Add an example django project, one for django integrated, forms based authentication and one for ADFS integration

Author: jobec

Diff for: .gitignore

@@ -69,3 +69,6 @@ target/
 
 # Virtual env
 .venv/
+
+# Vagrant
+.vagrant/

Diff for: Vagrantfile

@@ -0,0 +1,103 @@
+Vagrant.configure("2") do |config|
+  config.vm.define "adfs2016", autostart: false do |adfs2016|
+
+    # adfs2016.vm.box = "adamrushuk/win2016-std-dev"
+    adfs2016.vm.box = "cdaf/WindowsServer"
+
+    adfs2016.vm.provider "virtualbox" do |v|
+      v.memory = 2048
+      v.gui = true
+      v.customize ["modifyvm", :id, "--clipboard", "bidirectional"]
+    end
+
+    # If you change this IP, also change the DNS server for the "web" VM.
+    adfs2016.vm.network "private_network", ip: "10.0.0.2"
+
+    # Some winrm hacking
+    # It prevents the connection with the VM from dropping
+    # after promoting it to a domain controller
+    adfs2016.winrm.timeout = 180
+    adfs2016.winrm.retry_limit = 20
+    adfs2016.winrm.retry_delay = 10
+    adfs2016.winrm.transport = :plaintext
+    adfs2016.winrm.basic_auth_only = true
+    adfs2016.winrm.username = "administrator"
+    adfs2016.winrm.password = "vagrant"
+
+    # Setup the domain controller
+    adfs2016.vm.provision "shell", privileged: true, path: "vagrant\\01-setup-domain.ps1"
+    adfs2016.vm.provision :reload
+    # Setup ADFS
+    adfs2016.vm.provision "shell", privileged: true, path: "vagrant\\02-setup-adfs.ps1"
+    adfs2016.vm.provision :reload
+    # Configure ADFS for use with the example project
+    adfs2016.vm.provision "shell", privileged: true, path: "vagrant\\03-example-adfs-config.ps1"
+  end
+
+  config.vm.define "adfs2012", autostart: false do |adfs2012|
+
+    # adfs2012.vm.box = "adamrushuk/win2012r2-std-wmf5-dev"
+    adfs2012.vm.box = "cdaf/WindowsServer2012R2"
+
+    adfs2012.vm.provider "virtualbox" do |v|
+      v.memory = 2048
+      v.gui = true
+      v.customize ["modifyvm", :id, "--clipboard", "bidirectional"]
+    end
+
+    # If you change this IP, also change the DNS server for the "web" VM.
+    adfs2012.vm.network "private_network", ip: "10.0.0.2"
+
+    # Some winrm hacking
+    # It prevents the connection with the VM from dropping
+    # after promoting it to a domain controller
+    adfs2012.winrm.timeout = 180
+    adfs2012.winrm.retry_limit = 20
+    adfs2012.winrm.retry_delay = 10
+    adfs2012.winrm.transport = :plaintext
+    adfs2012.winrm.basic_auth_only = true
+    adfs2012.winrm.username = "administrator"
+    adfs2012.winrm.password = "vagrant"
+
+    # Setup the domain controller
+    adfs2012.vm.provision "shell", privileged: true, path: "vagrant\\01-setup-domain.ps1"
+    adfs2012.vm.provision :reload
+    # Setup ADFS
+    adfs2012.vm.provision "shell", privileged: true, path: "vagrant\\02-setup-adfs.ps1"
+    adfs2012.vm.provision :reload
+    # Configure ADFS for use with the example project
+    adfs2012.vm.provision "shell", privileged: true, path: "vagrant\\03-example-adfs-config.ps1"
+  end
+
+  config.vm.define "web" do |web|
+    web.vm.hostname = "web"
+    web.vm.box = "bento/debian-9.4"
+
+    # If you change this IP, you also have to change it in the file 03-example-adfs-config.ps1
+    web.vm.network "private_network", ip: "10.0.0.10"
+
+    # Install all needed tools and migrate the 2 example django projects
+    web.vm.provision "shell", privileged: true, inline: <<-SHELL
+      set -x
+      apt-get update
+      apt-get install -y python3-pip
+      # Install django-auth-adfs in editable mode
+      pip3 install -e /vagrant
+      # run migrate command for both example projects
+      python3 /vagrant/example/adfs/manage.py makemigrations
+      python3 /vagrant/example/adfs/manage.py migrate
+      python3 /vagrant/example/formsbased/manage.py makemigrations
+      python3 /vagrant/example/formsbased/manage.py migrate
+    SHELL
+
+    # Point the DNS server to the domain controller
+    # It's ran every "up" because it's overwritten by DHCP
+    web.vm.provision "shell", privileged: true, run: 'always', inline: <<-SHELL
+      set -x
+      echo "domain example.com" > /etc/resolv.conf
+      echo "domain example.com" >> /etc/resolv.conf
+      echo "nameserver 10.0.0.2" >> /etc/resolv.conf
+    SHELL
+
+  end
+end

