diff --git a/docs/config/settings.md b/docs/config/settings.md index edfe2f6f..db701d97 100644 --- a/docs/config/settings.md +++ b/docs/config/settings.md @@ -28,6 +28,14 @@ Can be set through env var too: `ALLOWED_HOSTS=umap.mydomain.org,u.mydomain.org` Set it to `True` for easier debugging in case of error. +#### DEPRECATED_AUTHENTICATION_PROVIDERS + +List of auth providers to deprecate. Defining this will display a message to +all users using this provider, to encourage them to configure another provider to +their account. + + DEPRECATED_AUTHENTICATION_PROVIDERS = ["social_core.backends.twitter_oauth2.TwitterOAuth2"] + #### EMAIL_BACKEND Must be configured if you want uMap to send emails to anonymous users. diff --git a/umap/settings/base.py b/umap/settings/base.py index dde2e57a..459d0952 100644 --- a/umap/settings/base.py +++ b/umap/settings/base.py @@ -306,6 +306,7 @@ LOGIN_URL = "login" SOCIAL_AUTH_LOGIN_REDIRECT_URL = "/login/popup/end/" AUTHENTICATION_BACKENDS = () +DEPRECATED_AUTHENTICATION_BACKENDS = [] SOCIAL_AUTH_OPENSTREETMAP_OAUTH2_KEY = env( "SOCIAL_AUTH_OPENSTREETMAP_OAUTH2_KEY", default="" diff --git a/umap/views.py b/umap/views.py index 1f77f4cb..deeffb6e 100644 --- a/umap/views.py +++ b/umap/views.py @@ -15,7 +15,7 @@ from urllib.request import Request, build_opener from django.conf import settings from django.contrib import messages -from django.contrib.auth import get_user_model +from django.contrib.auth import BACKEND_SESSION_KEY, get_user_model from django.contrib.auth import logout as do_logout from django.contrib.gis.measure import D from django.contrib.postgres.search import SearchQuery, SearchVector @@ -1419,3 +1419,18 @@ class LoginPopupEnd(TemplateView): """ template_name = "umap/login_popup_end.html" + + def get(self, *args, **kwargs): + backend = self.request.session[BACKEND_SESSION_KEY] + if backend in settings.DEPRECATED_AUTHENTICATION_BACKENDS: + name = backend.split(".")[-1] + messages.error( + self.request, + _( + "Using ā€œ%(name)sā€ to authenticate is deprecated. " + "Please configure another provider in your profile page." + ) + % {"name": name}, + ) + return HttpResponseRedirect(reverse("user_profile")) + return super().get(*args, **kwargs)