Remove endorsements from application

CMSgov · Jan 15, 2018 · a2927a9 · a2927a9
1 parent 3a7fe57
commit a2927a9
Show file tree

Hide file tree

Showing 15 changed files with 3 additions and 465 deletions.
diff --git a/apps/dot_ext/admin.py b/apps/dot_ext/admin.py
@@ -1,11 +0,0 @@
-from django.contrib import admin
-
-from .models import Endorsement
-
-
-class EndorsementAdmin(admin.ModelAdmin):
-    list_display = ('title', 'iss', 'iat', 'exp', 'signature_verified', 'is_expired')
-    search_fields = ('title', 'iss')
-
-
-admin.site.register(Endorsement, EndorsementAdmin)

diff --git a/apps/dot_ext/endorsementurls.py b/apps/dot_ext/endorsementurls.py
diff --git a/apps/dot_ext/forms.py b/apps/dot_ext/forms.py
@@ -1,51 +1,18 @@
 from __future__ import absolute_import
 from __future__ import unicode_literals
 
-import jwt as jwtl
 from django.utils.safestring import mark_safe
 from django import forms
 from django.conf import settings
 from django.utils.translation import ugettext_lazy as _
-from collections import OrderedDict
 from oauth2_provider.forms import AllowForm as DotAllowForm
 from oauth2_provider.models import get_application_model
 from oauth2_provider.scopes import get_scopes_backend
 from apps.capabilities.models import ProtectedCapability
-from .models import Endorsement
 
 __author__ = "Alan Viars"
 
 
-class EndorsementForm(forms.ModelForm):
-    required_css_class = 'required'
-
-    class Meta:
-        model = Endorsement
-        fields = ('title', 'jwt',)
-
-    def clean_jwt(self):
-        # TODO: this part may be removed or updated
-        # req = ('iss', 'iat', 'exp', 'client_name', 'redirect_uris', 'client_uri')
-        jwtc = self.cleaned_data.get('jwt')
-
-        try:
-            decoded_payload = jwtl.decode(jwtc, verify=False)
-        except Exception:
-            msg = _('Invalid JWT.')
-            raise forms.ValidationError(msg)
-
-        if isinstance(decoded_payload, OrderedDict):
-            msg = _('Invalid Payload.')
-            raise forms.ValidationError(msg)
-        # TODO: this part may be removed or updated
-        # for r in req:
-        #     if r not in decoded_payload:
-        #         msg=_('Required value %s missing from payload' % (r))
-        #         raise forms.ValidationError(msg)
-
-        return jwtc
-
-
 class CustomRegisterApplicationForm(forms.ModelForm):
 
     def __init__(self, user, *args, **kwargs):

diff --git a/apps/dot_ext/models.py b/apps/dot_ext/models.py
@@ -2,101 +2,21 @@
 from __future__ import unicode_literals
 
 import sys
-import jwt
 import hashlib
 import logging
-import requests
-import datetime
-import json
 
 from django.core.urlresolvers import reverse
 from django.db import models
-from django.utils import timezone
-
-from requests.exceptions import ConnectionError, TooManyRedirects, Timeout
-from oauth2_provider.models import AbstractApplication
-from poetri.verify_jws_with_jwk import verify_poet
 
 from apps.capabilities.models import ProtectedCapability
 
+from oauth2_provider.models import AbstractApplication
 
 logger = logging.getLogger('hhs_server.%s' % __name__)
 
 
-class Endorsement(models.Model):
-    title = models.CharField(max_length=255,
-                             default='')
-    jwt = models.TextField(max_length=10240,
-                           default='')
-    iss = models.CharField(max_length=512,
-                           default='',
-                           verbose_name='Issuer',
-                           help_text='Must contain a FQDN',
-                           editable=False)
-    iat = models.DateTimeField(verbose_name='Issued At',
-                               editable=False)
-    exp = models.DateTimeField(verbose_name='Expires',
-                               editable=False)
-
-    def __str__(self):
-        return self.title
-
-    def url(self):
-        url = 'http://%s/.well-known/poet.jwk' % (self.iss)
-        return url
-
-    def signature_verified(self):
-
-        try:
-            url = 'https://%s/.well-known/poet.jwk' % (self.iss)
-            r = requests.get(url, timeout=3)
-
-            if r.status_code == 200:
-                k = json.loads(r.text)
-                payload = verify_poet(self.jwt, k)
-                if 'iss' in payload:
-                    if payload['iss'] == k['kid']:
-                        return True
-        except ConnectionError:
-            pass
-        except TooManyRedirects:
-            pass
-        except Timeout:
-            pass
-        return False
-
-    def payload(self):
-        payload = jwt.decode(self.jwt, verify=False)
-        return payload
-
-    def is_expired(self):
-        now = timezone.now()
-        if self.iat > now:
-            return True
-        return False
-
-    def good_to_go(self):
-        is_expired = self.is_expired()
-        signature_verified = self.signature_verified()
-
-        if signature_verified and is_expired is False:
-            return True
-        return False
-
-    def save(self, commit=True, **kwargs):
-        if commit:
-            payload = jwt.decode(self.jwt, verify=False)
-            self.iss = payload['iss']
-            self.iat = datetime.datetime.fromtimestamp(
-                int(payload['iat'])).strftime('%Y-%m-%d %H:%M:%S')
-            self.exp = datetime.datetime.fromtimestamp(
-                int(payload['exp'])).strftime('%Y-%m-%d %H:%M:%S')
-            super(Endorsement, self).save(**kwargs)
-
-
 class Application(AbstractApplication):
     scope = models.ManyToManyField(ProtectedCapability)
-    endorsements = models.ManyToManyField(Endorsement, blank=True)
     agree = models.BooleanField(default=False)
 
