Merge pull request #15 from mozilla/allauth

Bug 1273037 - Move from Personal to Google Auth

Makefile

@@ -0,0 +1,28 @@
+.PHONY: build clean creds migrate shell static test up
+
+creds:
+	@docker-compose run web ./manage.py add_google_credentials \
+		--client-id="$(CLIENT_ID)" --client-secret="$(CLIENT_SECRET)"
+
+build:
+	docker-compose build
+
+clean:
+	docker-compose rm -f
+	rm -rf static/
+
+migrate:
+	docker-compose run web ./manage.py migrate --run-syncdb
+
+shell:
+	docker-compose run web bash
+
+static:
+	# this is only necessary after adding/removing/editing static files
+	docker-compose run web ./manage.py collectstatic --noinput
+
+test: static
+	docker-compose run web ./manage.py test
+
+up:
+	docker-compose up

README.md

@@ -10,8 +10,7 @@ Run the tests
 
 There's a sample test in `atmo/base/tests.py` for your convenience, that you can run using the following command:
 
-    docker-compose run web ./manage.py collectstatic # this is only necessary after adding/removing/editing static files
-    docker-compose run web ./manage.py test
+    make test
 
 If you want to run the full suite, with flake8 and coverage, you may use
 [tox](https://testrun.org/tox/latest/). This will run the tests the same way
@@ -34,9 +33,11 @@ Development Setup
 
 This application is packaged with Docker, which manages and maintains a consistent application environment.
 
-On a Debian-derived Linux distributions, run `./build.sh` in the project root directory to perform all the installation steps automatically. On other OSs, [install Docker](https://docs.docker.com/mac/) and [Docker Compose](https://docs.docker.com/compose/install/) manually.
+On a Debian-derived Linux distributions, run `./bin/build-deb.sh` to perform all
+the installation steps automatically. On other OSs, [install Docker](https://docs.docker.com/mac/) and
+[Docker Compose](https://docs.docker.com/compose/install/) manually.
 
-To start the application, run `docker-compose up`.
+To start the application, run `make up`.
 
 Quick troubleshooting guide:
 
@@ -50,14 +51,27 @@ Quick troubleshooting guide:
     * Ensure that the DNS configuration is sane: see if `docker-compose run web ping security.debian.org` can connect successfully.
 * Django gives an error message similar to `OperationalError: SOME_TABLE doesn't exist`
     * The database likely isn't set up correctly.
-    * Run `docker-compose run web ./manage.py migrate --run-syncdb` to update it.
+    * Run `make migrate` to update it.
 * Django gives some other form of `OperationalError`, and we don't really care about the data that's already in the database (e.g., while developing or testing)
     * Most database issues can be resolved by just deleting the database, `telemetry_analysis.db`. It will be recreated on the next run.
 * Database errors are usually caused by an improper database configuration. For development purposes, recreating the database will often solve the issue.
 * Django gives an error message similar to `'NoneType' object has no attribute 'get_frozen_credentials'`.
     * The AWS credentials on the current machine are likely not correctly set.
     * Set them in your **ENVIRONMENT VARIABLES** (these environment variables are transferred to the docker container, from definitions in `docker-compose.yml`).
     * See the [relevant section of the Boto3 docs](https://boto3.readthedocs.org/en/latest/guide/configuration.html#environment-variables) for more details.
+* Django raises a 404 when trying to login
+    * Google Developer credentials are needed to get the Google authentication
+      workflow running.
+    * Go to https://console.developers.google.com/, create a new project
+    * Click on "credentials" and create a new "OAuth client ID"
+        * Application type: "Web application"
+        * Name: "ATMO" (e.g. append "dev" or similar for local development)
+        * Authorized redirect URIs:
+            * <protocol>://<hostname>[:<port>]/accounts/google/login/callback/ e.g.:
+            * http://localhost:8000/accounts/google/login/callback/ for local development
+    * With the client ID and client secret given run the following to add them
+      to the django-allauth config system:
+        * CLIENT_ID=<client-id> CLIENT_SECRET=<client-secret> make creds
 
 Production Setup
 ----------------

atmo/__init__.py

@@ -1 +1 @@
-default_app_config = 'atmo.apps.AnalysisServiceAppConfig'
+default_app_config = 'atmo.apps.AtmoAppConfig'

atmo/apps.py

@@ -3,7 +3,7 @@
 import session_csrf
 
 
-class AnalysisServiceAppConfig(AppConfig):
+class AtmoAppConfig(AppConfig):
     name = 'atmo'
 
     def ready(self):

atmo/settings.py

@@ -16,9 +16,9 @@
     from urllib import parse
 
 import dj_database_url
+from django.core.urlresolvers import reverse_lazy
 from decouple import Csv, config
 
