From 99dfb2c0e97bce2f8827a6e8eef79b4abb60297a Mon Sep 17 00:00:00 2001 From: Sean Smith Date: Wed, 19 Aug 2020 11:00:50 -0400 Subject: LFID login for both projects Signed-off-by: Sean Smith Change-Id: I4a14dc75d7890a6d395b3f52177a7000ae1a2150 --- config.env.sample | 11 +++++++ src/account/views.py | 43 +++++++++++++++++++++----- src/dashboard/views.py | 6 +++- src/laas_dashboard/settings.py | 28 +++++++++++------ src/templates/akraino/base.html | 20 ------------- src/templates/akraino/dashboard/landing.html | 6 ---- src/templates/base/base.html | 45 ++++++++++++++++++++++------ src/templates/base/dashboard/landing.html | 8 +++-- src/templates/base/dashboard/login.html | 5 ++-- 9 files changed, 115 insertions(+), 57 deletions(-) diff --git a/config.env.sample b/config.env.sample index 137ecb0..5b34217 100644 --- a/config.env.sample +++ b/config.env.sample @@ -22,6 +22,12 @@ DB_PASS=sample_pass DB_SERVICE=postgres DB_PORT=5432 +# tells the dashboard to expect host forwarding from proxy (if using LFID, needs to be True) +EXPECT_HOST_FORWARDING=False + +# string indicating what authorization to deploy with +AUTH_SETTING=choose_auth # LFID or OAUTH + # SECURITY WARNING: keep the secret key used in production secret! SECRET_KEY=http://www.miniwebtool.com/django-secret-key-generator/ @@ -43,6 +49,11 @@ OIDC_AUTHORIZATION_ENDPOINT=https://linuxfoundation-test.auth0.com/authorize OIDC_TOKEN_ENDPOINT=https://linuxfoundation-test.auth0.com/oauth/token OIDC_USER_ENDPOINT=https://linuxfoundation-test.auth0.com/userinfo +CLAIMS_ENDPOINT=https://sso.linuxfoundation.org/claims/ + +OIDC_RP_SIGN_ALGO=RS256 +OIDC_OP_JWKS_ENDPOINT=https://sso.linuxfoundation.org/.well-known/jwks.json + # Rabbitmq RABBITMQ_DEFAULT_USER=opnfv RABBITMQ_DEFAULT_PASS=opnfvopnfv diff --git a/src/account/views.py b/src/account/views.py index f282369..08da918 100644 --- a/src/account/views.py +++ b/src/account/views.py @@ -61,15 +61,44 @@ class AccountSettingsView(UpdateView): class MyOIDCAB(OIDCAuthenticationBackend): def filter_users_by_claims(self, claims): - email = claims.get('email') - if not email: - return self.User.objects.none() + """ + Checks to see if user exists and create user if not + + Linux foundation does not allow users to change their + username, so chose to match users based on their username. + If this changes we will need to match users based on some + other criterea. + """ + username = claims.get(os.environ['CLAIMS_ENDPOINT'] + 'username') + + if not username: + return HttpResponse('No username provided, contact support.') try: - profile = UserProfile.objects.get('email') - return profile - except UserProfile.DoesNotExist: - return self.User.objects.none() + # For literally no (good) reason user needs to be a queryset + user = User.objects.filter(username=username) + return user + except User.DoesNotExist: + return self.UserModel.objects.none() + + def create_user(self, claims): + """ This creates a user and user profile""" + user = super(MyOIDCAB, self).create_user(claims) + user.username = claims.get(os.environ['CLAIMS_ENDPOINT'] + 'username') + user.save() + + up = UserProfile() + up.user = user + up.email_addr = claims.get('email') + up.save() + return user + + def update_user(self, user, claims): + """ If their account has different email, change the email """ + up = UserProfile.objects.get(user=user) + up.email_addr = claims.get('email') + up.save() + return user class JiraLoginView(RedirectView): diff --git a/src/dashboard/views.py b/src/dashboard/views.py index f9a908c..7c85250 100644 --- a/src/dashboard/views.py +++ b/src/dashboard/views.py @@ -22,6 +22,8 @@ from booking.models import Booking from resource_inventory.models import Image, ResourceProfile, ResourceQuery from workflow.workflow_manager import ManagerTracker +import os + def lab_list_view(request): labs = Lab.objects.all() @@ -78,13 +80,15 @@ def landing_view(request): else: bookings = None + LFID = True if os.environ['AUTH_SETTING'] == 'LFID' else False return render( request, 'dashboard/landing.html', { 'manager': manager is not None, 'title': "Welcome to the Lab as a Service Dashboard", - 'bookings': bookings + 'bookings': bookings, + 'LFID': LFID } ) diff --git a/src/laas_dashboard/settings.py b/src/laas_dashboard/settings.py index 92f763f..a32b1c5 100644 --- a/src/laas_dashboard/settings.py +++ b/src/laas_dashboard/settings.py @@ -53,19 +53,29 @@ MIDDLEWARE = [ 'account.middleware.TimezoneMiddleware', ] -AUTHENTICATION_BACKENDS = ['account.views.MyOIDCAB'] +if os.environ['AUTH_SETTING'] == 'LFID': + AUTHENTICATION_BACKENDS = ['account.views.MyOIDCAB'] + # OpenID Authentications + OIDC_RP_CLIENT_ID = os.environ['OIDC_CLIENT_ID'] + OIDC_RP_CLIENT_SECRET = os.environ['OIDC_CLIENT_SECRET'] -# OpenID Authentications -OIDC_RP_CLIENT_ID = os.environ['OIDC_CLIENT_ID'] -OIDC_RP_CLIENT_SECRET = os.environ['OIDC_CLIENT_SECRET'] + OIDC_OP_AUTHORIZATION_ENDPOINT = os.environ['OIDC_AUTHORIZATION_ENDPOINT'] + OIDC_OP_TOKEN_ENDPOINT = os.environ['OIDC_TOKEN_ENDPOINT'] + OIDC_OP_USER_ENDPOINT = os.environ['OIDC_USER_ENDPOINT'] -OIDC_OP_AUTHORIZATION_ENDPOINT = os.environ['OIDC_AUTHORIZATION_ENDPOINT'] -OIDC_OP_TOKEN_ENDPOINT = os.environ['OIDC_TOKEN_ENDPOINT'] -OIDC_OP_USER_ENDPOINT = os.environ['OIDC_USER_ENDPOINT'] + LOGIN_REDIRECT_URL = os.environ['DASHBOARD_URL'] + LOGOUT_REDIRECT_URL = os.environ['DASHBOARD_URL'] -LOGIN_REDIRECT_URL = os.environ['DASHBOARD_URL'] -LOGOUT_REDIRECT_URL = os.environ['DASHBOARD_URL'] + OIDC_RP_SIGN_ALGO = os.environ["OIDC_RP_SIGN_ALGO"] + + if OIDC_RP_SIGN_ALGO == "RS256": + OIDC_OP_JWKS_ENDPOINT = os.environ["OIDC_OP_JWKS_ENDPOINT"] + +# This is for LFID auth setups w/ an HTTPS proxy +if os.environ['EXPECT_HOST_FORWARDING'] == 'True': + SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', "https") + USE_X_FORWARDED_HOST = True ROOT_URLCONF = 'laas_dashboard.urls' diff --git a/src/templates/akraino/base.html b/src/templates/akraino/base.html index b93dcd2..1368476 100644 --- a/src/templates/akraino/base.html +++ b/src/templates/akraino/base.html @@ -22,23 +22,3 @@ {% endblock logo %} {% block dropDown %} {% endblock dropDown %} - -{% block login %} - -{% endblock login %} \ No newline at end of file diff --git a/src/templates/akraino/dashboard/landing.html b/src/templates/akraino/dashboard/landing.html index 39eebb6..5533469 100644 --- a/src/templates/akraino/dashboard/landing.html +++ b/src/templates/akraino/dashboard/landing.html @@ -19,11 +19,5 @@ Book a Pod {% endblock btnGrp %} -{% block biglogin %} -

