Configuration¶
cykel is mostly configured graphically with the django-admin based administration interface. This is reachable at https://<host>/admin.
Things that can’t be configured graphically in the admin are provided as environment variables. This is for example needed to provide the Database Credentials or the Hostnames where cykel is reachable at.
Only in some edge cases you may have to directly modify the cykel/settings.py.
Initial Admin Access¶
For your first user with administrative rights, use djangos default way to create a superuser. Don’t forget to run this as openbike and apply the venv:
$ source /srv/openbike/venv/bin/activate
(venv)$ python3 manage.py createsuperuser
Site¶
Cykel needs to know how to refer to itself. This is used in login redirects, so we have to make sure this value is correct. The configuration happens within djangos default Site model, so you have to configure it in the Sites section in the administration. This already contains an example.com site right after the installation - just edit this first entry.
For the configuration: The domain name must equal the cykel installation domain name, the display name should be the name where your voorwiel UI is reachable at.
Authentication Providers¶
cykel is using django-allauth for integrating third-party login, their documentation provides a list of providers they support. For most of the providers, it is enough to add them to INSTALLED_APPS in cykel/settings.py. By default, Twitter, GitHub, Stackexchange, Slack and FragDenStaat as well as Eventphone are available and already installed.
For configuring an Authentication Provider look into Social Applications. When you add a provider there, put the providers name in lowercase into the name field - this is used in the callback url. You also need to provide the OAuth2 client id and the client secret. Some providers call this differently, for these we’ve added instructions below.
Note
The Callback URL you are asked by the provider to put on their allow list is
https://<cykel host>/auth/<name>/login/callback/The
<name>is the name of your created social application in the cykel admin, this is why you should use short and lowercase provider names there.Twitter¶
For twitter, you have to apply for developer account access. If you have developer access, create an app – read-only permissions are enough, we’re only going to use it for authentication.
Our needed Credentials can be found on the Keys and tokens Page as Consumer API keys, the client id is the api key, the client secret is the api secret key.
GitHub¶
If you want to use GitHub as an Authentication Provider, create a new OAuth App at https://github.com/settings/developers. You can also create this directly in the settings of an GitHub organization you have Owner access, or you can transfer the ownership to an Organization later from your account. After creating the OAuth App, the Client ID and Client Secret are displayed.
AUTOENROLLMENT_PROVIDERS¶
If you want to give users that login with trusted provider the access to rent bikes immediately, without verifying and assigning them rights manually, the
AUTOENROLLMENT_PROVIDERSenvironment variable is for you. Put the Social Application names there and seperate them by comma if its more than one provider.Users that login with a provider listed in
AUTOENROLLMENT_PROVIDERSare placed in theautoenrollment-rentgroup. This group has by default the right to rent bikes.Additional Administrators¶
When people have authenticated already, you can set staff status and/or superuser status on their user profiles. They still need a password to authenticate with the administration interface, you can set this with the password reset link on their profile page.