ready for 9.3 beta

NOAA-GSL · Apr 19, 2023 · 3382f6d · 3382f6d
1 parent 48d93f8
commit 3382f6d
Show file tree

Hide file tree

Showing 10 changed files with 167 additions and 140 deletions.
diff --git a/django_auth_saml/backend.py b/django_auth_saml/backend.py
@@ -115,8 +115,8 @@ def authenticate(self, request, **kwargs):
 
         saml_user = _SAMLUser(self, request=request)
         user = self.authenticate_saml_user(request, saml_user)
-        msg = '      user: ' + str(user) + ' for saml_user ' + str(saml_user)
-        logger.info(msg)
+        #msg = '      user: ' + str(user) + ' for saml_user ' + str(saml_user)
+        #logger.info(msg)
         if user is not None:
             user_has_authenticated.send(type(self), user=user, request=request)
         return user
@@ -388,8 +388,8 @@ def authenticate(self, request):
         User object if successful. Returns None on failure.
         """
         user = None
-        msg = "    in django_auth_saml authenticate request is " + str(request)
-        logger.debug(msg)
+        #msg = "    in django_auth_saml authenticate request is " + str(request)
+        #logger.debug(msg)
         try:
             self._authenticate_user_dn(request)
             self._check_requirements()
@@ -490,9 +490,9 @@ def prepare_django_request(self, request):
         #if len(str(result['get_data'])) > int(0):
         #    msg = '  prepare_django_request get_data = ' + str(result['get_data'])
         #    logger.debug(msg)
-        if len(str(result['post_data'])) > int(0):
-            msg = '       prepare_django_request post_data = ' + str(result['post_data'])
-            logger.debug(msg)
+        #if len(str(result['post_data'])) > int(0):
+        #    msg = '       prepare_django_request post_data = ' + str(result['post_data'])
+        #    logger.debug(msg)
         return result
 
     def _authenticate_user_dn(self, request):
@@ -521,25 +521,25 @@ def _authenticate_user_dn(self, request):
 
         if 'sso' in req['get_data']:
             login = auth.login()
-            msg = '     _authuser HttpResponseRedirect( ' + str(login) + ' )'
-            logger.info(msg)
+            #msg = '     _authuser HttpResponseRedirect( ' + str(login) + ' )'
+            #logger.info(msg)
             return HttpResponseRedirect(login)
         elif 'acs' in req['get_data']:
             request_id = None
             if 'AuthNRequestID' in request.session:
                 request_id = request.session['AuthNRequestID']
 
-            msg = "     a_u_dn acs request_id = " + str(request_id)
-            logger.info(msg)
+            #msg = "     a_u_dn acs request_id = " + str(request_id)
+            #logger.info(msg)
 
             auth.process_response(request_id=request_id)
             errors = auth.get_errors()
-            msg = "     a_u_dn auth.process_response errors = " + str(errors)
-            logger.info(msg)
+            #msg = "     a_u_dn auth.process_response errors = " + str(errors)
+            #logger.info(msg)
 
             not_auth_warn = not auth.is_authenticated()
-            msg = "     a_u_dn auth.is_authenticated() = " + str(auth.is_authenticated())
-            logger.info(msg)
+            #msg = "     a_u_dn auth.is_authenticated() = " + str(auth.is_authenticated())
+            #logger.info(msg)
             if not errors:
                 #if 'AuthNRequestID' in request.session:
                 #    del request.session['AuthNRequestID']
@@ -552,8 +552,8 @@ def _authenticate_user_dn(self, request):
                 if 'RelayState' in req['post_data'] and OneLogin_Saml2_Utils.get_self_url(req) != req['post_data']['RelayState']:
                     # To avoid 'Open Redirect' attacks, before execute the redirection confirm
                     # the value of the req['post_data']['RelayState'] is a trusted URL.
-                    msg = '        _authuser HttpResponseRedirect( ' + str(auth.redirect_to(req['post_data']['RelayState'])) + ' )'
-                    logger.info(msg)
+                    #msg = '        _authuser HttpResponseRedirect( ' + str(auth.redirect_to(req['post_data']['RelayState'])) + ' )'
+                    #logger.info(msg)
                     return HttpResponseRedirect(auth.redirect_to(req['post_data']['RelayState']))
             elif auth.get_settings().is_debug_active():
                     error_reason = auth.get_last_error_reason()
@@ -566,15 +566,15 @@ def _authenticate_user_dn(self, request):
                 for k, v in request.session['samlUserdata'].items():
                     attributes[k] = v
 
