Adding github enterprise auth backend for social auth (#365)

* adding github enterprise auth backend for social auth
Signed-off-by: vsoch <[email protected]>

CHANGELOG.md

@@ -12,6 +12,7 @@ represented by the pull requests that fixed them. Critical items to know are:
 
 
 ## [master](https://github.com/singularityhub/sregistry/tree/master) (master)
+ - adding GitHub enterprise backend for social auth (1.1.35)
  - remove un-needed lib PyYaml (1.1.34)
  - updating Django and Django Restframework (1.1.33)
  - API endpoint to create a collection (1.1.32)

VERSION

@@ -1 +1 @@
-1.1.34
+1.1.35

docs/_docs/install/settings.md

@@ -42,9 +42,11 @@ ENABLE_TWITTER_AUTH=False
 ENABLE_GITHUB_AUTH=True
 ENABLE_GITLAB_AUTH=False
 ENABLE_BITBUCKET_AUTH=False
+ENABLE_GITHUB_ENTERPRISE_AUTH=False
 ```
 
-and you will need at least one to log in. I've found that Github works the fastest and easiest, and then Google. Twitter now requires an actual server name and won't work with localost, but if you are deploying on a server with a proper domain go ahead and use it. All avenues are extremely specific with regard to callback urls, so you should be very careful in setting them up. If you want automated builds from a repository
+and you will need at least one to log in. I've found that GitHub works the fastest and easiest, and then Google.
+Twitter now requires an actual server name and won't work with localhost, but if you are deploying on a server with a proper domain go ahead and use it. All avenues are extremely specific with regard to callback urls, so you should be very careful in setting them up. If you want automated builds from a repository
 integration with Google Cloud Build, then you must use GitHub.
 
 ## Plugins
@@ -75,6 +77,7 @@ SOCIAL_AUTH_GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS = {
 
 Google is great in letting you specify multiple acceptable callback urls, so you should set every version of `http://127.0.0.1/complete/google-oauth2` (I did with and without http/https, along with the ending and without the ending slash, just in case). Note that `1.` extra arguments have been added to ensure that users can refresh tokens, and `2.` in testing I was using `http` and not `https`, and I eventually added `https` (and so the url was adjusted accordingly). Next, we need to follow instructions for [web applications](https://developers.google.com/identity/protocols/OAuth2WebServer). 
 
+
 ### Setting up Github OAuth
 
 For users to connect to Github, you need to [register a new application](https://github.com/settings/applications/new), and add the key and secret to your `secrets.py` file like this: 
@@ -95,7 +98,25 @@ SOCIAL_AUTH_GITHUB_SCOPE = ["admin:repo_hook",
 
 The callback url should be in the format `http://127.0.0.1/complete/github`, and replace the localhost address with your domain. See the [Github Developers](https://github.com/settings/developers) pages to browse more information on the Github APIs.
 
+
+### Setting up Github Enterprise OAuth
+
+The GitHub Exterprise [docs are here](https://python-social-auth.readthedocs.io/en/latest/backends/github_enterprise.html).  You will want to register a new application on your instance of GitHub Enterprise in Developer Settings, set the callback URL to "http://example.com/complete/github-enterprise/" replacing example.com with your domain, and then the following environment variables should be defined in your secrets.
+
+```python
+# The URL for your GitHub Enterprise appliance:
+SOCIAL_AUTH_GITHUB_ENTERPRISE_URL = "https://git.example.com/"
+
+# Set the API URL for your GitHub Enterprise appliance:
+SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL = "https://git.example.com/api/v3/"
+
+# Fill the Client ID and Client Secret values from GitHub in the settings:
+SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY = ""
+SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET = ""
+```
+
 ### Gitlab OAuth2
+
 Instructions are provided [here](https://github.com/python-social-auth/social-docs/blob/master/docs/backends/gitlab.rst). Basically:
 
 1. You need to [register an application](https://gitlab.com/profile/applications), be sure to add the `read_user` scope. If you need `api`, add it to (you shouldn't).

