added project dump, cleaned settings and readme

README

@@ -6,9 +6,9 @@ Welcome to ssop, a Single Sign On Portal which uses login.gov as an Identity Ver
    NOTE: Python 3.6 not being supported WRT crypto -- no point in staring at 3.7
 4) Upgrade pip to latest and then pip install -r requirements.txt
 
-5) Use https://developers.login.gov to establish a sandbox environment, create a team (yourself and collaborators if desired), then create and app.
-6) Update LOGINDOTGOV related parameters in ssop/settings.py according to the sandbox app created in step 5.
-7) Search for occurances of 'holub'.  These paths must be changed per your environment.
+5) If needed, use https://developers.login.gov to establish a sandbox environment, create a team (yourself and collaborators if desired), then create and app.
+6) Update LOGINDOTGOV_ related parameters in ssop/settings.py with results from 5 or from a configuration managment system (CMS).
+7) Update JWT_ related paramerters as needed or from a CMS.
 
 See the images in the screenshot folder to aid with LOGINDOTGOV settings.  Also, a final user attributes screen can be seen.
 
@@ -84,8 +84,7 @@ SELINUX content and user types:
    sudo chcon -t httpd_sys_script_exec_t _openssl.abi3.so _rust.abi3.so _cffi_backend.cpython-38-x86_64-linux-gnu.so 
 
    # Logging
-   sudo chcon -t httpd_log_t /home/holub/logs/ssop/django_*
-
+   sudo chcon -t httpd_log_t /path_to/logs/ssop/django_*
 
