refactor(admin): admin interface is always enabled

angela-tran · thekaveman · commit 4625f250f48e · 2024-02-13T16:21:51.000-08:00
diff --git a/benefits/core/admin.py b/benefits/core/admin.py
@@ -2,43 +2,43 @@
 The core application: Admin interface configuration.
 """
 
+import logging
 import requests
 
 from django.conf import settings
-
-if settings.ADMIN:
-    import logging
-    from django.contrib import admin
-    from . import models
-
-    logger = logging.getLogger(__name__)
-
-    for model in [
-        models.EligibilityType,
-        models.EligibilityVerifier,
-        models.PaymentProcessor,
-        models.PemData,
-        models.TransitAgency,
-    ]:
-        logger.debug(f"Register {model.__name__}")
-        admin.site.register(model)
-
-    def pre_login_user(user, request):
-        logger.debug(f"Running pre-login callback for user: {user.username}")
-        token = request.session.get("google_sso_access_token")
-        if token:
-            headers = {
-                "Authorization": f"Bearer {token}",
-            }
-
-            # Request Google user info to get name and email
-            url = "https://www.googleapis.com/oauth2/v3/userinfo"
-            response = requests.get(url, headers=headers, timeout=settings.REQUESTS_TIMEOUT)
-            user_data = response.json()
-            logger.debug(f"Updating admin user data from Google for user with email: {user_data['email']}")
-
-            user.first_name = user_data["given_name"]
-            user.last_name = user_data["family_name"]
-            user.username = user_data["email"]
-            user.email = user_data["email"]
-            user.save()
+from django.contrib import admin
+from . import models
+
+logger = logging.getLogger(__name__)
+
+
+for model in [
+    models.EligibilityType,
+    models.EligibilityVerifier,
+    models.PaymentProcessor,
+    models.PemData,
+    models.TransitAgency,
+]:
+    logger.debug(f"Register {model.__name__}")
+    admin.site.register(model)
+
+
+def pre_login_user(user, request):
+    logger.debug(f"Running pre-login callback for user: {user.username}")
+    token = request.session.get("google_sso_access_token")
+    if token:
+        headers = {
+            "Authorization": f"Bearer {token}",
+        }
+
+        # Request Google user info to get name and email
+        url = "https://www.googleapis.com/oauth2/v3/userinfo"
+        response = requests.get(url, headers=headers, timeout=settings.REQUESTS_TIMEOUT)
+        user_data = response.json()
+        logger.debug(f"Updating admin user data from Google for user with email: {user_data['email']}")
+
+        user.first_name = user_data["given_name"]
+        user.last_name = user_data["family_name"]
+        user.username = user_data["email"]
+        user.email = user_data["email"]
+        user.save()
diff --git a/benefits/settings.py b/benefits/settings.py
@@ -45,39 +45,33 @@ def RUNTIME_ENVIRONMENT():
 # Application definition
 
 INSTALLED_APPS = [
+    "django.contrib.admin",
+    "django.contrib.auth",
+    "django.contrib.contenttypes",
     "django.contrib.messages",
     "django.contrib.sessions",
     "django.contrib.staticfiles",
+    "django_google_sso",
     "benefits.core",
     "benefits.enrollment",
     "benefits.eligibility",
     "benefits.oauth",
 ]
 
