rebase aplus 2406.4 again

Makefile

@@ -2,6 +2,7 @@ VIRTUAL_ENV ?= venv
 NODE_BIN = node_modules/.bin
 SOURCE_DIRS = adhocracy-plus apps tests
 ARGUMENTS=$(filter-out $(firstword $(MAKECMDGOALS)), $(MAKECMDGOALS))
+PORT = 8004
 
 # for mac os gsed is needed (brew install gnu-sed and brew install gsed)
 SED = sed
@@ -52,6 +53,8 @@ help:
 	@echo "  make celery-worker-start		-- starts the celery worker in the foreground"
 	@echo "  make celery-worker-status		-- lists all registered tasks and active worker nodes"
 	@echo "  make celery-worker-dummy-task	-- calls the dummy task and prints result from redis"
+	@echo "  make saml-install          	-- script to install local version of single sign-in in docker container"
+	@echo "  make saml-server          		-- script to run local version of single sign-in in docker container"
 	@echo
 
 .PHONY: install
@@ -76,13 +79,13 @@ fixtures:
 
 .PHONY: server
 server:
-	$(VIRTUAL_ENV)/bin/python manage.py runserver 8004
+	$(VIRTUAL_ENV)/bin/python manage.py runserver $(PORT)
 
 .PHONY: watch
 watch:
 	trap 'kill %1' KILL; \
 	npm run watch & \
-	$(VIRTUAL_ENV)/bin/python manage.py runserver 8004
+	$(VIRTUAL_ENV)/bin/python manage.py runserver $(PORT)
 
 .PHONY: background
 background:
@@ -232,3 +235,21 @@ celery-worker-status:
 .PHONY: celery-worker-dummy-task
 celery-worker-dummy-task:
 	$(VIRTUAL_ENV)/bin/celery --app adhocracy-plus call dummy_task | awk '{print "celery-task-meta-"$$0}' | xargs redis-cli get | python3 -m json.tool
+
+.PHONY: saml-install
+CERTS_DIR := ${CURDIR}/adhocracy-plus/config/settings/saml
+saml-install:
+	docker pull kristophjunge/test-saml-idp
+	openssl req -nodes -new -x509  -keyout ${CERTS_DIR}/private.key -out ${CERTS_DIR}/cert.pem -subj \
+	"/C=GB/ST=London/L=London/O=Global Security/OU=IT Department/CN=example.com"
+
+.PHONY: saml-server
+saml-server:
+	cp ${PWD}/scripts/saml2_authsources.php /tmp/saml2_authsources.php
+	chmod 755 /tmp/saml2_authsources.php
+	test ! -z "${LIQD_NO_SSO_LOGIN}" || docker run -p 8080:8080 -p 8443:8443 \
+	-e SIMPLESAMLPHP_SP_ENTITY_ID=http://app.example.com \
+	-e SIMPLESAMLPHP_SP_ASSERTION_CONSUMER_SERVICE=http://localhost:$(PORT)/saml2/acs/ \
+	-e SIMPLESAMLPHP_SP_SINGLE_LOGOUT_SERVICE=http://localhost:$(PORT)/saml2/ls/ \
+	-v /tmp/saml2_authsources.php:/var/www/simplesamlphp/config/authsources.php \
+	kristophjunge/test-saml-idp

README.md

@@ -2,8 +2,8 @@
 
 [adhocracy.plus](https://adhocracy.plus/) is a free Open-Source participation platform maintained and primarily developed by Liquid Democracy e.V.. It is based on [adhocracy 4](https://github.com/liqd/adhocracy4) and [Django](https://github.com/django/django).
 
-![Build Status](https://github.com/liqd/adhocracy-plus/actions/workflows/django.yml/badge.svg)
-[![Coverage Status](https://coveralls.io/repos/github/liqd/adhocracy-plus/badge.svg?branch=main)](https://coveralls.io/github/liqd/adhocracy-plus?branch=main)
+![Build Status](https://github.com/liqd/diid-adplus/actions/workflows/django.yml/badge.svg)
+[![Coverage Status](https://coveralls.io/repos/github/liqd/diid-adplus/badge.svg?branch=main)](https://coveralls.io/github/liqd/diid-adplus?branch=main)
 
 ## Getting started
 
@@ -21,8 +21,8 @@ adhocracy+ is designed to make online participation easy and accessible to every
 
 ### Installation
 
-    git clone https://github.com/liqd/adhocracy-plus.git
-    cd adhocracy-plus
+    git clone https://gitlab.cs.uni-duesseldorf.de/diid/diid_adplus.git
+    cd diid_adplus
     make install
     make fixtures
 

adhocracy-plus/assets/scss/_utility.scss

@@ -1,3 +1,8 @@
+.u-hhu {
+    color: $brand-primary;
+    font-weight: bold;
+}
+
 .u-overlap-top {
     margin-top: (-1.5 * $padding);
 }
@@ -112,7 +117,7 @@
 }
 