- To get started, please log in with Linux Foundation ID -

-{% endblock biglogin %} - {% block returningUsers %} {% endblock returningUsers %} diff --git a/src/templates/base/base.html b/src/templates/base/base.html index f86cff8..3ecad1a 100644 --- a/src/templates/base/base.html +++ b/src/templates/base/base.html @@ -44,25 +44,52 @@ {% endif %} - {% block login %} - {% endblock login %} diff --git a/src/templates/base/dashboard/landing.html b/src/templates/base/dashboard/landing.html index 3291606..4ed2ec1 100644 --- a/src/templates/base/dashboard/landing.html +++ b/src/templates/base/dashboard/landing.html @@ -43,11 +43,15 @@

Get Started

{% if request.user.is_anonymous %} - {% block biglogin %} + {% if LFID %} +

+ To get started, please log in with Linux Foundation ID +

+ {% else %}

To get started, please log in with your Linux Foundation Jira account

- {% endblock biglogin %} + {% endif %} {% else %} {% block btnGrp %}

To get started, book a server below:

diff --git a/src/templates/base/dashboard/login.html b/src/templates/base/dashboard/login.html index d3aa4ad..5af201a 100644 --- a/src/templates/base/dashboard/login.html +++ b/src/templates/base/dashboard/login.html @@ -1,8 +1,7 @@ {% extends "base.html" %} {% block content %} -

You Must Login To Do That

- -Login Here +

You Must Login To Do That

+ Login Here {% endblock %} -- cgit 1.2.3-korg