-        if attributes:
-            msg = "backend found attribute keys " + str(attributes.keys())
-            logger.debug(msg)
-        else:
-            msg = "backend did not find attributes"
-            logger.debug(msg)
-            #raise self.AuthenticationFailed(
-            #    "backend no attributes found"
-            #)
+        #if attributes:
+        #    msg = "backend found attribute keys " + str(attributes.keys())
+        #    logger.debug(msg)
+        #else:
+        #    msg = "backend did not find attributes"
+        #    logger.debug(msg)
+        #    #raise self.AuthenticationFailed(
+        #    #    "backend no attributes found"
+        #    #)
     #
     # User management
     #
@@ -609,7 +609,7 @@ def _get_or_create_user(self, force_populate=False):
             save_user = True
 
         if should_populate:
-            logger.info("Populating Django user {}".format(username))
+            #logger.info("Populating Django user {}".format(username))
             self._populate_user()
             save_user = True
 
@@ -625,8 +625,8 @@ def _get_or_create_user(self, force_populate=False):
 
         # This has to wait until we're sure the user has a pk.
         if self.settings.MIRROR_GROUPS or self.settings.MIRROR_GROUPS_EXCEPT:
-            msg = "     self._group_names = " + str(self._group_names)
-            logger.info(msg)
+            #msg = "     self._group_names = " + str(self._group_names)
+            #logger.info(msg)
             newgroups = set() 
             for (tag, usergroup) in self.settings.USER_FLAGS_BY_GROUP.items():
                 #msg = "    (tag, group) = " + str(tag) + ", " + str(usergroup)
@@ -641,7 +641,7 @@ def _get_or_create_user(self, force_populate=False):
                             msg = '     found sysadm in ' + str(sgn).lower()
                             logger.info(msg)
                             pass
-                    if str(sgn).lower() in str(usergroup).lower():
+                    if str(usergroup).lower() in str(sgn).lower():
                         ng = Group.objects.get(name=usergroup)
                         newgroups.add(ng)
             #msg = "    newgroups are: " + str(newgroups)
@@ -667,7 +667,7 @@ def _populate_user_from_attributes(self):
         #msg = 'in _populate_user_from_attributes... '
         #logger.info(msg)
         attrs = self._attrs
-        msg = '  ----   attrs[mail]: ' + str(attrs['mail'])
+        #msg = '  ----   attrs[mail]: ' + str(attrs['mail'])
         #logger.info(msg)
         date_joined = str(self._user.date_joined).split('+')[0]
         #msg = '  ----   ' + str(attrs['mail']) + ' joined on ' + date_joined

diff --git a/sites/management/commands/add_groups_and_permissions.py b/sites/management/commands/add_groups_and_permissions.py
@@ -14,4 +14,4 @@ class Command(BaseCommand):
     help = "creates and assigns permissions to all groups"
 
     def handle(self, *args, **options):
-        add_groups_and_permissions("add_groups_and_permissions")
+        add_groups_and_permissions()
diff --git a/sites/management/commands/add_organizations.py b/sites/management/commands/add_organizations.py
@@ -15,14 +15,14 @@ def handle(self, *args, **options):
             org.save()
 
 
-        for id in settings.ALL_ORGS_BY_ID:
+        for id in settings.ALL_ORGS_BY_ID.keys():
             porg = get_or_add_organization_by_name(settings.ALL_ORGS_BY_ID[id]['parent'])
             if settings.NONE_NAME in str(porg):
                 continue
 
-            for c in settings.ALL_ORGS_BY_ID[id]['name']:
-                corg = get_or_add_organization_by_name(c)
-                print("adding " + str(corg) + " to " + str(porg))
-                OrganizationNode.objects.create(parent=porg, child=corg)
+            for cid in settings.ALL_ORGS_BY_ID.keys():
+                corg = get_or_add_organization_by_name(settings.ALL_ORGS_BY_ID[cid]['name'])
+                if porg != corg:
+                    print("adding " + str(corg) + " to " + str(porg))
+                    #OrganizationNode.objects.create(parent=porg, child=corg)
 
