Skip to content

Commit

Permalink
refactor(admin): admin interface is always enabled
Browse files Browse the repository at this point in the history
  • Loading branch information
@angela-tran
angela-tran committed Feb 8, 2024
1 parent ecdf040 commit 485c660
Show file tree
Hide file tree
Showing 7 changed files with 84 additions and 116 deletions.
73 changes: 36 additions & 37 deletions benefits/core/admin.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,43 +2,42 @@
The core application: Admin interface configuration.
"""

import logging
import requests

from django.conf import settings

if settings.ADMIN:
import logging
from django.contrib import admin
from . import models

logger = logging.getLogger(__name__)

for model in [
models.EligibilityType,
models.EligibilityVerifier,
models.PaymentProcessor,
models.PemData,
models.TransitAgency,
]:
logger.debug(f"Register {model.__name__}")
admin.site.register(model)

def pre_login_user(user, request):
logger.debug(f"Running pre-login callback for user: {user.username}")
token = request.session.get("google_sso_access_token")
if token:
headers = {
"Authorization": f"Bearer {token}",
}

# Request Google user info to get name and email
url = "https://www.googleapis.com/oauth2/v3/userinfo"
response = requests.get(url, headers=headers, timeout=settings.REQUESTS_TIMEOUT)
user_data = response.json()
logger.debug(f"Updating admin user data from Google for user with email: {user_data['email']}")

user.first_name = user_data["given_name"]
user.last_name = user_data["family_name"]
user.username = user_data["email"]
user.email = user_data["email"]
user.save()
from django.contrib import admin
from . import models

logger = logging.getLogger(__name__)


for model in [
models.EligibilityType,
models.EligibilityVerifier,
models.PaymentProcessor,
models.PemData,
models.TransitAgency,
]:
logger.debug(f"Register {model.__name__}")
admin.site.register(model)

def pre_login_user(user, request):
logger.debug(f"Running pre-login callback for user: {user.username}")
token = request.session.get("google_sso_access_token")
if token:
headers = {
"Authorization": f"Bearer {token}",
}

# Request Google user info to get name and email
url = "https://www.googleapis.com/oauth2/v3/userinfo"
response = requests.get(url, headers=headers, timeout=settings.REQUESTS_TIMEOUT)
user_data = response.json()
logger.debug(f"Updating admin user data from Google for user with email: {user_data['email']}")

user.first_name = user_data["given_name"]
user.last_name = user_data["family_name"]
user.username = user_data["email"]
user.email = user_data["email"]
user.save()
97 changes: 40 additions & 57 deletions benefits/settings.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,39 +45,33 @@ def RUNTIME_ENVIRONMENT():
# Application definition

INSTALLED_APPS = [
"django.contrib.admin",
"django.contrib.auth",
"django.contrib.contenttypes",
"django.contrib.messages",
"django.contrib.sessions",
"django.contrib.staticfiles",
"django_google_sso",
"benefits.core",
"benefits.enrollment",
"benefits.eligibility",
"benefits.oauth",
]

if ADMIN:
GOOGLE_SSO_CLIENT_ID = os.environ.get("GOOGLE_SSO_CLIENT_ID", "secret")
GOOGLE_SSO_PROJECT_ID = os.environ.get("GOOGLE_SSO_PROJECT_ID", "benefits-admin")
GOOGLE_SSO_CLIENT_SECRET = os.environ.get("GOOGLE_SSO_CLIENT_SECRET", "secret")
GOOGLE_SSO_ALLOWABLE_DOMAINS = _filter_empty(os.environ.get("GOOGLE_SSO_ALLOWABLE_DOMAINS", "compiler.la").split(","))
GOOGLE_SSO_STAFF_LIST = _filter_empty(os.environ.get("GOOGLE_SSO_STAFF_LIST", "").split(","))
GOOGLE_SSO_SUPERUSER_LIST = _filter_empty(os.environ.get("GOOGLE_SSO_SUPERUSER_LIST", "").split(","))
GOOGLE_SSO_LOGO_URL = "/static/img/icon/google_sso_logo.svg"
GOOGLE_SSO_SAVE_ACCESS_TOKEN = True
GOOGLE_SSO_PRE_LOGIN_CALLBACK = "benefits.core.admin.pre_login_user"
GOOGLE_SSO_SCOPES = [
"openid",
"https://www.googleapis.com/auth/userinfo.email",
"https://www.googleapis.com/auth/userinfo.profile",
]

INSTALLED_APPS.extend(
[
"django.contrib.admin",
"django.contrib.auth",
"django.contrib.contenttypes",
"django_google_sso", # Add django_google_sso
]
)
GOOGLE_SSO_CLIENT_ID = os.environ.get("GOOGLE_SSO_CLIENT_ID", "secret")
GOOGLE_SSO_PROJECT_ID = os.environ.get("GOOGLE_SSO_PROJECT_ID", "benefits-admin")
GOOGLE_SSO_CLIENT_SECRET = os.environ.get("GOOGLE_SSO_CLIENT_SECRET", "secret")
GOOGLE_SSO_ALLOWABLE_DOMAINS = _filter_empty(os.environ.get("GOOGLE_SSO_ALLOWABLE_DOMAINS", "compiler.la").split(","))
GOOGLE_SSO_STAFF_LIST = _filter_empty(os.environ.get("GOOGLE_SSO_STAFF_LIST", "").split(","))
GOOGLE_SSO_SUPERUSER_LIST = _filter_empty(os.environ.get("GOOGLE_SSO_SUPERUSER_LIST", "").split(","))
GOOGLE_SSO_LOGO_URL = "/static/img/icon/google_sso_logo.svg"
GOOGLE_SSO_SAVE_ACCESS_TOKEN = True
GOOGLE_SSO_PRE_LOGIN_CALLBACK = "benefits.core.admin.pre_login_user"
GOOGLE_SSO_SCOPES = [
"openid",
"https://www.googleapis.com/auth/userinfo.email",
"https://www.googleapis.com/auth/userinfo.profile",
]