 .u-page-ribbon {
-    background: linear-gradient(to right, $brand-primary, $brand-primary 33%, $brand-secondary 66%, $brand-secondary);
+    background: $brand-primary;
     height: 0.5em;
 }
 

adhocracy-plus/assets/scss/_variables.scss

@@ -1,15 +1,16 @@
 // subset of bootstrap variables
-$brand-primary: #2d40cc; // ultramarine
+$brand-primary: #006ab3 !default; // dark blue
 
-$brand-secondary: #90efe4 !default; // terquoise
+$brand-secondary: #d9e9f4 !default; // greeny blue
+$brand-secondary-dark: #57bab1 !default; // same as above
 
-$brand-tertiary: #008dc5 !default; // prussian blue
+$brand-tertiary: #73add5 !default; // lighter blue
 
 /* Don't use variables but hex-values here as they should not be overwritten on organisation pages */
-$brand-success: #a3ef90 !default;
+$brand-success: #d7e4ac !default;
 $brand-info: $brand-primary !default; // $brand-primary from platform.scss
-$brand-warning: #ffc107 !default;
-$brand-danger: #a72b1e !default;
+$brand-warning: #f9d2a6 !default;
+$brand-danger: #e9aab3 !default;
 
 $primary:       $brand-primary !default;
 $secondary:     $brand-secondary !default;
@@ -42,10 +43,11 @@ $print-link: #005cb4 !default;
 
 $brand-primary-tint: lighten($brand-primary, 47%) !default;
 $brand-secondary-tint: lighten($brand-secondary, 20%) !default;
-$brand-tertiary-tint: lighten($brand-tertiary, 55%) !default;
+$brand-tertiary-tint: lighten($brand-tertiary, 30%) !default;
 
-$bg-light: #f7f7f7;
-$bg-tertiary: $brand-tertiary-tint !default;
+$bg-tertiary: #d9e9f4 !default;
+$bg-secondary: #c1d9e1 !default;
+$bg-light: #fbfbfb;
 
 $demi-bold: 600;
 $headings-font-weight: $demi-bold !default;

adhocracy-plus/assets/scss/components/_alerts.scss

@@ -13,26 +13,26 @@ $messages-margin-bottom: 25px;
 .alert {
     margin: 0;
     padding: (1.2 * $padding) $padding;
-    background-color: $brand-primary-tint;
+    background-color: lighten($brand-info, 30%);
     color: $text-color;
     text-align: center;
     border-radius: 0;
     flex: 1 1 auto;
 }
 
 .alert--success {
-    background-color: lighten($brand-success, 15);
+    background-color: $brand-success;
     color: $text-color;
 }
 
 .alert--error,
 .alert--danger {
-    background-color: lighten($brand-danger, 50);
+    background-color: $brand-danger;
     color: $text-color;
 }
 
 .alert--warning {
-    background-color: lighten($brand-warning, 30);
+    background-color: $brand-warning;
     color: $text-color;
 }
 

adhocracy-plus/assets/scss/components/_button.scss

@@ -64,7 +64,7 @@
 }
 
 .btn.btn--light {
-    @include button($brand-tertiary, $text-color, $text-color, 57%);
+    @include button($brand-tertiary, $text-color, $text-color, 30%);
 }
 
 .btn.btn--primary {
@@ -78,7 +78,7 @@
 }
 
 .btn.btn--secondary-filled {
-    @include button-bg($brand-secondary, $brand-secondary, $print-black, 10%);
+    @include button-bg($brand-secondary, $brand-secondary, $print-black, 3%);
 }
 
 .btn.btn--bg-tertiary {

adhocracy-plus/assets/scss/components/_header_upper.scss

@@ -59,6 +59,6 @@
 
 @media screen and (min-width: $breakpoint) {
     .header-upper__brand-img {
-        height: 2.5rem;
+        height: 3.5rem;
     }
 }

adhocracy-plus/assets/scss/components/_list_item.scss

@@ -129,6 +129,6 @@
 
 .list-item__cta {
     text-transform: uppercase;
-    color: $brand-info;
+    color: $brand-primary;
     box-shadow: none;
 }

adhocracy-plus/assets/scss/components/_poll.scss

@@ -84,7 +84,7 @@ $checkbox-size: 20px;
 }
 
 .poll-row__bar {
-    background-color: $brand-primary-tint;
+    background-color: $brand-tertiary-tint;
     position: absolute;
     top: 0;
     bottom: 0;
@@ -102,7 +102,7 @@ $checkbox-size: 20px;
 }
 
