From a2148c2f43fe4c8b42f2819f722d23d0cc873dd5 Mon Sep 17 00:00:00 2001
From: wlorenzetti <lorenzett@gis3w.it>
Date: Wed, 18 Dec 2024 10:50:58 +0100
Subject: [PATCH] Management fo role and backend of user logged by
 socialaccount

---
 g3w-admin/base/settings/base.py               |  3 +-
 g3w-admin/templates/login.html                | 73 ++++++++++---------
 .../socialaccount/provider_list.html          | 22 ++++++
 .../usersmanage/vendors/allauth/adapter.py    | 31 +++++---
 4 files changed, 83 insertions(+), 46 deletions(-)
 create mode 100644 g3w-admin/usersmanage/templates/socialaccount/provider_list.html

diff --git a/g3w-admin/base/settings/base.py b/g3w-admin/base/settings/base.py
index 0e2a07c46..c4a9861ff 100644
--- a/g3w-admin/base/settings/base.py
+++ b/g3w-admin/base/settings/base.py
@@ -399,4 +399,5 @@
 # Activate/deactivate user login session tracking
 USERSESSIONS_TRACK_ACTIVITY = False
 
-SOCIALACCOUNT_ONLY = True
\ No newline at end of file
+SOCIALACCOUNT_ONLY = True
+SOCIALACCOUNT_USER_ROLE = 'Viewer Level 1'
\ No newline at end of file
diff --git a/g3w-admin/templates/login.html b/g3w-admin/templates/login.html
index 9cd15be73..78c0fc87f 100644
--- a/g3w-admin/templates/login.html
+++ b/g3w-admin/templates/login.html
@@ -23,44 +23,47 @@ <h4><i class="icon fa fa-ban"></i> {% trans 'LOGIN ERROR' %}!</h4>
         {% trans 'Username and/or password uncorrect' %}
       </div>
       {% endif %}
-    <form method="post">
-      {% csrf_token %}
-      <div class="form-group has-feedback">
-        <input type="text" class="form-control" name="username" placeholder="Username">
-        <span class="glyphicon glyphicon-user form-control-feedback"></span>
-      </div>
-      <div class="form-group has-feedback">
-        <input type="password" class="form-control" name="password" placeholder="Password">
-        <span class="glyphicon glyphicon-lock form-control-feedback"></span>
-      </div>
-      <div class="form-group recaptcha">{{ form.captcha }}</div>
-      <div class="row margin-bottom" >
-        <div class="col-xs-12">
-          <button type="submit" class="btn btn-primary btn-block btn-flat">{% trans 'Sign In' %}</button>
-        </div><!-- /.col -->
-      </div>
-      {% if SETTINGS.RESET_USER_PASSWORD %}
-      <div class="row">
-          <div class="col-xs-12">
-              <a href="{% url 'password_reset' %}">{% trans 'Forgot your password?' %}</a>
+        <form method="post">
+          {% csrf_token %}
+          <div class="form-group has-feedback">
+            <input type="text" class="form-control" name="username" placeholder="Username">
+            <span class="glyphicon glyphicon-user form-control-feedback"></span>
           </div>
-      </div>
-      <div class="row">
-          <div class="col-xs-12">
-              <a href="{% url 'username_recovery' %}">{% trans 'Forgot your username?' %}</a>
+          <div class="form-group has-feedback">
+            <input type="password" class="form-control" name="password" placeholder="Password">
+            <span class="glyphicon glyphicon-lock form-control-feedback"></span>
           </div>
-      </div>
-      {% endif %}
-      {% if SETTINGS.REGISTRATION_OPEN %}
-      <div class="row">
-          <div class="col-xs-12">
-              <a href="{% url 'django_registration_register' %}">{% trans 'Sign up' %}</a>
+          <div class="form-group recaptcha">{{ form.captcha }}</div>
+          <div class="row margin-bottom" >
+            <div class="col-xs-12">
+              <button type="submit" class="btn btn-primary btn-block btn-flat">{% trans 'Sign In' %}</button>
+            </div><!-- /.col -->
           </div>
-      </div>
-      {% endif %}
-    </form>
-    {% get_providers as socialaccount_providers %}
-    {% include "socialaccount/snippets/provider_list.html" with process="login" %}
+
+          <div class="row">
+            {% include "socialaccount/provider_list.html" with process="login" %}
+          </div>
+
+          {% if SETTINGS.RESET_USER_PASSWORD %}
+          <div class="row">
+              <div class="col-xs-12">
+                  <a class="btn btn-info btn-block btn-flat" href="{% url 'password_reset' %}">{% trans 'Forgot your password?' %}</a>
+              </div>
+          </div>
+          <div class="row">
+              <div class="col-xs-12">
+                  <a class="btn btn-info btn-block btn-flat margin-bottom-small" href="{% url 'username_recovery' %}">{% trans 'Forgot your username?' %}</a>
+              </div>
+          </div>
+          {% endif %}
+          {% if SETTINGS.REGISTRATION_OPEN %}
+          <div class="row">
+              <div class="col-xs-12">
+                  <a class="btn btn-info btn-block btn-flat margin-bottom-small" href="{% url 'django_registration_register' %}">{% trans 'Sign up' %}</a>
+              </div>
+          </div>
+          {% endif %}
+        </form>
   </div><!-- /.login-box-body -->
      {% include 'include/login_page_version.html' %}
 </div><!-- /.login-box -->
diff --git a/g3w-admin/usersmanage/templates/socialaccount/provider_list.html b/g3w-admin/usersmanage/templates/socialaccount/provider_list.html
new file mode 100644
index 000000000..b3b60307a
--- /dev/null
+++ b/g3w-admin/usersmanage/templates/socialaccount/provider_list.html
@@ -0,0 +1,22 @@
+{% load allauth socialaccount %}
+{% load i18n %}
+{% get_providers as socialaccount_providers %}
+{% if socialaccount_providers %}
+        <div class="col-xs-12" style="text-align: center;">
+            <p>- {% trans 'OR' %} -</p>
+        </div>
+        {% for provider in socialaccount_providers %}
+            {% if provider.id == "openid" %}
+                {% for brand in provider.get_brands %}
+                    {% provider_login_url provider openid=brand.openid_url process=process as href %}
+                    {% element provider name=brand.name provider_id=provider.id href=href %}
+                    {% endelement %}
+                {% endfor %}
+            {% endif %}
+            {% provider_login_url provider process=process scope=scope auth_params=auth_params as href %}
+            <div class="col-xs-12">
+                <a class="btn btn-default btn-block btn-flat" href="{{ href }}">{{ provider.name }}</a>
+            </div>
+        {% endfor %}
+        <div class="col-xs-12" style="margin-bottom: 20px;"></div>
+{% endif %}
diff --git a/g3w-admin/usersmanage/vendors/allauth/adapter.py b/g3w-admin/usersmanage/vendors/allauth/adapter.py
index fe6774ba5..343d169e6 100644
--- a/g3w-admin/usersmanage/vendors/allauth/adapter.py
+++ b/g3w-admin/usersmanage/vendors/allauth/adapter.py
@@ -10,16 +10,33 @@
 __copyright__ = 'Copyright 2015 - 2024, Gis3w'
 __license__ = 'MPL 2.0'
 
