diff --git a/benefits/core/admin.py b/benefits/core/admin.py index 68c0456980..f6058d0aa3 100644 --- a/benefits/core/admin.py +++ b/benefits/core/admin.py @@ -2,43 +2,42 @@ The core application: Admin interface configuration. """ +import logging import requests from django.conf import settings - -if settings.ADMIN: - import logging - from django.contrib import admin - from . import models - - logger = logging.getLogger(__name__) - - for model in [ - models.EligibilityType, - models.EligibilityVerifier, - models.PaymentProcessor, - models.PemData, - models.TransitAgency, - ]: - logger.debug(f"Register {model.__name__}") - admin.site.register(model) - - def pre_login_user(user, request): - logger.debug(f"Running pre-login callback for user: {user.username}") - token = request.session.get("google_sso_access_token") - if token: - headers = { - "Authorization": f"Bearer {token}", - } - - # Request Google user info to get name and email - url = "https://www.googleapis.com/oauth2/v3/userinfo" - response = requests.get(url, headers=headers, timeout=settings.REQUESTS_TIMEOUT) - user_data = response.json() - logger.debug(f"Updating admin user data from Google for user with email: {user_data['email']}") - - user.first_name = user_data["given_name"] - user.last_name = user_data["family_name"] - user.username = user_data["email"] - user.email = user_data["email"] - user.save() +from django.contrib import admin +from . import models + +logger = logging.getLogger(__name__) + + +for model in [ + models.EligibilityType, + models.EligibilityVerifier, + models.PaymentProcessor, + models.PemData, + models.TransitAgency, +]: + logger.debug(f"Register {model.__name__}") + admin.site.register(model) + +def pre_login_user(user, request): + logger.debug(f"Running pre-login callback for user: {user.username}") + token = request.session.get("google_sso_access_token") + if token: + headers = { + "Authorization": f"Bearer {token}", + } + + # Request Google user info to get name and email + url = "https://www.googleapis.com/oauth2/v3/userinfo" + response = requests.get(url, headers=headers, timeout=settings.REQUESTS_TIMEOUT) + user_data = response.json() + logger.debug(f"Updating admin user data from Google for user with email: {user_data['email']}") + + user.first_name = user_data["given_name"] + user.last_name = user_data["family_name"] + user.username = user_data["email"] + user.email = user_data["email"] + user.save() diff --git a/benefits/settings.py b/benefits/settings.py index 3323fb03c1..9a0496cbe9 100644 --- a/benefits/settings.py +++ b/benefits/settings.py @@ -45,39 +45,33 @@ def RUNTIME_ENVIRONMENT(): # Application definition INSTALLED_APPS = [ + "django.contrib.admin", + "django.contrib.auth", + "django.contrib.contenttypes", "django.contrib.messages", "django.contrib.sessions", "django.contrib.staticfiles", + "django_google_sso", "benefits.core", "benefits.enrollment", "benefits.eligibility", "benefits.oauth", ] -if ADMIN: - GOOGLE_SSO_CLIENT_ID = os.environ.get("GOOGLE_SSO_CLIENT_ID", "secret") - GOOGLE_SSO_PROJECT_ID = os.environ.get("GOOGLE_SSO_PROJECT_ID", "benefits-admin") - GOOGLE_SSO_CLIENT_SECRET = os.environ.get("GOOGLE_SSO_CLIENT_SECRET", "secret") - GOOGLE_SSO_ALLOWABLE_DOMAINS = _filter_empty(os.environ.get("GOOGLE_SSO_ALLOWABLE_DOMAINS", "compiler.la").split(",")) - GOOGLE_SSO_STAFF_LIST = _filter_empty(os.environ.get("GOOGLE_SSO_STAFF_LIST", "").split(",")) - GOOGLE_SSO_SUPERUSER_LIST = _filter_empty(os.environ.get("GOOGLE_SSO_SUPERUSER_LIST", "").split(",")) - GOOGLE_SSO_LOGO_URL = "/static/img/icon/google_sso_logo.svg" - GOOGLE_SSO_SAVE_ACCESS_TOKEN = True - GOOGLE_SSO_PRE_LOGIN_CALLBACK = "benefits.core.admin.pre_login_user" - GOOGLE_SSO_SCOPES = [ - "openid", - "https://www.googleapis.com/auth/userinfo.email", - "https://www.googleapis.com/auth/userinfo.profile", - ] - - INSTALLED_APPS.extend( - [ - "django.contrib.admin", - "django.contrib.auth", - "django.contrib.contenttypes", - "django_google_sso", # Add django_google_sso - ] - ) +GOOGLE_SSO_CLIENT_ID = os.environ.get("GOOGLE_SSO_CLIENT_ID", "secret") +GOOGLE_SSO_PROJECT_ID = os.environ.get("GOOGLE_SSO_PROJECT_ID", "benefits-admin") +GOOGLE_SSO_CLIENT_SECRET = os.environ.get("GOOGLE_SSO_CLIENT_SECRET", "secret") +GOOGLE_SSO_ALLOWABLE_DOMAINS = _filter_empty(os.environ.get("GOOGLE_SSO_ALLOWABLE_DOMAINS", "compiler.la").split(",")) +GOOGLE_SSO_STAFF_LIST = _filter_empty(os.environ.get("GOOGLE_SSO_STAFF_LIST", "").split(",")) +GOOGLE_SSO_SUPERUSER_LIST = _filter_empty(os.environ.get("GOOGLE_SSO_SUPERUSER_LIST", "").split(",")) +GOOGLE_SSO_LOGO_URL = "/static/img/icon/google_sso_logo.svg" +GOOGLE_SSO_SAVE_ACCESS_TOKEN = True +GOOGLE_SSO_PRE_LOGIN_CALLBACK = "benefits.core.admin.pre_login_user" +GOOGLE_SSO_SCOPES = [ + "openid", + "https://www.googleapis.com/auth/userinfo.email", + "https://www.googleapis.com/auth/userinfo.profile", +] MIDDLEWARE = [ "django.middleware.security.SecurityMiddleware", @@ -91,16 +85,10 @@ def