[#485] tokenauth setup configuration

docker/setup_configuration/data.yaml

@@ -1,3 +1,10 @@
+sites_config_enable: true
+sites_config:
+  items:
+  - domain: example.com
+    name: Example site
+
+
 zgw_consumers_config_enable: true
 zgw_consumers:
   services:
@@ -19,20 +26,36 @@ zgw_consumers:
     header_key: Authorization
     header_value: Token ba9d233e95e04c4a8a661a27daffe7c9bd019067
 
+
 notifications_config_enable: true
 notifications_config:
   notifications_api_service_identifier: notifications-api
   notification_delivery_max_retries: 1
   notification_delivery_retry_backoff: 2
   notification_delivery_retry_backoff_max: 3
 
+
 objecttypes_config_enable: true
 objecttypes:
   items:
     - uuid: b427ef84-189d-43aa-9efd-7bb2c459e281
       name: Object Type 1
       service_identifier: objecttypes-api
 
+
+tokenauth_config_enable: true
+tokenauth:
+  items:
+    - identifier: token-1
+      token: 18b2b74ef994314b84021d47b9422e82b685d82f
+      contact_person: Person 1
+      email: [email protected]
+      organization: Organization 1
+      application: Application 1
+      administration: Administration 1
+      is_superuser: true
+
+
 oidc_db_config_enable: true
 oidc_db_config_admin_auth:
   items:

docs/installation/config.rst

@@ -82,10 +82,11 @@ Optional
 * ``EMAIL_HOST_PASSWORD``: password to connect to the mail server. Defaults to: ``(empty string)``.
 * ``EMAIL_USE_TLS``: whether to use TLS or not to connect to the mail server. Should be True if you're changing the ``EMAIL_PORT`` to 487. Defaults to: ``False``.
 * ``DEFAULT_FROM_EMAIL``: The default email address from which emails are sent. Defaults to: ``[email protected]``.
-* ``LOG_STDOUT``: whether to log to stdout or not. Defaults to: ``False``.
+* ``LOG_STDOUT``: whether to log to stdout or not. Defaults to: ``True``.
 * ``LOG_LEVEL``: control the verbosity of logging output. Available values are ``CRITICAL``, ``ERROR``, ``WARNING``, ``INFO`` and ``DEBUG``. Defaults to: ``WARNING``.
 * ``LOG_QUERIES``: enable (query) logging at the database backend level. Note that you must also set ``DEBUG=1``, which should be done very sparingly!. Defaults to: ``False``.
 * ``LOG_REQUESTS``: enable logging of the outgoing requests. Defaults to: ``False``.
+* ``CELERY_LOGLEVEL``: control the verbosity of logging output for celery, independent of ``LOG_LEVEL``. Available values are ``CRITICAL``, ``ERROR``, ``WARNING``, ``INFO`` and ``DEBUG``. Defaults to: ``INFO``.
 * ``SESSION_COOKIE_AGE``: For how long, in seconds, the session cookie will be valid. Defaults to: ``1209600``.
 * ``SESSION_COOKIE_SAMESITE``: The value of the SameSite flag on the session cookie. This flag prevents the cookie from being sent in cross-site requests thus preventing CSRF attacks and making some methods of stealing session cookie impossible.Currently interferes with OIDC. Keep the value set at Lax if used. Defaults to: ``Lax``.
 * ``CSRF_COOKIE_SAMESITE``: The value of the SameSite flag on the CSRF cookie. This flag prevents the cookie from being sent in cross-site requests. Defaults to: ``Strict``.

docs/installation/config_cli.rst

@@ -106,6 +106,28 @@ created. An example of a configuration could be seen below:
 
 Tokens configuration
 --------------------
+Create or update the (single) YAML configuration file with your settings:
+
+.. code-block:: yaml
+
+   ...
+    tokenauth_config_enable: true
+    tokenauth:
+      items:
+        - identifier: token-1
+          token: ba9d233e95e04c4a8a661a27daffe7c9bd019067
+          contact_person: Person 1
+          email: [email protected]
+          organization: Organization XYZ # optional
+          application: Application XYZ # optional
+          administration: Administration XYZ # optional
+          is_superuser: true # optional
+
+        - identifier: token-2
+          token: 7b2b212d9f16d171a70a1d927cdcfbd5ca7a4799
+          contact_person: Person 2
+          email: [email protected]
+   ...
 