-if ADMIN:
-    GOOGLE_SSO_CLIENT_ID = os.environ.get("GOOGLE_SSO_CLIENT_ID", "secret")
-    GOOGLE_SSO_PROJECT_ID = os.environ.get("GOOGLE_SSO_PROJECT_ID", "benefits-admin")
-    GOOGLE_SSO_CLIENT_SECRET = os.environ.get("GOOGLE_SSO_CLIENT_SECRET", "secret")
-    GOOGLE_SSO_ALLOWABLE_DOMAINS = _filter_empty(os.environ.get("GOOGLE_SSO_ALLOWABLE_DOMAINS", "compiler.la").split(","))
-    GOOGLE_SSO_STAFF_LIST = _filter_empty(os.environ.get("GOOGLE_SSO_STAFF_LIST", "").split(","))
-    GOOGLE_SSO_SUPERUSER_LIST = _filter_empty(os.environ.get("GOOGLE_SSO_SUPERUSER_LIST", "").split(","))
-    GOOGLE_SSO_LOGO_URL = "/static/img/icon/google_sso_logo.svg"
-    GOOGLE_SSO_SAVE_ACCESS_TOKEN = True
-    GOOGLE_SSO_PRE_LOGIN_CALLBACK = "benefits.core.admin.pre_login_user"
-    GOOGLE_SSO_SCOPES = [
-        "openid",
-        "https://www.googleapis.com/auth/userinfo.email",
-        "https://www.googleapis.com/auth/userinfo.profile",
-    ]
-
-    INSTALLED_APPS.extend(
-        [
-            "django.contrib.admin",
-            "django.contrib.auth",
-            "django.contrib.contenttypes",
-            "django_google_sso",  # Add django_google_sso
-        ]
-    )
+GOOGLE_SSO_CLIENT_ID = os.environ.get("GOOGLE_SSO_CLIENT_ID", "secret")
+GOOGLE_SSO_PROJECT_ID = os.environ.get("GOOGLE_SSO_PROJECT_ID", "benefits-admin")
+GOOGLE_SSO_CLIENT_SECRET = os.environ.get("GOOGLE_SSO_CLIENT_SECRET", "secret")
+GOOGLE_SSO_ALLOWABLE_DOMAINS = _filter_empty(os.environ.get("GOOGLE_SSO_ALLOWABLE_DOMAINS", "compiler.la").split(","))
+GOOGLE_SSO_STAFF_LIST = _filter_empty(os.environ.get("GOOGLE_SSO_STAFF_LIST", "").split(","))
+GOOGLE_SSO_SUPERUSER_LIST = _filter_empty(os.environ.get("GOOGLE_SSO_SUPERUSER_LIST", "").split(","))
+GOOGLE_SSO_LOGO_URL = "/static/img/icon/google_sso_logo.svg"
+GOOGLE_SSO_SAVE_ACCESS_TOKEN = True
+GOOGLE_SSO_PRE_LOGIN_CALLBACK = "benefits.core.admin.pre_login_user"
+GOOGLE_SSO_SCOPES = [
+    "openid",
+    "https://www.googleapis.com/auth/userinfo.email",
+    "https://www.googleapis.com/auth/userinfo.profile",
+]
 
 MIDDLEWARE = [
     "django.middleware.security.SecurityMiddleware",
@@ -91,16 +85,10 @@ def RUNTIME_ENVIRONMENT():
     "django.middleware.clickjacking.XFrameOptionsMiddleware",
     "csp.middleware.CSPMiddleware",
     "benefits.core.middleware.ChangedLanguageEvent",
+    "django.contrib.auth.middleware.AuthenticationMiddleware",
+    "django.contrib.messages.middleware.MessageMiddleware",
 ]
 
-if ADMIN:
-    MIDDLEWARE.extend(
-        [
-            "django.contrib.auth.middleware.AuthenticationMiddleware",
-            "django.contrib.messages.middleware.MessageMiddleware",
-        ]
-    )
-
 if DEBUG:
     MIDDLEWARE.append("benefits.core.middleware.DebugSession")
 
@@ -162,13 +150,12 @@ def RUNTIME_ENVIRONMENT():
         ]
     )
 
-if ADMIN:
-    template_ctx_processors.extend(
-        [
-            "django.contrib.auth.context_processors.auth",
-            "django.contrib.messages.context_processors.messages",
-        ]
-    )
+template_ctx_processors.extend(
+    [
+        "django.contrib.auth.context_processors.auth",
+        "django.contrib.messages.context_processors.messages",
+    ]
+)
 
