Functional tests implementation for mscolab.py file

.gitignore

@@ -24,4 +24,5 @@ build/
 mss.egg-info/
 tutorials/recordings
 tutorials/cursor_image.png
-
+__pycache__/
+instance/

NOTICE

@@ -130,3 +130,14 @@ License: https://github.com/PaulSchweizer/qt-json-view/blob/master/LICENSE (MIT
 
 Package for working with JSON files in PyQt5.
 Obtained from Github (https://github.com/PaulSchweizer/qt-json-view), on 23/7/2021.
+
+Identity Provider
+-----------------
+
+We utilize example files from the pysaml2 library to set up the configuration for our local Identity Provider (IdP).
+Obtained from GitHub (https://github.com/IdentityPython/pysaml2/tree/master/example/idp2) on 13/07/2023
+
+Copyright: 2018 Roland Hedberg
+
+License: https://github.com/IdentityPython/pysaml2/blob/master/LICENSE (Apache License 2.0)
+Further Information: https://pysaml2.readthedocs.io/en/

conftest.py

@@ -29,7 +29,6 @@
 import os
 import sys
 import mock
-import warnings
 from PyQt5 import QtWidgets
 # Disable pyc files
 sys.dont_write_bytecode = True
@@ -125,6 +124,8 @@ def pytest_generate_tests(metafunc):
 # mscolab data directory
 MSCOLAB_DATA_DIR = fs.path.join(DATA_DIR, 'filedata')
 
+
+
 # In the unit days when Operations get archived because not used 
 ARCHIVE_THRESHOLD = 30
 
@@ -182,6 +183,9 @@ def pytest_generate_tests(metafunc):
 </FlightTrack>
 """
 enable_basic_http_authentication = False
+
+# enable login by identity provider
+USE_SAML2 = False
 '''
     ROOT_FS = fs.open_fs(constants.ROOT_DIR)
     if not ROOT_FS.exists('mscolab'):
@@ -234,7 +238,6 @@ def fail_if_open_message_boxes_left():
                                  for box in [q, i, c, w] if box.call_count > 0])
             pytest.fail(f"An unhandled message box popped up during your test!\n{summary}")
 
-
     # Try to close all remaining widgets after each test
     for qobject in set(QtWidgets.QApplication.topLevelWindows() + QtWidgets.QApplication.topLevelWidgets()):
         try:

docs/components.rst

@@ -10,5 +10,5 @@ Components
    mscolab
    gentutorials
    mssautoplot
-
-
+   conf_auth_client_sp_idp
+   conf_sso_test_msscolab

