Skip to content

Commit

Permalink
feat: upgrade to sodar core v1 (#170)
Browse files Browse the repository at this point in the history
  • Loading branch information
stolpeo committed Dec 9, 2024
1 parent ffbf839 commit bcf0845
Show file tree
Hide file tree
Showing 32 changed files with 296 additions and 299 deletions.
8 changes: 4 additions & 4 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,12 @@ jobs:
strategy:
matrix:
python-version:
- '3.8'
- '3.9'
- '3.10'
- '3.11'
services:
postgres:
image: postgres:11
image: postgres:16
env:
POSTGRES_DB: kiosc
POSTGRES_USER: kiosc
Expand Down Expand Up @@ -42,7 +42,7 @@ jobs:
uses: actions/checkout@v2
- name: Install project Python dependencies
run: |
pip install wheel==0.37.1
pip install wheel==0.42.0
pip install -r requirements/local.txt
pip install -r requirements/test.txt
- name: Download icons
Expand All @@ -63,4 +63,4 @@ jobs:
with:
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
coverage-reports: coverage.xml
if: ${{ matrix.python-version == '3.8' }}
if: ${{ matrix.python-version == '3.11' }}
5 changes: 5 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,11 @@ serve:
$(MANAGE) runserver --settings=config.settings.local


.PHONY: asgi
asgi:
python -m uvicorn config.asgi:application


.PHONY: serve_target
serve_target:
$(MANAGE) runserver 0.0.0.0:$(target_port) --settings=config.settings.local_target
Expand Down
5 changes: 3 additions & 2 deletions config/asgi.py
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
"""

import django
from django.core.asgi import get_asgi_application

django.setup()

Expand All @@ -22,9 +23,9 @@

application = ProtocolTypeRouter(
{
# (http->django views is added by default)
"http": get_asgi_application(),
"websocket": AuthMiddlewareStack(
URLRouter(containers.urls.websocket_urlpatterns)
)
),
}
)
109 changes: 40 additions & 69 deletions config/settings/base.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
For the full list of settings and their values, see
https://docs.djangoproject.com/en/dev/ref/settings/
"""

import os
import environ

Expand Down Expand Up @@ -59,6 +60,7 @@
"markupfield", # For markdown
"rest_framework", # For API views
"knox", # For token auth
"social_django", # For OIDC authentication
"docs", # For the online user documentation/manual
"dal", # For user search combo box
"dal_select2",
Expand Down Expand Up @@ -282,7 +284,7 @@
AUTOSLUG_SLUGIFY_FUNCTION = "slugify.slugify"

# Location of root django.contrib.admin URL, use {% url 'admin:index' %}
ADMIN_URL = r"^admin/"
ADMIN_URL = "admin/"

# Celery configuration (for background jobs)
# ------------------------------------------------------------------------------
Expand Down Expand Up @@ -361,9 +363,9 @@
AUTH_LDAP_CA_CERT_FILE = env.str("AUTH_LDAP_CA_CERT_FILE", None)
AUTH_LDAP_CONNECTION_OPTIONS = LDAP_DEFAULT_CONN_OPTIONS
if AUTH_LDAP_CA_CERT_FILE:
AUTH_LDAP_CONNECTION_OPTIONS[
ldap.OPT_X_TLS_CACERTFILE
] = AUTH_LDAP_CA_CERT_FILE
AUTH_LDAP_CONNECTION_OPTIONS[ldap.OPT_X_TLS_CACERTFILE] = (
AUTH_LDAP_CA_CERT_FILE
)
AUTH_LDAP_CONNECTION_OPTIONS[ldap.OPT_X_TLS_NEWCTX] = 0
AUTH_LDAP_USER_SEARCH = LDAPSearch(
env.str("AUTH_LDAP_USER_SEARCH_BASE", None),
Expand Down Expand Up @@ -392,9 +394,9 @@
AUTH_LDAP2_CA_CERT_FILE = env.str("AUTH_LDAP2_CA_CERT_FILE", None)
AUTH_LDAP2_CONNECTION_OPTIONS = LDAP_DEFAULT_CONN_OPTIONS
if AUTH_LDAP2_CA_CERT_FILE:
AUTH_LDAP2_CONNECTION_OPTIONS[
ldap.OPT_X_TLS_CACERTFILE
] = AUTH_LDAP2_CA_CERT_FILE
AUTH_LDAP2_CONNECTION_OPTIONS[ldap.OPT_X_TLS_CACERTFILE] = (
AUTH_LDAP2_CA_CERT_FILE
)
AUTH_LDAP2_CONNECTION_OPTIONS[ldap.OPT_X_TLS_NEWCTX] = 0

AUTH_LDAP2_USER_SEARCH = LDAPSearch(
Expand All @@ -416,71 +418,40 @@
)


# SAML configuration
# OpenID Connect (OIDC) configuration
# ------------------------------------------------------------------------------

ENABLE_OIDC = env.bool("ENABLE_OIDC", False)

