Move oidc url to api/oidc. This makes proxypass routing simpler.

Issue: GREG-36

gregsite/settings/base.py

@@ -74,11 +74,16 @@ AUTHENTICATION_BACKENDS = [
 SESAME_MAX_AGE = 600  # lifetime of token in seconds
 SESSION_COOKIE_AGE = 1800  # lifetime of session in seconds
 
-#CSRF_COOKIE_SAMESITE = "Strict"
-#SESSION_COOKIE_SAMESITE = "Strict"
+
+CSRF_COOKIE_SAMESITE = "Strict"
+SESSION_COOKIE_SAMESITE = "Strict"
 #CSRF_COOKIE_HTTPONLY = True
 #SESSION_COOKIE_HTTPONLY = True
 
+# Enable these in production
+#CSRF_COOKIE_SECURE = True
+#SESSION_COOKIE_SECURE = True
+
 REST_FRAMEWORK = {
     "DEFAULT_VERSIONING_CLASS": "rest_framework.versioning.NamespaceVersioning",
     "DEFAULT_VERSION": "v1",

gregsite/settings/dev.py

@@ -23,3 +23,8 @@ AUTHENTICATION_BACKENDS = [
 
 LOGIN_REDIRECT_URL = "http://localhost:3000/"
 LOGOUT_REDIRECT_URL = "http://localhost:3000/"
+
+CSRF_COOKIE_SAMESITE = "Strict"
+SESSION_COOKIE_SAMESITE = "Lax"
+#CSRF_COOKIE_HTTPONLY = True
+#SESSION_COOKIE_HTTPONLY = True

gregsite/urls.py

@@ -22,8 +22,8 @@ from gregui import urls as ui_urls
 admin.autodiscover()
 
 urlpatterns = [
-    path("admin/", admin.site.urls),
+    path("api/admin/", admin.site.urls),
     path("", include(greg_urls.urlpatterns)),
     path("", include(ui_urls.urlpatterns)),
-    path("oidc/", include("mozilla_django_oidc.urls")),
+    path("api/oidc/", include("mozilla_django_oidc.urls")),
 ]

gregui/urls.py

@@ -19,5 +19,5 @@ urlpatterns: List[URLResolver] = [
     path("api/ui/v1/session/", views.SessionView.as_view(), name="api-session"),
     path("api/ui/v1/whoami/", views.WhoAmIView.as_view(), name="api-whoami"),
     path("api/ui/v1/token/<email>", TokenCreationView.as_view()),
-    path("userinfo/", UserInfoView.as_view()),  # type: ignore
+    path("api/ui/v1/userinfo/", UserInfoView.as_view()),  # type: ignore
 ]