From 18a52b9a220cea35da63cde5bffb5b05d5cd6939 Mon Sep 17 00:00:00 2001
From: ShraddhaAg <shraddha.agrawal000@gmail.com>
Date: Apr 27 2019 19:11:09 +0000
Subject: Add config.yml.example and sets admin permissions


This commit adds the following:

1. Adds update_user method in auth.py to set admin permissions for
new accounts and pre-existing accounts of admin users. It also
clears the permissions when a user is removed from the admin list.
2. A config.yml.example is added to get the admin list in auth.py and ADMINS
in settings/base.py
3. Adds documentation to create file config.yml using config.yml.example.
4. Adds login to Django Admin Site using OIDC and refactoring login code from
view.py.

---

diff --git a/.gitignore b/.gitignore
index 7b49c56..e96d67e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -27,3 +27,6 @@ client_secrets.json
 
 #Adding fas-admin-details.json so that the username and password does not get pushed
 fas-admin-details.json
+
+# YAML Configuration file for django 
+config.yml
\ No newline at end of file
diff --git a/config.yml.example b/config.yml.example
new file mode 100644
index 0000000..0f3b38b
--- /dev/null
+++ b/config.yml.example
@@ -0,0 +1,13 @@
+base:
+  admins: 
+  # following will populate ADMIN variable in settings/base.py 
+    - !!python/tuple ['Anna Philips', 'algogator@fedoraproject.org']
+    - !!python/tuple ['Jona Azizaj', 'jonatoni@fedoraproject.org']
+    - !!python/tuple ['Bhagyashree Uday', 'bee2502@fedoraproject.org']
+auth:
+  admins:
+  # following will be given superuser privileges
+    - jflory7
+    - jonatoni
+    - bt0dotninja
+    - anxh3l0
diff --git a/docs/setup/development.rst b/docs/setup/development.rst
index 442b5bd..02e6f3e 100644
--- a/docs/setup/development.rst
+++ b/docs/setup/development.rst
@@ -34,6 +34,8 @@ The project comes with a Dockerfile that allows easy deployment of a web server.
 
 #. Create a fas-admin-details.json file and add a json object with your FAS-Username and FAS-Password. See fas-admin-details.json.example.
 
+#. Create a config.yml file and populate it with the user's details and usernames for `ADMINS <https://docs.djangoproject.com/en/2.1/ref/settings/#admins>`_ and superuser privileges respectively.
+
 Although the Dockerfile runs the script to check if a client_secrets.json file is present, please generate it before starting the Docker container, so that client secrets are not being constantly generated every time the image is rebuilt.
 
 In order to run the web server, alongside the Redis queue and celery worker instance, simply run ``docker-compose up``.
diff --git a/happinesspackets/messaging/auth.py b/happinesspackets/messaging/auth.py
index cf0b481..de22953 100644
--- a/happinesspackets/messaging/auth.py
+++ b/happinesspackets/messaging/auth.py
@@ -1,6 +1,23 @@
 from mozilla_django_oidc.auth import OIDCAuthenticationBackend
 
+import yaml
+
+with open("config.yml", 'r') as ymlfile:
+    cfg = yaml.full_load(ymlfile)
+
 class OIDC(OIDCAuthenticationBackend):
+    def update_user(self, user, claims):
+        if user.username in cfg['auth']['admins']:
+            if not user.is_superuser: 
+                user.is_superuser = True
+                user.is_staff = True
+        else:
+            if user.is_superuser:
+                user.is_staff = False
+                user.is_superuser = False
+        user.save()
+        return user
+    
     def create_user(self, claims):
         user = super(OIDC, self).create_user(claims)
         user.username = claims.get('nickname', '')
@@ -10,4 +27,5 @@ class OIDC(OIDCAuthenticationBackend):
         except:
             user.first_name = user.username
         user.save()
-        return user
+        return self.update_user(user,claims)
+        
\ No newline at end of file
diff --git a/happinesspackets/messaging/views.py b/happinesspackets/messaging/views.py
index 8feca55..45359f3 100644
--- a/happinesspackets/messaging/views.py
+++ b/happinesspackets/messaging/views.py
@@ -98,7 +98,6 @@ class BlacklistEmailView(TemplateView):
         return HttpResponseRedirect(self.success_url)
 
 class MessageSendView(LoginRequiredMixin, FormView):
-    login_url = '/oidc/authenticate/'
     template_name = 'messaging/message_send_form.html'
     form_class = MessageSendForm
 
