Merge pull request #804 from intuitem/hotfix/import-backup

Fix backup imports
intuitem · Sep 7, 2024 · d89b768 · d89b768
2 parents 4aa231b + fbb6635
commit d89b768
Show file tree

Hide file tree

Showing 4 changed files with 83 additions and 77 deletions.
diff --git a/backend/core/startup.py b/backend/core/startup.py
@@ -1,12 +1,12 @@
-from django.apps import AppConfig
-from django.db.models.signals import post_migrate
 import os
 
-from ciso_assistant.settings import CISO_ASSISTANT_SUPERUSER_EMAIL
+from django.apps import AppConfig
 from django.core.management import call_command
-
+from django.db.models.signals import post_migrate
 from structlog import get_logger
 
+from ciso_assistant.settings import CISO_ASSISTANT_SUPERUSER_EMAIL
+
 logger = get_logger(__name__)
 
 READER_PERMISSIONS_LIST = [
@@ -271,9 +271,8 @@ def startup(sender: AppConfig, **kwargs):
     Create superuser if CISO_ASSISTANT_SUPERUSER_EMAIL defined
     """
     from django.contrib.auth.models import Permission
-    from allauth.socialaccount.providers.saml.provider import SAMLProvider
+
     from iam.models import Folder, Role, RoleAssignment, User, UserGroup
-    from global_settings.models import GlobalSettings
 
     print("startup handler: initialize database")
 
@@ -373,53 +372,6 @@ def startup(sender: AppConfig, **kwargs):
         except Exception as e:
             print(e)  # NOTE: Add this exception in the logger
 
-    default_attribute_mapping = SAMLProvider.default_attribute_mapping
-
-    settings = {
-        "attribute_mapping": {
-            "uid": default_attribute_mapping["uid"],
-            "email_verified": default_attribute_mapping["email_verified"],
-            "email": default_attribute_mapping["email"],
-        },
-        "idp": {
-            "entity_id": "",
-            "metadata_url": "",
-            "sso_url": "",
-            "slo_url": "",
-            "x509cert": "",
-        },
-        "sp": {
-            "entity_id": "ciso-assistant",
-        },
-        "advanced": {
-            "allow_repeat_attribute_name": True,
-            "allow_single_label_domains": False,
-            "authn_request_signed": False,
-            "digest_algorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
-            "logout_request_signed": False,
-            "logout_response_signed": False,
-            "metadata_signed": False,
-            "name_id_encrypted": False,
-            "reject_deprecated_algorithm": True,
-            "reject_idp_initiated_sso": True,
-            "signature_algorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
-            "want_assertion_encrypted": False,
-            "want_assertion_signed": False,
-            "want_attribute_statement": True,
-            "want_message_signed": False,
-            "want_name_id": False,
-            "want_name_id_encrypted": False,
-        },
-    }
-
-    if not GlobalSettings.objects.filter(name=GlobalSettings.Names.SSO).exists():
-        logger.info("SSO settings not found, creating default settings")
-        sso_settings = GlobalSettings.objects.create(
-            name=GlobalSettings.Names.SSO,
-            value={"client_id": "0", "settings": settings},
-        )
-        logger.info("SSO settings created", settings=sso_settings.value)
-
     call_command("storelibraries")
 
 

diff --git a/backend/iam/sso/models.py b/backend/iam/sso/models.py
@@ -1,10 +1,14 @@
-from django.db import models
-from django.utils.translation import gettext_lazy as _
+import structlog
+from allauth.socialaccount.models import providers
 from django.core.exceptions import ObjectDoesNotExist
+from django.db import models
 from django.db.models.query import QuerySet
+from django.utils.translation import gettext_lazy as _
 
