upgrade to django-sodar-core v1.0 (wip) (#1922)

.github/workflows/build.yml

@@ -7,12 +7,12 @@ jobs:
     strategy:
       matrix:
         python-version:
-          - '3.8'
           - '3.9'
           - '3.10'
+          - '3.11'
     services:
       postgres:
-        image: postgres:11
+        image: postgres:16
         env:
           POSTGRES_DB: sodar
           POSTGRES_USER: postgres
@@ -64,7 +64,7 @@ jobs:
         uses: actions/checkout@v3
       - name: Install project Python dependencies
         run: |
-          pip install wheel==0.37.1
+          pip install wheel==0.42.0
           pip install -r requirements/local.txt
           pip install -r requirements/test.txt
       - name: Setup Node.js
@@ -86,14 +86,15 @@ jobs:
           coverage report
       - name: Run Vue app tests
         run: make test_samplesheets_vue
-        if: ${{ matrix.python-version == '3.8' }}
+        if: ${{ matrix.python-version == '3.11' }}
       - name: Check Python linting
         run: flake8 .
       - name: Check Python formatting
         run: make black arg=--check
+        if: ${{ matrix.python-version == '3.11' }}
       - name: Report coverage with Coveralls
         uses: coverallsapp/github-action@master
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           path-to-lcov: './coverage.lcov'
-        if: ${{ matrix.python-version == '3.8' }}
+        if: ${{ matrix.python-version == '3.11' }}

.readthedocs.yaml

@@ -9,7 +9,7 @@ version: 2
 build:
   os: ubuntu-20.04
   tools:
-    python: '3.8'
+    python: '3.11'
 
 # Build documentation in the docs/ directory with Sphinx
 sphinx:

Makefile

@@ -5,6 +5,7 @@ define USAGE=
 @echo -e "Usage:"
 @echo -e "\tmake black [arg=--<arg>]                    -- format python with black"
 @echo -e "\tmake serve [arg=sync]                       -- start server"
+@echo -e "\tmake flake                                  -- run flake8"
 @echo -e "\tmake celery                                 -- start celery & celerybeat"
 @echo -e "\tmake demo                                   -- start demo server"
 @echo -e "\tmake samplesheets_vue                       -- start samplesheet vue.js app"
@@ -39,6 +40,11 @@ endif
 	$(MANAGE) runserver 0.0.0.0:8000 --settings=config.settings.local
 
 
+.PHONY: flake
+flake:
+	flake8 .
+
+
 .PHONY: celery
 celery:
 	celery -A config worker -l info --beat

config/settings/base.py

@@ -61,6 +61,7 @@
     'markupfield',  # For markdown
     'rest_framework',  # For API views
     'knox',  # For token auth
+    'social_django',  # For OIDC authentication
     'docs',  # For the online user documentation/manual
     'dal',  # For user search combo box
     'dal_select2',
@@ -303,7 +304,7 @@
 AUTOSLUG_SLUGIFY_FUNCTION = 'slugify.slugify'
 
 # Location of root django.contrib.admin URL, use {% url 'admin:index' %}
-ADMIN_URL = r'^admin/'
+ADMIN_URL = 'admin/'
 
 
 # Celery
@@ -434,79 +435,40 @@
         )
 
 
-# SAML configuration
+# OpenID Connect (OIDC) configuration
 # ------------------------------------------------------------------------------
 
