From 8261447991150beb32149f79a6ca9c9239789c96 Mon Sep 17 00:00:00 2001
From: vmarkop <billy.mark.b.m.10@gmail.com>
Date: Wed, 15 Dec 2021 18:19:26 +0200
Subject: [PATCH] migrated SAML settings from config to Settings model

---
 configs/development.py          | 111 --------------------------------
 powerdnsadmin.wsgi              |  11 ----
 powerdnsadmin/default_config.py |   6 +-
 3 files changed, 1 insertion(+), 127 deletions(-)
 delete mode 100644 powerdnsadmin.wsgi

diff --git a/configs/development.py b/configs/development.py
index 1549e46..1359da1 100644
--- a/configs/development.py
+++ b/configs/development.py
@@ -37,117 +37,6 @@ SQLALCHEMY_DATABASE_URI = 'sqlite:///' + os.path.join(basedir, 'pdns.db')
 # MAIL_PASSWORD = None
 # MAIL_DEFAULT_SENDER = ('PowerDNS-Admin', 'noreply@domain.ltd')
 
-# SAML Authnetication
-# SAML_ENABLED = True
-# SAML_DEBUG = True
-SAML_PATH = os.path.join(os.path.dirname(__file__), 'saml')
-# ##Example for ADFS Metadata-URL
-# SAML_METADATA_URL = 'https://<hostname>/FederationMetadata/2007-06/FederationMetadata.xml'
-# #Cache Lifetime in Seconds
-# SAML_METADATA_CACHE_LIFETIME = 1
-
-# # SAML SSO binding format to use
-# ## Default: library default (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect)
-# #SAML_IDP_SSO_BINDING = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
-
-# ## EntityID of the IdP to use. Only needed if more than one IdP is
-# ##   in the SAML_METADATA_URL
-# ### Default: First (only) IdP in the SAML_METADATA_URL
-# ### Example: https://idp.example.edu/idp
-# #SAML_IDP_ENTITY_ID = 'https://idp.example.edu/idp'
-# ## NameID format to request
-# ### Default: The SAML NameID Format in the metadata if present,
-# ###   otherwise urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
-# ### Example: urn:oid:0.9.2342.19200300.100.1.1
-# #SAML_NAMEID_FORMAT = 'urn:oid:0.9.2342.19200300.100.1.1'
-
-# Following parameter defines RequestedAttributes section in SAML metadata
-# since certain iDPs require explicit attribute request. If not provided section
-# will not be available in metadata.
-#
-# Possible attributes:
-# name (mandatory), nameFormat, isRequired, friendlyName
-#
-# NOTE: This parameter requires to be entered in valid JSON format as displayed below
-# and multiple attributes can given
-#
-# Following example:
-#
-# SAML_SP_REQUESTED_ATTRIBUTES = '[ \
-# {"name": "urn:oid:0.9.2342.19200300.100.1.3", "nameFormat": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "isRequired": true, "friendlyName": "email"}, \
-# {"name": "mail", "isRequired": false, "friendlyName": "test-field"} \
-# ]'
-#
-# produces following metadata section:
-# <md:AttributeConsumingService index="1">
-# <md:RequestedAttribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="email" isRequired="true"/>
-# <md:RequestedAttribute Name="mail" FriendlyName="test-field"/>
-# </md:AttributeConsumingService>
-
-
-# ## Attribute to use for Email address
-# ### Default: email
-# ### Example: urn:oid:0.9.2342.19200300.100.1.3
-# #SAML_ATTRIBUTE_EMAIL = 'urn:oid:0.9.2342.19200300.100.1.3'
-
-# ## Attribute to use for Given name
-# ### Default: givenname
-# ### Example: urn:oid:2.5.4.42
-# #SAML_ATTRIBUTE_GIVENNAME = 'urn:oid:2.5.4.42'
-
-# ## Attribute to use for Surname
-# ### Default: surname
-# ### Example: urn:oid:2.5.4.4
-# #SAML_ATTRIBUTE_SURNAME = 'urn:oid:2.5.4.4'
-
-# ## Attribute to use for username
-# ### Default: Use NameID instead
-# ### Example: urn:oid:0.9.2342.19200300.100.1.1
-# #SAML_ATTRIBUTE_USERNAME = 'urn:oid:0.9.2342.19200300.100.1.1'
-
-# ## Attribute to get admin status from
-# ### Default: Don't control admin with SAML attribute
-# ### Example: https://example.edu/pdns-admin
-# ### If set, look for the value 'true' to set a user as an administrator
-# ### If not included in assertion, or set to something other than 'true',
-# ###  the user is set as a non-administrator user.
-# #SAML_ATTRIBUTE_ADMIN = 'https://example.edu/pdns-admin'
-
-# ## Attribute to get account names from
-# ### Default: Don't control accounts with SAML attribute
-# ### If set, the user will be added and removed from accounts to match
-# ###  what's in the login assertion. Accounts that don't exist will
-# ###  be created and the user added to them.
-# SAML_ATTRIBUTE_ACCOUNT = 'https://example.edu/pdns-account'
-
-# SAML_SP_ENTITY_ID = 'http://<SAML SP Entity ID>'
-# SAML_SP_CONTACT_NAME = '<contact name>'
-# SAML_SP_CONTACT_MAIL = '<contact mail>'
-
-# Configures the path to certificate file and it's respective private key file
-# This pair is used for signing metadata, encrypting tokens and all other signing/encryption
-# tasks during communication between iDP and SP
-# NOTE: if this two parameters aren't explicitly provided, self-signed certificate-key pair
-# will be generated in "PowerDNS-Admin" root directory
-# ###########################################################################################
-# CAUTION: For production use, usage of self-signed certificates it's highly discouraged.
-# Use certificates from trusted CA instead
-# ###########################################################################################
-# SAML_CERT_FILE = '/etc/pki/powerdns-admin/cert.crt'
-# SAML_CERT_KEY = '/etc/pki/powerdns-admin/key.pem'
-
-# Configures if SAML tokens should be encrypted.
-# SAML_SIGN_REQUEST = False
-# #Use SAML standard logout mechanism retreived from idp metadata
-# #If configured false don't care about SAML session on logout.
-# #Logout from PowerDNS-Admin only and keep SAML session authenticated.
-# SAML_LOGOUT = False
-# #Configure to redirect to a different url then PowerDNS-Admin login after SAML logout
-# #for example redirect to google.com after successful saml logout
-# #SAML_LOGOUT_URL = 'https://google.com'
-
-# #SAML_ASSERTION_ENCRYPTED = True
-
 # Remote authentication settings
 
