From ab7f64ea5d81efecb56bc7e3b4efeb3578db2d79 Mon Sep 17 00:00:00 2001
From: Jannis Leidel <jannis@leidel.info>
Date: Wed, 14 Sep 2016 11:03:35 +0200
Subject: [PATCH 1/3] Move Debian build script next to other scripts.

---
 README.md                    | 4 +++-
 build.sh => bin/build-deb.sh | 7 ++++---
 2 files changed, 7 insertions(+), 4 deletions(-)
 rename build.sh => bin/build-deb.sh (76%)

diff --git a/README.md b/README.md
index cb69b57c..c11f4495 100644
--- a/README.md
+++ b/README.md
@@ -34,7 +34,9 @@ Development Setup
 
 This application is packaged with Docker, which manages and maintains a consistent application environment.
 
-On a Debian-derived Linux distributions, run `./build.sh` in the project root directory to perform all the installation steps automatically. On other OSs, [install Docker](https://docs.docker.com/mac/) and [Docker Compose](https://docs.docker.com/compose/install/) manually.
+On a Debian-derived Linux distributions, run `./bin/build-deb.sh` to perform all
+the installation steps automatically. On other OSs, [install Docker](https://docs.docker.com/mac/) and
+[Docker Compose](https://docs.docker.com/compose/install/) manually.
 
 To start the application, run `docker-compose up`.
 
diff --git a/build.sh b/bin/build-deb.sh
similarity index 76%
rename from build.sh
rename to bin/build-deb.sh
index 668f1ca1..a1101971 100755
--- a/build.sh
+++ b/bin/build-deb.sh
@@ -1,7 +1,8 @@
 #!/usr/bin/env bash
-
 set -e
 
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
 # the Docker and Docker Compose packages in the repositories are too old to work with this project - install the latest versions instead
 sudo apt-get install --yes -qq curl
 sudo apt-get purge --yes -qq lxc-docker docker.io docker-compose # remove old packages that can cause conflicts
@@ -11,5 +12,5 @@ sudo chmod +x /usr/local/bin/docker-compose # install Docker Compose
 sudo usermod -aG docker ${USER} # add the current user to the Docker group (required in order to run the Docker daemon without sudo)
 
 # we still need sudo even though we've been added to the Docker group here, since the group change only takes effect after logging out and logging in again
-sudo docker-compose run web ./manage.py collectstatic # collect all the static files to /app/static, required by the tests
-sudo docker-compose run web ./manage.py test # run the test suite real quick
+sudo docker-compose run web ${DIR}/../manage.py collectstatic # collect all the static files to /app/static, required by the tests
+sudo docker-compose run web ${DIR}/../manage.py test # run the test suite real quick

From ac1cc24fb0f123a9665d1276970678990269d68d Mon Sep 17 00:00:00 2001
From: Jannis Leidel <jannis@leidel.info>
Date: Fri, 16 Sep 2016 12:32:08 +0200
Subject: [PATCH 2/3] Add custom allauth provider for Google OpenIDConnect

Also:

- Rename some classes to just Atmo
- Remove unused django-browserid backend
---
 Makefile                                      |   5 +
 README.md                                     |  13 +
 atmo/__init__.py                              |   2 +-
 atmo/apps.py                                  |   2 +-
 atmo/settings.py                              |  58 +++--
 atmo/templates/account/base.html              |   1 +
 atmo/templates/account/login.html             |  40 +++
 atmo/templates/atmo/base.html                 |  43 +++-
 atmo/templates/atmo/dashboard.html            | 233 ++++++++----------
 atmo/templates/atmo/login.html                |  40 ---
 atmo/templates/atmo/new-cluster.html          |   2 +-
 atmo/urls.py                                  |   5 +-
 atmo/users/__init__.py                        |   0
 atmo/users/adapters.py                        |  33 +++
 atmo/users/management/__init__.py             |   0
 atmo/users/management/commands/__init__.py    |   0
 .../commands/add_google_credentials.py        |  33 +++
 atmo/users/migrations/0001_initial_site.py    |  32 +++
 atmo/users/migrations/__init__.py             |   0
 atmo/users/provider.py                        |  42 ++++
 atmo/users/urls.py                            |   5 +
 atmo/users/views.py                           |  93 +++++++
 atmo/utils/auth.py                            |   6 -
 atmo/utils/tests.py                           |  18 --
 atmo/views.py                                 |  11 +-
 requirements.txt                              |  19 +-
 26 files changed, 497 insertions(+), 239 deletions(-)
 create mode 100644 Makefile
 create mode 100644 atmo/templates/account/base.html
 create mode 100644 atmo/templates/account/login.html
 delete mode 100644 atmo/templates/atmo/login.html
 create mode 100644 atmo/users/__init__.py
 create mode 100644 atmo/users/adapters.py
 create mode 100644 atmo/users/management/__init__.py
 create mode 100644 atmo/users/management/commands/__init__.py
 create mode 100644 atmo/users/management/commands/add_google_credentials.py
 create mode 100644 atmo/users/migrations/0001_initial_site.py
 create mode 100644 atmo/users/migrations/__init__.py
 create mode 100644 atmo/users/provider.py
 create mode 100644 atmo/users/urls.py
 create mode 100644 atmo/users/views.py
 delete mode 100644 atmo/utils/auth.py
 delete mode 100644 atmo/utils/tests.py

diff --git a/Makefile b/Makefile
new file mode 100644
index 00000000..b7fb4c14
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,5 @@
+.PHONY: creds
+
+creds:
+	@docker-compose run web ./manage.py add_google_credentials \
+		--client-id="$(CLIENT_ID)" --client-secret="$(CLIENT_SECRET)"
diff --git a/README.md b/README.md
index c11f4495..ecb49a70 100644
--- a/README.md
+++ b/README.md
@@ -60,6 +60,19 @@ Quick troubleshooting guide:
     * The AWS credentials on the current machine are likely not correctly set.
     * Set them in your **ENVIRONMENT VARIABLES** (these environment variables are transferred to the docker container, from definitions in `docker-compose.yml`).
     * See the [relevant section of the Boto3 docs](https://boto3.readthedocs.org/en/latest/guide/configuration.html#environment-variables) for more details.
+* Django raises a 404 when trying to login
+    * Google Developer credentials are needed to get the Google authentication
+      workflow running.
+    * Go to https://console.developers.google.com/, create a new project
+    * Click on "credentials" and create a new "OAuth client ID"
+        * Application type: "Web application"
+        * Name: "ATMO" (e.g. append "dev" or similar for local development)
+        * Authorized redirect URIs:
+            * <protocol>://<hostname>[:<port>]/accounts/google/login/callback/ e.g.:
+            * http://localhost:8000/accounts/google/login/callback/ for local development
+    * With the client ID and client secret given run the following to add them
+      to the django-allauth config system:
+        * CLIENT_ID=<client-id> CLIENT_SECRET=<client-secret> make creds
 