 ----------------------------------------------
 

SSOP_20230206_170540.json

@@ -0,0 +1 @@
+{"projects": {"SSOP": {"id": "13", "name": "SSOP", "organization": "GSL", "verbose_name": "View your user attributes", "return_to": "https://gsl.noaa.gov/ssop/ldg_authenticated", "queryparam": "True", "error_redirect": "https://gsl.noaa.gov/ssop/oops", "state": "w9zj2cZFQz_64TQNbSEb", "decrypt_key": "nz5TJfKciudwCA", "updated": "2023-01-25 18:28:12.287361+00:00", "updater": "None", "enabled": "True", "expiretokens": "True", "display_order": "1", "graphnode": "None"}, "demopy": {"id": "14", "name": "demopy", "organization": "GSL -- ITS", "verbose_name": "A demonstration view using python", "return_to": "https://gsl.noaa.gov/ssop/demopy", "queryparam": "True", "error_redirect": "https://gsl.noaa.gov/ssop/oops", "state": "vcxbVLKa4Nh8C-feYdyz", "decrypt_key": "VZeiN2uIV4b7Vg", "updated": "2023-01-25 19:39:25.727485+00:00", "updater": "None", "enabled": "True", "expiretokens": "True", "display_order": "2", "graphnode": "None"}, "demoajax": {"id": "15", "name": "demoajax", "organization": "GSL -- ITS", "verbose_name": "A demonstration using AJAX", "return_to": "https://gsl.noaa.gov/ssop/examples/demoajax.html", "queryparam": "True", "error_redirect": "https://gsl.noaa.gov/ssop/oops", "state": "2J-Rhl6R3Ppd_xY-lHwp", "decrypt_key": "vkc3O_Gk9NrG3g", "updated": "2023-01-25 19:39:25.743015+00:00", "updater": "None", "enabled": "True", "expiretokens": "True", "display_order": "3", "graphnode": "None"}, "firewxtb": {"id": "16", "name": "firewxtb", "organization": "GSL -- WIDS", "verbose_name": "Fire Weather Testbed", "return_to": "https://gsl.noaa.gov/ssop/firewxtb", "queryparam": "True", "error_redirect": "https://gsl.noaa.gov/ssop/firewxtboops", "state": "ilv1Vz5sO47vtamdfQ-K", "decrypt_key": "yeS-0X1EoJtVFg", "updated": "2023-01-25 19:39:25.756142+00:00", "updater": "None", "enabled": "True", "expiretokens": "False", "display_order": "4", "graphnode": "None"}, "nvods": {"id": "17", "name": "nvods", "organization": "PMEL", "verbose_name": "National Virtual Ocean Data System (NVDOS)", "return_to": "https://data.pmel.noaa.gov/nvods/las/", "queryparam": "False", "error_redirect": "https://data.pmel.noaa.gov/nvods/ssopoops", "state": "c5HmuyHETJ_wwJp_MnKM", "decrypt_key": "MhqyX0xuYToIKQ", "updated": "2023-01-25 19:39:25.769755+00:00", "updater": "None", "enabled": "True", "expiretokens": "False", "display_order": "5", "graphnode": "None"}, "desi": {"id": "18", "name": "desi", "organization": "GSL -- WIDS - WIZARD", "verbose_name": "Dynamic Ensemble-based Scenarios for IDSS", "return_to": "https://sites.gsl.noaa.gov/desi/", "queryparam": "True", "error_redirect": "https://gsl.noaa.gov/ssop/oops", "state": "iiW7lDEgBF2KFDUEeGSm", "decrypt_key": "WvpDKlnPgnFtCA", "updated": "2023-01-25 19:39:25.782753+00:00", "updater": "None", "enabled": "True", "expiretokens": "False", "display_order": "6", "graphnode": "None"}, "awspub": {"id": "19", "name": "awspub", "organization": "GSL -- WIDS - WIZARD", "verbose_name": "GSL AWS Public Nginx", "return_to": "https://sites.gsl.noaa.gov/test-js2/", "queryparam": "True", "error_redirect": "https://gsl.noaa.gov/ssop/oops", "state": "cIYURPoPRskxQeGoASCh", "decrypt_key": "sfXynjgjQGhFlw", "updated": "2023-01-25 19:39:25.795706+00:00", "updater": "None", "enabled": "True", "expiretokens": "False", "display_order": "7", "graphnode": "None"}, "int-mats": {"id": "20", "name": "int-mats", "organization": "GSL -- ASCEND", "verbose_name": "INTEGRATION Model Analysis Tool Suite (MATS)", "return_to": "https://esrl.noaa.gov/gsd/int-mats/", "queryparam": "False", "error_redirect": "https://esrl.noaa.gov/gsd/int-mats/ssopoops", "state": "i5EA3hjEyYFrUOTuyaDc", "decrypt_key": "yP24Bc-Nq4gORQ", "updated": "2023-01-25 19:39:25.808460+00:00", "updater": "None", "enabled": "True", "expiretokens": "False", "display_order": "8", "graphnode": "None"}, "rr": {"id": "21", "name": "rr", "organization": "GSL -- ASCEND", "verbose_name": "Rapid Refresh", "return_to": "https://rapidrefresh.noaa.gov", "queryparam": "True", "error_redirect": "https://gsl.noaa.gov/ssop/oops", "state": "NKvuJA8Le065rJ0s-GOe", "decrypt_key": "TkIQzDw_bpYyWQ", "updated": "2023-01-25 19:39:25.821624+00:00", "updater": "None", "enabled": "True", "expiretokens": "False", "display_order": "9", "graphnode": "None"}}, "keys": {"nz5TJfKciudwCA": "FsXF5Tp8ovsR_1oGxndiRiuKXCNUGzv-jE1pAnapi-o=", "VZeiN2uIV4b7Vg": "jUXBQZhZdNB954N24adVLCCO6joKEadQpPisEBCaPG4=", "vkc3O_Gk9NrG3g": "YcZAJMirTV6Ovd6PFBEbweak-y3O4Gsl4ia4DvaTV9c=", "yeS-0X1EoJtVFg": "yfU5g-oGzArOSO8L3Vamg5AEzMVHnNWmEgjUPRXD_20=", "MhqyX0xuYToIKQ": "N7_eulBdLknYejPYOfd-GNVslIHC0M9P5rO78bhW0gU=", "WvpDKlnPgnFtCA": "Q2raysisYQMKVrA8cOfqoJZz2DdY6c58GCZC9CSP5VU=", "sfXynjgjQGhFlw": "mn3rRLc8paAyxD04P5gbnq7ZnryPhzWf4heIC6B3TfE=", "yP24Bc-Nq4gORQ": "5ZBT62JRveyfmz85-t2tdwm8RH1ynPNdqrfzB5hZk5w=", "TkIQzDw_bpYyWQ": "yxE9jOpQE24OW4fR5rL1h0ofI6-Kq8jqXNFIp19WKlY="}, "organizations": {"GSL -- ITS": {"id": 1, "name": "GSL -- ITS", "contact": "Kirk Holub", "email": "[email protected]", "updated": "2022-11-28 15:45:03.439223+00:00", "graphnode": "None"}, "GSL -- ASCEND": {"id": 2, "name": "GSL -- ASCEND", "contact": "Curtis Alexander", "email": "[email protected]", "updated": "2022-11-28 15:55:25.520120+00:00", "graphnode": "None"}, "GSL": {"id": 3, "name": "GSL", "contact": "Scott Nahman", "email": "[email protected]", "updated": "2022-11-28 16:11:49.434804+00:00", "graphnode": "None"}, "GSL -- WIDS": {"id": 7, "name": "GSL -- WIDS", "contact": "Dan Nietfeld", "email": "[email protected]", "updated": "2023-01-24 15:05:20.627123+00:00", "graphnode": "None"}, "PMEL": {"id": 8, "name": "PMEL", "contact": "Eugene Burger", "email": "[email protected]", "updated": "2023-01-24 18:43:24.313756+00:00", "graphnode": "None"}, "GSL -- WIDS - WIZARD": {"id": 9, "name": "GSL -- WIDS - WIZARD", "contact": "Jebb Stewart", "email": "[email protected]", "updated": "2023-01-24 20:44:27.029983+00:00", "graphnode": "None"}}}

