askap-vast · srggrs · Sep 16, 2020 · Sep 11, 2020 · Sep 15, 2020
diff --git a/pipeline/utils/auth.py b/pipeline/utils/auth.py
@@ -1,16 +1,51 @@
+import logging
 import requests
+
+from typing import Tuple, Dict
+
 from django.conf import settings
+from django.contrib.auth.models import User
+from social_django.models import UserSocialAuth
+
+
+logger = logging.getLogger(__name__)
+
+
+def create_admin_user(uid: int, response: Dict, details: Dict, user: User,
+    social: UserSocialAuth , *args, **kwargs) -> Dict:
+    """
+    Give Django admin privileges to a user who login via GitHub and belong to
+    a specific team. The parameters are as per python-social-auth docs
+    https://python-social-auth.readthedocs.io/en/latest/pipeline.html#extending-the-pipeline
 
+    Parameters
+    ----------
+    uid : int
+        user id
+    response : Dict
+        request dictionary
+    details : Dict
+        user details generated by the backend
+    user : User
+        Django user model object
+    social : UserSocialAuth
+        Social auth user model object
 
-def create_admin_user(uid, response, details, user, social, *args, **kwargs):
-    # assume github-team backend, add <if backend.name == 'github-team'>
+    Returns
+    -------
+    Dict
+        return a dictionary with the Django User object in it or empty if
+        no action are taken
+    """
+    # assume github-org backend, add <if backend.name == 'github-org'>
     # if other backend are implemented
-    admin_team = settings.SOCIAL_AUTH_GITHUB_TEAM_ADMIN
+    admin_team = settings.SOCIAL_AUTH_GITHUB_ADMIN_TEAM
     usr = response.get('login', '')
     if (usr != '' and admin_team != '' and user and not user.is_staff and
         not user.is_superuser):
-        # check if github user belong to team
-        org = 'askap-vast'
+        logger.info('Trying to add Django admin privileges to user')
+        # check if github user belong to admin team
+        org = settings.SOCIAL_AUTH_GITHUB_ORG_NAME
         header = {
             'Authorization': f"token {response.get('access_token', '')}"
         }
@@ -24,21 +59,48 @@ def create_admin_user(uid, response, details, user, social, *args, **kwargs):
             user.is_superuser = True
             user.is_staff = True
             user.save()
+            logger.info('Django admin privileges successfully added to user')
             return {'user': user}
+        logger.info(f'GitHub request failed, reason: {resp.reason}')
 
+        return {}
 
-def debug(strategy, backend, uid, response, details, user, social, *args, **kwargs):
+    return {}
+
+
+def debug(strategy, backend, uid, response, details, user, social, *args,
+    **kwargs):
+    # TODO: fix arg type and docstring as above
     print(response)
-    pass
+    return {}
+
 
+def load_github_avatar(response: Dict, social: UserSocialAuth, *args,
+    **kwargs) -> Dict:
+    """
+    Add GitHub avatar url to the extra data stored by social_django app
 
-def load_github_avatar(response, social, *args, **kwargs):
-    # assume github-team backend, add <if backend.name == 'github-team'>
+    Parameters
+    ----------
+    response : Dict
+        request dictionary
+    social : UserSocialAuth
+        Social auth user model object
+
+    Returns
+    -------
+    Dict
+        return a dictionary with the Social auth user object in it or empty if
+        no action are taken
+    """
+    # assume github-org backend, add <if backend.name == 'github-org'>
     # if other backend are implemented
     # if social and social.get('extra_data', None)
     # print(vars(social))
     if 'avatar_url' not in social.extra_data:
+        logger.info('Adding GitHub avatar url to user extra data')
         social.extra_data['avatar_url'] = response['avatar_url']
         social.save()
         return {'social': social}
-    pass
+
+    return {}
diff --git a/templates/base.html b/templates/base.html
@@ -178,7 +178,7 @@
                   {% endif %}
                 </span>
                 {% for ass in backends.associated %}
-                  {% if ass.provider == 'github-team' %}
+                  {% if ass.provider == 'github-org' %}
                     {% if 'avatar_url' in ass.extra_data %}
                     <img class="img-profile rounded-circle" src="{{ ass.extra_data.avatar_url }}" alt="">
                     {% else %}

