fullctl · vegu · May 14, 2024 · Jan 24, 2024 · Feb 1, 2024 · Feb 1, 2024
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -23,7 +23,7 @@ aaactl = "aaactl.cli:main"
 
 [tool.poetry.dependencies]
 python = "^3.9"
-fullctl = { git = "https://github.com/fullctl/fullctl.git", branch = "prep-release" }
+fullctl = { git = "https://github.com/fullctl/fullctl.git", branch = "federation" }
 
 # not in fullctl
 python-dateutil = "*"

diff --git a/src/aaactl/settings/__init__.py b/src/aaactl/settings/__init__.py
@@ -154,6 +154,10 @@
     "PKCE_REQUIRED": False,
 }
 
+settings_manager.set_option(
+    "OAUTH2_PROVIDER_APPLICATION_MODEL", "oauth2_provider.Application"
+)
+
 # SOCIAL AUTH
 
 SOCIAL_AUTH_REDIRECT_IS_HTTPS = True

diff --git a/src/account/admin.py b/src/account/admin.py
@@ -40,6 +40,11 @@
     UserPermissionOverride,
     UserSettings,
 )
+from account.models.federation import (
+    AuthFederation,
+    FederatedServiceURL,
+    ServiceFederationSupport,
+)
 
 # registered models
 
@@ -324,3 +329,25 @@ def has_add_permission(self, request):
 