sites/admin.py

@@ -51,7 +51,7 @@ class UniqueuserAdmin(admin.ModelAdmin):
 
 class AttributeGroupAdmin(admin.ModelAdmin):
     #list_display = ('name', 'attributes', 'graph_node_id')
-    list_display = ('name', 'grouptype', 'clearattrs', 'attributes')
+    list_display = ('name', 'grouptype', 'attributes')
     list_display_links = list_display
     readonly_fields = list_display
 

sites/management/commands/add_orgs_and_projects.py

@@ -0,0 +1,35 @@
+# https://stackoverflow.com/questions/19475955/using-django-models-in-external-python-script
+from django.core.management.base import BaseCommand
+from sites.models import get_or_add_project
+import json
+import ast
+
+class Command(BaseCommand):
+    help = "Adds all Organizations, Keys, and Projects found in the file created by dump_orgs_and_projects.py"
+
+    def add_arguments(self, parser):
+        parser.add_argument('filename', type=str)
+
+    def handle(self, *args, **options):
+
+        filename = options['filename']
+        print('filename: ' + filename)
+
+        fp = open(filename, 'r')
+        datastr = fp.read()
+        fp.close
+        #print('datastr: ' + str(datastr))
+
+        data = json.loads(datastr)
+        #print('data: ' + str(data))
+
+        for p in data.keys():
+            print("   project: " + str(p))
+        #    thisp = {}
+        #    thisp['name'] = str(k)
+        #    for a in projects[k].keys():
+        #        thisp[a] = projects[k][a] 
+        #    print('np = get_or_add_project(' + str(thisp) + ')')
+        #    np = get_or_add_project(thisp)
+        #    print("   np: " + str(np))
+

