Add group model

requirements.txt

@@ -1,9 +1,24 @@
 asgiref==3.4.1
-Django==4.0.1
+certifi==2021.10.8
+cffi==1.15.0
+charset-normalizer==2.0.10
+cryptography==36.0.1
+Deprecated==1.2.13
+Django==3.2
+django-oauth-toolkit==1.6.3
 django-scim2==0.17.0
+gunicorn==20.1.0
+idna==3.3
+jwcrypto==1.0
+oauthlib==3.1.1
 psycopg2-binary==2.9.3
+pycparser==2.21
 python-dateutil==2.8.2
+pytz==2021.3
+requests==2.27.1
 scim2-filter-parser==0.3.5
 six==1.16.0
 sly==0.3
 sqlparse==0.4.2
+urllib3==1.26.8
+wrapt==1.13.3

scim_app/core/admin.py

@@ -1,3 +1,5 @@
 from django.contrib import admin
+from django.contrib.auth.admin import UserAdmin
+from .models import User
 
-# Register your models here.
+admin.site.register(User, UserAdmin)

scim_app/core/apps.py

@@ -1,6 +1,14 @@
 from django.apps import AppConfig
+from django.db.models.signals import post_save
 
 
+from . import signals
+
 class CoreConfig(AppConfig):
     default_auto_field = 'django.db.models.BigAutoField'
     name = 'core'
+
+    def ready(self) -> None:
+        from oauth2_provider.models import get_access_token_model
+        TokenModel = get_access_token_model()
+        post_save.connect(signals.set_user_on_application_token, sender=TokenModel)

scim_app/core/migrations/0001_initial.py

@@ -0,0 +1,45 @@
+# Generated by Django 3.2 on 2022-01-17 13:41
+
+import django.contrib.auth.models
+import django.contrib.auth.validators
+from django.db import migrations, models
+import django.utils.timezone
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        ('auth', '0012_alter_user_first_name_max_length'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='User',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('password', models.CharField(max_length=128, verbose_name='password')),
+                ('last_login', models.DateTimeField(blank=True, null=True, verbose_name='last login')),
+                ('is_superuser', models.BooleanField(default=False, help_text='Designates that this user has all permissions without explicitly assigning them.', verbose_name='superuser status')),
+                ('username', models.CharField(error_messages={'unique': 'A user with that username already exists.'}, help_text='Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only.', max_length=150, unique=True, validators=[django.contrib.auth.validators.UnicodeUsernameValidator()], verbose_name='username')),
+                ('first_name', models.CharField(blank=True, max_length=150, verbose_name='first name')),
+                ('last_name', models.CharField(blank=True, max_length=150, verbose_name='last name')),
+                ('email', models.EmailField(blank=True, max_length=254, verbose_name='email address')),
+                ('is_staff', models.BooleanField(default=False, help_text='Designates whether the user can log into this admin site.', verbose_name='staff status')),
+                ('is_active', models.BooleanField(default=True, help_text='Designates whether this user should be treated as active. Unselect this instead of deleting accounts.', verbose_name='active')),
+                ('date_joined', models.DateTimeField(default=django.utils.timezone.now, verbose_name='date joined')),
+                ('scim_id', models.CharField(blank=True, default=None, help_text='A unique identifier for a SCIM resource as defined by the service provider.', max_length=254, null=True, unique=True, verbose_name='SCIM ID')),
+                ('scim_external_id', models.CharField(blank=True, db_index=True, default=None, help_text='A string that is an identifier for the resource as defined by the provisioning client.', max_length=254, null=True, verbose_name='SCIM External ID')),
+                ('scim_username', models.CharField(blank=True, db_index=True, default=None, help_text="A service provider's unique identifier for the user", max_length=254, null=True, verbose_name='SCIM Username')),
+                ('groups', models.ManyToManyField(blank=True, help_text='The groups this user belongs to. A user will get all permissions granted to each of their groups.', related_name='user_set', related_query_name='user', to='auth.Group', verbose_name='groups')),
+                ('user_permissions', models.ManyToManyField(blank=True, help_text='Specific permissions for this user.', related_name='user_set', related_query_name='user', to='auth.Permission', verbose_name='user permissions')),
+            ],
+            options={
+                'abstract': False,
+            },
+            managers=[
+                ('objects', django.contrib.auth.models.UserManager()),
+            ],
+        ),
+    ]

scim_app/core/migrations/0002_auto_20220118_1452.py

@@ -0,0 +1,37 @@
+# Generated by Django 3.2 on 2022-01-18 14:52
+
+import django.contrib.auth.models
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('auth', '0012_alter_user_first_name_max_length'),
+        ('core', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Group',
+            fields=[
+                ('group_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='auth.group')),
+                ('scim_id', models.CharField(blank=True, default=None, help_text='A unique identifier for a SCIM resource as defined by the service provider.', max_length=254, null=True, unique=True, verbose_name='SCIM ID')),
+                ('scim_external_id', models.CharField(blank=True, db_index=True, default=None, help_text='A string that is an identifier for the resource as defined by the provisioning client.', max_length=254, null=True, verbose_name='SCIM External ID')),
+                ('scim_display_name', models.CharField(blank=True, db_index=True, default=None, help_text='A human-readable name for the Group.', max_length=254, null=True, verbose_name='SCIM Display Name')),
+            ],
+            options={
+                'abstract': False,
+            },
+            bases=('auth.group', models.Model),
+            managers=[
+                ('objects', django.contrib.auth.models.GroupManager()),
+            ],
+        ),
+        migrations.AlterField(
+            model_name='user',
+            name='groups',
+            field=models.ManyToManyField(to='core.Group'),
+        ),
+    ]

scim_app/core/models.py

@@ -1,3 +1,19 @@
+from django.contrib.auth.models import AbstractUser, Group
 from django.db import models
 