docs/conf_auth_client_sp_idp.rst

@@ -0,0 +1,87 @@
+Identity Provider and Testing Service Provider for testing the SSO process
+==========================================================================
+Both ``auth_client_sp`` and ``idp`` are designed specifically for testing the Single Sign-On (SSO) process using PySAML2. These folders encompass both the Identity Provider (IdP) and Service Provider (SP) implementations, which are utilized on a local server.
+
+The Identity Provider was set up following the official documentation of https://pysaml2.readthedocs.io/en/latest/, along with examples provided in the repository. Metadata YAML files will generate using the built-in tools of PySAML2. Actual key and certificate files can be used in when actual implementation. Please note that this both identity provider(IDP) and service provider(SP) is intended for testing purposes only.
+
+Getting started
+---------------
+
+TLS Setup
+---------
+
+**Setting Up Certificates for Local Development**
+
+
+To set up the certificates for local development, follow these steps:
+
+1. Generate a primary key `(.key)` and a certificate `(.crt)` files using any certificate authority tool. You will need one for the service provider and another one for the identity provider. Make sure to name certificate of identity provider as `crt_idp.crt` and key as `key_idp.key`. Also name the certificate of service provider as `crt_sp.crt` and key as the `key_sp.key`.
+
+    Here's how you can generate self-signed certificates and private keys using OpenSSL:
+
+    * Generate a self-signed certificate and private key for the Service Provider (SP)
+
+        ``openssl req -newkey rsa:4096 -keyout key_sp.key -nodes -x509 -days 365 -out crt_sp.crt``
+
+    * Generate a self-signed certificate and private key for the Identity Provider (IdP)
+
+        ``openssl req -newkey rsa:4096 -keyout key_idp.key -nodes -x509 -days 365 -out crt_idp.crt``
+
+2. Copy and paste the certificate and private key into the following file directories:
+
+    - Key and certificate of Service Provider: ``MSS/mslib/auth_client_sp/``
+
+    - key and certificate of Identity Provider:
+        Since mscolab server's path was set as the default path for the key and certificate, you should manually update the path of `SERVER_CERT` with the path of the generated `.crt` file for IDP, and `SERVER_KEY` with the path of the generated `.key` file for the IDP in the file `MSS/mslib/idp/idp_conf.py`
+
+
+    Make sure to insert the key along with its corresponding certificate.
+
+Configuring the Service Provider and Identity Provider
+------------------------------------------------------
+
+First, generate the metadata file (https://pysaml2.readthedocs.io/en/latest/howto/config.html#metadata) for the service provider. To do that, start the Flask application and download the metadata file by following these steps:
+
+1. Navigate to the home directory, ``/MSS/``.
+2. Start the Flask application by running ``$ python mslib/auth_client_sp/app/app.py`` The application will listen on port : 5000.
+3. Download the metadata file by executing the command: ``curl http://localhost:5000/metadata/ -o sp.xml``.
+4. Move generated ``sp.xml`` to dir ``MSS/mslib/idp/`` and update path of `["metadata"]["local"]` accordingly.
+
+After that, generate the idp.xml file, copy it over to the Service Provider (SP), and restart the SP Flask application:
+
+5. Go to the directory ``MSS/``.
+6. Run the command
+    ``$ make_metadata mslib/idp/idp_conf.py > mslib/auth_client_sp/idp.xml``
+
+    This executes the make_metadata tool from pysaml2, then saved XML content to the specified output file in the service provider dir: ``MSS/mslib/auth_client_sp/idp.xml``.
+
+Running the Application After Configuration
+-------------------------------------------
+
+Once you have successfully configured the Service Provider and the Identity Provider, you don't need to follow the above instructions again. To start the application after the initial configuration, follow these steps:
+
+1. Start the Service provider:
+
+ * Navigate to the directory ``MSS/`` and run
+
+    ``$ python mslib/auth_client_sp/app/app.py``
+
+2. Start the Identity Provider:
+
+ * Navigate to the directory ``MSS/`` and run
+
+    ``$ python mslib/idp/idp.py idp_conf``
+
+By following the provided instructions, you will be able to set up and configure both the Identity Provider and Service Provider for testing the SSO process.
+
+Testing Single Sign-On (SSO) process
+------------------------------------
+
+* Once you have successfully launched the server and identity provider, you can begin testing the Single Sign-On (SSO) process.
+* Load in a browser http://127.0.0.1:5000/.
+* To log in to the service provider through the identity provider, you can use the credentials specified in the ``PASSWD`` section of the ``MSS/mslib/idp/idp.py`` file. Look for the relevant section in the file to find the necessary login credentials.
+
+References
+----------
+
+* https://pysaml2.readthedocs.io/en/latest/examples/idp.html

