Merge pull request #73 from forza-mor-rotterdam/custom-user-model

custom user model

app/apps/authenticatie/admin.py

@@ -0,0 +1,35 @@
+from apps.authenticatie.models import Gebruiker
+from django.contrib import admin
+from django.contrib.auth.admin import UserAdmin
+
+
+class GebruikerAdmin(UserAdmin):
+    model = Gebruiker
+    list_display = (
+        "email",
+        "is_staff",
+        "is_active",
+    )
+    list_filter = (
+        "email",
+        "is_staff",
+        "is_active",
+    )
+    fieldsets = (
+        (None, {"fields": ("email", "password")}),
+        ("Permissions", {"fields": ("is_staff", "is_active")}),
+    )
+    add_fieldsets = (
+        (
+            None,
+            {
+                "classes": ("wide",),
+                "fields": ("email", "password1", "password2", "is_staff", "is_active"),
+            },
+        ),
+    )
+    search_fields = ("email",)
+    ordering = ("email",)
+
+
+admin.site.register(Gebruiker, GebruikerAdmin)

app/apps/authenticatie/apps.py

@@ -0,0 +1,6 @@
+from django.apps import AppConfig
+
+
+class AuthenticatieConfig(AppConfig):
+    name = "apps.authenticatie"
+    verbose_name = "Authenticatie"

app/apps/authenticatie/auth.py

@@ -3,7 +3,8 @@
 
 class OIDCAuthenticationBackend(auth.OIDCAuthenticationBackend):
     def create_user(self, claims):
-        user = super(OIDCAuthenticationBackend, self).create_user(claims)
+        email = claims.get("email")
+        user = self.UserModel.objects.create_user(email=email)
 
         user.first_name = claims.get("given_name", "")
         user.last_name = claims.get("family_name", "")

app/apps/authenticatie/managers.py

@@ -0,0 +1,44 @@
+from django.contrib.auth.base_user import BaseUserManager
+from django.contrib.auth.hashers import make_password
+from django.utils.translation import ugettext_lazy as _
+
+
+class GebruikerManager(BaseUserManager):
+    """
+    Gebruiker model manager where email is the unique identifiers
+    for authentication instead of usernames.
+    """
+
+    def _create_user(self, email, password, **extra_fields):
+        """
+        Create and save a user with the given username, email, and password.
+        """
+        if not email:
+            raise ValueError("The given email must be set")
+        email = self.normalize_email(email)
+        user = self.model(email=email, **extra_fields)
+        user.password = make_password(password)
+        user.save(using=self._db)
+        return user
+
+    def create_user(self, email, password=None, **extra_fields):
+        """
+        Create and save a User with the given email and password.
+        """
+        extra_fields.setdefault("is_staff", False)
+        extra_fields.setdefault("is_superuser", False)
+        return self._create_user(email, password, **extra_fields)
+
+    def create_superuser(self, email, password=None, **extra_fields):
+        """
+        Create and save a SuperUser with the given email and password.
+        """
+        extra_fields.setdefault("is_staff", True)
+        extra_fields.setdefault("is_superuser", True)
+        extra_fields.setdefault("is_active", True)
+
+        if extra_fields.get("is_staff") is not True:
+            raise ValueError(_("Superuser must have is_staff=True."))
+        if extra_fields.get("is_superuser") is not True:
+            raise ValueError(_("Superuser must have is_superuser=True."))
+        return self._create_user(email, password, **extra_fields)

