From f8c5684c1ccc20b8c9e41e71c0b76300ab738177 Mon Sep 17 00:00:00 2001
From: Charles Labas <cslabas@gmail.com>
Date: Mon, 15 Aug 2016 13:30:12 -0400
Subject: [PATCH 01/25] Made development changes suggested by README

---
 ozp/settings.py  | 2 +-
 requirements.txt | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/ozp/settings.py b/ozp/settings.py
index b4b85307..bdd34477 100644
--- a/ozp/settings.py
+++ b/ozp/settings.py
@@ -226,7 +226,7 @@
 CORS_ALLOW_CREDENTIALS = True
 
 OZP = {
-    'DEMO_APP_ROOT': 'https://localhost:8443',
+    'DEMO_APP_ROOT': 'https://localhost:8000',
     # if set to False, never try and update authorization-related info from
     # an external source
     'USE_AUTH_SERVER': False,
diff --git a/requirements.txt b/requirements.txt
index 9409325b..a7277de9 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -22,7 +22,6 @@ msgpack-python==0.4.7
 nose==1.3.7
 pep8==1.7.0
 Pillow==2.9.0
-psycopg2==2.6.1
 pyflakes==1.0.0
 pytz==2015.4
 PyYAML==3.11

From 21cba4b10048629f9c1ee302117b6609167922b4 Mon Sep 17 00:00:00 2001
From: Charles Labas <cslabas@gmail.com>
Date: Mon, 15 Aug 2016 15:22:26 -0400
Subject: [PATCH 02/25] Added django-cas authentication

---
 ozp/settings.py  | 15 ++++++++++++++-
 ozp/urls.py      |  7 ++++++-
 requirements.txt |  1 +
 3 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/ozp/settings.py b/ozp/settings.py
index bdd34477..319c4652 100644
--- a/ozp/settings.py
+++ b/ozp/settings.py
@@ -54,7 +54,10 @@
     'rest_framework_swagger',
     'ozpcenter',
     'ozpiwc',
-    'corsheaders'
+    'corsheaders',
+
+    #CAS
+    'cas'
 )
 
 # Note that CorsMiddleware needs to come before Django's CommonMiddleware if
@@ -70,10 +73,20 @@
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
     'django.middleware.security.SecurityMiddleware',
+
+    #CAS
+    'cas.middleware.CASMiddleware'
 )
 
 ROOT_URLCONF = 'ozp.urls'
 
+# CAS
+CAS_SERVER_URL = "http://localhost:8080/cas/"
+AUTHENTICATION_BACKENDS = (
+    'django.contrib.auth.backends.ModelBackend',
+    'cas.backends.CASBackend'
+)
+
 TEMPLATES = [
     {
         'BACKEND': 'django.template.backends.django.DjangoTemplates',
diff --git a/ozp/urls.py b/ozp/urls.py
index 280285f3..9cd58171 100644
--- a/ozp/urls.py
+++ b/ozp/urls.py
@@ -24,7 +24,12 @@
     url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
     url(r'^api/', include('ozpcenter.urls')),
     url(r'^iwc-api/', include('ozpiwc.urls')),
-    url(r'^docs/', include('rest_framework_swagger.urls'))
+    url(r'^docs/', include('rest_framework_swagger.urls')),
+
+    # CAS
+    url(r'^accounts/login/$', 'cas.views.login', name='login'),
+    url(r'^accounts/logout/$', 'cas.views.login', name='logout'),
+
 ]
 
 # in debug, serve the media and static resources with the django web server
diff --git a/requirements.txt b/requirements.txt
index a7277de9..db56a820 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -29,3 +29,4 @@ redis==2.10.5
 requests==2.7.0
 six==1.9.0
 wheel==0.24.0
+django-cas-client==1.2.0

From 386eb9342c6956b1f99d4ccc558934addbd46aa9 Mon Sep 17 00:00:00 2001
From: Charles Labas <cslabas@gmail.com>
Date: Wed, 7 Sep 2016 16:52:55 -0400
Subject: [PATCH 03/25] Enabled CAS authentication on REST APIs

---
 ozp/settings.py | 4 ++--
 ozp/urls.py     | 1 -
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/ozp/settings.py b/ozp/settings.py
index 319c4652..269447ad 100644
--- a/ozp/settings.py
+++ b/ozp/settings.py
@@ -185,8 +185,8 @@
     'EXCEPTION_HANDLER': 'ozpcenter.errors.exception_handler',
     'DEFAULT_AUTHENTICATION_CLASSES': (
         # 'ozpcenter.auth.pkiauth.PkiAuthentication'
-        'rest_framework.authentication.BasicAuthentication',
-        # 'rest_framework.authentication.SessionAuthentication',
+        # 'rest_framework.authentication.BasicAuthentication',
+        'rest_framework.authentication.SessionAuthentication',
         ),
     # Use Django's standard `django.contrib.auth` permissions,
     # or allow read-only access for unauthenticated users.
diff --git a/ozp/urls.py b/ozp/urls.py
index 9cd58171..8d65f0d4 100644
--- a/ozp/urls.py
+++ b/ozp/urls.py
@@ -21,7 +21,6 @@
 
 urlpatterns = [
     url(r'^admin/', include(admin.site.urls)),
-    url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
     url(r'^api/', include('ozpcenter.urls')),
     url(r'^iwc-api/', include('ozpiwc.urls')),
     url(r'^docs/', include('rest_framework_swagger.urls')),

From a2832fc4cde6b878cd5c980242174e8f06c6c748 Mon Sep 17 00:00:00 2001
From: Charles Labas <charles.labas@vistronix.com>
Date: Tue, 13 Sep 2016 20:46:20 +0000
Subject: [PATCH 04/25] Updated django-cas-client dependency