ENABLE_SAML = env.bool("ENABLE_SAML", False)
SAML2_AUTH = {
# Required setting
"SAML_CLIENT_SETTINGS": { # Pysaml2 Saml client settings (https://pysaml2.readthedocs.io/en/latest/howto/config.html)
"entityid": env.str(
"SAML_CLIENT_ENTITY_ID", "SODARcore"
), # The optional entity ID string to be passed in the 'Issuer' element of authn request, if required by the IDP.
"entitybaseurl": env.str(
"SAML_CLIENT_ENTITY_URL", "https://localhost:8000"
),
"metadata": {
"local": [
env.str(
"SAML_CLIENT_METADATA_FILE", "metadata.xml"
), # The auto(dynamic) metadata configuration URL of SAML2
],
},
"service": {
"sp": {
"idp": env.str(
"SAML_CLIENT_IPD",
"https://sso.hpc.bihealth.org/auth/realms/cubi",
),
# Keycloak expects client signature
"authn_requests_signed": "true",
# Enforce POST binding which is required by keycloak
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
},
},
"key_file": env.str("SAML_CLIENT_KEY_FILE", "key.pem"),
"cert_file": env.str("SAML_CLIENT_CERT_FILE", "cert.pem"),
"xmlsec_binary": env.str("SAML_CLIENT_XMLSEC1", "/usr/bin/xmlsec1"),
"encryption_keypairs": [
{
"key_file": env.str("SAML_CLIENT_KEY_FILE", "key.pem"),
"cert_file": env.str("SAML_CLIENT_CERT_FILE", "cert.pem"),
}
],
},
"DEFAULT_NEXT_URL": "/", # Custom target redirect URL after the user get logged in. Default to /admin if not set. This setting will be overwritten if you have parameter ?next= specificed in the login URL.
# # Optional settings below
# 'NEW_USER_PROFILE': {
# 'USER_GROUPS': [], # The default group name when a new user logs in
# 'ACTIVE_STATUS': True, # The default active status for new users
# 'STAFF_STATUS': True, # The staff status for new users
# 'SUPERUSER_STATUS': False, # The superuser status for new users
# },
# 'ATTRIBUTES_MAP': { # Change Email/UserName/FirstName/LastName to corresponding SAML2 userprofile attributes.
# 'email': 'Email',
# 'username': 'UserName',
# 'first_name': 'FirstName',
# 'last_name': 'LastName',
# },
# 'TRIGGER': {
# 'FIND_USER': 'path.to.your.find.user.hook.method',
# 'NEW_USER': 'path.to.your.new.user.hook.method',
# 'CREATE_USER': 'path.to.your.create.user.hook.method',
# 'BEFORE_LOGIN': 'path.to.your.login.hook.method',
# },
# 'ASSERTION_URL': 'https://your.url.here', # Custom URL to validate incoming SAML requests against
}
if ENABLE_OIDC:
AUTHENTICATION_BACKENDS = tuple(
itertools.chain(
("social_core.backends.open_id_connect.OpenIdConnectAuth",),
AUTHENTICATION_BACKENDS,
)
)
TEMPLATES[0]["OPTIONS"]["context_processors"] += [
"social_django.context_processors.backends",
"social_django.context_processors.login_redirect",
]
SOCIAL_AUTH_JSONFIELD_ENABLED = True
SOCIAL_AUTH_JSONFIELD_CUSTOM = "django.db.models.JSONField"
SOCIAL_AUTH_USER_MODEL = AUTH_USER_MODEL
SOCIAL_AUTH_ADMIN_USER_SEARCH_FIELDS = [
"username",
"name",
"first_name",
"last_name",
"email",
]
SOCIAL_AUTH_OIDC_OIDC_ENDPOINT = env.str(
"SOCIAL_AUTH_OIDC_OIDC_ENDPOINT", None
)
SOCIAL_AUTH_OIDC_KEY = env.str("SOCIAL_AUTH_OIDC_KEY", "CHANGEME")
SOCIAL_AUTH_OIDC_SECRET = env.str("SOCIAL_AUTH_OIDC_SECRET", "CHANGEME")
SOCIAL_AUTH_OIDC_USERNAME_KEY = env.str(
"SOCIAL_AUTH_OIDC_USERNAME_KEY", "username"
)


# Logging
Expand Down
2 changes: 1 addition & 1 deletion config/settings/production.py
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@
CSRF_COOKIE_HTTPONLY = True
X_FRAME_OPTIONS = "DENY"

INSTALLED_APPS += ["daphne"]
INSTALLED_APPS.insert(0, "daphne")