 Production Setup
 ----------------
diff --git a/atmo/__init__.py b/atmo/__init__.py
index 4e35cb3e..5aa0232a 100644
--- a/atmo/__init__.py
+++ b/atmo/__init__.py
@@ -1 +1 @@
-default_app_config = 'atmo.apps.AnalysisServiceAppConfig'
+default_app_config = 'atmo.apps.AtmoAppConfig'
diff --git a/atmo/apps.py b/atmo/apps.py
index a791b0f5..3c728ba9 100644
--- a/atmo/apps.py
+++ b/atmo/apps.py
@@ -3,7 +3,7 @@
 import session_csrf
 
 
-class AnalysisServiceAppConfig(AppConfig):
+class AtmoAppConfig(AppConfig):
     name = 'atmo'
 
     def ready(self):
diff --git a/atmo/settings.py b/atmo/settings.py
index 569c2a4a..cfea9b09 100644
--- a/atmo/settings.py
+++ b/atmo/settings.py
@@ -16,9 +16,9 @@
     from urllib import parse
 
 import dj_database_url
+from django.core.urlresolvers import reverse_lazy
 from decouple import Csv, config
 
-
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 BASE_DIR = os.path.dirname(os.path.dirname(__file__))
 ROOT = os.path.dirname(os.path.join(BASE_DIR, '..'))
@@ -41,26 +41,26 @@
     'atmo',
     'atmo.clusters',
     'atmo.jobs',
+    'atmo.users',
     'atmo.workers',
 
     # Third party apps
     'whitenoise.runserver_nostatic',
     'django_rq',
+    'allauth',
+    'allauth.account',
+    'allauth.socialaccount',
 
     # Django apps
+    'django.contrib.sites',
     'django.contrib.admin',
     'django.contrib.auth',
     'django.contrib.contenttypes',
     'django.contrib.sessions',
     'django.contrib.messages',
     'django.contrib.staticfiles',
-    'django_browserid',
 ]
 
-for app in config('EXTRA_APPS', default='', cast=Csv()):
-    INSTALLED_APPS.append(app)
-
-
 MIDDLEWARE_CLASSES = (
     'whitenoise.middleware.WhiteNoiseMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
@@ -133,12 +133,40 @@
     }
 }
 
-# Add the django_browserid authentication backend.
+# Add the django-allauth authentication backend.
 AUTHENTICATION_BACKENDS = (
     'django.contrib.auth.backends.ModelBackend',
-    'atmo.utils.auth.AllowMozillaEmailsBackend',
+    'allauth.account.auth_backends.AuthenticationBackend',
 )
-LOGIN_URL = "/login/"
+
+LOGIN_URL = reverse_lazy('account_login')
+LOGOUT_URL = reverse_lazy('account_logout')
+LOGIN_REDIRECT_URL = reverse_lazy('dashboard')
+
+# django-allauth configuration
+ACCOUNT_LOGOUT_REDIRECT_URL = LOGIN_REDIRECT_URL
+if not DEBUG:
+    ACCOUNT_DEFAULT_HTTP_PROTOCOL = 'https'
+ACCOUNT_EMAIL_CONFIRMATION_EXPIRE_DAYS = 7
+ACCOUNT_EMAIL_SUBJECT_PREFIX = "[ATMO] "
+ACCOUNT_EMAIL_REQUIRED = True
+ACCOUNT_EMAIL_VERIFICATION = 'optional'
+ACCOUNT_LOGOUT_ON_GET = True
+ACCOUNT_ADAPTER = 'atmo.users.adapters.AtmoAccountAdapter'
+ACCOUNT_USERNAME_REQUIRED = False
+
+SOCIALACCOUNT_ADAPTER = 'atmo.users.adapters.AtmoSocialAccountAdapter'
+SOCIALACCOUNT_EMAIL_VERIFICATION = 'none'  # no extra verification needed
+SOCIALACCOUNT_QUERY_EMAIL = True  # needed by the Google provider
+
+SOCIALACCOUNT_PROVIDERS = {
+    'google': {
+        'HOSTED_DOMAIN': 'mozilla.com',
+        'AUTH_PARAMS': {
+            'prompt': 'select_account',
+        }
+    }
+}
 
 # Internationalization
 # https://docs.djangoproject.com/en/1.9/topics/i18n/
@@ -170,6 +198,7 @@
                 'django.template.context_processors.media',
                 'django.template.context_processors.static',
                 'django.template.context_processors.tz',
+                'django.template.context_processors.request',
                 'django.contrib.messages.context_processors.messages',
                 'session_csrf.context_processor',
                 'atmo.utils.context_processors.settings',
@@ -181,15 +210,10 @@
         }
     },
 ]
-if not DEBUG:
-    TEMPLATES[0]['OPTIONS']['loaders'] = [
-        ('django.template.loaders.cached.Loader', TEMPLATES[0]['OPTIONS']['loaders']),
-    ]
 
 # Django-CSP
 CSP_DEFAULT_SRC = (
     "'self'",
-    'https://login.persona.org',
 )
 CSP_FONT_SRC = (
     "'self'",
@@ -198,7 +222,6 @@
     'https://*.mozilla.net',
     'http://*.mozilla.org',
     'https://*.mozilla.org',
-    'https://login.persona.org',
 )
 CSP_IMG_SRC = (
     "'self'",
@@ -207,7 +230,6 @@
     'https://*.mozilla.net',
     'http://*.mozilla.org',
     'https://*.mozilla.org',
-    'https://login.persona.org',
 )
 CSP_SCRIPT_SRC = (
     "'self'",
@@ -216,7 +238,6 @@
     'https://*.mozilla.org',
     'http://*.mozilla.net',
     'https://*.mozilla.net',
-    'https://login.persona.org',
 )
 CSP_STYLE_SRC = (
     "'self'",
@@ -225,8 +246,9 @@
     'https://*.mozilla.org',
     'http://*.mozilla.net',
     'https://*.mozilla.net',
-    'https://login.persona.org',
 )
 
