feat: upgrade to sodar core v1 (#170)

.github/workflows/build.yml

@@ -7,12 +7,12 @@ jobs:
     strategy:
       matrix:
         python-version:
-          - '3.8'
           - '3.9'
           - '3.10'
+          - '3.11'
     services:
       postgres:
-        image: postgres:11
+        image: postgres:16
         env:
           POSTGRES_DB: kiosc
           POSTGRES_USER: kiosc
@@ -42,7 +42,7 @@ jobs:
         uses: actions/checkout@v2
       - name: Install project Python dependencies
         run: |
-          pip install wheel==0.37.1
+          pip install wheel==0.42.0
           pip install -r requirements/local.txt
           pip install -r requirements/test.txt
       - name: Download icons
@@ -63,4 +63,4 @@ jobs:
         with:
           project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
           coverage-reports: coverage.xml
-        if: ${{ matrix.python-version == '3.8' }}
+        if: ${{ matrix.python-version == '3.11' }}

Makefile

@@ -33,6 +33,11 @@ serve:
 	$(MANAGE) runserver --settings=config.settings.local
 
 
+.PHONY: asgi
+asgi:
+	python -m uvicorn config.asgi:application
+
+
 .PHONY: serve_target
 serve_target:
 	$(MANAGE) runserver 0.0.0.0:$(target_port) --settings=config.settings.local_target

config/settings/base.py

@@ -59,6 +59,7 @@
     "markupfield",  # For markdown
     "rest_framework",  # For API views
     "knox",  # For token auth
+    'social_django', # For OIDC authentication
     "docs",  # For the online user documentation/manual
     "dal",  # For user search combo box
     "dal_select2",
@@ -282,7 +283,7 @@
 AUTOSLUG_SLUGIFY_FUNCTION = "slugify.slugify"
 
 # Location of root django.contrib.admin URL, use {% url 'admin:index' %}
-ADMIN_URL = r"^admin/"
+ADMIN_URL = "admin/"
 
 # Celery configuration (for background jobs)
 # ------------------------------------------------------------------------------
@@ -416,71 +417,40 @@
         )
 
 
-# SAML configuration
+# OpenID Connect (OIDC) configuration
 # ------------------------------------------------------------------------------
 
+ENABLE_OIDC = env.bool('ENABLE_OIDC', False)
 