 Mozilla-django-oidc-db
 ----------------------

requirements/base.in

@@ -6,6 +6,7 @@ jsonschema
 furl
 
 # Common ground libraries
+django-setup-configuration>=0.5.0
 notifications-api-common[setup-configuration]
 zgw-consumers[setup-configuration]
 mozilla-django-oidc-db[setup-configuration]

requirements/base.txt

@@ -153,8 +153,9 @@ django-sendfile2==0.7.0
     # via django-privates
 django-sessionprofile==3.0.0
     # via open-api-framework
-django-setup-configuration==0.4.0
+django-setup-configuration==0.5.0
     # via
+    #   -r requirements/base.in
     #   mozilla-django-oidc-db
     #   notifications-api-common
     #   open-api-framework
@@ -251,7 +252,7 @@ notifications-api-common[setup-configuration]==0.4.0
     # via
     #   -r requirements/base.in
     #   commonground-api-common
-open-api-framework==0.9.0
+open-api-framework==0.9.1
     # via -r requirements/base.in
 orderedmultidict==1.0.1
     # via furl

requirements/ci.txt

@@ -239,7 +239,7 @@ django-sessionprofile==3.0.0
     # via
     #   -r requirements/base.txt
     #   open-api-framework
-django-setup-configuration==0.4.0
+django-setup-configuration==0.5.0
     # via
     #   -r requirements/base.txt
     #   mozilla-django-oidc-db
@@ -411,7 +411,7 @@ notifications-api-common[setup-configuration]==0.4.0
     # via
     #   -r requirements/base.txt
     #   commonground-api-common
-open-api-framework==0.9.0
+open-api-framework==0.9.1
     # via -r requirements/base.txt
 orderedmultidict==1.0.1
     # via

requirements/dev.txt

@@ -254,7 +254,7 @@ django-sessionprofile==3.0.0
     # via
     #   -r requirements/base.txt
     #   open-api-framework
-django-setup-configuration==0.4.0
+django-setup-configuration==0.5.0
     # via
     #   -r requirements/base.txt
     #   mozilla-django-oidc-db
@@ -433,7 +433,7 @@ notifications-api-common[setup-configuration]==0.4.0
     # via
     #   -r requirements/base.txt
     #   commonground-api-common
-open-api-framework==0.9.0
+open-api-framework==0.9.1
     # via -r requirements/base.txt
 orderedmultidict==1.0.1
     # via

src/objects/conf/base.py

@@ -84,8 +84,9 @@
 # Django setup configuration
 #
 SETUP_CONFIGURATION_STEPS = (
+    "django_setup_configuration.contrib.sites.steps.SitesConfigurationStep",
     "zgw_consumers.contrib.setup_configuration.steps.ServiceConfigurationStep",
     "notifications_api_common.contrib.setup_configuration.steps.NotificationConfigurationStep",
-    "objects.setup_configuration.steps.objecttypes.ObjectTypesConfigurationStep",
     "mozilla_django_oidc_db.setup_configuration.steps.AdminOIDCConfigurationStep",
+    "objects.setup_configuration.steps.token_auth.TokenAuthConfigurationStep",
 )

src/objects/fixtures/demodata.json

@@ -779,7 +779,8 @@
         "organization": "",
         "last_modified": "2020-12-23T11:43:16.820Z",
         "created": "2020-12-22T16:27:00.751Z",
-        "token": "cd63e158f3aca276ef284e3033d020a22899c728"
+        "token": "cd63e158f3aca276ef284e3033d020a22899c728",
+        "identifier": "token-1"
     }
 },
 {

src/objects/setup_configuration/models/token_auth.py

@@ -0,0 +1,23 @@
+from django_setup_configuration.models import ConfigurationModel
+
+from objects.token.models import TokenAuth
+
+
+class TokenAuthConfigurationModel(ConfigurationModel):
+    class Meta:
+        django_model_refs = {
+            TokenAuth: (
+                "identifier",
+                "token",
+                "contact_person",
+                "email",
+                "organization",
+                "application",
+                "administration",
+                "is_superuser",
+            )
+        }
+
+
+class TokenAuthGroupConfigurationModel(ConfigurationModel):
+    items: list[TokenAuthConfigurationModel]