-ENABLE_SAML = env.bool('ENABLE_SAML', False)
-SAML2_AUTH = {
-    # Required setting
-    # Pysaml2 Saml client settings
-    # See: https://pysaml2.readthedocs.io/en/latest/howto/config.html
-    'SAML_CLIENT_SETTINGS': {
-        # Optional entity ID string to be passed in the 'Issuer' element of
-        # authn request, if required by the IDP.
-        'entityid': env.str('SAML_CLIENT_ENTITY_ID', 'SODAR'),
-        'entitybaseurl': env.str(
-            'SAML_CLIENT_ENTITY_URL', 'https://localhost:8000'
-        ),
-        # The auto(dynamic) metadata configuration URL of SAML2
-        'metadata': {
-            'local': [
-                env.str('SAML_CLIENT_METADATA_FILE', 'metadata.xml'),
-            ],
-        },
-        'service': {
-            'sp': {
-                'idp': env.str(
-                    'SAML_CLIENT_IPD',
-                    'https://sso.hpc.bihealth.org/auth/realms/cubi',
-                ),
-                # Keycloak expects client signature
-                'authn_requests_signed': 'true',
-                # Enforce POST binding which is required by keycloak
-                'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
-            },
-        },
-        'key_file': env.str('SAML_CLIENT_KEY_FILE', 'key.pem'),
-        'cert_file': env.str('SAML_CLIENT_CERT_FILE', 'cert.pem'),
-        'xmlsec_binary': env.str('SAML_CLIENT_XMLSEC1', '/usr/bin/xmlsec1'),
-        'encryption_keypairs': [
-            {
-                'key_file': env.str('SAML_CLIENT_KEY_FILE', 'key.pem'),
-                'cert_file': env.str('SAML_CLIENT_CERT_FILE', 'cert.pem'),
-            }
-        ],
-    },
-    # Custom target redirect URL after the user get logged in.
-    # Defaults to /admin if not set. This setting will be overwritten if you
-    # have parameter ?next= specificed in the login URL.
-    'DEFAULT_NEXT_URL': '/',
-    # # Optional settings below
-    # 'NEW_USER_PROFILE': {
-    #     'USER_GROUPS': [],  # The default group name when a new user logs in
-    #     'ACTIVE_STATUS': True,  # The default active status for new users
-    #     'STAFF_STATUS': True,  # The staff status for new users
-    #     'SUPERUSER_STATUS': False,  # The superuser status for new users
-    # },
-    'ATTRIBUTES_MAP': env.dict(
-        'SAML_ATTRIBUTES_MAP',
-        default={
-            # Change values to corresponding SAML2 userprofile attributes.
-            'email': 'Email',
-            'username': 'UserName',
-            'first_name': 'FirstName',
-            'last_name': 'LastName',
-        },
-    ),
-    # 'TRIGGER': {
-    #     'FIND_USER': 'path.to.your.find.user.hook.method',
-    #     'NEW_USER': 'path.to.your.new.user.hook.method',
-    #     'CREATE_USER': 'path.to.your.create.user.hook.method',
-    #     'BEFORE_LOGIN': 'path.to.your.login.hook.method',
-    # },
-    # Custom URL to validate incoming SAML requests against
-    # 'ASSERTION_URL': 'https://your.url.here',
-}
+ENABLE_OIDC = env.bool('ENABLE_OIDC', False)
+
+if ENABLE_OIDC:
+    AUTHENTICATION_BACKENDS = tuple(
+        itertools.chain(
+            ('social_core.backends.open_id_connect.OpenIdConnectAuth',),
+            AUTHENTICATION_BACKENDS,
+        )
+    )
+    TEMPLATES[0]['OPTIONS']['context_processors'] += [
+        'social_django.context_processors.backends',
+        'social_django.context_processors.login_redirect',
+    ]
+    SOCIAL_AUTH_JSONFIELD_ENABLED = True
+    SOCIAL_AUTH_JSONFIELD_CUSTOM = 'django.db.models.JSONField'
+    SOCIAL_AUTH_USER_MODEL = AUTH_USER_MODEL
+    SOCIAL_AUTH_ADMIN_USER_SEARCH_FIELDS = [
+        'username',
+        'name',
+        'first_name',
+        'last_name',
+        'email',
+    ]
+    SOCIAL_AUTH_OIDC_OIDC_ENDPOINT = env.str(
+        'SOCIAL_AUTH_OIDC_OIDC_ENDPOINT', None
+    )
+    SOCIAL_AUTH_OIDC_KEY = env.str('SOCIAL_AUTH_OIDC_KEY', 'CHANGEME')
+    SOCIAL_AUTH_OIDC_SECRET = env.str('SOCIAL_AUTH_OIDC_SECRET', 'CHANGEME')
+    SOCIAL_AUTH_OIDC_USERNAME_KEY = env.str(
+        'SOCIAL_AUTH_OIDC_USERNAME_KEY', 'username'
+    )
 
