From 761f386f03b20f560c7ccfd103d3960fa5b053cd Mon Sep 17 00:00:00 2001 From: Vanessasaurus <814322+vsoch@users.noreply.github.com> Date: Sun, 30 May 2021 10:43:44 -0600 Subject: [PATCH] Adding github enterprise auth backend for social auth (#365) * adding github enterprise auth backend for social auth Signed-off-by: vsoch --- CHANGELOG.md | 1 + VERSION | 2 +- docs/_docs/install/settings.md | 23 ++++++++++++++++++++- shub/apps/base/context_processors.py | 1 + shub/apps/main/views/compare.py | 2 +- shub/apps/users/models.py | 6 +++--- shub/apps/users/templates/social/login.html | 4 ++++ shub/settings/auth.py | 1 + shub/settings/config.py | 1 + shub/settings/dummy_secrets.py | 14 +++++++++++++ 10 files changed, 49 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0e5d9312..5d47cb94 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ represented by the pull requests that fixed them. Critical items to know are: ## [master](https://github.com/singularityhub/sregistry/tree/master) (master) + - adding GitHub enterprise backend for social auth (1.1.35) - remove un-needed lib PyYaml (1.1.34) - updating Django and Django Restframework (1.1.33) - API endpoint to create a collection (1.1.32) diff --git a/VERSION b/VERSION index 73a29c94..13fec672 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.1.34 +1.1.35 diff --git a/docs/_docs/install/settings.md b/docs/_docs/install/settings.md index 19d8f242..92372a45 100644 --- a/docs/_docs/install/settings.md +++ b/docs/_docs/install/settings.md @@ -42,9 +42,11 @@ ENABLE_TWITTER_AUTH=False ENABLE_GITHUB_AUTH=True ENABLE_GITLAB_AUTH=False ENABLE_BITBUCKET_AUTH=False +ENABLE_GITHUB_ENTERPRISE_AUTH=False ``` -and you will need at least one to log in. I've found that Github works the fastest and easiest, and then Google. Twitter now requires an actual server name and won't work with localost, but if you are deploying on a server with a proper domain go ahead and use it. All avenues are extremely specific with regard to callback urls, so you should be very careful in setting them up. If you want automated builds from a repository +and you will need at least one to log in. I've found that GitHub works the fastest and easiest, and then Google. +Twitter now requires an actual server name and won't work with localhost, but if you are deploying on a server with a proper domain go ahead and use it. All avenues are extremely specific with regard to callback urls, so you should be very careful in setting them up. If you want automated builds from a repository integration with Google Cloud Build, then you must use GitHub. ## Plugins @@ -75,6 +77,7 @@ SOCIAL_AUTH_GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS = { Google is great in letting you specify multiple acceptable callback urls, so you should set every version of `http://127.0.0.1/complete/google-oauth2` (I did with and without http/https, along with the ending and without the ending slash, just in case). Note that `1.` extra arguments have been added to ensure that users can refresh tokens, and `2.` in testing I was using `http` and not `https`, and I eventually added `https` (and so the url was adjusted accordingly). Next, we need to follow instructions for [web applications](https://developers.google.com/identity/protocols/OAuth2WebServer). + ### Setting up Github OAuth For users to connect to Github, you need to [register a new application](https://github.com/settings/applications/new), and add the key and secret to your `secrets.py` file like this: @@ -95,7 +98,25 @@ SOCIAL_AUTH_GITHUB_SCOPE = ["admin:repo_hook", The callback url should be in the format `http://127.0.0.1/complete/github`, and replace the localhost address with your domain. See the [Github Developers](https://github.com/settings/developers) pages to browse more information on the Github APIs. + +### Setting up Github Enterprise OAuth + +The GitHub Exterprise [docs are here](https://python-social-auth.readthedocs.io/en/latest/backends/github_enterprise.html). You will want to register a new application on your instance of GitHub Enterprise in Developer Settings, set the callback URL to "http://example.com/complete/github-enterprise/" replacing example.com with your domain, and then the following environment variables should be defined in your secrets. + +```python +# The URL for your GitHub Enterprise appliance: +SOCIAL_AUTH_GITHUB_ENTERPRISE_URL = "https://git.example.com/" + +# Set the API URL for your GitHub Enterprise appliance: +SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL = "https://git.example.com/api/v3/" + +# Fill the Client ID and Client Secret values from GitHub in the settings: +SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY = "" +SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET = "" +``` + ### Gitlab OAuth2 + Instructions