From b38984fcb95ab121a610710b9df049ee7caa17cd Mon Sep 17 00:00:00 2001
From: Jon <jonathon.lockwood@networkedweb.com>
Date: Fri, 7 Jun 2024 19:33:57 +0930
Subject: [PATCH] feat(base): Enforceable SSO ONLY

this setting removes the login form and forces a redirect to the SSO signin page.

!20 #1
---
 app/app/settings.py                            |  4 ++++
 app/templates/registration/login.html          | 12 +++++++++---
 docs/projects/django-template/configuration.md |  4 +++-
 docs/projects/django-template/index.md         |  2 +-
 4 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/app/app/settings.py b/app/app/settings.py
index 78584deb..afee205b 100644
--- a/app/app/settings.py
+++ b/app/app/settings.py
@@ -35,6 +35,7 @@
 #
 DEBUG = False                    # SECURITY WARNING: don't run with debug turned on in production!
 SSO_ENABLED = False              # Enable SSO
+SSO_LOGIN_ONLY_BACKEND = None    # Use specified SSO backend as the ONLY method to login. (builting login form will not be used)
 
 ALLOWED_HOSTS = [ '*' ]
 
@@ -258,6 +259,9 @@
 
 if SSO_ENABLED:
 
+    if SSO_LOGIN_ONLY_BACKEND:
+        LOGIN_URL = f'/sso/login/{SSO_LOGIN_ONLY_BACKEND}/'
+
     AUTHENTICATION_BACKENDS += (
         *SSO_BACKENDS,
     )
diff --git a/app/templates/registration/login.html b/app/templates/registration/login.html
index 580e1e35..652850d9 100644
--- a/app/templates/registration/login.html
+++ b/app/templates/registration/login.html
@@ -1,3 +1,5 @@
+{% load settings_value %}
+{% settings_value "SSO_LOGIN_ONLY_BACKEND" as SSO_LOGIN_ONLY_BACKEND %}
 <html>
 
 <head>
@@ -6,14 +8,18 @@
     <meta charset="utf-8">
     <meta name="viewport" content="width=device-width, initial-scale=1">
 
+    {% if SSO_LOGIN_ONLY_BACKEND %}
+    <meta http-equiv="refresh" content="0; url=/{{ settings.LOGIN_URL }}" />
+    {% else %}
     <link rel="stylesheet" href="{% static 'base.css' %}">
     <link rel="stylesheet" href="{% static 'content.css' %}">
     <link rel="stylesheet" href="{% static 'data.css' %}">
-
+    {% endif %}
 </head>
 
 <body style="background-color: #393f44">
-    
+
+    {% if not SSO_LOGIN_ONLY_BACKEND %}
     <div style="height: 100%; width: 100%;">
 
         <div style="display: block; text-align: center; inline-size: auto;  margin: auto; background-color: #26292d; margin-top: -185px; height: 370px; margin-left: -272px; width: 544px; position: absolute; top: 50%; left: 50%; padding: 40px">
@@ -29,8 +35,8 @@
                 {% endfor %}
             </form>
         </div>
-
     </div>
+    {% endif %}
 
 </body>
 
diff --git a/docs/projects/django-template/configuration.md b/docs/projects/django-template/configuration.md
index b8ea2073..a6294adb 100644
--- a/docs/projects/django-template/configuration.md
+++ b/docs/projects/django-template/configuration.md
@@ -13,7 +13,7 @@ This page details the configuration for setting up the application.
 
 - `SSO_ENABLED`, boolean
 
-Single Sign on (SSO) is made possible through the [social django application](https://python-social-auth.readthedocs.io/en/latest/configuration/django.html). Specific configuration for the backend that you would like to configure can be viewed within it's [documentation](https://python-social-auth.readthedocs.io/en/latest/backends/index.html). In most cases the only configuration will need to be done for the following attributes: `SSO_ENABLED`, `SSO_BACKENDS` and `SOCIAL_AUTH_`.
+Single Sign on (SSO) is made possible through the [social django application](https://python-social-auth.readthedocs.io/en/latest/configuration/django.html). Specific configuration for the backend that you would like to configure can be viewed within it's [documentation](https://python-social-auth.readthedocs.io/en/latest/backends/index.html). In most cases the only configuration that will need to be defined are for the following attributes: `SSO_ENABLED`, optionally `SSO_BACKENDS` and those with prefix `SOCIAL_AUTH_`.
 
 !!! danger
     Within the social django documentation, it will state the the configuration key for the backends is within attribute `AUTHENTICATION_BACKENDS`, don't use this attribute. Instead use attribute `SSO_BACKENDS` so as not to effect the authentication of the ITSM application.
@@ -27,6 +27,8 @@ Attributes with prefix `SSO_` are specifically for this application.
 
 SSO_ENABLED = True             # Optional, boolean. Enable SSO Authentication
 
+SSO_LOGIN_ONLY_BACKEND = 'oidc'    # Optional, string. To only use SSO authentication, specify the backend name here
+
 SSO_BACKENDS = (               # this attribute replaces `AUTHENTICATION_BACKENDS` and must be used instead of.
     "social_core.backends.open_id_connect.OpenIdConnectAuth",
 )
diff --git a/docs/projects/django-template/index.md b/docs/projects/django-template/index.md
index ce1e09ca..da2377cf 100644
--- a/docs/projects/django-template/index.md
+++ b/docs/projects/django-template/index.md
@@ -52,7 +52,7 @@ Settings for the application are stored within a docker volume at path `/etc/its
 
 ### Settings file
 
-The settings file is a python file `.py` and must remain a valid python file for the application to work. 
+The settings file is a python file `.py` and must remain a valid python file for the application to work.
 
 ``` py title="settings.py"