Install Django Allauth and enable Cognito logins (#279)

Install Django Allauth and enable Cognito logins

.env.example

@@ -18,3 +18,7 @@ EMAIL_HOST_USER=
 EMAIL_HOST_PASSWORD=
 EMAIL_USE_TLS=False
 EMAIL_USE_SSL=False
+
+AWS_COGNITO_CLIENT_ID=
+AWS_COGNITO_CLIENT_SECRET=
+AWS_COGNITO_DOMAIN=ngohub-staging.auth.eu-west-1.amazoncognito.com

backend/civil_society_vote/settings.py

@@ -51,6 +51,9 @@
     AWS_SES_REGION_NAME=(str, ""),
     AWS_SES_INCLUDE_REPORTS=(bool, False),
     AWS_SES_CONFIGURATION_SET_NAME=(str, None),
+    AWS_COGNITO_DOMAIN=(str, ""),
+    AWS_COGNITO_CLIENT_ID=(str, ""),
+    AWS_COGNITO_CLIENT_SECRET=(str, ""),
     # azure settings
     USE_AZURE=(bool, False),
     AZURE_ACCOUNT_NAME=(str, ""),
@@ -148,7 +151,12 @@
     "hub",
     "accounts",
     "utils",
-    # third-party
+    # authentication
+    "allauth",
+    "allauth.account",
+    "allauth.socialaccount",
+    "allauth.socialaccount.providers.amazon_cognito",
+    # other third-party
     "avatar",
     "admin_auto_filters",
     "spurl",
@@ -183,6 +191,7 @@
     "django.middleware.clickjacking.XFrameOptionsMiddleware",
     "django.middleware.locale.LocaleMiddleware",
     "impersonate.middleware.ImpersonateMiddleware",
+    "allauth.account.middleware.AccountMiddleware",
 ]
 
 if DEBUG and env("ENABLE_DEBUG_TOOLBAR"):
@@ -200,6 +209,7 @@ def show_toolbar(request):
     "django.contrib.auth.backends.ModelBackend",  # this is the default
     "guardian.backends.ObjectPermissionBackend",
     "civil_society_vote.middleware.CaseInsensitiveUserModel",
+    "allauth.account.auth_backends.AuthenticationBackend",
 ]
 
 ROOT_URLCONF = "civil_society_vote.urls"
@@ -365,7 +375,7 @@ def show_toolbar(request):
 
     default_storage_options["azure_container"] = env("AZURE_CONTAINER")
 
-    azure_custom_domain = f'{env("AZURE_ACCOUNT_NAME")}.blob.core.windows.net'
+    azure_custom_domain = f"{env('AZURE_ACCOUNT_NAME')}.blob.core.windows.net"
     default_storage_options["custom_domain"] = azure_custom_domain
 
     # azure public media settings
@@ -554,3 +564,23 @@ def show_toolbar(request):
 
 
 GLOBAL_SUPPORT_ENABLED = env("GLOBAL_SUPPORT_ENABLED")
+
+
+# Django Allauth settings
+SOCIALACCOUNT_PROVIDERS = {
+    "amazon_cognito": {
+        "DOMAIN": "https://" + env.str("AWS_COGNITO_DOMAIN"),
+        "EMAIL_AUTHENTICATION": True,  # TODO
+        "VERIFIED_EMAIL": True,  # TODO
+        "APPS": [
+            {
+                "client_id": env.str("AWS_COGNITO_CLIENT_ID"),
+                "secret": env.str("AWS_COGNITO_CLIENT_SECRET"),
+            },
+        ],
+    }
+}
+
+# Django Allauth allow only social logins
+SOCIALACCOUNT_ONLY = True
+ACCOUNT_EMAIL_VERIFICATION = "none"

backend/civil_society_vote/urls.py

@@ -58,7 +58,9 @@
     ),
     path("me/", include("accounts.urls")),
     path("", include("hub.urls")),
-)
+) + [
+    path("allauth/", include("allauth.urls")),
+]
 
 if settings.DEBUG:
     import debug_toolbar

backend/hub/templates/header.html

@@ -81,7 +81,7 @@
                             {{ user.email|truncatechars:24 }}
                         </a>
 
-                        <a href="{% url 'logout' %}" class="navbar-item">{% trans "Logout" %}</a>
+                        <a href="{% url 'account_logout' %}" class="navbar-item">{% trans "Logout" %}</a>
 
                         {% if user.is_impersonate %}
                         <a  href="{% url 'impersonate-stop' %}" class="navbar-item" style="color:red; text-align:center;">
@@ -91,7 +91,7 @@
 