     def has_change_permission(self, request, obj=None):
         return False
+
+
+@admin.register(ServiceFederationSupport)
+class ServiceFederationAdmin(admin.ModelAdmin):
+    list_display = ("name", "slug", "federation_level", "created", "updated")
+    search_fields = ("name", "slug")
+
+
+class ServiceURLInline(admin.TabularInline):
+    model = FederatedServiceURL
+    extra = 1
+    fields = ("url", "service", "config")
+    autocomplete_fields = ("service",)
+
+
+@admin.register(AuthFederation)
+class AuthFederationAdmin(admin.ModelAdmin):
+    list_display = ("org", "application")
+    search_fields = ("org__name", "org__slug")
+    autocomplete_fields = ("org",)
+
+    inlines = (ServiceURLInline,)
diff --git a/src/account/migrations/0041_authfederation_servicefederationsupport_and_more.py b/src/account/migrations/0041_authfederation_servicefederationsupport_and_more.py
@@ -0,0 +1,194 @@
+# Generated by Django 4.2.10 on 2024-02-21 13:22
+
+import django.db.models.deletion
+import django.db.models.manager
+import django_handleref.models
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        migrations.swappable_dependency(settings.OAUTH2_PROVIDER_APPLICATION_MODEL),
+        ("account", "0040_invitation_expiry"),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="AuthFederation",
+            fields=[
+                ("id", models.AutoField(primary_key=True, serialize=False)),
+                (
+                    "created",
+                    django_handleref.models.CreatedDateTimeField(
+                        auto_now_add=True, verbose_name="Created"
+                    ),
+                ),
+                (
+                    "updated",
+                    django_handleref.models.UpdatedDateTimeField(
+                        auto_now=True, verbose_name="Updated"
+                    ),
+                ),
+                ("version", models.IntegerField(default=0)),
+                (
+                    "status",
+                    models.CharField(
+                        choices=[
+                            ("ok", "Ok"),
+                            ("pending", "Pending"),
+                            ("deactivated", "Deactivated"),
+                            ("failed", "Failed"),
+                            ("expired", "Expired"),
+                        ],
+                        default="ok",
+                        max_length=12,
+                    ),
+                ),
+                (
+                    "application",
+                    models.OneToOneField(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="organization",
+                        to=settings.OAUTH2_PROVIDER_APPLICATION_MODEL,
+                        verbose_name="Application",
+                    ),
+                ),
+                (
+                    "org",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="oauth_applications",
+                        to="account.organization",
+                        verbose_name="Organization",
+                    ),
+                ),
+            ],
+            options={
+                "verbose_name": "Federation for Organization",
+                "verbose_name_plural": "Federation for Organization",
+                "db_table": "account_organization_oauth_application",
+                "unique_together": {("org", "application")},
+            },
+            managers=[
+                ("handleref", django.db.models.manager.Manager()),
+            ],
+        ),
+        migrations.CreateModel(
+            name="ServiceFederationSupport",
+            fields=[
+                ("id", models.AutoField(primary_key=True, serialize=False)),
+                (
+                    "created",
+                    django_handleref.models.CreatedDateTimeField(
+                        auto_now_add=True, verbose_name="Created"
+                    ),
+                ),
+                (
+                    "updated",
+                    django_handleref.models.UpdatedDateTimeField(
+                        auto_now=True, verbose_name="Updated"
+                    ),
+                ),
+                ("version", models.IntegerField(default=0)),
+                (
+                    "status",
+                    models.CharField(
+                        choices=[
+                            ("ok", "Ok"),
+                            ("pending", "Pending"),
+                            ("deactivated", "Deactivated"),
+                            ("failed", "Failed"),
+                            ("expired", "Expired"),
+                        ],
+                        default="ok",
+                        max_length=12,
+                    ),
+                ),
+                ("slug", models.CharField(max_length=32, unique=True)),
+                ("name", models.CharField(max_length=255, unique=True)),
+                (
+                    "federation_level",
+                    models.CharField(
+                        choices=[
+                            ("auth", "Allow org authentication"),
+                            ("full", "Full federation"),
+                        ],
+                        default="auth",
+                        help_text="The level of federation for this service.",
+                        max_length=255,
+                    ),
+                ),
+            ],
+            options={
+                "verbose_name": "Federation Support for Service",
+                "verbose_name_plural": "Federation Support for Service",
+                "db_table": "account_federated_service",
+            },
+            managers=[
+                ("handleref", django.db.models.manager.Manager()),
+            ],
+        ),
+        migrations.CreateModel(
+            name="FederatedServiceURL",
+            fields=[
+                ("id", models.AutoField(primary_key=True, serialize=False)),
+                (
+                    "created",
+                    django_handleref.models.CreatedDateTimeField(
+                        auto_now_add=True, verbose_name="Created"
+                    ),
+                ),
+                (
+                    "updated",
+                    django_handleref.models.UpdatedDateTimeField(
+                        auto_now=True, verbose_name="Updated"
+                    ),
+                ),
+                ("version", models.IntegerField(default=0)),
+                (
+                    "status",
+                    models.CharField(
+                        choices=[
+                            ("ok", "Ok"),
+                            ("pending", "Pending"),
+                            ("deactivated", "Deactivated"),
+                            ("failed", "Failed"),
+                            ("expired", "Expired"),
+                        ],
+                        default="ok",
+                        max_length=12,
+                    ),
+                ),
+                ("url", models.URLField(verbose_name="Service URL")),
+                (
+                    "auth",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="federated_service_urls",
+                        to="account.authfederation",
+                        verbose_name="OAuth Application",
+                    ),
+                ),
+                (
+                    "service",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="urls",
+                        to="account.servicefederationsupport",
+                        verbose_name="Service",
+                    ),
+                ),
+            ],
+            options={
+                "verbose_name": "Service URL",
+                "verbose_name_plural": "Service URLs",
+                "db_table": "account_federated_service_url",
+                "unique_together": {("url", "auth"), ("service", "auth")},
+            },
+            managers=[
+                ("handleref", django.db.models.manager.Manager()),
+            ],
+        ),
+    ]
diff --git a/src/account/migrations/0042_federatedserviceurl_config.py b/src/account/migrations/0042_federatedserviceurl_config.py
@@ -0,0 +1,22 @@
+# Generated by Django 4.2.10 on 2024-03-13 13:59
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("account", "0041_authfederation_servicefederationsupport_and_more"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="federatedserviceurl",
+            name="config",
+            field=models.JSONField(
+                default=dict,
+                help_text="Service specific configuration for this URL.",
+                verbose_name="Service Configuration",
+            ),
+        ),
+    ]
diff --git a/src/account/migrations/0043_servicefederationsupport_logo_url.py b/src/account/migrations/0043_servicefederationsupport_logo_url.py
@@ -0,0 +1,18 @@
+# Generated by Django 4.2.10 on 2024-03-13 15:54
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("account", "0042_federatedserviceurl_config"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="servicefederationsupport",
+            name="logo_url",
+            field=models.URLField(blank=True, null=True),
+        ),
+    ]
diff --git a/src/account/models.py → src/account/models/__init__.py b/src/account/models.py → src/account/models/__init__.py
@@ -19,6 +19,9 @@
 from django_grainy.util import Permissions
 from fullctl.django.enum import CONTACT_MESSAGE_TYPE
 
+from account.models.federation import FederatedServiceURL  # noqa F401
+
+# imports needed for initialization
 from account.tasks import UpdatePermissions  # noqa F401
 from common.email import email_contact_us, email_noreply
 from common.models import HandleRefModel