From f357997f07424e2e15cee4d4183624d132a29823 Mon Sep 17 00:00:00 2001
From: Thomas Waldmann <tw@waldmann-edv.de>
Date: Sat, 2 Nov 2013 05:15:06 +0100
Subject: [PATCH] add python-social-auth for twitter, github, google

still incomplete, only login view
---
 .../templates/registration/login.html         |   8 ++
 nsupdate/settings.py                          | 115 ++++++++++++++++++
 nsupdate/urls.py                              |   1 +
 requirements.d/all.txt                        |   1 +
 setup.py                                      |   1 +
 5 files changed, 126 insertions(+)

diff --git a/nsupdate/accounts/templates/registration/login.html b/nsupdate/accounts/templates/registration/login.html
index 56fea7c..5a8798f 100644
--- a/nsupdate/accounts/templates/registration/login.html
+++ b/nsupdate/accounts/templates/registration/login.html
@@ -17,6 +17,14 @@
     <button type="submit" class="btn btn-primary">login</button>
     <input type="hidden" name="next" value="{{ next }}" />
     </form>
+    <div>
+        Login with:
+        <ul>
+            <li><a href="{% url 'social:begin' 'github' %}">GitHub</a></li>
+            <li><a href="{% url 'social:begin' 'google-oauth2' %}">Google</a></li>
+            <li><a href="{% url 'social:begin' 'twitter' %}">Twitter</a></li>
+        </ul>
+    </div>
   </div>
 </div>
 
diff --git a/nsupdate/settings.py b/nsupdate/settings.py
index d594934..3ebd167 100644
--- a/nsupdate/settings.py
+++ b/nsupdate/settings.py
@@ -127,6 +127,8 @@ TEMPLATE_CONTEXT_PROCESSORS = DEFAULT_SETTINGS.TEMPLATE_CONTEXT_PROCESSORS + (
     'django.core.context_processors.request',
     'nsupdate.context_processors.add_settings',
     'nsupdate.context_processors.remove_stale_ips',
+    'social.apps.django_app.context_processors.backends',
+    'social.apps.django_app.context_processors.login_redirect',
 )
 
 ROOT_URLCONF = 'nsupdate.urls'
@@ -148,6 +150,7 @@ INSTALLED_APPS = (
     'django.contrib.messages',
     'django.contrib.staticfiles',
     'django.contrib.admin',
+    'social.apps.django_app.default',
     'south',
     'nsupdate',
     'nsupdate.accounts',
@@ -231,6 +234,118 @@ SESSION_COOKIE_AGE = 14 * 24 * 3600  # 2 weeks, in seconds
 SESSION_EXPIRE_AT_BROWSER_CLOSE = False
 
