Merge branch 'develop' into auto_grab

.github/workflows/testing.yml

@@ -96,7 +96,7 @@ jobs:
         && source /opt/conda/etc/profile.d/conda.sh \
         && source /opt/conda/etc/profile.d/mamba.sh \
         && mamba activate mss-${{ inputs.branch_name }}-env \
-        && pytest -vv -n 6 --dist loadfile --max-worker-restart 0 tests \
+        && pytest -vv -n 6 --dist loadfile --max-worker-restart 4 tests \
         || (for i in {1..5} \
           ; do pytest -vv -n 6 --dist loadfile --max-worker-restart 0 tests --last-failed --lfnf=none \
           && break \

.gitignore

@@ -24,4 +24,5 @@ build/
 mss.egg-info/
 tutorials/recordings
 tutorials/cursor_image.png
-
+__pycache__/
+instance/

.readthedocs.yaml

@@ -5,5 +5,8 @@ build:
   tools:
     python: "mambaforge-4.10"
 
+sphinx:
+  configuration: docs/conf.py
+
 conda:
   environment: docs/environment.yml

CHANGES.rst

@@ -1,6 +1,14 @@
 Changelog
 =========
 
+Version 8.3.1
+~~~~~~~~~~~~~
+
+Bug fix release:
+
+All changes:
+https://github.com/Open-MSS/MSS/milestone/99?closed=1
+
 Version 8.3.0
 ~~~~~~~~~~~~~
 

NOTICE

@@ -130,3 +130,14 @@ License: https://github.com/PaulSchweizer/qt-json-view/blob/master/LICENSE (MIT
 
 Package for working with JSON files in PyQt5.
 Obtained from Github (https://github.com/PaulSchweizer/qt-json-view), on 23/7/2021.
+
+Identity Provider
+-----------------
+
+We utilize example files from the pysaml2 library to set up the configuration for our local Identity Provider (IdP).
+Obtained from GitHub (https://github.com/IdentityPython/pysaml2/tree/master/example/idp2) on 13/07/2023
+
+Copyright: 2018 Roland Hedberg
+
+License: https://github.com/IdentityPython/pysaml2/blob/master/LICENSE (Apache License 2.0)
+Further Information: https://pysaml2.readthedocs.io/en/

conftest.py

@@ -182,6 +182,9 @@ def pytest_generate_tests(metafunc):
 </FlightTrack>
 """
 enable_basic_http_authentication = False
+
+# enable login by identity provider
+USE_SAML2 = False
 '''
     ROOT_FS = fs.open_fs(constants.ROOT_DIR)
     if not ROOT_FS.exists('mscolab'):
@@ -243,7 +246,6 @@ def fail_if_open_message_boxes_left():
         except RuntimeError:
             pass
 
-
 @pytest.fixture(scope="session", autouse=True)
 def configure_testsetup(request):
     if Display is not None:

docs/components.rst

@@ -10,5 +10,6 @@ Components
    mscolab
    gentutorials
    mssautoplot
-
-
+   conf_auth_client_sp_idp
+   conf_sso_test_msscolab
+   sso_via_saml_mscolab

docs/conf.py

@@ -119,7 +119,7 @@ def get_tutorial_images():
 # Add any Sphinx extension module names here, as strings. They can be
 # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
 # ones.
-extensions = []
+extensions = ['sphinx_rtd_theme']
 
 # Add any paths that contain templates here, relative to this directory.
 templates_path = ['_templates']
@@ -217,23 +217,19 @@ def get_tutorial_images():
 
 # The theme to use for HTML and HTML Help pages.  See the documentation for
 # a list of builtin themes.
-#html_theme = 'sphinx_rtd_theme'
+html_theme = 'sphinx_rtd_theme'
 
 if not on_rtd:  # only import and set the theme if we're building docs locally
     import sphinx_rtd_theme
-    html_theme = 'sphinx_rtd_theme'
     html_theme_path = [sphinx_rtd_theme.get_html_theme_path()]
     html_style = 'css/mss.css'
 else:
+    htmls_static_path = ['_static']
+    html_css_files = ['mss.css']
     html_context = {
         'display_github': False, # Add 'Edit on Bitbucket' link instead of 'View page source'
         'last_updated': True,
         'commit': False,
-        'css_files': [
-            'https://media.readthedocs.org/css/sphinx_rtd_theme.css',
-            'https://media.readthedocs.org/css/readthedocs-doc-embed.css',
-            '_static/css/mss.css',
-        ],
     }
 
 # Theme options are theme-specific and customize the look and feel of a theme

docs/conf_sso_test_msscolab.rst

@@ -0,0 +1,117 @@
+Configuration MSS Colab Server with Testing IdP for SSO
+=======================================================
+Testing IDP (`mslib/msidp`) is specifically designed for testing the Single Sign-On (SSO) process with the mscolab server using PySAML2.
+
+Here is documentation that explains the configuration of the MSS Colab Server with the testing IdP.
+
+Getting started
+---------------
+
+To set up a local identity provider with the mscolab server, you'll first need to generate the required keys and certificates for both the Identity Provider and the mscolab server. Follow these steps to configure the system:
+
+    1. Initial Steps
+    2. Generate Keys and Certificates
+    3. Enable USE_SAML2
+    4. Generate Metadata Files
+    5. Start the Identity Provider
+    6. Start the mscolab Server
+    7. Test the Single Sign-On (SSO) Process
+
+
+1. Initial Steps
+----------------
+Before getting started, you should correctly activate the environments, set the correct Python path as explained in the mss instructions : https://github.com/Open-MSS/MSS/tree/develop#readme
