upgrade to django-sodar-core v1.0.0

bihealth · Jul 19, 2024 · fb5d2e3 · fb5d2e3
1 parent 85d6e6f
commit fb5d2e3
Show file tree

Hide file tree

Showing 18 changed files with 192 additions and 180 deletions.
diff --git a/Makefile b/Makefile
@@ -4,6 +4,8 @@ define USAGE=
 @echo -e
 @echo -e "Usage:"
 @echo -e "\tmake black [arg=--<arg>]                 -- black formatting"
+@echo -e "\tmake flake                               -- run flake8"
+@echo -e "\tmake celery                              -- start celery worker"
 @echo -e "\tmake serve                               -- start source server"
 @echo -e "\tmake serve_target                        -- start target server"
 @echo -e "\tmake collectstatic                       -- run collectstatic"
@@ -24,6 +26,16 @@ black:
 	black . -l 80 --skip-string-normalization --exclude ".git|.venv|.tox|build|env|src|docs|migrations|versioneer.py" $(arg)
 
 
+.PHONY: flake
+flake:
+	flake8 .
+
+
+.PHONY: celery
+celery:
+	celery -A config worker -l info --beat
+
+
 .PHONY: serve
 serve:
 	$(MANAGE) runserver --settings=config.settings.local
@@ -58,4 +70,3 @@ endif
 .PHONY: usage
 usage:
 	$(USAGE)
-
diff --git a/README.rst b/README.rst
@@ -7,7 +7,7 @@ SODAR Django Site
 .. image:: https://img.shields.io/badge/License-MIT-yellow.svg
     :target: https://opensource.org/licenses/MIT
 
-This project contains a minimal `Django 3.2 <https://docs.djangoproject.com/en/3.2/>`_
+This project contains a minimal `Django 4.2 <https://docs.djangoproject.com/en/4.2/>`_
 site template for building `SODAR Core <https://github.com/bihealth/sodar_core>`_
 based projects.
 
@@ -24,14 +24,14 @@ It is also readily compatible with Selenium UI testing, coverage checking and
 continuous integration for GitHub Actions and GitLab-CI.
 
 The current version of this site is compatible with
-`SODAR Core v0.13.4 <https://github.com/bihealth/sodar_core/tree/v0.13.4>`_.
+`SODAR Core v1.0.0 <https://github.com/bihealth/sodar_core/tree/v1.0.0>`_.
 
 
 Installation for Development
 ============================
 
 For instructions and best practices in Django development, see
-`Django 3.2 documentation <https://docs.djangoproject.com/en/3.2/>`_ and
+`Django 4.2 documentation <https://docs.djangoproject.com/en/4.2/>`_ and
 `Two Scoops of Django <https://www.feldroy.com/collections/everything/products/two-scoops-of-django-3-x>`_.
 
 For SODAR Core concepts and instructions, see
@@ -44,8 +44,8 @@ Requirements
 ------------
 
 - Ubuntu 20.04 Xenial (Recommended for development)
-- Python 3.8, 3.9 or 3.10
-- Postgres 11+
+- Python 3.9, 3.10 or 3.11
+- Postgres 12+ (v16 recommended)
 
 System Installation
 -------------------

diff --git a/config/settings/base.py b/config/settings/base.py
@@ -2,13 +2,14 @@
 Django settings for the SODAR Django Site template.
 