---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index db56a820..3e9fe76b 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -29,4 +29,4 @@ redis==2.10.5
 requests==2.7.0
 six==1.9.0
 wheel==0.24.0
-django-cas-client==1.2.0
+-e git+https://github.com/chazzlabs/django-cas#egg=django-cas-client

From 2db45d31a6be4db0976c2c862df2781b75700c60 Mon Sep 17 00:00:00 2001
From: Charles Labas <charles.labas@vistronix.com>
Date: Tue, 13 Sep 2016 20:47:26 +0000
Subject: [PATCH 05/25] Replaced DEMO_APP_ROOT port number

---
 ozp/settings.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ozp/settings.py b/ozp/settings.py
index 269447ad..16aecd2e 100644
--- a/ozp/settings.py
+++ b/ozp/settings.py
@@ -239,7 +239,7 @@
 CORS_ALLOW_CREDENTIALS = True
 
 OZP = {
-    'DEMO_APP_ROOT': 'https://localhost:8000',
+    'DEMO_APP_ROOT': 'https://localhost:8443',
     # if set to False, never try and update authorization-related info from
     # an external source
     'USE_AUTH_SERVER': False,

From 315b710ea80ebc5e30ecd81d2b6e8c7af7292bbe Mon Sep 17 00:00:00 2001
From: Charles Labas <cslabas@gmail.com>
Date: Tue, 13 Sep 2016 20:03:42 -0400
Subject: [PATCH 06/25] Updated requirements to point to internal fork of
 django-cas-client

---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 3e9fe76b..e1bfd827 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -29,4 +29,4 @@ redis==2.10.5
 requests==2.7.0
 six==1.9.0
 wheel==0.24.0
--e git+https://github.com/chazzlabs/django-cas#egg=django-cas-client
+-e git+http://dev1.vistronix.com:9080/ozp/django-cas#egg=django-cas-client

From 46099560cc5efb14ac10421e22226b3c058cabb9 Mon Sep 17 00:00:00 2001
From: Charles Labas <cslabas@gmail.com>
Date: Wed, 14 Sep 2016 11:52:07 -0400
Subject: [PATCH 07/25] Fixed Gitlab repo URL for django-cas-client

---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index e1bfd827..b11e42fd 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -29,4 +29,4 @@ redis==2.10.5
 requests==2.7.0
 six==1.9.0
 wheel==0.24.0
--e git+http://dev1.vistronix.com:9080/ozp/django-cas#egg=django-cas-client
+-e git+http://dev1.vistronix.com:9080/ozp/django-cas.git#egg=django-cas-client

From 00a2f8cbd2b5b1a7b4668cc1c16db4d1335afa92 Mon Sep 17 00:00:00 2001
From: Charles Labas <charles.labas@vistronix.com>
Date: Thu, 15 Sep 2016 09:50:44 -0400
Subject: [PATCH 08/25] Updated CAS_SERVER_URL and added default DRF login
 views

---
 ozp/settings.py | 2 +-
 ozp/urls.py     | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/ozp/settings.py b/ozp/settings.py
index 16aecd2e..c4f5e724 100644
--- a/ozp/settings.py
+++ b/ozp/settings.py
@@ -81,7 +81,7 @@
 ROOT_URLCONF = 'ozp.urls'
 
 # CAS
-CAS_SERVER_URL = "http://localhost:8080/cas/"
+CAS_SERVER_URL = "http://localhost:9001/cas/"
 AUTHENTICATION_BACKENDS = (
     'django.contrib.auth.backends.ModelBackend',
     'cas.backends.CASBackend'
diff --git a/ozp/urls.py b/ozp/urls.py
index 8d65f0d4..5c78a392 100644
--- a/ozp/urls.py
+++ b/ozp/urls.py
@@ -22,6 +22,7 @@
 urlpatterns = [
     url(r'^admin/', include(admin.site.urls)),
     url(r'^api/', include('ozpcenter.urls')),
+    url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
     url(r'^iwc-api/', include('ozpiwc.urls')),
     url(r'^docs/', include('rest_framework_swagger.urls')),
 

From 168227fb6a1e2f52da555dadf110a161ccb1978d Mon Sep 17 00:00:00 2001
From: Charles Labas <charles.labas@vistronix.com>
Date: Thu, 15 Sep 2016 16:07:57 -0400
Subject: [PATCH 09/25] Added django-decorator-include for redirection to CAS
 on unauthenticated API requests

---
 ozp/urls.py      | 5 +++--
 requirements.txt | 1 +
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/ozp/urls.py b/ozp/urls.py
index 5c78a392..8afffe06 100644
--- a/ozp/urls.py
+++ b/ozp/urls.py
@@ -17,11 +17,13 @@
 from django.conf.urls import include, url
 from django.conf.urls.static import static
 from django.contrib import admin
+from django.contrib.auth.decorators import login_required
 
+from decorator_include import decorator_include
 
 urlpatterns = [
     url(r'^admin/', include(admin.site.urls)),
-    url(r'^api/', include('ozpcenter.urls')),
+    url(r'^api/', decorator_include(login_required, 'ozpcenter.urls')),
     url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
     url(r'^iwc-api/', include('ozpiwc.urls')),
     url(r'^docs/', include('rest_framework_swagger.urls')),
@@ -29,7 +31,6 @@
     # CAS
     url(r'^accounts/login/$', 'cas.views.login', name='login'),
     url(r'^accounts/logout/$', 'cas.views.login', name='logout'),
-
 ]
 
 # in debug, serve the media and static resources with the django web server
diff --git a/requirements.txt b/requirements.txt
index b11e42fd..64e0fc9c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -29,4 +29,5 @@ redis==2.10.5
 requests==2.7.0
 six==1.9.0
 wheel==0.24.0
+django-decorator-include==1.1
 -e git+http://dev1.vistronix.com:9080/ozp/django-cas.git#egg=django-cas-client

