removed creator; no more single letter orgs

NOAA-GSL · Apr 6, 2023 · 48d93f8 · 48d93f8
1 parent 71cef5a
commit 48d93f8
Show file tree

Hide file tree

Showing 11 changed files with 82 additions and 45 deletions.
diff --git a/sites/admin.py b/sites/admin.py
@@ -58,22 +58,14 @@ class ProjectAdmin(admin.ModelAdmin):
     readonly_fields = ('state', 'updater') 
     ordering = ('display_order', 'organization', 'name')
 
-    #def save_model(self, request, obj, form, change):
-    #    # now we can save the object and call super
-    #    set_creator_and_updater(self, request, obj, form)
-    #    obj.save()
-    #    super(NfsExportAdmin, self).save_model(request, obj, form, change)
-
 
 class SysadminAdmin(admin.ModelAdmin):
-    #list_display = ('username', 'organization', 'organizations_list', 'creator', 'updater')
     list_display = ('username', 'organization', 'organizations_list')
     list_display_links = list_display
     form = SysadminAdminForm
 
     def formfield_for_dbfield(self, db_field, request, **kwargs):
         field = super(SysadminAdmin, self).formfield_for_dbfield(db_field, request, **kwargs)
-        field = set_dbfield_to_sysad('provision.Sysadmin.creator', field, db_field, request)
         field = set_dbfield_to_sysad('provision.Sysadmin.updater', field, db_field, request)
         return field
 

diff --git a/sites/management/commands/add_organizations.py b/sites/management/commands/add_organizations.py
@@ -8,7 +8,7 @@ class Command(BaseCommand):
 
 
     def handle(self, *args, **options):
-        for id in settings.ALL_ORGS_BY_ID:
+        for id in settings.ALL_ORGS_BY_ID.keys():
             org = get_or_add_organization_by_name(settings.ALL_ORGS_BY_ID[id]['name'])
             org.email = settings.ALL_ORGS_BY_ID[id]['email']
             org.contact = settings.ALL_ORGS_BY_ID[id]['contact']

diff --git a/sites/models.py b/sites/models.py
@@ -54,15 +54,15 @@ def runcmdl(cmdl, execute):
     return status, result
 
 
-def get_or_add_sysadmin(user, creator, homeorg, orglist):
+def get_or_add_sysadmin(user, homeorg, orglist):
     try:
         uqs = User.objects.filter(email=user.email)
         if uqs.count() == 0:
             user = uqs[0]
 
         sa = Sysadmin.objects.filter(username__email=user.email)
         if sa.count() == 0:
-            sa = Sysadmin(username=user, creator=creator)
+            sa = Sysadmin(username=user)
             sa.save()
         else:
             sa = sa[0]
@@ -80,7 +80,7 @@ def get_or_add_sysadmin(user, creator, homeorg, orglist):
         msg = str(now) + ":UserWarning:" + str(user.email) + ":e = " + str(e)
         logger.info(msg)
 
-def add_sysadmins(creator):
+def add_sysadmins():
 
     # Start from an initialized database or run command 'clean_system' and then manually run the sql commands
     # to insure auto increment for organization table has been reset
@@ -143,7 +143,7 @@ def add_sysadmins(creator):
                 try:
                     send_mail(subject, body, fromaddr, toaddr, fail_silently=False)
                 except SMTPException as e:
-                    msg = str(now) + ":Send password failed:" + str(username) + ":" + creator
+                    msg = str(now) + ":Send password failed:" + str(username)
                     logger.info(msg)
 
             groupnames = ['cn=_OAR ESRL GSL Sysadm,cn=groups,cn=nems,ou=apps,dc=noaa,dc=gov',
@@ -155,15 +155,15 @@ def add_sysadmins(creator):
                     user.groups.add(newgroup)
                 user.save()
             except Group.DoesNotExist as e:
-                msg = str(now) + ":" + str(e) + ':' + str(username) + ":" + creator
+                msg = str(now) + ":" + str(e) + ':' + str(username)
                 logger.info(msg)
-        get_or_add_sysadmin(user, creator, homeorg, orglist)
+        get_or_add_sysadmin(user, homeorg, orglist)
 