 For more information on this file, see
-https://docs.djangoproject.com/en/3.2/topics/settings/
+https://docs.djangoproject.com/en/4.2/topics/settings/
 
 For the full list of settings and their values, see
-https://docs.djangoproject.com/en/3.2/ref/settings/
+https://docs.djangoproject.com/en/4.2/ref/settings/
 """
 
 import environ
+import itertools
 import os
 
 SITE_PACKAGE = 'sodar_django_site'
@@ -20,7 +21,7 @@
 env = environ.Env()
 
 # .env file, should load only in development environment
-READ_DOT_ENV_FILE = env.bool('DJANGO_READ_DOT_ENV_FILE', default=False)
+READ_DOT_ENV_FILE = env.bool('DJANGO_READ_DOT_ENV_FILE', False)
 
 if READ_DOT_ENV_FILE:
     # Operating System Environment variables have precedence over variables
@@ -56,6 +57,7 @@
     'markupfield',  # For markdown
     'rest_framework',  # For API views
     'knox',  # For token auth
+    'social_django',  # For OIDC authentication
     'docs',  # For the online user documentation/manual
     'db_file_storage',  # For filesfolders
     'dal',  # For user search combo box
@@ -134,18 +136,16 @@
     for x in env.list('ADMINS', default=['Admin User:[email protected]'])
 ]
 
-# See: https://docs.djangoproject.com/en/dev/ref/settings/#managers
+# See: https://docs.djangoproject.com/en/4.2/ref/settings/#managers
 MANAGERS = ADMINS
 
 # DATABASE CONFIGURATION
 # ------------------------------------------------------------------------------
-# See: https://docs.djangoproject.com/en/dev/ref/settings/#databases
+# See: https://docs.djangoproject.com/en/4.2/ref/settings/#databases
 # Uses django-environ to accept uri format
 # See: https://django-environ.readthedocs.io/en/latest/#supported-types
-DATABASES = {
-    'default': env.db('DATABASE_URL', default='postgres:///sodar_core')
-}
-DATABASES['default']['ATOMIC_REQUESTS'] = False
+DATABASES = {'default': env.db('DATABASE_URL', 'postgres:///sodar_core')}
+DATABASES['default']['ATOMIC_REQUESTS'] = True
 
 # Set default auto field (for Django 3.2+)
 DEFAULT_AUTO_FIELD = 'django.db.models.AutoField'
@@ -162,24 +162,24 @@
 # In a Windows environment this must be set to your system time zone.
 TIME_ZONE = 'Europe/Berlin'
 
-# See: https://docs.djangoproject.com/en/dev/ref/settings/#language-code
+# See: https://docs.djangoproject.com/en/4.2/ref/settings/#language-code
 LANGUAGE_CODE = 'en-us'
 
-# See: https://docs.djangoproject.com/en/dev/ref/settings/#site-id
+# See: https://docs.djangoproject.com/en/4.2/ref/settings/#site-id
 SITE_ID = 1
 
-# See: https://docs.djangoproject.com/en/dev/ref/settings/#use-i18n
+# See: https://docs.djangoproject.com/en/4.2/ref/settings/#use-i18n
 USE_I18N = True
 
-# See: https://docs.djangoproject.com/en/dev/ref/settings/#use-l10n
+# See: https://docs.djangoproject.com/en/4.2/ref/settings/#use-l10n
 USE_L10N = True
 
-# See: https://docs.djangoproject.com/en/dev/ref/settings/#use-tz
+# See: https://docs.djangoproject.com/en/4.2/ref/settings/#use-tz
 USE_TZ = True
 
 # TEMPLATE CONFIGURATION
 # ------------------------------------------------------------------------------
-# See: https://docs.djangoproject.com/en/dev/ref/settings/#templates
+# See: https://docs.djangoproject.com/en/4.2/ref/settings/#templates
 TEMPLATES = [
     {
         'BACKEND': 'django.template.backends.django.DjangoTemplates',
@@ -306,15 +306,25 @@
 CELERYD_TASK_SOFT_TIME_LIMIT = 60
 
 
-# Django REST framework default auth classes
+# Django REST framework
+# ------------------------------------------------------------------------------
+
 REST_FRAMEWORK = {
     'DEFAULT_AUTHENTICATION_CLASSES': (
         'rest_framework.authentication.BasicAuthentication',
         'rest_framework.authentication.SessionAuthentication',
         'knox.auth.TokenAuthentication',
-    )
+    ),
+    'DEFAULT_PAGINATION_CLASS': (
+        'rest_framework.pagination.PageNumberPagination'
+    ),
+    'PAGE_SIZE': env.int('SODAR_API_PAGE_SIZE', 100),
 }
 