From f131fdeb3593937035beb63441a6670d17e8953f Mon Sep 17 00:00:00 2001
From: Charles Labas <charles.labas@vistronix.com>
Date: Fri, 16 Sep 2016 14:49:26 -0400
Subject: [PATCH 10/25] Added custom decorator for renaming 'next' query param
 so django-cas redirects to referer

---
 decorators/cas_decorators.py | 4 ++++
 ozp/urls.py                  | 5 +++--
 2 files changed, 7 insertions(+), 2 deletions(-)
 create mode 100644 decorators/cas_decorators.py

diff --git a/decorators/cas_decorators.py b/decorators/cas_decorators.py
new file mode 100644
index 00000000..bdd905b8
--- /dev/null
+++ b/decorators/cas_decorators.py
@@ -0,0 +1,4 @@
+from django.contrib.auth.decorators import login_required
+
+def cas_login_required(view_func):
+    return login_required(view_func, 'renamed_next')
diff --git a/ozp/urls.py b/ozp/urls.py
index 8afffe06..53125f38 100644
--- a/ozp/urls.py
+++ b/ozp/urls.py
@@ -17,13 +17,14 @@
 from django.conf.urls import include, url
 from django.conf.urls.static import static
 from django.contrib import admin
-from django.contrib.auth.decorators import login_required
+
+from decorators.cas_decorators import cas_login_required
 
 from decorator_include import decorator_include
 
 urlpatterns = [
     url(r'^admin/', include(admin.site.urls)),
-    url(r'^api/', decorator_include(login_required, 'ozpcenter.urls')),
+    url(r'^api/', decorator_include(cas_login_required, 'ozpcenter.urls')),
     url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
     url(r'^iwc-api/', include('ozpiwc.urls')),
     url(r'^docs/', include('rest_framework_swagger.urls')),

From 86028f6900d0a5c87b3ba4d21b3f2774758cb0fd Mon Sep 17 00:00:00 2001
From: Charles Labas <charles.labas@vistronix.com>
Date: Fri, 16 Sep 2016 15:14:57 -0400
Subject: [PATCH 11/25] Renamed decorators app and fixed references

---
 ozp/settings.py                                 | 1 +
 ozp/urls.py                                     | 2 +-
 {decorators => ozpdecorators}/cas_decorators.py | 0
 3 files changed, 2 insertions(+), 1 deletion(-)
 rename {decorators => ozpdecorators}/cas_decorators.py (100%)

diff --git a/ozp/settings.py b/ozp/settings.py
index c4f5e724..c0177aaf 100644
--- a/ozp/settings.py
+++ b/ozp/settings.py
@@ -54,6 +54,7 @@
     'rest_framework_swagger',
     'ozpcenter',
     'ozpiwc',
+    'ozpdecorators',
     'corsheaders',
 
     #CAS
diff --git a/ozp/urls.py b/ozp/urls.py
index 53125f38..f1128d09 100644
--- a/ozp/urls.py
+++ b/ozp/urls.py
@@ -18,7 +18,7 @@
 from django.conf.urls.static import static
 from django.contrib import admin
 
-from decorators.cas_decorators import cas_login_required
+from ozpdecorators.cas_decorators import cas_login_required
 
 from decorator_include import decorator_include
 
diff --git a/decorators/cas_decorators.py b/ozpdecorators/cas_decorators.py
similarity index 100%
rename from decorators/cas_decorators.py
rename to ozpdecorators/cas_decorators.py

From 018165af3401d7e47c6d2c8dd75a0f521ea9b5a8 Mon Sep 17 00:00:00 2001
From: Charles Labas <charles.labas@vistronix.com>
Date: Fri, 16 Sep 2016 15:34:44 -0400
Subject: [PATCH 12/25] Moved ozpdecorators inside ozp app

---
 {ozpdecorators => ozp/decorators}/cas_decorators.py | 0
 ozp/settings.py                                     | 1 -
 ozp/urls.py                                         | 2 +-
 3 files changed, 1 insertion(+), 2 deletions(-)
 rename {ozpdecorators => ozp/decorators}/cas_decorators.py (100%)

diff --git a/ozpdecorators/cas_decorators.py b/ozp/decorators/cas_decorators.py
similarity index 100%
rename from ozpdecorators/cas_decorators.py
rename to ozp/decorators/cas_decorators.py
diff --git a/ozp/settings.py b/ozp/settings.py
index c0177aaf..c4f5e724 100644
--- a/ozp/settings.py
+++ b/ozp/settings.py
@@ -54,7 +54,6 @@
     'rest_framework_swagger',
     'ozpcenter',
     'ozpiwc',
-    'ozpdecorators',
     'corsheaders',
 
     #CAS
diff --git a/ozp/urls.py b/ozp/urls.py
index f1128d09..916a1b4b 100644
--- a/ozp/urls.py
+++ b/ozp/urls.py
@@ -18,7 +18,7 @@
 from django.conf.urls.static import static
 from django.contrib import admin
 
-from ozpdecorators.cas_decorators import cas_login_required
+from ozp.decorators.cas_decorators import cas_login_required
 
 from decorator_include import decorator_include
 

From c1079708b401d0fd2b19177120b3ac69885bab24 Mon Sep 17 00:00:00 2001
From: Charles Labas <charles.labas@vistronix.com>
Date: Tue, 20 Sep 2016 12:00:52 -0400
Subject: [PATCH 13/25] Added SSL cert verification hack

---
 ozp/wsgi.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ozp/wsgi.py b/ozp/wsgi.py
index b4524e3c..0150718d 100644
--- a/ozp/wsgi.py
+++ b/ozp/wsgi.py
@@ -9,6 +9,7 @@
 
 import os
 import re
+import ssl
 
 from django.core.wsgi import get_wsgi_application
 
@@ -31,6 +32,9 @@ def get_version():
         raise RuntimeError(
             "Unable to find version string in {0!s}.".format(VERSION_FILE))
 