 # This is needed to get a CRSF token in /admin
 ANON_ALWAYS = True
+
+SITE_ID = 1
diff --git a/atmo/templates/account/base.html b/atmo/templates/account/base.html
new file mode 100644
index 00000000..a16b6e98
--- /dev/null
+++ b/atmo/templates/account/base.html
@@ -0,0 +1 @@
+{% extends "atmo/base.html" %}
diff --git a/atmo/templates/account/login.html b/atmo/templates/account/login.html
new file mode 100644
index 00000000..3c87092f
--- /dev/null
+++ b/atmo/templates/account/login.html
@@ -0,0 +1,40 @@
+{% extends "account/base.html" %}
+{% load socialaccount static %}
+
+{% block head_title %}Login{% endblock %}
+
+{% block head_extra %}
+<link href="{% static "css/login.css" %}" rel="stylesheet" />
+{% endblock %}
+
+{% block content %}
+<div class="row">
+  <div class="col-md-12">
+    <div class="jumbotron text-center">
+      <h1>Telemetry Data Analysis</h1>
+      <p>To get started, log in with an <code>@mozilla.com</code> email!</p>
+      <a class="btn btn-lg btn-primary login-button" href="{% provider_login_url "google" next= redirect_field_value %}">Login with Google</a>
+    </div>
+  </div>
+</div>
+<div class="row">
+  <div class="col-md-6">
+    <h2>What is this?</h2>
+    <p>The Telemetry Data Analysis service gives direct access to Mozilla Telemetry data:</p>
+    <ul>
+      <li>Perform interactive analyses with <a href="http://spark.apache.org/">Apache Spark</a> and <a href="http://jupyter.org/">Jupyter</a>.</li>
+      <li>Run custom map-reduce analyses with the <a href="https://github.com/mozilla/telemetry-server/blob/master/docs/MapReduce.md">Telemetry MapReduce framework</a>.</li>
+      <li>Schedule these analyses so they run on a regular basis, publishing output to <a href="https://aws.amazon.com/s3/">Amason S3</a>.</li>
+    </ul>
+  </div>
+  <div class="col-md-6">
+    <h2>Links &amp; resources</h2>
+    <ul>
+      <li>The <a href="https://telemetry.mozilla.org/">Telemetry Dashboards</a> cover the most common use cases for Telemetry data.</li>
+      <li>The <a href="https://github.com/mozilla/telemetry-analysis-service">source code</a> for this service.</li>
+      <li>Information about <a href="http://robertovitillo.com/2015/01/16/next-gen-data-analysis-framework-for-telemetry/">how to use custom analyses</a>.</li>
+      <li>An overview of all the <a href="http://anthony-zhang.me/blog/telemetry-demystified/">Telemetry-related services</a> offered by Mozilla.</li>
+    </ul>
+  </div>
+</div>
+{% endblock %}
diff --git a/atmo/templates/atmo/base.html b/atmo/templates/atmo/base.html
index 0d0f5b16..e06cbd4f 100644
--- a/atmo/templates/atmo/base.html
+++ b/atmo/templates/atmo/base.html
@@ -1,4 +1,4 @@
-{% load browserid staticfiles %}<!DOCTYPE html>
+{% load staticfiles %}<!DOCTYPE html>
 <html>
   <head>
     {% block head_basic %}
@@ -17,19 +17,50 @@
 
     <link href="{% static "css/base.css" %}" rel="stylesheet" />
 
-    <title>Telemetry Self-Serve Data Analysis</title>
-    {% browserid_css %}
-    {% browserid_js %}
+    <title>Telemetry Self-Serve Data Analysis - {% block head_title %}Welcome{% endblock %}</title>
     {% endblock %}
     {% block head_extra %}
     <!-- ADDITIONAL HEAD CONTENT USED BY EACH PAGE -->
     {% endblock %}
   </head>
   <body role="document">
-    {% browserid_info %}
-
+    <nav class="navbar navbar-inverse navbar-fixed-top" role="navigation">
+      <div class="container">
+        <div class="navbar-header">
+          <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar">
+            <span class="sr-only">Toggle navigation</span>
+            <span class="icon-bar"></span>
+            <span class="icon-bar"></span>
+            <span class="icon-bar"></span>
+          </button>
+          <a class="navbar-brand" href="/">Telemetry Data Analysis</a>
+        </div>
+        <div id="navbar" class="navbar-collapse collapse">
+          <ul class="nav navbar-nav">
+            <li><a href="https://github.com/mozilla/telemetry-analysis-service" target="_blank">Contribute</a></li>
+            <li><a href="#">Documentation</a></li>
+          </ul>
+          <ul class="nav navbar-nav navbar-right">
+            <li class="dropdown">
+              <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">{{ request.user.email }} <span class="caret"></span></a>
+              <ul class="dropdown-menu">
+                {% if request.user.is_authenticated %}
+                <li><a href="{% url 'account_email' %}">Emails</a></li>
+                <li><a href="{% url 'socialaccount_connections' %}">Accounts</a></li>
+                <li><a href="{% url 'account_logout' %}">Log out</a></li>
+                {% else %}
+                <li><a href="{% url 'account_login' %}">Log in</a></li>
+                {% endif %}
+              </ul>
+            </li>
+          </ul>
+        </div>
+      </div>
+    </nav>
+    <div class="container">
     {% block content %}
     {% endblock %}
+    </div>
 
     {% csrf_token %}
     <script>
diff --git a/atmo/templates/atmo/dashboard.html b/atmo/templates/atmo/dashboard.html
index 12a5b986..b8762676 100644
--- a/atmo/templates/atmo/dashboard.html
+++ b/atmo/templates/atmo/dashboard.html
@@ -1,5 +1,5 @@
 {% extends "atmo/base.html" %}
-{% load browserid staticfiles %}
+{% load staticfiles %}
 
 {% block head_extra %}
 <link href="{% static "css/dashboard.css" %}" rel="stylesheet" />
@@ -7,138 +7,109 @@
 {% endblock %}
 