+
+# Additional authentication settings
+# ------------------------------------------------------------------------------
+
 # Knox settings
 TOKEN_TTL = None
 
@@ -334,7 +344,6 @@
 LDAP_ALT_DOMAINS = env.list('LDAP_ALT_DOMAINS', None, default=[])
 
 if ENABLE_LDAP:
-    import itertools
     import ldap
     from django_auth_ldap.config import LDAPSearch
 
@@ -356,15 +365,16 @@
     AUTH_LDAP_CA_CERT_FILE = env.str('AUTH_LDAP_CA_CERT_FILE', None)
     AUTH_LDAP_CONNECTION_OPTIONS = {**LDAP_DEFAULT_CONN_OPTIONS}
     if AUTH_LDAP_CA_CERT_FILE:
-        AUTH_LDAP_CONNECTION_OPTIONS[
-            ldap.OPT_X_TLS_CACERTFILE
-        ] = AUTH_LDAP_CA_CERT_FILE
+        AUTH_LDAP_CONNECTION_OPTIONS[ldap.OPT_X_TLS_CACERTFILE] = (
+            AUTH_LDAP_CA_CERT_FILE
+        )
         AUTH_LDAP_CONNECTION_OPTIONS[ldap.OPT_X_TLS_NEWCTX] = 0
     AUTH_LDAP_USER_FILTER = env.str(
         'AUTH_LDAP_USER_FILTER', '(sAMAccountName=%(user)s)'
     )
+    AUTH_LDAP_USER_SEARCH_BASE = env.str('AUTH_LDAP_USER_SEARCH_BASE', None)
     AUTH_LDAP_USER_SEARCH = LDAPSearch(
-        env.str('AUTH_LDAP_USER_SEARCH_BASE', None),
+        AUTH_LDAP_USER_SEARCH_BASE,
         ldap.SCOPE_SUBTREE,
         AUTH_LDAP_USER_FILTER,
     )
@@ -389,15 +399,18 @@
         AUTH_LDAP2_CA_CERT_FILE = env.str('AUTH_LDAP2_CA_CERT_FILE', None)
         AUTH_LDAP2_CONNECTION_OPTIONS = {**LDAP_DEFAULT_CONN_OPTIONS}
         if AUTH_LDAP2_CA_CERT_FILE:
-            AUTH_LDAP2_CONNECTION_OPTIONS[
-                ldap.OPT_X_TLS_CACERTFILE
-            ] = AUTH_LDAP2_CA_CERT_FILE
+            AUTH_LDAP2_CONNECTION_OPTIONS[ldap.OPT_X_TLS_CACERTFILE] = (
+                AUTH_LDAP2_CA_CERT_FILE
+            )
             AUTH_LDAP2_CONNECTION_OPTIONS[ldap.OPT_X_TLS_NEWCTX] = 0
         AUTH_LDAP2_USER_FILTER = env.str(
             'AUTH_LDAP2_USER_FILTER', '(sAMAccountName=%(user)s)'
         )
+        AUTH_LDAP2_USER_SEARCH_BASE = env.str(
+            'AUTH_LDAP2_USER_SEARCH_BASE', None
+        )
         AUTH_LDAP2_USER_SEARCH = LDAPSearch(
-            env.str('AUTH_LDAP2_USER_SEARCH_BASE', None),
+            AUTH_LDAP2_USER_SEARCH_BASE,
             ldap.SCOPE_SUBTREE,
             AUTH_LDAP2_USER_FILTER,
         )
@@ -414,79 +427,40 @@
         )
 
 
-# SAML configuration
+# OpenID Connect (OIDC) configuration
 # ------------------------------------------------------------------------------
 
