diff --git a/addons/aldryn-sso/aldryn_config.py b/addons/aldryn-sso/aldryn_config.py index 0a7b7df..35809c2 100644 --- a/addons/aldryn-sso/aldryn_config.py +++ b/addons/aldryn-sso/aldryn_config.py @@ -1,134 +1,141 @@ -# -*- coding: utf-8 -*- -from aldryn_client import forms - - -class Form(forms.BaseForm): - hide_user_management = forms.CheckboxField( - 'Hide user management', - required=False, - initial=False, - ) - - def to_settings(self, data, settings): - from functools import partial - from django.core.urlresolvers import reverse_lazy - from aldryn_addons.exceptions import ImproperlyConfigured - from aldryn_addons.utils import boolean_ish - from aldryn_addons.utils import djsenv - - def boolean_ish_or(value, or_values=()): - if value in or_values: - return value - return boolean_ish(value) - - env = partial(djsenv, settings=settings) - - settings['ALDRYN_SSO_HIDE_USER_MANAGEMENT'] = data['hide_user_management'] - - # if the SSO button is the only configured login option: redirect right - # to the login without showing the page. - settings['ALDRYN_SSO_ENABLE_AUTO_SSO_LOGIN'] = boolean_ish( - env('ALDRYN_SSO_ENABLE_AUTO_SSO_LOGIN', True) - ) - - settings['SSO_DSN'] = env('SSO_DSN') - - settings['LOGIN_REDIRECT_URL'] = '/' - - settings['ALDRYN_SSO_ENABLE_SSO_LOGIN'] = boolean_ish( - env( - 'ALDRYN_SSO_ENABLE_SSO_LOGIN', - default=boolean_ish(settings['SSO_DSN']), - ) - ) - - settings['ALDRYN_SSO_ENABLE_LOGIN_FORM'] = boolean_ish( - env( - 'ALDRYN_SSO_ENABLE_LOGIN_FORM', - default=not settings['ALDRYN_SSO_HIDE_USER_MANAGEMENT'], - ) - ) - - settings['ALDRYN_SSO_ENABLE_LOCALDEV'] = boolean_ish( - env( - 'ALDRYN_SSO_ENABLE_LOCALDEV', - default=env('STAGE') == 'local', - ) - ) - - settings['ALDRYN_SSO_ALWAYS_REQUIRE_LOGIN'] = boolean_ish_or( - env( - 'ALDRYN_SSO_ALWAYS_REQUIRE_LOGIN', - default=env('STAGE') == 'test', - ), - or_values=( - 'basicauth', - ) - ) - - settings['ALDRYN_SSO_LOGIN_WHITE_LIST'] = env( - 'ALDRYN_SSO_LOGIN_WHITE_LIST', - default=[] - ) - - settings['ADDON_URLS'].append('aldryn_sso.urls') - settings['ADDON_URLS_I18N'].append('aldryn_sso.urls_i18n') - - # aldryn_sso must be after django.contrib.admin so it can unregister - # the User/Group Admin if necessary. - settings['INSTALLED_APPS'].insert( - settings['INSTALLED_APPS'].index('django.contrib.admin'), - 'aldryn_sso' - ) - - if settings['ALDRYN_SSO_ENABLE_SSO_LOGIN']: - # Expire user session every day because: - # Users can change their data on the SSO server. - # We cannot do a sync of "recently changed" user data due to these reasons: - # - security risk, leaking user data to unauthorized websites, - # - it would require some periodic tasks (celery?), - # - stage websites are being paused during which the sync wouldn't work - settings['CLOUD_USER_SESSION_EXPIRATION'] = 24 * 60 * 60 # 24h = 1day - if not settings['SSO_DSN']: - raise ImproperlyConfigured( - 'ALDRYN_SSO_ENABLE_SSO_LOGIN is True, but no SSO_DSN is set.') - if settings['ALDRYN_SSO_ALWAYS_REQUIRE_LOGIN'] == 'basicauth': - basicauth_user = env('ALDRYN_SSO_BASICAUTH_USER') - basicauth_password = env('ALDRYN_SSO_BASICAUTH_PASSWORD') - if basicauth_user and basicauth_password: - settings['ALDRYN_SSO_BASICAUTH_USER'] = basicauth_user - settings['ALDRYN_SSO_BASICAUTH_PASSWORD'] = basicauth_password - else: - raise ImproperlyConfigured( - 'ALDRYN_SSO_ALWAYS_REQUIRE_LOGIN set to "basicauth", but ALDRYN_SSO_BASICAUTH_USER and ALDRYN_SSO_BASICAUTH_PASSWORD not set' - ) - position = settings['MIDDLEWARE_CLASSES'].index('django.contrib.auth.middleware.AuthenticationMiddleware') + 1 - settings['MIDDLEWARE_CLASSES'].insert(position, 'aldryn_sso.middleware.BasicAuthAccessControlMiddleware') - elif