-from allauth.socialaccount.models import providers
 from global_settings.models import GlobalSettings
+from iam.sso.saml.defaults import DEFAULT_SAML_SETTINGS
+
+logger = structlog.get_logger(__name__)
 
 
 class SSOSettingsQuerySet(QuerySet):
@@ -15,27 +19,35 @@ def __init__(self, model=None, query=None, using=None, hints=None):
 
     def _fetch_all(self):
         if self._result_cache is None:
-            try:
+            if not GlobalSettings.objects.filter(
+                name=GlobalSettings.Names.SSO
+            ).exists():
+                logger.info("SSO settings not found, creating default settings")
+                _settings = GlobalSettings.objects.create(
+                    name=GlobalSettings.Names.SSO,
+                    value={"client_id": "0", "settings": DEFAULT_SAML_SETTINGS},
+                )
+                logger.info("SSO settings created", settings=_settings.value)
+            else:
                 _settings = GlobalSettings.objects.get(name=GlobalSettings.Names.SSO)
-                self._result_cache = [
-                    SSOSettings(
-                        id=_settings.id,
-                        name=_settings.name,
-                        created_at=_settings.created_at,
-                        updated_at=_settings.updated_at,
-                        is_published=_settings.is_published,
-                        is_enabled=_settings.value.get("is_enabled"),
-                        provider=_settings.value.get("provider"),
-                        client_id=_settings.value.get("client_id"),
-                        provider_id=_settings.value.get("provider_id"),
-                        provider_name=_settings.value.get("name"),
-                        secret=_settings.value.get("secret"),
-                        key=_settings.value.get("key"),
-                        settings=_settings.value.get("settings"),
-                    )
-                ]
-            except ObjectDoesNotExist:
-                self._result_cache = []
+
+            self._result_cache = [
+                SSOSettings(
+                    id=_settings.id,
+                    name=_settings.name,
+                    created_at=_settings.created_at,
+                    updated_at=_settings.updated_at,
+                    is_published=_settings.is_published,
+                    is_enabled=_settings.value.get("is_enabled"),
+                    provider=_settings.value.get("provider"),
+                    client_id=_settings.value.get("client_id"),
+                    provider_id=_settings.value.get("provider_id"),
+                    provider_name=_settings.value.get("name"),
+                    secret=_settings.value.get("secret"),
+                    key=_settings.value.get("key"),
+                    settings=_settings.value.get("settings"),
+                )
+            ]
 
     def iterator(self):
         self._fetch_all()

diff --git a/backend/iam/sso/saml/defaults.py b/backend/iam/sso/saml/defaults.py
@@ -0,0 +1,41 @@
+from allauth.socialaccount.providers.saml.provider import SAMLProvider
+
+
+DEFAULT_SAML_ATTRIBUTE_MAPPING = SAMLProvider.default_attribute_mapping
+
+DEFAULT_SAML_SETTINGS = {
+    "attribute_mapping": {
+        "uid": DEFAULT_SAML_ATTRIBUTE_MAPPING["uid"],
+        "email_verified": DEFAULT_SAML_ATTRIBUTE_MAPPING["email_verified"],
+        "email": DEFAULT_SAML_ATTRIBUTE_MAPPING["email"],
+    },
+    "idp": {
+        "entity_id": "",
+        "metadata_url": "",
+        "sso_url": "",
+        "slo_url": "",
+        "x509cert": "",
+    },
+    "sp": {
+        "entity_id": "ciso-assistant",
+    },
+    "advanced": {
+        "allow_repeat_attribute_name": True,
+        "allow_single_label_domains": False,
+        "authn_request_signed": False,
+        "digest_algorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
+        "logout_request_signed": False,
+        "logout_response_signed": False,
+        "metadata_signed": False,
+        "name_id_encrypted": False,
+        "reject_deprecated_algorithm": True,
+        "reject_idp_initiated_sso": True,
+        "signature_algorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
+        "want_assertion_encrypted": False,
+        "want_assertion_signed": False,
+        "want_attribute_statement": True,
+        "want_message_signed": False,
+        "want_name_id": False,
+        "want_name_id_encrypted": False,
+    },
+}
diff --git a/backend/serdes/views.py b/backend/serdes/views.py
@@ -3,7 +3,6 @@
 import sys
 from datetime import datetime
 
-from ciso_assistant.settings import VERSION
 from django.core import management
 from django.core.management.commands import dumpdata, loaddata
 from django.http import HttpResponse
@@ -12,6 +11,7 @@
 from rest_framework.response import Response
 from rest_framework.views import APIView
 
+from ciso_assistant.settings import VERSION
 from serdes.serializers import LoadBackupSerializer
 
 
@@ -66,6 +66,7 @@ def post(self, request, *args, **kwargs):
                     "contenttypes",
                     "auth.permission",
                     "sessions.session",
+                    "iam.ssosettings",
                     "knox.authtoken",
                 ],
             )