                         {% else %}
 
-                        <a  href="{% url 'login'%}" class="navbar-item">
+                        <a  href="{% url 'account_login'%}" class="navbar-item">
                             {% trans "Login" %}
                         </a>
                         {% endif %}

backend/requirements-dev.txt

@@ -16,9 +16,9 @@ black==24.4.2
     # via -r requirements-dev.in
 blessed==1.20.0
     # via -r requirements.txt
-boto3==1.34.116
+boto3==1.34.118
     # via -r requirements.txt
-botocore==1.34.116
+botocore==1.34.118
     # via
     #   -r requirements.txt
     #   boto3
@@ -27,7 +27,7 @@ brotlipy==0.7.0
     # via -r requirements.txt
 build==1.2.1
     # via pip-tools
-certifi==2024.2.2
+certifi==2024.6.2
     # via
     #   -r requirements.txt
     #   requests
@@ -36,6 +36,7 @@ cffi==1.16.0
     # via
     #   -r requirements.txt
     #   brotlipy
+    #   cryptography
 charset-normalizer==3.3.2
     # via
     #   -r requirements.txt
@@ -48,12 +49,15 @@ coverage==7.5.3
     # via pytest-cov
 croniter==2.0.5
     # via -r requirements.txt
+cryptography==42.0.7
+    # via -r requirements.txt
 decorator==5.1.1
     # via ipython
 django==4.2.13
     # via
     #   -r requirements.txt
     #   django-admin-autocomplete-filter
+    #   django-allauth
     #   django-appconf
     #   django-ckeditor
     #   django-crispy-forms
@@ -70,6 +74,8 @@ django-admin-autocomplete-filter==0.7.1
     # via -r requirements.txt
 django-admin-rangefilter==0.13.0
     # via -r requirements.txt
+django-allauth==0.63.3
+    # via -r requirements.txt
 django-appconf==1.0.6
     # via
     #   -r requirements.txt
@@ -151,6 +157,10 @@ matplotlib-inline==0.1.7
     # via ipython
 mypy-extensions==1.0.0
     # via black
+oauthlib==3.2.2
+    # via
+    #   -r requirements.txt
+    #   requests-oauthlib
 packaging==24.0
     # via
     #   -r requirements.txt
@@ -194,6 +204,8 @@ pygments==2.18.0
     # via
     #   ipython
     #   pdbpp
+pyjwt==2.8.0
+    # via -r requirements.txt
 pyproject-hooks==1.1.0
     # via
     #   build
@@ -223,6 +235,10 @@ pytz==2024.1
     #   -r requirements.txt
     #   croniter
 requests==2.32.3
+    # via
+    #   -r requirements.txt
+    #   requests-oauthlib
+requests-oauthlib==2.0.0
     # via -r requirements.txt
 ruff==0.4.5
     # via -r requirements-dev.in
@@ -250,7 +266,7 @@ traitlets==5.14.3
     # via
     #   ipython
     #   matplotlib-inline
-typing-extensions==4.12.0
+typing-extensions==4.12.1
     # via ipython
 urllib3==2.2.1
     # via

backend/requirements.in

@@ -3,6 +3,7 @@ django~=4.2.13
 django-avatar~=8.0.0
 django-environ~=0.11.2
 django-crispy-forms~=2.1.0
+django-allauth[socialaccount]~=0.63.3 
 
 # job scheduler
 django-q2~=1.6.2

backend/requirements.txt

@@ -8,28 +8,33 @@ asgiref==3.8.1
     # via django
 blessed==1.20.0
     # via -r requirements.in
-boto3==1.34.116
+boto3==1.34.118
     # via -r requirements.in
-botocore==1.34.116
+botocore==1.34.118
     # via
     #   boto3
     #   s3transfer
 brotlipy==0.7.0
     # via -r requirements.in
-certifi==2024.2.2
+certifi==2024.6.2
     # via
     #   requests
     #   sentry-sdk
 cffi==1.16.0
-    # via brotlipy
+    # via
+    #   brotlipy
+    #   cryptography
 charset-normalizer==3.3.2
     # via requests
 croniter==2.0.5
     # via -r requirements.in
+cryptography==42.0.7
+    # via pyjwt
 django==4.2.13
     # via
     #   -r requirements.in
     #   django-admin-autocomplete-filter
+    #   django-allauth
     #   django-appconf
     #   django-ckeditor
     #   django-crispy-forms
@@ -44,6 +49,8 @@ django-admin-autocomplete-filter==0.7.1
     # via -r requirements.in
 django-admin-rangefilter==0.13.0
     # via -r requirements.in
+django-allauth==0.63.3
+    # via -r requirements.in
 django-appconf==1.0.6
     # via django-avatar
 django-avatar==8.0.0
@@ -88,6 +95,8 @@ jmespath==1.0.1
     # via
     #   boto3
     #   botocore
+oauthlib==3.2.2
+    # via requests-oauthlib
 packaging==24.0
     # via gunicorn
 pillow==10.3.0
@@ -100,14 +109,21 @@ psycopg2-binary==2.9.9
     # via -r requirements.in
 pycparser==2.22
     # via cffi
+pyjwt==2.8.0
+    # via django-allauth
 python-dateutil==2.9.0.post0
     # via
     #   botocore
     #   croniter
 pytz==2024.1
     # via croniter
 requests==2.32.3
-    # via -r requirements.in
+    # via
+    #   -r requirements.in
+    #   django-allauth
+    #   requests-oauthlib
+requests-oauthlib==2.0.0
+    # via django-allauth
 s3transfer==0.10.1
     # via boto3
 sentry-sdk==2.3.1