Deactivated useless code

roles/docker-taiga/templates/docker-compose.yml.j2

@@ -8,6 +8,13 @@ services:
       - static-data:/taiga-back/static
       - media-data:/taiga-back/media
       # - ./config.py:/taiga-back/settings/config.py
+
+{% if applications[application_id].oidc.enabled and applications[application_id].oidc.flavor == 'taigaio' %}
+
+      - {{ docker_compose.directories.config }}taiga-local.py:/taiga-back/settings/local.py:ro
+
+{% endif %}
+
 {% include 'templates/docker/container/networks.yml.j2' %}
       taiga:
 {% include 'templates/docker/container/depends-on-also-database.yml.j2' %}
@@ -15,6 +22,15 @@ services:
         condition: service_started
       taiga-async-rabbitmq:
         condition: service_started
+{% if applications[application_id].oidc.enabled and applications[application_id].oidc.flavor == 'taigaio' %}
+    
+    command: >
+      /bin/sh -c "
+        pip install taiga-contrib-oidc-auth &&
+        /taiga-back/docker/entrypoint.sh"
+
+{% endif %}
+
 
   taiga-async:
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
@@ -25,6 +41,13 @@ services:
       - static-data:/taiga-back/static
       - media-data:/taiga-back/media
       # - ./config.py:/taiga-back/settings/config.py
+
+{% if applications[application_id].oidc.enabled and applications[application_id].oidc.flavor == 'taigaio' %}
+
+      - {{ docker_compose.directories.config }}taiga-local.py:/taiga-back/settings/local.py:ro
+
+{% endif %}
+
 {% include 'templates/docker/container/networks.yml.j2' %}
       taiga:
 {% include 'templates/docker/container/depends-on-also-database.yml.j2' %}
@@ -32,6 +55,14 @@ services:
         condition: service_started
       taiga-async-rabbitmq:
         condition: service_started
+{% if applications[application_id].oidc.enabled and applications[application_id].oidc.flavor == 'taigaio' %}
+    
+    command: >
+      /bin/sh -c "
+        pip install taiga-contrib-oidc-auth &&
+        /taiga-back/docker/entrypoint.sh"
+        
+{% endif %}
 
   taiga-async-rabbitmq:
     image: rabbitmq:3.8-management-alpine

roles/docker-taiga/templates/env.j2

@@ -26,7 +26,7 @@ EMAIL_BACKEND:      =   "django.core.mail.backends.{{email_backend}}.EmailBacken
 DEFAULT_FROM_EMAIL  =   "{{system_email.from}}"
 
 # EMAIL_USE_TLS/EMAIL_USE_SSL are mutually exclusive (only set one of those to True)
-EMAIL_USE_TLS   =   "{{ system_email.tls | lower | capitalize }}"         # use TLS (secure) connection with the SMTP server
+EMAIL_USE_TLS   =   "{{ system_email.tls | capitalize }}"         # use TLS (secure) connection with the SMTP server
 EMAIL_USE_SSL   =   "{{ 'False' if system_email.start_tls else 'True' }}" # use implicit TLS (secure) connection with the SMTP server
 
 RABBITMQ_USER=taiga
@@ -48,8 +48,30 @@ MAX_AGE             =   360
 ENABLE_TELEMETRY    =   True
 
 {% if applications[application_id].oidc.enabled %}
-# OICD 
-# @See https://github.com/robrotheram/taiga-contrib-openid-auth
+
+{% if applications[application_id].oidc.flavor == 'taigaio' %}
+
+# OIDC via taigaio official contrib
+# @See https://github.com/taigaio/taiga-contrib-oidc-auth
+ENABLE_OIDC=True
+OIDC_RP_CLIENT_ID="{{ oidc.client.id }}"
+OIDC_RP_CLIENT_SECRET="{{ oidc.client.secret }}"
+OIDC_OP_AUTHORIZATION_ENDPOINT="{{ oidc.client.authorize_url }}"
+OIDC_OP_TOKEN_ENDPOINT="{{ oidc.client.token_url }}"
+OIDC_OP_USER_ENDPOINT="{{ oidc.client.user_info_url }}"
+OIDC_RP_SIGN_ALGO="RS256"
+OIDC_RP_SCOPES="openid profile email"
+OIDC_USE_STATE=True
+OIDC_USE_NONCE=True
+OIDC_RP_CALLBACK_URL="{{ oidc.client.redirect_uri | default('') }}"
+OIDC_OP_JWKS_ENDPOINT="{{ oidc.client.jwks_url | default('') }}"
+
+{% endif %}
+
+{% if applications[application_id].oidc.flavor == 'robrotheram' %}
+
+# OIDC via robrotheram
+# @see https://github.com/robrotheram/taiga-contrib-openid-auth
 ENABLE_OPENID=True
 OPENID_URL="{{oidc.client.authorize_url}}"
 OPENID_USER_URL="{{oidc.client.user_info_url}}"
@@ -58,14 +80,14 @@ OPENID_CLIENT_ID="{{oidc.client.id}}"
 OPENID_CLIENT_SECRET="{{oidc.client.secret}}"
 OPENID_NAME="{{oidc.button_text}}"
 OPENID_USERNAME_FIELD="{{oidc.attributes.username}}"
-
-# Default Values
+# Optional:
 # OPENID_ID_FIELD="sub"
 # OPENID_FULLNAME_FIELD="name"
 # OPENID_EMAIL_FIELD="email"
 # OPENID_SCOPE="openid email"
+# OPENID_FILTER = "taiga_users,taiga_admins"
+# OPENID_FILTER_FIELD = "groups"
+
+{% endif %}
 
-# The following are optional fields to configure filtering users based on the openid-userinfo. A common use case is to allow only specific roles or groups to log into taiga. OPENID_FILTER_FIELD is the name of the claim that's present in the UserInfo. The field is expected to be a list of strings. OPENID_FILTER is the allowed values, comma seperated.
-#OPENID_FILTER = "taiga_users,taiga_admins"
-#OPENID_FILTER_FIELD = "groups"
 {% endif %}

roles/docker-taiga/templates/local.py.j2

@@ -0,0 +1,24 @@
+INSTALLED_APPS += [
+    "mozilla_django_oidc",
+    "taiga_contrib_oidc_auth",
+]
+
+AUTHENTICATION_BACKENDS = list(AUTHENTICATION_BACKENDS) + [
+    "taiga_contrib_oidc_auth.oidc.TaigaOIDCAuthenticationBackend",
+]
+
+ROOT_URLCONF = "settings.urls"
+
+OIDC_CALLBACK_CLASS = "taiga_contrib_oidc_auth.views.TaigaOIDCAuthenticationCallbackView"
+OIDC_RP_SCOPES = "openid profile email"
+OIDC_RP_SIGN_ALGO = "RS256"
+
+OIDC_BASE_URL = "{{ oidc.base_url }}"
+OIDC_OP_JWKS_ENDPOINT = OIDC_BASE_URL + "/Jwks"
+OIDC_OP_AUTHORIZATION_ENDPOINT = OIDC_BASE_URL + "/Authorization"
+OIDC_OP_TOKEN_ENDPOINT = OIDC_BASE_URL + "/Token"
+OIDC_OP_USER_ENDPOINT = OIDC_BASE_URL + "/UserInfo"
+
+import os
+OIDC_RP_CLIENT_ID = os.getenv("OIDC_RP_CLIENT_ID")
+OIDC_RP_CLIENT_SECRET = os.getenv("OIDC_RP_CLIENT_SECRET")