 
+# python-social-auth settings
+
+AUTHENTICATION_BACKENDS = (
+    'social.backends.github.GithubOAuth2',
+    'social.backends.google.GoogleOAuth2',
+    'social.backends.twitter.TwitterOAuth',
+    'django.contrib.auth.backends.ModelBackend',
+)
+
+SOCIAL_AUTH_LOGIN_REDIRECT_URL = '/logged-in/'
+#    Used to redirect the user once the auth process ended successfully.
+#    The value of ?next=/foo is used if it was present
+
+SOCIAL_AUTH_LOGIN_ERROR_URL = '/login-error/'
+#    URL where the user will be redirected in case of an error
+
+SOCIAL_AUTH_LOGIN_URL = '/login-url/'
+#    Is used as a fallback for LOGIN_ERROR_URL
+
+SOCIAL_AUTH_NEW_USER_REDIRECT_URL = '/new-users-redirect-url/'
+#    Used to redirect new registered users, will be used in place of SOCIAL_AUTH_LOGIN_REDIRECT_URL if defined.
+
+SOCIAL_AUTH_NEW_ASSOCIATION_REDIRECT_URL = '/new-association-redirect-url/'
+#    Like SOCIAL_AUTH_NEW_USER_REDIRECT_URL but for new associated accounts (user is already logged in). Used in place of
+#    SOCIAL_AUTH_LOGIN_REDIRECT_URL
+
+SOCIAL_AUTH_DISCONNECT_REDIRECT_URL = '/account-disconnected-redirect-url/'
+#    The user will be redirected to this URL when a social account is disconnected
+
+SOCIAL_AUTH_INACTIVE_USER_URL = '/inactive-user/'
+#    Inactive users can be redirected to this URL when trying to authenticate.
+
+#SOCIAL_AUTH_USER_MODEL = 'foo.bar.User'
+#    User model must have a username and email field, these are required.
+#    Also an is_authenticated and is_active boolean flags are recommended, these can be methods if necessary (must
+#    return True or False). If the model lacks them a True value is assumed.
+
+#SOCIAL_AUTH_UID_LENGTH = <int>
+#    Used to define the max length of the field uid. A value of 223 should work when using MySQL InnoDB which impose
+#    a 767 bytes limit (assuming UTF-8 encoding).
+
+#SOCIAL_AUTH_NONCE_SERVER_URL_LENGTH = <int>
+#    Nonce model has a unique constraint over ('server_url', 'timestamp', 'salt'), salt has a max length of 40, so
+#    server_url length must be tweaked using this setting.
+
+#SOCIAL_AUTH_ASSOCIATION_SERVER_URL_LENGTH = <int> or SOCIAL_AUTH_ASSOCIATION_HANDLE_LENGTH = <int>
+#    Association model has a unique constraint over ('server_url', 'handle'), both fields lengths can be tweaked by
+#    these settings.
+
+SOCIAL_AUTH_DEFAULT_USERNAME = 'user'
+#    Default value to use as username, can be a callable. An UUID will be appended in case of duplicate entries.
+
+SOCIAL_AUTH_UUID_LENGTH = 16
+#    This controls the length of the UUID appended to usernames.
+
+SOCIAL_AUTH_USERNAME_IS_FULL_EMAIL = True
+#    If you want to use the full email address as the username, define this setting.
+
+#SOCIAL_AUTH_SLUGIFY_USERNAMES = False
+#    For those that prefer slugged usernames, the get_username pipeline can apply a slug transformation (code borrowed
+#    from Django project) by defining this setting to True. The feature is disabled by default to to not force this
+#    option to all projects.
+
+#SOCIAL_AUTH_CLEAN_USERNAMES = True
+#    By default the regex r'[^\w.@+-_]+' is applied over usernames to clean them from usual undesired characters like
+#    spaces. Set this setting to False to disable this behavior.
+
+#SOCIAL_AUTH_SANITIZE_REDIRECTS = False
+#    The auth process finishes with a redirect, by default it's done to the value of SOCIAL_AUTH_LOGIN_REDIRECT_URL
+#    but can be overridden with next GET argument. If this settings is True, this application will verify the domain of
+#    the final URL and only redirect to it if it's on the same domain.
+
+#SOCIAL_AUTH_REDIRECT_IS_HTTPS = False
+#    On projects behind a reverse proxy that uses HTTPS, the redirect URIs can became with the wrong schema
+#    (http:// instead of https://) when the request lacks some headers, and might cause errors with the auth process,
+#    to force HTTPS in the final URIs set this setting to True
+
+#SOCIAL_AUTH_URLOPEN_TIMEOUT = 30
+#    Any urllib2.urlopen call will be performed with the default timeout value, to change it without affecting the
+#    global socket timeout define this setting (the value specifies timeout seconds).
+#    urllib2.urlopen uses socket.getdefaulttimeout() value by default, so setting socket.setdefaulttimeout(...) will
+#    affect urlopen when this setting is not defined, otherwise this setting takes precedence. Also this might affect
+#    other places in Django.
+#    timeout argument was introduced in python 2.6 according to urllib2 documentation
+
+#SOCIAL_AUTH_<BACKEND_NAME>_WHITELISTED_DOMAINS = ['foo.com', 'bar.com']
+#    Supply a list of domain names to be white-listed. Any user with an email address on any of the allowed domains will
+#    login successfully, otherwise AuthForbidden is raised.
+
+#SOCIAL_AUTH_<BACKEND_NAME>_WHITELISTED_EMAILS = ['me@foo.com', 'you@bar.com']
+#    Supply a list of email addresses to be white-listed. Any user with an email address in this list will login
+#    successfully, otherwise AuthForbidden is raised.
+
+#SOCIAL_AUTH_PROTECTED_USER_FIELDS = ['email', ]
+#    The user_details pipeline processor will set certain fields on user objects, such as email. Set this to a list of
+#    fields you only want to set for newly created users and avoid updating on further logins.
+
+#SOCIAL_AUTH_SESSION_EXPIRATION = True
+#    Some providers return the time that the access token will live, the value is stored in UserSocialAuth.extra_data
+#    under the key expires. By default the current user session is set to expire if this value is present, this
+#    behavior can be disabled by setting.
+
+#SOCIAL_AUTH_OPENID_PAPE_MAX_AUTH_AGE = <int value>
+#    Enable OpenID PAPE extension support by defining this setting.
+
+#SOCIAL_AUTH_FIELDS_STORED_IN_SESSION = ['foo', ]
+#    If you want to store extra parameters from POST or GET in session, like it was made for next parameter, define
+#    this setting with the parameter names.
+#    In this case foo field's value will be stored when user follows this link
+#    <a href="{% url socialauth_begin 'github' %}?foo=bar">...</a>.
+
+
 try:
     from .local_settings import *
 except ImportError:
diff --git a/nsupdate/urls.py b/nsupdate/urls.py
index 6188236..170dc86 100644
--- a/nsupdate/urls.py
+++ b/nsupdate/urls.py
@@ -5,6 +5,7 @@ admin.autodiscover()
 
 urlpatterns = patterns(
     '',
+    url('', include('social.apps.django_app.urls', namespace='social')),
     url(r'^accounts/', include('registration.backends.default.urls')),
     url(r'^account/', include('nsupdate.accounts.urls')),
     url(r'^admin/', include(admin.site.urls)),
diff --git a/requirements.d/all.txt b/requirements.d/all.txt
index 0a4b698..8a4ae1b 100644
--- a/requirements.d/all.txt
+++ b/requirements.d/all.txt
@@ -4,3 +4,4 @@ django-bootstrap-form
 django-registration
 South
 django-extensions
+python-social-auth
diff --git a/setup.py b/setup.py
index 06bfb3a..70fb1f6 100644
--- a/setup.py
+++ b/setup.py
@@ -44,6 +44,7 @@ setup(
         'django-bootstrap-form',
         'django-registration',
         'django-extensions',
+        'python-social-auth',
         # packages only needed for development:
         'django-debug-toolbar',
         'pytest',