         # pause a moment to allow objects to created (Organizations were being duplicated)
         naptime = 1
         time.sleep(naptime)
 
-def add_groups_and_permissions(creator):
+def add_groups_and_permissions():
 
     perms = ['add', 'change', 'delete', 'view']
     for groupname in settings.AUTH_SAML_GROUPS.keys():
@@ -204,7 +204,7 @@ def add_groups_and_permissions(creator):
 
         group.save()
         now = datetime.datetime.utcnow()
-        msg = str(now) + ":GroupobjectAddedPerms:" + groupname + ":" + creator
+        msg = str(now) + ":GroupobjectAddedPerms:" + groupname
         logger.info(msg)
 
 def hash_to_fingerprint(data):
@@ -734,7 +734,7 @@ def graph_node_id(self):
 
     def initstate(self):
         need_to_save = False
-        if 'setme' in self.name:
+        if 'setme' in self.get_fingerprint() or 'showme' in str(self.clearallattrs()):
             utcnow = datetime.datetime.utcnow()
             yydoy = utcnow.strftime('%y') + utcnow.strftime('%j')
             userstoday = 1
@@ -747,9 +747,7 @@ def initstate(self):
                 gn = GraphNode(name=self.name, nodetype=nt) 
                 gn.save()
                 self.graphnode = gn
-            need_to_save = True 
 
-        if 'setme' in self.get_fingerprint() or 'showme' in str(self.clearallattrs()):
             da = {}
             uu = {} 
             if self.nameattrsgroup is not None:
@@ -1168,8 +1166,7 @@ def is_user_a_sysad(**kwargs):
         oukeylist.sort()
     for k in oukeylist:
         orglist.append(kwargs['request'].session['samlUserdata'][str(k)][0])
-    creator = "is_user_a_sysad"
-    get_or_add_sysadmin(user, creator, homeorg, orglist)
+    get_or_add_sysadmin(user, homeorg, orglist)
 
 class Sysadmin(models.Model):
     """
@@ -1180,9 +1177,6 @@ class Sysadmin(models.Model):
     organizations = models.ManyToManyField('Organization', verbose_name='Organizations')
     organization = models.ForeignKey('Organization', default=1, related_name='sysadmin_organization',
                                      verbose_name='Primary Organization', on_delete=models.CASCADE)
-    #creator = models.CharField(default='unknown', max_length=200)
-    #updater = models.CharField(default='None', max_length=200)
-    #updated = models.TimeField(auto_now_add=True)
 
     class Meta:
         unique_together = ['username', 'organization']