MIDDLEWARE = [
"django.middleware.security.SecurityMiddleware",
Expand All @@ -91,16 +85,10 @@ def RUNTIME_ENVIRONMENT():
"django.middleware.clickjacking.XFrameOptionsMiddleware",
"csp.middleware.CSPMiddleware",
"benefits.core.middleware.ChangedLanguageEvent",
"django.contrib.auth.middleware.AuthenticationMiddleware",
"django.contrib.messages.middleware.MessageMiddleware",
]

if ADMIN:
MIDDLEWARE.extend(
[
"django.contrib.auth.middleware.AuthenticationMiddleware",
"django.contrib.messages.middleware.MessageMiddleware",
]
)

if DEBUG:
MIDDLEWARE.append("benefits.core.middleware.DebugSession")

Expand Down Expand Up @@ -162,13 +150,12 @@ def RUNTIME_ENVIRONMENT():
]
)

if ADMIN:
template_ctx_processors.extend(
[
"django.contrib.auth.context_processors.auth",
"django.contrib.messages.context_processors.messages",
]
)
template_ctx_processors.extend(
[
"django.contrib.auth.context_processors.auth",
"django.contrib.messages.context_processors.messages",
]
)

TEMPLATES = [
{
Expand All @@ -193,25 +180,21 @@ def RUNTIME_ENVIRONMENT():

# Password validation

AUTH_PASSWORD_VALIDATORS = []
AUTH_PASSWORD_VALIDATORS = [
{
"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
},
{
"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
},
{
"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",
},
{
"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",
},
]

if ADMIN:
AUTH_PASSWORD_VALIDATORS.extend(
[
{
"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
},
{
"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
},
{
"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",
},
{
"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",
},
]
)

# Internationalization

Expand Down
13 changes: 4 additions & 9 deletions benefits/urls.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
import logging

from django.conf import settings
from django.contrib import admin
from django.http import HttpResponse
from django.urls import include, path

Expand Down Expand Up @@ -46,12 +47,6 @@ def test_secret(request):

urlpatterns.append(path("testsecret/", test_secret))


if settings.ADMIN:
from django.contrib import admin

logger.debug("Register admin urls")
urlpatterns.append(path("admin/", admin.site.urls))
urlpatterns.append(path("google_sso/", include("django_google_sso.urls", namespace="django_google_sso")))
else:
logger.debug("Skip url registrations for admin")
logger.debug("Register admin urls")
urlpatterns.append(path("admin/", admin.site.urls))
urlpatterns.append(path("google_sso/", include("django_google_sso.urls", namespace="django_google_sso")))
6 changes: 3 additions & 3 deletions docs/configuration/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,10 +55,10 @@ from django.config import settings

# ...

if settings.ADMIN:
# do something when admin is enabled
if settings.DEBUG:
# do something when debug is enabled
else:
# do something else when admin is disabled
# do something else when debug is disabled
```

Through the [Django model][django-model] framework, `benefits.core.models` instances are used to access the configuration data:
Expand Down
7 changes: 0 additions & 7 deletions docs/configuration/environment-variables.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,13 +24,6 @@ If blank or an invalid key, analytics events aren't captured (though may still b

## Django

### `DJANGO_ADMIN`

Boolean:

- `True`: activates Django's built-in admin interface for content authoring.
- `False` (default): skips this activation.

### `DJANGO_ALLOWED_HOSTS`

!!! warning "Deployment configuration"
Expand Down
3 changes: 1 addition & 2 deletions docs/getting-started/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,8 +56,7 @@ docker compose up client

After initialization, the client is running running on `http://localhost:8000` by default.

If `DJANGO_ADMIN=true`, the backend administrative interface can be accessed at the `/admin` route using the superuser account
you setup as part of initialization.
The backend administrative interface can be accessed at the `/admin` route using the superuser account you setup as part of initialization.

By default, sample values are used to initialize Django. Alternatively you may:

Expand Down
1 change: 0 additions & 1 deletion terraform/app_service.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,6 @@ resource "azurerm_linux_web_app" "main" {
"REQUESTS_READ_TIMEOUT" = "${local.secret_prefix}requests-read-timeout)",

# Django settings
"DJANGO_ADMIN" = "${local.secret_prefix}django-admin)",
"DJANGO_ALLOWED_HOSTS" = "${local.secret_prefix}django-allowed-hosts)",
"DJANGO_DB_DIR" = "${local.secret_prefix}django-db-dir)",
"DJANGO_DEBUG" = local.is_prod ? null : "${local.secret_prefix}django-debug)",
Expand Down

0 comments on commit 485c660

Please sign in to comment.