-# Create your models here.
+from django_scim.models import AbstractSCIMUserMixin, AbstractSCIMGroupMixin
+
+class Group(AbstractSCIMGroupMixin, Group):
+    def __str__(self) -> str:
+        return self.scim_display_name
+
+
+class User(AbstractSCIMUserMixin, AbstractUser):
+    groups = models.ManyToManyField(Group)
+
+    @property
+    def scim_groups(self):
+        return self.groups
+
+    def __str__(self) -> str:
+        return self.email

scim_app/core/signals.py

@@ -0,0 +1,5 @@
+def set_user_on_application_token(sender, **kwargs):
+    instance = kwargs['instance']
+    if kwargs['created'] and not instance.user:
+        instance.user = instance.application.user
+        instance.save()

scim_app/scim_app/settings.py

@@ -25,7 +25,10 @@ SECRET_KEY = 'django-insecure-zzde2t39t5d7xhj&=yq+@ox3w(*euu-^&1v0g(wo0fcyapn0m%
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True
 
-ALLOWED_HOSTS = []
+ALLOWED_HOSTS = [
+    'localhost',
+    'scim.xeryus.rug.nl',
+]
 
 
 # Application definition
@@ -39,6 +42,9 @@ INSTALLED_APPS = [
     'django.contrib.staticfiles',
 
     'django_scim',
+    'oauth2_provider',
+
+    'core',
 ]
 
 MIDDLEWARE = [
@@ -47,6 +53,7 @@ MIDDLEWARE = [
     'django.middleware.common.CommonMiddleware',
     'django.middleware.csrf.CsrfViewMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
+    'oauth2_provider.middleware.OAuth2TokenMiddleware',
     'django_scim.middleware.SCIMAuthCheckMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
@@ -57,7 +64,9 @@ ROOT_URLCONF = 'scim_app.urls'
 TEMPLATES = [
     {
         'BACKEND': 'django.template.backends.django.DjangoTemplates',
-        'DIRS': [],
+        'DIRS': [
+            BASE_DIR / 'templates',
+        ],
         'APP_DIRS': True,
         'OPTIONS': {
             'context_processors': [
@@ -129,7 +138,7 @@ STATIC_URL = 'static/'
 DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
 
 SCIM_SERVICE_PROVIDER = {
-    'NETLOC': 'localhost',
+    'NETLOC': 'scim.xeryus.rug.nl',
     'AUTHENTICATION_SCHEMES': [
         {
             'type': 'oauth2',
@@ -138,3 +147,15 @@ SCIM_SERVICE_PROVIDER = {
         },
     ],
 }
+
+STATIC_ROOT = '/var/www/scim_app/static'
+STATIC_URL = '/static/'
+
+LOGIN_URL = '/admin/login/'
+
+AUTHENTICATION_BACKENDS = [
+    'oauth2_provider.backends.OAuth2Backend',
+    'django.contrib.auth.backends.ModelBackend',
+]
+
+AUTH_USER_MODEL = 'core.User'

scim_app/scim_app/urls.py

@@ -16,7 +16,13 @@ Including another URLconf
 from django.contrib import admin
 from django.urls import include, path
 
+from . import views
+
 urlpatterns = [
+    path('auth/', views.AuthView.as_view()),
+    path('oauth/', include('oauth2_provider.urls', namespace='oauth2_provider')),
     path('admin/', admin.site.urls),
     path('scim/v2/', include('django_scim.urls')),
+    path('api/hello/', views.ApiEndpoint.as_view()),
+    path('secret/', views.secret_page, name='secret'),
 ]

scim_app/scim_app/views.py

@@ -0,0 +1,20 @@
+from django.contrib.auth.decorators import login_required
+from django.http import HttpResponse
+from django.utils.decorators import method_decorator
+from django.views.generic import TemplateView
+
+from oauth2_provider.views.generic import ProtectedResourceView
+
+
+class AuthView(TemplateView):
+    template_name = "index.html"
+
+
+class ApiEndpoint(ProtectedResourceView):
+    def get(self, request, *args, **kwargs):
+        return HttpResponse('Hello world!')
+
+
+@login_required
+def secret_page(request, *args, **kwargs):
+    return HttpResponse('Secret contents!', status=200)

scim_app/templates/index.html

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+    <head>
+        <title>SCIM app</title>
+    </head>
+
+<body>
+    Hallo!
+
+    <pre>
+        {{ user }}
+    </pre>
+</body>
+</html>