+
+
+
+2. Generate Keys, Certificates, and backend_saml files
+------------------------------------------------------
+
+This involves generating both `.key` files and `.crt` files for both the Identity provider and mscolab server and `backend_saml.yaml` file. 
+
+Before running the command make sure to set `USE_SAML2 = False` in your `mscolab_settings.py` file,  You can accomplish this by following these steps:
+
+- Add to the `PYTHONPATH` where your `mscolab_settings.py`.
+- Add `USE_SAML2 = False` in your `mscolab_settings.py` file.
+
+.. note::
+    If you set `USE_SAML2 = True` without keys and certificates, this will not execute. So, make sure to set `USE_SAML2 = False` before executing the command.
+
+If everything is correctly set, you can generate keys and certificates simply by running
+
+.. code:: text
+
+    $ mscolab sso_conf --init_sso_crts
+
+.. note::
+    This process generating keys and certificates for both Identity provider and mscolab server by default, If you need configure with different keys and certificates for the Identity provider, You should manually update the path of `SERVER_CERT` with the path of the generated .crt file for Identity provider, and `SERVER_KEY` with the path of the generated .key file for the Identity provider in the file `MSS/mslib/idp/idp_conf.py`.
+
+
+3. Enable USE_SAML2
+-------------------
+
+To enable SAML2-based login (identity provider-based login), 
+
+- To start the process update `USE_SAML2 = True` in your `mscolab_settings.py` file.
+
+.. note::
+    After enabling the `USE_SAML2` option, the subsequent step involves adding the `CONFIGURED_IDPS` dictionary for the MSS Colab Server. This dictionary must contain keys for each active Identity Provider, denoted by their `idp_identity_name`, along with their respective `idp_name`. Once this dictionary is configured, it should be utilized to update several aspects of the mscolab server, including the SAML2Client configuration in the .yml file. This ensures seamless integration with the enabled IDPs. By default, configuration has been set up for the localhost IDP, and any additional configurations required should be performed by the developer.
+
+4. Generate metadata files
+--------------------------
+
+This involves generating necessary metadata files for both the identity provider and the service provider. You can generate them by simply running the below command.
+
+.. note::
+    Before executing this, you should set `USE_SAML2=True` as described in the third step(Enable USE_SAML2).
+
+.. code:: text
+
+    $ mscolab sso_conf --init_sso_metadata
+
+
+5. Start Identity provider
+--------------------------
+
+Once you set certificates and metada files you can start mscolab server and local identity provider. To start local identity provider, simply execute:
+
+.. code:: text
+
+    $ msidp
+
+
+6. Start the mscolab Server
+---------------------------
+
+Before Starting the mscolab server, make sure to do necessary database migrations.
+
+When this is the first time you setup a mscolab server, you have to initialize the database by:
+
+.. code:: text
+
+    $ mscolab db --init
+
+.. note::
+   An existing database maybe needs a migration, have a look for this on our documentation.
+
+   https://mss.readthedocs.io/en/stable/mscolab.html#data-base-migration
+
+When migrations finished, you can start mscolab server  using the following command:
+
+.. code:: text
+
+    $ mscolab start
+
+
+7. Testing Single Sign-On (SSO) process
+---------------------------------------
+
+* Once you have successfully launched the server and identity provider, you can begin testing the Single Sign-On (SSO) process.
+* Start MSS PyQt application:
+
+.. code:: text
+
+    $ msui
+
+* Login with identity provider through Qt Client application.
+* To log in to the mscolab server through the identity provider, you can use the credentials specified in the ``PASSWD`` section of the ``MSS/mslib/msidp/idp.py`` file. Look for the relevant section in the file to find the necessary login credentials.

docs/publications.rst

@@ -24,9 +24,11 @@ Acknowledgement
 
 Please add the following acknowledgement and cite to your publications:
 
+
   The authors gratefully acknowledge the use of the MSS flight planning
-  software (Rautenhaus, 2012; MSS development was partially funded by
-  the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation)
-  project no. UN 311/3-1)“.
+  software (Bauer et al, 2022, Rautenhaus et al, 2012;
+  MSS development was partially funded by the Deutsche Forschungsgemeinschaft
+  (DFG, German Research Foundation) project no. UN 311/3-1
+  and project no. SPP 1294 423229456)
 
 Thank you very much.

docs/samples/config/mscolab/mscolab_settings.py.sample

@@ -85,8 +85,14 @@ STUB_CODE = """<?xml version="1.0" encoding="utf-8"?>
 </FlightTrack>
 """
 
+# enable login by identity provider
+USE_SAML2 = False
+