-
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 BASE_DIR = os.path.dirname(os.path.dirname(__file__))
 ROOT = os.path.dirname(os.path.join(BASE_DIR, '..'))
@@ -41,26 +41,26 @@
     'atmo',
     'atmo.clusters',
     'atmo.jobs',
+    'atmo.users',
     'atmo.workers',
 
     # Third party apps
     'whitenoise.runserver_nostatic',
     'django_rq',
+    'allauth',
+    'allauth.account',
+    'allauth.socialaccount',
 
     # Django apps
+    'django.contrib.sites',
     'django.contrib.admin',
     'django.contrib.auth',
     'django.contrib.contenttypes',
     'django.contrib.sessions',
     'django.contrib.messages',
     'django.contrib.staticfiles',
-    'django_browserid',
 ]
 
-for app in config('EXTRA_APPS', default='', cast=Csv()):
-    INSTALLED_APPS.append(app)
-
-
 MIDDLEWARE_CLASSES = (
     'whitenoise.middleware.WhiteNoiseMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
@@ -133,12 +133,40 @@
     }
 }
 
-# Add the django_browserid authentication backend.
+# Add the django-allauth authentication backend.
 AUTHENTICATION_BACKENDS = (
     'django.contrib.auth.backends.ModelBackend',
-    'atmo.utils.auth.AllowMozillaEmailsBackend',
+    'allauth.account.auth_backends.AuthenticationBackend',
 )
-LOGIN_URL = "/login/"
+
+LOGIN_URL = reverse_lazy('account_login')
+LOGOUT_URL = reverse_lazy('account_logout')
+LOGIN_REDIRECT_URL = reverse_lazy('dashboard')
+
+# django-allauth configuration
+ACCOUNT_LOGOUT_REDIRECT_URL = LOGIN_REDIRECT_URL
+if not DEBUG:
+    ACCOUNT_DEFAULT_HTTP_PROTOCOL = 'https'
+ACCOUNT_EMAIL_CONFIRMATION_EXPIRE_DAYS = 7
+ACCOUNT_EMAIL_SUBJECT_PREFIX = "[ATMO] "
+ACCOUNT_EMAIL_REQUIRED = True
+ACCOUNT_EMAIL_VERIFICATION = 'optional'
+ACCOUNT_LOGOUT_ON_GET = True
+ACCOUNT_ADAPTER = 'atmo.users.adapters.AtmoAccountAdapter'
+ACCOUNT_USERNAME_REQUIRED = False
+
+SOCIALACCOUNT_ADAPTER = 'atmo.users.adapters.AtmoSocialAccountAdapter'
+SOCIALACCOUNT_EMAIL_VERIFICATION = 'none'  # no extra verification needed
+SOCIALACCOUNT_QUERY_EMAIL = True  # needed by the Google provider
+
+SOCIALACCOUNT_PROVIDERS = {
+    'google': {
+        'HOSTED_DOMAIN': 'mozilla.com',
+        'AUTH_PARAMS': {
+            'prompt': 'select_account',
+        }
+    }
+}
 
 # Internationalization
 # https://docs.djangoproject.com/en/1.9/topics/i18n/
@@ -170,6 +198,7 @@
                 'django.template.context_processors.media',
                 'django.template.context_processors.static',
                 'django.template.context_processors.tz',
+                'django.template.context_processors.request',
                 'django.contrib.messages.context_processors.messages',
                 'session_csrf.context_processor',
                 'atmo.utils.context_processors.settings',
@@ -181,15 +210,10 @@
         }
     },
 ]
-if not DEBUG:
-    TEMPLATES[0]['OPTIONS']['loaders'] = [
-        ('django.template.loaders.cached.Loader', TEMPLATES[0]['OPTIONS']['loaders']),
-    ]
 
 # Django-CSP
 CSP_DEFAULT_SRC = (
     "'self'",
-    'https://login.persona.org',
 )
 CSP_FONT_SRC = (
     "'self'",
@@ -198,7 +222,6 @@
     'https://*.mozilla.net',
     'http://*.mozilla.org',
     'https://*.mozilla.org',
-    'https://login.persona.org',
 )
 CSP_IMG_SRC = (
     "'self'",
@@ -207,7 +230,6 @@
     'https://*.mozilla.net',
     'http://*.mozilla.org',
     'https://*.mozilla.org',
-    'https://login.persona.org',
 )
 CSP_SCRIPT_SRC = (
     "'self'",
@@ -216,7 +238,6 @@
     'https://*.mozilla.org',
     'http://*.mozilla.net',
     'https://*.mozilla.net',
-    'https://login.persona.org',
 )
 CSP_STYLE_SRC = (
     "'self'",
@@ -225,8 +246,9 @@
     'https://*.mozilla.org',
     'http://*.mozilla.net',
     'https://*.mozilla.net',
-    'https://login.persona.org',
 )
 