-ENABLE_SAML = env.bool("ENABLE_SAML", False)
-SAML2_AUTH = {
-    # Required setting
-    "SAML_CLIENT_SETTINGS": {  # Pysaml2 Saml client settings (https://pysaml2.readthedocs.io/en/latest/howto/config.html)
-        "entityid": env.str(
-            "SAML_CLIENT_ENTITY_ID", "SODARcore"
-        ),  # The optional entity ID string to be passed in the 'Issuer' element of authn request, if required by the IDP.
-        "entitybaseurl": env.str(
-            "SAML_CLIENT_ENTITY_URL", "https://localhost:8000"
-        ),
-        "metadata": {
-            "local": [
-                env.str(
-                    "SAML_CLIENT_METADATA_FILE", "metadata.xml"
-                ),  # The auto(dynamic) metadata configuration URL of SAML2
-            ],
-        },
-        "service": {
-            "sp": {
-                "idp": env.str(
-                    "SAML_CLIENT_IPD",
-                    "https://sso.hpc.bihealth.org/auth/realms/cubi",
-                ),
-                # Keycloak expects client signature
-                "authn_requests_signed": "true",
-                # Enforce POST binding which is required by keycloak
-                "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
-            },
-        },
-        "key_file": env.str("SAML_CLIENT_KEY_FILE", "key.pem"),
-        "cert_file": env.str("SAML_CLIENT_CERT_FILE", "cert.pem"),
-        "xmlsec_binary": env.str("SAML_CLIENT_XMLSEC1", "/usr/bin/xmlsec1"),
-        "encryption_keypairs": [
-            {
-                "key_file": env.str("SAML_CLIENT_KEY_FILE", "key.pem"),
-                "cert_file": env.str("SAML_CLIENT_CERT_FILE", "cert.pem"),
-            }
-        ],
-    },
-    "DEFAULT_NEXT_URL": "/",  # Custom target redirect URL after the user get logged in. Default to /admin if not set. This setting will be overwritten if you have parameter ?next= specificed in the login URL.
-    # # Optional settings below
-    # 'NEW_USER_PROFILE': {
-    #     'USER_GROUPS': [],  # The default group name when a new user logs in
-    #     'ACTIVE_STATUS': True,  # The default active status for new users
-    #     'STAFF_STATUS': True,  # The staff status for new users
-    #     'SUPERUSER_STATUS': False,  # The superuser status for new users
-    # },
-    # 'ATTRIBUTES_MAP': {  # Change Email/UserName/FirstName/LastName to corresponding SAML2 userprofile attributes.
-    #     'email': 'Email',
-    #     'username': 'UserName',
-    #     'first_name': 'FirstName',
-    #     'last_name': 'LastName',
-    # },
-    # 'TRIGGER': {
-    #     'FIND_USER': 'path.to.your.find.user.hook.method',
-    #     'NEW_USER': 'path.to.your.new.user.hook.method',
-    #     'CREATE_USER': 'path.to.your.create.user.hook.method',
-    #     'BEFORE_LOGIN': 'path.to.your.login.hook.method',
-    # },
-    # 'ASSERTION_URL': 'https://your.url.here',  # Custom URL to validate incoming SAML requests against
-}
+if ENABLE_OIDC:
+    AUTHENTICATION_BACKENDS = tuple(
+        itertools.chain(
+            ('social_core.backends.open_id_connect.OpenIdConnectAuth',),
+            AUTHENTICATION_BACKENDS,
+        )
+    )
+    TEMPLATES[0]['OPTIONS']['context_processors'] += [
+        'social_django.context_processors.backends',
+        'social_django.context_processors.login_redirect',
+    ]
+    SOCIAL_AUTH_JSONFIELD_ENABLED = True
+    SOCIAL_AUTH_JSONFIELD_CUSTOM = 'django.db.models.JSONField'
+    SOCIAL_AUTH_USER_MODEL = AUTH_USER_MODEL
+    SOCIAL_AUTH_ADMIN_USER_SEARCH_FIELDS = [
+        'username',
+        'name',
+        'first_name',
+        'last_name',
+        'email',
+    ]
+    SOCIAL_AUTH_OIDC_OIDC_ENDPOINT = env.str(
+        'SOCIAL_AUTH_OIDC_OIDC_ENDPOINT', None
+    )
+    SOCIAL_AUTH_OIDC_KEY = env.str('SOCIAL_AUTH_OIDC_KEY', 'CHANGEME')
+    SOCIAL_AUTH_OIDC_SECRET = env.str('SOCIAL_AUTH_OIDC_SECRET', 'CHANGEME')
+    SOCIAL_AUTH_OIDC_USERNAME_KEY = env.str(
+        'SOCIAL_AUTH_OIDC_USERNAME_KEY', 'username'
+    )
 
 
 # Logging

config/urls.py

@@ -1,103 +1,87 @@
 from django.conf import settings
-from django.conf.urls import include, url
+from django.conf.urls import include
+from django.urls import path
 from django.conf.urls.static import static
 from django.contrib import admin
 from django.contrib.auth import views as auth_views
 from django.contrib.staticfiles.urls import staticfiles_urlpatterns
 from django.views import defaults as default_views
 from django.views.generic import TemplateView
 
