Initial commit.

Author: LEW21

.gitignore

@@ -0,0 +1,4 @@
+build/
+dist/
+__pycache__/
+*.egg-info/

LICENSE

@@ -0,0 +1 @@
+include LICENSE

MANIFEST.in

@@ -0,0 +1,57 @@
+Django-Auth-GitLab - GitLab authentication support for Django
+=============================================================
+.. image:: https://badge.fury.io/py/django-auth-gitlab.svg
+    :target: https://badge.fury.io/py/django-auth-gitlab
+
+This is a Django login view that authenticates against GitLab.
+
+Use it if you own a single GitLab instance that you want to use as
+a OAuth Authentication Server between multiple apps.
+
+See also django-auth-oidc_.
+
+Requirements
+------------
+
+- Python 3.6+. **Python 2 is not supported, and won’t ever get supported.**
+- Django 1.10+
+
+Installation
+------------
+
+.. code:: python
+
+    pip install django-auth-gitlab
+
+settings.py
+~~~~~~~~~~~
+
+.. code:: python
+
+    INSTALLED_APPS += ['django_auth_gitlab']
+
+urls.py
+~~~~~~~
+
+.. code:: python
+
+    urlpatterns += [
+        url(r'^accounts/login/', include('django_auth_gitlab.urls')),
+    ]
+
+Configuration
+-------------
+
+GitLab
+~~~~~~
+
+App's redirect URI: http(s)://app-domain/accounts/login/callback
+
+App's environment variables
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+* GITLAB_SERVER - Gitlab Server URL - with trailing slash.
+* GITLAB_CLIENT_ID - Client ID received from GitLab
+* GITLAB_CLIENT_SECRET - Client secret received from GitLab
+
+.. _django-auth-oidc: https://github.com/LEW21/django-auth-oidc

README.rst

@@ -0,0 +1,63 @@
+import os
+import requests
+from requests.auth import HTTPBasicAuth
+from urllib.parse import urlencode
+
+class TokenResponse:
+    def __init__(self, data, server=None):
+        self._data = data
+
+        if server:
+            r = requests.get(server.url + "api/v3/user", params=dict(
+                access_token=self.access_token,
+            ))
+            r.raise_for_status()
+            data = r.json()
+            self.id = {
+                "sub": data["username"]
+            }
+
+    @property
+    def access_token(self):
+        return self._data["access_token"]
+
+class AuthorizationServer:
+    def __init__(self, url, client_id, client_secret):
+        self.client_id = client_id
+        self.client_secret = client_secret
+
+        self.url = url
+
+    @property
+    def authorization_endpoint(self):
+        return self.url + "oauth/authorize"
+
+    @property
+    def token_endpoint(self):
+        return self.url + "oauth/token"
+
+    def authorize(self, redirect_uri, state, scope="read_user"):
+        return self.authorization_endpoint + "?" + urlencode(dict(
+            client_id=self.client_id,
+            response_type="code",
+            redirect_uri=redirect_uri,
+            state=state,
+            scope=scope,
+        ))
+
+    def request_token(self, redirect_uri, code):
+        client_auth = HTTPBasicAuth(self.client_id, self.client_secret)
+        r = requests.post(self.token_endpoint, auth=client_auth, data=dict(
+            grant_type="authorization_code",
+            redirect_uri=redirect_uri,
+            code=code,
+        ))
+        r.raise_for_status()
+        return TokenResponse(r.json(), self)
+
+SERVER        = os.getenv("GITLAB_SERVER", "https://gitlab.com/")
+CLIENT_ID     = os.getenv("GITLAB_CLIENT_ID")
+CLIENT_SECRET = os.getenv("GITLAB_CLIENT_SECRET")
+
+if SERVER and CLIENT_ID and CLIENT_SECRET:
+    server = AuthorizationServer(SERVER, CLIENT_ID, CLIENT_SECRET)

django_auth_gitlab/oidc.py

@@ -0,0 +1,8 @@
+from django.conf.urls import url
+from . import views
+
+app_name = 'django_auth_gitlab'
+urlpatterns = [
+    url(r'^$', views.login, name='login'),
+    url(r'^callback/$', views.callback, name='callback'),
+]

django_auth_gitlab/urls.py

@@ -0,0 +1,37 @@
+from django.conf import settings
+from django.contrib import auth
+from django.shortcuts import redirect, resolve_url
+from django.urls import reverse
+from django.utils.http import is_safe_url
+
+from . import oidc
+
+def login(request):
+    return_path = request.GET.get(auth.REDIRECT_FIELD_NAME, "")
+
+    return redirect(oidc.server.authorize(
+        redirect_uri = request.build_absolute_uri(reverse("django_auth_gitlab:callback")),
+        state = return_path,
+    ))
+
+def callback(request):
+    return_path = request.GET.get("state")
+
+    res = oidc.server.request_token(
+        redirect_uri = request.build_absolute_uri(reverse("django_auth_gitlab:callback")),
+        code = request.GET["code"],
+    )
+
+    User = auth.get_user_model()
+    user, created = User.objects.get_or_create(username=res.id["sub"])
+    auth.login(request, user)
+
+    url_is_safe = is_safe_url(
+        url = return_path,
+        host = request.get_host(),
+        #allowed_hosts = set(request.get_host()),
+        #require_https = request.is_secure(),
+    )
+    if not url_is_safe:
+        return redirect(resolve_url(settings.LOGIN_REDIRECT_URL))
+    return redirect(return_path)

django_auth_gitlab/views.py

@@ -0,0 +1,36 @@
+#!/usr/bin/env python3
+
+from setuptools import setup
+
+with open('README.rst') as f:
+	readme = f.read()
+
+setup(
+	name = "django-auth-gitlab",
+	version = "0.1.0",
+	description = "OpenID Connect authentication support for Django",
+	long_description = readme,
+	author = "Linus Lewandowski",
+	author_email = "[email protected]",
+	url = "https://github.com/LEW21/django-auth-gitlab",
+	keywords = "django,auth,oauth,openid,oidc,social,gitlab",
+	license = "LGPLv2+",
+
+    install_requires = ["django>=1.10.0"],
+
+	packages = ["django_auth_gitlab"],
+	package_data = {"": ["LICENSE"]},
+	package_dir = {"django_auth_gitlab": "django_auth_gitlab"},
+	zip_safe = True,
+	classifiers = [
+		'Development Status :: 4 - Beta',
+		'Intended Audience :: System Administrators',
+		'Natural Language :: English',
+		'License :: OSI Approved :: GNU Lesser General Public License v2 or later (LGPLv2+)',
+		'Programming Language :: Python',
+		'Programming Language :: Python :: 3',
+		'Programming Language :: Python :: 3.5',
+		'Programming Language :: Python :: 3.6',
+		'Topic :: System :: Systems Administration :: Authentication/Directory',
+	]
+)