diff --git a/templates/login.html b/templates/login.html
@@ -42,19 +42,17 @@
                     <div class="text-center">
                       <h1 class="h4 text-gray-900 mb-4">Welcome to the VAST Pipeline!</h1>
                     </div>
-                    <form class="user">
-                      <a href="{% url 'social:begin' 'github-team' %}" class="btn btn-primary btn-user btn-block">
-                        <i class="fab fa-github fa-lg"></i> Login with GitHub
-                      </a>
-                    </form>
+                    <a href="{% url 'social:begin' 'github-org' %}" class="btn btn-primary btn-user btn-block">
+                      <i class="fab fa-github fa-lg"></i> Login with GitHub
+                    </a>
                     <hr>
                     <div class="text-center">
                       <a class="small" href="https://github.com/askap-vast/vast-pipeline">Got Lost?</a>
                     </div>
                     {% if messages %}
                       <hr>
                       {% for message in messages %}
-                        {% if 'github-team' in message.extra_tags %}
+                        {% if 'github-org' in message.extra_tags %}
                         <div class="card border-danger">
                           <div class="card-body text-danger">
                           {{ message }}

diff --git a/webinterface/.env.template b/webinterface/.env.template
@@ -6,16 +6,17 @@ DATABASE_URL=psql://FILLMYUSER:FILLMYPASSWORD@FILLMYHOST:FILLMYPORT/FILLMYDBNAME
 # BASE_URL=this for append a base url in a production deployment
 STATIC_ROOT=./staticfiles/
 STATIC_URL=/static/
-STATICFILES_DIRS=
-EXTRA_APPS=
-EXTRA_MIDDLEWARE=
+# STATICFILES_DIRS= uncomment and fill to use
+# EXTRA_APPS= uncomment and fill to use
+# EXTRA_MIDDLEWARE= uncomment and fill to use
 ALLOWED_HOSTS=localhost
 
 # Github Authentication
+GITHUB_AUTH_TYPE='org'
 SOCIAL_AUTH_GITHUB_KEY=fillMeUp
 SOCIAL_AUTH_GITHUB_SECRET=fillMeUp
-SOCIAL_AUTH_GITHUB_TEAM_ID=fillMeUp
-SOCIAL_AUTH_GITHUB_TEAM_ADMIN=fillMeUp
+SOCIAL_AUTH_GITHUB_ORG_NAME=fillMeUp
+SOCIAL_AUTH_GITHUB_ADMIN_TEAM=fillMeUp
 
 # Pipeline
 PIPELINE_WORKING_DIR=pipeline-runs

diff --git a/webinterface/settings.py b/webinterface/settings.py
@@ -100,8 +100,9 @@
 #     },
 # ]
 
+# docs @ https://python-social-auth.readthedocs.io/en/latest/backends/github.html#github
 AUTHENTICATION_BACKENDS = [
-    'social_core.backends.github.GithubTeamOAuth2',
+    'social_core.backends.github.GithubOrganizationOAuth2',
     'django.contrib.auth.backends.ModelBackend',
 ]
 
@@ -129,11 +130,12 @@
     'social_core.pipeline.user.user_details',
 )
 
-SOCIAL_AUTH_GITHUB_TEAM_KEY = env('SOCIAL_AUTH_GITHUB_KEY', cast=str, default='')
-SOCIAL_AUTH_GITHUB_TEAM_SECRET = env('SOCIAL_AUTH_GITHUB_SECRET', cast=str, default='')
-SOCIAL_AUTH_GITHUB_TEAM_ID = env('SOCIAL_AUTH_GITHUB_TEAM_ID', cast=str, default='')
-SOCIAL_AUTH_GITHUB_TEAM_ADMIN = env('SOCIAL_AUTH_GITHUB_TEAM_ADMIN', cast=str, default='')
-SOCIAL_AUTH_GITHUB_TEAM_SCOPE = ['read:org', 'user:email']
+SOCIAL_AUTH_GITHUB_ORG_KEY = env('SOCIAL_AUTH_GITHUB_KEY', cast=str, default='')
+SOCIAL_AUTH_GITHUB_ORG_SECRET = env('SOCIAL_AUTH_GITHUB_SECRET', cast=str, default=''
+    )
+SOCIAL_AUTH_GITHUB_ORG_NAME = env('SOCIAL_AUTH_GITHUB_ORG_NAME', cast=str, default='')
+SOCIAL_AUTH_GITHUB_ADMIN_TEAM = env('SOCIAL_AUTH_GITHUB_ADMIN_TEAM', cast=str, default='')
+SOCIAL_AUTH_GITHUB_SCOPE = ['read:org', 'user:email']
 
 
 # Database