diff --git a/sites/saml/.settings.json.swp b/sites/saml/.settings.json.swp
diff --git a/sites/saml/dev_settings.json b/sites/saml/dev_settings.json
@@ -0,0 +1,31 @@
+{
+    "strict": true,
+    "debug": true,
+    "sp": {
+        "entityId": "https://gsl-webstage8.gsd.esrl.noaa.gov/ssopsb/metadata/",
+        "assertionConsumerService": {
+            "url": "https://gsl-webstage8.gsd.esrl.noaa.gov/ssopsb/?acs",
+            "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+        },
+        "singleLogoutService": {
+            "url": "https://gsl-webstage8.gsd.esrl.noaa.gov/ssopsb/?sls",
+            "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+        },
+        "NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
+        "x509cert": "",
+        "privateKey": "",
+        "x509certNew": ""
+    },
+    "idp": {
+        "entityId": "cac-idp",
+        "singleSignOnService": {
+            "url": "https://sso-dev.noaa.gov:443/openam/SSORedirect/metaAlias/cac/cac-idp",
+            "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+        },
+        "singleLogoutService": {
+            "url": "https://sso-dev.noaa.gov:443/openam/IDPSloRedirect/metaAlias/cac/cac-idp",
+            "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+        },
+        "x509cert": "MIIEtjCCA56gAwIBAgIDAX04MA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRUwEwYDVQQDEwxET0QgU1cgQ0EtNjAwHhcNMjIwNDI4MjM1MjI2WhcNMjUwNDAyMTMzNDQ5WjB6MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTENMAsGA1UECxMERElTQTEmMCQGA1UEAxMdc3NvLWRldi5ub2FhLmdvdi1zaWduaW5nLTIwMjIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5jO5BjFoSQ3zJHx9sBMJfqLMKu/gjJgCbdtbCBb26hNntDeXQ1pe9676hQOZj0hjfnY4yQgnl33VXTiqPTnAvXezyFAwOt8E4YXdYsIGh4dlQoG6DS2IFSj+oi9FG+/r5Go62TwulSUt1MgPF7Ln/ihKZWfRmWUC6M20hQQqf6Jhl5bcfdNlihcxCN0LQnIshIsFeUHFkf64rF0rcAcHK7vgNz0CfydWttc18u9/YuEWvkPm6VgUrxpANlibVTVHYV6wewRzKImwyjscuyzzMQzznaW2ltCEPv46RfUp0bcnxnas+oaVNLN+u00+a/n56oOFeSyuH7yjbpX73iLA7AgMBAAGjggFjMIIBXzAfBgNVHSMEGDAWgBR9/vAQFzm/03KE/a0pcPjiPZnzGDAdBgNVHQ4EFgQUaxDUaGEYrFoT1OA6pUIYkuoaNsYwZQYIKwYBBQUHAQEEWTBXMDMGCCsGAQUFBzAChidodHRwOi8vY3JsLmRpc2EubWlsL3NpZ24vRE9EU1dDQV82MC5jZXIwIAYIKwYBBQUHMAGGFGh0dHA6Ly9vY3NwLmRpc2EubWlsMA4GA1UdDwEB/wQEAwIFoDA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3JsLmRpc2EubWlsL2NybC9ET0RTV0NBXzYwX1NTTC5jcmwwKAYDVR0RBCEwH4Idc3NvLWRldi5ub2FhLmdvdi1zaWduaW5nLTIwMjIwFgYDVR0gBA8wDTALBglghkgBZQIBCycwJwYDVR0lBCAwHgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQgCAjANBgkqhkiG9w0BAQsFAAOCAQEAbTcGmNM3VxVra7XtuacfBP6deLQ8VKB0pJudviPjQmx8PR1vGQhtnrRINIyLGMg7090FZug/jMcZ/VaIQW6hlqoCEAexpYDkRFqc5HNVTYIMFV+AXhyrOsKNek+39XTyPic1oMLOi7YY+VchSuwpvKaoQtjMdC73KPN/o7QVfUJCt4nNP9kTmKbpggsnk5rmuFDcrbHEEqXG4Z48O5HsCv/6VK56+EL0IjvuLgDbAEG8enfMDvSRIBv+2MKKdbWWQM0idIWe9iSQLtgxw8XyzQINXLk4yENeNoW4D7ME5FD//dawRP2X1dY+kDfd+AjnDHZN+tc96Imkt2TNPMGlTA=="
+    }
+}
diff --git a/sites/saml/key.modulus b/sites/saml/key.modulus
diff --git a/sites/saml/ssopsb.xml → sites/saml/old_ssopsb.xml b/sites/saml/ssopsb.xml → sites/saml/old_ssopsb.xml