 
 # Logging

config/urls.py

@@ -1,5 +1,5 @@
 from django.conf import settings
-from django.conf.urls import include, url
+from django.conf.urls import include
 from django.conf.urls.static import static
 from django.contrib import admin
 from django.contrib.auth import views as auth_views
@@ -26,7 +26,7 @@ def handler500(request, *args, **argv):
 urlpatterns = [
     path(route='', view=HomeView.as_view(), name='home'),
     # Django Admin, use {% url 'admin:index' %}
-    url(settings.ADMIN_URL, admin.site.urls),
+    path(settings.ADMIN_URL, admin.site.urls),
     # Login and logout
     path(
         route='login/',
@@ -40,6 +40,8 @@ def handler500(request, *args, **argv):
     path('api/auth/', include('knox.urls')),
     # Iconify SVG icons
     path('icons/', include('dj_iconify.urls')),
+    # Social auth for OIDC support
+    path('social/', include('social_django.urls')),
     # General site apps
     path('alerts/adm/', include('adminalerts.urls')),
     path('alerts/app/', include('appalerts.urls')),

irodsinfo/tests/test_permissions.py

@@ -3,10 +3,10 @@
 from django.urls import reverse
 
 # Projectroles dependency
-from projectroles.tests.test_permissions import TestSiteAppPermissionBase
+from projectroles.tests.test_permissions import SiteAppPermissionTestBase
 
 
-class TestIrodsinfoPermissions(TestSiteAppPermissionBase):
+class TestIrodsinfoPermissions(SiteAppPermissionTestBase):
     """Tests for irodsinfo UI view permissions"""
 
     def test_get_irods_info(self):

irodsinfo/tests/test_permissions_api.py

@@ -3,10 +3,10 @@
 from django.urls import reverse
 
 # Projectroles dependency
-from projectroles.tests.test_permissions import TestSiteAppPermissionBase
+from projectroles.tests.test_permissions import SiteAppPermissionTestBase
 
 
-class TestIrodsConfigRetrieveAPIView(TestSiteAppPermissionBase):
+class TestIrodsConfigRetrieveAPIView(SiteAppPermissionTestBase):
     """Tests for irodsinfo API"""
 
     def test_get_irods_config(self):

isatemplates/tests/test_permissions.py

@@ -6,7 +6,7 @@
 from django.urls import reverse
 
 # Projectroles dependency
-from projectroles.tests.test_permissions import TestSiteAppPermissionBase
+from projectroles.tests.test_permissions import SiteAppPermissionTestBase
 
 from isatemplates.tests.test_models import (
     CookiecutterISATemplateMixin,
@@ -16,7 +16,7 @@
 
 
 class TestISATemplatesPermissions(
-    CookiecutterISATemplateMixin, TestSiteAppPermissionBase
+    CookiecutterISATemplateMixin, SiteAppPermissionTestBase
 ):
     """Tests for isatemplates UI view permissions"""
 

isatemplates/tests/test_ui.py

@@ -12,7 +12,7 @@
 from selenium.webdriver.common.by import By
 
 # Projectroles dependency
-from projectroles.tests.test_ui import TestUIBase
+from projectroles.tests.test_ui import UITestBase
 
 from isatemplates.models import ISA_FILE_PREFIXES
 from isatemplates.tests.test_models import (
@@ -29,7 +29,7 @@
 BACKEND_PLUGINS_NO_TPL.remove('isatemplates_backend')
 
 
-class TestISATemplateListView(CookiecutterISATemplateMixin, TestUIBase):
+class TestISATemplateListView(CookiecutterISATemplateMixin, UITestBase):
     """Tests for ISATemplateListView UI"""
 
     def setUp(self):
@@ -106,7 +106,7 @@ def test_get_disable_backend(self):
 
 
 class TestISATemplateDetailView(
-    CookiecutterISATemplateMixin, CookiecutterISAFileMixin, TestUIBase
+    CookiecutterISATemplateMixin, CookiecutterISAFileMixin, UITestBase
 ):
     """Tests for ISATemplateDetailView UI"""
 
@@ -156,7 +156,7 @@ def test_get(self):
 
 
 class TestCUBIISATemplateDetailView(
-    CookiecutterISATemplateMixin, CookiecutterISAFileMixin, TestUIBase
+    CookiecutterISATemplateMixin, CookiecutterISAFileMixin, UITestBase
 ):
     """Tests for CUBIISATemplateDetailView UI"""