chore(oauth): using passport authentication

lijianguo · lijianguo · commit 099c00e34a81 · 2021-08-02T16:16:30.000+08:00
diff --git a/charts/controller/templates/_helpers.tpl b/charts/controller/templates/_helpers.tpl
@@ -156,8 +156,10 @@ env:
 {{- end }}
 {{- if eq .Values.global.passport_location "on-cluster"}}
 - name: "DRYCC_PASSPORT_DOMAIN"
-  value: drycc-passport.{{ .Values.global.platform_domain }}
+  value: http://drycc-passport.{{ .Values.global.platform_domain }}
 - name: "SOCIAL_AUTH_DRYCC_AUTHORIZATION_URL"
+  value: "$(DRYCC_PASSPORT_DOMAIN)/oauth/authorize/"
+- name: "SOCIAL_AUTH_DRYCC_ACCESS_TOKEN_URL"
   value: "$(DRYCC_PASSPORT_DOMAIN)/oauth/token/"
 - name: "SOCIAL_AUTH_DRYCC_ACCESS_API_URL"
   value: "$(DRYCC_PASSPORT_DOMAIN)/users/"
@@ -167,6 +169,8 @@ env:
   value: "$(DRYCC_PASSPORT_DOMAIN)/oauth/.well-known/jwks.json"
 - name: "SOCIAL_AUTH_DRYCC_OIDC_ENDPOINT"
   value: "$(DRYCC_PASSPORT_DOMAIN)/oauth"
+- name: "LOGIN_REDIRECT_URL"
+  value: "$(DRYCC_PASSPORT_DOMAIN)/login/done/"
 - name: SOCIAL_AUTH_DRYCC_CONTROLLER_KEY
   valueFrom:
     secretKeyRef:
diff --git a/charts/controller/templates/controller-cronjob-hourly.yaml b/charts/controller/templates/controller-cronjob-hourly.yaml
@@ -1,7 +1,7 @@
 apiVersion: batch/v1beta1
 kind: CronJob
 metadata:
-  name: drycc-controller-cronjob-daily
+  name: drycc-controller-cronjob-hourly
   labels:
     heritage: drycc
   annotations:
@@ -27,5 +27,3 @@ spec:
             args:
               - python -u /app/manage.py measure_app
             {{- include "controller.envs" . | indent 12 }}
-            {{- include "controller.volumeMounts" . | indent 12 }}
-          {{- include "controller.volumes" . | indent 10 }}
diff --git a/rootfs/api/settings/production.py b/rootfs/api/settings/production.py
@@ -81,7 +81,7 @@
     'corsheaders.middleware.CorsMiddleware',
     'django.middleware.security.SecurityMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
-    'django.middleware.csrf.CsrfViewMiddleware',
+    # 'django.middleware.csrf.CsrfViewMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.common.CommonMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
@@ -430,11 +430,11 @@
 SOCIAL_AUTH_DRYCC_AUTHORIZATION_URL = os.environ.get('SOCIAL_AUTH_DRYCC_AUTHORIZATION_URL')
 SOCIAL_AUTH_DRYCC_ACCESS_TOKEN_URL = os.environ.get('SOCIAL_AUTH_DRYCC_ACCESS_TOKEN_URL')
 SOCIAL_AUTH_DRYCC_ACCESS_API_URL = os.environ.get('SOCIAL_AUTH_DRYCC_ACCESS_API_URL')
-SOCIAL_AUTH_DRYCC_USERINFO_URL = os.environ.get('SOCIAL_AUTH_DRYCC_ACCESS_TOKEN_URL')
-SOCIAL_AUTH_DRYCC_JWKS_URI = os.environ.get('SOCIAL_AUTH_DRYCC_ACCESS_API_URL')
+SOCIAL_AUTH_DRYCC_USERINFO_URL = os.environ.get('SOCIAL_AUTH_DRYCC_USERINFO_URL')
+SOCIAL_AUTH_DRYCC_JWKS_URI = os.environ.get('SOCIAL_AUTH_DRYCC_JWKS_URI')
 SOCIAL_AUTH_DRYCC_OIDC_ENDPOINT = os.environ.get('SOCIAL_AUTH_DRYCC_OIDC_ENDPOINT')
-SOCIAL_AUTH_DRYCC_KEY = os.environ.get('SOCIAL_AUTH_DRYCC_KEY')
-SOCIAL_AUTH_DRYCC_SECRET = os.environ.get('SOCIAL_AUTH_DRYCC_SECRET')
+SOCIAL_AUTH_DRYCC_KEY = os.environ.get('SOCIAL_AUTH_DRYCC_CONTROLLER_KEY')
+SOCIAL_AUTH_DRYCC_SECRET = os.environ.get('SOCIAL_AUTH_DRYCC_CONTROLLER_SECRET')
 SOCIAL_AUTH_POSTGRES_JSONFIELD = True
 SOCIAL_AUTH_PIPELINE = (
     'social_core.pipeline.social_auth.social_details',