-ENABLE_SAML = env.bool('ENABLE_SAML', False)
-SAML2_AUTH = {
-    # Required setting
-    # Pysaml2 Saml client settings
-    # See: https://pysaml2.readthedocs.io/en/latest/howto/config.html
-    'SAML_CLIENT_SETTINGS': {
-        # Optional entity ID string to be passed in the 'Issuer' element of
-        # authn request, if required by the IDP.
-        'entityid': env.str('SAML_CLIENT_ENTITY_ID', 'CHANGE-ME'),
-        'entitybaseurl': env.str(
-            'SAML_CLIENT_ENTITY_URL', 'https://localhost:8000'
-        ),
-        # The auto(dynamic) metadata configuration URL of SAML2
-        'metadata': {
-            'local': [
-                env.str('SAML_CLIENT_METADATA_FILE', 'metadata.xml'),
-            ],
-        },
-        'service': {
-            'sp': {
-                'idp': env.str(
-                    'SAML_CLIENT_IPD',
-                    'https://sso.hpc.bihealth.org/auth/realms/cubi',
-                ),
-                # Keycloak expects client signature
-                'authn_requests_signed': 'true',
-                # Enforce POST binding which is required by keycloak
-                'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
-            },
-        },
-        'key_file': env.str('SAML_CLIENT_KEY_FILE', 'key.pem'),
-        'cert_file': env.str('SAML_CLIENT_CERT_FILE', 'cert.pem'),
-        'xmlsec_binary': env.str('SAML_CLIENT_XMLSEC1', '/usr/bin/xmlsec1'),
-        'encryption_keypairs': [
-            {
-                'key_file': env.str('SAML_CLIENT_KEY_FILE', 'key.pem'),
-                'cert_file': env.str('SAML_CLIENT_CERT_FILE', 'cert.pem'),
-            }
-        ],
-    },
-    # Custom target redirect URL after the user get logged in.
-    # Defaults to /admin if not set. This setting will be overwritten if you
-    # have parameter ?next= specificed in the login URL.
-    'DEFAULT_NEXT_URL': '/',
-    # # Optional settings below
-    # 'NEW_USER_PROFILE': {
-    #     'USER_GROUPS': [],  # The default group name when a new user logs in
-    #     'ACTIVE_STATUS': True,  # The default active status for new users
-    #     'STAFF_STATUS': True,  # The staff status for new users
-    #     'SUPERUSER_STATUS': False,  # The superuser status for new users
-    # },
-    # 'ATTRIBUTES_MAP': env.dict(
-    #     'SAML_ATTRIBUTES_MAP',
-    #     default={
-    #         # Change values to corresponding SAML2 userprofile attributes.
-    #         'email': 'Email',
-    #         'username': 'UserName',
-    #         'first_name': 'FirstName',
-    #         'last_name': 'LastName',
-    #     },
-    # ),
-    # 'TRIGGER': {
-    #     'FIND_USER': 'path.to.your.find.user.hook.method',
-    #     'NEW_USER': 'path.to.your.new.user.hook.method',
-    #     'CREATE_USER': 'path.to.your.create.user.hook.method',
-    #     'BEFORE_LOGIN': 'path.to.your.login.hook.method',
-    # },
-    # Custom URL to validate incoming SAML requests against
-    # 'ASSERTION_URL': 'https://your.url.here',
-}
+ENABLE_OIDC = env.bool('ENABLE_OIDC', False)
+
+if ENABLE_OIDC:
+    AUTHENTICATION_BACKENDS = tuple(
+        itertools.chain(
+            ('social_core.backends.open_id_connect.OpenIdConnectAuth',),
+            AUTHENTICATION_BACKENDS,
+        )
+    )
+    TEMPLATES[0]['OPTIONS']['context_processors'] += [
+        'social_django.context_processors.backends',
+        'social_django.context_processors.login_redirect',
+    ]
+    SOCIAL_AUTH_JSONFIELD_ENABLED = True
+    SOCIAL_AUTH_JSONFIELD_CUSTOM = 'django.db.models.JSONField'
+    SOCIAL_AUTH_USER_MODEL = AUTH_USER_MODEL
+    SOCIAL_AUTH_ADMIN_USER_SEARCH_FIELDS = [
+        'username',
+        'name',
+        'first_name',
+        'last_name',
+        'email',
+    ]
+    SOCIAL_AUTH_OIDC_OIDC_ENDPOINT = env.str(
+        'SOCIAL_AUTH_OIDC_OIDC_ENDPOINT', None
+    )
+    SOCIAL_AUTH_OIDC_KEY = env.str('SOCIAL_AUTH_OIDC_KEY', 'CHANGEME')
+    SOCIAL_AUTH_OIDC_SECRET = env.str('SOCIAL_AUTH_OIDC_SECRET', 'CHANGEME')
+    SOCIAL_AUTH_OIDC_USERNAME_KEY = env.str(
+        'SOCIAL_AUTH_OIDC_USERNAME_KEY', 'username'
+    )
 