 {% block content %}
-<nav class="navbar navbar-inverse navbar-fixed-top" role="navigation">
-  <div class="container">
-    <div class="navbar-header">
-      <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar">
-        <span class="sr-only">Toggle navigation</span>
-        <span class="icon-bar"></span>
-        <span class="icon-bar"></span>
-        <span class="icon-bar"></span>
-      </button>
-      <a class="navbar-brand" href="/">Telemetry Data Analysis</a>
-    </div>
-    <div id="navbar" class="navbar-collapse collapse">
-      <ul class="nav navbar-nav">
-        <li><a href="https://github.com/mozilla/telemetry-analysis-service" target="_blank">Contribute</a></li>
-        <li><a href="#">Documentation</a></li>
-      </ul>
-      <ul class="nav navbar-nav navbar-right">
-        <li class="dropdown">
-          <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">{{ request.user.email }} <span class="caret"></span></a>
-          <ul class="dropdown-menu">
-            <li>{% browserid_logout text='Log Out' next='/login' %}</li>
-          </ul>
-        </li>
-      </ul>
-    </div>
+<div class="row">
+  <div class="col-md-12">
+    <h2>Launch a Spark Cluster</h2>
+    <p>Launch a Spark cluster in the cloud and use it for custom data analysis. The cluster will be available for 24 hours, then it will be automatically terminated.</p>
+    <table class="table table-hover editable-table" id="cluster-table">
+      <thead>
+        <tr>
+          <th class="hidden">cluster_id</th>{# this column is hidden using CSS #}
+          <th>Identifier</th>
+          <th>Size</th>
+          <th>Created on</th>
+          <th>Status</th>
+        </tr>
+      </thead>
+      <tbody>
+        {% for cluster in active_clusters %}
+        <tr>
+          <td class="hidden">{{ cluster.id }}</td>
+          <td>{{ cluster.identifier }}</td>
+          <td>{{ cluster.size }}</td>
+          <td>{{ cluster.start_date }}</td>
+          <td>{{ cluster.most_recent_status }}</td>
+        </tr>
+        {% endfor %}
+      </tbody>
+    </table>
+    {% if not active_clusters %}<p class="text-center">No active clusters to show.</p>{% endif %}
+    {% include 'atmo/new-cluster.html' %}
+    {% if active_clusters %}
+      {% include 'atmo/edit-cluster.html' %}
+      {% include 'atmo/delete-cluster.html' %}
+    {% endif %}
   </div>
-</nav>
-<div class="container">
-  <div class="row">
-    <div class="col-md-12">
-      <h2>Launch a Spark Cluster</h2>
-      <p>Launch a Spark cluster in the cloud and use it for custom data analysis. The cluster will be available for 24 hours, then it will be automatically terminated.</p>
-      <table class="table table-hover editable-table" id="cluster-table">
-        <thead>
-          <tr>
-            <th class="hidden">cluster_id</th>{# this column is hidden using CSS #}
-            <th>Identifier</th>
-            <th>Size</th>
-            <th>Created on</th>
-            <th>Status</th>
-          </tr>
-        </thead>
-        <tbody>
-          {% for cluster in active_clusters %}
-          <tr>
-            <td class="hidden">{{ cluster.id }}</td>
-            <td>{{ cluster.identifier }}</td>
-            <td>{{ cluster.size }}</td>
-            <td>{{ cluster.start_date }}</td>
-            <td>{{ cluster.most_recent_status }}</td>
-          </tr>
-          {% endfor %}
-        </tbody>
-      </table>
-      {% if not active_clusters %}<p class="text-center">No active clusters to show.</p>{% endif %}
-      {% include 'atmo/new-cluster.html' %}
-      {% if active_clusters %}
-        {% include 'atmo/edit-cluster.html' %}
-        {% include 'atmo/delete-cluster.html' %}
-      {% endif %}
-    </div>
-    <div class="col-md-12">
-      <h2>Schedule a Spark Job</h2>
-      <p>Set up a Spark analysis to run regularly in the cloud and upload the results automatically to Amazon S3.</p>
-      <table class="table table-hover editable-table" id="spark-job-table">
-        <thead>
-          <tr>
-            <th class="hidden">spark_job_id</th>
-            <th>Identifier</th>
-            <th>Visibility</th>
-            <th>Size</th>
-            <th>Interval</th>
-            <th>Timeout</th>
-            <th>Starts</th>
-            <th>Ends</th>
-          </tr>
-        </thead>
-        <tbody>
-          {% for spark_job in user_spark_jobs %}
-          <tr>
-            <td class="hidden">{{ spark_job.id }}</td>
-            <td>{{ spark_job.identifier }}</td>
-            <td>{{ spark_job.result_visibility }}</td>
-            <td>{{ spark_job.size }}</td>
-            <td>{{ spark_job.interval_in_hours }}</td>
-            <td>{{ spark_job.job_timeout }}</td>
-            <td>{{ spark_job.start_date }}</td>
-            <td>{{ spark_job.end_date }}</td>
-          </tr>
-          {% endfor %}
-        </tbody>
-      </table>
-      {% if not user_spark_jobs %}<p class="text-center">No scheduled jobs to show.</p>{% endif %}
-      {% include 'atmo/new-spark-job.html' %}
-      {% if user_spark_jobs %}
-        {% include 'atmo/edit-spark-job.html' %}
-        {% include 'atmo/delete-spark-job.html' %}
-      {% endif %}
-    </div>
+  <div class="col-md-12">
+    <h2>Schedule a Spark Job</h2>
+    <p>Set up a Spark analysis to run regularly in the cloud and upload the results automatically to Amazon S3.</p>
+    <table class="table table-hover editable-table" id="spark-job-table">
+      <thead>
+        <tr>
+          <th class="hidden">spark_job_id</th>
+          <th>Identifier</th>
+          <th>Visibility</th>
+          <th>Size</th>
+          <th>Interval</th>
+          <th>Timeout</th>
+          <th>Starts</th>
+          <th>Ends</th>
+        </tr>
+      </thead>
+      <tbody>
+        {% for spark_job in user_spark_jobs %}
+        <tr>
+          <td class="hidden">{{ spark_job.id }}</td>
+          <td>{{ spark_job.identifier }}</td>
+          <td>{{ spark_job.result_visibility }}</td>
+          <td>{{ spark_job.size }}</td>
