DBC22-2535 IDIR login for admin/cms #784
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| msg.attach_alternative(html, 'text/html') | ||
| msg.send() | ||
| return HttpResponseRedirect(request.path) | ||
|
|
Check warning
Code scanning / CodeQL
URL redirection from remote source Medium
fatbird
force-pushed
the
feature/DBC22-2535
branch
from
dec203e to
1beba00
Compare
fatbird
force-pushed
the
feature/DBC22-2535
branch
from
1beba00 to
f39cab4
Compare
ray-oxd
reviewed
Jan 16, 2025
| "django.contrib.auth.backends.ModelBackend", | ||
|
|
||
| # `allauth` specific authentication methods, such as login by email | ||
| 'allauth.account.auth_backends.AuthenticationBackend', | ||
| ] | ||
|
|
||
| LOGIN_REDIRECT_URL = FRONTEND_BASE_URL | ||
| LOGIN_URL = 'http://localhost:8000/accounts/oidc/idir/login/?process=login&next=%2Fdrivebc-admin%2F&auth_params=kc_idp_hint=azureidir' | ||
|
|
There was a problem hiding this comment.
This login URL shouldn't be static?
There was a problem hiding this comment.
Good catch. I'll fix.
ray-oxd
reviewed
Jan 16, 2025
| f'{name} requests access to Wagtail admin', | ||
| text, | ||
| 'do_not_reply@gov.bc.ca', | ||
| settings.ACCESS_REQUEST_RECEIVERS, |
There was a problem hiding this comment.
Please replace instances of these FROM emails to env("DRIVEBC_FEEDBACK_EMAIL_DEFAULT")
ray-oxd
reviewed
Jan 24, 2025
| f'{name} requests access to DriveBC admin', | ||
| text, | ||
| 'do_not_reply@gov.bc.ca', | ||
| settings.ACCESS_REQUEST_RECEIVERS, |
There was a problem hiding this comment.
Please replace this instance too
ray-oxd
approved these changes
Jan 24, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes Django admin and Wagtail admin to use Keycloak IDIR auth. Adds functionality to email an access request after authenticating, if further actions are required.
This is disabled by default; enabling it requires adding the following environment variable:
FORCE_IDIR_AUTHENTICATION=TrueDRIVEBC_ACCESS_REQUEST_RECEIVERS=<semicolon separated list of email addresses>Which has been added to all OpenShift environments. To continue using local accounts in local dev, simply don't enable this.