diff --git a/cypress/e2e/add-forge-now-requests-moderation.cy.js b/cypress/e2e/add-forge-now-requests-moderation.cy.js --- a/cypress/e2e/add-forge-now-requests-moderation.cy.js +++ b/cypress/e2e/add-forge-now-requests-moderation.cy.js @@ -5,7 +5,7 @@ * See top-level LICENSE file for more information */ -const defaultRedirect = '/admin/login/'; +const defaultRedirect = '/login/'; let addForgeModerationUrl; let listAddForgeRequestsUrl; diff --git a/cypress/e2e/admin.cy.js b/cypress/e2e/admin.cy.js --- a/cypress/e2e/admin.cy.js +++ b/cypress/e2e/admin.cy.js @@ -7,7 +7,7 @@ const $ = Cypress.$; -const defaultRedirect = '/admin/origin/save/requests/'; +const defaultRedirect = '/'; let url; @@ -18,7 +18,7 @@ describe('Test Admin Login/logout', function() { before(function() { - url = this.Urls.admin(); + url = this.Urls.login(); }); it('should redirect to default page', function() { @@ -78,10 +78,10 @@ it('should prevent unauthorized access after logout', function() { cy.visit(this.Urls.admin_origin_save_requests()) .location('pathname') - .should('be.equal', '/admin/login/'); + .should('be.equal', '/login/'); cy.visit(this.Urls.admin_deposit()) .location('pathname') - .should('be.equal', '/admin/login/'); + .should('be.equal', '/login/'); }); it('should redirect to correct page after login', function() { diff --git a/cypress/support/e2e.js b/cypress/support/e2e.js --- a/cypress/support/e2e.js +++ b/cypress/support/e2e.js @@ -19,7 +19,7 @@ }); function loginUser(username, password) { - const url = '/admin/login/'; + const url = '/login/'; return cy.request({ url: url, method: 'GET' diff --git a/swh/web/admin/urls.py b/swh/web/admin/urls.py --- a/swh/web/admin/urls.py +++ b/swh/web/admin/urls.py @@ -3,7 +3,7 @@ # License: GNU Affero General Public License version 3, or any later version # See top-level LICENSE file for more information -from django.contrib.auth.views import LoginView + from django.shortcuts import redirect from django.urls import re_path as url @@ -17,7 +17,6 @@ urlpatterns = [ url(r"^$", _admin_default_view, name="admin"), - url(r"^login/$", LoginView.as_view(template_name="login.html"), name="login"), ] urlpatterns += AdminUrls.get_url_patterns() diff --git a/swh/web/templates/login.html b/swh/web/auth/templates/login.html rename from swh/web/templates/login.html rename to swh/web/auth/templates/login.html diff --git a/swh/web/templates/logout.html b/swh/web/auth/templates/logout.html rename from swh/web/templates/logout.html rename to swh/web/auth/templates/logout.html diff --git a/swh/web/templates/auth/profile.html b/swh/web/auth/templates/profile.html rename from swh/web/templates/auth/profile.html rename to swh/web/auth/templates/profile.html diff --git a/swh/web/auth/urls.py b/swh/web/auth/urls.py new file mode 100644 --- /dev/null +++ b/swh/web/auth/urls.py @@ -0,0 +1,52 @@ +# Copyright (C) 2022 The Software Heritage developers +# See the AUTHORS file at the top-level directory of this distribution +# License: GNU Affero General Public License version 3, or any later version +# See top-level LICENSE file for more information + +from django.contrib.auth.views import LoginView, LogoutView +from django.urls import re_path as url + +from swh.auth.django.views import urlpatterns as auth_urlpatterns +from swh.web.auth.views import ( + oidc_generate_bearer_token, + oidc_generate_bearer_token_complete, + oidc_get_bearer_token, + oidc_list_bearer_tokens, + oidc_profile_view, + oidc_revoke_bearer_tokens, +) + +urlpatterns = auth_urlpatterns + [ + url( + r"^oidc/generate-bearer-token/$", + oidc_generate_bearer_token, + name="oidc-generate-bearer-token", + ), + url( + r"^oidc/generate-bearer-token-complete/$", + oidc_generate_bearer_token_complete, + name="oidc-generate-bearer-token-complete", + ), + url( + r"^oidc/list-bearer-token/$", + oidc_list_bearer_tokens, + name="oidc-list-bearer-tokens", + ), + url( + r"^oidc/get-bearer-token/$", + oidc_get_bearer_token, + name="oidc-get-bearer-token", + ), + url( + r"^oidc/revoke-bearer-tokens/$", + oidc_revoke_bearer_tokens, + name="oidc-revoke-bearer-tokens", + ), + url( + r"^oidc/profile/$", + oidc_profile_view, + name="oidc-profile", + ), + url(r"^login/$", LoginView.as_view(template_name="login.html"), name="login"), + url(r"^logout/$", LogoutView.as_view(template_name="logout.html"), name="logout"), +] diff --git a/swh/web/auth/views.py b/swh/web/auth/views.py --- a/swh/web/auth/views.py +++ b/swh/web/auth/views.py @@ -19,13 +19,11 @@ JsonResponse, ) from django.shortcuts import render -from django.urls import re_path as url from django.views.decorators.http import require_http_methods from swh.auth.django.models import OIDCUser from swh.auth.django.utils import keycloak_oidc_client from swh.auth.django.views import get_oidc_login_data, oidc_login_view -from swh.auth.django.views import urlpatterns as auth_urlpatterns from swh.auth.keycloak import KeycloakError, keycloak_error_message from swh.web.auth.models import OIDCUserOfflineTokens from swh.web.auth.utils import decrypt_data, encrypt_data @@ -153,39 +151,5 @@ @login_required(login_url="/oidc/login/", redirect_field_name="next_path") -def _oidc_profile_view(request: HttpRequest) -> HttpResponse: - return render(request, "auth/profile.html") - - -urlpatterns = auth_urlpatterns + [ - url( - r"^oidc/generate-bearer-token/$", - oidc_generate_bearer_token, - name="oidc-generate-bearer-token", - ), - url( - r"^oidc/generate-bearer-token-complete/$", - oidc_generate_bearer_token_complete, - name="oidc-generate-bearer-token-complete", - ), - url( - r"^oidc/list-bearer-token/$", - oidc_list_bearer_tokens, - name="oidc-list-bearer-tokens", - ), - url( - r"^oidc/get-bearer-token/$", - oidc_get_bearer_token, - name="oidc-get-bearer-token", - ), - url( - r"^oidc/revoke-bearer-tokens/$", - oidc_revoke_bearer_tokens, - name="oidc-revoke-bearer-tokens", - ), - url( - r"^oidc/profile/$", - _oidc_profile_view, - name="oidc-profile", - ), -] +def oidc_profile_view(request: HttpRequest) -> HttpResponse: + return render(request, "profile.html") diff --git a/swh/web/settings/common.py b/swh/web/settings/common.py --- a/swh/web/settings/common.py +++ b/swh/web/settings/common.py @@ -322,8 +322,8 @@ } } -LOGIN_URL = "/admin/login/" -LOGIN_REDIRECT_URL = "admin" +LOGIN_URL = "/login/" +LOGIN_REDIRECT_URL = "swh-web-homepage" SESSION_ENGINE = "django.contrib.sessions.backends.cache" diff --git a/swh/web/tests/auth/test_views.py b/swh/web/tests/auth/test_views.py --- a/swh/web/tests/auth/test_views.py +++ b/swh/web/tests/auth/test_views.py @@ -297,7 +297,7 @@ keycloak_oidc.client_permissions = client_permissions client.login(code="", code_verifier="", redirect_uri="") resp = check_html_get_response( - client, url, status_code=200, template_used="auth/profile.html" + client, url, status_code=200, template_used="profile.html" ) user = resp.wsgi_request.user kc_account_url = ( diff --git a/swh/web/urls.py b/swh/web/urls.py --- a/swh/web/urls.py +++ b/swh/web/urls.py @@ -9,7 +9,6 @@ from django.conf import settings from django.conf.urls import handler400, handler403, handler404, handler500, include -from django.contrib.auth.views import LogoutView from django.contrib.staticfiles.views import serve from django.shortcuts import render from django.urls import re_path as url @@ -53,8 +52,6 @@ name="browse-swhid", ), url(r"^", include("swh.web.misc.urls")), - url(r"^", include("swh.web.auth.views")), - url(r"^logout/$", LogoutView.as_view(template_name="logout.html"), name="logout"), ] # Register URLs for each SWH Django application