sites/management/commands/dump_orgs_and_projects.py

@@ -0,0 +1,48 @@
+# https://stackoverflow.com/questions/19475955/using-django-models-in-external-python-script
+from django.core.management.base import BaseCommand
+from django.utils import timezone
+
+from sites.models import Project, Key, Organization
+
+class Command(BaseCommand):
+    help = "Dumps Projects and Organiations in JSON"
+
+    def handle(self, *args, **options):
+
+        allproj = Project.objects.all()
+        allkey = Key.objects.all()
+        allorg = Organization.objects.all()
+
+        data = {}
+        pret = {}
+        data["projects"] = pret
+        for p in allproj:
+            pret[str(p)] = {}
+            for (k,v) in p.get_fields():
+                pret[str(p)][str(k)] = str(v)
+        print("      pret = " + str(pret))
+
+        kret = {}
+        data["keys"] = kret
+        for v in allkey:
+            kret[str(v)] = v.get_key()
+        print("      kret = " + str(kret))
+
+        oret = {}
+        data["organizations"] = oret
+        for o in allorg:
+            oret[str(o)] = {}
+            for (k,v) in o.get_fields():
+                oret[str(o)][str(k)] = v
+        print("      oret = " + str(oret))
+
+        data = str(data).replace("'", '"', 1000000)
+        now = str(timezone.now())
+        now = now[0:19]
+        fname = now.replace(' ', '_')
+        fname = fname.replace('-', '', 3)
+        fname = 'SSOP_' + fname.replace(':', '', 4) + '.json'
+        print("wrote " + str(fname))
+        fp = open(fname, 'w')
+        fp.write(str(data))
+        fp.close()

sites/models.py

@@ -156,6 +156,9 @@ def is_enabled(self):
     def append_access_token(self):
         return self.queryparam
 
+    def get_fields(self):
+        return [(field.name, getattr(self,field.name)) for field in Project._meta.fields]
+
 
 class Attributes(models.Model):
     fingerprint = models.CharField(max_length=150, default='setme')
@@ -541,12 +544,25 @@ def save(self, *args, **kwargs):
         if self.initstate():
             super(Organization, self).save(*args, **kwargs)
 
+    def get_fields(self):
+        retlist =  []
+        for field in Organization._meta.fields:
+            k = field.name
+            v = getattr(self,field.name)
+            if v is None:
+                v = "None"
+            if str(k) == 'updated':
+                v = str(v)
+            retlist.append((k,v))
+            retlist.append((k,v))
+        return retlist
+
 
 class AttributeGroup(models.Model):
     name = models.CharField(max_length=150, default='setme')
     grouptype = models.ForeignKey('sites.NodeType', null=True, blank=True, on_delete=models.CASCADE)
     attrs = models.ManyToManyField(Attributes, related_name='AttributeGroup_attrs', verbose_name='Attrs')
-    decodedattrs = models.TextField(default='setme')
+    #decodedattrs = models.TextField(default='setme')
     #graphnode = models.ForeignKey('sites.GraphNode', null=True, blank=True, on_delete=models.SET_NULL)
 
     def __str__(self):
@@ -570,16 +586,16 @@ def initstate(self):
             #    self.graphnode = gn
             need_to_save = True
 
-        if 'setme' in self.decodedattrs:
-            if self.attrs is not None:
-                dattrs = "Decoded attributes not available."
-                if settings.DEBUG:
-                    dattrs = ''
-                    for a in self.attrs:
-                        dattrs = dattrs + a.clearattrs() + ', '
-                    dattrs = dattrs[:-2]
-                self.decodedattrs = dattrs
-                need_to_save = True
+        #if 'setme' in self.decodedattrs:
+        #    if self.attrs is not None:
+        #        dattrs = "Decoded attributes not available."
+        #        if settings.DEBUG:
+        #            dattrs = ''
+        #            for a in self.attrs:
+        #                dattrs = dattrs + a.clearattrs() + ', '
+        #            dattrs = dattrs[:-2]
+        #        self.decodedattrs = dattrs
+        #        need_to_save = True
         return need_to_save
 
     def save(self, *args, **kwargs):

ssop/settings.py

@@ -226,8 +226,8 @@ def get_secret(key):
 elif SSOP_DEPLOY_ENV == "Integration":
     DEPLOY_ENV_COLOR = '#99ff99'  # light green
     DEPLOY_ENV_TEXT_COLOR = 'black'
-    SERVER_FQDN = '?.gsd.esrl.noaa.gov'
-    SERVER_IP = '137.75.164.y'
+    SERVER_FQDN = 'gsl-webssop.gsd.esrl.noaa.gov'
+    SERVER_IP = '137.75.133.109'
 
 elif SSOP_DEPLOY_ENV == "Production":
     DEPLOY_ENV_COLOR = "#3399ff"  # blue
@@ -236,7 +236,7 @@ def get_secret(key):
     SERVER_IP = '137.75.164.x'
 
 else:
-    msg = "environment variable QRBA3_DEPLOY_ENVIRONMENT not set.  " \
+    msg = "environment variable SSOP_DEPLOY_ENVIRONMENT not set.  " \
           "Supported values: Development, Integration, Production"
     print(msg)
     sys.exit(-1)
@@ -272,21 +272,14 @@ def get_secret(key):
     },
 ]
 
