Admin oauth: Option to create admin user in case it does not exist

matthiask / django-authlib

Utilities for passwordless authentication (using magic links, Google, Facebook and Twitter OAuth currently)

https://django-authlib.readthedocs.io/

MIT License

61 stars 11 forks source link

Admin oauth: Option to create admin user in case it does not exist #13

Closed imartinezcs closed 1 year ago

imartinezcs commented 1 year ago

Add the option to create an admin user in case if it doesn't exist, as long as the email domain matches the configured one.

A new setting field (boolean) would be used for this: ADMIN_OAUTH_CREATE_USER_IF_MISSING.

This feature would be so usable in case you (or your development team/company) mantain several websites and want to grant admin access to everybody within that group without creating each user in each website.

imartinezcs commented 1 year ago

Hi Matthias, thank you for your advices. I've updated the repository taking into account your suggestions. Here are the main changes:

New ADMIN_OAUTH_CREATE_USER_CALLBACK setting: it defines the user creation method path. Default value is authlib.admin_oauth.views.create_admin_user
Related to this, I added the default method create_admin_user, which creates a user with staff role but no more permissions. It also checks if a inactive user with that email exists before creating it.
New tests added in order to verify proper responses for different cases:
- Create user if not existing
- Do not create user if exists in database and is not active
- Response proper message if provided user creation method is None
- Response proper message if provided method path cannot be imported

imartinezcs commented 1 year ago

Sorry, I closed the PR by mistake.

imartinezcs commented 1 year ago

Hi Matthias, could you take a look in the proposed changes? Thank you in advance.

matthiask commented 1 year ago

Thank you! I have applied a few changes and will push out a release shortly:

I only use a single setting now.
The code errors out if the callback cannot be imported instead of showing error messages to users. I don't like server crashes too much but I think they are better than the alternative of showing users errors they cannot do anything about.

imartinezcs commented 1 year ago

Thank you!

imartinezcs commented 1 year ago

Hi @matthiask I have installed the 0.15.0 version, but now I don't see the "Log in with Google" button in the admin login page. I've checked that v0.14.0 works properly with same settings. Could you take a look on that please?

matthiask commented 1 year ago

Thanks! That sucks. I released 0.15.1 which fixes this issue. I thought hatch would require less handholding by way of its VCS support, but it seems that this isn't the case. [tool.hatch.build] include=["authlib/"] should have fixed it.