Remove oauth provider (#15666)

* Remove oauth provider

This removes the oauth provider functionality from awx. The
oauth2_provider app and all references to it have been removed.
Migrations to delete the two tables that locally overwrote
oauth2_provider tables are included. This change does not include
migrations to delete the tables provided by the oauth2_provider app.

Also not included here are changes to awxkit, awx_collection or the ui.

* Fix linters

* Update migrations after rebase

* Update collection tests for auth changes

The changes in https://github.com/ansible/awx/pull/15554 will cause a
few collection tests to fail, depending on what the test configuration
is. This changes the tests to look for a specific warning rather than
counting the number of warnings emitted.

* Update migration

* Removed unused oauth_scopes references

---------

Co-authored-by: Mike Graves <mgraves@redhat.com>
Co-authored-by: Alan Rominger <arominge@redhat.com>

awx/api/urls/oauth2.py

@@ -1,27 +0,0 @@
-# Copyright (c) 2017 Ansible, Inc.
-# All Rights Reserved.
-
-from django.urls import re_path
-
-from awx.api.views import (
-    OAuth2ApplicationList,
-    OAuth2ApplicationDetail,
-    ApplicationOAuth2TokenList,
-    OAuth2ApplicationActivityStreamList,
-    OAuth2TokenList,
-    OAuth2TokenDetail,
-    OAuth2TokenActivityStreamList,
-)
-
-
-urls = [
-    re_path(r'^applications/$', OAuth2ApplicationList.as_view(), name='o_auth2_application_list'),
-    re_path(r'^applications/(?P<pk>[0-9]+)/$', OAuth2ApplicationDetail.as_view(), name='o_auth2_application_detail'),
-    re_path(r'^applications/(?P<pk>[0-9]+)/tokens/$', ApplicationOAuth2TokenList.as_view(), name='o_auth2_application_token_list'),
-    re_path(r'^applications/(?P<pk>[0-9]+)/activity_stream/$', OAuth2ApplicationActivityStreamList.as_view(), name='o_auth2_application_activity_stream_list'),
-    re_path(r'^tokens/$', OAuth2TokenList.as_view(), name='o_auth2_token_list'),
-    re_path(r'^tokens/(?P<pk>[0-9]+)/$', OAuth2TokenDetail.as_view(), name='o_auth2_token_detail'),
-    re_path(r'^tokens/(?P<pk>[0-9]+)/activity_stream/$', OAuth2TokenActivityStreamList.as_view(), name='o_auth2_token_activity_stream_list'),
-]
-
-__all__ = ['urls']

awx/api/urls/oauth2_root.py

@@ -1,45 +0,0 @@
-# Copyright (c) 2017 Ansible, Inc.
-# All Rights Reserved.
-from datetime import timedelta
-
-from django.utils.timezone import now
-from django.conf import settings
-from django.urls import re_path
-
-from oauthlib import oauth2
-from oauth2_provider import views
-
-from awx.main.models import RefreshToken
-from awx.api.views.root import ApiOAuthAuthorizationRootView
-
-
-class TokenView(views.TokenView):
-    def create_token_response(self, request):
-        # Django OAuth2 Toolkit has a bug whereby refresh tokens are *never*
-        # properly expired (ugh):
-        #
-        # https://github.com/jazzband/django-oauth-toolkit/issues/746
-        #
-        # This code detects and auto-expires them on refresh grant
-        # requests.
-        if request.POST.get('grant_type') == 'refresh_token' and 'refresh_token' in request.POST:
-            refresh_token = RefreshToken.objects.filter(token=request.POST['refresh_token']).first()
-            if refresh_token:
-                expire_seconds = settings.OAUTH2_PROVIDER.get('REFRESH_TOKEN_EXPIRE_SECONDS', 0)
-                if refresh_token.created + timedelta(seconds=expire_seconds) < now():
-                    return request.build_absolute_uri(), {}, 'The refresh token has expired.', '403'
-        try:
-            return super(TokenView, self).create_token_response(request)
-        except oauth2.AccessDeniedError as e:
-            return request.build_absolute_uri(), {}, str(e), '403'
-
-
-urls = [
-    re_path(r'^$', ApiOAuthAuthorizationRootView.as_view(), name='oauth_authorization_root_view'),
-    re_path(r"^authorize/$", views.AuthorizationView.as_view(), name="authorize"),
-    re_path(r"^token/$", TokenView.as_view(), name="token"),
-    re_path(r"^revoke_token/$", views.RevokeTokenView.as_view(), name="revoke-token"),
-]
-
-
-__all__ = ['urls']

awx/api/urls/organization.py

@@ -25,7 +25,7 @@ from awx.api.views.organization import (
     OrganizationObjectRolesList,
     OrganizationAccessList,
 )
-from awx.api.views import OrganizationCredentialList, OrganizationApplicationList
+from awx.api.views import OrganizationCredentialList
 
 
 urls = [
@@ -66,7 +66,6 @@ urls = [
     re_path(r'^(?P<pk>[0-9]+)/galaxy_credentials/$', OrganizationGalaxyCredentialsList.as_view(), name='organization_galaxy_credentials_list'),
     re_path(r'^(?P<pk>[0-9]+)/object_roles/$', OrganizationObjectRolesList.as_view(), name='organization_object_roles_list'),
     re_path(r'^(?P<pk>[0-9]+)/access_list/$', OrganizationAccessList.as_view(), name='organization_access_list'),
-    re_path(r'^(?P<pk>[0-9]+)/applications/$', OrganizationApplicationList.as_view(), name='organization_applications_list'),
 ]
 