+          <td>{{ spark_job.interval_in_hours }}</td>
+          <td>{{ spark_job.job_timeout }}</td>
+          <td>{{ spark_job.start_date }}</td>
+          <td>{{ spark_job.end_date }}</td>
+        </tr>
+        {% endfor %}
+      </tbody>
+    </table>
+    {% if not user_spark_jobs %}<p class="text-center">No scheduled jobs to show.</p>{% endif %}
+    {% include 'atmo/new-spark-job.html' %}
+    {% if user_spark_jobs %}
+      {% include 'atmo/edit-spark-job.html' %}
+      {% include 'atmo/delete-spark-job.html' %}
+    {% endif %}
   </div>
-  <div class="row">
-    <div class="col-md-6">
-      <h2>Launch a Worker</h2>
-      <p>Launch a server in the cloud and use it for custom data analysis. The machine will be available for 24 hours, then it will be automatically terminated.</p>
-      <table class="table table-hover">
-        <thead>
-          <tr>
-            <th>Identifier</th>
-            <th>Created on</th>
-          </tr>
-        </thead>
-        <tbody>
-          {% for worker in active_workers %}
-          <tr>
-            <td>{{ worker.identifier }}</td>
-            <td>{{ worker.start_date }}</td>
-          </tr>
-          {% empty %}
-          <tr><td colspan="3">No active workers to show.</td></tr>
-          {% endfor %}
-        </tbody>
-      </table>
-      {% include 'atmo/new-worker.html' %}
-    </div>
-    <div class="col-md-6">
-      <h2>View aggregated data</h2>
-      <p>Open the telemetry dashboards hub to view aggregate data, as well as many other dashboards and resources.</p>
-      <a href="https://telemetry.mozilla.org/" class="btn btn-lg btn-primary" target="_blank">
-        <span class="glyphicon glyphicon-equalizer" aria-hidden="true"></span>
-        Telemetry Dashboards
-      </a>
-    </div>
+</div>
+<div class="row">
+  <div class="col-md-6">
+    <h2>Launch a Worker</h2>
+    <p>Launch a server in the cloud and use it for custom data analysis. The machine will be available for 24 hours, then it will be automatically terminated.</p>
+    <table class="table table-hover">
+      <thead>
+        <tr>
+          <th>Identifier</th>
+          <th>Created on</th>
+        </tr>
+      </thead>
+      <tbody>
+        {% for worker in active_workers %}
+        <tr>
+          <td>{{ worker.identifier }}</td>
+          <td>{{ worker.start_date }}</td>
+        </tr>
+        {% empty %}
+        <tr><td colspan="3">No active workers to show.</td></tr>
+        {% endfor %}
+      </tbody>
+    </table>
+    {% include 'atmo/new-worker.html' %}
+  </div>
+  <div class="col-md-6">
+    <h2>View aggregated data</h2>
+    <p>Open the telemetry dashboards hub to view aggregate data, as well as many other dashboards and resources.</p>
+    <a href="https://telemetry.mozilla.org/" class="btn btn-lg btn-primary" target="_blank">
+      <span class="glyphicon glyphicon-equalizer" aria-hidden="true"></span>
+      Telemetry Dashboards
+    </a>
   </div>
 </div>
 {% endblock %}
diff --git a/atmo/templates/atmo/login.html b/atmo/templates/atmo/login.html
deleted file mode 100644
index e2427b53..00000000
--- a/atmo/templates/atmo/login.html
+++ /dev/null
@@ -1,40 +0,0 @@
-{% extends "atmo/base.html" %}
-{% load browserid staticfiles %}
-
-{% block head_extra %}
-<link href="{% static "css/login.css" %}" rel="stylesheet" />
-{% endblock %}
-
-{% block content %}
-<div class="container">
-  <div class="row">
-    <div class="col-md-12">
-      <div class="jumbotron text-center">
-        <h1>Telemetry Data Analysis</h1>
-        <p>To get started, log in with an <code>@mozilla.com</code> email!</p>
-        {% browserid_login text='Login with Persona' next='/' color='dark' link_class='btn btn-lg login-button' %}
-      </div>
-    </div>
-  </div>
-  <div class="row">
-    <div class="col-md-6">
-      <h2>What is this?</h2>
-      <p>The Telemetry Data Analysis service gives direct access to Mozilla Telemetry data:</p>
-      <ul>
-        <li>Perform interactive analyses with <a href="http://spark.apache.org/">Apache Spark</a> and <a href="http://jupyter.org/">Jupyter</a>.</li>
-        <li>Run custom map-reduce analyses with the <a href="https://github.com/mozilla/telemetry-server/blob/master/docs/MapReduce.md">Telemetry MapReduce framework</a>.</li>
-        <li>Schedule these analyses so they run on a regular basis, publishing output to <a href="https://aws.amazon.com/s3/">Amason S3</a>.</li>
-      </ul>
-    </div>
-    <div class="col-md-6">
-      <h2>Links & resources</h2>
-      <ul>
-        <li>The <a href="https://telemetry.mozilla.org/">Telemetry Dashboards</a> cover the most common use cases for Telemetry data.</li>
-        <li>The <a href="https://github.com/mozilla/telemetry-analysis-service">source code</a> for this service.</li>
-        <li>Information about <a href="http://robertovitillo.com/2015/01/16/next-gen-data-analysis-framework-for-telemetry/">how to use custom analyses</a>.</li>
-        <li>An overview of all the <a href="http://anthony-zhang.me/blog/telemetry-demystified/">Telemetry-related services</a> offered by Mozilla.</li>
-      </ul>
-    </div>
-  </div>
-</div>
-{% endblock %}
diff --git a/atmo/templates/atmo/new-cluster.html b/atmo/templates/atmo/new-cluster.html
index 6b345271..ecb98658 100644
--- a/atmo/templates/atmo/new-cluster.html
+++ b/atmo/templates/atmo/new-cluster.html
@@ -3,7 +3,7 @@
 </button>
 <div class="modal fade" id="new-cluster-dialog" tabindex="-1" role="dialog" aria-labelledby="new-cluster-dialog">
   <div class="modal-dialog" role="document">
-    <form class="modal-content" action="{% url('clusters-new' %}" method="POST" enctype="multipart/form-data">
+    <form class="modal-content" action="{% url 'clusters-new' %}" method="POST" enctype="multipart/form-data">
       {% csrf_token %}
       <div class="modal-header">
         <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
diff --git a/atmo/urls.py b/atmo/urls.py
index 9e79bfeb..8cfc6ace 100644
--- a/atmo/urls.py
+++ b/atmo/urls.py
@@ -6,8 +6,7 @@
 from . import views
 