+# This is a hack to disable SSL cert verification
+ssl._create_default_https_context = ssl._create_unverified_context
+
 os.environ['OZP_BACKEND_VERSION'] = get_version()  # TODO: Find a better way to get version
 
 os.environ.setdefault("DJANGO_SETTINGS_MODULE", "ozp.settings")

From 038b084bc95396096cb28691745e22dca9061b1d Mon Sep 17 00:00:00 2001
From: Charles Labas <cslabas@gmail.com>
Date: Tue, 25 Oct 2016 09:13:43 -0400
Subject: [PATCH 14/25] Updated 'Getting Started' steps in README

---
 README.md | 15 ++-------------
 1 file changed, 2 insertions(+), 13 deletions(-)

diff --git a/README.md b/README.md
index fda53cde..2b892629 100644
--- a/README.md
+++ b/README.md
@@ -3,7 +3,7 @@ Django-based backend API for the OZONE Platform (OZP). For those who just want
 to get OZP (Center, HUD, Webtop, IWC) up and running, see the
 [quickstart](https://github.com/ozone-development/ozp-ansible#quickstart) of the [ozp-ansible](https://github.com/ozone-development/ozp-ansible) project.
 
-## 3rd Party Services 
+## 3rd Party Services
 Travis-CI
 [![Build Status](https://travis-ci.org/aml-development/ozp-backend.svg?branch=master)](https://travis-ci.org/ozone-development/ozp-backend)
 
@@ -30,17 +30,6 @@ of this README, which will create a production-esque deployment of OZP:
 To serve the application on your host machine with minimal external dependencies,
 do the following:
 
-1. Remove psycopg2 from requirements.txt (so that Postgres won't be required)
-2. Enable HTTP Basic Auth and disable PKI authentication. In settings.py,
-`REST_FRAMEWORK.DEFAULT_AUTHENTICATION_CLASSES` should be set to
-`'rest_framework.authentication.BasicAuthentication'`
-3. Disable the authorization service. In settings.py, set `OZP.USE_AUTH_SERVER`
-to `False`
-4. In settings.py, set `OZP.DEMO_APP_ROOT` to `localhost:8000` (or wherever
-the django app will be served at)
-
-Then, do the following:
-
 1. Install Python 3.4.3. Python can be installed by downloading the appropriate
     files [here](https://www.python.org/downloads/release/python-343/). Note
     that Python 3.4 includes both `pip` and `venv`, a built-in replacement
@@ -52,7 +41,7 @@ Then, do the following:
 3. Active the new environment: `source ENV/bin/activate`
 4. Install the necessary dependencies into this python environment:
     `pip install -r requirements.txt`
-5. Run the server: `./restart_clean_dev_server.sh`
+5. Run the server: `make dev`
 
 Swagger documentation for the api is available at `http://localhost:8000/docs/`
 Use username `wsmith` password `password` when prompted for authentication info

From 17b4f12a8b000a282cc6cd6a0b739a748fede814 Mon Sep 17 00:00:00 2001
From: Robert Hutzel <amoebob@eml.cc>
Date: Wed, 26 Oct 2016 09:58:35 -0400
Subject: [PATCH 15/25] Added Debian Linux installation instructions to README.
 Added two more IntelliJ files to .gitignore

---
 .gitignore |  2 ++
 README.md  | 34 +++++++++++++++++++++++++++++++++-
 2 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index 0eda138c..59b87f03 100644
--- a/.gitignore
+++ b/.gitignore
@@ -26,6 +26,8 @@ env
 .idea/dictionaries
 .idea/vcs.xml
 .idea/jsLibraryMappings.xml
+.idea/compiler.xml
+.idea/misc.xml
 
 # Sensitive or high-churn files:
 .idea/dataSources.ids
diff --git a/README.md b/README.md
index 2b892629..042a4df3 100644
--- a/README.md
+++ b/README.md
@@ -30,6 +30,8 @@ of this README, which will create a production-esque deployment of OZP:
 To serve the application on your host machine with minimal external dependencies,
 do the following:
 
+### Windows
+
 1. Install Python 3.4.3. Python can be installed by downloading the appropriate
     files [here](https://www.python.org/downloads/release/python-343/). Note
     that Python 3.4 includes both `pip` and `venv`, a built-in replacement
@@ -43,6 +45,36 @@ do the following:
     `pip install -r requirements.txt`
 5. Run the server: `make dev`
 
+### Debian Linux
+
+#### Operating system dependencies
+
+The Python version shipped with Debian Jessie, 3.4.2, will not work with our SDK changes.
+
+* `apt-get install liblzma-dev libsqlite3-dev sqlite3`
+* `wget https://www.python.org/ftp/python/3.5.2/Python-3.5.2.tgz`
+* `tar -xzf Python-3.5.2.tgz`
+* `cd Python-3.5.2`
+* `./configure --enable-loadable-sqlite-extensions`
+* `make`
+* `sudo make install`
+* `python3 -m pip install --upgrade pip`
+
+#### Development environment preparation
+
+* `cd ./<ozp project base>`
+* `git clone http://dev1.vistronix.com:9080/ozp/ozp-backend.git`
+* `python3 -m venv ozp-venv`
+* `source ozp-venv/bin/activate`
+* `cd ozp-backend`
+* `pip install -r requirements.txt`
+
+#### Building and running the OZP backend
+
+* `make dev`
+
+## API Documentation
+
 Swagger documentation for the api is available at `http://localhost:8000/docs/`
 Use username `wsmith` password `password` when prompted for authentication info
 
@@ -54,7 +86,7 @@ Run `python release.py` to generate a tarball with Wheels for the application
 and all of its dependencies. See `release.py` for details
 
 ## For Developers
-Understanding this project requires knowing a small-medium amount of Django and
+Understanding this project requires knowing a moderate amount of Django and
 a large amount of Django Rest Framework (DRF). From Django itself:
 * Object-relational mapper (ORM)
 * Authentication

From 0a923ec1d2562fde7db72dff88ca2ac064bc9d96 Mon Sep 17 00:00:00 2001
From: Robert Hutzel <amoebob@eml.cc>
Date: Wed, 26 Oct 2016 10:56:57 -0400
Subject: [PATCH 16/25] Copied venv activation into the building and running
 section of the Debian Linux documentation in README. Generalized IntelliJ git
 ignore directives.

