Merge branch 'release/1.28.0'

WikiWatershed · Apr 21, 2020 · 45fcce5 · 45fcce5
2 parents c79be7f + 76dbc86
commit 45fcce5
Show file tree

Hide file tree

Showing 29 changed files with 361 additions and 129 deletions.
diff --git a/deployment/ansible/group_vars/all b/deployment/ansible/group_vars/all
@@ -51,6 +51,7 @@ nginx_cache_dir: "/var/cache/nginx"
 
 enabled_features: ''
 
+llvmlite_version: "0.31.0"
 numba_version: "0.38.1"
 phantomjs_version: "2.1.*"
 

diff --git a/deployment/ansible/group_vars/development b/deployment/ansible/group_vars/development
@@ -22,6 +22,8 @@ celery_processes_per_worker: 1
 itsi_base_url: "https://learn.staging.concord.org/"
 itsi_secret_key: "{{ lookup('env', 'MMW_ITSI_SECRET_KEY') }}"
 
+concord_secret_key: "{{ lookup('env', 'MMW_CONCORD_SECRET_KEY') }}"
+
 hydroshare_base_url: "https://beta.hydroshare.org/"
 hydroshare_secret_key: "{{ lookup('env', 'MMW_HYDROSHARE_SECRET_KEY') }}"
 

diff --git a/deployment/ansible/group_vars/packer b/deployment/ansible/group_vars/packer
@@ -4,6 +4,8 @@ django_settings_module: "mmw.settings.production"
 itsi_base_url: ""
 itsi_secret_key: ""
 
+concord_secret_key: ""
+
 hydroshare_base_url: ""
 hydroshare_secret_key: ""
 

diff --git a/deployment/ansible/group_vars/test b/deployment/ansible/group_vars/test
@@ -19,6 +19,8 @@ celery_processes_per_worker: 1
 itsi_base_url: "https://learn.staging.concord.org/"
 itsi_secret_key: "{{ lookup('env', 'MMW_ITSI_SECRET_KEY') }}"
 
+concord_secret_key: "{{ lookup('env', 'MMW_CONCORD_SECRET_KEY') }}"
+
 hydroshare_base_url: "https://beta.hydroshare.org/"
 hydroshare_secret_key: "{{ lookup('env', 'MMW_HYDROSHARE_SECRET_KEY') }}"
 

diff --git a/deployment/ansible/roles/model-my-watershed.app/tasks/dependencies.yml b/deployment/ansible/roles/model-my-watershed.app/tasks/dependencies.yml
@@ -1,6 +1,9 @@
 ---
 - name: Install numba
-  pip: name=numba version={{ numba_version }}
+  pip: name="{{ item.name }}" version={{ item.version }} state=present
+  with_items:
+    - { name: "llvmlite", version: "{{ llvmlite_version }}" }
+    - { name: "numba", version: "{{ numba_version }}" }
 
 - name: Install application Python dependencies for development and test
   pip: requirements="{{ app_home }}/requirements/{{ item }}.txt"

diff --git a/deployment/ansible/roles/model-my-watershed.base/defaults/main.yml b/deployment/ansible/roles/model-my-watershed.base/defaults/main.yml
@@ -16,6 +16,7 @@ envdir_config:
   MMW_ITSI_CLIENT_ID: "{{ itsi_client_id }}"
   MMW_ITSI_SECRET_KEY: "{{ itsi_secret_key }}"
   MMW_ITSI_BASE_URL: "{{ itsi_base_url }}"
+  MMW_CONCORD_SECRET_KEY: "{{ concord_secret_key }}"
   MMW_HYDROSHARE_CLIENT_ID: "{{ hydroshare_client_id }}"
   MMW_HYDROSHARE_SECRET_KEY: "{{ hydroshare_secret_key }}"
   MMW_HYDROSHARE_BASE_URL: "{{ hydroshare_base_url }}"

diff --git a/deployment/ansible/roles/model-my-watershed.celery-worker/tasks/celery-service.yml b/deployment/ansible/roles/model-my-watershed.celery-worker/tasks/celery-service.yml
@@ -13,5 +13,5 @@
   cron:
     name: celery-restart
     special_time: daily
-    job: service celeryd restart
+    job: /usr/sbin/service celeryd restart
     state: present
diff --git a/deployment/ansible/roles/model-my-watershed.celery-worker/tasks/dependencies.yml b/deployment/ansible/roles/model-my-watershed.celery-worker/tasks/dependencies.yml
@@ -1,6 +1,9 @@
 ---
 - name: Install numba
-  pip: name=numba version={{ numba_version }}
+  pip: name="{{ item.name }}" version={{ item.version }} state=present
+  with_items:
+    - { name: "llvmlite", version: "{{ llvmlite_version }}" }
+    - { name: "numba", version: "{{ numba_version }}" }
 
 - name: Install application Python dependencies for development and test
   pip: requirements="{{ app_home }}/requirements/{{ item }}.txt"

diff --git a/deployment/cfn/application.py b/deployment/cfn/application.py
@@ -64,6 +64,7 @@ class Application(StackNode):
             'TileDeliveryNetwork:GreenTileServerDistributionEndpoint'],
         'ITSIBaseURL': ['global:ITSIBaseURL'],
         'ITSISecretKey': ['global:ITSISecretKey'],
+        'ConcordSecretKey': ['global:ConcordSecretKey'],
         'HydroShareBaseURL': ['global:HydroShareBaseURL'],
         'HydroShareSecretKey': ['global:HydroShareSecretKey'],
         'SRATCatchmentAPIURL': ['global:SRATCatchmentAPIURL'],
@@ -240,6 +241,11 @@ def set_up_stack(self):
             Description='Secret key for ITSI portal integration'
         ), 'ITSISecretKey')
 