-
diff --git a/sites/models.py b/sites/models.py
@@ -2,6 +2,7 @@
 from django.apps import apps
 from django.contrib.auth.models import User, Group, Permission
 from django.contrib.contenttypes.models import ContentType
+from django.core.mail import send_mail
 from django.utils.timezone import now
 from django.utils.safestring import mark_safe
 from hashlib import md5
@@ -12,6 +13,7 @@
 from django.core.exceptions import SuspiciousFileOperation
 from django_contrib_auth.backends import local_user_has_authenticated, local_user_cannot_authenticate, local_user_password_rejected
 from django.dispatch import receiver, Signal
+from smtplib import SMTPException
 
 import ast
 import datetime
@@ -377,6 +379,7 @@ def graph_node_id(self):
     def initstate(self):
         need_to_save = False
         state = self.get_state()
+
         if 'newproject' in self.verbose_name:
             self.verbose_name = self.name 
             need_to_save = True 
@@ -430,6 +433,11 @@ def initstate(self):
 
             need_to_save = True 
 
+        if not settings.DEBUG:
+            if not self.expiretokens:
+                self.expiretokens = True
+                need_to_save = True 
+
         # Add the file from the DB if it does not exist
         #msg = "      self.get_logo() is currently: " + str(self.get_logo())
         #logger.info(msg)
@@ -570,6 +578,19 @@ def get_attributes(self):
     def clearattrs(self):
         return self.decodedattrs 
 
+    def redact_attr(self):
+        fernet = Fernet(settings.DATA_AT_REST_KEY_ATTRS)
+        try:
+            # must be valid syntax for ast.literaleval (json)
+            msg = str("{'" + str(self) + "':'redacted'}")
+            msg = msg.replace("'", '"', 10)
+            msg = msg.encode()
+            self.attrs = fernet.encrypt(msg)
+            self.decodedattrs = 'showme' 
+            self.save()
+        except KeyError:
+            pass
+
 
 class AuthToken(models.Model):
     token = models.CharField(max_length=150, default='setme')
@@ -675,12 +696,6 @@ def get_user_attributes(self):
             attributes.append(ua)
         return attributes
 
-    def clear_user_attributes(self):
-        attributes = []
-        for ua in self.get_ua():
-            ua.attrs = None
-            ua.save()
-
     def show_user_attributes(self):
         attributes = []
         fernet = Fernet(settings.DATA_AT_REST_KEY_ATTRS)
@@ -1293,9 +1308,10 @@ def user_has_authenticated_sendemail(**kwargs):
         toaddr = [email]
         try:
             if settings.DEBUG:
-                msg = "NOT running: send_mail(subject, body, fromaddr, toaddr, fail_silently=False)"
+                msg = "DEBUG -- running: send_mail(subject, body, fromaddr, toaddr, fail_silently=False)"
                 msg = msg + ' -- toaddr: ' + str(toaddr)
                 logger.debug(msg)
+                send_mail(subject, body, fromaddr, toaddr, fail_silently=False)
             else:
                 send_mail(subject, body, fromaddr, toaddr, fail_silently=False)
         except SMTPException as e:

diff --git a/sites/saml/.settings.json.swp b/sites/saml/.settings.json.swp
diff --git a/sites/saml/prod_settings.json b/sites/saml/prod_settings.json
@@ -19,11 +19,11 @@
     "idp": {
         "entityId": "cac-idp",
         "singleSignOnService": {
-            "url": "https://sso.noaa.gov:443/openam/SSORedirect/metaAlias/cac/cac-idp",
+            "url": "https://sso.noaa.gov:443/openam/SSORedirect/metaAlias/cac/idp",
             "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
         },
         "singleLogoutService": {
-            "url": "https://sso.noaa.gov:443/openam/IDPSloRedirect/metaAlias/cac/cac-idp",
+            "url": "https://sso.noaa.gov:443/openam/IDPSloRedirect/metaAlias/cac/idp",
             "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
         },
         "x509cert": "MIIErjCCA5agAwIBAgIDAXZbMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRUwEwYDVQQDEwxET0QgU1cgQ0EtNjAwHhcNMjIwNDI1MjMzNDM1WhcNMjUwNDAyMTMzNDQ5WjB2MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTENMAsGA1UECxMERElTQTEiMCAGA1UEAxMZc3NvLm5vYWEuZ292LXNpZ25pbmctMjAyMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKT7+lcHbw5COCySht0jGbAoUJr5xaani3q+RNb923Z8CkhogS05m9SGe9q8ZyR6U6lRSBsj/DShz1OGgXX682TWSG5d5hVc6eC4PAif4lsAgZf2ZJmPWtVnarLx4RccBGfjuJYm8WcrSOIHXF6uatGbys+MMprJrN9/tvXI1C6szyIsFh8qTBex2+YEXdPXg/xwSYlcP7iGwQdH9HY6VyDDvkVLoDynGsT9aGJ6yzSE6EHLyohvPC4R727wCrT+CT9iiUE5YUwqA/6FFKUr5ioO0MALBfgCVcyae/ubwH1Ea28Jivf7pSJ7Fb7pvTLcXmPR80xi0Mpch/e5bW4zCBMCAwEAAaOCAV8wggFbMB8GA1UdIwQYMBaAFH3+8BAXOb/TcoT9rSlw+OI9mfMYMB0GA1UdDgQWBBQCl4xNI8Ok/8k7e91wPWqrZKS5sjBlBggrBgEFBQcBAQRZMFcwMwYIKwYBBQUHMAKGJ2h0dHA6Ly9jcmwuZGlzYS5taWwvc2lnbi9ET0RTV0NBXzYwLmNlcjAgBggrBgEFBQcwAYYUaHR0cDovL29jc3AuZGlzYS5taWwwDgYDVR0PAQH/BAQDAgWgMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9jcmwuZGlzYS5taWwvY3JsL0RPRFNXQ0FfNjBfU1NMLmNybDAkBgNVHREEHTAbghlzc28ubm9hYS5nb3Ytc2lnbmluZy0yMDIyMBYGA1UdIAQPMA0wCwYJYIZIAWUCAQsnMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUIAgIwDQYJKoZIhvcNAQELBQADggEBAEgvMlzbAZTWwbPgPd0AEAYqM4qyUOAKa0PILI64M0hVVs23/zfaDp3DaKGnPiybgEvq5u7+044bLkcn4934zHPFjNFGYulxQh+QNUMdqGB6b24INrgAFTFnDPEeWXyZBsgYJLbf53+jBe3xLrqlNekb5nf1A3XxgsCIf6zWToNqV4scz4vfG6qAAJvfKIDSsWSU9rM1BWpWY3llcDvCYGzBQZENQVWjaZL+Ry9l7lT749GO9bcym7Tyzrqf/fSCGRMZ/m2JmFDb1pdVWWNJO+O40f2zVyduTkml6X5ZpiS2e2SmPM7vfbt/2GCK1G+wlPsRjFRbGJyHrWhiBOloktg="

