Closed #80 - Added authentication using rubin CIlogon.

Author: glaubervila

.envs/.local/.django

@@ -4,11 +4,12 @@ USE_DOCKER=yes
 IPYTHONDIR=/app/.ipython
 
 DJANGO_DEBUG=True
+DJANGO_SECRET_KEY=hIIbCQezMLys5Ya2Flyx2NDdrs4ZG6DA2pLDu8kKPgtjP7xx6D1m8yccSD6zX6Br
 DATABASE_URL=postgres://debug:debug@postgres:5432/sky_viewer
 
 # UWSGI
-DJANGO_UWSGI_WORKER_PROCESSES=4
-DJANGO_UWSGI_WORKER_THREADS=2
+DJANGO_UWSGI_WORKER_PROCESSES=1
+DJANGO_UWSGI_WORKER_THREADS=1
 
 # Redis
 # ------------------------------------------------------------------------------
@@ -28,5 +29,6 @@ CELERY_FLOWER_PASSWORD=debug
 ENVIRONMENT_NAME=development
 BASE_HOST=http://localhost
 
-# Url de login utilizada pelo frontend
-LINEA_LOGIN_URL=/admin/login/?next=/
+# Urls de login SAML/CILogon
+LINEA_LOGIN_URL=$BASE_HOST/saml2/login/?idp=https://satosa.linea.org.br/linea/proxy/aHR0cHM6Ly9jaWxvZ29uLm9yZw==
+RUBIN_LOGIN_URL=$BASE_HOST/saml2/login/?idp=https://satosa-dev.linea.org.br/linea_saml_mirror/proxy/aHR0cHM6Ly9kYXRhLmxzc3QuY2xvdWQ=&next=/

backend/config/settings/base.py

@@ -19,6 +19,8 @@
 # ------------------------------------------------------------------------------
 # https://docs.djangoproject.com/en/dev/ref/settings/#debug
 DEBUG = env.bool("DJANGO_DEBUG", False)
+LOG_LEVEL = env.bool("DJANGO_LOG_LEVEL", "INFO")
+LOG_DIR = "/logs"
 # Local time zone. Choices are
 # http://en.wikipedia.org/wiki/List_of_tz_zones_by_name
 # though not all of them may be available with every OS.
@@ -191,6 +193,7 @@
                 "django.template.context_processors.tz",
                 "django.contrib.messages.context_processors.messages",
                 "sky_viewer.users.context_processors.allauth_settings",
+                "django_settings_export.settings_export",
             ],
         },
     },
@@ -357,5 +360,29 @@
 # LINEA Settings
 # ------------------------------------------------------------------------------
 ENVIRONMENT_NAME = env("ENVIRONMENT_NAME", default="development").lower()
+# Complete URL of the production server with protocol and port
+BASE_HOST = env("BASE_HOST", default="http://localhost")
+# URL de login utilizada pelo frontend. 
+# Em dev: /admin/login/?next=/
+# Em produção: /api/login/
+LOGIN_URL = "/admin/login/?next=/"
+# LOGIN_URL = "/api/login/"
+LOGOUT_URL = "/api/logout/"
 
+# Urls for login with SAML2/CILogon
+# URL_CILOGON example: https://skyviewer.linea.org.br/saml2/login/?idp=https://satosa.linea.org.br/linea/proxy/aHR0cHM6Ly9jaWxvZ29uLm9yZw==
 LINEA_LOGIN_URL = env("LINEA_LOGIN_URL", default="/admin/login/?next=/")
+RUBIN_LOGIN_URL = env("RUBIN_LOGIN_URL", default="/admin/login/?next=/")
+
+# Url de registro para os diferentes idps.
+LINEA_REGISTER_URL="https://register-dev.linea.org.br/Shibboleth.sso/Login?SAMLDS=1&target=https://register-dev.linea.org.br/registry/co_petitions/start/coef:155&entityID=https://satosa.linea.org.br/linea/proxy/aHR0cHM6Ly9jaWxvZ29uLm9yZw=="
+RUBIN_REGISTER_URL="https://register-dev.linea.org.br/Shibboleth.sso/Login?SAMLDS=1&target=https://register-dev.linea.org.br/registry/co_petitions/start/coef:231&entityID=https://satosa-dev.linea.org.br/linea_saml_mirror/proxy/aHR0cHM6Ly9kYXRhLmxzc3QuY2xvdWQ="
+
+SETTINGS_EXPORT = [
+    "BASE_HOST",
+    "LOGOUT_URL",
+    "LINEA_LOGIN_URL",
+    "LINEA_REGISTER_URL",
+    "RUBIN_LOGIN_URL",
+    "RUBIN_REGISTER_URL"
+]