settings['ALDRYN_SSO_ALWAYS_REQUIRE_LOGIN']: - position = settings['MIDDLEWARE_CLASSES'].index('django.contrib.auth.middleware.AuthenticationMiddleware') + 1 - settings['MIDDLEWARE_CLASSES'].insert(position, 'aldryn_sso.middleware.AccessControlMiddleware') - settings['ALDRYN_SSO_LOGIN_WHITE_LIST'].extend([ - reverse_lazy('simple-sso-login'), - reverse_lazy('aldryn_sso_login'), - reverse_lazy('aldryn_sso_localdev_login'), - reverse_lazy('aldryn_localdev_create_user'), - ]) - - if settings['ALDRYN_SSO_ALWAYS_REQUIRE_LOGIN']: - settings['SHARING_VIEW_ONLY_TOKEN_KEY_NAME'] = env('SHARING_VIEW_ONLY_TOKEN_KEY_NAME') - settings['SHARING_VIEW_ONLY_SECRET_TOKEN'] = env('SHARING_VIEW_ONLY_SECRET_TOKEN') - - settings['ALDRYN_SSO_OVERIDE_ADMIN_LOGIN_VIEW'] = env( - 'ALDRYN_SSO_OVERIDE_ADMIN_LOGIN_VIEW', - any([ - settings['ALDRYN_SSO_ENABLE_SSO_LOGIN'], - settings['ALDRYN_SSO_ENABLE_LOGIN_FORM'], - settings['ALDRYN_SSO_ENABLE_LOCALDEV'], - ]) - ) - - if settings['ALDRYN_SSO_OVERIDE_ADMIN_LOGIN_VIEW']: - # configure our combined login view to be the default - settings['LOGIN_URL'] = 'aldryn_sso_login' - # see admin.py for how we force admin to use this view as well - return settings +# -*- coding: utf-8 -*- +from aldryn_client import forms + + +class Form(forms.BaseForm): + hide_user_management = forms.CheckboxField( + 'Hide user management', + required=False, + initial=False, + ) + + def to_settings(self, data, settings): + from functools import partial + from aldryn_addons.exceptions import ImproperlyConfigured + from aldryn_addons.utils import boolean_ish + from aldryn_addons.utils import djsenv + from simple_sso.compat import reverse_lazy + + def boolean_ish_or(value, or_values=()): + if value in or_values: + return value + return boolean_ish(value) + + env = partial(djsenv, settings=settings) + + if settings.get('MIDDLEWARE'): + # Django>=1.10 + MIDDLEWARE = settings['MIDDLEWARE'] + else: + # Django<1.10 + MIDDLEWARE = settings['MIDDLEWARE_CLASSES'] + + settings['ALDRYN_SSO_HIDE_USER_MANAGEMENT'] = data['hide_user_management'] + + # if the SSO button is the only configured login option: redirect right + # to the login without showing the page. + settings['ALDRYN_SSO_ENABLE_AUTO_SSO_LOGIN'] = boolean_ish( + env('ALDRYN_SSO_ENABLE_AUTO_SSO_LOGIN', True) + ) + + settings['SSO_DSN'] = env('SSO_DSN') + + settings['LOGIN_REDIRECT_URL'] = '/' + + settings['ALDRYN_SSO_ENABLE_SSO_LOGIN'] = boolean_ish( + env( + 'ALDRYN_SSO_ENABLE_SSO_LOGIN', + default=boolean_ish(settings['SSO_DSN']), + ) + ) + + settings['ALDRYN_SSO_ENABLE_LOGIN_FORM'] = boolean_ish( + env( + 'ALDRYN_SSO_ENABLE_LOGIN_FORM', + default=not settings['ALDRYN_SSO_HIDE_USER_MANAGEMENT'], + ) + ) + + settings['ALDRYN_SSO_ENABLE_LOCALDEV'] = boolean_ish( + env( + 'ALDRYN_SSO_ENABLE_LOCALDEV', + default=env('STAGE') == 'local', + ) + ) + + settings['ALDRYN_SSO_ALWAYS_REQUIRE_LOGIN'] = boolean_ish_or( + env( + 'ALDRYN_SSO_ALWAYS_REQUIRE_LOGIN', + default=env('STAGE') == 'test', + ), + or_values=( + 'basicauth', + ) + ) + + settings['ALDRYN_SSO_LOGIN_WHITE_LIST'] = env( + 'ALDRYN_SSO_LOGIN_WHITE_LIST', + default=[] + ) + + settings['ADDON_URLS'].append('aldryn_sso.urls') + settings['ADDON_URLS_I18N'].append('aldryn_sso.urls_i18n') + + # aldryn_sso must be after django.contrib.admin so it can unregister + # the User/Group Admin if necessary. + settings['INSTALLED_APPS'].insert( + settings['INSTALLED_APPS'].index('django.contrib.admin'), + 'aldryn_sso' + ) + + if settings['ALDRYN_SSO_ENABLE_SSO_LOGIN']: + # Expire user session every day because: + # Users can change their data on the SSO server. + # We cannot do a sync of "recently