From 8d30db0e838b0dca48d727b5bb11f11e334276e9 Mon Sep 17 00:00:00 2001 From: Simon Caminada Date: Wed, 21 Mar 2018 16:30:24 +0000 Subject: [PATCH] install aldryn-sso 1.1.16 --- addons/aldryn-sso/addon.json | 4 + addons/aldryn-sso/aldryn_config.py | 134 +++++++++++++++++++++++++++++ addons/aldryn-sso/settings.json | 3 + requirements.in | 1 + settings.py | 1 + 5 files changed, 143 insertions(+) create mode 100644 addons/aldryn-sso/addon.json create mode 100644 addons/aldryn-sso/aldryn_config.py create mode 100644 addons/aldryn-sso/settings.json diff --git a/addons/aldryn-sso/addon.json b/addons/aldryn-sso/addon.json new file mode 100644 index 0000000..a14ed8f --- /dev/null +++ b/addons/aldryn-sso/addon.json @@ -0,0 +1,4 @@ +{ + "installed-apps": [], + "package-name": "aldryn-sso" +} \ No newline at end of file diff --git a/addons/aldryn-sso/aldryn_config.py b/addons/aldryn-sso/aldryn_config.py new file mode 100644 index 0000000..0a7b7df --- /dev/null +++ b/addons/aldryn-sso/aldryn_config.py @@ -0,0 +1,134 @@ +# -*- coding: utf-8 -*- +from aldryn_client import forms + + +class Form(forms.BaseForm): + hide_user_management = forms.CheckboxField( + 'Hide user management', + required=False, + initial=False, + ) + + def to_settings(self, data, settings): + from functools import partial + from django.core.urlresolvers import reverse_lazy + from aldryn_addons.exceptions import ImproperlyConfigured + from aldryn_addons.utils import boolean_ish + from aldryn_addons.utils import djsenv + + def boolean_ish_or(value, or_values=()): + if value in or_values: + return value + return boolean_ish(value) + + env = partial(djsenv, settings=settings) + + settings['ALDRYN_SSO_HIDE_USER_MANAGEMENT'] = data['hide_user_management'] + + # if the SSO button is the only configured login option: redirect right + # to the login without showing the page. + settings['ALDRYN_SSO_ENABLE_AUTO_SSO_LOGIN'] = boolean_ish( + env('ALDRYN_SSO_ENABLE_AUTO_SSO_LOGIN', True) + ) + + settings['SSO_DSN'] = env('SSO_DSN') + + settings['LOGIN_REDIRECT_URL'] = '/' + + settings['ALDRYN_SSO_ENABLE_SSO_LOGIN'] = boolean_ish( + env( + 'ALDRYN_SSO_ENABLE_SSO_LOGIN', + default=boolean_ish(settings['SSO_DSN']), + ) + ) + + settings['ALDRYN_SSO_ENABLE_LOGIN_FORM'] = boolean_ish( + env( + 'ALDRYN_SSO_ENABLE_LOGIN_FORM', + default=not settings['ALDRYN_SSO_HIDE_USER_MANAGEMENT'], + ) + ) + + settings['ALDRYN_SSO_ENABLE_LOCALDEV'] = boolean_ish( + env( + 'ALDRYN_SSO_ENABLE_LOCALDEV', + default=env('STAGE') == 'local', + ) + ) + + settings['ALDRYN_SSO_ALWAYS_REQUIRE_LOGIN'] = boolean_ish_or( + env( + 'ALDRYN_SSO_ALWAYS_REQUIRE_LOGIN', + default=env('STAGE') == 'test', + ), + or_values=( + 'basicauth', + ) + ) + + settings['ALDRYN_SSO_LOGIN_WHITE_LIST'] = env( + 'ALDRYN_SSO_LOGIN_WHITE_LIST', + default=[] + ) + + settings['ADDON_URLS'].append('aldryn_sso.urls') + settings['ADDON_URLS_I18N'].append('aldryn_sso.urls_i18n') + + # aldryn_sso must be after django.contrib.admin so it can unregister + # the User/Group Admin if necessary. + settings['INSTALLED_APPS'].insert( + settings['INSTALLED_APPS'].index('django.contrib.admin'), + 'aldryn_sso' + ) + + if settings['ALDRYN_SSO_ENABLE_SSO_LOGIN']: + # Expire user session every day because: + # Users can change their data on the SSO server. + # We cannot do a sync of "recently changed" user data due to these reasons: + # - security risk, leaking user data to unauthorized websites, + # - it would require some periodic tasks (celery?), + # - stage websites are being paused during which the sync wouldn't work + settings['CLOUD_USER_SESSION_EXPIRATION'] = 24 * 60 * 60 # 24h = 1day + if not settings['SSO_DSN']: + raise ImproperlyConfigured( + 'ALDRYN_SSO_ENABLE_SSO_LOGIN is True, but no SSO_DSN is