Merge pull request #145 from rackerlabs/add-saml-stubs

Add SAML support and postgresql 12 update
rackerlabs · Jan 10, 2020 · 56298ff · 56298ff
2 parents 0f84a27 + 68e26fb
commit 56298ff
Show file tree

Hide file tree

Showing 6 changed files with 91 additions and 3 deletions.
diff --git a/ansible-playbooks/roles/master/tasks/main.yml b/ansible-playbooks/roles/master/tasks/main.yml
@@ -1,3 +1,15 @@
+- name: Add postgresql APT key.
+  apt_key:
+    url: https://www.postgresql.org/media/keys/ACCC4CF8.asc
+    state: present
+
+- name: Add postgresql APT repository.
+  apt_repository:
+    repo: deb http://apt.postgresql.org/pub/repos/apt/ bionic-pgdg main
+    filename: pgdg.list
+    state: present
+    update_cache: yes
+
 - name: Update APT package cache.
   apt:
     update_cache: yes

diff --git a/ansible-playbooks/roles/master/vars/main.yml b/ansible-playbooks/roles/master/vars/main.yml
@@ -12,15 +12,15 @@ install_packages:
   - python-dev
   - python3-pip
   - python-virtualenv
-  - postgresql-10
   - postgresql-contrib
   - python3-psycopg2  # python3-psycopg2 required for Ansible.
+  - xmlsec1  # SAML support.
 
 # secrets file
 scantron_secrets: "{{ lookup('file', '../../../master/scantron_secrets.json') | from_json }}"
 
 # postgresql
-postgresql_version: 10
+postgresql_version: 12
 
 postgresql_admin_user: postgres
 

diff --git a/master/config/settings/base.py b/master/config/settings/base.py
@@ -60,6 +60,7 @@ def get_secret(setting, secrets=secrets):
     "crispy_forms",  # Form layouts.
     "django_extensions",  # Django extensions.
     "django_filters",  # Search filters for Django REST Framework.
+    "django_saml2_auth",  # SAML support.
     "recurrence",  # Used to configure periodic scans.
     "rest_framework",  # Django REST Framework.
     "rest_framework.authtoken",  # Enable token authentication for Django REST Framework.
@@ -234,3 +235,57 @@ def get_secret(setting, secrets=secrets):
         "rest_framework.authentication.SessionAuthentication",
     ),
 }
+
+# SAML
+# https://github.com/fangli/django-saml2-auth
+# fmt: off
+# SAML2_AUTH = {
+#     # Metadata is required, choose either remote url or local file path.
+#     "METADATA_AUTO_CONF_URL": "",
+#     "METADATA_LOCAL_FILE_PATH": "",
+
+#     # Optional settings below.
+#     # Custom target redirect URL after the user get logged in. Default to /admin if not set. This setting will be
+#     # overwritten if you have parameter ?next= specificed in the login URL.
+#     "DEFAULT_NEXT_URL": "/",
+
+#     # Create a new Django user when a new user logs in. Defaults to True.
+#     "CREATE_USER": False,
+
+#     "NEW_USER_PROFILE": {
+#         "USER_GROUPS": [],  # The default group name when a new user logs in.
+#         "ACTIVE_STATUS": True,  # The default active status for new users.
+#         "STAFF_STATUS": False,  # The staff status for new users.
+#         "SUPERUSER_STATUS": False,  # The superuser status for new users.
+#     },
+
+#     # Change Email/UserName/FirstName/LastName to corresponding SAML2 userprofile attributes.
+#     "ATTRIBUTES_MAP": {
+#         "email": "Email",
+#         "username": "Username",
+#         "first_name": "FirstName",
+#         "last_name": "LastName",
+#     },
+
+#     "TRIGGER": {
+#         "CREATE_USER": "path.to.your.new.user.hook.method",
+#         "BEFORE_LOGIN": "path.to.your.login.hook.method",
+#     },
+
+#     # Custom URL to validate incoming SAML requests against.
+#     "ASSERTION_URL": "",
+
+#     # Populates the Issuer element in authn request.
+#     "ENTITY_ID": "",
+
+#     # Sets the Format property of authn NameIDPolicy element.
+#     "NAME_ID_FORMAT": "None",
+
+#     # Set this to True if you are running a Single Page Application (SPA) with Django Rest Framework (DRF), and are
+#     # using JWT authentication to authorize client users.
+#     "USE_JWT": False,
+
+#     # Redirect URL for the client if you are using JWT auth with DRF.
+#     "FRONTEND_URL": "",
+# }
+# fmt: on
diff --git a/master/config/urls.py b/master/config/urls.py
@@ -16,6 +16,7 @@
 from django.conf import settings
 from django.conf.urls import include, url
 from django.contrib import admin
+import django_saml2_auth.views
 
 from django_scantron.login.urls import urlpatterns as login_urls
 from django_scantron.logout.urls import urlpatterns as logout_urls
@@ -41,8 +42,25 @@
 if not hasattr(settings, "URL_PREFIX"):
     settings.URL_PREFIX = ""
 
+# fmt: off
 urlpatterns = [
+    # These are the SAML2 related URLs. You can change "^saml2_auth/" regex to any path you want, like "^sso_auth/",
+    # "^sso_login/", etc. (required)
+    # url(r"^saml2_auth/", include("django_saml2_auth.urls")),
+
+    # The following line will replace the default user login with SAML2 (optional).  If you want to specify the after
+    # login-redirect-URL, use parameter "?next=/the/path/you/want" with this view.
+    # url(r"^login/", django_saml2_auth.views.signin),
+
+    # The following line will replace the default user logout with the signout page (optional).
+    # url(r"^logout/", django_saml2_auth.views.signout),
+
+    # The following line will replace the admin login with SAML2 (optional).  If you want to specify the
+    # after-login-redirect-URL, use parameter "?next=/the/path/you/want" with this view.
+    # url(r"^scantron-admin/login/$", django_saml2_auth.views.signin),
+
     url(r"^scantron-admin/", admin.site.urls),  # Provide minimal obfuscation for admin panel.
     url(r"^%s" % settings.URL_PREFIX, include(ur)),
     url(r"^api/", include(api_urls)),
 ]
+# fmt: on
diff --git a/master/django_scantron/__init__.py b/master/django_scantron/__init__.py
@@ -1 +1 @@
-__version__ = "1.14"
+__version__ = "1.15"
diff --git a/master/requirements/base.txt b/master/requirements/base.txt
@@ -19,6 +19,9 @@ django-filter==2.2.0
 # Django recurrences for periodic tasks
 django-recurrence==1.10.1
 
+# SAML
+django_saml2_auth==2.2.1
+
 # Django REST Framework
 djangorestframework==3.9.2