Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ensure SSO works on admin level #237

Merged
merged 6 commits into from
Nov 27, 2024

Conversation

lcduong
Copy link
Contributor

@lcduong lcduong commented Nov 26, 2024

This PR closes/references issue #234 .
Implement new page /orga/admin/sso/settings which allow Admin to set key pair for SSO, Admin able to add/delete key pair

image

How has this been tested?

Checklist

  • I have added tests to cover my changes.

Summary by Sourcery

Implement a new admin-level SSO settings page and refactor SSO functionality to be managed as an external plugin, enhancing the system's modularity and allowing administrators to manage SSO key pairs directly.

New Features:

  • Introduce a new admin page for SSO settings, allowing administrators to add or delete key pairs for SSO.

Enhancements:

  • Refactor SSO implementation to use an external plugin, improving modularity and maintainability.

Copy link

sourcery-ai bot commented Nov 26, 2024

Reviewer's Guide by Sourcery

This PR refactors the SSO implementation by moving it from the organizer level to the admin level and implementing it as an external plugin. The changes include removing SSO-related code from the organizer views and forms, creating new dedicated SSO views and templates, and updating the authentication flow to use dynamic SSO provider configuration.

Updated class diagram for SSO implementation

classDiagram
    class SSOConfigureView {
        +get_object()
        +get_success_url()
        +form_valid(form)
        +form_invalid(form)
        +get_context_data(**kwargs)
    }
    class SSODeleteView {
        +get_object(queryset=None)
        +action_object_name()
        +action_back_url
        +post(*args, **kwargs)
    }
    class SSOClientForm {
        +fields: client_id, secret
    }
    SSOConfigureView --> SSOClientForm
    SSODeleteView --> SocialApp
    SSOConfigureView --> SocialApp
    class SocialApp {
        +provider
        +name
        +client_id
        +secret
    }
Loading

File-Level Changes

Change Details Files
Moved SSO configuration from organizer level to admin level
  • Created new admin-level SSO settings page
  • Added SSO settings link to admin navigation menu
  • Removed SSO configuration from organizer detail page
  • Created new SSO delete view for removing SSO configuration
src/pretalx/orga/urls.py
src/pretalx/orga/templates/orga/base.html
src/pretalx/orga/templates/orga/organiser/detail.html
src/pretalx/eventyay_common/views/sso.py
src/pretalx/eventyay_common/templates/eventyay_common/sso/detail.html
Refactored SSO implementation to use dynamic provider configuration
  • Updated OAuth2 session to use dynamically loaded SSO provider credentials
  • Removed hardcoded SSO client settings from configuration
  • Simplified SSO client form to handle only required fields
src/pretalx/eventyay_common/views/auth.py
src/pretalx/settings.py
src/pretalx/orga/forms/sso_client_form.py
Cleaned up and removed deprecated SSO code
  • Removed SSO-related methods from organizer views
  • Deleted unused SSO template
  • Removed organizer-specific SSO configuration handling
src/pretalx/orga/views/organiser.py
src/pretalx/orga/templates/orga/organiser/organiser_sso.html

Possibly linked issues


Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time. You can also use
    this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@lcduong lcduong marked this pull request as ready for review November 26, 2024 06:54
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @lcduong - I've reviewed your changes - here's some feedback:

Overall Comments:

  • Please add tests to cover the new SSO configuration functionality and authentication flow changes, as these are security-critical features.
Here's what I looked at during the review
  • 🟡 General issues: 2 issues found
  • 🟢 Security: all looks good
  • 🟢 Testing: all looks good
  • 🟡 Complexity: 1 issue found
  • 🟢 Documentation: all looks good

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

src/pretalx/eventyay_common/views/sso.py Outdated Show resolved Hide resolved
@@ -39,8 +43,11 @@ def oauth2_login_view(request, *args, **kwargs):


def oauth2_callback(request):
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

issue: Add error handling for missing SSO provider

The function should handle the case where no SSO provider exists, possibly redirecting to a configuration page with an appropriate message.

form_class = SSOClientForm
model = SocialApp

def get_object(self):
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

issue (complexity): Consider caching the get_object result and simplifying form handling to reduce code complexity.

The current implementation has unnecessary complexity that can be simplified while maintaining Django patterns:

  1. Cache the get_object result as a property to avoid multiple database queries:
@property
def sso_provider(self):
    if not hasattr(self, '_sso_provider'):
        self._sso_provider = SocialApp.objects.filter(
            provider=settings.EVENTYAY_SSO_PROVIDER
        ).first()
    return self._sso_provider
  1. Simplify form handling by leveraging Django's built-in functionality:
def form_valid(self, form):
    instance = form.save(commit=False)
    instance.provider = settings.EVENTYAY_SSO_PROVIDER
    instance.name = "Eventyay Ticket Provider"
    instance.save()
    instance.sites.add(Site.objects.get(pk=settings.SITE_ID))
    messages.success(self.request, phrases.base.saved)
    return super().form_valid(form)

def get_success_url(self):
    return self.request.path

This removes the need for a separate form_invalid method since the parent class already handles it appropriately. The property caching pattern reduces database queries and improves code organization while maintaining Django conventions.

@odkhang odkhang changed the title Ensure SSO works on admin level and change implementation to be an external plugin Ensure SSO works on admin level Nov 27, 2024
oauth2_session = OAuth2Session(
settings.OAUTH2_PROVIDER["CLIENT_ID"],
sso_provider.client_id,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

.first() returns nullable object. sso_provider can be None and sso_provider.client_id will raise error.

@mariobehling mariobehling merged commit ce0cdea into fossasia:development Nov 27, 2024
7 of 8 checks passed
HungNgien pushed a commit to HungNgien/eventyay-talk that referenced this pull request Dec 13, 2024
* Ensure SSO works on admin level and change implementation to be an external plugin

* remove unsed template

* fix pipeline

* using provider name constant instead of text

* update transaction for storing key

* handle case sso_provider not configured

---------

Co-authored-by: odkhang <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants