3rd party auth removal cleanup

- Sequentiallize auth config removal migrations - Remove references to third party auth - update license files - lint fix - Remove unneeded docs - Remove unreferenced file - Remove social auth references from docs - Remove rest of sso dir - Remove references to third part auth in docs - Removed screenshots of UI listing removed settings - Remove AuthView references - Remove unused imports ... Co-Authored-By: jessicamack <21223244+jessicamack@users.noreply.github.com>
2026-03-07 19:51:08 -03:30 · 2024-10-02 14:28:17 -04:00
parent 4c7697465b
commit 31e47706b9
48 changed files with 44 additions and 1258 deletions
--- a/awx/api/conf.py
+++ b/awx/api/conf.py
@@ -34,10 +34,7 @@ register(
    'DISABLE_LOCAL_AUTH',
    field_class=fields.BooleanField,
    label=_('Disable the built-in authentication system'),
-    help_text=_(
-        "Controls whether users are prevented from using the built-in authentication system. "
-        "You probably want to do this if you are using an LDAP integration."
-    ),
+    help_text=_("Controls whether users are prevented from using the built-in authentication system. "),
    category=_('Authentication'),
    category_slug='authentication',
 )
@@ -70,20 +67,6 @@ register(
    category_slug='authentication',
    unit=_('seconds'),
 )
-register(
-    'ALLOW_OAUTH2_FOR_EXTERNAL_USERS',
-    field_class=fields.BooleanField,
-    default=False,
-    label=_('Allow External Users to Create OAuth2 Tokens'),
-    help_text=_(
-        'For security reasons, users from external auth providers (LDAP, SSO, '
-        ' and others) are not allowed to create OAuth2 tokens. '
-        'To change this behavior, enable this setting. Existing tokens will '
-        'not be deleted when this setting is toggled off.'
-    ),
-    category=_('Authentication'),
-    category_slug='authentication',
-)
 register(
    'LOGIN_REDIRECT_OVERRIDE',
    field_class=fields.CharField,
--- a/awx/api/generics.py
+++ b/awx/api/generics.py
@@ -130,7 +130,6 @@ class LoggedLoginView(auth_views.LoginView):


 class LoggedLogoutView(auth_views.LogoutView):
-
    success_url_allowed_hosts = set(settings.LOGOUT_ALLOWED_HOSTS.split(",")) if settings.LOGOUT_ALLOWED_HOSTS else set()

    def dispatch(self, request, *args, **kwargs):
--- a/awx/api/urls/urls.py
+++ b/awx/api/urls/urls.py
@@ -15,7 +15,6 @@ from awx.api.views.root import (
    ApiV2AttachView,
 )
 from awx.api.views import (
-    AuthView,
    UserMeList,
    DashboardView,
    DashboardJobsGraphView,
@@ -106,7 +105,6 @@ v2_urls = [
    re_path(r'^config/$', ApiV2ConfigView.as_view(), name='api_v2_config_view'),
    re_path(r'^config/subscriptions/$', ApiV2SubscriptionView.as_view(), name='api_v2_subscription_view'),
    re_path(r'^config/attach/$', ApiV2AttachView.as_view(), name='api_v2_attach_view'),
-    re_path(r'^auth/$', AuthView.as_view()),
    re_path(r'^me/$', UserMeList.as_view(), name='user_me_list'),
    re_path(r'^dashboard/$', DashboardView.as_view(), name='dashboard_view'),
    re_path(r'^dashboard/graphs/jobs/$', DashboardJobsGraphView.as_view(), name='dashboard_jobs_graph_view'),
--- a/awx/api/views/init.py
+++ b/awx/api/views/init.py
@@ -36,7 +36,7 @@ from django.utils.translation import gettext_lazy as _
 # Django REST Framework
 from rest_framework.exceptions import APIException, PermissionDenied, ParseError, NotFound
 from rest_framework.parsers import FormParser
-from rest_framework.permissions import AllowAny, IsAuthenticated
+from rest_framework.permissions import IsAuthenticated
 from rest_framework.renderers import JSONRenderer, StaticHTMLRenderer
 from rest_framework.response import Response
 from rest_framework.settings import api_settings
@@ -126,9 +126,6 @@ from awx.api.views.mixin import (
 from awx.api.pagination import UnifiedJobEventPagination
 from awx.main.utils import set_environ

-if 'ansible_base.authentication' in getattr(settings, "INSTALLED_APPS", []):
-    from ansible_base.authentication.models.authenticator import Authenticator as AnsibleBaseAuthenticator
-
 logger = logging.getLogger('awx.api.views')


@@ -676,29 +673,6 @@ class ScheduleUnifiedJobsList(SubListAPIView):
    name = _('Schedule Jobs List')


-class AuthView(APIView):
-    '''List enabled single-sign-on endpoints'''
-
-    authentication_classes = []
-    permission_classes = (AllowAny,)
-    swagger_topic = 'System Configuration'
-
-    def get(self, request):
-        data = OrderedDict()
-        if 'ansible_base.authentication' in getattr(settings, "INSTALLED_APPS", []):
-            # app is using ansible_base authentication
-            # add ansible_base authenticators
-            authenticators = AnsibleBaseAuthenticator.objects.filter(enabled=True, category="sso")
-            for authenticator in authenticators:
-                login_url = authenticator.get_login_url()
-                data[authenticator.name] = {
-                    'login_url': login_url,
-                    'name': authenticator.name,
-                }
-
-        return Response(data)
-
-
 def immutablesharedfields(cls):
    '''
    Class decorator to prevent modifying shared resources when ALLOW_LOCAL_RESOURCE_MANAGEMENT setting is set to False.