search

ansible / django-ansible-base

Apache License 2.0
11 stars 43 forks source link

[Low Prio] Add uwsgi + nginx + ssl to the compose stack #508

Closed jctanner closed 1 month ago

jctanner commented 2 months ago

This setup will help debug ssl termination issues we might encounter in our various deployment scenarios.

Once the stack is spun up, I used this script to make a mocke azure authenticator ... 

#!/usr/bin/env python

import requests

from pprint import pprint

USERNAME = 'admin'
PASSWORD = 'password'
AUTH = (USERNAME, PASSWORD)
BASEURL = 'http://localhost:8000'

def main():

    azurename = 'azure-test'

    authenticator_plugins_url = BASEURL + '/api/v1/authenticator_plugins/'
    authenticators_url = BASEURL + '/api/v1/authenticators/'

    rr = requests.get(authenticators_url, auth=AUTH)
    for ix, authenticator in enumerate(rr.json()['results']):
        print(f"{ix}. {authenticator['name']}")
        if authenticator['name'] == azurename:
            rd = requests.delete(BASEURL + authenticator['url'], auth=AUTH)

    #rrx = requests.get(authenticator_plugins_url, auth=AUTH)
    #for ix, plugin in enumerate(rrx.json()['authenticators']):
    #    print(f"{ix}. plugin: {plugin['type']}")

    payload = {
        'name': azurename,
        'type': 'ansible_base.authentication.authenticator_plugins.azuread',
        'enabled': True,
        'priority': 1,
        'configuration': {
            'CALLBACK_URL': 'http://wrong.com',
            'KEY': 'KEY11111',
            'SECRET': 'SECRET11111',
        }
    }
    rr = requests.post(authenticators_url, auth=AUTH, json=payload)
    pprint(rr.json())
    ds = rr.json()

    sso_url = BASEURL + ds['sso_login_url']
    rr_sso = requests.get(sso_url, allow_redirects=False)

    headers = dict(rr_sso.headers)
    location = headers['Location']
    redirect = location.split('&')[1]
    print('-' * 100)
    print(sso_url)
    print('\t-> ' + redirect)
    print('-' * 100)

    #import epdb; epdb.st()

if __name__ == "__main__":
    main()

Then you can check how each node in the stack handles contstruction of the redirect uri ...

curl -k -v http://localhost:8000/api/social/login/ansible_base-authentication-authenticator_plugins-azuread__azure-test/ 2>&1 | grep Location
curl -k -v http://localhost/api/social/login/ansible_base-authentication-authenticator_plugins-azuread__azure-test/ 2>&1 | grep Location
curl -k -v https://localhost/api/social/login/ansible_base-authentication-authenticator_plugins-azuread__azure-test/ 2>&1 | grep Location
sonarcloud[bot] commented 1 month ago

Quality Gate Passed Quality Gate passed

Issues
0 New issues
1 Accepted issue

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud