feat: Use allauth and add passkey support

2025-10-21 00:40:10 +02:00
parent e06efa1539
commit 969339a95f
8 changed files with 59 additions and 22 deletions
--- a/src/fellchensammlung/forms.py
+++ b/src/fellchensammlung/forms.py
@@ -137,6 +137,14 @@ class ModerationActionForm(forms.ModelForm):
        fields = ('action', 'public_comment', 'private_comment')


+class AddedRegistrationForm(forms.Form):
+    captcha = forms.CharField(validators=[animal_validator], label=_("Nenne eine bekannte Tierart"), help_text=_(
+        "Bitte nenne hier eine bekannte Tierart (z.B. ein Tier das an der Leine geführt wird). Das Fragen wir dich um sicherzustellen, dass du kein Roboter bist."))
+
+    def signup(self, request, user):
+        pass
+
+
 class CustomRegistrationForm(RegistrationForm):
    class Meta(RegistrationForm.Meta):
        model = User
--- a/src/fellchensammlung/templates/fellchensammlung/details/detail-user.html
+++ b/src/fellchensammlung/templates/fellchensammlung/details/detail-user.html
@@ -1,7 +1,8 @@
 {% extends "fellchensammlung/base.html" %}
 {% load i18n %}
+{% load account %}

-{% block title %}<title>{{ user.get_full_name }}</title>{% endblock %}
+{% block title %}<title>{% user_display user %}</title>{% endblock %}


 {% block content %}
@@ -13,7 +14,7 @@
        </div>
        <div class="level-right">
            <div class="level-item">
-                <form class="" action="{% url 'logout' %}" method="post">
+                <form class="" action="{% url 'account_logout' %}" method="post">
                    {% csrf_token %}
                    <button class="button" type="submit">
                        <i aria-hidden="true" class="fas fa-sign-out fa-fw"></i> Logout
@@ -25,12 +26,12 @@

    <div class="block">
        <h2 class="title is-2">{% trans 'Profil verwalten' %}</h2>
-        <p><strong>{% translate "E-Mail" %}:</strong> {{ user.email }}</p>
-        <div class="">
-            <p>
-                <a class="button is-warning" href="{% url 'password_change' %}">{% translate "Change password" %}</a>
-                <a class="button is-info" href="{% url 'user-me-export' %}">{% translate "Daten exportieren" %}</a>
-            </p>
+        <div class="block"><strong>{% translate "E-Mail" %}:</strong> {{ user.email }}</div>
+        <div class="block">
+            <a class="button is-warning"
+               href="{% url 'account_change_password' %}">{% translate "Passwort ändern" %}</a>
+            <a class="button is-warning" href="{% url 'account_email' %}">{% translate "E-Mail Adresse ändern" %}</a>
+            <a class="button is-info" href="{% url 'user-me-export' %}">{% translate "Daten exportieren" %}</a>
        </div>
    </div>

--- a/src/fellchensammlung/templates/fellchensammlung/header.html
+++ b/src/fellchensammlung/templates/fellchensammlung/header.html
@@ -49,10 +49,10 @@
            {% else %}
                <div class="navbar-item">
                    <div class="buttons">
-                        <a class="button is-primary" href="{% url "django_registration_register" %}">
+                        <a class="button is-primary" href="{% url "account_signup" %}">
                            <strong>{% translate "Registrieren" %}</strong>
                        </a>
-                        <a class="button is-light" href="{% url "login" %}">
+                        <a class="button is-light" href="{% url "account_login" %}">
                            <strong>{% translate "Login" %}</strong>
                        </a>
                    </div>
--- a/src/fellchensammlung/urls.py
+++ b/src/fellchensammlung/urls.py
@@ -94,15 +94,6 @@ urlpatterns = [
    path("user/notifications/", views.my_notifications, name="user-notifications"),
    path('user/me/export/', views.export_own_profile, name='user-me-export'),

