From 182ad3e62fac27c122fa5711d21394452816f407 Mon Sep 17 00:00:00 2001
From: vermaas <vermaas@astron.nl>
Date: Tue, 7 Feb 2023 09:01:11 +0100
Subject: [PATCH] add settings and incoming environment vars for astronauth

---
 README.md                        | 21 +++++++++++++++++++++
 atdb/atdb/settings/base.py       | 12 ++++++++++++
 atdb/atdb/settings/dev.py        |  1 +
 atdb/atdb/settings/docker_sdc.py |  1 +
 4 files changed, 35 insertions(+)

diff --git a/README.md b/README.md
index 58cde129..bf28e69e 100644
--- a/README.md
+++ b/README.md
@@ -110,3 +110,24 @@ This is the procedure for that.
 
   
 
+#### Integrating Astronauth
+
+See the integration instructions in the [astronauth repo](https://git.astron.nl/astron-sdc/astronauth)
+
+After this the following considerations apply:
+
+* Log into the Django admin interface
+* Make sure the Sites contains an entry
+In the Social Accounts section, click add on Social applications and use the following settings
+
+
+Provider => Keycloak
+
+
+Name => Keycloak (could be anything)
+
+Client id => The Client ID configured in your Keycloak Realm.
+
+Secret => The Secret key provided by the Keycloak Realm in the Credentials tab
+
+Sites => Make sure the site is added, otherwise you will run into No providers available errors.
diff --git a/atdb/atdb/settings/base.py b/atdb/atdb/settings/base.py
index 24d55402..34afccd7 100644
--- a/atdb/atdb/settings/base.py
+++ b/atdb/atdb/settings/base.py
@@ -215,6 +215,13 @@ SERVICES_LATE_WARNING_SECONDS = 1800
 # astronauth settings
 SITE_ID = 1
 
+AUTHENTICATION_BACKENDS = [
+    # Needed to login by username in Django admin, regardless of `allauth`
+    "django.contrib.auth.backends.ModelBackend",
+    # `allauth` specific authentication methods, such as login by e-mail
+    "allauth.account.auth_backends.AuthenticationBackend",
+]
+
 SOCIALACCOUNT_PROVIDERS = {
     'keycloak': {
         'KEYCLOAK_URL': 'https://sdc-dev.astron.nl/auth',   # replace by https://keycloak.astron.nl/auth for production
@@ -223,5 +230,10 @@ SOCIALACCOUNT_PROVIDERS = {
     }
 }
 
+try:
+    LOGIN_REDIRECT_URL = os.environ['LOGIN_REDIRECT_URL']
+except:
+    LOGIN_REDIRECT_URL = 'https://sdc-dev.astron.nl:5554/atdb/'
+
 SESSION_COOKIE_NAME = 'my_service_name_session_id'
 CSRF_COOKIE_NAME = 'my_service_csrftoken'
diff --git a/atdb/atdb/settings/dev.py b/atdb/atdb/settings/dev.py
index 9bf71edb..8c9925a1 100644
--- a/atdb/atdb/settings/dev.py
+++ b/atdb/atdb/settings/dev.py
@@ -24,6 +24,7 @@ DATABASES = {
 
 AUTH_PASSWORD_VALIDATORS = []
 
+# astronauth settings
 SOCIALACCOUNT_PROVIDERS = {
     'keycloak': {
         'KEYCLOAK_URL': 'https://sdc-dev.astron.nl/auth',   # replace by https://keycloak.astron.nl/auth for production
diff --git a/atdb/atdb/settings/docker_sdc.py b/atdb/atdb/settings/docker_sdc.py
index 35ce0aae..a4307fa8 100644
--- a/atdb/atdb/settings/docker_sdc.py
+++ b/atdb/atdb/settings/docker_sdc.py
@@ -37,3 +37,4 @@ DATABASES = {
 
 AUTH_PASSWORD_VALIDATORS = []
 
+
-- 
GitLab