 urlpatterns = [
-    url(r'^$', views.dashboard),
-    url(r'^login/', views.login),
+    url(r'^$', views.dashboard, name='dashboard'),
     url(r'^admin/rq/', include('django_rq.urls')),
     url(r'^admin/', include(admin.site.urls)),
 
@@ -18,5 +17,5 @@
     # contribute.json url
     url(r'^(?P<path>contribute\.json)$', static.serve, {'document_root': settings.ROOT}),
 
-    url(r'', include('django_browserid.urls')),
+    url(r'^accounts/', include('allauth.urls')),
 ]
diff --git a/atmo/users/__init__.py b/atmo/users/__init__.py
new file mode 100644
index 00000000..e69de29b
diff --git a/atmo/users/adapters.py b/atmo/users/adapters.py
new file mode 100644
index 00000000..1de7d356
--- /dev/null
+++ b/atmo/users/adapters.py
@@ -0,0 +1,33 @@
+from django import forms
+
+from allauth.account.adapter import DefaultAccountAdapter
+from allauth.socialaccount.adapter import DefaultSocialAccountAdapter
+
+
+class AtmoAccountAdapter(DefaultAccountAdapter):
+
+    def is_open_for_signup(self, request):
+        """
+        We disable the signup with regular accounts as we require Persona
+        (for now)
+        """
+        return False
+
+
+class AtmoSocialAccountAdapter(DefaultSocialAccountAdapter):
+
+    def is_open_for_signup(self, request, sociallogin):
+        """
+        Specifically enable social account login.
+        """
+        return True
+
+    def validate_disconnect(self, account, accounts):
+        """
+        Validate whether or not the socialaccount account can be
+        safely disconnected.
+        """
+        if len(accounts) == 1:
+            raise forms.ValidationError(
+                'At least one account needs to be connected'
+            )
diff --git a/atmo/users/management/__init__.py b/atmo/users/management/__init__.py
new file mode 100644
index 00000000..e69de29b
diff --git a/atmo/users/management/commands/__init__.py b/atmo/users/management/commands/__init__.py
new file mode 100644
index 00000000..e69de29b
diff --git a/atmo/users/management/commands/add_google_credentials.py b/atmo/users/management/commands/add_google_credentials.py
new file mode 100644
index 00000000..ea4355d6
--- /dev/null
+++ b/atmo/users/management/commands/add_google_credentials.py
@@ -0,0 +1,33 @@
+from django.core.management.base import BaseCommand
+from django.contrib.sites.models import Site
+
+from allauth.socialaccount.models import SocialApp
+
+
+class Command(BaseCommand):
+    def add_arguments(self, parser):
+        parser.add_argument(
+            '--client-id',
+            dest='client_id',
+            required=True,
+            help='The Google client ID',
+        )
+        parser.add_argument(
+            '--client-secret',
+            dest='client_secret',
+            required=True,
+            help='The Google client secret',
+        )
+
+    def handle(self, *args, **options):
+        SocialApp.objects.all().delete()
+        self.stdout.write('Removed all other credentials.')
+        social_app = SocialApp.objects.create(
+            provider='google',
+            name='Googe',
+            client_id=options['client_id'],
+            secret=options['client_secret'],
+        )
+        social_app.sites.add(Site.objects.get_current())
+        self.stdout.write('Added Google credentials for client ID "%s".' %
+                          options['client_id'])
diff --git a/atmo/users/migrations/0001_initial_site.py b/atmo/users/migrations/0001_initial_site.py
new file mode 100644
index 00000000..3ba1d374
--- /dev/null
+++ b/atmo/users/migrations/0001_initial_site.py
@@ -0,0 +1,32 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.9.1 on 2016-09-20 09:12
+from __future__ import unicode_literals
+
+from django.conf import settings
+from django.db import migrations
+
+
+def add_site(apps, schema_editor):
+    Site = apps.get_model('sites', 'Site')
+    db_alias = schema_editor.connection.alias
+    Site.objects.using(db_alias).get_or_create(
+        id=settings.SITE_ID,
+        defaults={'domain': 'localhost', 'name': 'localhost'}
+    )
+
+
+def delete_site(apps, schema_editor):
+    Site = apps.get_model('sites', 'Site')
+    db_alias = schema_editor.connection.alias
+    Site.objects.using(db_alias).filter(id=settings.SITE_ID).delete()
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('sites', '0002_alter_domain_unique'),
+    ]
+
+    operations = [
+        migrations.RunPython(add_site, delete_site),
+    ]
diff --git a/atmo/users/migrations/__init__.py b/atmo/users/migrations/__init__.py
new file mode 100644
index 00000000..e69de29b
diff --git a/atmo/users/provider.py b/atmo/users/provider.py
new file mode 100644
index 00000000..17b1e3ad
--- /dev/null
+++ b/atmo/users/provider.py
@@ -0,0 +1,42 @@
+from allauth.socialaccount import providers
+from allauth.socialaccount.app_settings import QUERY_EMAIL
+from allauth.socialaccount.providers.google.provider import (
+    GoogleProvider, GoogleAccount, Scope)
+
+
+class AtmoGoogleAccount(GoogleAccount):
+    def get_profile_url(self):
+        """
+        The profile URL field is called 'profile' for OpenIDConnect profiles,
+        see https://developers.google.com/+/web/api/rest/openidconnect/getOpenIdConnect
+        """
+        return self.account.extra_data.get('profile')
+
+
+class AtmoGoogleProvider(GoogleProvider):
+
+    def extract_uid(self, data):
+        return str(data['sub'])
+
+    def get_default_scope(self):
+        "Override the default method to prepend 'openid' and add specific order"
+        scope = ['openid']
+        if QUERY_EMAIL:
+            scope.append(Scope.EMAIL)
+        scope.append(Scope.PROFILE)
+        return scope
+
+    def get_hosted_domain(self):
+        "If configured returns the Google Apps domain"
+        return self.get_settings().get('HOSTED_DOMAIN', None)
+
+    def get_auth_params(self, request, action):
+        "If configured, adds the hosted domain to the auth request"