---
 .gitignore | 26 ++------------------------
 README.md  |  3 +++
 2 files changed, 5 insertions(+), 24 deletions(-)

diff --git a/.gitignore b/.gitignore
index 59b87f03..4ee74b07 100644
--- a/.gitignore
+++ b/.gitignore
@@ -20,30 +20,6 @@ env
 # Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and Webstorm
 # Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
 
-# User-specific stuff:
-.idea/workspace.xml
-.idea/tasks.xml
-.idea/dictionaries
-.idea/vcs.xml
-.idea/jsLibraryMappings.xml
-.idea/compiler.xml
-.idea/misc.xml
-
-# Sensitive or high-churn files:
-.idea/dataSources.ids
-.idea/dataSources.xml
-.idea/dataSources.local.xml
-.idea/sqlDataSources.xml
-.idea/dynamic.xml
-.idea/uiDesigner.xml
-
-# Gradle:
-.idea/gradle.xml
-.idea/libraries
-
-# Mongo Explorer plugin:
-.idea/mongoSettings.xml
-
 ## File-based project format:
 *.iws
 
@@ -51,6 +27,8 @@ env
 
 # IntelliJ
 /out/
+.idea/
+*.iml
 
 # mpeltonen/sbt-idea plugin
 .idea_modules/
diff --git a/README.md b/README.md
index 042a4df3..cca09a80 100644
--- a/README.md
+++ b/README.md
@@ -71,6 +71,9 @@ The Python version shipped with Debian Jessie, 3.4.2, will not work with our SDK
 
 #### Building and running the OZP backend
 
+* `cd ./<ozp project base>`
+* `source ozp-venv/bin/activate`
+* `cd ozp-backend`
 * `make dev`
 
 ## API Documentation

From bb51d1767a2de30a92f827a7fb482ff76bf796d5 Mon Sep 17 00:00:00 2001
From: Robert Hutzel <amoebob@eml.cc>
Date: Thu, 27 Oct 2016 15:46:56 -0400
Subject: [PATCH 17/25] Created redirecting_login_required decorator, which is
 AJAX aware. Next page support is missing. Temporarily adding ajax_sample
 module for testing.

---
 ajax_sample/__init__.py                     |  0
 ajax_sample/templates/ajax_sample_base.html | 31 +++++++++++++++++++++
 ajax_sample/urls.py                         |  8 ++++++
 ajax_sample/views.py                        | 16 +++++++++++
 ozp/decorators/cas_decorators.py            | 29 +++++++++++++++++--
 ozp/settings.py                             |  4 ++-
 ozp/urls.py                                 |  7 +++--
 7 files changed, 89 insertions(+), 6 deletions(-)
 create mode 100644 ajax_sample/__init__.py
 create mode 100644 ajax_sample/templates/ajax_sample_base.html
 create mode 100644 ajax_sample/urls.py
 create mode 100644 ajax_sample/views.py

diff --git a/ajax_sample/__init__.py b/ajax_sample/__init__.py
new file mode 100644
index 00000000..e69de29b
diff --git a/ajax_sample/templates/ajax_sample_base.html b/ajax_sample/templates/ajax_sample_base.html
new file mode 100644
index 00000000..0b041f73
--- /dev/null
+++ b/ajax_sample/templates/ajax_sample_base.html
@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>AJAX Sample</title>
+</head>
+<body>
+    <p>This sample AJAX page pulls a random value from the server every 10 seconds.</p>
+    <p>Next lookup is in <strong><span id="countdown">0</span> second(s).</strong></p>
+    <p>The server request said: <strong><span id="result">...</span></strong></p>
+    <script type="application/javascript" src="https://code.jquery.com/jquery-3.1.1.min.js"></script>
+    <script type="application/javascript">
+
+        var counter = 10;
+
+        function fetchResult() {
+            $('span#result').html('...');
+            $.get('/ajax_sample/status/', function(text) {
+                $('span#result').html(text);
+            });
+        }
+
+        setInterval(function() {
+            counter = (counter < 1) ? 10 : counter - 1;
+            $('span#countdown').html(counter);
+            if (counter < 1) fetchResult();
+        }, 1000);
+
+    </script>
+</body>
+</html>
diff --git a/ajax_sample/urls.py b/ajax_sample/urls.py
new file mode 100644
index 00000000..c9b39325
--- /dev/null
+++ b/ajax_sample/urls.py
@@ -0,0 +1,8 @@
+from django.conf.urls import url
+
+from ajax_sample.views import *
+
+urlpatterns = [
+    url(r'status/$', status_view),
+    url(r'', base_view),
+]
diff --git a/ajax_sample/views.py b/ajax_sample/views.py
new file mode 100644
index 00000000..ae909fe5
--- /dev/null
+++ b/ajax_sample/views.py
@@ -0,0 +1,16 @@
+from ozp.decorators.cas_decorators import redirecting_login_required
+from django.http import HttpResponse
+from django.template import loader
+from random import randint
+
+
+def base_view(request):
+    template = loader.get_template('ajax_sample_base.html')
+    return HttpResponse(template.render(request=request))
+
+
+@redirecting_login_required
+def status_view(request):
+    return HttpResponse(randint(1, 20))
+
+
diff --git a/ozp/decorators/cas_decorators.py b/ozp/decorators/cas_decorators.py
index bdd905b8..f5fc93a2 100644
--- a/ozp/decorators/cas_decorators.py
+++ b/ozp/decorators/cas_decorators.py
@@ -1,4 +1,27 @@
-from django.contrib.auth.decorators import login_required
+from django.conf import settings
+from django.contrib.auth.views import redirect_to_login
+from django.http import HttpRequest, HttpResponseForbidden
+from django.shortcuts import resolve_url
+from django.utils.decorators import available_attrs
+from functools import wraps
+
+
+def redirecting_login_required(view_func=None):
+    """
+    Decorator for views that serves as an ajax-aware, drop-in replacement
+    for login_required. Unauthenticated AJAX requests are rejected as 403
+    Forbidden and non-AJAX requests are redirected to a login page.
+    """
+
+    @wraps(view_func, assigned=available_attrs(view_func))
+    def _wrapped_view(request: HttpRequest, *args, **kwargs):
+        if request.user.is_authenticated():
+            return view_func(request, *args, **kwargs)
+        if request.is_ajax():
+            return HttpResponseForbidden()
+        path = request.build_absolute_uri()
+        resolved_login_url = resolve_url(settings.LOGIN_URL)
+        return redirect_to_login(path, resolved_login_url, 'renamed_next')
+    return _wrapped_view
+
 
