Remove social oauth (Azure, Github, Google) (#15549)

Remove social oauth (Azure, Github, Google)

Co-authored-by: jessicamack <[email protected]>

awx/api/views/__init__.py

@@ -689,8 +689,8 @@ def get(self, request):
  data = OrderedDict()
  err_backend, err_message = request.session.get('social_auth_error', (None, None))
  auth_backends = list(load_backends(settings.AUTHENTICATION_BACKENDS, force_load=True).items())
- # Return auth backends in consistent order: Google, GitHub, SAML.
- auth_backends.sort(key=lambda x: 'g' if x[0] == 'google-oauth2' else x[0])
+ # Return auth backends in consistent order: oidc, saml.
+ auth_backends.sort(key=lambda x: x[0])
  for name, backend in auth_backends:
  login_url = reverse('social:begin', args=(name,))
  complete_url = request.build_absolute_uri(reverse('social:complete', args=(name,)))

awx/conf/migrations/0011_remove_social_oauth_conf.py

@@ -0,0 +1,82 @@
+# Generated by Django 4.2.10 on 2024-08-13 11:14
+
+from django.db import migrations
+
+SOCIAL_OAUTH_CONF_KEYS = [
+ # MICROSOFT AZURE ACTIVE DIRECTORY SETTINGS
+ 'SOCIAL_AUTH_AZUREAD_OAUTH2_CALLBACK_URL',
+ 'SOCIAL_AUTH_AZUREAD_OAUTH2_KEY',
+ 'SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET',
+ 'SOCIAL_AUTH_AZUREAD_OAUTH2_ORGANIZATION_MAP',
+ 'SOCIAL_AUTH_AZUREAD_OAUTH2_TEAM_MAP',
+ # GOOGLE OAUTH2 AUTHENTICATION SETTINGS
+ 'SOCIAL_AUTH_GOOGLE_OAUTH2_CALLBACK_URL',
+ 'SOCIAL_AUTH_GOOGLE_OAUTH2_KEY',
+ 'SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET',
+ 'SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS',
+ 'SOCIAL_AUTH_GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS',
+ 'SOCIAL_AUTH_GOOGLE_OAUTH2_ORGANIZATION_MAP',
+ 'SOCIAL_AUTH_GOOGLE_OAUTH2_TEAM_MAP',
+ # GITHUB OAUTH2 AUTHENTICATION SETTINGS
+ 'SOCIAL_AUTH_GITHUB_CALLBACK_URL',
+ 'SOCIAL_AUTH_GITHUB_KEY',
+ 'SOCIAL_AUTH_GITHUB_SECRET',
+ 'SOCIAL_AUTH_GITHUB_ORGANIZATION_MAP',
+ 'SOCIAL_AUTH_GITHUB_TEAM_MAP',
+ # GITHUB ORG OAUTH2 AUTHENTICATION SETTINGS
+ 'SOCIAL_AUTH_GITHUB_ORG_CALLBACK_URL',
+ 'SOCIAL_AUTH_GITHUB_ORG_KEY',
+ 'SOCIAL_AUTH_GITHUB_ORG_SECRET',
+ 'SOCIAL_AUTH_GITHUB_ORG_NAME',
+ 'SOCIAL_AUTH_GITHUB_ORG_ORGANIZATION_MAP',
+ 'SOCIAL_AUTH_GITHUB_ORG_TEAM_MAP',
+ # GITHUB TEAM OAUTH2 AUTHENTICATION SETTINGS
+ 'SOCIAL_AUTH_GITHUB_TEAM_CALLBACK_URL',
+ 'SOCIAL_AUTH_GITHUB_TEAM_KEY',
+ 'SOCIAL_AUTH_GITHUB_TEAM_SECRET',
+ 'SOCIAL_AUTH_GITHUB_TEAM_ID',
+ 'SOCIAL_AUTH_GITHUB_TEAM_ORGANIZATION_MAP',
+ 'SOCIAL_AUTH_GITHUB_TEAM_TEAM_MAP',
+ # GITHUB ENTERPRISE OAUTH2 AUTHENTICATION SETTINGS
+ 'SOCIAL_AUTH_GITHUB_ENTERPRISE_CALLBACK_URL',
+ 'SOCIAL_AUTH_GITHUB_ENTERPRISE_URL',
+ 'SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL',
+ 'SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY',
+ 'SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET',
+ 'SOCIAL_AUTH_GITHUB_ENTERPRISE_ORGANIZATION_MAP',
+ 'SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_MAP',
+ # GITHUB ENTERPRISE ORG OAUTH2 AUTHENTICATION SETTINGS
+ 'SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_CALLBACK_URL',
+ 'SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_URL',
+ 'SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_API_URL',
+ 'SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_KEY',
+ 'SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_SECRET',
+ 'SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_NAME',
+ 'SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_ORGANIZATION_MAP',
+ 'SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_TEAM_MAP',
+ # GITHUB ENTERPRISE TEAM OAUTH2 AUTHENTICATION SETTINGS
+ 'SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_CALLBACK_URL',
+ 'SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_URL',
+ 'SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_API_URL',
+ 'SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_KEY',
+ 'SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_SECRET',
+ 'SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ID',
+ 'SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ORGANIZATION_MAP',
+ 'SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_TEAM_MAP',
+]
+
+
+def remove_social_oauth_conf(apps, scheme_editor):
+ setting = apps.get_model('conf', 'Setting')
+ setting.objects.filter(key__in=SOCIAL_OAUTH_CONF_KEYS).delete()
+
+
+class Migration(migrations.Migration):
+
+ dependencies = [
+ ('conf', '0010_change_to_JSONField'),
+ ]
+
+ operations = [
+ migrations.RunPython(remove_social_oauth_conf),
+ ]

