Feature: OIDC & social authentication (#5190)

--------- Co-authored-by: Moritz Pflanzer <moritz@chickadee-engineering.com> Co-authored-by: shamoon <4887959+shamoon@users.noreply.github.com>
2025-08-14 00:26:21 +00:00 · 2024-02-08 17:15:38 +01:00
parent b47f301831
commit c508be6ecd
33 changed files with 1197 additions and 190 deletions
--- a/src/paperless/views.py
+++ b/src/paperless/views.py
@@ -1,10 +1,13 @@
 import os
 from collections import OrderedDict

+from allauth.socialaccount.adapter import get_adapter
+from allauth.socialaccount.models import SocialAccount
 from django.contrib.auth.models import Group
 from django.contrib.auth.models import User
 from django.db.models.functions import Lower
 from django.http import HttpResponse
+from django.http import HttpResponseBadRequest
 from django.views.generic import View
 from django_filters.rest_framework import DjangoFilterBackend
 from rest_framework.authtoken.models import Token
@@ -14,6 +17,7 @@ from rest_framework.pagination import PageNumberPagination
 from rest_framework.permissions import DjangoObjectPermissions
 from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
+from rest_framework.views import APIView
 from rest_framework.viewsets import ModelViewSet

 from documents.permissions import PaperlessObjectPermissions
@@ -168,3 +172,54 @@ class ApplicationConfigurationViewSet(ModelViewSet):

    serializer_class = ApplicationConfigurationSerializer
    permission_classes = (IsAuthenticated, DjangoObjectPermissions)
+
+
+class DisconnectSocialAccountView(GenericAPIView):
+    """
+    Disconnects a social account provider from the user account
+    """
+
+    permission_classes = [IsAuthenticated]
+
+    def post(self, request, *args, **kwargs):
+        user = self.request.user
+
+        try:
+            account = user.socialaccount_set.get(pk=request.data["id"])
+            account_id = account.id
+            account.delete()
+            return Response(account_id)
+        except SocialAccount.DoesNotExist:
+            return HttpResponseBadRequest("Social account not found")
+
+
+class SocialAccountProvidersView(APIView):
+    """
+    List of social account providers
+    """
+
+    permission_classes = [IsAuthenticated]
+
+    def get(self, request, *args, **kwargs):
+        adapter = get_adapter()
+        providers = adapter.list_providers(request)
+        resp = [
+            {"name": p.name, "login_url": p.get_login_url(request, process="connect")}
+            for p in providers
+            if p.id != "openid"
+        ]
+
+        for openid_provider in filter(lambda p: p.id == "openid", providers):
+            resp += [
+                {
+                    "name": b["name"],
+                    "login_url": openid_provider.get_login_url(
+                        request,
+                        process="connect",
+                        openid=b["openid_url"],
+                    ),
+                }
+                for b in openid_provider.get_brands()
+            ]
+
+        return Response(sorted(resp, key=lambda p: p["name"]))