-def cas_login_required(view_func):
-    return login_required(view_func, 'renamed_next')
diff --git a/ozp/settings.py b/ozp/settings.py
index c4f5e724..c151b5fd 100644
--- a/ozp/settings.py
+++ b/ozp/settings.py
@@ -90,7 +90,9 @@
 TEMPLATES = [
     {
         'BACKEND': 'django.template.backends.django.DjangoTemplates',
-        'DIRS': [],
+        'DIRS': [
+            BASE_DIR + '/ajax_sample/templates'
+        ],
         'APP_DIRS': True,
         'OPTIONS': {
             'context_processors': [
diff --git a/ozp/urls.py b/ozp/urls.py
index 916a1b4b..e00f92ea 100644
--- a/ozp/urls.py
+++ b/ozp/urls.py
@@ -18,13 +18,13 @@
 from django.conf.urls.static import static
 from django.contrib import admin
 
-from ozp.decorators.cas_decorators import cas_login_required
+from ozp.decorators.cas_decorators import redirecting_login_required
 
 from decorator_include import decorator_include
 
 urlpatterns = [
     url(r'^admin/', include(admin.site.urls)),
-    url(r'^api/', decorator_include(cas_login_required, 'ozpcenter.urls')),
+    url(r'^api/', decorator_include(redirecting_login_required, 'ozpcenter.urls')),
     url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
     url(r'^iwc-api/', include('ozpiwc.urls')),
     url(r'^docs/', include('rest_framework_swagger.urls')),
@@ -32,6 +32,9 @@
     # CAS
     url(r'^accounts/login/$', 'cas.views.login', name='login'),
     url(r'^accounts/logout/$', 'cas.views.login', name='logout'),
+
+    # AJAX Sample
+    url(r'^ajax_sample/', include('ajax_sample.urls')),
 ]
 
 # in debug, serve the media and static resources with the django web server

From 2ae8db6d8d45e67689b5eaeaca4517c619faa80e Mon Sep 17 00:00:00 2001
From: Robert Hutzel <amoebob@eml.cc>
Date: Thu, 27 Oct 2016 16:03:59 -0400
Subject: [PATCH 18/25] accounts/logout was pointing to cas.views.login instead
 of cas.views.logout. Fixed that typo.

---
 ozp/urls.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ozp/urls.py b/ozp/urls.py
index 916a1b4b..7a0fc75b 100644
--- a/ozp/urls.py
+++ b/ozp/urls.py
@@ -31,7 +31,7 @@
 
     # CAS
     url(r'^accounts/login/$', 'cas.views.login', name='login'),
-    url(r'^accounts/logout/$', 'cas.views.login', name='logout'),
+    url(r'^accounts/logout/$', 'cas.views.logout', name='logout'),
 ]
 
 # in debug, serve the media and static resources with the django web server

From 9ae13ccedf9cde3059669cb623974d9061d9c346 Mon Sep 17 00:00:00 2001
From: Robert Hutzel <amoebob@eml.cc>
Date: Fri, 28 Oct 2016 10:05:21 -0400
Subject: [PATCH 19/25] redirecting_login_required decorator now passes
 standard next query parameter to CAS instead of renamed_next

---
 ozp/decorators/cas_decorators.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ozp/decorators/cas_decorators.py b/ozp/decorators/cas_decorators.py
index f5fc93a2..417ec603 100644
--- a/ozp/decorators/cas_decorators.py
+++ b/ozp/decorators/cas_decorators.py
@@ -21,7 +21,7 @@ def _wrapped_view(request: HttpRequest, *args, **kwargs):
             return HttpResponseForbidden()
         path = request.build_absolute_uri()
         resolved_login_url = resolve_url(settings.LOGIN_URL)
-        return redirect_to_login(path, resolved_login_url, 'renamed_next')
+        return redirect_to_login(path, resolved_login_url)
     return _wrapped_view
 
 

From f41e9f6b43738cc0be3a9f6ee3c7403fb01e74ea Mon Sep 17 00:00:00 2001
From: Robert Hutzel <amoebob@eml.cc>
Date: Fri, 28 Oct 2016 14:57:29 -0400
Subject: [PATCH 20/25] redirecting_login_required decorator checks for both
 X_REQUESTED_WITH from same origin and Origin header for cross-origin.
 Switched default Django server port from 8000 to 4440 to support local
 testing.