-
 # Internationalization
 # https://docs.djangoproject.com/en/3.2/topics/i18n/
-
 LANGUAGE_CODE = 'en-us'
-
 TIME_ZONE = 'UTC'
-
 USE_I18N = True
-
 USE_L10N = True
-
 USE_TZ = True
 
-
 # Static files (CSS, JavaScript, Images)
 # https://docs.djangoproject.com/en/3.2/howto/static-files/
 
@@ -307,8 +300,8 @@ def get_secret(key):
 LOGINDOTGOV_CLIENT_ASSERTION_TYPE = 'urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer'
 LOGINDOTGOV_SCOPE = 'openid+email+profile+first_name+last_name'
 LOGINDOTGOV_RETURN_TO = 'https://gsl.noaa.gov/ssop/ldg_authenticated'
-LOGINDOTGOV_AUTHENTICATED_REDIRECT = 'https://gsl.noaa.gov/ssop/static/test.html'
-LOGINDOTGOV_AUTHENTICATED_REDIRECT2 = 'https://gsl.noaa.gov/ssop/static/test2.html'
+#LOGINDOTGOV_AUTHENTICATED_REDIRECT = 'https://gsl.noaa.gov/ssop/static/test.html'
+#LOGINDOTGOV_AUTHENTICATED_REDIRECT2 = 'https://gsl.noaa.gov/ssop/static/test2.html'
 LOGINDOTGOV_ERROR_REDIRECT = 'https://gsl.noaa.gov/ssop/oops'
 LOGINDOTGOV_LOGOUT_URI = 'https://gsl.noaa.gov/ssop/sites'
 
@@ -333,10 +326,10 @@ def get_secret(key):
 JWTSAFELEN = 30
 
 # JWT expiration time in seconds -- will be added to current UTC
-JWTEXP = 3600
+JWTEXP = 300
 
 # Attributes one-time access token lifetime in seconds
-ATTRS_ACCESS_TOKEN_LIFETIME = 600
+ATTRS_ACCESS_TOKEN_LIFETIME = JWTEXP
 DATA_AT_REST_KEY_ATTRS = get_secret('DATA_AT_REST_KEY_ATTRS')
 
 # for graphing

ssop/urls.py

@@ -26,9 +26,6 @@
     path('logout/', logout, name='logout'),
     path('logout/<str:connection_state>/', logout, name='logout'),
     path('sites/', include(('sites.urls', 'sites'), namespace='sb')),
-    path('sb/', include(('sites.urls', 'sites'), namespace='sb')),
-    path('ssop/sites/', include(('sites.urls', 'sites'), namespace='ssop_sb')),
-    path('ssop/sb/', include(('sites.urls', 'sites'), namespace='ssop_sb')),
     path('', index, 'index'),
     path('ssop/', index, 'index'),
     path('ssop/ldg_authenticated', ldg_authenticated, name='ssop_ldg_authenticated'),
@@ -45,4 +42,7 @@
     path('ssop/demohdr', demoapp_authorization, name='ssop_demohdr'),
     path('ssop/firewxtb/', firewxtb, name='ssop_firewxtb'),
     path('ssop/firewxoops/', firewxoops, name='ssop_firewxoops'),
+    path('sb/', include(('sites.urls', 'sites'), namespace='sb')),
+    path('ssop/sites/', include(('sites.urls', 'sites'), namespace='ssop_sb')),
+    path('ssop/sb/', include(('sites.urls', 'sites'), namespace='ssop_sb')),
 ]