4 +22,5 @@
 urlpatterns = [
     path("", include("core.urls")),
     path("admin/", admin.site.urls),
+    path("auth/", include("authbroker_client.urls")),
 ]
diff --git a/core/views.py b/core/views.py
@@ -1,6 +1,8 @@
+from django.contrib.auth.decorators import login_required
 from django.shortcuts import render
 
 
+@login_required
 def index(request):
     return render(request, "core/base.html")
 

diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -16,6 +16,7 @@ sentry-sdk = "^2.16.0"
 dbt-copilot-python = "^0.2.2"
 dj-database-url = "^2.2.0"
 granian = "^1.6.3"
+django-staff-sso-client = "^4.3.0"
 
 [tool.poetry.group.dev.dependencies]
 black = "^24.10.0"