set.') + if settings['ALDRYN_SSO_ALWAYS_REQUIRE_LOGIN'] == 'basicauth': + basicauth_user = env('ALDRYN_SSO_BASICAUTH_USER') + basicauth_password = env('ALDRYN_SSO_BASICAUTH_PASSWORD') + if basicauth_user and basicauth_password: + settings['ALDRYN_SSO_BASICAUTH_USER'] = basicauth_user + settings['ALDRYN_SSO_BASICAUTH_PASSWORD'] = basicauth_password + else: + raise ImproperlyConfigured( + 'ALDRYN_SSO_ALWAYS_REQUIRE_LOGIN set to "basicauth", but ALDRYN_SSO_BASICAUTH_USER and ALDRYN_SSO_BASICAUTH_PASSWORD not set' + ) + position = settings['MIDDLEWARE_CLASSES'].index('django.contrib.auth.middleware.AuthenticationMiddleware') + 1 + settings['MIDDLEWARE_CLASSES'].insert(position, 'aldryn_sso.middleware.BasicAuthAccessControlMiddleware') + elif settings['ALDRYN_SSO_ALWAYS_REQUIRE_LOGIN']: + position = settings['MIDDLEWARE_CLASSES'].index('django.contrib.auth.middleware.AuthenticationMiddleware') + 1 + settings['MIDDLEWARE_CLASSES'].insert(position, 'aldryn_sso.middleware.AccessControlMiddleware') + settings['ALDRYN_SSO_LOGIN_WHITE_LIST'].extend([ + reverse_lazy('simple-sso-login'), + reverse_lazy('aldryn_sso_login'), + reverse_lazy('aldryn_sso_localdev_login'), + reverse_lazy('aldryn_localdev_create_user'), + ]) + + if settings['ALDRYN_SSO_ALWAYS_REQUIRE_LOGIN']: + settings['SHARING_VIEW_ONLY_TOKEN_KEY_NAME'] = env('SHARING_VIEW_ONLY_TOKEN_KEY_NAME') + settings['SHARING_VIEW_ONLY_SECRET_TOKEN'] = env('SHARING_VIEW_ONLY_SECRET_TOKEN') + + settings['ALDRYN_SSO_OVERIDE_ADMIN_LOGIN_VIEW'] = env( + 'ALDRYN_SSO_OVERIDE_ADMIN_LOGIN_VIEW', + any([ + settings['ALDRYN_SSO_ENABLE_SSO_LOGIN'], + settings['ALDRYN_SSO_ENABLE_LOGIN_FORM'], + settings['ALDRYN_SSO_ENABLE_LOCALDEV'], + ]) + ) + + if settings['ALDRYN_SSO_OVERIDE_ADMIN_LOGIN_VIEW']: + # configure our combined login view to be the default + settings['LOGIN_URL'] = 'aldryn_sso_login' + # see admin.py for how we force admin to use this view as well + return settings diff --git a/addons/aldryn-sso/settings.json b/addons/aldryn-sso/settings.json new file mode 100644 index 0000000..ee9951b --- /dev/null +++ b/addons/aldryn-sso/settings.json @@ -0,0 +1,3 @@ +{ + "hide_user_management": false +} \ No newline at end of file diff --git a/requirements.in b/requirements.in index d243675..94ac202 100644 --- a/requirements.in +++ b/requirements.in @@ -1,6 +1,7 @@ # # Warning: text inside the INSTALLED_ADDONS tags is auto-generated. Manual changes will be overwritten. https://control.divio.com/api/v1/apps/serve/aldryn-addons/1.0.2/24f5d1c8-66fe-43b2-a540-17d61045a72b/aldryn-addons-1.0.2.tar.gz#egg=aldryn-addons==1.0.2 https://control.divio.com/api/v1/apps/serve/aldryn-django/1.11.11.1/002e1533-c0b2-41c6-9384-60594e7afeed/aldryn-django-1.11.11.1.tar.gz#egg=aldryn-django==1.11.11.1 +https://control.divio.com/api/v1/apps/serve/aldryn-sso/1.1.16/dbe0c45a-c981-4beb-8624-b0d2c4196aa0/aldryn-sso-1.1.16.tar.gz#egg=aldryn-sso==1.1.16 https://control.divio.com/api/v1/apps/serve/aldryn-django-cms/3.5.1.3/2dd6f80a-825c-4aaf-b37f-519a6c46108e/aldryn-django-cms-3.5.1.3.tar.gz#egg=aldryn-django-cms==3.5.1.3 https://control.divio.com/api/v1/apps/serve/aldryn-forms/2.2.8/fbefab76-74bf-445a-8288-7937b5750aa4/aldryn-forms-2.2.8.tar.gz#egg=aldryn-forms==2.2.8 https://control.divio.com/api/v1/apps/serve/djangocms-history/0.5.3/05803675-6e8d-4637-b14b-1bb8d18b24b3/djangocms-history-0.5.3.tar.gz#egg=djangocms-history==0.5.3 diff --git a/settings.py b/settings.py index e48fab7..345f76e 100644 --- a/settings.py +++ b/settings.py @@ -6,6 +6,7 @@ INSTALLED_ADDONS = [ # # Warning: text inside the INSTALLED_ADDONS tags is auto-generated. Manual changes will be overwritten. 'aldryn-addons', 'aldryn-django', + 'aldryn-sso', 'aldryn-django-cms', 'aldryn-forms', 'djangocms-history',