 __all__ = ['urls']

awx/api/urls/urls.py

@@ -25,10 +25,6 @@ from awx.api.views import (
     JobTemplateCredentialsList,
     SchedulePreview,
     ScheduleZoneInfo,
-    OAuth2ApplicationList,
-    OAuth2TokenList,
-    ApplicationOAuth2TokenList,
-    OAuth2ApplicationDetail,
     HostMetricSummaryMonthlyList,
 )
 
@@ -79,8 +75,6 @@ from .schedule import urls as schedule_urls
 from .activity_stream import urls as activity_stream_urls
 from .instance import urls as instance_urls
 from .instance_group import urls as instance_group_urls
-from .oauth2 import urls as oauth2_urls
-from .oauth2_root import urls as oauth2_root_urls
 from .workflow_approval_template import urls as workflow_approval_template_urls
 from .workflow_approval import urls as workflow_approval_urls
 from .analytics import urls as analytics_urls
@@ -95,11 +89,6 @@ v2_urls = [
     re_path(r'^job_templates/(?P<pk>[0-9]+)/credentials/$', JobTemplateCredentialsList.as_view(), name='job_template_credentials_list'),
     re_path(r'^schedules/preview/$', SchedulePreview.as_view(), name='schedule_rrule'),
     re_path(r'^schedules/zoneinfo/$', ScheduleZoneInfo.as_view(), name='schedule_zoneinfo'),
-    re_path(r'^applications/$', OAuth2ApplicationList.as_view(), name='o_auth2_application_list'),
-    re_path(r'^applications/(?P<pk>[0-9]+)/$', OAuth2ApplicationDetail.as_view(), name='o_auth2_application_detail'),
-    re_path(r'^applications/(?P<pk>[0-9]+)/tokens/$', ApplicationOAuth2TokenList.as_view(), name='application_o_auth2_token_list'),
-    re_path(r'^tokens/$', OAuth2TokenList.as_view(), name='o_auth2_token_list'),
-    re_path(r'^', include(oauth2_urls)),
     re_path(r'^metrics/$', MetricsView.as_view(), name='metrics_view'),
     re_path(r'^ping/$', ApiV2PingView.as_view(), name='api_v2_ping_view'),
     re_path(r'^config/$', ApiV2ConfigView.as_view(), name='api_v2_config_view'),
@@ -164,7 +153,6 @@ urlpatterns = [
     re_path(r'^(?P<version>(v2))/', include(v2_urls)),
     re_path(r'^login/$', LoggedLoginView.as_view(template_name='rest_framework/login.html', extra_context={'inside_login_context': True}), name='login'),
     re_path(r'^logout/$', LoggedLogoutView.as_view(next_page='/api/', redirect_field_name='next'), name='logout'),
-    re_path(r'^o/', include(oauth2_root_urls)),
 ]
 if MODE == 'development':
     # Only include these if we are in the development environment

awx/api/urls/user.py

@@ -14,10 +14,6 @@ from awx.api.views import (
     UserRolesList,
     UserActivityStreamList,
     UserAccessList,
-    OAuth2ApplicationList,
-    OAuth2UserTokenList,
-    UserPersonalTokenList,
-    UserAuthorizedTokenList,
 )
 
 urls = [
@@ -31,10 +27,6 @@ urls = [
     re_path(r'^(?P<pk>[0-9]+)/roles/$', UserRolesList.as_view(), name='user_roles_list'),
     re_path(r'^(?P<pk>[0-9]+)/activity_stream/$', UserActivityStreamList.as_view(), name='user_activity_stream_list'),
     re_path(r'^(?P<pk>[0-9]+)/access_list/$', UserAccessList.as_view(), name='user_access_list'),
-    re_path(r'^(?P<pk>[0-9]+)/applications/$', OAuth2ApplicationList.as_view(), name='o_auth2_application_list'),
-    re_path(r'^(?P<pk>[0-9]+)/tokens/$', OAuth2UserTokenList.as_view(), name='o_auth2_token_list'),
-    re_path(r'^(?P<pk>[0-9]+)/authorized_tokens/$', UserAuthorizedTokenList.as_view(), name='user_authorized_token_list'),
-    re_path(r'^(?P<pk>[0-9]+)/personal_tokens/$', UserPersonalTokenList.as_view(), name='user_personal_token_list'),
 ]
 
 __all__ = ['urls']