3rd party auth removal cleanup

- Sequentiallize auth config removal migrations
- Remove references to third party auth
- update license files
- lint fix
- Remove unneeded docs
- Remove unreferenced file
- Remove social auth references from docs
- Remove rest of sso dir
- Remove references to third part auth in docs
- Removed screenshots of UI listing removed settings
- Remove AuthView references
- Remove unused imports
...

Co-Authored-By: jessicamack <[email protected]>

awx/api/conf.py

@@ -34,10 +34,7 @@
     'DISABLE_LOCAL_AUTH',
     field_class=fields.BooleanField,
     label=_('Disable the built-in authentication system'),
-    help_text=_(
-        "Controls whether users are prevented from using the built-in authentication system. "
-        "You probably want to do this if you are using an LDAP integration."
-    ),
+    help_text=_("Controls whether users are prevented from using the built-in authentication system. "),
     category=_('Authentication'),
     category_slug='authentication',
 )
@@ -70,20 +67,6 @@
     category_slug='authentication',
     unit=_('seconds'),
 )
-register(
-    'ALLOW_OAUTH2_FOR_EXTERNAL_USERS',
-    field_class=fields.BooleanField,
-    default=False,
-    label=_('Allow External Users to Create OAuth2 Tokens'),
-    help_text=_(
-        'For security reasons, users from external auth providers (LDAP, SSO, '
-        ' and others) are not allowed to create OAuth2 tokens. '
-        'To change this behavior, enable this setting. Existing tokens will '
-        'not be deleted when this setting is toggled off.'
-    ),
-    category=_('Authentication'),
-    category_slug='authentication',
-)
 register(
     'LOGIN_REDIRECT_OVERRIDE',
     field_class=fields.CharField,

awx/api/generics.py

@@ -115,7 +115,6 @@ def post(self, request, *args, **kwargs):
 
 
 class LoggedLogoutView(auth_views.LogoutView):
-
     success_url_allowed_hosts = set(settings.LOGOUT_ALLOWED_HOSTS.split(",")) if settings.LOGOUT_ALLOWED_HOSTS else set()
 
     def dispatch(self, request, *args, **kwargs):

awx/api/urls/urls.py

@@ -15,7 +15,6 @@
     ApiV2AttachView,
 )
 from awx.api.views import (
-    AuthView,
     UserMeList,
     DashboardView,
     DashboardJobsGraphView,
@@ -106,7 +105,6 @@
     re_path(r'^config/$', ApiV2ConfigView.as_view(), name='api_v2_config_view'),
     re_path(r'^config/subscriptions/$', ApiV2SubscriptionView.as_view(), name='api_v2_subscription_view'),
     re_path(r'^config/attach/$', ApiV2AttachView.as_view(), name='api_v2_attach_view'),
-    re_path(r'^auth/$', AuthView.as_view()),
     re_path(r'^me/$', UserMeList.as_view(), name='user_me_list'),
     re_path(r'^dashboard/$', DashboardView.as_view(), name='dashboard_view'),
     re_path(r'^dashboard/graphs/jobs/$', DashboardJobsGraphView.as_view(), name='dashboard_jobs_graph_view'),

awx/api/views/__init__.py

@@ -36,7 +36,7 @@
 # Django REST Framework
 from rest_framework.exceptions import APIException, PermissionDenied, ParseError, NotFound
 from rest_framework.parsers import FormParser
-from rest_framework.permissions import AllowAny, IsAuthenticated
+from rest_framework.permissions import IsAuthenticated
 from rest_framework.renderers import JSONRenderer, StaticHTMLRenderer
 from rest_framework.response import Response
 from rest_framework.settings import api_settings
@@ -126,9 +126,6 @@
 from awx.api.pagination import UnifiedJobEventPagination
 from awx.main.utils import set_environ
 
-if 'ansible_base.authentication' in getattr(settings, "INSTALLED_APPS", []):
-    from ansible_base.authentication.models.authenticator import Authenticator as AnsibleBaseAuthenticator
-
 logger = logging.getLogger('awx.api.views')
 
 
@@ -676,29 +673,6 @@ class ScheduleUnifiedJobsList(SubListAPIView):
     name = _('Schedule Jobs List')
 
 
-class AuthView(APIView):
-    '''List enabled single-sign-on endpoints'''
-
-    authentication_classes = []
-    permission_classes = (AllowAny,)
-    swagger_topic = 'System Configuration'
-
-    def get(self, request):
-        data = OrderedDict()
-        if 'ansible_base.authentication' in getattr(settings, "INSTALLED_APPS", []):
-            # app is using ansible_base authentication
-            # add ansible_base authenticators
-            authenticators = AnsibleBaseAuthenticator.objects.filter(enabled=True, category="sso")
-            for authenticator in authenticators:
-                login_url = authenticator.get_login_url()
-                data[authenticator.name] = {
-                    'login_url': login_url,
-                    'name': authenticator.name,
-                }
-
-        return Response(data)
-
-
 def immutablesharedfields(cls):
     '''
     Class decorator to prevent modifying shared resources when ALLOW_LOCAL_RESOURCE_MANAGEMENT setting is set to False.