---
 Makefile                         | 2 +-
 ozp/decorators/cas_decorators.py | 2 +-
 ozp/settings.py                  | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Makefile b/Makefile
index 2edbe777..7086fdad 100644
--- a/Makefile
+++ b/Makefile
@@ -43,4 +43,4 @@ dev: clean pre create_static
 	echo 'Loading sample data...'
 	python manage.py runscript sample_data_generator
 
-	python manage.py runserver
+	python manage.py runserver 4440
diff --git a/ozp/decorators/cas_decorators.py b/ozp/decorators/cas_decorators.py
index 417ec603..d0807a28 100644
--- a/ozp/decorators/cas_decorators.py
+++ b/ozp/decorators/cas_decorators.py
@@ -17,7 +17,7 @@ def redirecting_login_required(view_func=None):
     def _wrapped_view(request: HttpRequest, *args, **kwargs):
         if request.user.is_authenticated():
             return view_func(request, *args, **kwargs)
-        if request.is_ajax():
+        if request.is_ajax() or not request.META.get('HTTP_ORIGIN') is None:
             return HttpResponseForbidden()
         path = request.build_absolute_uri()
         resolved_login_url = resolve_url(settings.LOGIN_URL)
diff --git a/ozp/settings.py b/ozp/settings.py
index c151b5fd..f6c23f1c 100644
--- a/ozp/settings.py
+++ b/ozp/settings.py
@@ -251,9 +251,9 @@
         'SERVER_CRT': '/ozp/server.crt',
         'SERVER_KEY': '/ozp/server.key',
         # assumes the real URL is <root>/users/<DN>/
-        'USER_INFO_URL': r'http://localhost:8000/demo-auth/users/%s/info.json?issuerDN=%s',
+        'USER_INFO_URL': r'http://localhost:4440/demo-auth/users/%s/info.json?issuerDN=%s',
         # assumes the real URL is <root>/users/<DN>/groups/<PROJECT_NAME>/
-        'USER_GROUPS_URL': r'http://localhost:8000/demo-auth/users/%s/groups/%s/',
+        'USER_GROUPS_URL': r'http://localhost:4440/demo-auth/users/%s/groups/%s/',
         # name of the group in the auth service for apps mall stewards
         'APPS_MALL_STEWARD_GROUP_NAME': 'OZP_APPS_MALL_STEWARD',
         # name of the group in the auth service for org stewards

From 073bf1e7e35806d14f1a6adec3f7f316372bf0e8 Mon Sep 17 00:00:00 2001
From: Robert Hutzel <amoebob@eml.cc>
Date: Mon, 31 Oct 2016 15:58:16 -0400
Subject: [PATCH 21/25] Removed temporary ajax_sample module that was used for
 testing.

---
 ajax_sample/__init__.py                     |  0
 ajax_sample/templates/ajax_sample_base.html | 31 ---------------------
 ajax_sample/urls.py                         |  8 ------
 ajax_sample/views.py                        | 16 -----------
 ozp/settings.py                             |  4 +--
 ozp/urls.py                                 |  3 --
 6 files changed, 1 insertion(+), 61 deletions(-)
 delete mode 100644 ajax_sample/__init__.py
 delete mode 100644 ajax_sample/templates/ajax_sample_base.html
 delete mode 100644 ajax_sample/urls.py
 delete mode 100644 ajax_sample/views.py

diff --git a/ajax_sample/__init__.py b/ajax_sample/__init__.py
deleted file mode 100644
index e69de29b..00000000
diff --git a/ajax_sample/templates/ajax_sample_base.html b/ajax_sample/templates/ajax_sample_base.html
deleted file mode 100644
index 0b041f73..00000000
--- a/ajax_sample/templates/ajax_sample_base.html
+++ /dev/null
@@ -1,31 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <meta charset="UTF-8">
-    <title>AJAX Sample</title>
-</head>
-<body>
-    <p>This sample AJAX page pulls a random value from the server every 10 seconds.</p>
-    <p>Next lookup is in <strong><span id="countdown">0</span> second(s).</strong></p>
-    <p>The server request said: <strong><span id="result">...</span></strong></p>
-    <script type="application/javascript" src="https://code.jquery.com/jquery-3.1.1.min.js"></script>
-    <script type="application/javascript">
-
-        var counter = 10;
-
-        function fetchResult() {
-            $('span#result').html('...');
-            $.get('/ajax_sample/status/', function(text) {
-                $('span#result').html(text);
-            });
-        }
-
-        setInterval(function() {
-            counter = (counter < 1) ? 10 : counter - 1;
-            $('span#countdown').html(counter);
-            if (counter < 1) fetchResult();
-        }, 1000);
-
-    </script>
-</body>
-</html>
diff --git a/ajax_sample/urls.py b/ajax_sample/urls.py
deleted file mode 100644
index c9b39325..00000000
--- a/ajax_sample/urls.py
+++ /dev/null
@@ -1,8 +0,0 @@
-from django.conf.urls import url
-
-from ajax_sample.views import *
-
-urlpatterns = [
-    url(r'status/$', status_view),
-    url(r'', base_view),
-]
diff --git a/ajax_sample/views.py b/ajax_sample/views.py
deleted file mode 100644
index ae909fe5..00000000
--- a/ajax_sample/views.py
+++ /dev/null
@@ -1,16 +0,0 @@
-from ozp.decorators.cas_decorators import redirecting_login_required
-from django.http import HttpResponse
-from django.template import loader
-from random import randint
-
-
-def base_view(request):
-    template = loader.get_template('ajax_sample_base.html')
-    return HttpResponse(template.render(request=request))
-
-
-@redirecting_login_required
-def status_view(request):
-    return HttpResponse(randint(1, 20))
-
-
diff --git a/ozp/settings.py b/ozp/settings.py
index f6c23f1c..5bc39dd2 100644
--- a/ozp/settings.py
+++ b/ozp/settings.py
@@ -90,9 +90,7 @@
 TEMPLATES = [
     {
         'BACKEND': 'django.template.backends.django.DjangoTemplates',
-        'DIRS': [
-            BASE_DIR + '/ajax_sample/templates'
-        ],
+        'DIRS': [],
         'APP_DIRS': True,
         'OPTIONS': {
             'context_processors': [
diff --git a/ozp/urls.py b/ozp/urls.py
index bd9cb748..92c10111 100644
--- a/ozp/urls.py
+++ b/ozp/urls.py
@@ -32,9 +32,6 @@
     # CAS
     url(r'^accounts/login/$', 'cas.views.login', name='login'),
     url(r'^accounts/logout/$', 'cas.views.logout', name='logout'),
-
-    # AJAX Sample
-    url(r'^ajax_sample/', include('ajax_sample.urls')),
 ]
 