@@ -200,7 +199,6 @@ class MessageRecipientMessageUpdate(UpdateView):
 
 
 class UserMessageView(LoginRequiredMixin, ListView):
-    login_url = '/oidc/authenticate/'
     model = Message
     paginate_by = 5
 
diff --git a/happinesspackets/settings/base.py b/happinesspackets/settings/base.py
index dbb1b62..130f906 100644
--- a/happinesspackets/settings/base.py
+++ b/happinesspackets/settings/base.py
@@ -4,6 +4,11 @@ from django.contrib.messages import constants as messages
 from django.core.exceptions import ImproperlyConfigured
 from unipath import Path
 
+import yaml
+
+with open("config.yml", 'r') as ymlfile:
+    cfg = yaml.full_load(ymlfile)
+
 PROJECT_DIR = Path(__file__).ancestor(3)
 
 # For clean_pyc to work without complaining
@@ -11,11 +16,7 @@ BASE_DIR = PROJECT_DIR
 
 DEBUG = False
 
-ADMINS = (
-    ('Anna Philips', 'algogator@fedoraproject.org'),
-    ('Jona Azizaj', 'jonatoni@fedoraproject.org'),
-    ('Bhagyashree Uday', 'bee2502@fedoraproject.org'),
-)
+ADMINS = cfg['base']['admins']
 SERVER_EMAIL = ADMINS[0][1]
 
 DEFAULT_FROM_EMAIL = "Happiness Packets <fedora.happinesspackets@gmail.com>"
@@ -140,6 +141,7 @@ OIDC_OP_USER_ENDPOINT = "https://iddev.fedorainfracloud.org/openidc/UserInfo"
 LOGIN_REDIRECT_URL = '/'
 LOGOUT_REDIRECT_URL = '/'
 LOGIN_REDIRECT_URL_FAILURE = '/error'
+LOGIN_URL = '/oidc/authenticate/'
 OIDC_RP_SCOPES = 'openid profile email'
 
 LOGGING = {
@@ -216,4 +218,4 @@ def get_env_variable(var_name):
         return os.environ[var_name]
     except KeyError:
         error_msg = "Set the %s environment variable" % var_name
-        raise ImproperlyConfigured(error_msg)
+        raise ImproperlyConfigured(error_msg)
\ No newline at end of file
diff --git a/happinesspackets/urls.py b/happinesspackets/urls.py
index 7cb90be..b9bc293 100644
--- a/happinesspackets/urls.py
+++ b/happinesspackets/urls.py
@@ -5,6 +5,7 @@ from django.conf import settings
 from django.urls import include, re_path, path
 from django.conf.urls.static import static
 from django.contrib import admin
+from django.views.generic.base import RedirectView
 
 urlpatterns = [
     re_path(r'^oidc/', include('mozilla_django_oidc.urls')),
@@ -12,11 +13,13 @@ urlpatterns = [
 ]
 
 if settings.ADMIN_ENABLED or settings.DEBUG:
-    urlpatterns.append(re_path(r'^drunken-octo-lama/', admin.site.urls))
+    urlpatterns += [
+        re_path(r'^drunken-octo-lama/login/', RedirectView.as_view(url=settings.LOGIN_URL, permanent=True, query_string=True)),
+        re_path(r'^drunken-octo-lama/', admin.site.urls)
+    ]
 
 if settings.DEBUG:
     import debug_toolbar
     urlpatterns += [
         path('__debug__/', include(debug_toolbar.urls))
-        ] + static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
-
+    ] + static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
\ No newline at end of file
diff --git a/requirements/base.txt b/requirements/base.txt
index 0c5143b..d18128a 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -44,3 +44,6 @@ django-haystack==2.8.1
 
 #python-fedora for f-a-s API
 python-fedora==0.10.0
+
+# Dependency for YAML file
+pyyaml==5.1