 
 # Logging
@@ -575,9 +549,11 @@ def set_logging(level=None):
 )
 
 # SODAR API settings
+# DEPRECATED: To be removed in SODAR Core v1.1 (see bihealth/sodar-core#1401)
 SODAR_API_DEFAULT_VERSION = '0.1'
 SODAR_API_ALLOWED_VERSIONS = [SODAR_API_DEFAULT_VERSION]
 SODAR_API_MEDIA_TYPE = 'application/your.application+json'
+# SODAR API host URL
 SODAR_API_DEFAULT_HOST = env.url(
     'SODAR_API_DEFAULT_HOST', 'http://0.0.0.0:8000'
 )
@@ -638,10 +614,10 @@ def set_logging(level=None):
     'PROJECTROLES_SEARCH_OMIT_APPS', None, []
 )
 PROJECTROLES_TARGET_SYNC_ENABLE = env.bool(
-    'PROJECTROLES_TARGET_SYNC_ENABLE', default=False
+    'PROJECTROLES_TARGET_SYNC_ENABLE', False
 )
 PROJECTROLES_TARGET_SYNC_INTERVAL = env.int(
-    'PROJECTROLES_TARGET_SYNC_INTERVAL', default=5
+    'PROJECTROLES_TARGET_SYNC_INTERVAL', 5
 )
 
 # Enable profiling for debugging/analysis

diff --git a/config/settings/local.py b/config/settings/local.py
@@ -21,7 +21,7 @@
 
 # DEBUG
 # ------------------------------------------------------------------------------
-DEBUG = env.bool('DJANGO_DEBUG', default=True)
+DEBUG = env.bool('DJANGO_DEBUG', True)
 TEMPLATES[0]['OPTIONS']['debug'] = DEBUG
 
 # SECRET CONFIGURATION
@@ -49,7 +49,7 @@
 
 # django-debug-toolbar
 # ------------------------------------------------------------------------------
-ENABLE_DEBUG_TOOLBAR = env.bool('ENABLE_DEBUG_TOOLBAR', default=True)
+ENABLE_DEBUG_TOOLBAR = env.bool('ENABLE_DEBUG_TOOLBAR', True)
 
 if ENABLE_DEBUG_TOOLBAR:
     MIDDLEWARE += ['debug_toolbar.middleware.DebugToolbarMiddleware']

diff --git a/config/settings/local_target.py b/config/settings/local_target.py
@@ -8,7 +8,7 @@
 
 # DATABASE CONFIGURATION
 # ------------------------------------------------------------------------------
-# See: https://docs.djangoproject.com/en/dev/ref/settings/#databases
+# See: https://docs.djangoproject.com/en/4.2/ref/settings/#databases
 # Uses django-environ to accept uri format
 # See: https://django-environ.readthedocs.io/en/latest/#supported-types
 DATABASES['default']['NAME'] = 'sodar_core_target'