+        params = super(AtmoGoogleProvider, self).get_auth_params(request, action)
+        hosted_domain = self.get_hosted_domain()
+        if hosted_domain is not None:
+            params['hd'] = hosted_domain
+        return params
+
+
+providers.registry.register(AtmoGoogleProvider)
diff --git a/atmo/users/urls.py b/atmo/users/urls.py
new file mode 100644
index 00000000..1b5f60e9
--- /dev/null
+++ b/atmo/users/urls.py
@@ -0,0 +1,5 @@
+from allauth.socialaccount.providers.oauth2.urls import default_urlpatterns
+
+from .provider import AtmoGoogleProvider
+
+urlpatterns = default_urlpatterns(AtmoGoogleProvider)
diff --git a/atmo/users/views.py b/atmo/users/views.py
new file mode 100644
index 00000000..18469358
--- /dev/null
+++ b/atmo/users/views.py
@@ -0,0 +1,93 @@
+import redis
+import requests
+from allauth.socialaccount.providers.google.views import GoogleOAuth2Adapter
+from allauth.socialaccount.providers.oauth2.views import (OAuth2LoginView,
+                                                          OAuth2CallbackView)
+from cachecontrol import CacheControl
+from cachecontrol.caches.redis_cache import RedisCache
+from django.core.exceptions import PermissionDenied
+from django.conf import settings
+
+from .provider import AtmoGoogleProvider
+
+
+DISCOVERY_DOCUMENT_ENDPOINT = 'https://accounts.google.com/.well-known/openid-configuration'
+TOKENINFO_ENDPOINT = 'https://www.googleapis.com/oauth2/v3/tokeninfo'
+CACHE_CONTROL_REDIS_DB = 1
+
+# respects HTTP cache headers here to not fetch this every time
+redis_client = redis.Redis.from_url(
+    settings.REDIS_URL.geturl(),
+    db=CACHE_CONTROL_REDIS_DB,
+)
+session = CacheControl(requests.session(), RedisCache(redis_client))
+
+
+def fetch_discovery_document():
+    "Fetch discovery document from Google, respect cache response headers"
+    response = session.get(DISCOVERY_DOCUMENT_ENDPOINT)
+    response.raise_for_status()
+    return response.json()
+
+
+def url_endpoint(name, default=None):
+    "Fetch the discovery document for the given URL endpoint name"
+    discovery_document = fetch_discovery_document()
+    return discovery_document.get(name, default)
+
+
+class AtmoGoogleOAuth2Adapter(GoogleOAuth2Adapter):
+    provider_id = AtmoGoogleProvider.id
+    access_token_url = url_endpoint(
+        'token_endpoint',
+        GoogleOAuth2Adapter.access_token_url
+    )
+    authorize_url = url_endpoint(
+        'authorization_endpoint',
+        GoogleOAuth2Adapter.authorize_url
+    )
+    profile_url = url_endpoint(
+        'userinfo_endpoint',
+        GoogleOAuth2Adapter.profile_url,
+    )
+
+    def complete_login(self, request, app, token, **kwargs):
+        """
+        Extends the default login completion by verification of response data
+        as documented on:
+
+          https://developers.google.com/identity/protocols/OpenIDConnect
+
+        """
+        response = kwargs.get('response', None)
+        if response is None:
+            raise PermissionDenied('Something went wrong during the login')
+
+        # response contains data from the access token URL request
+        id_token = response.get('id_token', None)
+        if id_token is None:
+            raise PermissionDenied('No ID received from Google')
+
+        # verify the ID token using Google's endpoint
+        response = requests.post(TOKENINFO_ENDPOINT, data={'id_token': id_token})
+        response.raise_for_status()
+        id_token_data = response.json()
+
+        # verify the received audience token with the client ID we have
+        provider = self.get_provider()
+        if provider.get_app(request).client_id != id_token_data.get('aud', None):
+            raise PermissionDenied('Invalid client ID received')
+
+        # if configured, check if the return hosted domain matches what we have
+        hosted_domain = provider.get_hosted_domain()
+        if hosted_domain and hosted_domain != id_token_data.get('hd', None):
+            raise PermissionDenied('Access restricted to users of '
+                                   'the domain %s' % hosted_domain)
+
+        return super(AtmoGoogleOAuth2Adapter, self).complete_login(
+            request, app, token, **kwargs
+        )
+
+
+oauth2_login = OAuth2LoginView.adapter_view(AtmoGoogleOAuth2Adapter)
+oauth2_callback = OAuth2CallbackView.adapter_view(AtmoGoogleOAuth2Adapter)
diff --git a/atmo/utils/auth.py b/atmo/utils/auth.py
deleted file mode 100644
index 54f4ea98..00000000
--- a/atmo/utils/auth.py
+++ /dev/null
@@ -1,6 +0,0 @@
-from django_browserid.auth import BrowserIDBackend
-
-
-class AllowMozillaEmailsBackend(BrowserIDBackend):
-    def is_valid_email(self, email):
-        return email.endswith("@mozilla.com")
diff --git a/atmo/utils/tests.py b/atmo/utils/tests.py
deleted file mode 100644
index 055b81a7..00000000
--- a/atmo/utils/tests.py
+++ /dev/null
@@ -1,18 +0,0 @@
-from django.test import TestCase
-from django.contrib.auth.models import User
-
-
-class TestAuthentication(TestCase):
-    def setUp(self):
-        self.test_user = User.objects.create_user('john.smith', 'john@smith.com', 'hunter2')
-
-    def test_that_login_page_is_csrf_protected(self):
-        response = self.client.get('/login/', follow=True)
-        self.assertEqual(response.status_code, 200)
-        self.assertIn(b'csrfmiddlewaretoken', response.content)
-
-    def test_that_login_works(self):
-        self.assertTrue(self.client.login(username='john.smith', password='hunter2'))
-        response = self.client.get('/login/', follow=True)
-        self.assertEqual(response.status_code, 200)
-        self.assertEqual(response.redirect_chain[-1], ('/', 302))
diff --git a/atmo/views.py b/atmo/views.py
index 5dc59d49..d046ea6d 100644
--- a/atmo/views.py
+++ b/atmo/views.py
@@ -1,10 +1,8 @@
 import logging
 from datetime import datetime
-from django.shortcuts import render, redirect
+from django.shortcuts import render
 from django.contrib.auth.decorators import login_required
 