diff --git a/sites/saml/settings.json b/sites/saml/settings.json
@@ -19,13 +19,13 @@
     "idp": {
         "entityId": "cac-idp",
         "singleSignOnService": {
-            "url": "https://sso-dev.noaa.gov:443/openam/SSORedirect/metaAlias/cac/cac-idp",
+            "url": "https://sso.noaa.gov:443/openam/SSORedirect/metaAlias/cac/idp",
             "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
         },
         "singleLogoutService": {
-            "url": "https://sso-dev.noaa.gov:443/openam/IDPSloRedirect/metaAlias/cac/cac-idp",
+            "url": "https://sso.noaa.gov:443/openam/IDPSloRedirect/metaAlias/cac/idp",
             "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
         },
-        "x509cert": "MIIEtjCCA56gAwIBAgIDAX04MA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRUwEwYDVQQDEwxET0QgU1cgQ0EtNjAwHhcNMjIwNDI4MjM1MjI2WhcNMjUwNDAyMTMzNDQ5WjB6MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTENMAsGA1UECxMERElTQTEmMCQGA1UEAxMdc3NvLWRldi5ub2FhLmdvdi1zaWduaW5nLTIwMjIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5jO5BjFoSQ3zJHx9sBMJfqLMKu/gjJgCbdtbCBb26hNntDeXQ1pe9676hQOZj0hjfnY4yQgnl33VXTiqPTnAvXezyFAwOt8E4YXdYsIGh4dlQoG6DS2IFSj+oi9FG+/r5Go62TwulSUt1MgPF7Ln/ihKZWfRmWUC6M20hQQqf6Jhl5bcfdNlihcxCN0LQnIshIsFeUHFkf64rF0rcAcHK7vgNz0CfydWttc18u9/YuEWvkPm6VgUrxpANlibVTVHYV6wewRzKImwyjscuyzzMQzznaW2ltCEPv46RfUp0bcnxnas+oaVNLN+u00+a/n56oOFeSyuH7yjbpX73iLA7AgMBAAGjggFjMIIBXzAfBgNVHSMEGDAWgBR9/vAQFzm/03KE/a0pcPjiPZnzGDAdBgNVHQ4EFgQUaxDUaGEYrFoT1OA6pUIYkuoaNsYwZQYIKwYBBQUHAQEEWTBXMDMGCCsGAQUFBzAChidodHRwOi8vY3JsLmRpc2EubWlsL3NpZ24vRE9EU1dDQV82MC5jZXIwIAYIKwYBBQUHMAGGFGh0dHA6Ly9vY3NwLmRpc2EubWlsMA4GA1UdDwEB/wQEAwIFoDA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3JsLmRpc2EubWlsL2NybC9ET0RTV0NBXzYwX1NTTC5jcmwwKAYDVR0RBCEwH4Idc3NvLWRldi5ub2FhLmdvdi1zaWduaW5nLTIwMjIwFgYDVR0gBA8wDTALBglghkgBZQIBCycwJwYDVR0lBCAwHgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQgCAjANBgkqhkiG9w0BAQsFAAOCAQEAbTcGmNM3VxVra7XtuacfBP6deLQ8VKB0pJudviPjQmx8PR1vGQhtnrRINIyLGMg7090FZug/jMcZ/VaIQW6hlqoCEAexpYDkRFqc5HNVTYIMFV+AXhyrOsKNek+39XTyPic1oMLOi7YY+VchSuwpvKaoQtjMdC73KPN/o7QVfUJCt4nNP9kTmKbpggsnk5rmuFDcrbHEEqXG4Z48O5HsCv/6VK56+EL0IjvuLgDbAEG8enfMDvSRIBv+2MKKdbWWQM0idIWe9iSQLtgxw8XyzQINXLk4yENeNoW4D7ME5FD//dawRP2X1dY+kDfd+AjnDHZN+tc96Imkt2TNPMGlTA=="
+        "x509cert": "MIIErjCCA5agAwIBAgIDAXZbMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRUwEwYDVQQDEwxET0QgU1cgQ0EtNjAwHhcNMjIwNDI1MjMzNDM1WhcNMjUwNDAyMTMzNDQ5WjB2MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTENMAsGA1UECxMERElTQTEiMCAGA1UEAxMZc3NvLm5vYWEuZ292LXNpZ25pbmctMjAyMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKT7+lcHbw5COCySht0jGbAoUJr5xaani3q+RNb923Z8CkhogS05m9SGe9q8ZyR6U6lRSBsj/DShz1OGgXX682TWSG5d5hVc6eC4PAif4lsAgZf2ZJmPWtVnarLx4RccBGfjuJYm8WcrSOIHXF6uatGbys+MMprJrN9/tvXI1C6szyIsFh8qTBex2+YEXdPXg/xwSYlcP7iGwQdH9HY6VyDDvkVLoDynGsT9aGJ6yzSE6EHLyohvPC4R727wCrT+CT9iiUE5YUwqA/6FFKUr5ioO0MALBfgCVcyae/ubwH1Ea28Jivf7pSJ7Fb7pvTLcXmPR80xi0Mpch/e5bW4zCBMCAwEAAaOCAV8wggFbMB8GA1UdIwQYMBaAFH3+8BAXOb/TcoT9rSlw+OI9mfMYMB0GA1UdDgQWBBQCl4xNI8Ok/8k7e91wPWqrZKS5sjBlBggrBgEFBQcBAQRZMFcwMwYIKwYBBQUHMAKGJ2h0dHA6Ly9jcmwuZGlzYS5taWwvc2lnbi9ET0RTV0NBXzYwLmNlcjAgBggrBgEFBQcwAYYUaHR0cDovL29jc3AuZGlzYS5taWwwDgYDVR0PAQH/BAQDAgWgMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9jcmwuZGlzYS5taWwvY3JsL0RPRFNXQ0FfNjBfU1NMLmNybDAkBgNVHREEHTAbghlzc28ubm9hYS5nb3Ytc2lnbmluZy0yMDIyMBYGA1UdIAQPMA0wCwYJYIZIAWUCAQsnMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUIAgIwDQYJKoZIhvcNAQELBQADggEBAEgvMlzbAZTWwbPgPd0AEAYqM4qyUOAKa0PILI64M0hVVs23/zfaDp3DaKGnPiybgEvq5u7+044bLkcn4934zHPFjNFGYulxQh+QNUMdqGB6b24INrgAFTFnDPEeWXyZBsgYJLbf53+jBe3xLrqlNekb5nf1A3XxgsCIf6zWToNqV4scz4vfG6qAAJvfKIDSsWSU9rM1BWpWY3llcDvCYGzBQZENQVWjaZL+Ry9l7lT749GO9bcym7Tyzrqf/fSCGRMZ/m2JmFDb1pdVWWNJO+O40f2zVyduTkml6X5ZpiS2e2SmPM7vfbt/2GCK1G+wlPsRjFRbGJyHrWhiBOloktg="
     }
 }