 TEMPLATES = [
     {
@@ -193,25 +180,21 @@ def RUNTIME_ENVIRONMENT():
 
 # Password validation
 
-AUTH_PASSWORD_VALIDATORS = []
+AUTH_PASSWORD_VALIDATORS = [
+    {
+        "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
+    },
+    {
+        "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
+    },
+    {
+        "NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",
+    },
+    {
+        "NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",
+    },
+]
 
-if ADMIN:
-    AUTH_PASSWORD_VALIDATORS.extend(
-        [
-            {
-                "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
-            },
-            {
-                "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
-            },
-            {
-                "NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",
-            },
-            {
-                "NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",
-            },
-        ]
-    )
 
 # Internationalization
 
diff --git a/benefits/urls.py b/benefits/urls.py
@@ -8,6 +8,7 @@
 import logging
 
 from django.conf import settings
+from django.contrib import admin
 from django.http import HttpResponse
 from django.urls import include, path
 
@@ -46,12 +47,6 @@ def test_secret(request):
 
     urlpatterns.append(path("testsecret/", test_secret))
 
-
-if settings.ADMIN:
-    from django.contrib import admin
-
-    logger.debug("Register admin urls")
-    urlpatterns.append(path("admin/", admin.site.urls))
-    urlpatterns.append(path("google_sso/", include("django_google_sso.urls", namespace="django_google_sso")))
-else:
-    logger.debug("Skip url registrations for admin")
+logger.debug("Register admin urls")
+urlpatterns.append(path("admin/", admin.site.urls))
+urlpatterns.append(path("google_sso/", include("django_google_sso.urls", namespace="django_google_sso")))
diff --git a/docs/configuration/README.md b/docs/configuration/README.md
@@ -55,10 +55,10 @@ from django.config import settings
 
 # ...
 
-if settings.ADMIN:
-    # do something when admin is enabled
+if settings.DEBUG:
+    # do something when debug is enabled
 else:
-    # do something else when admin is disabled
+    # do something else when debug is disabled
 ```
 
 Through the [Django model][django-model] framework, `benefits.core.models` instances are used to access the configuration data:
diff --git a/docs/configuration/environment-variables.md b/docs/configuration/environment-variables.md
@@ -48,13 +48,6 @@ If blank or an invalid key, analytics events aren't captured (though may still b
 
 ## Django
 
-### `DJANGO_ADMIN`
-
-Boolean:
-
-- `True`: activates Django's built-in admin interface for content authoring.
-- `False` (default): skips this activation.
-
 ### `DJANGO_ALLOWED_HOSTS`
 
 !!! warning "Deployment configuration"
diff --git a/docs/getting-started/README.md b/docs/getting-started/README.md
@@ -56,8 +56,7 @@ docker compose up client
 
 After initialization, the client is running running on `http://localhost:8000` by default.
 
-If `DJANGO_ADMIN=true`, the backend administrative interface can be accessed at the `/admin` route using the superuser account
-you setup as part of initialization.
+The backend administrative interface can be accessed at the `/admin` route using the superuser account you setup as part of initialization.
 
 By default, sample values are used to initialize Django. Alternatively you may:
 
diff --git a/terraform/app_service.tf b/terraform/app_service.tf
@@ -66,7 +66,6 @@ resource "azurerm_linux_web_app" "main" {
     "REQUESTS_READ_TIMEOUT"    = "${local.secret_prefix}requests-read-timeout)",
 
     # Django settings
-    "DJANGO_ADMIN"              = "${local.secret_prefix}django-admin)",
     "DJANGO_ALLOWED_HOSTS"      = "${local.secret_prefix}django-allowed-hosts)",
     "DJANGO_DB_DIR"             = "${local.secret_prefix}django-db-dir)",
     "DJANGO_DEBUG"              = local.is_prod ? null : "${local.secret_prefix}django-debug)",