 .poll__highlight {
-    background-color: $brand-tertiary-tint;
+    background-color: $brand-primary-tint;
 }
 
 .poll__btn--wrapper {

adhocracy-plus/config/settings/base.py

@@ -29,6 +29,8 @@
     "django.contrib.messages",
     "django.contrib.staticfiles",
     "django.contrib.humanize",
+    "apps.djangosaml2_overwrites",
+    "djangosaml2",
     "django_ckeditor_5",
     "widget_tweaks",
     "rest_framework",
@@ -40,6 +42,7 @@
     "rules.apps.AutodiscoverRulesConfig",
     "easy_thumbnails",
     "parler",
+
     # Wagtail cms components
     "wagtail.contrib.forms",
     "wagtail.contrib.redirects",
@@ -126,19 +129,21 @@
     "apps.users.middleware.SetUserLanguageCookieMiddleware",
     "django.middleware.locale.LocaleMiddleware",
     "django.middleware.common.CommonMiddleware",
+    "djangosaml2.middleware.SamlSessionMiddleware",
     "django.contrib.auth.middleware.AuthenticationMiddleware",
     "django.contrib.messages.middleware.MessageMiddleware",
     "wagtail.contrib.redirects.middleware.RedirectMiddleware",
     "allauth.account.middleware.AccountMiddleware",
+    "apps.djangosaml2_overwrites.middlewares.SamlSignupMiddleware",
 )
 
 ROOT_URLCONF = "adhocracy-plus.config.urls"
 
 LOCALE_PATHS = [
     # use the first line in branches and forks to keep the original translations
     # from main branch and overwrite or add extra translations in fork
-    # os.path.join(BASE_DIR, 'locale-fork/locale'),
-    os.path.join(BASE_DIR, "locale-source/locale")
+    os.path.join(BASE_DIR, "locale-fork/locale"),
+    os.path.join(BASE_DIR, "locale-source/locale"),
 ]
 
 TEMPLATES = [
@@ -273,6 +278,7 @@
     "rules.permissions.ObjectPermissionBackend",
     "django.contrib.auth.backends.ModelBackend",
     "allauth.account.auth_backends.AuthenticationBackend",
+    "djangosaml2.backends.Saml2Backend",
 )
 
 ACCOUNT_ADAPTER = "apps.users.adapters.AccountAdapter"
@@ -684,3 +690,4 @@
         },
     },
 }
+USER_REGISTRATION = False

adhocracy-plus/config/settings/dev.py

@@ -40,6 +40,51 @@
 
 CELERY_TASK_ALWAYS_EAGER = True
 
+# DIID specific test saml2 config
+from os import path
+
+import saml2
+import saml2.saml
+
+BASEDIR = path.dirname(path.abspath(__file__))
+
+SAML_CONFIG = {
+  'entityid': 'http://app.example.com',
+  'allow_unknown_attributes': True,
+  'attribute_map_dir': path.join(BASEDIR, 'saml', 'attribute-maps'),
+  'service': {
+    'sp': {
+      'name': 'Federated Django sample SP',
+      'name_id_format': saml2.saml.NAMEID_FORMAT_PERSISTENT,
+      'endpoints': {
+        'single_logout_service': [
+          ('http://localhost:8004/saml2/ls/', saml2.BINDING_HTTP_REDIRECT),
+          ('http://localhost:8004/saml2/ls/post', saml2.BINDING_HTTP_POST),
+        ],
+        'assertion_consumer_service': [
+          ('http://localhost:8004/saml2/acs/', saml2.BINDING_HTTP_POST),
+        ],
+      },
+      'required_attributes': ['mail'],
+    },
+  },
+  'metadata': {
+    'remote': [{"url": "http://localhost:8080/simplesaml/saml2/idp/metadata.php"},],
+  },
+  'key_file': path.join(BASEDIR, 'saml', 'private.key'),
+  'cert_file': path.join(BASEDIR, 'saml', 'cert.pem'),
+  'encryption_keypairs': [{
+    'key_file': path.join(BASEDIR, 'saml', 'private.key'),
+    'cert_file': path.join(BASEDIR, 'saml', 'cert.pem'),
+  }],
+  'debug': 1,
+}
+SAML_DJANGO_USER_MAIN_ATTRIBUTE = 'email'
+SAML_LOGOUT_REQUEST_PREFERRED_BINDING = saml2.BINDING_HTTP_REDIRECT
+SAML_ATTRIBUTE_MAPPING = {
+    'mail': ['email', 'set_username_from_email'],
+}
+
 # The local.py import happens at the end of this file so that it can overwrite
 # any defaults in dev.py.
 # Special cases are: