Remove sso app (#15550)

Remove sso app.

awx/main/middleware.py

@@ -93,8 +93,8 @@ class DisableLocalAuthMiddleware(MiddlewareMixin):
             user = request.user
             if not user.pk:
                 return
-            if not (user.social_auth.exists() or user.enterprise_auth.exists()):
-                logout(request)
+
+            logout(request)
 
 
 class URLModificationMiddleware(MiddlewareMixin):

awx/main/migrations/0196_delete_profile.py

@@ -1,4 +1,4 @@
-# Generated by Django 4.2.10 on 2024-08-09 16:47
+# Generated by Django 4.2.10 on 2024-09-16 10:22
 
 from django.db import migrations
 

awx/main/migrations/0197_remove_sso_app_content.py

@@ -0,0 +1,27 @@
+# Generated by Django 4.2.10 on 2024-09-16 15:21
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('main', '0196_delete_profile'),
+    ]
+
+    operations = [
+        # delete all sso application migrations
+        migrations.RunSQL("DELETE FROM django_migrations WHERE app = 'sso';"),
+        # delete all sso application content group permissions
+        migrations.RunSQL(
+            "DELETE FROM auth_group_permissions "
+            "WHERE permission_id IN "
+            "(SELECT id FROM auth_permission WHERE content_type_id in (SELECT id FROM django_content_type WHERE app_label = 'sso'));"
+        ),
+        # delete all sso application content permissions
+        migrations.RunSQL("DELETE FROM auth_permission " "WHERE content_type_id IN (SELECT id FROM django_content_type WHERE app_label = 'sso');"),
+        # delete sso application content type
+        migrations.RunSQL("DELETE FROM django_content_type WHERE app_label = 'sso';"),
+        # drop sso application created table
+        migrations.RunSQL("DROP TABLE IF EXISTS sso_userenterpriseauth;"),
+    ]

awx/main/models/__init__.py

@@ -244,16 +244,6 @@ def user_is_system_auditor(user, tf):
 User.add_to_class('is_system_auditor', user_is_system_auditor)
 
 
-def user_is_in_enterprise_category(user, category):
-    ret = (category,) in user.enterprise_auth.values_list('provider') and not user.has_usable_password()
-    # NOTE: this if block ensures existing enterprise users are still able to
-    # log in. Remove it in a future release
-    return ret
-
-
-User.add_to_class('is_in_enterprise_category', user_is_in_enterprise_category)
-
-
 def o_auth2_application_get_absolute_url(self, request=None):
     return reverse('api:o_auth2_application_detail', kwargs={'pk': self.pk}, request=request)
 

awx/main/models/oauth.py

@@ -12,9 +12,7 @@ from django.conf import settings
 # Django OAuth Toolkit
 from oauth2_provider.models import AbstractApplication, AbstractAccessToken
 from oauth2_provider.generators import generate_client_secret
-from oauthlib import oauth2
 
-from awx.sso.common import get_external_account
 from awx.main.fields import OAuth2ClientSecretField
 
 
@@ -123,15 +121,5 @@ class OAuth2AccessToken(AbstractAccessToken):
             connection.on_commit(_update_last_used)
         return valid
 
-    def validate_external_users(self):
-        if self.user and settings.ALLOW_OAUTH2_FOR_EXTERNAL_USERS is False:
-            external_account = get_external_account(self.user)
-            if external_account is not None:
-                raise oauth2.AccessDeniedError(
-                    _('OAuth2 Tokens cannot be created by users associated with an external authentication provider ({})').format(external_account)
-                )
-
     def save(self, *args, **kwargs):
-        if not self.pk:
-            self.validate_external_users()
         super(OAuth2AccessToken, self).save(*args, **kwargs)