Remove sso app (#15550)

Remove sso app.

awx/api/conf.py

@@ -8,7 +8,6 @@ from rest_framework import serializers
 from awx.conf import fields, register, register_validate
 from awx.api.fields import OAuth2ProviderField
 from oauth2_provider.settings import oauth2_settings
-from awx.sso.common import is_remote_auth_enabled
 
 
 register(
@@ -109,7 +108,7 @@ register(
 
 
 def authentication_validate(serializer, attrs):
-    if attrs.get('DISABLE_LOCAL_AUTH', False) and not is_remote_auth_enabled():
+    if attrs.get('DISABLE_LOCAL_AUTH', False):
         raise serializers.ValidationError(_("There are no remote authentication systems configured."))
     return attrs
 

awx/api/serializers.py

@@ -134,8 +134,6 @@ from awx.api.fields import BooleanNullField, CharNullField, ChoiceNullField, Ver
 # AWX Utils
 from awx.api.validators import HostnameRegexValidator
 
-from awx.sso.common import get_external_account
-
 logger = logging.getLogger('awx.api.serializers')
 
 # Fields that should be summarized regardless of object type.
@@ -961,7 +959,6 @@ class UnifiedJobStdoutSerializer(UnifiedJobSerializer):
 
 class UserSerializer(BaseSerializer):
     password = serializers.CharField(required=False, default='', help_text=_('Field used to change the password.'))
-    external_account = serializers.SerializerMethodField(help_text=_('Set if the account is managed by an external service'))
     is_system_auditor = serializers.BooleanField(default=False)
     show_capabilities = ['edit', 'delete']
 
@@ -979,20 +976,12 @@ class UserSerializer(BaseSerializer):
             'is_system_auditor',
             'password',
             'last_login',
-            'external_account',
         )
         extra_kwargs = {'last_login': {'read_only': True}}
 
     def to_representation(self, obj):
         ret = super(UserSerializer, self).to_representation(obj)
-        if self.get_external_account(obj):
-            # If this is an external account it shouldn't have a password field
-            ret.pop('password', None)
-        else:
-            # If its an internal account lets assume there is a password and return $encrypted$ to the user
-            ret['password'] = '$encrypted$'
-        if obj and type(self) is UserSerializer:
-            ret['auth'] = obj.social_auth.values('provider', 'uid')
+        ret['password'] = '$encrypted$'
         return ret
 
     def get_validation_exclusions(self, obj=None):
@@ -1025,12 +1014,7 @@ class UserSerializer(BaseSerializer):
         return value
 
     def _update_password(self, obj, new_password):
-        # For now we're not raising an error, just not saving password for
-        # users managed by external authentication services (who already have an unusable password set).
-        # get_external_account function will return something like social or enterprise when the user is external,
-        # and return None when the user isn't external.
-        # We want to allow a password update only for non-external accounts.
-        if new_password and new_password != '$encrypted$' and not self.get_external_account(obj):
+        if new_password and new_password != '$encrypted$':
             obj.set_password(new_password)
             obj.save(update_fields=['password'])
 
@@ -1045,9 +1029,6 @@ class UserSerializer(BaseSerializer):
             obj.set_unusable_password()
             obj.save(update_fields=['password'])
 
-    def get_external_account(self, obj):
-        return get_external_account(obj)
-
     def create(self, validated_data):
         new_password = validated_data.pop('password', None)
         is_system_auditor = validated_data.pop('is_system_auditor', None)

awx/api/views/__init__.py

@@ -50,9 +50,6 @@ from rest_framework_yaml.renderers import YAMLRenderer
 # ansi2html
 from ansi2html import Ansi2HTMLConverter
 
-# Python Social Auth
-from social_core.backends.utils import load_backends
-
 # Django OAuth Toolkit
 from oauth2_provider.models import get_access_token_model
 
@@ -129,6 +126,9 @@ from awx.api.views.mixin import (
 from awx.api.pagination import UnifiedJobEventPagination
 from awx.main.utils import set_environ
 
+if 'ansible_base.authentication' in getattr(settings, "INSTALLED_APPS", []):
+    from ansible_base.authentication.models.authenticator import Authenticator as AnsibleBaseAuthenticator
+
 logger = logging.getLogger('awx.api.views')
 
 
@@ -684,20 +684,18 @@ class AuthView(APIView):
     swagger_topic = 'System Configuration'
 
     def get(self, request):
-        from rest_framework.reverse import reverse
-
         data = OrderedDict()
-        err_backend, err_message = request.session.get('social_auth_error', (None, None))
-        auth_backends = list(load_backends(settings.AUTHENTICATION_BACKENDS, force_load=True).items())
-        # Return auth backends in consistent order: oidc.
-        auth_backends.sort(key=lambda x: x[0])
-        for name, backend in auth_backends:
-            login_url = reverse('social:begin', args=(name,))
-            complete_url = request.build_absolute_uri(reverse('social:complete', args=(name,)))
-            backend_data = {'login_url': login_url, 'complete_url': complete_url}
-            if err_backend == name and err_message:
-                backend_data['error'] = err_message
-            data[name] = backend_data
+        if 'ansible_base.authentication' in getattr(settings, "INSTALLED_APPS", []):
+            # app is using ansible_base authentication
+            # add ansible_base authenticators
+            authenticators = AnsibleBaseAuthenticator.objects.filter(enabled=True, category="sso")
+            for authenticator in authenticators:
+                login_url = authenticator.get_login_url()
+                data[authenticator.name] = {
+                    'login_url': login_url,
+                    'name': authenticator.name,
+                }
+
         return Response(data)