+        self.concord_secret_key = self.add_parameter(Parameter(
+            'ConcordSecretKey', Type='String', NoEcho=True,
+            Description='Secret key for Concord OAuth integration'
+        ), 'ConcordSecretKey')
+
         self.hydroshare_base_url = self.add_parameter(Parameter(
             'HydroShareBaseURL', Type='String',
             Description='Base URL for HydroShare portal'
@@ -614,6 +620,10 @@ def get_cloud_config(self, tile_distribution_endpoint):
                 '    permissions: 0750\n',
                 '    owner: root:mmw\n',
                 '    content: ', Ref(self.itsi_secret_key), '\n',
+                '  - path: /etc/mmw.d/env/MMW_CONCORD_SECRET_KEY\n',
+                '    permissions: 0750\n',
+                '    owner: root:mmw\n',
+                '    content: ', Ref(self.concord_secret_key), '\n',
                 '  - path: /etc/mmw.d/env/MMW_HYDROSHARE_BASE_URL\n',
                 '    permissions: 0750\n',
                 '    owner: root:mmw\n',

diff --git a/deployment/default.yml.example b/deployment/default.yml.example
@@ -64,6 +64,7 @@ WorkerAutoScalingScheduleEndCapacity: '0'
 WorkerAutoScalingScheduleEndRecurrence: '0 1 * * *'
 ITSIBaseURL: ''
 ITSISecretKey: ''
+ConcordSecretKey: ''
 HydroShareBaseURL: ''
 HydroShareSecretKey: ''
 SRATCatchmentAPIURL: ''

diff --git a/src/mmw/apps/home/views.py b/src/mmw/apps/home/views.py
@@ -354,7 +354,7 @@ def get_client_settings(request):
             'mapshed_max_area': settings.GWLFE_CONFIG['MaxAoIArea'],
             'data_catalog_enabled': bigcz,
             'data_catalog_page_size': settings.BIGCZ_CLIENT_PAGE_SIZE,
-            'itsi_enabled': not bigcz,
+            'sso_enabled': not bigcz,
             'title': title,
             'api_token': get_api_token(),
             'choices': {

diff --git a/src/mmw/apps/user/backends.py b/src/mmw/apps/user/backends.py
@@ -2,22 +2,29 @@
 from django.core.exceptions import ObjectDoesNotExist
 from django.contrib.auth.models import User
 
-from apps.user.models import ItsiUser
+from apps.user.models import ItsiUser, ConcordUser
 
 
-class ItsiAuthenticationBackend(object):
+class SSOAuthenticationBackend(object):
     """
-    A custom authentication back-end for ITSI Portal.
+    A custom authentication back-end for Single Sign On providers.
 
-    Before we can call django.contrib.auth.login on an ITSI user, we must first
+    Before we can call django.contrib.auth.login on an SSO user, we must first
     authenticate them. This must be done using a custom authentication back-
     end, which sets the backend attribute on the user model.
+
+    This class should be instantiated with an SSO provider user model, such
+    as ItsiUser or ConcordUser, before it can be used.
     """
+    def __init__(self, model, field):
+        self.SSOUserModel = model
+        self.SSOField = field
 
-    def authenticate(self, itsi_id=None):
-        if itsi_id is not None:
+    def authenticate(self, sso_id=None):
+        if sso_id is not None:
             try:
-                user = ItsiUser.objects.get(itsi_id=itsi_id).user
+                query = {self.SSOField: sso_id}
+                user = self.SSOUserModel.objects.get(**query).user
                 return user
             except ObjectDoesNotExist:
                 return None
@@ -28,3 +35,15 @@ def get_user(self, user_id):
             return User.objects.get(pk=user_id)
         except User.DoesNotExist:
             return None
+
+
+class ItsiAuthenticationBackend(SSOAuthenticationBackend):
+    def __init__(self):
+        super(ItsiAuthenticationBackend, self).__init__(
+            ItsiUser, 'itsi_id')
+
+
+class ConcordAuthenticationBackend(SSOAuthenticationBackend):
+    def __init__(self):
+        super(ConcordAuthenticationBackend, self).__init__(
+            ConcordUser, 'concord_id')
diff --git a/src/mmw/apps/user/itsi.py b/src/mmw/apps/user/itsi.py
diff --git a/src/mmw/apps/user/migrations/0008_concorduser.py b/src/mmw/apps/user/migrations/0008_concorduser.py
@@ -0,0 +1,25 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11.29 on 2020-04-02 23:49
+from __future__ import unicode_literals
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('auth', '0008_alter_user_username_max_length'),
+        ('user', '0007_userprofile_unit_scheme'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='ConcordUser',
+            fields=[
+                ('user', models.OneToOneField(on_delete=django.db.models.deletion.CASCADE, primary_key=True, serialize=False, to=settings.AUTH_USER_MODEL)),
+                ('concord_id', models.IntegerField()),
+            ],
+        ),
+    ]
diff --git a/src/mmw/apps/user/models.py b/src/mmw/apps/user/models.py
@@ -43,6 +43,16 @@ def __unicode__(self):
         return unicode(self.user.username)
 
 
+class ConcordUser(models.Model):
+    user = models.OneToOneField(User,
+                                on_delete=models.CASCADE,
+                                primary_key=True)
+    concord_id = models.IntegerField()
+
+    def __unicode__(self):
+        return unicode(self.user.username)
+
+
 class UserProfile(models.Model):
     UNSPECIFIED = 'Unspecified'
     UNI_FACULTY = 'University Faculty'