 # Whether to enable remote user authentication or not
diff --git a/powerdnsadmin.wsgi b/powerdnsadmin.wsgi
deleted file mode 100644
index 1db39ab..0000000
--- a/powerdnsadmin.wsgi
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/usr/bin/env python3
-import sys
-sys.path.insert(0, '/var/www/powerdns-admin/')
-
-activate_this = '/var/www/powerdns-admin/flask/bin/activate_this.py'
-with open(activate_this) as file_:
-        exec(file_.read(), dict(__file__=activate_this))
-
-from powerdnsadmin import create_app
-application = create_app(config='../configs/production.py')
-application.secret_key = "secret"
diff --git a/powerdnsadmin/default_config.py b/powerdnsadmin/default_config.py
index 9db2e13..04c1246 100644
--- a/powerdnsadmin/default_config.py
+++ b/powerdnsadmin/default_config.py
@@ -27,8 +27,4 @@ SQLALCHEMY_DATABASE_URI = 'mysql://{}:{}@{}/{}'.format(
 )
 
 ### DATABASE - SQLite
-# SQLALCHEMY_DATABASE_URI = 'sqlite:///' + os.path.join(basedir, 'pdns.db')
-
-# SAML Authnetication
-# SAML_ENABLED = False
-# SAML_ASSERTION_ENCRYPTED = True
+# SQLALCHEMY_DATABASE_URI = 'sqlite:///' + os.path.join(basedir, 'pdns.db')
\ No newline at end of file