Diff for: example/adfs/manage.py

@@ -0,0 +1,15 @@
+#!/usr/bin/env python
+import os
+import sys
+
+if __name__ == "__main__":
+    os.environ.setdefault("DJANGO_SETTINGS_MODULE", "mysite.settings")
+    try:
+        from django.core.management import execute_from_command_line
+    except ImportError as exc:
+        raise ImportError(
+            "Couldn't import Django. Are you sure it's installed and "
+            "available on your PYTHONPATH environment variable? Did you "
+            "forget to activate a virtual environment?"
+        ) from exc
+    execute_from_command_line(sys.argv)

Diff for: example/adfs/mysite/__init__.py

@@ -0,0 +1,171 @@
+"""
+Django settings for mysite project.
+
+Generated by 'django-admin startproject' using Django 2.0.5.
+
+For more information on this file, see
+https://docs.djangoproject.com/en/2.0/topics/settings/
+
+For the full list of settings and their values, see
+https://docs.djangoproject.com/en/2.0/ref/settings/
+"""
+
+import os
+
+# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
+BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
+
+
+# Quick-start development settings - unsuitable for production
+# See https://docs.djangoproject.com/en/2.0/howto/deployment/checklist/
+
+# SECURITY WARNING: keep the secret key used in production secret!
+SECRET_KEY = '72zx9=7byz54=z-@oyuv^h)nse=qljty65zj$nj*$z42j353sa'
+
+# SECURITY WARNING: don't run with debug turned on in production!
+DEBUG = True
+
+ALLOWED_HOSTS = ['*']
+
+
+# Application definition
+
+INSTALLED_APPS = [
+    'django_auth_adfs',
+    'polls',
+    'django.contrib.admin',
+    'django.contrib.auth',
+    'django.contrib.contenttypes',
+    'django.contrib.sessions',
+    'django.contrib.messages',
+    'django.contrib.staticfiles',
+]
+
+MIDDLEWARE = [
+    'django.middleware.security.SecurityMiddleware',
+    'django.contrib.sessions.middleware.SessionMiddleware',
+    'django.middleware.common.CommonMiddleware',
+    'django.middleware.csrf.CsrfViewMiddleware',
+    'django.contrib.auth.middleware.AuthenticationMiddleware',
+    'django.contrib.messages.middleware.MessageMiddleware',
+    'django.middleware.clickjacking.XFrameOptionsMiddleware',
+]
+
+ROOT_URLCONF = 'mysite.urls'
+
+TEMPLATES = [
+    {
+        'BACKEND': 'django.template.backends.django.DjangoTemplates',
+        'DIRS': [os.path.join(BASE_DIR, 'templates')],
+        'APP_DIRS': True,
+        'OPTIONS': {
+            'context_processors': [
+                'django.template.context_processors.debug',
+                'django.template.context_processors.request',
+                'django.contrib.auth.context_processors.auth',
+                'django.contrib.messages.context_processors.messages',
+            ],
+        },
+    },
+]
+
+WSGI_APPLICATION = 'mysite.wsgi.application'
+
+
+# Database
+# https://docs.djangoproject.com/en/2.0/ref/settings/#databases
+
+DATABASES = {
+    'default': {
+        'ENGINE': 'django.db.backends.sqlite3',
+        'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
+    }
+}
+
+
+# Password validation
+# https://docs.djangoproject.com/en/2.0/ref/settings/#auth-password-validators
+
+AUTH_PASSWORD_VALIDATORS = [
+    {
+        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
+    },
+]
+
+AUTHENTICATION_BACKENDS = (
+    'django_auth_adfs.backend.AdfsBackend',
+)
+
+AUTH_ADFS = {
+    "SERVER": "adfs.example.com",
+    "CLIENT_ID": "django_website.adfs.client_id",
+    "RESOURCE": "django_website.adfs.relying_party_id",
+    # Make sure to read the documentation about the AUDIENCE setting
+    # when you configured the identifier as a URL!
+    "AUDIENCE": "microsoft:identityserver:django_website.adfs.relying_party_id",
+    "ISSUER": "http://adfs.example.com/adfs/services/trust",
+    "CA_BUNDLE": False,  # !!! DON'T DO THIS IN A PRODUCTION SETUP !!!
+    "CLAIM_MAPPING": {"first_name": "given_name",
+                      "last_name": "family_name",
+                      "email": "email"},
+    "BOOLEAN_CLAIM_MAPPING": {"is_staff": "is_staff"},
+    "REDIR_URI": "http://web.example.com:8000/oauth2/login",
+}
+
+# Internationalization
+# https://docs.djangoproject.com/en/2.0/topics/i18n/
+
+LANGUAGE_CODE = 'en-us'
+
+TIME_ZONE = 'UTC'
+
+USE_I18N = True
+
+USE_L10N = True
+
+USE_TZ = True
+
+
+# Static files (CSS, JavaScript, Images)
+# https://docs.djangoproject.com/en/2.0/howto/static-files/
+
+STATIC_URL = '/static/'
+STATIC_ROOT = os.path.join(BASE_DIR, "static")
+
+LOGIN_URL = "https://adfs.example.com/adfs/oauth2/authorize" \
+            "?response_type=code" \
+            "&client_id=django_website.adfs.client_id" \
+            "&resource=django_website.adfs.relying_party_id" \
+            "&redirect_uri=http://web.example.com:8000/oauth2/login"
+LOGIN_REDIRECT_URL = "home"
+
+LOGGING = {
+    'version': 1,
+    'disable_existing_loggers': False,
+    'formatters': {
+        'verbose': {
+            'format': '%(levelname)s %(asctime)s %(name)s %(message)s'
+        },
+    },
+    'handlers': {
+        'console': {
+            'class': 'logging.StreamHandler',
+            'formatter': 'verbose'
+        },
+    },
+    'loggers': {
+        'django_auth_adfs': {
+            'handlers': ['console'],
+            'level': 'DEBUG',
+        },
+    },
+}