changed" user data due to these reasons: + # - security risk, leaking user data to unauthorized websites, + # - it would require some periodic tasks (celery?), + # - stage websites are being paused during which the sync wouldn't work + settings['CLOUD_USER_SESSION_EXPIRATION'] = 24 * 60 * 60 # 24h = 1day + if not settings['SSO_DSN']: + raise ImproperlyConfigured( + 'ALDRYN_SSO_ENABLE_SSO_LOGIN is True, but no SSO_DSN is set.') + if settings['ALDRYN_SSO_ALWAYS_REQUIRE_LOGIN'] == 'basicauth': + basicauth_user = env('ALDRYN_SSO_BASICAUTH_USER') + basicauth_password = env('ALDRYN_SSO_BASICAUTH_PASSWORD') + if basicauth_user and basicauth_password: + settings['ALDRYN_SSO_BASICAUTH_USER'] = basicauth_user + settings['ALDRYN_SSO_BASICAUTH_PASSWORD'] = basicauth_password + else: + raise ImproperlyConfigured( + 'ALDRYN_SSO_ALWAYS_REQUIRE_LOGIN set to "basicauth", but ALDRYN_SSO_BASICAUTH_USER and ALDRYN_SSO_BASICAUTH_PASSWORD not set' + ) + position = MIDDLEWARE.index('django.contrib.auth.middleware.AuthenticationMiddleware') + 1 + MIDDLEWARE.insert(position, 'aldryn_sso.middleware.BasicAuthAccessControlMiddleware') + elif settings['ALDRYN_SSO_ALWAYS_REQUIRE_LOGIN']: + position = MIDDLEWARE.index('django.contrib.auth.middleware.AuthenticationMiddleware') + 1 + MIDDLEWARE.insert(position, 'aldryn_sso.middleware.AccessControlMiddleware') + settings['ALDRYN_SSO_LOGIN_WHITE_LIST'].extend([ + reverse_lazy('simple-sso-login'), + reverse_lazy('aldryn_sso_login'), + reverse_lazy('aldryn_sso_localdev_login'), + reverse_lazy('aldryn_localdev_create_user'), + ]) + + if settings['ALDRYN_SSO_ALWAYS_REQUIRE_LOGIN']: + settings['SHARING_VIEW_ONLY_TOKEN_KEY_NAME'] = env('SHARING_VIEW_ONLY_TOKEN_KEY_NAME') + settings['SHARING_VIEW_ONLY_SECRET_TOKEN'] = env('SHARING_VIEW_ONLY_SECRET_TOKEN') + + settings['ALDRYN_SSO_OVERIDE_ADMIN_LOGIN_VIEW'] = env( + 'ALDRYN_SSO_OVERIDE_ADMIN_LOGIN_VIEW', + any([ + settings['ALDRYN_SSO_ENABLE_SSO_LOGIN'], + settings['ALDRYN_SSO_ENABLE_LOGIN_FORM'], + settings['ALDRYN_SSO_ENABLE_LOCALDEV'], + ]) + ) + + if settings['ALDRYN_SSO_OVERIDE_ADMIN_LOGIN_VIEW']: + # configure our combined login view to be the default + settings['LOGIN_URL'] = 'aldryn_sso_login' + # see admin.py for how we force admin to use this view as well + return settings \ No newline at end of file diff --git a/requirements.in b/requirements.in index 6c24572..76a1bda 100644 --- a/requirements.in +++ b/requirements.in @@ -1,7 +1,7 @@ # # Warning: text inside the INSTALLED_ADDONS tags is auto-generated. Manual changes will be overwritten. https://control.divio.com/api/v1/apps/serve/aldryn-addons/1.0.2/24f5d1c8-66fe-43b2-a540-17d61045a72b/aldryn-addons-1.0.2.tar.gz#egg=aldryn-addons==1.0.2 https://control.divio.com/api/v1/apps/serve/aldryn-django/1.11.15.1/f9e543d2-3127-4458-b0f5-d69d282bf0ac/aldryn-django-1.11.15.1.tar.gz#egg=aldryn-django==1.11.15.1 -https://control.divio.com/api/v1/apps/serve/aldryn-sso/1.1.16/dbe0c45a-c981-4beb-8624-b0d2c4196aa0/aldryn-sso-1.1.16.tar.gz#egg=aldryn-sso==1.1.16 +https://control.divio.com/api/v1/apps/serve/aldryn-sso/1.3.1/f6351558-64b2-4205-b407-cd49b6372463/aldryn-sso-1.3.1.tar.gz#egg=aldryn-sso==1.3.1 https://control.divio.com/api/v1/apps/serve/aldryn-django-cms/3.5.2.2/88bf7991-90a3-4c98-acf5-42c3fa14e2a4/aldryn-django-cms-3.5.2.2.tar.gz#egg=aldryn-django-cms==3.5.2.2 https://control.divio.com/api/v1/apps/serve/aldryn-forms/3.0.4/7e972f96-36f6-484b-96c7-bce255b87aa9/aldryn-forms-3.0.4.tar.gz#egg=aldryn-forms==3.0.4 https://control.divio.com/api/v1/apps/serve/aldryn-google-analytics/1.0.1/9fa37058-cd43-418c-9e06-b81c17b6bdfb/aldryn-google-analytics-1.0.1.tar.gz#egg=aldryn-google-analytics==1.0.1