From 30b473b0df1734f8197e4c56122ffd8c20a7f667 Mon Sep 17 00:00:00 2001 From: adamscmRH Date: Fri, 23 Feb 2018 15:15:14 -0500 Subject: [PATCH] remove default app creation --- .../api/api_o_auth_authorization_root_view.md | 4 +- awx/api/templates/api/auth_token_view.md | 46 ------------------- awx/api/views.py | 5 -- awx/main/access.py | 2 +- awx/main/signals.py | 18 ++++---- 5 files changed, 12 insertions(+), 63 deletions(-) delete mode 100644 awx/api/templates/api/auth_token_view.md diff --git a/awx/api/templates/api/api_o_auth_authorization_root_view.md b/awx/api/templates/api/api_o_auth_authorization_root_view.md index e82e89def0..40523ad9dc 100644 --- a/awx/api/templates/api/api_o_auth_authorization_root_view.md +++ b/awx/api/templates/api/api_o_auth_authorization_root_view.md @@ -79,13 +79,13 @@ Content-Type: application/json ``` ## Authorization using application of grant type `password` -Suppose we have an application `curl for admin` with grant type `password`: +Suppose we have an application `Default Application` with grant type `password`: ```text { "id": 6, "type": "application", ... - "name": "curl for admin", + "name": "Default Application", "user": 1, "client_id": "gwSPoasWSdNkMDtBN3Hu2WYQpPWCO9SwUEsKK22l", "client_secret": "fI6ZpfocHYBGfm1tP92r0yIgCyfRdDQt0Tos9L8a4fNsJjQQMwp9569eIaUBsaVDgt2eiwOGe0bg5m5vCSstClZmtdy359RVx2rQK5YlIWyPlrolpt2LEpVeKXWaiybo", diff --git a/awx/api/templates/api/auth_token_view.md b/awx/api/templates/api/auth_token_view.md deleted file mode 100644 index 8eccfb7ed8..0000000000 --- a/awx/api/templates/api/auth_token_view.md +++ /dev/null @@ -1,46 +0,0 @@ -{% ifmeth POST %} - -## DEPRICATED - -# Generate an Auth Token -Make a POST request to this resource with `username` and `password` fields to -obtain an authentication token to use for subsequent requests. - -Example JSON to POST (content type is `application/json`): - - {"username": "user", "password": "my pass"} - -Example form data to post (content type is `application/x-www-form-urlencoded`): - - username=user&password=my%20pass - -If the username and password provided are valid, the response will contain a -`token` field with the authentication token to use and an `expires` field with -the timestamp when the token will expire: - - { - "token": "8f17825cf08a7efea124f2638f3896f6637f8745", - "expires": "2013-09-05T21:46:35.729Z" - } - -Otherwise, the response will indicate the error that occurred and return a 4xx -status code. - -For subsequent requests, pass the token via the HTTP `Authorization` request -header: - - Authorization: Token 8f17825cf08a7efea124f2638f3896f6637f8745 - -The auth token is only valid when used from the same remote address and user -agent that originally obtained it. - -Each request that uses the token for authentication will refresh its expiration -timestamp and keep it from expiring. A token only expires when it is not used -for the configured timeout interval (default 1800 seconds). -{% endifmeth %} - -{% ifmeth DELETE %} -# Delete an Auth Token -A DELETE request with the token header set will cause the token to be -invalidated and no further requests can be made with it. -{% endifmeth %} diff --git a/awx/api/views.py b/awx/api/views.py index fffd3656a0..8c1873dbf6 100644 --- a/awx/api/views.py +++ b/awx/api/views.py @@ -63,7 +63,6 @@ from wsgiref.util import FileWrapper from awx.main.tasks import send_notifications, handle_ha_toplogy_changes from awx.main.access import get_user_queryset from awx.main.ha import is_ha_environment -# from awx.api.authentication import TokenGetAuthentication from awx.api.filters import V1CredentialFilterBackend from awx.api.generics import get_view_name from awx.api.generics import * # noqa @@ -187,7 +186,6 @@ class InstanceGroupMembershipMixin(object): class ApiRootView(APIView): - # authentication_classes = [] permission_classes = (AllowAny,) view_name = _('REST API') versioning_class = None @@ -212,7 +210,6 @@ class ApiRootView(APIView): class ApiOAuthAuthorizationRootView(APIView): - # authentication_classes = [] permission_classes = (AllowAny,) view_name = _("API OAuth Authorization Root") versioning_class = None @@ -222,13 +219,11 @@ class ApiOAuthAuthorizationRootView(APIView): data['authorize'] = drf_reverse('api:authorize') data['token'] = drf_reverse('api:token') data['revoke_token'] = drf_reverse('api:revoke-token') - # data['introspect'] = drf_reverse('api:introspect') #TODO: Add Introspect Endpoint return Response(data) class ApiVersionRootView(APIView): - # authentication_classes = [] permission_classes = (AllowAny,) swagger_topic = 'Versioning' diff --git a/awx/main/access.py b/awx/main/access.py index 91198e671f..0cd69603ce 100644 --- a/awx/main/access.py +++ b/awx/main/access.py @@ -594,7 +594,7 @@ class OAuth2ApplicationAccess(BaseAccess): class OAuth2TokenAccess(BaseAccess): ''' - I can read, change or delete an OAuth token when: + I can read, change or delete an OAuth2 token when: - I am a superuser. - I am the admin of the organization of the user of the token. - I am the user of the token. diff --git a/awx/main/signals.py b/awx/main/signals.py index 8af6ef7334..aa67e59992 100644 --- a/awx/main/signals.py +++ b/awx/main/signals.py @@ -620,12 +620,12 @@ def create_access_token_user_if_missing(sender, **kwargs): post_save.connect(create_access_token_user_if_missing, sender=OAuth2AccessToken) -@receiver(post_save, sender=User) -def create_default_oauth_app(sender, **kwargs): - if kwargs.get('created', False): - user = kwargs['instance'] - OAuth2Application.objects.create( - name='Default application for {}'.format(user.username), - user=user, client_type='confidential', redirect_uris='', - authorization_grant_type='password' - ) +# @receiver(post_save, sender=User) +# def create_default_oauth_app(sender, **kwargs): +# if kwargs.get('created', False): +# user = kwargs['instance'] +# OAuth2Application.objects.create( +# name='Default application for {}'.format(user.username), +# user=user, client_type='confidential', redirect_uris='', +# authorization_grant_type='password' +# )