src/objects/setup_configuration/steps/token_auth.py

@@ -0,0 +1,75 @@
+import logging
+
+from django.core.exceptions import ValidationError
+from django.db import IntegrityError
+
+from django_setup_configuration.configuration import BaseConfigurationStep
+from django_setup_configuration.exceptions import ConfigurationRunFailed
+
+from objects.setup_configuration.models.token_auth import (
+    TokenAuthGroupConfigurationModel,
+)
+from objects.token.models import TokenAuth
+
+logger = logging.getLogger(__name__)
+
+
+class TokenAuthConfigurationStep(
+    BaseConfigurationStep[TokenAuthGroupConfigurationModel]
+):
+    """
+    Configure tokens for other applications to access Objects API
+    """
+
+    namespace = "tokenauth"
+    enable_setting = "tokenauth_config_enable"
+
+    verbose_name = "Configuration to set up authentication tokens for objects"
+    config_model = TokenAuthGroupConfigurationModel
+
+    def execute(self, model: TokenAuthGroupConfigurationModel) -> None:
+        if len(model.items) == 0:
+            logger.warning("No tokens provided for configuration")
+
+        for item in model.items:
+            logger.info(f"Configuring {item.identifier}")
+
+            model_kwargs = {
+                "identifier": item.identifier,
+                "token": item.token,
+                "contact_person": item.contact_person,
+                "email": item.email,
+                "organization": item.organization,
+                "application": item.application,
+                "administration": item.administration,
+                "is_superuser": item.is_superuser,
+            }
+
+            token_instance = TokenAuth(**model_kwargs)
+
+            try:
+                token_instance.full_clean(exclude=("id",), validate_unique=False)
+            except ValidationError as exception:
+                exception_message = (
+                    f"Validation error(s) occured for {item.identifier}."
+                )
+                raise ConfigurationRunFailed(exception_message) from exception
+
+            logger.debug(f"No validation errors found for {item.identifier}")
+
+            try:
+                logger.debug(f"Saving {item.identifier}")
+
+                TokenAuth.objects.update_or_create(
+                    identifier=item.identifier,
+                    defaults={
+                        key: value
+                        for key, value in model_kwargs.items()
+                        if key != "identifier"
+                    },
+                )
+            except IntegrityError as exception:
+                exception_message = f"Failed configuring token {item.identifier}."
+                raise ConfigurationRunFailed(exception_message) from exception
+
+            logger.info(f"Configured {item.identifier}")

src/objects/setup_configuration/tests/files/token_auth/invalid_setup.yaml

@@ -0,0 +1,3 @@
+tokenauth_config_enable: true
+tokenauth:
+  items:

src/objects/setup_configuration/tests/files/token_auth/valid_setup_complete.yaml

@@ -0,0 +1,20 @@
+tokenauth_config_enable: true
+tokenauth:
+  items:
+    - identifier: token-1
+      token: 18b2b74ef994314b84021d47b9422e82b685d82f
+      contact_person: Person 1
+      email: [email protected]
+      organization: Organization 1
+      application: Application 1
+      administration: Administration 1
+      is_superuser: True
+
+    - identifier: token-2
+      token: e882642bd0ec2482adcdc97258c2e6f98cb06d85
+      contact_person: Person 2
+      email: [email protected]
+      organization: Organization 2
+      application: Application 2
+      administration: Administration 2
+      is_superuser: True

src/objects/setup_configuration/tests/files/token_auth/valid_setup_default.yaml

@@ -0,0 +1,12 @@
+tokenauth_config_enable: true
+tokenauth:
+  items:
+    - identifier: token-1
+      token: 18b2b74ef994314b84021d47b9422e82b685d82f
+      contact_person: Person 1
+      email: [email protected]
+
+    - identifier: token-2
+      token: e882642bd0ec2482adcdc97258c2e6f98cb06d85
+      contact_person: Person 2
+      email: [email protected]