diff --git a/sites/saml/prod_settings.json b/sites/saml/prod_settings.json
@@ -0,0 +1,31 @@
+{
+    "strict": true,
+    "debug": true,
+    "sp": {
+        "entityId": "https://gsl-webstage8.gsd.esrl.noaa.gov/ssopsb/metadata/",
+        "assertionConsumerService": {
+            "url": "https://gsl-webstage8.gsd.esrl.noaa.gov/ssopsb/?acs",
+            "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+        },
+        "singleLogoutService": {
+            "url": "https://gsl-webstage8.gsd.esrl.noaa.gov/ssopsb/?sls",
+            "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+        },
+        "NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
+        "x509cert": "",
+        "privateKey": "",
+        "x509certNew": ""
+    },
+    "idp": {
+        "entityId": "cac-idp",
+        "singleSignOnService": {
+            "url": "https://sso.noaa.gov:443/openam/SSORedirect/metaAlias/cac/cac-idp",
+            "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+        },
+        "singleLogoutService": {
+            "url": "https://sso.noaa.gov:443/openam/IDPSloRedirect/metaAlias/cac/cac-idp",
+            "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+        },
+        "x509cert": "MIIErjCCA5agAwIBAgIDAXZbMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRUwEwYDVQQDEwxET0QgU1cgQ0EtNjAwHhcNMjIwNDI1MjMzNDM1WhcNMjUwNDAyMTMzNDQ5WjB2MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTENMAsGA1UECxMERElTQTEiMCAGA1UEAxMZc3NvLm5vYWEuZ292LXNpZ25pbmctMjAyMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKT7+lcHbw5COCySht0jGbAoUJr5xaani3q+RNb923Z8CkhogS05m9SGe9q8ZyR6U6lRSBsj/DShz1OGgXX682TWSG5d5hVc6eC4PAif4lsAgZf2ZJmPWtVnarLx4RccBGfjuJYm8WcrSOIHXF6uatGbys+MMprJrN9/tvXI1C6szyIsFh8qTBex2+YEXdPXg/xwSYlcP7iGwQdH9HY6VyDDvkVLoDynGsT9aGJ6yzSE6EHLyohvPC4R727wCrT+CT9iiUE5YUwqA/6FFKUr5ioO0MALBfgCVcyae/ubwH1Ea28Jivf7pSJ7Fb7pvTLcXmPR80xi0Mpch/e5bW4zCBMCAwEAAaOCAV8wggFbMB8GA1UdIwQYMBaAFH3+8BAXOb/TcoT9rSlw+OI9mfMYMB0GA1UdDgQWBBQCl4xNI8Ok/8k7e91wPWqrZKS5sjBlBggrBgEFBQcBAQRZMFcwMwYIKwYBBQUHMAKGJ2h0dHA6Ly9jcmwuZGlzYS5taWwvc2lnbi9ET0RTV0NBXzYwLmNlcjAgBggrBgEFBQcwAYYUaHR0cDovL29jc3AuZGlzYS5taWwwDgYDVR0PAQH/BAQDAgWgMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9jcmwuZGlzYS5taWwvY3JsL0RPRFNXQ0FfNjBfU1NMLmNybDAkBgNVHREEHTAbghlzc28ubm9hYS5nb3Ytc2lnbmluZy0yMDIyMBYGA1UdIAQPMA0wCwYJYIZIAWUCAQsnMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUIAgIwDQYJKoZIhvcNAQELBQADggEBAEgvMlzbAZTWwbPgPd0AEAYqM4qyUOAKa0PILI64M0hVVs23/zfaDp3DaKGnPiybgEvq5u7+044bLkcn4934zHPFjNFGYulxQh+QNUMdqGB6b24INrgAFTFnDPEeWXyZBsgYJLbf53+jBe3xLrqlNekb5nf1A3XxgsCIf6zWToNqV4scz4vfG6qAAJvfKIDSsWSU9rM1BWpWY3llcDvCYGzBQZENQVWjaZL+Ry9l7lT749GO9bcym7Tyzrqf/fSCGRMZ/m2JmFDb1pdVWWNJO+O40f2zVyduTkml6X5ZpiS2e2SmPM7vfbt/2GCK1G+wlPsRjFRbGJyHrWhiBOloktg="
+    }
+}
diff --git a/sites/views.py b/sites/views.py
@@ -518,7 +518,6 @@ def project_ldg(request, projectname):
         username = request.POST['username']
         password = request.POST['password']
         user = authenticate(request, username=username, password=password)
-        creator = str(user)
 