app/apps/authenticatie/migrations/0001_initial.py

@@ -0,0 +1,107 @@
+# Generated by Django 3.2.16 on 2023-06-29 08:17
+
+import django.utils.timezone
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        ("auth", "0012_alter_user_first_name_max_length"),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="Gebruiker",
+            fields=[
+                (
+                    "id",
+                    models.AutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="ID",
+                    ),
+                ),
+                ("password", models.CharField(max_length=128, verbose_name="password")),
+                (
+                    "last_login",
+                    models.DateTimeField(
+                        blank=True, null=True, verbose_name="last login"
+                    ),
+                ),
+                (
+                    "is_superuser",
+                    models.BooleanField(
+                        default=False,
+                        help_text="Designates that this user has all permissions without explicitly assigning them.",
+                        verbose_name="superuser status",
+                    ),
+                ),
+                (
+                    "first_name",
+                    models.CharField(
+                        blank=True, max_length=150, verbose_name="first name"
+                    ),
+                ),
+                (
+                    "last_name",
+                    models.CharField(
+                        blank=True, max_length=150, verbose_name="last name"
+                    ),
+                ),
+                (
+                    "is_staff",
+                    models.BooleanField(
+                        default=False,
+                        help_text="Designates whether the user can log into this admin site.",
+                        verbose_name="staff status",
+                    ),
+                ),
+                (
+                    "is_active",
+                    models.BooleanField(
+                        default=True,
+                        help_text="Designates whether this user should be treated as active. Unselect this instead of deleting accounts.",
+                        verbose_name="active",
+                    ),
+                ),
+                (
+                    "date_joined",
+                    models.DateTimeField(
+                        default=django.utils.timezone.now, verbose_name="date joined"
+                    ),
+                ),
+                ("email", models.EmailField(max_length=254, unique=True)),
+                (
+                    "groups",
+                    models.ManyToManyField(
+                        blank=True,
+                        help_text="The groups this user belongs to. A user will get all permissions granted to each of their groups.",
+                        related_name="user_set",
+                        related_query_name="user",
+                        to="auth.Group",
+                        verbose_name="groups",
+                    ),
+                ),
+                (
+                    "user_permissions",
+                    models.ManyToManyField(
+                        blank=True,
+                        help_text="Specific permissions for this user.",
+                        related_name="user_set",
+                        related_query_name="user",
+                        to="auth.Permission",
+                        verbose_name="user permissions",
+                    ),
+                ),
+            ],
+            options={
+                "verbose_name": "user",
+                "verbose_name_plural": "users",
+                "abstract": False,
+            },
+        ),
+    ]

app/apps/authenticatie/models.py

@@ -0,0 +1,16 @@
+from apps.authenticatie.managers import GebruikerManager
+from django.contrib.auth.models import AbstractUser
+from django.contrib.gis.db import models
+
+
+class Gebruiker(AbstractUser):
+    username = None
+    email = models.EmailField(unique=True)
+
+    USERNAME_FIELD = "email"
+    REQUIRED_FIELDS = []
+
+    objects = GebruikerManager()
+
+    def __str__(self):
+        return self.email

app/apps/authenticatie/views.py

@@ -10,7 +10,9 @@
 def provider_logout(request):
     logout_url = settings.OIDC_OP_LOGOUT_ENDPOINT
     oidc_id_token = request.session.get("oidc_id_token", None)
-    redirect_url = request.build_absolute_uri(location=settings.LOGOUT_REDIRECT_URL)
+    redirect_url = request.build_absolute_uri(
+        location=request.GET.get("next", settings.LOGOUT_REDIRECT_URL)
+    )
     if oidc_id_token:
         logout_url = (
             settings.OIDC_OP_LOGOUT_ENDPOINT

app/apps/regie/views.py

@@ -389,34 +389,3 @@ def meldingen_bestand(request):
         status=response.status_code,
         reason=response.reason,
     )
-
-
-def gebruiker_informatie(request):
-    return render(
-        request,
-        "auth/gebruiker_informatie.html",
-    )
-
-
-@login_required
-def login_verplicht(request):
-    return render(
-        request,
-        "auth/login_verplicht.html",
-    )
-
-
-def login_mislukt(request):
-    return render(
-        request,
-        "auth/login_mislukt.html",
-    )
-
-
-def sso_logout(request):
-    print("sso_logout")
-    print(request)
-    return render(
-        request,
-        "auth/login_mislukt.html",
-    )

app/config/settings.py

@@ -134,6 +134,8 @@
     if ENVIRONMENT == "test"
     else {}
 )
+DEFAULT_AUTO_FIELD = "django.db.models.AutoField"
+AUTH_USER_MODEL = "authenticatie.Gebruiker"
 
 SITE_ID = 1
 SITE_NAME = os.getenv("SITE_NAME", "Regie")