backend/config/settings/production.py

@@ -150,18 +150,37 @@
     "disable_existing_loggers": True,
     "formatters": {
         "verbose": {
-            "format": "%(levelname)s %(asctime)s %(module)s %(process)d %(thread)d %(message)s",
+            "format": "%(asctime)s [%(levelname)s] %(message)s",
         },
     },
     "handlers": {
         "console": {
-            "level": "DEBUG",
+            "level": LOG_LEVEL,
             "class": "logging.StreamHandler",
             "formatter": "verbose",
         },
+        "default": {
+            "level": LOG_LEVEL,
+            "class": "logging.handlers.RotatingFileHandler",
+            "filename": os.path.join(LOG_DIR, "django.log"),
+            "formatter": "verbose",
+        },
+        "djangosaml2": {
+            "level": LOG_LEVEL,
+            "class": "logging.handlers.RotatingFileHandler",
+            "maxBytes": 1024 * 1024 * 5,  # 5 MB
+            "backupCount": 5,
+            "filename": os.path.join(LOG_DIR, "djangosaml2.log"),
+            "formatter": "verbose",
+        },        
     },
     "root": {"level": "INFO", "handlers": ["console"]},
     "loggers": {
+        "django": {
+            "level": LOG_LEVEL, 
+            "handlers": ["default", "console"], 
+            "propagate": True
+        },
         "django.db.backends": {
             "level": "ERROR",
             "handlers": ["console"],
@@ -174,6 +193,11 @@
             "handlers": ["console"],
             "propagate": False,
         },
+        "djangosaml2": {
+            "level": LOG_LEVEL, 
+            "handlers": ["djangosaml2"], 
+            "propagate": True
+        },
     },
 }
 
@@ -210,14 +234,21 @@
 # Your stuff...
 # ------------------------------------------------------------------------------
 
-# COmanage Autorization
-# ------------------------------------------------------------------------------
-COMANAGE_SERVER_URL = os.environ.get(
-    "COMANAGE_SERVER_URL", "https://register.linea.org.br"
-)
-COMANAGE_USER = os.environ.get("COMANAGE_USER", "co_2.linea.apps")
-COMANAGE_PASSWORD = os.environ.get("COMANAGE_PASSWORD")
-COMANAGE_COID = os.environ.get("COMANAGE_COID")
+# Qualquer view que requer um usuário autenticado deve redirecionar o navegador para esta url
+LOGIN_URL = "/api/login"
+# Urls for login with SAML2/CILogon
+# URL_CILOGON example: https://skyviewer.linea.org.br/saml2/login/?idp=https://satosa.linea.org.br/linea/proxy/aHR0cHM6Ly9jaWxvZ29uLm9yZw==
+LINEA_LOGIN_URL = env("LINEA_LOGIN_URL")
+RUBIN_LOGIN_URL = env("RUBIN_LOGIN_URL")
+
+# # COmanage Autorization
+# # ------------------------------------------------------------------------------
+# COMANAGE_SERVER_URL = os.environ.get(
+#     "COMANAGE_SERVER_URL", "https://register.linea.org.br"
+# )
+# COMANAGE_USER = os.environ.get("COMANAGE_USER", "co_2.linea.apps")
+# COMANAGE_PASSWORD = os.environ.get("COMANAGE_PASSWORD")
+# COMANAGE_COID = os.environ.get("COMANAGE_COID")
 
 # Django SAML2
 # ------------------------------------------------------------------------------
@@ -238,19 +269,15 @@
 AUTHENTICATION_BACKENDS += ("common.saml2.LineaSaml2Backend",)
 # Including SAML2 Middleware
 MIDDLEWARE += ("djangosaml2.middleware.SamlSessionMiddleware",)
-
+# SAML2 Custom error handler
+# https://djangosaml2.readthedocs.io/contents/developer.html#custom-error-handler
+SAML_ACS_FAILURE_RESPONSE_FUNCTION = 'common.views.saml2_template_failure'
 # configurações relativas ao session cookie
 SAML_SESSION_COOKIE_NAME = "saml_session"
 SESSION_COOKIE_SECURE = True
 