         if user.is_authenticated:
             if form.is_valid():
@@ -2191,10 +2190,6 @@ def index(request):
     logger.info(msg)
 
     req = prepare_django_request(request)
-    #msg = 'index_icam -- prepare_django_request req = '
-    #for k in req.keys():
-    #    msg = msg + '\n' + str(k) + ': ' + str(req[k])
-    #logger.info(msg)
 
     #try:
     #    thissession = request.session
@@ -2205,8 +2200,8 @@ def index(request):
     #logger.info(msg)
 
     auth = noaaOneLogin_Saml2_Auth(req, custom_base_path=settings.SAML_FOLDER)
-    #msg = 'auth: ' + str(auth)
-    #logger.info(msg)
+    msg = '   auth: ' + str(auth)
+    logger.info(msg)
 
     errors = []
     error_reason = None
@@ -2222,20 +2217,14 @@ def index(request):
         lenshortened = len(shortened)
         shortened = login[0:100] + '... ' + str(lenshortened) + ' chars removed ...' + login[-15:]
         msg = '  sso login HttpResponseRedirect( ' + str(shortened) + ' )'
+        msg = '  sso login HttpResponseRedirect( ' + str(login) + ' )'
         logger.info(msg)
         return HttpResponseRedirect(login)
 
-        # If AuthNRequest ID need to be stored in order to later validate it, do instead
-        #sso_built_url = auth.login()
-        #msg = 'sso_built_url: ' + str(sso_built_url)
-        #logger.info(msg)
-        #request.session['AuthNRequestID'] = auth.get_last_request_id()
-        #msg = 'sso request.session[AuthNRequestID]: '+ str(request.session['AuthNRequestID']) 
-        #logger.info(msg)
-        #return HttpResponseRedirect(sso_built_url)
     elif 'sso2' in req['get_data']:
         return_to = OneLogin_Saml2_Utils.get_self_url(req) + reverse('attrs')
         return HttpResponseRedirect(auth.login(return_to)) 
+
     elif 'slo' in req['get_data']:
         name_id = session_index_icam = name_id_format = name_id_nq = name_id_spnq = None
         if 'samlNameId' in request.session:
@@ -2271,8 +2260,8 @@ def index(request):
 
         #return HttpResponseRedirect(slo_built_url)
     elif 'acs' in req['get_data']:
-        #msg = '      acs req = ' + str(req)
-        #logger.info(msg)
+        msg = '      acs req = ' + str(req)
+        logger.info(msg)
         request_id = None
 
         if 'AuthNRequestID' in request.session:

diff --git a/ssop/settings.py b/ssop/settings.py
@@ -73,7 +73,7 @@ def get_secret(key):
     }
 
 # SSO
-CSRF_TRUSTED_ORIGINS = ['https://sso-dev.noaa.gov']
+CSRF_TRUSTED_ORIGINS = ['https://sso-dev.noaa.gov', 'https://sso.noaa.gov']
 SAML_FOLDER = os.path.join(BASE_DIR, 'sites/saml')
 AUTH_RETURN_TO = "/ssopsb/adminssop/sites/"
 

diff --git a/ssop/urls.py b/ssop/urls.py
@@ -23,8 +23,8 @@
 #    path('admin/', admin.site.urls),
 #    path('ssopsb/admin/', admin.site.urls),
 urlpatterns = [
-    path('adminssop/', admin.site.urls),
-    path('ssopsb/adminssop/', admin.site.urls),
+    path('adminssopsb/', admin.site.urls),
+    path('ssopsb/adminssopsb/', admin.site.urls),
     path('ldg_authenticated/', ldg_authenticated, name='ldg_authenticated'),
     path('ldg/', ldg, name='ldg'),
     path('ldg/<str:project_name>/', ldg, name='ldg'),