Page MenuHomeSoftware Heritage

auth: Use generic Django authentication backends from swh-auth
ClosedPublic

Authored by anlambert on Mar 26 2021, 6:03 PM.

Details

Summary

Django authentication backends based on the use of Keycloak and OpenID
Connect have been moved to the swh-auth module and turned into generic
backends in order to easily reuse them in any Django application.

So remove all code and tests that have been moved in swh-auth and
configure swh-web to use the generic authentication backends.

That diff will fail to build until a new swh-auth version is tagged.

Related to T3150

Depends on D5366

Diff Detail

Repository
rDWAPPS Web applications
Branch
swh-web-use-swh-auth-django
Lint
No Linters Available
Unit
No Unit Test Coverage
Build Status
Buildable 20370
Build 31623: Phabricator diff pipeline on jenkinsJenkins console · Jenkins
Build 31622: arc lint + arc unit

Event Timeline

Build has FAILED

Patch application report for D5367 (id=19223)

Rebasing onto fda3589aa8...

Current branch diff-target is up to date.
Changes applied before test
commit 1584c59ef9f1349bdd7e91eb4bd49bc420e462bb
Author: Antoine Lambert <antoine.lambert@inria.fr>
Date:   Thu Mar 25 19:04:28 2021 +0100

    auth: Use generic Django authentication backends from swh-auth
    
    Django authentication backends based on the use of Keycloak and OpenID
    Connect have been moved to the swh-auth module and turned into generic
    backends in order to easily reuse them in any Django application.
    
    So remove all code and tests that have been moved in swh-auth and
    configure swh-web to use the generic authentication backends.
    
    Related to T3150

Link to build: https://jenkins.softwareheritage.org/job/DWAPPS/job/tests-on-diff/637/
See console output for more information: https://jenkins.softwareheritage.org/job/DWAPPS/job/tests-on-diff/637/console

Harbormaster returned this revision to the author for changes because remote builds failed.Mar 26 2021, 6:04 PM
Harbormaster failed remote builds in B20305: Diff 19223!

Update: Rebase and remove OIDCSessionExpiredMiddleware after its move in swh-auth.

Build has FAILED

Patch application report for D5367 (id=19284)

Rebasing onto ffd9fbccbf...

Current branch diff-target is up to date.
Changes applied before test
commit 3a9fbc15d8f8d09089e41e1baf12ab1d526cb20d
Author: Antoine Lambert <antoine.lambert@inria.fr>
Date:   Thu Mar 25 19:04:28 2021 +0100

    auth: Use generic Django authentication backends from swh-auth
    
    Django authentication backends and middleware based on the use of
    Keycloak and OpenID Connect have been moved to the swh-auth module
    and  turned into generic ones in order to easily reuse them in any
    Django application.
    
    So remove all code and tests that have been moved in swh-auth and
    configure swh-web to use the generic authentication backends and
    middleware.
    
    Closes T3150

Link to build: https://jenkins.softwareheritage.org/job/DWAPPS/job/tests-on-diff/640/
See console output for more information: https://jenkins.softwareheritage.org/job/DWAPPS/job/tests-on-diff/640/console

Harbormaster returned this revision to the author for changes because remote builds failed.Mar 30 2021, 3:13 PM
Harbormaster failed remote builds in B20353: Diff 19284!

Build is green

Patch application report for D5367 (id=19284)

Rebasing onto ffd9fbccbf...

Current branch diff-target is up to date.
Changes applied before test
commit 3a9fbc15d8f8d09089e41e1baf12ab1d526cb20d
Author: Antoine Lambert <antoine.lambert@inria.fr>
Date:   Thu Mar 25 19:04:28 2021 +0100

    auth: Use generic Django authentication backends from swh-auth
    
    Django authentication backends and middleware based on the use of
    Keycloak and OpenID Connect have been moved to the swh-auth module
    and  turned into generic ones in order to easily reuse them in any
    Django application.
    
    So remove all code and tests that have been moved in swh-auth and
    configure swh-web to use the generic authentication backends and
    middleware.
    
    Closes T3150

See https://jenkins.softwareheritage.org/job/DWAPPS/job/tests-on-diff/641/ for more details.

ardumont added a subscriber: ardumont.

lgtm

requirements.txt
24

no bump in requirements-swh.txt about swh.auth >= 0.5 ?

swh/web/tests/conftest.py
29

don't you have a warning about this?

I remembered that at some point, they removed the possibility of defining this here...

This revision is now accepted and ready to land.Mar 30 2021, 6:07 PM
requirements.txt
24

right

swh/web/tests/conftest.py
29

Nope, because test*/conftest.py file can contain pytest_plugins variable (see doc)

Bump swh-auth[django] requirement.

Build is green

Patch application report for D5367 (id=19302)

Rebasing onto ffd9fbccbf...

Current branch diff-target is up to date.
Changes applied before test
commit a42327ff4fd57e93d880fb1c71018efa139bcf72
Author: Antoine Lambert <antoine.lambert@inria.fr>
Date:   Thu Mar 25 19:04:28 2021 +0100

    auth: Use generic Django authentication backends from swh-auth
    
    Django authentication backends and middleware based on the use of
    Keycloak and OpenID Connect have been moved to the swh-auth module
    and  turned into generic ones in order to easily reuse them in any
    Django application.
    
    So remove all code and tests that have been moved in swh-auth and
    configure swh-web to use the generic authentication backends and
    middleware.
    
    Closes T3150

See https://jenkins.softwareheritage.org/job/DWAPPS/job/tests-on-diff/642/ for more details.