-    path('accounts/register/',
-         registration_views.HTMLMailRegistrationView.as_view(
-             form_class=CustomRegistrationForm,
-             email_body_template="fellchensammlung/mail/activation_email.html",
-         ),
-         name='django_registration_register',
-         ),
-    path('accounts/', include('django_registration.backends.activation.urls')),
-    path('accounts/', include('django.contrib.auth.urls')),

    path('change-language', views.change_language, name="change-language"),

--- a/src/notfellchen/settings.py
+++ b/src/notfellchen/settings.py
@@ -130,6 +130,34 @@ ACCOUNT_ACTIVATION_DAYS = 7  # One-week activation window
 REGISTRATION_OPEN = True
 REGISTRATION_SALT = "notfellchen"

+AUTHENTICATION_BACKENDS = [
+    # Needed to login by username in Django admin, regardless of `allauth`
+    'django.contrib.auth.backends.ModelBackend',
+
+    # `allauth` specific authentication methods, such as login by email
+    'allauth.account.auth_backends.AuthenticationBackend',
+]
+
+ACCOUNT_EMAIL_VERIFICATION = "mandatory"
+ACCOUNT_EMAIL_VERIFICATION_BY_CODE_ENABLED = True
+
+ACCOUNT_SIGNUP_FIELDS = ['username*', "email*", "password1*", "password2*"]
+
+ACCOUNT_SIGNUP_FORM_CLASS = 'fellchensammlung.forms.AddedRegistrationForm'
+
+MFA_SUPPORTED_TYPES = ["totp",
+                       "webauthn",
+                       "recovery_codes"]
+
+MFA_PASSKEY_LOGIN_ENABLED = True
+MFA_PASSKEY_SIGNUP_ENABLED = True
+
+# Optional -- use for local development only: the WebAuthn uses the
+#``fido2`` package, and versions up to including version 1.1.3 do not
+# regard localhost as a secure origin, which is problematic during
+# local development and testing.
+MFA_WEBAUTHN_ALLOW_INSECURE_ORIGIN = True
+
 """ SECURITY.TXT """
 SEC_CONTACT = config.get("security", "Contact", fallback="julian-samuel@gebuehr.net")
 SEC_EXPIRES = config.get("security", "Expires", fallback="2028-03-17T07:00:00.000Z")
@@ -182,7 +210,11 @@ INSTALLED_APPS = [
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
+    "django.contrib.humanize",
    'django.contrib.messages',
+    'allauth',
+    'allauth.account',
+    'allauth.mfa',
    'django.contrib.staticfiles',
    "django.contrib.sitemaps",
    'fontawesomefree',
@@ -193,7 +225,7 @@ INSTALLED_APPS = [
    'rest_framework.authtoken',
    'drf_spectacular',
    'drf_spectacular_sidecar',  # required for Django collectstatic discovery
-    'widget_tweaks'
+    'widget_tweaks',
 ]

 MIDDLEWARE = [
@@ -208,6 +240,8 @@ MIDDLEWARE = [
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
+    # allauth middleware, needs to be after message middleware
+    "allauth.account.middleware.AccountMiddleware",
 ]

 ROOT_URLCONF = 'notfellchen.urls'
@@ -222,6 +256,7 @@ TEMPLATES = [
        'OPTIONS': {
            'context_processors': [
                'django.template.context_processors.debug',
+                # Needed for allauth
                'django.template.context_processors.request',
                'django.contrib.auth.context_processors.auth',
                'django.template.context_processors.media',
--- a/src/notfellchen/urls.py
+++ b/src/notfellchen/urls.py
@@ -23,6 +23,7 @@ from django.conf.urls.static import static

 urlpatterns = [
    path('admin/', admin.site.urls),
+    path('accounts/', include('allauth.urls')),
 ]

 urlpatterns += i18n_patterns(
--- a/src/templates/registration/login.html
+++ b/src/templates/registration/login.html
@@ -47,7 +47,7 @@
            <div class="block">
                <a class="button is-warning" href="{% url 'password_reset' %}">{% translate "Passwort vergessen?" %}</a>
                <a class="button is-link"
-                   href="{% url 'django_registration_register' %}">{% translate "Registrieren" %}</a>
+                   href="{% url 'account_signup' %}">{% translate "Registrieren" %}</a>
            </div>
        </div>
    {% endif %}