diff options
-rw-r--r-- | config.env.sample | 8 | ||||
-rw-r--r-- | requirements.txt | 1 | ||||
-rw-r--r-- | src/account/tasks.py | 5 | ||||
-rw-r--r-- | src/account/views.py | 21 | ||||
-rw-r--r-- | src/laas_dashboard/settings.py | 17 | ||||
-rw-r--r-- | src/laas_dashboard/urls.py | 3 | ||||
-rw-r--r-- | src/templates/akraino/base.html | 20 | ||||
-rw-r--r-- | src/templates/akraino/dashboard/landing.html | 7 | ||||
-rw-r--r-- | src/templates/base/base.html | 2 | ||||
-rw-r--r-- | src/templates/base/dashboard/landing.html | 2 | ||||
-rw-r--r-- | src/workflow/models.py | 2 |
11 files changed, 84 insertions, 4 deletions
diff --git a/config.env.sample b/config.env.sample index fadf0ed..137ecb0 100644 --- a/config.env.sample +++ b/config.env.sample @@ -35,6 +35,14 @@ JIRA_URL=sample_url JIRA_USER_NAME=sample_jira_user JIRA_USER_PASSWORD=sample_jira_pass +# LFID +OIDC_CLIENT_ID=sample_id +OIDC_CLIENT_SECRET=sample_secret + +OIDC_AUTHORIZATION_ENDPOINT=https://linuxfoundation-test.auth0.com/authorize +OIDC_TOKEN_ENDPOINT=https://linuxfoundation-test.auth0.com/oauth/token +OIDC_USER_ENDPOINT=https://linuxfoundation-test.auth0.com/userinfo + # Rabbitmq RABBITMQ_DEFAULT_USER=opnfv RABBITMQ_DEFAULT_PASS=opnfvopnfv diff --git a/requirements.txt b/requirements.txt index 7e2fbd1..b34dd1e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -15,3 +15,4 @@ requests==2.22.0 django-fernet-fields==0.6 pyyaml==3.13 pytz==2018.5 +mozilla-django-oidc==1.2.3 diff --git a/src/account/tasks.py b/src/account/tasks.py index fe51974..53fbaf5 100644 --- a/src/account/tasks.py +++ b/src/account/tasks.py @@ -26,7 +26,10 @@ def sync_jira_accounts(): except JIRAError: # User can be anonymous (local django admin account) continue - user.email = user_dict['emailAddress'] + try: + user.email = user_dict['emailAddress'] + except: + pass user.userprofile.url = user_dict['self'] user.userprofile.full_name = user_dict['displayName'] diff --git a/src/account/views.py b/src/account/views.py index d1cc813..912a432 100644 --- a/src/account/views.py +++ b/src/account/views.py @@ -28,6 +28,7 @@ from django.views.generic import RedirectView, TemplateView, UpdateView from django.shortcuts import render from jira import JIRA from rest_framework.authtoken.models import Token +from mozilla_django_oidc.auth import OIDCAuthenticationBackend from account.forms import AccountSettingsForm @@ -58,6 +59,20 @@ class AccountSettingsView(UpdateView): return context +class MyOIDCAB(OIDCAuthenticationBackend): + def filter_users_by_claims(self, claims): + email = claims.get(email=email) + if not email: + return self.UserModel.objects.none() + + try: + profile = Profile.objects.get(email=email) + return profile.user + + except Profile.DoesNotExist: + return self.UserModel.objects.none() + + class JiraLoginView(RedirectView): def get_redirect_url(self, *args, **kwargs): consumer = oauth.Consumer(settings.OAUTH_CONSUMER_KEY, settings.OAUTH_CONSUMER_SECRET) @@ -127,7 +142,11 @@ class JiraAuthenticatedView(RedirectView): jira = JIRA(server=settings.JIRA_URL, oauth=oauth_dict) username = jira.current_user() - email = jira.user(username).emailAddress + email = "" + try: + email = jira.user(username).emailAddress + except: + email = "" url = '/' # Step 3. Lookup the user or create them if they don't exist. try: diff --git a/src/laas_dashboard/settings.py b/src/laas_dashboard/settings.py index 62fc9ec..0b23960 100644 --- a/src/laas_dashboard/settings.py +++ b/src/laas_dashboard/settings.py @@ -30,6 +30,7 @@ INSTALLED_APPS = [ 'api', 'django.contrib.admin', 'django.contrib.auth', + 'mozilla_django_oidc', # needs to be defined after auth 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', @@ -37,7 +38,7 @@ INSTALLED_APPS = [ 'django.contrib.humanize', 'bootstrap4', 'rest_framework', - 'rest_framework.authtoken' + 'rest_framework.authtoken', ] MIDDLEWARE = [ @@ -51,6 +52,20 @@ MIDDLEWARE = [ 'account.middleware.TimezoneMiddleware', ] +AUTHENTICATION_BACKENDS = ['account.views.MyOIDCAB'] + + +# OpenID Authentications +OIDC_RP_CLIENT_ID = os.environ['OIDC_CLIENT_ID'] +OIDC_RP_CLIENT_SECRET = os.environ['OIDC_CLIENT_SECRET'] + +OIDC_OP_AUTHORIZATION_ENDPOINT = os.environ['OIDC_AUTHORIZATION_ENDPOINT'] +OIDC_OP_TOKEN_ENDPOINT = os.environ['OIDC_TOKEN_ENDPOINT'] +OIDC_OP_USER_ENDPOINT = os.environ['OIDC_USER_ENDPOINT'] + +LOGIN_REDIRECT_URL = os.environ['DASHBOARD_URL'] +LOGOUT_REDIRECT_URL = os.environ['DASHBOARD_URL'] + ROOT_URLCONF = 'laas_dashboard.urls' TEMPLATE_OVERRIDE = os.environ.get("TEMPLATE_OVERRIDE_DIR", "") # the user's custom template dir diff --git a/src/laas_dashboard/urls.py b/src/laas_dashboard/urls.py index 17cbe84..7a37d7e 100644 --- a/src/laas_dashboard/urls.py +++ b/src/laas_dashboard/urls.py @@ -41,7 +41,8 @@ urlpatterns = [ url(r'^admin/', admin.site.urls), url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')), url(r'^api/', include('api.urls')), - url(r'^messages/', include('notifier.urls', namespace='notifier')) + url(r'^messages/', include('notifier.urls', namespace='notifier')), + url(r'^oidc/', include('mozilla_django_oidc.urls')), ] if settings.DEBUG is True: diff --git a/src/templates/akraino/base.html b/src/templates/akraino/base.html index 1368476..b93dcd2 100644 --- a/src/templates/akraino/base.html +++ b/src/templates/akraino/base.html @@ -22,3 +22,23 @@ {% endblock logo %} {% block dropDown %} {% endblock dropDown %} + +{% block login %} + <div class="dropdown-menu dropdown-menu-right"> + {% if user.is_authenticated %} + <a href="{% url 'account:settings' %}" class="text-dark dropdown-item"> + <i class="fas fa-cog"></i> + Settings + </a> + <a href="{% url 'oidc_logout' %}" class="text-dark dropdown-item"> + <i class="fas fa-sign-out-alt"></i> + Logout + </a> + {% else %} + <a href="{% url 'oidc_authentication_init' %}" class="text-dark dropdown-item"> + <i class="fas fa-sign-in-alt"></i> + Login with LFID + </a> + {% endif %} + </div> +{% endblock login %}
\ No newline at end of file diff --git a/src/templates/akraino/dashboard/landing.html b/src/templates/akraino/dashboard/landing.html index d7f434b..39eebb6 100644 --- a/src/templates/akraino/dashboard/landing.html +++ b/src/templates/akraino/dashboard/landing.html @@ -18,5 +18,12 @@ <p>To get started, book a pod below:</p> <a class="btn btnAkr btn-lg d-flex flex-column justify-content-center align-content-center border text-white p-4" href="/booking/quick/">Book a Pod</a> {% endblock btnGrp %} + +{% block biglogin %} +<h4 class="text-center"> + To get started, please log in with <a href="{% url 'oidc_authentication_init' %}"> Linux Foundation ID</a> +</h4> +{% endblock biglogin %} + {% block returningUsers %} {% endblock returningUsers %} diff --git a/src/templates/base/base.html b/src/templates/base/base.html index cc6d38d..f86cff8 100644 --- a/src/templates/base/base.html +++ b/src/templates/base/base.html @@ -44,6 +44,7 @@ {% endif %} <i class="fas fa-caret-down rotate"></i> </a> + {% block login %} <div class="dropdown-menu dropdown-menu-right"> {% if user.is_authenticated %} <a href="{% url 'account:settings' %}" class="text-dark dropdown-item"> @@ -61,6 +62,7 @@ </a> {% endif %} </div> + {% endblock login %} </li> </ul> </div> diff --git a/src/templates/base/dashboard/landing.html b/src/templates/base/dashboard/landing.html index dd09dc4..c46b0fa 100644 --- a/src/templates/base/dashboard/landing.html +++ b/src/templates/base/dashboard/landing.html @@ -28,9 +28,11 @@ <div class="col-12 col-lg-6 mb-4"> <h2 class="border-bottom">Get Started</h2> {% if request.user.is_anonymous %} + {% block biglogin %} <h4 class="text-center"> To get started, please log in with your <a href="/accounts/login">Linux Foundation Jira account</a> </h4> + {% endblock biglogin %} {% else %} {% block btnGrp %} <p>To get started, book a server below:</p> diff --git a/src/workflow/models.py b/src/workflow/models.py index 4a5616e..f550a38 100644 --- a/src/workflow/models.py +++ b/src/workflow/models.py @@ -11,6 +11,7 @@ from django.template.loader import get_template from django.http import HttpResponse from django.utils import timezone +from django.db import transaction import yaml import requests @@ -559,6 +560,7 @@ class Repository(): self.el[self.RESULT] = bundle return False + @transaction.atomic # TODO: Rewrite transactions with savepoints at user level for all workflows def make_booking(self): models = self.el[self.BOOKING_MODELS] owner = self.el[self.SESSION_USER] |