Skip to content

refactor: consolidate scattered SSO code into a dedicated dojo/sso/ package#14765

Open
Maffooch wants to merge 1 commit intoDefectDojo:devfrom
Maffooch:sso-clean-up
Open

refactor: consolidate scattered SSO code into a dedicated dojo/sso/ package#14765
Maffooch wants to merge 1 commit intoDefectDojo:devfrom
Maffooch:sso-clean-up

Conversation

@Maffooch
Copy link
Copy Markdown
Contributor

@Maffooch Maffooch commented Apr 27, 2026

Description

Code cleanup. SSO-related code (OAuth2, SAML2, OIDC, REMOTE_USER auth) was
previously spread across many shared files. This PR consolidates it into a
single dedicated dojo/sso/ Python package so SSO logic lives in one place
and the surrounding shared files (dojo/urls.py, dojo/user/views.py,
dojo/settings/settings.dist.py, dojo/middleware.py,
dojo/context_processors.py, dojo/templates/dojo/login.html) only retain
small, well-defined seams that hook into dojo/sso/.

No behavior changes — settings names, env-var names, URLs, and template
output are all preserved.

Changes

Files moved into dojo/sso/:

  • dojo/pipeline.pydojo/sso/pipeline.py
  • dojo/remote_user.pydojo/sso/remote_user.py
  • dojo/settings/attribute-maps/dojo/sso/attribute_maps/

Code extracted into new modules under dojo/sso/:

  • CustomSocialAuthExceptionMiddleware from dojo/middleware.pydojo/sso/middleware.py
  • SSO context-processor keys from dojo/context_processors.pydojo/sso/context_processors.py
  • SSO env-var schema, authentication backends, social-auth pipeline, and SAML2
    configuration from dojo/settings/settings.dist.pydojo/sso/settings.py
  • Login-form auto-redirect logic from dojo/user/views.pydojo/sso/views.py
  • SSO login buttons from dojo/templates/dojo/login.htmldojo/sso/templates/dojo/sso_login_buttons.html
  • social_django and djangosaml2 URL routes → dojo/sso/urls.py

Other:

  • .dryrunsecurity.yaml updated to reference new paths
  • unittests/test_remote_user.py and unittests/test_social_auth_failure_handling.py updated for new import paths

@Maffooch
Consolidate scattered SSO code into a dedicated dojo/sso/ package
fe5f3e3 
SSO-related code (OAuth2, SAML2, OIDC, REMOTE_USER auth) was spread
across dojo/middleware.py, dojo/context_processors.py,
dojo/settings/settings.dist.py, dojo/user/views.py,
dojo/templates/dojo/login.html, dojo/pipeline.py, dojo/remote_user.py,
and dojo/settings/attribute-maps/. Move all of it into a single
dojo/sso/ package so SSO logic lives in one place.

No behavior change: settings names, URLs, and template output are
preserved.
@Maffooch Maffooch requested a review from mtesauro as a code owner April 27, 2026 22:08
@github-actions github-actions Bot added settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR unittests ui labels Apr 27, 2026
@Maffooch Maffooch added this to the 2.58.0 milestone Apr 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtesauro mtesauro Awaiting requested review from mtesauro mtesauro is a code owner

@valentijnscholten valentijnscholten Awaiting requested review from valentijnscholten

@Jino-T Jino-T Awaiting requested review from Jino-T

@blakeaowens blakeaowens Awaiting requested review from blakeaowens

At least 4 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR ui unittests

Projects

None yet

Milestone

2.58.0

Development

Successfully merging this pull request may close these issues.

1 participant

@Maffooch