awx/conf/migrations/0011_remove_oidc_auth_conf.py → awx/conf/migrations/0012_remove_oidc_auth_conf.py

@@ -12,7 +12,7 @@ def remove_oidc_auth_conf(apps, scheme_editor):
 
 class Migration(migrations.Migration):
     dependencies = [
-        ('conf', '0010_change_to_JSONField'),
+        ('conf', '0011_remove_ldap_auth_conf'),
     ]
 
     operations = [

awx/conf/migrations/0011_remove_radius_auth_conf.py → awx/conf/migrations/0013_remove_radius_auth_conf.py

@@ -13,9 +13,8 @@ def remove_radius_auth_conf(apps, scheme_editor):
 
 
 class Migration(migrations.Migration):
-
     dependencies = [
-        ('conf', '0010_change_to_JSONField'),
+        ('conf', '0012_remove_oidc_auth_conf'),
     ]
 
     operations = [

awx/conf/migrations/0011_remove_saml_auth_conf.py → awx/conf/migrations/0014_remove_saml_auth_conf.py

@@ -30,9 +30,8 @@ def remove_saml_auth_conf(apps, scheme_editor):
 
 
 class Migration(migrations.Migration):
-
     dependencies = [
-        ('conf', '0010_change_to_JSONField'),
+        ('conf', '0013_remove_radius_auth_conf'),
     ]
 
     operations = [

awx/conf/migrations/0011_remove_social_oauth_conf.py → awx/conf/migrations/0015_remove_social_oauth_conf.py

@@ -72,9 +72,8 @@ def remove_social_oauth_conf(apps, scheme_editor):
 
 
 class Migration(migrations.Migration):
-
     dependencies = [
-        ('conf', '0010_change_to_JSONField'),
+        ('conf', '0014_remove_saml_auth_conf'),
     ]
 
     operations = [

awx/conf/migrations/0011_remove_tacacs_plus_auth_conf.py → awx/conf/migrations/0016_remove_tacacs_plus_auth_conf.py

@@ -16,9 +16,8 @@ def remove_tacacs_plus_auth_conf(apps, scheme_editor):
 
 
 class Migration(migrations.Migration):
-
     dependencies = [
-        ('conf', '0010_change_to_JSONField'),
+        ('conf', '0015_remove_social_oauth_conf'),
     ]
 
     operations = [

awx/conf/tests/unit/test_fields.py

@@ -111,7 +111,6 @@ class TestURLField:
     @pytest.mark.parametrize(
         "url,schemes,regex, allow_numbers_in_top_level_domain, expect_no_error",
         [
-            ("ldap://www.example.org42", "ldap", None, True, True),
             ("https://www.example.org42", "https", None, False, False),
             ("https://www.example.org", None, regex, None, True),
             ("https://www.example3.org", None, regex, None, False),

awx/main/conf.py

@@ -46,10 +46,7 @@
     'MANAGE_ORGANIZATION_AUTH',
     field_class=fields.BooleanField,
     label=_('Organization Admins Can Manage Users and Teams'),
-    help_text=_(
-        'Controls whether any Organization Admin has the privileges to create and manage users and teams. '
-        'You may want to disable this ability if you are using an LDAP integration.'
-    ),
+    help_text=_('Controls whether any Organization Admin has the privileges to create and manage users and teams.'),
     category=_('System'),
     category_slug='system',
 )

awx/main/migrations/0193_alter_notification_notification_type_and_more.py

@@ -4,7 +4,6 @@
 
 
 class Migration(migrations.Migration):
-
     dependencies = [
         ('main', '0192_custom_roles'),
     ]

awx/main/migrations/0194_alter_inventorysource_source_and_more.py

@@ -4,7 +4,6 @@
 
 
 class Migration(migrations.Migration):
-
     dependencies = [
         ('main', '0193_alter_notification_notification_type_and_more'),
     ]

awx/main/migrations/0195_EE_permissions.py

@@ -12,7 +12,6 @@ def delete_execution_environment_read_role(apps, schema_editor):
 
 
 class Migration(migrations.Migration):
-
     dependencies = [
         ('main', '0194_alter_inventorysource_source_and_more'),
     ]

awx/main/migrations/0196_delete_profile.py

@@ -4,7 +4,6 @@
 
 
 class Migration(migrations.Migration):
-
     dependencies = [
         ('main', '0195_EE_permissions'),
     ]

awx/main/migrations/0197_remove_sso_app_content.py

@@ -4,7 +4,6 @@
 
 
 class Migration(migrations.Migration):
-
     dependencies = [
         ('main', '0196_delete_profile'),
     ]

awx/settings/defaults.py

@@ -393,7 +393,6 @@
 OAUTH2_PROVIDER_ID_TOKEN_MODEL = "oauth2_provider.IDToken"
 
 OAUTH2_PROVIDER = {'ACCESS_TOKEN_EXPIRE_SECONDS': 31536000000, 'AUTHORIZATION_CODE_EXPIRE_SECONDS': 600, 'REFRESH_TOKEN_EXPIRE_SECONDS': 2628000}
-ALLOW_OAUTH2_FOR_EXTERNAL_USERS = False
 
 
 # Enable / Disable HTTP Basic Authentication used in the API browser