awx/main/tests/functional/api/test_settings.py

@@ -221,48 +221,3 @@ def test_saml_x509cert_validation(patch, get, admin, headers):
  },
  )
  assert resp.status_code == 200
-
-
-@pytest.mark.django_db
-def test_github_settings(get, put, patch, delete, admin):
- url = reverse('api:setting_singleton_detail', kwargs={'category_slug': 'github'})
- get(url, user=admin, expect=200)
- delete(url, user=admin, expect=204)
- response = get(url, user=admin, expect=200)
- data = dict(response.data.items())
- put(url, user=admin, data=data, expect=200)
- patch(url, user=admin, data={'SOCIAL_AUTH_GITHUB_KEY': '???'}, expect=200)
- response = get(url, user=admin, expect=200)
- assert response.data['SOCIAL_AUTH_GITHUB_KEY'] == '???'
- data.pop('SOCIAL_AUTH_GITHUB_KEY')
- put(url, user=admin, data=data, expect=200)
- response = get(url, user=admin, expect=200)
- assert response.data['SOCIAL_AUTH_GITHUB_KEY'] == ''
-
-
-@pytest.mark.django_db
-def test_github_enterprise_settings(get, put, patch, delete, admin):
- url = reverse('api:setting_singleton_detail', kwargs={'category_slug': 'github-enterprise'})
- get(url, user=admin, expect=200)
- delete(url, user=admin, expect=204)
- response = get(url, user=admin, expect=200)
- data = dict(response.data.items())
- put(url, user=admin, data=data, expect=200)
- patch(
- url,
- user=admin,
- data={
- 'SOCIAL_AUTH_GITHUB_ENTERPRISE_URL': 'example.com',
- 'SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL': 'example.com',
- },
- expect=200,
- )
- response = get(url, user=admin, expect=200)
- assert response.data['SOCIAL_AUTH_GITHUB_ENTERPRISE_URL'] == 'example.com'
- assert response.data['SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL'] == 'example.com'
- data.pop('SOCIAL_AUTH_GITHUB_ENTERPRISE_URL')
- data.pop('SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL')
- put(url, user=admin, data=data, expect=200)
- response = get(url, user=admin, expect=200)
- assert response.data['SOCIAL_AUTH_GITHUB_ENTERPRISE_URL'] == ''
- assert response.data['SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL'] == ''

awx/settings/defaults.py

@@ -392,15 +392,7 @@
 }
 
 AUTHENTICATION_BACKENDS = (
- 'social_core.backends.google.GoogleOAuth2',
- 'social_core.backends.github.GithubOAuth2',
- 'social_core.backends.github.GithubOrganizationOAuth2',
- 'social_core.backends.github.GithubTeamOAuth2',
- 'social_core.backends.github_enterprise.GithubEnterpriseOAuth2',
- 'social_core.backends.github_enterprise.GithubEnterpriseOrganizationOAuth2',
- 'social_core.backends.github_enterprise.GithubEnterpriseTeamOAuth2',
  'social_core.backends.open_id_connect.OpenIdConnectAuth',
- 'social_core.backends.azuread.AzureADOAuth2',
  'awx.sso.backends.SAMLAuth',
  'awx.main.backends.AWXModelBackend',
 )
@@ -518,41 +510,6 @@
 SOCIAL_AUTH_REDIRECT_IS_HTTPS = False
 
 # Note: These settings may be overridden by database settings.
-SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = ''
-SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = ''
-SOCIAL_AUTH_GOOGLE_OAUTH2_SCOPE = ['profile']
-
-SOCIAL_AUTH_GITHUB_KEY = ''
-SOCIAL_AUTH_GITHUB_SECRET = ''
-SOCIAL_AUTH_GITHUB_SCOPE = ['user:email', 'read:org']
-
-SOCIAL_AUTH_GITHUB_ORG_KEY = ''
-SOCIAL_AUTH_GITHUB_ORG_SECRET = ''
-SOCIAL_AUTH_GITHUB_ORG_NAME = ''
-SOCIAL_AUTH_GITHUB_ORG_SCOPE = ['user:email', 'read:org']
-
-SOCIAL_AUTH_GITHUB_TEAM_KEY = ''
-SOCIAL_AUTH_GITHUB_TEAM_SECRET = ''
-SOCIAL_AUTH_GITHUB_TEAM_ID = ''
-SOCIAL_AUTH_GITHUB_TEAM_SCOPE = ['user:email', 'read:org']
-
-SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY = ''
-SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET = ''
-SOCIAL_AUTH_GITHUB_ENTERPRISE_SCOPE = ['user:email', 'read:org']
-
-SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_KEY = ''
-SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_SECRET = ''
-SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_NAME = ''
-SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_SCOPE = ['user:email', 'read:org']
-
-SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_KEY = ''
-SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_SECRET = ''
-SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ID = ''
-SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_SCOPE = ['user:email', 'read:org']
-
-SOCIAL_AUTH_AZUREAD_OAUTH2_KEY = ''
-SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET = ''
-
 SOCIAL_AUTH_SAML_SP_ENTITY_ID = ''
 SOCIAL_AUTH_SAML_SP_PUBLIC_CERT = ''
 SOCIAL_AUTH_SAML_SP_PRIVATE_KEY = ''