-import django_saml2_auth.views
-
 from projectroles.views import HomeView
 
 urlpatterns = [
-    url(r"^$", HomeView.as_view(), name="home"),
-    url(
-        r"^about/$",
+    path("", HomeView.as_view(), name="home"),
+    path(
+        "about/",
         TemplateView.as_view(template_name="pages/about.html"),
         name="about",
     ),
     # Admin URLs - most occur before Django Admin, otherwise urls will be matched by that.
-    url(r"^kioscadmin/", include("kioscadmin.urls")),
+    path("kioscadmin/", include("kioscadmin.urls")),
     # Django Admin, use {% url 'admin:index' %}
-    url(settings.ADMIN_URL, admin.site.urls),
+    path(settings.ADMIN_URL, admin.site.urls),
     # Login and logout
-    url(
-        r"^login/$",
+    path(
+        "login/",
         auth_views.LoginView.as_view(template_name="users/login.html"),
         name="login",
     ),
-    url(r"^logout/$", auth_views.logout_then_login, name="logout"),
+    path("logout/", auth_views.logout_then_login, name="logout"),
     # Auth
-    url(r"api/auth/", include("knox.urls")),
+    path("api/auth/", include("knox.urls")),
     # Projectroles URLs
-    url(r"^project/", include("projectroles.urls")),
+    path("project/", include("projectroles.urls")),
     # Timeline URLs
-    url(r"^timeline/", include("timeline.urls")),
+    path("timeline/", include("timeline.urls")),
     # django-db-file-storage URLs (obfuscated for users)
     # TODO: Change the URL to something obfuscated (e.g. random string)
-    url(r"^CHANGE-ME/", include("db_file_storage.urls")),
+    path("CHANGE-ME/", include("db_file_storage.urls")),
     # Background Jobs URLs
-    url(r"^bgjobs/", include("bgjobs.urls")),
+    path("bgjobs/", include("bgjobs.urls")),
     # Data Cache app
-    # url(r'^cache/', include('sodarcache.urls')),
+    # path(r'^cache/', include('sodarcache.urls')),
     # User Profile URLs
-    url(r"^user/", include("userprofile.urls")),
+    path("user/", include("userprofile.urls")),
     # Admin Alerts URLs
-    url(r"^adminalerts/", include("adminalerts.urls")),
+    path("adminalerts/", include("adminalerts.urls")),
     # App Alerts URLs
-    url("^appalerts/", include("appalerts.urls")),
+    path("appalerts/", include("appalerts.urls")),
     # Site Info URLs
-    url(r"^siteinfo/", include("siteinfo.urls")),
+    path("siteinfo/", include("siteinfo.urls")),
     # API Tokens URLs
-    url(r"^tokens/", include("tokens.urls")),
+    path("tokens/", include("tokens.urls")),
     # Containers URLs
-    url(r"^containers/", include("containers.urls")),
+    path("containers/", include("containers.urls")),
     # Containertemplates URLs
-    url(r"^containertemplates/", include("containertemplates.urls")),
+    path("containertemplates/", include("containertemplates.urls")),
     # Iconify icon URLs
-    url(r"^icons/", include("dj_iconify.urls")),
-    # These are the SAML2 related URLs. You can change "^saml2_auth/" regex to
-    # any path you want, like "^sso_auth/", "^sso_login/", etc. (required)
-    # url(r'^saml2_auth/', include('django_saml2_auth.urls')),
-    # The following line will replace the default user login with SAML2 (optional)
-    # If you want to specific the after-login-redirect-URL, use parameter "?next=/the/path/you/want"
-    # with this view.
-    # url(r'^sso/login/$', django_saml2_auth.views.signin),
-    # The following line will replace the admin login with SAML2 (optional)
-    # If you want to specific the after-login-redirect-URL, use parameter "?next=/the/path/you/want"
-    # with this view.
-    # url(r'^sso/admin/login/$', django_saml2_auth.views.signin),
-    # The following line will replace the default user logout with the signout page (optional)
-    # url(r'^sso/logout/$', django_saml2_auth.views.signout),
-    # The following line will replace the default admin user logout with the signout page (optional)
-    # url(r'^sso/admin/logout/$', django_saml2_auth.views.signout),
+    path("icons/", include("dj_iconify.urls")),
 ] + static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
 
 if settings.KIOSC_EMBEDDED_FILES:
-    urlpatterns.append(url(r"^files/", include("filesfolders.urls")))
+    urlpatterns.append(path("files/", include("filesfolders.urls")))
 
 if settings.DEBUG:
     # This allows the error pages to be debugged during development, just visit
     # these url in browser to see how these error pages look like.
     urlpatterns += [
-        url(
-            r"^400/$",
+        path(
+            "400/",
             default_views.bad_request,
             kwargs={"exception": Exception("Bad Request!")},
         ),
-        url(
-            r"^403/$",
+        path(
+            "403/",
             default_views.permission_denied,
             kwargs={"exception": Exception("Permission Denied")},
         ),
-        url(
-            r"^404/$",
+        path(
+            "404/",
             default_views.page_not_found,
             kwargs={"exception": Exception("Page not Found")},
         ),
-        url(r"^500/$", default_views.server_error),
+        path("500/", default_views.server_error),
     ]
 
     urlpatterns += staticfiles_urlpatterns()
@@ -106,5 +90,5 @@
         import debug_toolbar
 
         urlpatterns = [
-            url(r"^__debug__/", include(debug_toolbar.urls))
+            path("__debug__/", include(debug_toolbar.urls))
         ] + urlpatterns

containers/migrations/0012_alter_containerbackgroundjob_bg_job.py

@@ -0,0 +1,25 @@
+# Generated by Django 4.2.16 on 2024-10-23 15:47
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("bgjobs", "0001_squashed_0006_auto_20200526_1657"),
+        ("containers", "0011_alter_container_container_path"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="containerbackgroundjob",
+            name="bg_job",
+            field=models.ForeignKey(
+                help_text="Background job for state etc.",
+                on_delete=django.db.models.deletion.CASCADE,
+                related_name="%(app_label)s_%(class)s_related",
+                to="bgjobs.backgroundjob",
+            ),
+        ),
+    ]