From 0f975adc14958c88e9448cf2feba5478e932f645 Mon Sep 17 00:00:00 2001 From: Feanil Patel Date: Fri, 20 Sep 2024 08:51:51 -0400 Subject: [PATCH] feat: Be able to login to bare-metal studio easily. (#35172) * feat: Be able to login to bare-metal studio easily. Updating the documentation and the devstack.py files so that if you're running bare-metal you can easily setup studio login via the LMS. I also added the Ports that the various MFEs expect to the runserver scripts so that it's easier to run those locally as well. Co-authored-by: Kyle McCormick --- README.rst | 33 +++++++++++++++++++++++++++++++-- cms/envs/devstack.py | 3 ++- lms/envs/minimal.yml | 3 +++ 3 files changed, 36 insertions(+), 3 deletions(-) diff --git a/README.rst b/README.rst index e74176faf91e..64186fca3ace 100644 --- a/README.rst +++ b/README.rst @@ -124,6 +124,35 @@ sites):: ./manage.py lms collectstatic ./manage.py cms collectstatic +Set up CMS SSO (for Development):: + + ./manage.py lms manage_user studio_worker example@example.com --unusable-password + # DO NOT DO THIS IN PRODUCTION. It will make your auth insecure. + ./manage.py lms create_dot_application studio-sso-id studio_worker \ + --grant-type authorization-code \ + --skip-authorization \ + --redirect-uris 'http://localhost:18010/complete/edx-oauth2/' \ + --scopes user_id \ + --client-id 'studio-sso-id' \ + --client-secret 'studio-sso-secret' + +Set up CMS SSO (for Production): + +* Create the CMS user and the OAuth application:: + + ./manage.py lms manage_user studio_worker --unusable-password + ./manage.py lms create_dot_application studio-sso-id studio_worker \ + --grant-type authorization-code \ + --skip-authorization \ + --redirect-uris 'http://localhost:18010/complete/edx-oauth2/' \ + --scopes user_id + +* Log into Django admin (eg. http://localhost:18000/admin/oauth2_provider/application/), + click into the application you created above (``studio-sso-id``), and copy its "Client secret". +* In your private LMS_CFG yaml file or your private Django settings module: + + * Set ``SOCIAL_AUTH_EDX_OAUTH2_KEY`` to the client ID (``studio-sso-id``). + * Set ``SOCIAL_AUTH_EDX_OAUTH2_SECRET`` to the client secret (which you copied). Run the Platform ---------------- @@ -131,11 +160,11 @@ First, ensure MySQL, Mongo, and Memcached are running. Start the LMS:: - ./manage.py lms runserver + ./manage.py lms runserver 18000 Start the CMS:: - ./manage.py cms runserver + ./manage.py cms runserver 18010 This will give you a mostly-headless Open edX platform. Most frontends have been migrated to "Micro-Frontends (MFEs)" which need to be installed and run diff --git a/cms/envs/devstack.py b/cms/envs/devstack.py index e944d67eda1b..1d3a510cdc4c 100644 --- a/cms/envs/devstack.py +++ b/cms/envs/devstack.py @@ -267,7 +267,8 @@ def should_show_debug_toolbar(request): # lint-amnesty, pylint: disable=missing ################ Using LMS SSO for login to Studio ################ SOCIAL_AUTH_EDX_OAUTH2_KEY = 'studio-sso-key' SOCIAL_AUTH_EDX_OAUTH2_SECRET = 'studio-sso-secret' # in stage, prod would be high-entropy secret -SOCIAL_AUTH_EDX_OAUTH2_URL_ROOT = 'http://edx.devstack.lms:18000' # routed internally server-to-server +# routed internally server-to-server +SOCIAL_AUTH_EDX_OAUTH2_URL_ROOT = ENV_TOKENS.get('SOCIAL_AUTH_EDX_OAUTH2_URL_ROOT', 'http://edx.devstack.lms:18000') SOCIAL_AUTH_EDX_OAUTH2_PUBLIC_URL_ROOT = 'http://localhost:18000' # used in browser redirect # Don't form the return redirect URL with HTTPS on devstack diff --git a/lms/envs/minimal.yml b/lms/envs/minimal.yml index d455d1f3dbf8..51d7bbf499c4 100644 --- a/lms/envs/minimal.yml +++ b/lms/envs/minimal.yml @@ -36,3 +36,6 @@ LMS_INTERNAL_ROOT_URL: "http://localhost" # So that Swagger config code doesn't complain API_ACCESS_MANAGER_EMAIL: "api-access@example.com" + +# So that you can login to studio on bare-metal +SOCIAL_AUTH_EDX_OAUTH2_URL_ROOT: 'http://localhost:18000'