refactor: consolidate scattered SSO code into a dedicated dojo/sso/ package#14765
Merged
Maffooch merged 3 commits intoDefectDojo:devfrom Apr 30, 2026
Merged
refactor: consolidate scattered SSO code into a dedicated dojo/sso/ package#14765Maffooch merged 3 commits intoDefectDojo:devfrom
Maffooch merged 3 commits intoDefectDojo:devfrom
Conversation
SSO-related code (OAuth2, SAML2, OIDC, REMOTE_USER auth) was spread across dojo/middleware.py, dojo/context_processors.py, dojo/settings/settings.dist.py, dojo/user/views.py, dojo/templates/dojo/login.html, dojo/pipeline.py, dojo/remote_user.py, and dojo/settings/attribute-maps/. Move all of it into a single dojo/sso/ package so SSO logic lives in one place. No behavior change: settings names, URLs, and template output are preserved.
github-actions
Bot
added
settings_changes
Maffooch
added
the
affects_pro
Member
valentijnscholten
left a comment
valentijnscholten
left a comment
There was a problem hiding this comment.
Was there any (Smoke) testing done to make sure it works?
Contributor
Author
|
Yes, tested
|
valentijnscholten
approved these changes
Apr 28, 2026
blakeaowens
approved these changes
Apr 29, 2026
Jino-T
approved these changes
Apr 29, 2026
Contributor
|
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
mtesauro
approved these changes
Apr 30, 2026
Contributor
mtesauro
left a comment
mtesauro
left a comment
There was a problem hiding this comment.
Approved
(assumed the merge conflict is sorted out)
# Conflicts: # dojo/settings/settings.dist.py
Contributor
|
Conflicts have been resolved. A maintainer will review the pull request shortly. |
Maffooch
pushed a commit
to devGregA/django-DefectDojo
that referenced
this pull request
Apr 30, 2026
Pulls in 15 upstream commits including: * dojo/sso/ consolidation (DefectDojo#14765) — SSO settings/urls/views/templates/ remote-user moved into a self-contained package. * dojo/notifications/ consolidation (DefectDojo#14767) — notification helper + templates moved into the package, with a new context_processors split. * dojo/github/ consolidation (DefectDojo#14766) — github_issue_link package renamed and reshaped under dojo/github/{models,services,ui,...}. * test_tag_inheritance.py extension (DefectDojo#14771). * Bulk-delete findings extension hook (DefectDojo#14740). * Planned-remediation-version column alignment fix (DefectDojo#14773). * Dependency bumps (datatables.net, gitpython, python-gitlab, pyopenssl, vulners, ruff, postcss). Conflict resolutions worth flagging: * dojo/forms.py — kept dev's reshuffled imports (GITHUB_* models now re-exported via dojo.github.ui.forms; Global_Role moved to dojo.models). Dropped the duplicate Global_Role import; the legacy authorization rewrite still imports from dojo.authorization.models for the rest. * dojo/settings/settings.dist.py — kept tailwind's UIPreferenceLoader chain and APP_DIRS=False, but added a shared _DOJO_EXTRA_TEMPLATE_DIRS list referenced by both TEMPLATES[0]["DIRS"] and the FilesystemLoader so that dojo/sso/settings.py:apply_sso_settings can append the SSO template dir at startup and have it resolved at render time. * dojo/templates/dojo/login.html — Tailwind tree, kept the inline Tailwind-styled SSO buttons rather than dev's {% include "dojo/sso_login_buttons.html" %} (which is Bootstrap-classic flavored and mounted by the SSO consolidation against the classic tree only). * unittests/test_remote_user.py — adopted dev's import path (dojo.sso.remote_user, dojo.models.Dojo_Group_Member). * dojo/api_v2/permissions.py — added a backward-compat shim re-exporting from dojo.authorization.api_permissions because the legacy authorization consolidation deleted the old module but dojo/notifications/api/views.py (new from dev) still imports from the old path. Verified: ruff clean on touched files; manage.py check passes; unittests.test_authorized_users_ui + unittests.authorization + unittests.test_user_ui_timestamps + unittests.test_rest_framework + unittests.test_remote_user all green (1144 tests, 542 skipped).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Code cleanup. SSO-related code (OAuth2, SAML2, OIDC, REMOTE_USER auth) was
previously spread across many shared files. This PR consolidates it into a
single dedicated
dojo/sso/Python package so SSO logic lives in one placeand the surrounding shared files (
dojo/urls.py,dojo/user/views.py,dojo/settings/settings.dist.py,dojo/middleware.py,dojo/context_processors.py,dojo/templates/dojo/login.html) only retainsmall, well-defined seams that hook into
dojo/sso/.No behavior changes — settings names, env-var names, URLs, and template
output are all preserved.
Changes
Files moved into
dojo/sso/:dojo/pipeline.py→dojo/sso/pipeline.pydojo/remote_user.py→dojo/sso/remote_user.pydojo/settings/attribute-maps/→dojo/sso/attribute_maps/Code extracted into new modules under
dojo/sso/:CustomSocialAuthExceptionMiddlewarefromdojo/middleware.py→dojo/sso/middleware.pydojo/context_processors.py→dojo/sso/context_processors.pyconfiguration from
dojo/settings/settings.dist.py→dojo/sso/settings.pydojo/user/views.py→dojo/sso/views.pydojo/templates/dojo/login.html→dojo/sso/templates/dojo/sso_login_buttons.htmlsocial_djangoanddjangosaml2URL routes →dojo/sso/urls.pyOther:
.dryrunsecurity.yamlupdated to reference new pathsunittests/test_remote_user.pyandunittests/test_social_auth_failure_handling.pyupdated for new import paths