     def get_absolute_url(self):

diff --git a/apps/dot_ext/templates/endorsements/endorsement_list.html b/apps/dot_ext/templates/endorsements/endorsement_list.html
diff --git a/apps/dot_ext/templates/oauth2_provider/application_list.html b/apps/dot_ext/templates/oauth2_provider/application_list.html
@@ -13,7 +13,7 @@
             </ol>
         </div>
     </div>
-    
+
     <div class="row container-fluid">
         <div class="alert alert-info">
             <button type="button" class="close" data-dismiss="alert">×</button>
@@ -31,8 +31,6 @@ <h3 class="ds-h3">{% trans "Registered Applications" %}</h3>
             <ul>
                 {% for application in applications %}
                     <li><a href="{{ application.get_absolute_url }}">{{ application.name }}</a> |
-                    <a href="{% url 'endorsement_list' application.id %}"">Endorsements</a>
-                    </li>
                 {% endfor %}
             </ul>
 

diff --git a/apps/dot_ext/views/endorsement.py b/apps/dot_ext/views/endorsement.py
diff --git a/hhs_oauth_server/settings/aws-dev.py b/hhs_oauth_server/settings/aws-dev.py
@@ -35,13 +35,10 @@
 STATICFILES_LOCATION = '/static/'
 STATICFILES_STORAGE = 'hhs_oauth_server.s3_storage.StaticStorage'
 STATIC_URL = "https://%s%s" % (AWS_S3_CUSTOM_DOMAIN, STATICFILES_LOCATION)
-# STATIC_URL = '/static/'
-# print("Static URL:%s" % STATIC_URL)
 
 MEDIAFILES_LOCATION = '/media/'
 DEAFULT_FILE_STORAGE = 'hhs_oauth_server.s3_storage.MediaStorage'
 MEDIA_URL = "https://%s%s" % (AWS_S3_CUSTOM_DOMAIN, MEDIAFILES_LOCATION)
-# MEDIA_URL = '/media/'
 
 STATIC_ROOT = os.path.join(ASSETS_ROOT, 'collectedstatic')
 MEDIA_ROOT = os.path.join(ASSETS_ROOT, 'media')
@@ -50,8 +47,6 @@
     os.path.join(BASE_DIR, 'sitestatic'),
 ]
 
-OAUTH2_AUTHORIZATION_FORM = 'authorize/default.html'
-
 # Place all environment/installation specific code in a separate app
 # hhs_oauth_server.hhs_oauth_server_context.py also
 # includes IsAppInstalled to check for target_app in INSTALLED_APPS

diff --git a/hhs_oauth_server/settings/aws-impl.py b/hhs_oauth_server/settings/aws-impl.py
@@ -37,14 +37,10 @@
 STATICFILES_LOCATION = '/static/'
 STATICFILES_STORAGE = 'hhs_oauth_server.s3_storage.StaticStorage'
 STATIC_URL = "https://%s%s" % (AWS_S3_CUSTOM_DOMAIN, STATICFILES_LOCATION)
-# STATIC_URL = '/static/'
 
 MEDIAFILES_LOCATION = 'media'
 DEAFULT_FILE_STORAGE = 'hhs_oauth_server.s3_storage.MediaStorage'
 MEDIA_URL = "https://%s/%s/" % (AWS_S3_CUSTOM_DOMAIN, MEDIAFILES_LOCATION)
-# MEDIA_URL = '/media/'
-
-OAUTH2_AUTHORIZATION_FORM = 'authorize/default.html'
 
 STATICFILES_DIRS = [
     os.path.join(BASE_DIR, 'sitestatic'),

diff --git a/hhs_oauth_server/settings/aws-prod.py b/hhs_oauth_server/settings/aws-prod.py
@@ -36,14 +36,10 @@
 STATICFILES_LOCATION = '/static/'
 STATICFILES_STORAGE = 'hhs_oauth_server.s3_storage.StaticStorage'
 STATIC_URL = "https://%s%s" % (AWS_S3_CUSTOM_DOMAIN, STATICFILES_LOCATION)
-# STATIC_URL = '/static/'
 
 MEDIAFILES_LOCATION = 'media'
 DEAFULT_FILE_STORAGE = 'hhs_oauth_server.s3_storage.MediaStorage'
 MEDIA_URL = "https://%s/%s/" % (AWS_S3_CUSTOM_DOMAIN, MEDIAFILES_LOCATION)
-# MEDIA_URL = '/media/'
-
-OAUTH2_AUTHORIZATION_FORM = 'authorize/default.html'
 
 STATICFILES_DIRS = [
     os.path.join(BASE_DIR, 'sitestatic'),