 # looks for a given category forn a operation ending with GROUP_POSTFIX
 # e.g. category = Tex will look for TexGroup
 # all users in that Group are set to the operations of that category
 # having the roles in the TexGroup
 GROUP_POSTFIX = "Group"
+
+# dir where mscolab single sign process files are stored
+MSCOLAB_SSO_DIR = os.path.join(DATA_DIR, 'datasso')

docs/samples/config/mscolab/mss_saml2_backend.yaml.sample

@@ -0,0 +1,116 @@
+name: Saml2
+config:
+  entityid_endpoint: true
+  mirror_force_authn: no
+  memorize_idp: no
+  use_memorized_idp_when_force_authn: no
+  send_requester_id: no
+  enable_metadata_reload: no
+
+  # SP Configuration for localhost_test_idp
+  localhost_test_idp:
+    name: "MSS Colab Server - Testing IDP(localhost)"
+    description: "MSS Collaboration Server with Testing IDP(localhost)"
+    key_file: path/to/key_sp.key # Will be set from the mscolab server
+    cert_file: path/to/crt_sp.crt # Will be set from the mscolab server
+    verify_ssl_cert: true # Specifies if the SSL certificates should be verified.
+    organization: {display_name: Open-MSS, name: Mission Support System, url: 'https://open-mss.github.io/about/'}
+    contact_person:
+    - {contact_type: technical, email_address: [email protected], given_name: Technical}
+    - {contact_type: support, email_address: [email protected], given_name: Support}
+
+    metadata:
+      local: [path/to/idp.xml] # Will be set from the mscolab server
+
+    entityid: http://localhost:5000/proxy_saml2_backend.xml
+    accepted_time_diff: 60
+    service:
+      sp:
+        ui_info:
+          display_name:
+            - lang: en
+              text: "Open MSS"
+          description:
+            - lang: en
+              text: "Mission Support System"
+          information_url:
+            - lang: en
+              text: "https://open-mss.github.io/about/"
+          privacy_statement_url:
+            - lang: en
+              text: "https://open-mss.github.io/about/"
+          keywords:
+            - lang: en
+              text: ["MSS"]
+            - lang: en
+              text: ["OpenMSS"]
+          logo:
+            text: "https://open-mss.github.io/assets/logo.png"
+            width: "100"
+            height: "100"
+        authn_requests_signed: true
+        want_response_signed: true
+        want_assertion_signed: true
+        allow_unknown_attributes: true
+        allow_unsolicited: true
+        endpoints:
+          assertion_consumer_service:
+            - [http://localhost:8083/localhost_test_idp/acs/post, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST']
+          discovery_response:
+          - [<base_url>/<name>/disco, 'urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol']
+        name_id_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
+        name_id_format_allow_create: true
+
+
+  # # SP Configuration for IDP 2
+  # sp_config_idp_2:
+  #   name: "MSS Colab Server - Testing IDP(localhost)"
+  #   description: "MSS Collaboration Server with Testing IDP(localhost)"
+  #   key_file: mslib/mscolab/app/key_sp.key
+  #   cert_file: mslib/mscolab/app/crt_sp.crt
+  #   organization: {display_name: Open-MSS, name: Mission Support System, url: 'https://open-mss.github.io/about/'}
+  #   contact_person:
+  #   - {contact_type: technical, email_address: [email protected], given_name: Technical}
+  #   - {contact_type: support, email_address: [email protected], given_name: Support}
+
+  #   metadata:
+  #     local: [mslib/mscolab/app/idp.xml]
+
+  #   entityid: http://localhost:5000/proxy_saml2_backend.xml
+  #   accepted_time_diff: 60
+  #   service:
+  #     sp:
+  #       ui_info:
+  #         display_name:
+  #           - lang: en
+  #             text: "Open MSS"
+  #         description:
+  #           - lang: en
+  #             text: "Mission Support System"
+  #         information_url:
+  #           - lang: en
+  #             text: "https://open-mss.github.io/about/"
+  #         privacy_statement_url:
+  #           - lang: en
+  #             text: "https://open-mss.github.io/about/"
+  #         keywords:
+  #           - lang: en
+  #             text: ["MSS"]
+  #           - lang: en
+  #             text: ["OpenMSS"]
+  #         logo:
+  #           text: "https://open-mss.github.io/assets/logo.png"
+  #           width: "100"
+  #           height: "100"
+  #       authn_requests_signed: true
+  #       want_response_signed: true
+  #       want_assertion_signed: true
+  #       allow_unknown_attributes: true
+  #       allow_unsolicited: true
+  #       endpoints:
+  #         assertion_consumer_service:
+  #           - [http://localhost:8083/idp2/acs/post, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST']
+  #         discovery_response:
+  #         - [<base_url>/<name>/disco, 'urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol']
+  #       name_id_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
+  #       name_id_format_allow_create: true