Commit 2aad606e authored by Tanner Prestegard's avatar Tanner Prestegard Committed by GraceDB

Delete RobotUser model

This was an exact duplicate of the user model and basically just
provided a simple way to organize robot accounts.  It's not useful
anymore since we'll just use a Group going forward to organize
these accounts.
parent 7b1915a9
......@@ -103,13 +103,14 @@ Edit the migration to do what you want it to do. You could use this as a templat
]
def create_robots(apps, schema_editor):
RobotUser = apps.get_model('ligoauth', 'RobotUser')
User = apps.get_model('auth', 'User')
X509Cert = apps.get_model('ligoauth', 'X509Cert')
Group = apps.get_model('auth', 'Group')
lvc_group = Group.objects.get(name=settings.LVC_GROUP)
AuthGroup = apps.get_model('ligoauth', 'AuthGroup')
lvc_group = AuthGroup.objects.get(name=settings.LVC_GROUP)
robot_group = AuthGroup.objects.get(name='robot_accounts')
for entry in ROBOTS:
user, created = RobotUser.objects.get_or_create(username=entry['username'])
user, created = User.objects.get_or_create(username=entry['username'])
if created:
user.first_name = entry['first_name']
user.last_name = entry['last_name']
......@@ -121,10 +122,8 @@ Edit the migration to do what you want it to do. You could use this as a templat
# Create the cert objects and link them to our user.
for dn in entry['dns']:
cert, created = X509Cert.objects.get_or_create(subject=dn)
if created:
cert.save()
cert.users.add(user)
cert, created = X509Cert.objects.get_or_create(subject=dn,
user=user)
# Add our user to the LVC group. This permission is required to
# do most things, but may *NOT* always be appropriate. It may
......@@ -132,14 +131,17 @@ Edit the migration to do what you want it to do. You could use this as a templat
# a particular pipeline.
lvc_group.user_set.add(user)
# Add user to robot accounts
robot_group.user_set.add(user)
def delete_robots(apps, schema_editor):
RobotUser = apps.get_model('ligoauth', 'RobotUser')
User = apps.get_model('auth', 'User')
X509Cert = apps.get_model('ligoauth', 'X509Cert')
for entry in ROBOTS:
for dn in entry['dns']:
X509Cert.objects.get(subject=dn).delete()
RobotUser.objects.get(username=entry['username']).delete()
User.objects.get(username=entry['username']).delete()
class Migration(migrations.Migration):
......
from django.contrib import admin
from .models import RobotUser, LigoLdapUser, X509Cert
from .models import LigoLdapUser, X509Cert
class LigoLdapUserAdmin(admin.ModelAdmin):
list_display = ['username', 'first_name', 'last_name']
......@@ -10,6 +10,5 @@ class X509CertAdmin(admin.ModelAdmin):
list_display = ['subject']
search_fields = ['subject']
admin.site.register(RobotUser)
admin.site.register(LigoLdapUser, LigoLdapUserAdmin)
admin.site.register(X509Cert, X509CertAdmin)
......@@ -85,11 +85,6 @@ class ShibbolethWebAuthMiddleware(PersistentRemoteUserMiddleware):
the Shibboleth session. Session group data is treated as definitive.
"""
# Don't do anything if the user is a robot account since their group
# memberships are managed internally.
if hasattr(user, 'robotuser'):
return
# Get groups from session which are in database as a QuerySet
session_group_names = request.META.get(cls.group_header, '').split(
cls.group_delimiter)
......
# -*- coding: utf-8 -*-
# Generated by Django 1.11.20 on 2019-06-18 18:03
from __future__ import unicode_literals
from django.db import migrations
class Migration(migrations.Migration):
dependencies = [
('events', '0034_add_subgrb_search'),
('superevents', '0002_fix_permission_typo'),
('alerts', '0003_add_created_updated_time_fields_to_notification'),
('django_twilio', '0001_initial'),
('admin', '0002_logentry_remove_auto_add'),
('guardian', '0005_authorize_raven_users_to_populate_pipelines'),
('user_sessions', '0003_auto_20161205_1516'),
('ligoauth', '0045_populate_robot_accounts_authgroup'),
]
# NOTE: I (TP) commented out the RemoveField operation since it was giving
# an error like (1090, "You can't delete all columns with ALTER TABLE; use
# DROP TABLE instead"). There are a few issues about this:
# https://code.djangoproject.com/ticket/27746
# https://code.djangoproject.com/ticket/24424
# It looks like it may be fixed in Django 2.2.2, so we can test it out once
# we get to that version.
operations = [
#migrations.RemoveField(
# model_name='robotuser',
# name='user_ptr',
#),
migrations.DeleteModel(
name='RobotUser',
),
]
from __future__ import unicode_literals
from django.db import models
from django.contrib.auth.models import User, Group
......@@ -18,11 +16,6 @@ class LigoLdapUser(User):
return u"{0} {1}".format(self.first_name, self.last_name).encode('utf-8')
# Class for robot accounts
class RobotUser(User):
pass
class X509Cert(models.Model):
"""Model for storing X.509 certificate subjects for API access"""
subject = models.CharField(max_length=255, unique=True, null=False)
......
