merge of Gsoc2023 nilupul manodya

.gitignore

@@ -24,4 +24,5 @@ build/
 mss.egg-info/
 tutorials/recordings
 tutorials/cursor_image.png
-
+__pycache__/
+instance/

NOTICE

@@ -130,3 +130,14 @@ License: https://github.com/PaulSchweizer/qt-json-view/blob/master/LICENSE (MIT
 
 Package for working with JSON files in PyQt5.
 Obtained from Github (https://github.com/PaulSchweizer/qt-json-view), on 23/7/2021.
+
+Identity Provider
+-----------------
+
+We utilize example files from the pysaml2 library to set up the configuration for our local Identity Provider (IdP).
+Obtained from GitHub (https://github.com/IdentityPython/pysaml2/tree/master/example/idp2) on 13/07/2023
+
+Copyright: 2018 Roland Hedberg
+
+License: https://github.com/IdentityPython/pysaml2/blob/master/LICENSE (Apache License 2.0)
+Further Information: https://pysaml2.readthedocs.io/en/

conftest.py

@@ -182,6 +182,9 @@ def pytest_generate_tests(metafunc):
 </FlightTrack>
 """
 enable_basic_http_authentication = False
+
+# enable login by identity provider
+USE_SAML2 = False
 '''
     ROOT_FS = fs.open_fs(constants.ROOT_DIR)
     if not ROOT_FS.exists('mscolab'):

docs/components.rst

@@ -10,5 +10,6 @@ Components
    mscolab
    gentutorials
    mssautoplot
-
-
+   conf_auth_client_sp_idp
+   conf_sso_test_msscolab
+   sso_via_saml_mscolab

docs/conf_sso_test_msscolab.rst

@@ -0,0 +1,117 @@
+Configuration MSS Colab Server with Testing IdP for SSO
+=======================================================
+Testing IDP (`mslib/msidp`) is specifically designed for testing the Single Sign-On (SSO) process with the mscolab server using PySAML2.
+
+Here is documentation that explains the configuration of the MSS Colab Server with the testing IdP.
+
+Getting started
+---------------
+
+To set up a local identity provider with the mscolab server, you'll first need to generate the required keys and certificates for both the Identity Provider and the mscolab server. Follow these steps to configure the system:
+
+    1. Initial Steps
+    2. Generate Keys and Certificates
+    3. Enable USE_SAML2
+    4. Generate Metadata Files
+    5. Start the Identity Provider
+    6. Start the mscolab Server
+    7. Test the Single Sign-On (SSO) Process
+
+
+1. Initial Steps
+----------------
+Before getting started, you should correctly activate the environments, set the correct Python path as explained in the mss instructions : https://github.com/Open-MSS/MSS/tree/develop#readme
+
+
+
+2. Generate Keys, Certificates, and backend_saml files
+------------------------------------------------------
+
+This involves generating both `.key` files and `.crt` files for both the Identity provider and mscolab server and `backend_saml.yaml` file. 
+
+Before running the command make sure to set `USE_SAML2 = False` in your `mscolab_settings.py` file,  You can accomplish this by following these steps:
+
+- Add to the `PYTHONPATH` where your `mscolab_settings.py`.
+- Add `USE_SAML2 = False` in your `mscolab_settings.py` file.
+
+.. note::
+    If you set `USE_SAML2 = True` without keys and certificates, this will not execute. So, make sure to set `USE_SAML2 = False` before executing the command.
+
+If everything is correctly set, you can generate keys and certificates simply by running
+
+.. code:: text
+
+    $ mscolab sso_conf --init_sso_crts
+
+.. note::
+    This process generating keys and certificates for both Identity provider and mscolab server by default, If you need configure with different keys and certificates for the Identity provider, You should manually update the path of `SERVER_CERT` with the path of the generated .crt file for Identity provider, and `SERVER_KEY` with the path of the generated .key file for the Identity provider in the file `MSS/mslib/idp/idp_conf.py`.
+
+
+3. Enable USE_SAML2
+-------------------
+
+To enable SAML2-based login (identity provider-based login), 
+
+- To start the process update `USE_SAML2 = True` in your `mscolab_settings.py` file.
+
+.. note::
+    After enabling the `USE_SAML2` option, the subsequent step involves adding the `CONFIGURED_IDPS` dictionary for the MSS Colab Server. This dictionary must contain keys for each active Identity Provider, denoted by their `idp_identity_name`, along with their respective `idp_name`. Once this dictionary is configured, it should be utilized to update several aspects of the mscolab server, including the SAML2Client configuration in the .yml file. This ensures seamless integration with the enabled IDPs. By default, configuration has been set up for the localhost IDP, and any additional configurations required should be performed by the developer.
+
+4. Generate metadata files
+--------------------------
+
+This involves generating necessary metadata files for both the identity provider and the service provider. You can generate them by simply running the below command.
+
+.. note::
+    Before executing this, you should set `USE_SAML2=True` as described in the third step(Enable USE_SAML2).
+
+.. code:: text
+
+    $ mscolab sso_conf --init_sso_metadata
+
+
+5. Start Identity provider
+--------------------------
+
+Once you set certificates and metada files you can start mscolab server and local identity provider. To start local identity provider, simply execute:
+
+.. code:: text
+
+    $ msidp
+
+
+6. Start the mscolab Server
+---------------------------
+
+Before Starting the mscolab server, make sure to do necessary database migrations.
+
+When this is the first time you setup a mscolab server, you have to initialize the database by:
+
+.. code:: text
+
+    $ mscolab db --init
+
+.. note::
+   An existing database maybe needs a migration, have a look for this on our documentation.
+
+   https://mss.readthedocs.io/en/stable/mscolab.html#data-base-migration
+
+When migrations finished, you can start mscolab server  using the following command:
+
+.. code:: text
+
+    $ mscolab start
+
+
+7. Testing Single Sign-On (SSO) process
+---------------------------------------
+
+* Once you have successfully launched the server and identity provider, you can begin testing the Single Sign-On (SSO) process.
+* Start MSS PyQt application:
+
+.. code:: text
+
+    $ msui
+
+* Login with identity provider through Qt Client application.
+* To log in to the mscolab server through the identity provider, you can use the credentials specified in the ``PASSWD`` section of the ``MSS/mslib/msidp/idp.py`` file. Look for the relevant section in the file to find the necessary login credentials.

docs/samples/config/mscolab/mscolab_settings.py.sample

@@ -85,8 +85,14 @@ STUB_CODE = """<?xml version="1.0" encoding="utf-8"?>
 </FlightTrack>
 """
 
+# enable login by identity provider
+USE_SAML2 = False
+
 # looks for a given category forn a operation ending with GROUP_POSTFIX
 # e.g. category = Tex will look for TexGroup
 # all users in that Group are set to the operations of that category
 # having the roles in the TexGroup
 GROUP_POSTFIX = "Group"
+
+# dir where mscolab single sign process files are stored
+MSCOLAB_SSO_DIR = os.path.join(DATA_DIR, 'datasso')

docs/samples/config/mscolab/mss_saml2_backend.yaml.samlple

@@ -0,0 +1,116 @@
+name: Saml2
+config:
+  entityid_endpoint: true
+  mirror_force_authn: no
+  memorize_idp: no
+  use_memorized_idp_when_force_authn: no
+  send_requester_id: no
+  enable_metadata_reload: no
+
+  # SP Configuration for localhost_test_idp
+  localhost_test_idp:
+    name: "MSS Colab Server - Testing IDP(localhost)"
+    description: "MSS Collaboration Server with Testing IDP(localhost)"
+    key_file: path/to/key_sp.key # Will be set from the mscolab server
+    cert_file: path/to/crt_sp.crt # Will be set from the mscolab server
+    verify_ssl_cert: true # Specifies if the SSL certificates should be verified.
+    organization: {display_name: Open-MSS, name: Mission Support System, url: 'https://open-mss.github.io/about/'}
+    contact_person:
+    - {contact_type: technical, email_address: [email protected], given_name: Technical}
+    - {contact_type: support, email_address: [email protected], given_name: Support}
+
+    metadata:
+      local: [path/to/idp.xml] # Will be set from the mscolab server
+
+    entityid: http://localhost:5000/proxy_saml2_backend.xml
+    accepted_time_diff: 60
+    service:
+      sp:
+        ui_info:
+          display_name:
+            - lang: en
+              text: "Open MSS"
+          description:
+            - lang: en
+              text: "Mission Support System"
+          information_url:
+            - lang: en
+              text: "https://open-mss.github.io/about/"
+          privacy_statement_url:
+            - lang: en
+              text: "https://open-mss.github.io/about/"
+          keywords:
+            - lang: en
+              text: ["MSS"]
+            - lang: en
+              text: ["OpenMSS"]
+          logo:
+            text: "https://open-mss.github.io/assets/logo.png"
+            width: "100"
+            height: "100"
+        authn_requests_signed: true
+        want_response_signed: true
+        want_assertion_signed: true
+        allow_unknown_attributes: true
+        allow_unsolicited: true
+        endpoints:
+          assertion_consumer_service:
+            - [http://localhost:8083/localhost_test_idp/acs/post, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST']
+          discovery_response:
+          - [<base_url>/<name>/disco, 'urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol']
+        name_id_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
+        name_id_format_allow_create: true
+
+
+  # # SP Configuration for IDP 2
+  # sp_config_idp_2:
+  #   name: "MSS Colab Server - Testing IDP(localhost)"
+  #   description: "MSS Collaboration Server with Testing IDP(localhost)"
+  #   key_file: mslib/mscolab/app/key_sp.key
+  #   cert_file: mslib/mscolab/app/crt_sp.crt
+  #   organization: {display_name: Open-MSS, name: Mission Support System, url: 'https://open-mss.github.io/about/'}
+  #   contact_person:
+  #   - {contact_type: technical, email_address: [email protected], given_name: Technical}
+  #   - {contact_type: support, email_address: [email protected], given_name: Support}
+
+  #   metadata:
+  #     local: [mslib/mscolab/app/idp.xml]
+
+  #   entityid: http://localhost:5000/proxy_saml2_backend.xml
+  #   accepted_time_diff: 60
+  #   service:
+  #     sp:
+  #       ui_info:
+  #         display_name:
+  #           - lang: en
+  #             text: "Open MSS"
+  #         description:
+  #           - lang: en
+  #             text: "Mission Support System"
+  #         information_url:
+  #           - lang: en
+  #             text: "https://open-mss.github.io/about/"
+  #         privacy_statement_url:
+  #           - lang: en
+  #             text: "https://open-mss.github.io/about/"
+  #         keywords:
+  #           - lang: en
+  #             text: ["MSS"]
+  #           - lang: en
+  #             text: ["OpenMSS"]
+  #         logo:
+  #           text: "https://open-mss.github.io/assets/logo.png"
+  #           width: "100"
+  #           height: "100"
+  #       authn_requests_signed: true
+  #       want_response_signed: true
+  #       want_assertion_signed: true
+  #       allow_unknown_attributes: true
+  #       allow_unsolicited: true
+  #       endpoints:
+  #         assertion_consumer_service:
+  #           - [http://localhost:8083/idp2/acs/post, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST']
+  #         discovery_response:
+  #         - [<base_url>/<name>/disco, 'urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol']
+  #       name_id_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
+  #       name_id_format_allow_create: true