-# Qualquer view que requer um usuário autenticado deve redirecionar o navegador para esta url
-# LOGIN_URL = "/saml2/login/"
-LOGIN_URL = "/api/api-auth/login"
-# URL_CILOGON example: https://skyviewer.linea.org.br/saml2/login/?idp=https://satosa.linea.org.br/linea/proxy/aHR0cHM6Ly9jaWxvZ29uLm9yZw==
-AUTH_SAML2_LOGIN_URL_CILOGON = env("AUTH_SAML2_LOGIN_URL_CILOGON")
-
 # Encerra a sessão quando o usuário fecha o navegador
-SESSION_EXPIRE_AT_BROWSER_CLOSE = True
+SESSION_EXPIRE_AT_BROWSER_CLOSE = False
 
 # Tipo de binding utilizado
 SAML_DEFAULT_BINDING = saml2.BINDING_HTTP_POST
@@ -270,6 +297,7 @@
     "givenName": ("first_name",),
     "sn": ("last_name",),
     "email": ("email",),
+    "isMemberOf": ("name",),
 }
 
 SAML_CONFIG = {
@@ -278,13 +306,13 @@
     "entityid": FQDN + "/saml2/metadata/",
     # Diretório contendo os esquemas de mapeamento de atributo
     "attribute_map_dir": str(ATTR_DIR),
-    "description": "SP Target Viewer",
+    "description": "SP Sky Viewer",
     "service": {
         "sp": {
-            "name": "SP Target Viewer",
+            "name": "SP Sky Viewer",
             "ui_info": {
-                "display_name": {"text": "SP Target Viewer", "lang": "en"},
-                "description": {"text": "SP Target Viewer", "lang": "en"},
+                "display_name": {"text": "SP Sky Viewer", "lang": "en"},
+                "description": {"text": "SP Sky Viewer", "lang": "en"},
                 "information_url": {"text": FQDN, "lang": "en"},
                 "privacy_statement_url": {"text": FQDN, "lang": "en"},
             },
@@ -324,6 +352,14 @@
                 "url": "https://www.linea.org.br/static/metadata/satosa-prod-frontend-cilogon.xml",
                 "cert": None,
             },
+            {
+                "url": "https://www.linea.org.br/static/metadata/satosa-dev-frontend-cilogon.xml",
+                "cert": None,
+            },
+            {
+                "url": "https://www.linea.org.br/static/metadata/satosa-dev-frontend-rubin.xml",
+                "cert": None,
+            },
         ],
     },
     # Configurado como 1 para fornecer informações de debug

backend/config/urls.py

@@ -18,14 +18,22 @@
     #     TemplateView.as_view(template_name="pages/about.html"),
     #     name="about",
     # ),
-    # Django Admin, use {% url 'admin:index' %}
-    path(settings.ADMIN_URL, admin.site.urls),
     # User management
     # path("/users/", include("sky_viewer.users.urls", namespace="users")),
     # path("/accounts/", include("allauth.urls")),
+
+    # Django Admin, use {% url 'admin:index' %}
+    path(settings.ADMIN_URL, admin.site.urls),
+
     # Your stuff: custom urls includes go here
     # Auth SAML2
     path("saml2/", include("djangosaml2.urls")),
+    path(
+        "api/login/",
+        TemplateView.as_view(template_name="pages/linea_login.html"),
+        name="login",
+    ),    
+
     # Media files
     *static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT),
 ]
@@ -34,7 +42,7 @@
 urlpatterns += [
     # API base url
     path("api/", include("config.api_router")),
-    path("api/logout/", CommonViews.teste, name="logout_user"),
+    path("api/logout/", CommonViews.logout_user, name="logout_user"),
     path(
         "api/environment_settings/",
         CommonViews.environment_settings,

backend/requirements/base.txt

@@ -22,6 +22,7 @@ django-crispy-forms==2.3  # https://github.com/django-crispy-forms/django-crispy
 crispy-bootstrap5==2024.10  # https://github.com/django-crispy-forms/crispy-bootstrap5
 django-compressor==4.5.1  # https://github.com/django-compressor/django-compressor
 django-redis==5.4.0  # https://github.com/jazzband/django-redis
+django-settings-export==1.2.1 # https://github.com/jkbrzt/django-settings-export,
 # Django REST Framework
 djangorestframework==3.15.2  # https://github.com/encode/django-rest-framework
 django-cors-headers==4.6.0  # https://github.com/adamchainz/django-cors-headers

backend/sky_viewer/common/api/views.py

@@ -30,7 +30,7 @@ def environment_settings(request):
     if enviroment in dev_environments:
         is_dev = True
 
-    login_url = settings.LINEA_LOGIN_URL
+    login_url = settings.LOGIN_URL
 
     env_settings = {
         "environment": enviroment,