+from django.conf import settings
 from django.core.exceptions import ObjectDoesNotExist
 from allauth.socialaccount.adapter import DefaultSocialAccountAdapter
 from allauth.account.models import EmailAddress
-from usersmanage.models import User, Group as AuthGroup
+from usersmanage.models import User, Group as AuthGroup, Userbackend, USER_BACKEND_DEFAULT
 from usersmanage.configs import G3W_EDITOR1, G3W_EDITOR2, G3W_VIEWER1
 
 class G3WSocialAccountAdapter(DefaultSocialAccountAdapter):
+
+    def _set_user_role_backend(self, user):
+        """
+        Set the role and the backend for the user login by social
+        """
+
+        # Role to se from settings
+        role = settings.SOCIALACCOUNT_USER_ROLE \
+            if settings.SOCIALACCOUNT_USER_ROLE in (G3W_EDITOR1, G3W_EDITOR2, G3W_VIEWER1) else G3W_VIEWER1
+
+        AuthGroup.objects.get(name=role).user_set.add(user)
+
+        # Backend
+        if not hasattr(user, 'userbackend'):
+            Userbackend(user=user, backend=USER_BACKEND_DEFAULT).save()
+
     def pre_social_login(self, request, sociallogin):
 
-        # social account already exists, so this is just a login
+        # Social account already exists, so this is just a login
         if sociallogin.is_existing:
             return
 
@@ -27,14 +44,9 @@ def pre_social_login(self, request, sociallogin):
         if not sociallogin.email_addresses:
             return
         try:
-            print('pass')
             existing_user = User.objects.get(email=sociallogin.email_addresses[0].email)
-
-            AuthGroup.objects.get(name=G3W_VIEWER1).user_set.add(existing_user)
-            #todo: se non hai ruoli aggiungere il ruolo di defauul, backend!!!!!!!
-            # controllare che ci sia almeno un gruppo
+            self._set_user_role_backend(existing_user)
         except ObjectDoesNotExist:
-            print('non esiste')
             return
 
         # if it does, connect this new social login to the existing user
@@ -42,6 +54,5 @@ def pre_social_login(self, request, sociallogin):
 
     def save_user(self, request, sociallogin, form=None):
         user = super(G3WSocialAccountAdapter, self).save_user(request, sociallogin, form=form)
-        AuthGroup.objects.get(name=G3W_VIEWER1).user_set.add(user)
-        #todo: aggiungere ruolo
+        self._set_user_role_backend(user)
         return user
\ No newline at end of file