mirror of
https://github.com/ansible/awx.git
synced 2026-01-21 14:38:00 -03:30
268ca7c78a
* Remove oauth provider This removes the oauth provider functionality from awx. The oauth2_provider app and all references to it have been removed. Migrations to delete the two tables that locally overwrote oauth2_provider tables are included. This change does not include migrations to delete the tables provided by the oauth2_provider app. Also not included here are changes to awxkit, awx_collection or the ui. * Fix linters * Update migrations after rebase * Update collection tests for auth changes The changes in https://github.com/ansible/awx/pull/15554 will cause a few collection tests to fail, depending on what the test configuration is. This changes the tests to look for a specific warning rather than counting the number of warnings emitted. * Update migration * Removed unused oauth_scopes references --------- Co-authored-by: Mike Graves <mgraves@redhat.com> Co-authored-by: Alan Rominger <arominge@redhat.com>
77 lines
2.5 KiB
Python
77 lines
2.5 KiB
Python
# Django
|
|
from django.utils.translation import gettext_lazy as _
|
|
|
|
# Django REST Framework
|
|
from rest_framework import serializers
|
|
|
|
# AWX
|
|
from awx.conf import fields, register, register_validate
|
|
|
|
|
|
register(
|
|
'SESSION_COOKIE_AGE',
|
|
field_class=fields.IntegerField,
|
|
min_value=60,
|
|
max_value=30000000000, # approx 1,000 years, higher values give OverflowError
|
|
label=_('Idle Time Force Log Out'),
|
|
help_text=_('Number of seconds that a user is inactive before they will need to login again.'),
|
|
category=_('Authentication'),
|
|
category_slug='authentication',
|
|
unit=_('seconds'),
|
|
)
|
|
register(
|
|
'SESSIONS_PER_USER',
|
|
field_class=fields.IntegerField,
|
|
min_value=-1,
|
|
label=_('Maximum number of simultaneous logged in sessions'),
|
|
help_text=_('Maximum number of simultaneous logged in sessions a user may have. To disable enter -1.'),
|
|
category=_('Authentication'),
|
|
category_slug='authentication',
|
|
)
|
|
register(
|
|
'DISABLE_LOCAL_AUTH',
|
|
field_class=fields.BooleanField,
|
|
label=_('Disable the built-in authentication system'),
|
|
help_text=_("Controls whether users are prevented from using the built-in authentication system. "),
|
|
category=_('Authentication'),
|
|
category_slug='authentication',
|
|
)
|
|
register(
|
|
'AUTH_BASIC_ENABLED',
|
|
field_class=fields.BooleanField,
|
|
label=_('Enable HTTP Basic Auth'),
|
|
help_text=_('Enable HTTP Basic Auth for the API Browser.'),
|
|
category=_('Authentication'),
|
|
category_slug='authentication',
|
|
)
|
|
register(
|
|
'LOGIN_REDIRECT_OVERRIDE',
|
|
field_class=fields.CharField,
|
|
allow_blank=True,
|
|
required=False,
|
|
default='',
|
|
label=_('Login redirect override URL'),
|
|
help_text=_('URL to which unauthorized users will be redirected to log in. If blank, users will be sent to the login page.'),
|
|
warning_text=_('Changing the redirect URL could impact the ability to login if local authentication is also disabled.'),
|
|
category=_('Authentication'),
|
|
category_slug='authentication',
|
|
)
|
|
register(
|
|
'ALLOW_METRICS_FOR_ANONYMOUS_USERS',
|
|
field_class=fields.BooleanField,
|
|
default=False,
|
|
label=_('Allow anonymous users to poll metrics'),
|
|
help_text=_('If true, anonymous users are allowed to poll metrics.'),
|
|
category=_('Authentication'),
|
|
category_slug='authentication',
|
|
)
|
|
|
|
|
|
def authentication_validate(serializer, attrs):
|
|
if attrs.get('DISABLE_LOCAL_AUTH', False):
|
|
raise serializers.ValidationError(_("There are no remote authentication systems configured."))
|
|
return attrs
|
|
|
|
|
|
register_validate('authentication', authentication_validate)
|