 # This is needed to get a CRSF token in /admin
 ANON_ALWAYS = True
+
+SITE_ID = 1

atmo/templates/account/base.html

@@ -0,0 +1 @@
+{% extends "atmo/base.html" %}

atmo/templates/account/login.html

@@ -0,0 +1,40 @@
+{% extends "account/base.html" %}
+{% load socialaccount static %}
+
+{% block head_title %}Login{% endblock %}
+
+{% block head_extra %}
+<link href="{% static "css/login.css" %}" rel="stylesheet" />
+{% endblock %}
+
+{% block content %}
+<div class="row">
+  <div class="col-md-12">
+    <div class="jumbotron text-center">
+      <h1>Telemetry Data Analysis</h1>
+      <p>To get started, log in with an <code>@mozilla.com</code> email!</p>
+      <a class="btn btn-lg btn-primary login-button" href="{% provider_login_url "google" next= redirect_field_value %}">Login with Google</a>
+    </div>
+  </div>
+</div>
+<div class="row">
+  <div class="col-md-6">
+    <h2>What is this?</h2>
+    <p>The Telemetry Data Analysis service gives direct access to Mozilla Telemetry data:</p>
+    <ul>
+      <li>Perform interactive analyses with <a href="http://spark.apache.org/">Apache Spark</a> and <a href="http://jupyter.org/">Jupyter</a>.</li>
+      <li>Run custom map-reduce analyses with the <a href="https://github.com/mozilla/telemetry-server/blob/master/docs/MapReduce.md">Telemetry MapReduce framework</a>.</li>
+      <li>Schedule these analyses so they run on a regular basis, publishing output to <a href="https://aws.amazon.com/s3/">Amason S3</a>.</li>
+    </ul>
+  </div>
+  <div class="col-md-6">
+    <h2>Links &amp; resources</h2>
+    <ul>
+      <li>The <a href="https://telemetry.mozilla.org/">Telemetry Dashboards</a> cover the most common use cases for Telemetry data.</li>
+      <li>The <a href="https://github.com/mozilla/telemetry-analysis-service">source code</a> for this service.</li>
+      <li>Information about <a href="http://robertovitillo.com/2015/01/16/next-gen-data-analysis-framework-for-telemetry/">how to use custom analyses</a>.</li>
+      <li>An overview of all the <a href="http://anthony-zhang.me/blog/telemetry-demystified/">Telemetry-related services</a> offered by Mozilla.</li>
+    </ul>
+  </div>
+</div>
+{% endblock %}

atmo/templates/atmo/base.html

@@ -1,4 +1,4 @@
-{% load browserid staticfiles %}<!DOCTYPE html>
+{% load staticfiles %}<!DOCTYPE html>
 <html>
   <head>
     {% block head_basic %}
@@ -17,19 +17,50 @@
 
     <link href="{% static "css/base.css" %}" rel="stylesheet" />
 
-    <title>Telemetry Self-Serve Data Analysis</title>
-    {% browserid_css %}
-    {% browserid_js %}
+    <title>Telemetry Self-Serve Data Analysis - {% block head_title %}Welcome{% endblock %}</title>
     {% endblock %}
     {% block head_extra %}
     <!-- ADDITIONAL HEAD CONTENT USED BY EACH PAGE -->
     {% endblock %}
   </head>
   <body role="document">
-    {% browserid_info %}
-
+    <nav class="navbar navbar-inverse navbar-fixed-top" role="navigation">
+      <div class="container">
+        <div class="navbar-header">
+          <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar">
+            <span class="sr-only">Toggle navigation</span>
+            <span class="icon-bar"></span>
+            <span class="icon-bar"></span>
+            <span class="icon-bar"></span>
+          </button>
+          <a class="navbar-brand" href="/">Telemetry Data Analysis</a>
+        </div>
+        <div id="navbar" class="navbar-collapse collapse">
+          <ul class="nav navbar-nav">
+            <li><a href="https://github.com/mozilla/telemetry-analysis-service" target="_blank">Contribute</a></li>
+            <li><a href="#">Documentation</a></li>
+          </ul>
+          <ul class="nav navbar-nav navbar-right">
+            <li class="dropdown">
+              <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">{{ request.user.email }} <span class="caret"></span></a>
+              <ul class="dropdown-menu">
+                {% if request.user.is_authenticated %}
+                <li><a href="{% url 'account_email' %}">Emails</a></li>
+                <li><a href="{% url 'socialaccount_connections' %}">Accounts</a></li>
+                <li><a href="{% url 'account_logout' %}">Log out</a></li>
+                {% else %}
+                <li><a href="{% url 'account_login' %}">Log in</a></li>
+                {% endif %}
+              </ul>
+            </li>
+          </ul>
+        </div>
+      </div>
+    </nav>
+    <div class="container">
     {% block content %}
     {% endblock %}
+    </div>
 
     {% csrf_token %}
     <script>