Diff for: example/adfs/mysite/settings.py

@@ -0,0 +1,29 @@
+"""mysite URL Configuration
+
+The `urlpatterns` list routes URLs to views. For more information please see:
+    https://docs.djangoproject.com/en/2.0/topics/http/urls/
+Examples:
+Function views
+    1. Add an import:  from my_app import views
+    2. Add a URL to urlpatterns:  path('', views.home, name='home')
+Class-based views
+    1. Add an import:  from other_app.views import Home
+    2. Add a URL to urlpatterns:  path('', Home.as_view(), name='home')
+Including another URLconf
+    1. Import the include() function: from django.urls import include, path
+    2. Add a URL to urlpatterns:  path('blog/', include('blog.urls'))
+"""
+from django.conf import settings
+from django.conf.urls.static import static
+from django.contrib import admin
+from django.urls import include, path
+from django.views.generic.base import TemplateView
+
+urlpatterns = [
+    path('', TemplateView.as_view(template_name='home.html'), name='home'),
+    path('polls/', include('polls.urls')),
+    path('admin/', admin.site.urls, name='admin'),
+    path('oauth2/', include('django_auth_adfs.urls')),
+] + static(settings.STATIC_URL, document_root=settings.STATIC_ROOT)
+
+print(settings.STATIC_ROOT)

Diff for: example/adfs/mysite/urls.py

@@ -0,0 +1,16 @@
+"""
+WSGI config for mysite project.
+
+It exposes the WSGI callable as a module-level variable named ``application``.
+
+For more information on this file, see
+https://docs.djangoproject.com/en/2.0/howto/deployment/wsgi/
+"""
+
+import os
+
+from django.core.wsgi import get_wsgi_application
+
+os.environ.setdefault("DJANGO_SETTINGS_MODULE", "mysite.settings")
+
+application = get_wsgi_application()

Diff for: example/adfs/mysite/wsgi.py

@@ -0,0 +1,22 @@
+from django.contrib import admin
+
+from .models import Choice, Question
+
+
+class ChoiceInline(admin.TabularInline):
+    model = Choice
+    extra = 3
+
+
+class QuestionAdmin(admin.ModelAdmin):
+    fieldsets = [
+        (None,               {'fields': ['question_text']}),
+        ('Date information', {'fields': ['pub_date'], 'classes': ['collapse']}),
+    ]
+    inlines = [ChoiceInline]
+    list_display = ('question_text', 'pub_date', 'was_published_recently')
+    list_filter = ['pub_date']
+    search_fields = ['question_text']
+
+
+admin.site.register(Question, QuestionAdmin)

Diff for: example/adfs/polls/__init__.py

@@ -0,0 +1,5 @@
+from django.apps import AppConfig
+
+
+class PollsConfig(AppConfig):
+    name = 'polls'