# Static Assets
# ------------------------
Expand Down
82 changes: 33 additions & 49 deletions config/urls.py
Original file line number Diff line number Diff line change
@@ -1,103 +1,87 @@
from django.conf import settings
from django.conf.urls import include, url
from django.conf.urls import include
from django.urls import path
from django.conf.urls.static import static
from django.contrib import admin
from django.contrib.auth import views as auth_views
from django.contrib.staticfiles.urls import staticfiles_urlpatterns
from django.views import defaults as default_views
from django.views.generic import TemplateView

import django_saml2_auth.views

from projectroles.views import HomeView

urlpatterns = [
url(r"^$", HomeView.as_view(), name="home"),
url(
r"^about/$",
path("", HomeView.as_view(), name="home"),
path(
"about/",
TemplateView.as_view(template_name="pages/about.html"),
name="about",
),
# Admin URLs - most occur before Django Admin, otherwise urls will be matched by that.
url(r"^kioscadmin/", include("kioscadmin.urls")),
path("kioscadmin/", include("kioscadmin.urls")),
# Django Admin, use {% url 'admin:index' %}
url(settings.ADMIN_URL, admin.site.urls),
path(settings.ADMIN_URL, admin.site.urls),
# Login and logout
url(
r"^login/$",
path(
"login/",
auth_views.LoginView.as_view(template_name="users/login.html"),
name="login",
),
url(r"^logout/$", auth_views.logout_then_login, name="logout"),
path("logout/", auth_views.logout_then_login, name="logout"),
# Auth
url(r"api/auth/", include("knox.urls")),
path("api/auth/", include("knox.urls")),
# Projectroles URLs
url(r"^project/", include("projectroles.urls")),
path("project/", include("projectroles.urls")),
# Timeline URLs
url(r"^timeline/", include("timeline.urls")),
path("timeline/", include("timeline.urls")),
# django-db-file-storage URLs (obfuscated for users)
# TODO: Change the URL to something obfuscated (e.g. random string)
url(r"^CHANGE-ME/", include("db_file_storage.urls")),
path("CHANGE-ME/", include("db_file_storage.urls")),
# Background Jobs URLs
url(r"^bgjobs/", include("bgjobs.urls")),
path("bgjobs/", include("bgjobs.urls")),
# Data Cache app
# url(r'^cache/', include('sodarcache.urls')),
# path(r'^cache/', include('sodarcache.urls')),
# User Profile URLs
url(r"^user/", include("userprofile.urls")),
path("user/", include("userprofile.urls")),
# Admin Alerts URLs
url(r"^adminalerts/", include("adminalerts.urls")),
path("adminalerts/", include("adminalerts.urls")),
# App Alerts URLs
url("^appalerts/", include("appalerts.urls")),
path("appalerts/", include("appalerts.urls")),
# Site Info URLs
url(r"^siteinfo/", include("siteinfo.urls")),
path("siteinfo/", include("siteinfo.urls")),
# API Tokens URLs
url(r"^tokens/", include("tokens.urls")),
path("tokens/", include("tokens.urls")),
# Containers URLs
url(r"^containers/", include("containers.urls")),
path("containers/", include("containers.urls")),
# Containertemplates URLs
url(r"^containertemplates/", include("containertemplates.urls")),
path("containertemplates/", include("containertemplates.urls")),
# Iconify icon URLs
url(r"^icons/", include("dj_iconify.urls")),
# These are the SAML2 related URLs. You can change "^saml2_auth/" regex to
# any path you want, like "^sso_auth/", "^sso_login/", etc. (required)
# url(r'^saml2_auth/', include('django_saml2_auth.urls')),
# The following line will replace the default user login with SAML2 (optional)
# If you want to specific the after-login-redirect-URL, use parameter "?next=/the/path/you/want"
# with this view.
# url(r'^sso/login/$', django_saml2_auth.views.signin),
# The following line will replace the admin login with SAML2 (optional)
# If you want to specific the after-login-redirect-URL, use parameter "?next=/the/path/you/want"
# with this view.
# url(r'^sso/admin/login/$', django_saml2_auth.views.signin),
# The following line will replace the default user logout with the signout page (optional)
# url(r'^sso/logout/$', django_saml2_auth.views.signout),
# The following line will replace the default admin user logout with the signout page (optional)
# url(r'^sso/admin/logout/$', django_saml2_auth.views.signout),
path("icons/", include("dj_iconify.urls")),
] + static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)

if settings.KIOSC_EMBEDDED_FILES:
urlpatterns.append(url(r"^files/", include("filesfolders.urls")))
urlpatterns.append(path("files/", include("filesfolders.urls")))

if settings.DEBUG:
# This allows the error pages to be debugged during development, just visit
# these url in browser to see how these error pages look like.
urlpatterns += [
url(
r"^400/$",
path(
"400/",
default_views.bad_request,
kwargs={"exception": Exception("Bad Request!")},
),
url(
r"^403/$",
path(
"403/",
default_views.permission_denied,
kwargs={"exception": Exception("Permission Denied")},
),
url(
r"^404/$",
path(
"404/",
default_views.page_not_found,
kwargs={"exception": Exception("Page not Found")},
),
url(r"^500/$", default_views.server_error),
path("500/", default_views.server_error),
]

urlpatterns += staticfiles_urlpatterns()
Expand All @@ -106,5 +90,5 @@
import debug_toolbar

urlpatterns = [
url(r"^__debug__/", include(debug_toolbar.urls))
path("__debug__/", include(debug_toolbar.urls))
] + urlpatterns
1 change: 1 addition & 0 deletions config/wsgi.py
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
framework.
"""

import os
import sys

Expand Down
Loading

0 comments on commit bcf0845

Please sign in to comment.