docs/conf_sso_test_msscolab.rst

@@ -0,0 +1,117 @@
+Configuration MSS Colab Server with Testing IdP for SSO
+=======================================================
+Testing IDP (`mslib/msidp`) is specifically designed for testing the Single Sign-On (SSO) process with the mscolab server using PySAML2.
+
+Here is documentation that explains the configuration of the MSS Colab Server with the testing IdP.
+
+Getting started
+---------------
+
+To set up a local identity provider with the mscolab server, you'll first need to generate the required keys and certificates for both the Identity Provider and the mscolab server. Follow these steps to configure the system:
+
+    1. Initial Steps
+    2. Generate Keys and Certificates
+    3. Enable USE_SAML2
+    4. Generate Metadata Files
+    5. Start the Identity Provider
+    6. Start the mscolab Server
+    7. Test the Single Sign-On (SSO) Process
+
+
+1. Initial Steps
+----------------
+Before getting started, you should correctly activate the environments, set the correct Python path as explained in the mss instructions : https://github.com/Open-MSS/MSS/tree/develop#readme
+
+
+
+2. Generate Keys, Certificates, and backend_saml files
+------------------------------------------------------
+
+This involves generating both `.key` files and `.crt` files for both the Identity provider and mscolab server and `backend_saml.yaml` file. 
+
+Before running the command make sure to set `USE_SAML2 = False` in your `mscolab_settings.py` file,  You can accomplish this by following these steps:
+
+- Add to the `PYTHONPATH` where your `mscolab_settings.py`.
+- Add `USE_SAML2 = False` in your `mscolab_settings.py` file.
+
+.. note::
+    If you set `USE_SAML2 = True` without keys and certificates, this will not execute. So, make sure to set `USE_SAML2 = False` before executing the command.
+
+If everything is correctly set, you can generate keys and certificates simply by running
+
+.. code:: text
+
+    $ mscolab sso_conf --init_sso_crts
+
+.. note::
+    This process generating keys and certificates for both Identity provider and mscolab server by default, If you need configure with different keys and certificates for the Identity provider, You should manually update the path of `SERVER_CERT` with the path of the generated .crt file for Identity provider, and `SERVER_KEY` with the path of the generated .key file for the Identity provider in the file `MSS/mslib/idp/idp_conf.py`.
+
+
+3. Enable USE_SAML2
+-------------------
+
+To enable SAML2-based login (identity provider-based login), 
+
+- To start the process update `USE_SAML2 = True` in your `mscolab_settings.py` file.
+
+.. note::
+    After enabling the `USE_SAML2` option, the subsequent step involves adding the `CONFIGURED_IDPS` dictionary for the MSS Colab Server. This dictionary must contain keys for each active Identity Provider, denoted by their `idp_identity_name`, along with their respective `idp_name`. Once this dictionary is configured, it should be utilized to update several aspects of the mscolab server, including the SAML2Client configuration in the .yml file. This ensures seamless integration with the enabled IDPs. By default, configuration has been set up for the localhost IDP, and any additional configurations required should be performed by the developer.
+
+4. Generate metadata files
+--------------------------
+
+This involves generating necessary metadata files for both the identity provider and the service provider. You can generate them by simply running the below command.
+
+.. note::
+    Before executing this, you should set `USE_SAML2=True` as described in the third step(Enable USE_SAML2).
+
+.. code:: text
+
+    $ mscolab sso_conf --init_sso_metadata
+
+
+5. Start Identity provider
+--------------------------
+
+Once you set certificates and metada files you can start mscolab server and local identity provider. To start local identity provider, simply execute:
+
+.. code:: text
+
+    $ msidp
+
+
+6. Start the mscolab Server
+---------------------------
+
+Before Starting the mscolab server, make sure to do necessary database migrations.
+
+When this is the first time you setup a mscolab server, you have to initialize the database by:
+
+.. code:: text
+
+    $ mscolab db --init
+
+.. note::
+   An existing database maybe needs a migration, have a look for this on our documentation.
+
+   https://mss.readthedocs.io/en/stable/mscolab.html#data-base-migration
+
+When migrations finished, you can start mscolab server  using the following command:
+
+.. code:: text
+
+    $ mscolab start
+
+
+7. Testing Single Sign-On (SSO) process
+---------------------------------------
+
+* Once you have successfully launched the server and identity provider, you can begin testing the Single Sign-On (SSO) process.
+* Start MSS PyQt application:
+
+.. code:: text
+
+    $ msui
+
+* Login with identity provider through Qt Client application.
+* To log in to the mscolab server through the identity provider, you can use the credentials specified in the ``PASSWD`` section of the ``MSS/mslib/msidp/idp.py`` file. Look for the relevant section in the file to find the necessary login credentials.

docs/samples/config/mscolab/mscolab_settings.py.sample

@@ -85,6 +85,9 @@ STUB_CODE = """<?xml version="1.0" encoding="utf-8"?>
 </FlightTrack>
 """
 
+# enable login by identity provider
+USE_SAML2 = False
+
 # looks for a given category forn a operation ending with GROUP_POSTFIX
 # e.g. category = Tex will look for TexGroup
 # all users in that Group are set to the operations of that category

localbuild/meta.yaml

@@ -19,6 +19,7 @@ build:
     - mswms_demodata = mslib.mswms.demodata:main
     - mscolab = mslib.mscolab.mscolab:main
     - mssautoplot = mslib.utils.mssautoplot:main
+    - msidp = mslib.msidp.idp:main
 
 requirements:
   build:
@@ -92,6 +93,9 @@ requirements:
     - email_validator
     - keyring
     - dbus-python
+    - flask-login
+    - pysaml2
+    - libxmlsec1
 
 test:
   imports:
@@ -101,6 +105,7 @@ test:
     - mswms_demodata -h
     - msui -h
     - mscolab -h
+    - msidp -h
 
 about:
   summary: 'A web service based tool to plan atmospheric research flights.'

mslib/auth_client_sp/README.md

@@ -0,0 +1,11 @@
+# Flask Service Provider with PySAML2 Integration
+
+This is a simple Flask service provider that allows for single sign-on (SSO) authentication using PySAML2.
+
+## Features
+
+- Integration with PySAML2 for SSO authentication.
+- Securely handles SAML assertions and authentication responses.
+- Provides routes for login, logout, and profile endpoints.
+- Uses SQLAlchemy database for user management.
+- Supports both HTTP Redirect and HTTP POST bindings for SAML responses.