r/mnemosyne
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(auth): add Casdoor SSO integration via django-allauth
Some checks failed
CVE Scan & Docker Build / security-scan (push) Successful in 50s
Details
CVE Scan & Docker Build / build-and-push (push) Has been cancelled
Details

Browse Source 
Integrate OIDC-based SSO authentication through Casdoor using
django-allauth. Adds configuration for enabling SSO, custom account
adapters, and an optional SSL verification bypass for sandbox
environments with self-signed certificates.

- Add CASDOOR_* and ALLOW_LOCAL_LOGIN env vars to .env.example and
  docker-compose (app service only)
- Configure allauth with openid_connect provider for Casdoor
- Register custom adapters (CasdoorAccountAdapter, LocalAccountAdapter)
- Apply SSL patch early in settings when CASDOOR_SSL_VERIFY=false
This commit is contained in:
Robert Helewka
2026-05-12 11:53:22 -04:00
parent 955761b748
commit ed4d0db930
13 changed files with 1246 additions and 329 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
.env.example
View File

@@ -94,6 +94,20 @@ CELERY_TASK_ALWAYS_EAGER=False
CELERY_QUEUES=celery,embedding,batch
CELERY_CONCURRENCY=2
# --- SSO / Casdoor ----------------------------------------------------------
# Consumed by: app only
# Set CASDOOR_ENABLED=True in production to activate OIDC login. All other
# CASDOOR_* vars are required when enabled. CASDOOR_SSL_VERIFY should always
# be true in production; set to false only in sandboxes with self-signed certs.
CASDOOR_ENABLED=False
CASDOOR_ORIGIN=https://casdoor.example.com
CASDOOR_ORIGIN_FRONTEND=https://casdoor.example.com
CASDOOR_CLIENT_ID=
CASDOOR_CLIENT_SECRET=
CASDOOR_ORG_NAME=
CASDOOR_SSL_VERIFY=true
ALLOW_LOCAL_LOGIN=False
# --- MCP server -------------------------------------------------------------
# Consumed by: mcp only
MCP_REQUIRE_AUTH=True