-from session_csrf import anonymous_csrf
-
 from .clusters.forms import NewClusterForm, EditClusterForm, DeleteClusterForm
 from .clusters.models import Cluster
 from .jobs.forms import NewSparkJobForm, EditSparkJobForm, DeleteSparkJobForm
@@ -48,10 +46,3 @@ def dashboard(request):
         "delete_spark_job_form": DeleteSparkJobForm(request.user),
     }
     return render(request, 'atmo/dashboard.html', context=context)
-
-
-@anonymous_csrf
-def login(request):
-    if request.user.is_authenticated():
-        return redirect(dashboard)
-    return render(request, 'atmo/login.html')
diff --git a/requirements.txt b/requirements.txt
index 05a3688d..751a9642 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -53,10 +53,9 @@ pyflakes==1.0.0 \
 mccabe==0.4.0 \
     --hash=sha256:cbc2938f6c01061bc6d21d0c838c2489664755cb18676f0734d7617f4577d09e \
     --hash=sha256:9a2b12ebd876e77c72e41ebf401cc2e7c5b566649d50105ca49822688642207b
-django-browserid==2.0.0 \
-    --hash=sha256:5ef995f50de09c5a5ae3a6531a21d2c66549310e6ef94ec174bbc7bbad49e880
-requests==2.9.1 \
-    --hash=sha256:113fbba5531a9e34945b7d36b33a084e8ba5d0664b703c81a7c572d91919a5b8
+requests==2.11.1 \
+    --hash=sha256:545c4855cd9d7c12671444326337013766f4eea6068c3f0307fb2dc2696d580e \
+    --hash=sha256:5acf980358283faba0b897c73959cecf8b841205bb4b2ad3ef545f46eae1a133
 boto3==1.2.3 \
     --hash=sha256:7d0870af3448596aea5a6ff2d6f93b67f2edcabca092e263ad645a60443a8d84
 jmespath==0.9.0 \
@@ -93,3 +92,15 @@ croniter==0.3.12 \
     --hash=sha256:445cb26bc2f3cff25a7b06575caf98312b552affffeee0437f26d416c6e3c895
 https://github.com/maurodoglio/rq-scheduler/archive/lock-retry.zip#rq-scheduler \
     --hash=sha256:23d389e8e7139a5f7c63972a4e3a5314436137d109fd6d2117455e862747af95
+django-allauth==0.27.0 \
+    --hash=sha256:3980d2c597320f28840af7bbbde1d7461483f152614c527e6fd07d8773015da5
+python-openid==2.2.5 \
+    --hash=sha256:92c51c3ecec846cbec4aeff11f9ff47303d4a63f93b0e6ac0ec02a091fed70ef \
+    --hash=sha256:c2d133e47e0a7705c9272eef00d7a09c174f5bf17a127fed8e2c6499556cc782
+requests-oauthlib==0.6.2 \
+    --hash=sha256:161ec8aaa360befac7079bcf20dc2a3993d1ddef19bc21d8118232a98f716e7a \
+    --hash=sha256:9742667ee57090973baba18a9f0ddab9a7b84ffd44e236e44ada0c660eaf731f
+oauthlib==2.0.0 \
+    --hash=sha256:0ad22b4f03fd75ef18d5793e1fed5e2361af5d374009f7722b4af390a0030dfd
+CacheControl==0.11.7 \
+    --hash=sha256:8f7829d92584f1f2360ebfff4517ee359787d5b7dfa2ef9579f871b628745a1e

From cbf7fcd32387ee7310a8db1be4ccd1b3a4d3d969 Mon Sep 17 00:00:00 2001
From: Jannis Leidel <jannis@leidel.info>
Date: Tue, 20 Sep 2016 12:27:32 +0200
Subject: [PATCH 3/3] Simplify docker-compose usage with Makefile

---
 Makefile  | 25 ++++++++++++++++++++++++-
 README.md |  7 +++----
 2 files changed, 27 insertions(+), 5 deletions(-)

diff --git a/Makefile b/Makefile
index b7fb4c14..f6ca7540 100644
--- a/Makefile
+++ b/Makefile
@@ -1,5 +1,28 @@
-.PHONY: creds
+.PHONY: build clean creds migrate shell static test up
 
 creds:
 	@docker-compose run web ./manage.py add_google_credentials \
 		--client-id="$(CLIENT_ID)" --client-secret="$(CLIENT_SECRET)"
+
+build:
+	docker-compose build
+
+clean:
+	docker-compose rm -f
+	rm -rf static/
+
+migrate:
+	docker-compose run web ./manage.py migrate --run-syncdb
+
+shell:
+	docker-compose run web bash
+
+static:
+	# this is only necessary after adding/removing/editing static files
+	docker-compose run web ./manage.py collectstatic --noinput
+
+test: static
+	docker-compose run web ./manage.py test
+
+up:
+	docker-compose up
diff --git a/README.md b/README.md
index ecb49a70..8846dbe3 100644
--- a/README.md
+++ b/README.md
@@ -10,8 +10,7 @@ Run the tests
 
 There's a sample test in `atmo/base/tests.py` for your convenience, that you can run using the following command:
 
-    docker-compose run web ./manage.py collectstatic # this is only necessary after adding/removing/editing static files
-    docker-compose run web ./manage.py test
+    make test
 
 If you want to run the full suite, with flake8 and coverage, you may use
 [tox](https://testrun.org/tox/latest/). This will run the tests the same way
@@ -38,7 +37,7 @@ On a Debian-derived Linux distributions, run `./bin/build-deb.sh` to perform all
 the installation steps automatically. On other OSs, [install Docker](https://docs.docker.com/mac/) and
 [Docker Compose](https://docs.docker.com/compose/install/) manually.
 
-To start the application, run `docker-compose up`.
+To start the application, run `make up`.
 
 Quick troubleshooting guide:
 
@@ -52,7 +51,7 @@ Quick troubleshooting guide:
     * Ensure that the DNS configuration is sane: see if `docker-compose run web ping security.debian.org` can connect successfully.
 * Django gives an error message similar to `OperationalError: SOME_TABLE doesn't exist`
     * The database likely isn't set up correctly.
-    * Run `docker-compose run web ./manage.py migrate --run-syncdb` to update it.
+    * Run `make migrate` to update it.
 * Django gives some other form of `OperationalError`, and we don't really care about the data that's already in the database (e.g., while developing or testing)
     * Most database issues can be resolved by just deleting the database, `telemetry_analysis.db`. It will be recreated on the next run.
 * Database errors are usually caused by an improper database configuration. For development purposes, recreating the database will often solve the issue.