......@@ -8,7 +8,7 @@ from django.urls import reverse
from user_sessions.middleware import SessionMiddleware
from ligoauth.models import RobotUser, AuthGroup
from ligoauth.models import AuthGroup
from ligoauth.middleware import (
ControlRoomMiddleware, ShibbolethWebAuthMiddleware,
)
......@@ -253,6 +253,14 @@ class TestShibbolethWebAuthMiddleware(GraceDbTestBase):
# Attach middleware to class
cls.mw_instance = ShibbolethWebAuthMiddleware()
@classmethod
def setUpTestData(cls):
super(TestShibbolethWebAuthMiddleware, cls).setUpTestData()
# Create robot group
cls.robot_group = AuthGroup.objects.create(name='robot_accounts',
ldap_name='robot_accounts_ldap_name')
def test_internal_user_authentication_post_login(self):
"""
Internal user can authenticate at post-login view with
......@@ -486,9 +494,10 @@ class TestShibbolethWebAuthMiddleware(GraceDbTestBase):
"""
Shib group header content is not used to add groups for a robotuser
"""
# Create a RobotUser and add to internal group
r_user = RobotUser.objects.create(username='robot.user')
# Create a robot user account
r_user = User.objects.create(username='robot.user')
r_user.groups.add(self.internal_group)
r_user.groups.add(self.robot_group)
# Create new group for testing
new_group = AuthGroup.objects.create(name='new_group',
......@@ -505,10 +514,12 @@ class TestShibbolethWebAuthMiddleware(GraceDbTestBase):
settings.SHIB_GROUPS_HEADER: groups_str,
})
# Make sure user just has internal group initially
self.assertEqual(r_user.groups.count(), 1)
# Make sure user just has internal and robot groups initially
self.assertEqual(r_user.groups.count(), 2)
self.assertTrue(r_user.groups.filter(
pk=self.internal_group.pk).exists())
self.assertTrue(r_user.groups.filter(
pk=self.robot_group.pk).exists())
# Necessary pre-processing middleware
SessionMiddleware().process_request(request)
......@@ -522,9 +533,11 @@ class TestShibbolethWebAuthMiddleware(GraceDbTestBase):
self.assertTrue(request.user.is_authenticated)
self.assertEqual(request.user.backend,
'ligoauth.backends.ShibbolethRemoteUserBackend')
self.assertEqual(r_user.groups.count(), 1)
self.assertEqual(r_user.groups.count(), 2)
self.assertTrue(r_user.groups.filter(
pk=self.internal_group.pk).exists())
self.assertTrue(r_user.groups.filter(
pk=self.robot_group.pk).exists())
self.assertFalse(r_user.groups.filter(
pk=new_group.pk).exists())
......@@ -532,9 +545,10 @@ class TestShibbolethWebAuthMiddleware(GraceDbTestBase):
"""
Shib group header content is not used to remove groups for a robotuser
"""
# Create a RobotUser and add to internal group
r_user = RobotUser.objects.create(username='robot.user')
# Create a robot user account
r_user = User.objects.create(username='robot.user')
r_user.groups.add(self.internal_group)
r_user.groups.add(self.robot_group)
# Create new group and add robotuser
new_group = AuthGroup.objects.create(name='new_group',
ldap_name='new_ldap_group')
......@@ -548,10 +562,12 @@ class TestShibbolethWebAuthMiddleware(GraceDbTestBase):
settings.SHIB_GROUPS_HEADER: self.internal_group.ldap_name,
})
# Make sure user has both groups initially
self.assertEqual(r_user.groups.count(), 2)
# Make sure user has three groups initially
self.assertEqual(r_user.groups.count(), 3)
self.assertTrue(r_user.groups.filter(
pk=self.internal_group.pk).exists())
self.assertTrue(r_user.groups.filter(
pk=self.robot_group.pk).exists())
self.assertTrue(r_user.groups.filter(
pk=new_group.pk).exists())
......@@ -567,9 +583,11 @@ class TestShibbolethWebAuthMiddleware(GraceDbTestBase):
self.assertTrue(request.user.is_authenticated)
self.assertEqual(request.user.backend,
'ligoauth.backends.ShibbolethRemoteUserBackend')
self.assertEqual(r_user.groups.count(), 2)
self.assertEqual(r_user.groups.count(), 3)
self.assertTrue(r_user.groups.filter(
pk=self.internal_group.pk).exists())
self.assertTrue(r_user.groups.filter(
pk=self.robot_group.pk).exists())
self.assertTrue(r_user.groups.filter(
pk=new_group.pk).exists())
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment