Added support to set SOCIAL_AUTH_ALLOWED_REDIRECT_HOSTS (#429)

rhysyngsun · web-flow · commit 304381483161 · 2024-02-02T13:26:11.000-05:00
* Added support to set SOCIAL_AUTH_ALLOWED_REDIRECT_HOSTS

* Added a redirect for /login

* Fix lints

* Fix lint
diff --git a/app.json b/app.json
@@ -547,6 +547,10 @@
       "description": "The client secret provided by the OpenID Connect provider.",
       "required": false
     },
+    "SOCIAL_AUTH_ALLOWED_REDIRECT_HOSTS": {
+      "description": "The list of additional redirect hosts allowed for social auth.",
+      "required": false
+    },
     "USERINFO_URL": {
       "description": "Provder endpoint where client sends requests for identity claims.",
       "required": false
diff --git a/authentication/urls.py b/authentication/urls.py
@@ -1,9 +1,18 @@
 """URL configurations for authentication"""
 
-from django.urls import re_path
+from django.urls import include, re_path, reverse_lazy
+from django.views.generic.base import RedirectView
 
 from authentication.views import CustomLogoutView
 
 urlpatterns = [
+    re_path(r"", include("social_django.urls", namespace="social")),
+    re_path(
+        r"^login/$",
+        RedirectView.as_view(
+            url=reverse_lazy("social:begin", args=["ol-oidc"]), query_string=True
+        ),
+        name="login",
+    ),
     re_path(r"^logout/$", CustomLogoutView.as_view(), name="logout"),
 ]
diff --git a/open_discussions/settings.py b/open_discussions/settings.py
@@ -225,7 +225,13 @@
 
 SOCIAL_AUTH_LOGIN_REDIRECT_URL = "/"
 SOCIAL_AUTH_LOGIN_ERROR_URL = "login"
-SOCIAL_AUTH_ALLOWED_REDIRECT_HOSTS = [urlparse(SITE_BASE_URL).netloc]
+SOCIAL_AUTH_ALLOWED_REDIRECT_HOSTS = [
+    *get_list_of_str(
+        name="SOCIAL_AUTH_ALLOWED_REDIRECT_HOSTS",
+        default=[],
+    ),
+    urlparse(SITE_BASE_URL).netloc,
+]
 
 SOCIAL_AUTH_PIPELINE = (
     # Checks if an admin user attempts to login/register while hijacking another user.
diff --git a/open_discussions/urls.py b/open_discussions/urls.py
@@ -34,7 +34,6 @@
 urlpatterns = [  # noqa: RUF005
     re_path(r"^admin/", admin.site.urls),
     re_path(r"", include("authentication.urls")),
-    re_path(r"", include("social_django.urls", namespace="social")),
     re_path(r"", include("channels.urls")),
     re_path(r"", include("profiles.urls")),
     re_path(r"", include("embedly.urls")),
