From a7d2362b976c42bd9be4f117c0106e0adee79e22 Mon Sep 17 00:00:00 2001
From: JDTobin <90791836+JDTobin@users.noreply.github.com>
Date: Thu, 17 Aug 2023 16:07:21 -0400
Subject: [PATCH] add SSO auth

---
 Dockerfile                          |  2 +-
 app/openlxp_xss_project/settings.py | 57 ++++++++++++++++++++++++++++-
 app/openlxp_xss_project/urls.py     |  2 +
 docker-compose.yml                  |  6 +++
 requirements.txt                    |  2 +
 5 files changed, 67 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index d6a2073..fb22521 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,7 +3,7 @@
 FROM python:3.7-buster
 
 # install nginx
-RUN apt-get update && apt-get install nginx vim -y --no-install-recommends
+RUN apt-get update && apt-get install nginx vim libxml2-dev libxmlsec1-dev -y --no-install-recommends
 COPY nginx.default /etc/nginx/sites-available/default
 RUN ln -sf /dev/stdout /var/log/nginx/access.log \
     && ln -sf /dev/stderr /var/log/nginx/error.log
diff --git a/app/openlxp_xss_project/settings.py b/app/openlxp_xss_project/settings.py
index edccfa1..8b24c3c 100644
--- a/app/openlxp_xss_project/settings.py
+++ b/app/openlxp_xss_project/settings.py
@@ -47,6 +47,8 @@
     'core.apps.CoreConfig',
     'api',
     'users',
+    'social_django',
+    'openlxp_authentication',
 ]
 
 MIDDLEWARE = [
@@ -175,5 +177,58 @@
 REST_FRAMEWORK = {
     'DEFAULT_PERMISSION_CLASSES': [
         'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly',
-    ]
+    ],
+    'DEFAULT_AUTHENTICATION_CLASSES': [
+        'rest_framework.authentication.SessionAuthentication',
+    ],
 }
+
+AUTHENTICATION_BACKENDS = (
+    'django.contrib.auth.backends.ModelBackend',
+    'openlxp_authentication.models.SAMLDBAuth',
+)
+
+# openlxp_authentication settings openlxp_authentication documentation:
+# https://github.com/OpenLXP/openlxp-authentication#readme
+# social_django documentation:
+# https://python-social-auth.readthedocs.io/en/latest/index.html
+# SOCIAL_AUTH_STRATEGY = 'openlxp_authentication.models.SAMLDBStrategy'
+JSONFIELD_ENABLED = True
+USER_MODEL = 'users.CustomUser'
+SESSION_EXPIRATION = True
+
+if os.environ.get('LOGIN_REDIRECT_URL') is not None:
+    LOGIN_REDIRECT_URL = os.environ.get('LOGIN_REDIRECT_URL')
+
+if os.environ.get('OVERIDE_HOST') is not None:
+    OVERIDE_HOST = os.environ.get('OVERIDE_HOST')
+    BAD_HOST = os.environ.get('BAD_HOST')
+
+if os.environ.get('STRATEGY') is not None:
+    SOCIAL_AUTH_STRATEGY = os.environ.get('STRATEGY')
+
+SP_ENTITY_ID = os.environ.get('ENTITY_ID')
+
+SP_PUBLIC_CERT = os.environ.get('SP_PUBLIC_CERT')
+SP_PRIVATE_KEY = os.environ.get('SP_PRIVATE_KEY')
+ORG_INFO = {
+    "en-US": {
+        "name": "example",
+        "displayname": "Example Inc.",
+        "url": "http://localhost",
+    }
+}
+TECHNICAL_CONTACT = {
+    "givenName": "Tech Person",
+    "emailAddress": "technical@localhost.com"
+}
+SUPPORT_CONTACT = {
+    "givenName": "Support Person",
+    "emailAddress": "support@localhost.com",
+}
+USER_ATTRIBUTES = [
+    "user_permanent_id",
+    "first_name",
+    "last_name",
+    "email"
+]
diff --git a/app/openlxp_xss_project/urls.py b/app/openlxp_xss_project/urls.py
index a288a4a..acc47ef 100644
--- a/app/openlxp_xss_project/urls.py
+++ b/app/openlxp_xss_project/urls.py
@@ -14,11 +14,13 @@
     2. Add a URL to urlpatterns:  path('blog/', include('blog.urls'))
 """
 from django.conf import settings
+from django.conf.urls import url
 from django.conf.urls.static import static
 from django.contrib import admin
 from django.urls import include, path
 
 urlpatterns = [
+    url('', include('openlxp_authentication.urls')),
     path('admin/', admin.site.urls),
     path('api/', include('api.urls')),
     path('api/auth/', include('users.urls')),
diff --git a/docker-compose.yml b/docker-compose.yml
index bd082da..89e5e45 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -30,6 +30,12 @@ services:
       DJANGO_SUPERUSER_PASSWORD: "${DJANGO_SUPERUSER_PASSWORD}"
       DJANGO_SUPERUSER_EMAIL: "${DJANGO_SUPERUSER_EMAIL}"
       SECRET_KEY_VAL: "${SECRET_KEY_VAL}"
+      ENTITY_ID: "${ENTITY_ID}"
+      SP_PUBLIC_CERT: "${SP_PUBLIC_CERT}"
+      SP_PRIVATE_KEY: "${SP_PRIVATE_KEY}"
+      BAD_HOST: "${BAD_HOST}"
+      OVERIDE_HOST: "${OVERIDE_HOST}"
+      STRATEGY: "${STRATEGY}"
     volumes:
       - ./app:/opt/app/openlxp-xss
     depends_on:
diff --git a/requirements.txt b/requirements.txt
index 85f7089..90962a4 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -18,4 +18,6 @@ ddt>=1.4.2,<1.5.0
 
 django-model-utils>=4.1.1,<4.2.0
 
+openlxp-authentication >=1.1.0, <1.2
+
 requests>=2.25.1,<2.26.0