RUNTIME_ENVIRONMENT(): "django.middleware.clickjacking.XFrameOptionsMiddleware", "csp.middleware.CSPMiddleware", "benefits.core.middleware.ChangedLanguageEvent", + "django.contrib.auth.middleware.AuthenticationMiddleware", + "django.contrib.messages.middleware.MessageMiddleware", ] -if ADMIN: - MIDDLEWARE.extend( - [ - "django.contrib.auth.middleware.AuthenticationMiddleware", - "django.contrib.messages.middleware.MessageMiddleware", - ] - ) - if DEBUG: MIDDLEWARE.append("benefits.core.middleware.DebugSession") @@ -162,13 +150,12 @@ def RUNTIME_ENVIRONMENT(): ] ) -if ADMIN: - template_ctx_processors.extend( - [ - "django.contrib.auth.context_processors.auth", - "django.contrib.messages.context_processors.messages", - ] - ) +template_ctx_processors.extend( + [ + "django.contrib.auth.context_processors.auth", + "django.contrib.messages.context_processors.messages", + ] +) TEMPLATES = [ { @@ -193,25 +180,21 @@ def RUNTIME_ENVIRONMENT(): # Password validation -AUTH_PASSWORD_VALIDATORS = [] +AUTH_PASSWORD_VALIDATORS = [ + { + "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator", + }, + { + "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator", + }, + { + "NAME": "django.contrib.auth.password_validation.CommonPasswordValidator", + }, + { + "NAME": "django.contrib.auth.password_validation.NumericPasswordValidator", + }, +] -if ADMIN: - AUTH_PASSWORD_VALIDATORS.extend( - [ - { - "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator", - }, - { - "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator", - }, - { - "NAME": "django.contrib.auth.password_validation.CommonPasswordValidator", - }, - { - "NAME": "django.contrib.auth.password_validation.NumericPasswordValidator", - }, - ] - ) # Internationalization diff --git a/benefits/urls.py b/benefits/urls.py index 39f12915fb..0a5d658ecb 100644 --- a/benefits/urls.py +++ b/benefits/urls.py @@ -8,6 +8,7 @@ import logging from django.conf import settings +from django.contrib import admin from django.http import HttpResponse from django.urls import include, path @@ -46,12 +47,6 @@ def test_secret(request): urlpatterns.append(path("testsecret/", test_secret)) - -if settings.ADMIN: - from django.contrib import admin - - logger.debug("Register admin urls") - urlpatterns.append(path("admin/", admin.site.urls)) - urlpatterns.append(path("google_sso/", include("django_google_sso.urls", namespace="django_google_sso"))) -else: - logger.debug("Skip url registrations for admin") +logger.debug("Register admin urls") +urlpatterns.append(path("admin/", admin.site.urls)) +urlpatterns.append(path("google_sso/", include("django_google_sso.urls", namespace="django_google_sso"))) diff --git a/docs/configuration/README.md b/docs/configuration/README.md index 9e0a29e962..ef12dcedea 100644 --- a/docs/configuration/README.md +++ b/docs/configuration/README.md @@ -55,10 +55,10 @@ from django.config import settings # ... -if settings.ADMIN: - # do something when admin is enabled +if settings.DEBUG: + # do something when debug is enabled else: - # do something else when admin is disabled + # do something else when debug is disabled ``` Through the [Django model][django-model] framework, `benefits.core.models` instances are used to access the configuration data: diff --git a/docs/configuration/environment-variables.md b/docs/configuration/environment-variables.md index b699fd9091..bdf8e15cc0 100644 --- a/docs/configuration/environment-variables.md +++ b/docs/configuration/environment-variables.md @@ -24,13 +24,6 @@ If blank or an invalid key, analytics events aren't captured (though may still b ## Django -### `DJANGO_ADMIN` - -Boolean: - -- `True`: activates Django's built-in admin interface for content authoring. -- `False` (default): skips this activation. - ### `DJANGO_ALLOWED_HOSTS` !!! warning "Deployment configuration" diff --git a/docs/getting-started/README.md b/docs/getting-started/README.md index 4ddea7ce16..ac2b5475c9 100644 --- a/docs/getting-started/README.md +++ b/docs/getting-started/README.md @@ -56,8 +56,7 @@ docker compose up client After initialization, the client is running running on `http://localhost:8000` by default. -If `DJANGO_ADMIN=true`, the backend administrative interface can be accessed at the `/admin` route using the superuser account -you setup as part of initialization. +The backend administrative interface can be accessed at the `/admin` route using the superuser account you setup as part of initialization. By default, sample values are used to initialize Django. Alternatively you may: diff --git a/terraform/app_service.tf b/terraform/app_service.tf index 7caa103ea0..967e41723c 100644 --- a/terraform/app_service.tf +++ b/terraform/app_service.tf @@ -66,7 +66,6 @@ resource "azurerm_linux_web_app" "main" { "REQUESTS_READ_TIMEOUT" = "${local.secret_prefix}requests-read-timeout)", # Django settings - "DJANGO_ADMIN" = "${local.secret_prefix}django-admin)", "DJANGO_ALLOWED_HOSTS" = "${local.secret_prefix}django-allowed-hosts)", "DJANGO_DB_DIR" = "${local.secret_prefix}django-db-dir)", "DJANGO_DEBUG" = local.is_prod ? null : "${local.secret_prefix}django-debug)",