shub/apps/base/context_processors.py

@@ -37,6 +37,7 @@ def auth_processor(request):
         "ENABLE_GOOGLE_AUTH": settings.ENABLE_GOOGLE_AUTH,
         "ENABLE_TWITTER_AUTH": settings.ENABLE_TWITTER_AUTH,
         "ENABLE_GITHUB_AUTH": settings.ENABLE_GITHUB_AUTH,
+        "ENABLE_GITHUB_ENTERPRISE_AUTH": settings.ENABLE_GITHUB_ENTERPRISE_AUTH,
         "ENABLE_GITLAB_AUTH": settings.ENABLE_GITLAB_AUTH,
         "ENABLE_BITBUCKET_AUTH": settings.ENABLE_BITBUCKET_AUTH,
         "PLUGINS_ENABLED": settings.PLUGINS_ENABLED,

shub/apps/main/views/compare.py

@@ -93,7 +93,7 @@ def generate_treemap_context(request):
 
 @ratelimit(key="ip", rate=rl_rate, block=rl_block)
 def collections_treemap(request, context=None):
-    """ collection treemap shows total size of a collection"""
+    """collection treemap shows total size of a collection"""
     if context is None:
         context = generate_treemap_context(request)
     return render(request, "singularity/collections_treemap.html", context)

shub/apps/users/models.py

@@ -71,13 +71,13 @@ def create_superuser(self, username, email, password, **extra_fields):
         return self._create_user(username, email, password, True, True, **extra_fields)
 
     def add_superuser(self, user):
-        """ Intended for existing user"""
+        """Intended for existing user"""
         user.is_superuser = True
         user.save(using=self._db)
         return user
 
     def add_staff(self, user):
-        """ Intended for existing user"""
+        """Intended for existing user"""
         user.is_staff = True
         user.save(using=self._db)
         return user
@@ -128,7 +128,7 @@ def is_team_owner(self, collection):
         return False
 
     def get_credentials(self, provider):
-        """ return one or more credentials, or None"""
+        """return one or more credentials, or None"""
         if self.is_anonymous is False:
             try:
                 # Case 1: one credential

shub/apps/users/templates/social/login.html

@@ -43,6 +43,10 @@ <h3>Hello, {{ user.get_full_name }}!</h3>
         <a class="social-button" id="github-connect" href="{% url 'social:begin' 'github' %}?next={{ domain }}{{ request.path }}">Login with Github</a>
         {% endif %}
 
+        {% if ENABLE_GITHUB_ENTERPRISE_AUTH %}
+        <a class="social-button" id="github-connect" href="{% url 'social:begin' 'github-enterprise' %}?next={{ domain }}{{ request.path }}">Login with Github Enterprise</a>
+        {% endif %}
+
         {% if ENABLE_GITLAB_AUTH %}
         <a class="social-button" id="gitlab-connect" href="{% url 'social:begin' 'gitlab' %}?next={{ domain }}{{ request.path }}">Login with Gitlab</a>
         {% endif %}

shub/settings/auth.py

@@ -20,6 +20,7 @@
     "social_core.backends.facebook.FacebookOAuth2",
     "shub.apps.users.views.auth.ShubGithubOAuth2",
     # "social_core.backends.github.GithubOAuth2",
+    "social_core.backends.github_enterprise.GithubEnterpriseOAuth2",
     "social_core.backends.gitlab.GitLabOAuth2",
     "social_core.backends.bitbucket.BitbucketOAuth2",
 )

shub/settings/config.py

@@ -16,6 +16,7 @@
 ENABLE_GITHUB_AUTH = True
 ENABLE_GITLAB_AUTH = False
 ENABLE_BITBUCKET_AUTH = False
+ENABLE_GITHUB_ENTERPRISE_AUTH = False
 
 # NOTE you will need to set authentication methods up.
 # Configuration goes into secrets.py

shub/settings/dummy_secrets.py

@@ -48,6 +48,20 @@
 # You shouldn't actually need this if we aren't using repos
 # SOCIAL_AUTH_GITHUB_SCOPE = ["repo","user"]
 
+
+# -----------------------------------------------------------------------------
+# GitHub Enterprise OAuth
+# Only required if ENABLE_GITHUB_ENTERPRISE_AUTH=True in config.py
+# See https://python-social-auth.readthedocs.io/en/latest/backends/github_enterprise.html
+# SOCIAL_AUTH_GITHUB_ENTERPRISE_URL = ""
+
+# Set the API URL for your GitHub Enterprise appliance:
+# SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL = ""
+
+# Fill the Client ID and Client Secret values from GitHub in the settings:
+# SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY = ""
+# SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET = ""
+
 # -----------------------------------------------------------------------------
 # GitLab OAuth2