 # in debug, serve the media and static resources with the django web server

From 15e8446dda31cd335b8a7fcf4bcbe90bc8dce9b4 Mon Sep 17 00:00:00 2001
From: Charles Labas <cslabas@gmail.com>
Date: Wed, 23 Nov 2016 08:54:03 -0500
Subject: [PATCH 22/25] Changed django-cas-client dependency to point to
 official release version

---
 requirements.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 64e0fc9c..c4863fad 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,4 +1,4 @@
-autopep8==1.2.2
+#autopep8==1.2.2
 coverage==4.0.3
 Django==1.8.2
 django-cors-headers==1.1.0
@@ -30,4 +30,4 @@ requests==2.7.0
 six==1.9.0
 wheel==0.24.0
 django-decorator-include==1.1
--e git+http://dev1.vistronix.com:9080/ozp/django-cas.git#egg=django-cas-client
+django-cas-client==1.2.0

From 2436bcb83c80f0e20ee5719acbcbc12527e9c4a0 Mon Sep 17 00:00:00 2001
From: Robert Hutzel <amoebob@eml.cc>
Date: Tue, 29 Nov 2016 15:40:01 -0500
Subject: [PATCH 23/25] Revert 15e8446: We still need the forked
 django-cas-client from our GitLab.

---
 requirements.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index c4863fad..64e0fc9c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,4 +1,4 @@
-#autopep8==1.2.2
+autopep8==1.2.2
 coverage==4.0.3
 Django==1.8.2
 django-cors-headers==1.1.0
@@ -30,4 +30,4 @@ requests==2.7.0
 six==1.9.0
 wheel==0.24.0
 django-decorator-include==1.1
-django-cas-client==1.2.0
+-e git+http://dev1.vistronix.com:9080/ozp/django-cas.git#egg=django-cas-client

From 1399d9f25dca313a01f23258b1b54decbb123f76 Mon Sep 17 00:00:00 2001
From: Robert Hutzel <amoebob@eml.cc>
Date: Tue, 29 Nov 2016 16:21:06 -0500
Subject: [PATCH 24/25] Renamed django-cas-client local forked code egg to
 django-cas-client-ozp

---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 64e0fc9c..c7629d66 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -30,4 +30,4 @@ requests==2.7.0
 six==1.9.0
 wheel==0.24.0
 django-decorator-include==1.1
--e git+http://dev1.vistronix.com:9080/ozp/django-cas.git#egg=django-cas-client
+-e git+http://dev1.vistronix.com:9080/ozp/django-cas.git#egg=django-cas-client-ozp

From 3a122e62196938fba4cb10400fe220c4e6f603e3 Mon Sep 17 00:00:00 2001
From: Charles Labas <cslabas@gmail.com>
Date: Mon, 19 Dec 2016 11:54:02 -0500
Subject: [PATCH 25/25] Fixed git URLs

---
 README.md        | 4 ++--
 requirements.txt | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index cca09a80..c5dbf8da 100644
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@ to get OZP (Center, HUD, Webtop, IWC) up and running, see the
 
 ## 3rd Party Services
 Travis-CI
-[![Build Status](https://travis-ci.org/aml-development/ozp-backend.svg?branch=master)](https://travis-ci.org/ozone-development/ozp-backend)
+[![Build Status](https://travis-ci.org/ozoneplatform/ozp-backend.svg?branch=master)](https://travis-ci.org/ozone-development/ozp-backend)
 
 Quantified Code
 [![Code Issues](https://www.quantifiedcode.com/api/v1/project/13070c3c7b784cf88463f8cee86d5ea2/badge.svg)](https://www.quantifiedcode.com/app/project/13070c3c7b784cf88463f8cee86d5ea2)
@@ -63,7 +63,7 @@ The Python version shipped with Debian Jessie, 3.4.2, will not work with our SDK
 #### Development environment preparation
 
 * `cd ./<ozp project base>`
-* `git clone http://dev1.vistronix.com:9080/ozp/ozp-backend.git`
+* `git clone https://www.github.com/ozoneplatform/ozp-backend.git`
 * `python3 -m venv ozp-venv`
 * `source ozp-venv/bin/activate`
 * `cd ozp-backend`
diff --git a/requirements.txt b/requirements.txt
index c7629d66..0cf8d650 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -30,4 +30,4 @@ requests==2.7.0
 six==1.9.0
 wheel==0.24.0
 django-decorator-include==1.1
--e git+http://dev1.vistronix.com:9080/ozp/django-cas.git#egg=django-cas-client-ozp
+-e git://nssbu/django-cas.git#egg=django-cas-client-ozp