From 655b31fd6474ca0aaaaf549811f6f75239dc8da6 Mon Sep 17 00:00:00 2001 From: Federico Capoano Date: Wed, 22 Apr 2026 18:21:35 -0300 Subject: [PATCH] [fix] Allowed managing social auth secrets when needed Before, OpenWISP Users removed the ``allauth.socialaccount`` admin sections to keep the admin UI simple, but over time more users need this to support OAuth/SAML authentication to the admin interface (manage app secrets). With this change, the admin allows managing app secrets if any ``allauth.socialaccount.provider`` is installed, eg: microsoft, google, openid, etc. --- openwisp_users/admin.py | 9 ++++++--- openwisp_users/settings.py | 9 +++++++++ 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/openwisp_users/admin.py b/openwisp_users/admin.py index b8a946bc..9e45b802 100644 --- a/openwisp_users/admin.py +++ b/openwisp_users/admin.py @@ -652,11 +652,14 @@ def get_user(self, obj): admin.site.unregister(EmailAddress) if allauth_settings.SOCIALACCOUNT_ENABLED: - for model in [ - ("socialaccount", "SocialApp"), + socialaccount_models = [ ("socialaccount", "SocialToken"), ("socialaccount", "SocialAccount"), - ]: + ] + # Allow managing secrets if OAuth/SAML is enabled + if not app_settings.SOCIALACCOUNT_ADMIN_NEEDED: + socialaccount_models.append(("socialaccount", "SocialApp")) + for model in socialaccount_models: model_class = apps.get_model(*model) if admin.site.is_registered(model_class): admin.site.unregister(model_class) diff --git a/openwisp_users/settings.py b/openwisp_users/settings.py index 0b49fb5a..a6eda3d4 100644 --- a/openwisp_users/settings.py +++ b/openwisp_users/settings.py @@ -49,3 +49,12 @@ "openwisp_users.views.AutocompleteJsonView", ), ) + +# if OAuth/SAML is enabled, allow manging keys/secrets +if any( + app.startswith("allauth.socialaccount.providers") for app in settings.INSTALLED_APPS +): # pragma: no cover + SOCIALACCOUNT_ADMIN_NEEDED = True +# otherwise hide the socialaccount admin (not needed) +else: + SOCIALACCOUNT_ADMIN_NEEDED = False