are provided [here](https://github.com/python-social-auth/social-docs/blob/master/docs/backends/gitlab.rst). Basically: 1. You need to [register an application](https://gitlab.com/profile/applications), be sure to add the `read_user` scope. If you need `api`, add it to (you shouldn't). diff --git a/shub/apps/base/context_processors.py b/shub/apps/base/context_processors.py index 8f8d3d27..a83c0e0a 100644 --- a/shub/apps/base/context_processors.py +++ b/shub/apps/base/context_processors.py @@ -37,6 +37,7 @@ def auth_processor(request): "ENABLE_GOOGLE_AUTH": settings.ENABLE_GOOGLE_AUTH, "ENABLE_TWITTER_AUTH": settings.ENABLE_TWITTER_AUTH, "ENABLE_GITHUB_AUTH": settings.ENABLE_GITHUB_AUTH, + "ENABLE_GITHUB_ENTERPRISE_AUTH": settings.ENABLE_GITHUB_ENTERPRISE_AUTH, "ENABLE_GITLAB_AUTH": settings.ENABLE_GITLAB_AUTH, "ENABLE_BITBUCKET_AUTH": settings.ENABLE_BITBUCKET_AUTH, "PLUGINS_ENABLED": settings.PLUGINS_ENABLED, diff --git a/shub/apps/main/views/compare.py b/shub/apps/main/views/compare.py index abd1bc2b..aed2d82a 100644 --- a/shub/apps/main/views/compare.py +++ b/shub/apps/main/views/compare.py @@ -93,7 +93,7 @@ def generate_treemap_context(request): @ratelimit(key="ip", rate=rl_rate, block=rl_block) def collections_treemap(request, context=None): - """ collection treemap shows total size of a collection""" + """collection treemap shows total size of a collection""" if context is None: context = generate_treemap_context(request) return render(request, "singularity/collections_treemap.html", context) diff --git a/shub/apps/users/models.py b/shub/apps/users/models.py index fbe24655..cf1ebb21 100644 --- a/shub/apps/users/models.py +++ b/shub/apps/users/models.py @@ -71,13 +71,13 @@ def create_superuser(self, username, email, password, **extra_fields): return self._create_user(username, email, password, True, True, **extra_fields) def add_superuser(self, user): - """ Intended for existing user""" + """Intended for existing user""" user.is_superuser = True user.save(using=self._db) return user def add_staff(self, user): - """ Intended for existing user""" + """Intended for existing user""" user.is_staff = True user.save(using=self._db) return user @@ -128,7 +128,7 @@ def is_team_owner(self, collection): return False def get_credentials(self, provider): - """ return one or more credentials, or None""" + """return one or more credentials, or None""" if self.is_anonymous is False: try: # Case 1: one credential diff --git a/shub/apps/users/templates/social/login.html b/shub/apps/users/templates/social/login.html index 1da712ae..7e343729 100644 --- a/shub/apps/users/templates/social/login.html +++ b/shub/apps/users/templates/social/login.html @@ -43,6 +43,10 @@

Hello, {{ user.get_full_name }}!

Login with Github {% endif %} + {% if ENABLE_GITHUB_ENTERPRISE_AUTH %} + Login with Github Enterprise + {% endif %} + {% if ENABLE_GITLAB_AUTH %} Login with Gitlab {% endif %} diff --git a/shub/settings/auth.py b/shub/settings/auth.py index 703014ab..79faccb1 100644 --- a/shub/settings/auth.py +++ b/shub/settings/auth.py @@ -20,6 +20,7 @@ "social_core.backends.facebook.FacebookOAuth2", "shub.apps.users.views.auth.ShubGithubOAuth2", # "social_core.backends.github.GithubOAuth2", + "social_core.backends.github_enterprise.GithubEnterpriseOAuth2", "social_core.backends.gitlab.GitLabOAuth2", "social_core.backends.bitbucket.BitbucketOAuth2", ) diff --git a/shub/settings/config.py b/shub/settings/config.py index 34d0721b..47bfae43 100644 --- a/shub/settings/config.py +++ b/shub/settings/config.py @@ -16,6 +16,7 @@ ENABLE_GITHUB_AUTH = True ENABLE_GITLAB_AUTH = False ENABLE_BITBUCKET_AUTH = False +ENABLE_GITHUB_ENTERPRISE_AUTH = False # NOTE you will need to set authentication methods up. # Configuration goes into secrets.py diff --git a/shub/settings/dummy_secrets.py b/shub/settings/dummy_secrets.py index 1f642cf6..26c2c085 100644 --- a/shub/settings/dummy_secrets.py +++ b/shub/settings/dummy_secrets.py @@ -48,6 +48,20 @@ # You shouldn't actually need this if we aren't using repos # SOCIAL_AUTH_GITHUB_SCOPE = ["repo","user"] + +# ----------------------------------------------------------------------------- +# GitHub Enterprise OAuth +# Only required if ENABLE_GITHUB_ENTERPRISE_AUTH=True in config.py +# See https://python-social-auth.readthedocs.io/en/latest/backends/github_enterprise.html +# SOCIAL_AUTH_GITHUB_ENTERPRISE_URL = "" + +# Set the API URL for your GitHub Enterprise appliance: +# SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL = "" + +# Fill the Client ID and Client Secret values from GitHub in the settings: +# SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY = "" +# SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET = "" + # ----------------------------------------------------------------------------- # GitLab OAuth2