docs/samples/config/mscolab/setup_saml2_backend.py.sample

@@ -0,0 +1,68 @@
+import os
+import sys
+import warnings
+import yaml
+from saml2 import SAMLError
+from saml2.client import Saml2Client
+from saml2.config import SPConfig
+from urllib.parse import urlparse
+
+
+class setup_saml2_backend:
+    from mslib.mscolab.conf import mscolab_settings
+
+    CONFIGURED_IDPS = [
+        # configure your idps here
+        {
+            'idp_identity_name': 'localhost_test_idp',  #  make sure to use underscore for the blanks
+            'idp_data': {
+                'idp_name': 'Testing Identity Provider',  # this name is used on the Login page to connect to the Provider.
+            }
+        },
+
+    ]
+
+    if os.path.exists(f"{mscolab_settings.MSCOLAB_SSO_DIR}/mss_saml2_backend.yaml"):
+        with open(f"{mscolab_settings.MSCOLAB_SSO_DIR}/mss_saml2_backend.yaml", encoding="utf-8") as fobj:
+            yaml_data = yaml.safe_load(fobj)
+        # go through configured IDPs and set conf file paths for particular files
+        for configured_idp in CONFIGURED_IDPS:
+            # set CRTs and metadata paths for the localhost_test_idp
+            if 'localhost_test_idp' == configured_idp['idp_identity_name']:
+                yaml_data["config"]["localhost_test_idp"]["key_file"] = \
+                    f'{mscolab_settings.MSCOLAB_SSO_DIR}/key_mscolab.key'  # set path to your mscolab key file
+                yaml_data["config"]["localhost_test_idp"]["cert_file"] = \
+                    f'{mscolab_settings.MSCOLAB_SSO_DIR}/crt_mscolab.crt'  # set path to your mscolab certiticate file
+                yaml_data["config"]["localhost_test_idp"]["metadata"]["local"][0] = \
+                    f'{mscolab_settings.MSCOLAB_SSO_DIR}/idp.xml'  # set path to your idp metadata xml file
+
+                # configuration localhost_test_idp Saml2Client
+                try:
+                    if not os.path.exists(yaml_data["config"]["localhost_test_idp"]["metadata"]["local"][0]):
+                        yaml_data["config"]["localhost_test_idp"]["metadata"]["local"] = []
+                        warnings.warn("idp.xml file does not exists !\
+                                        Ignore this warning when you initializeing metadata.")
+
+                    localhost_test_idp = SPConfig().load(yaml_data["config"]["localhost_test_idp"])
+                    sp_localhost_test_idp = Saml2Client(localhost_test_idp)
+
+                    configured_idp['idp_data']['saml2client'] = sp_localhost_test_idp
+                    for url_pair in (yaml_data["config"]["localhost_test_idp"]
+                                     ["service"]["sp"]["endpoints"]["assertion_consumer_service"]):
+                        saml_url, binding = url_pair
+                        path = urlparse(saml_url).path
+                        configured_idp['idp_data']['assertion_consumer_endpoints'] = \
+                            configured_idp['idp_data'].get('assertion_consumer_endpoints', []) + [path]
+
+                except SAMLError:
+                    warnings.warn("Invalid Saml2Client Config with localhost_test_idp ! Please configure with\
+                                    valid CRTs metadata and try again.")
+                    sys.exit()
+
+                # if multiple IdPs exists, development should need to implement accordingly below
+                """
+                    if 'idp_2'== configured_idp['idp_identity_name']:
+                        # rest of code
+                        # set CRTs and metadata paths for the idp_2
+                        # configuration idp_2 Saml2Client
+                """