Merge branch 'esap-gateway-query' into 'master'

Esap gateway query

See merge request !98

esap/accounts/api/views.py

@@ -7,9 +7,24 @@ import base64
 import json
 import time
 import datetime
+from django.urls import reverse
+from django.conf import settings
 
 logger = logging.getLogger(__name__)
 
+import mozilla_django_oidc.utils
+
+# overriding 'absolutify' to be able to log the callback_url.
+# TODO: remove this when we get rid of the IAM cors errors
+def my_absolutify(request, path):
+    callback_url = request.build_absolute_uri(path)
+    #callback_url = request.build_absolute_uri(reverse('oidc_authentication_callback')).replace('http:','https:')
+    logger.info('callback_url = ' + callback_url)
+    return callback_url
+
+mozilla_django_oidc.utils.absolutify = my_absolutify
+
+
 class EsapQuerySchemaViewSet(viewsets.ModelViewSet):
     """
     API endpoint that allows EsapQuerySchemas to be viewed or edited.
@@ -76,9 +91,10 @@ class EsapUserProfileViewSet(viewsets.ModelViewSet):
                 oidc_id_token_expiration = self.request.session["oidc_id_token_expiration"]
                 now = time.time()
                 time_to_expire = round(oidc_id_token_expiration - now)
-                id_token_expiration = datetime.datetime.utcfromtimestamp(oidc_id_token_expiration).strftime('%Y-%m-%d %H:%M:%S')
+                id_token_expiration = datetime.datetime.utcfromtimestamp(oidc_id_token_expiration).strftime('%Y-%m-%dT%H:%M:%SZ')
 
                 logger.info('id_token expires in ' + str(time_to_expire) + " seconds")
+                logger.info('OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS: ' + str(settings.OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS))
 
                 # add the "===" to avoid an "Incorrect padding" exception
                 decoded_payload = base64.urlsafe_b64decode(token[1] + "===")

esap/accounts/my_oidc.py

 import logging
 from mozilla_django_oidc.auth import OIDCAuthenticationBackend
+
 from django.conf import settings
+
 from .models import EsapUserProfile
 logger = logging.getLogger(__name__)
 
@@ -37,4 +39,6 @@ class MyOIDCAB(OIDCAuthenticationBackend):
         verified = super(MyOIDCAB, self).verify_claims(claims)
         is_admin = 'admin' in claims.get('group', [])
         return verified
-        # return verified and is_admin
\ No newline at end of file
+        # return verified and is_admin
+
+

esap/esap/settings/base.py

@@ -27,6 +27,7 @@ CORS_ALLOW_CREDENTIALS = True
 # https://www.nginx.com/resources/wiki/start/topics/examples/forwarded/
 # https://docs.djangoproject.com/en/3.2/ref/settings/#use-x-forwarded-host
 USE_X_FORWARDED_HOST = True
+#SECURE_SSL_REDIRECT = True
 
 # SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
 
@@ -232,14 +233,15 @@ OIDC_OP_JWKS_ENDPOINT = os.environ['OIDC_OP_JWKS_ENDPOINT']
 OIDC_OP_AUTHORIZATION_ENDPOINT = os.environ['OIDC_OP_AUTHORIZATION_ENDPOINT']
 OIDC_OP_TOKEN_ENDPOINT = os.environ['OIDC_OP_TOKEN_ENDPOINT']
 OIDC_OP_USER_ENDPOINT = os.environ['OIDC_OP_USER_ENDPOINT']
+# OIDC_AUTHENTICATION_CALLBACK_URL = "https://sdc-dev.astron.nl/esap-api/oidc/callback/"
 
 OIDC_STORE_ACCESS_TOKEN = True
 OIDC_STORE_ID_TOKEN = True
 
-#try:
-#    OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS = float(os.environ['OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS'])
-#except:
-OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS = 3600
+try:
+   OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS = float(os.environ['OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS'])
+except:
+   OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS = 3600
 
 LOGIN_REDIRECT_URL = os.environ['LOGIN_REDIRECT_URL']
 LOGOUT_REDIRECT_URL = os.environ['LOGOUT_REDIRECT_URL']
@@ -264,7 +266,7 @@ STATIC_URL = '/static/'
 STATIC_ROOT = os.path.join(BASE_DIR, 'static')
 
 # configuration settings that can be requested through the REST API
-VERSION = "ESAP-API version 29 april 2021"
+VERSION = "ESAP-API version 20 juli 2021"
 CONFIGURATION_DIR = os.path.join(BASE_DIR, 'configuration')
 CONFIGURATION_FILE = 'esap_default'
 

esap/esap/settings/dev.py

@@ -18,6 +18,8 @@ IS_DEV = True
 CORS_ORIGIN_ALLOW_ALL = True
 CORS_ALLOW_CREDENTIALS = True
 
+SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+
 # Database
 DATABASE_ROUTERS = [
     'query.database_router.QueryRouter',
@@ -67,5 +69,6 @@ LOGOUT_REDIRECT_URL = "http://localhost:3000/esap-gui/logout"
 LOGIN_REDIRECT_URL_FAILURE = "http://localhost:3000/esap-gui/error"
 
 # to test refresh
-#OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS = 3600
+#OIDC_AUTHENTICATION_CALLBACK_URL = "https://sdc-dev.astron.nl/esap-api/oidc/callback/"
+OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS = 60
 #OIDC_EXEMPT_URLS = ['/esap-api/accounts/user-profiles']
\ No newline at end of file

esap/esap/settings/docker.py

@@ -8,11 +8,8 @@ import os
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 
-# Quick-start development settings - unsuitable for production
-# See https://docs.djangoproject.com/en/2.0/howto/deployment/checklist/
-
-# SECURITY WARNING: keep the secret key used in production secret!
-# SECRET_KEY = 'cie-((m#n$br$6l53yash45*2^mwuux*2u)bad5(0flx@krnj9'
+# SECURE_SSL_REDIRECT = True
+SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
 
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True

esap/query/templates/query/index.html

@@ -70,7 +70,7 @@
 </div>
 
 
-<p class="footer" small>ASTRON - version 12 jul 2021 - 17:00</p>
+<p class="footer" small>ASTRON - version 22 jul 2021 - 11:00</p>
 
 {% endblock %}