Bug 1065784 - Remove Django admin (#3170)

Since the only things we used it for were: * editing users - but that doesn't work any more (bug 1346740) so requires a manual DB edit as is it, and we won't need to edit users at all once LDAP groups are used for permissions (bug 1273092) * marking pending Hawk credentials as approved - however we're not accepting any new requests for Hawk credentials (bug 1433011) * resetting the secret key for Hawk credentials - however we've not used this feature once in the entire time we've used Hawk - and its trivial via MySQLWorkbench. As as added bonus removing Django admin: * reduces the work required to add a CSP header * speeds up `collectstatic` (which is run during deploy) by 30% * reduces the risk of giving `is_staff` permissions (which have to be given to sheriffs, but also allowed admin access) * reduces attack surface in general In addition to the Django admin app, `django.contrib.messages` app and the auth/messages context processors have been removed, since after bug 1433011, admin was the only remaining consumer of them: https://docs.djangoproject.com/en/1.11/ref/contrib/admin/
2018-01-30 23:49:58 +00:00 · 2018-01-30 23:49:58 +00:00 · dcb2a3efb3
--- a/treeherder/config/settings.py
+++ b/treeherder/config/settings.py
@ -66,12 +66,6 @@ TEMPLATES = [
            path("templates"),
        ],
        'APP_DIRS': True,
-        'OPTIONS': {
-            'context_processors': [
-                'django.contrib.auth.context_processors.auth',
-                'django.contrib.messages.context_processors.messages',
-            ],
-        },
    },
 ]

@ -90,7 +84,6 @@ MIDDLEWARE_CLASSES = [middleware for middleware in [
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
-    'django.contrib.messages.middleware.MessageMiddleware',
    'hawkrest.middleware.HawkResponseMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
 ] if middleware]
@ -121,12 +114,10 @@ INSTALLED_APPS = [
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
-    'django.contrib.messages',
    # Disable Django's own staticfiles handling in favour of WhiteNoise, for
    # greater consistency between gunicorn and `./manage.py runserver`.
    'whitenoise.runserver_nostatic',
    'django.contrib.staticfiles',
-    'django.contrib.admin',
    # 3rd party apps
    'rest_framework',
    'rest_framework_swagger',
--- a/treeherder/config/urls.py
+++ b/treeherder/config/urls.py
@ -1,17 +1,13 @@
 from django.conf import settings
 from django.conf.urls import (include,
                              url)
-from django.contrib import admin
 from django.views.decorators.csrf import csrf_exempt
 from rest_framework_swagger.views import get_swagger_view

 from treeherder.webapp.api import urls as api_urls

-admin.site.login_template = 'webapp/admin_login.html'
-
 urlpatterns = [
   url(r'^api/', include(api_urls)),
-   url(r'^admin/', admin.site.urls),
   url(r'^docs/', get_swagger_view(title='Treeherder API')),
 ]

--- a/treeherder/webapp/admin.py
+++ b/treeherder/webapp/admin.py
@ -1,40 +0,0 @@
-from django.contrib import admin
-
-from treeherder.model.models import *
-from treeherder.perf.models import PerformanceFramework
-
-
-class JobTypeAdmin(admin.ModelAdmin):
-    list_display = ['name', 'symbol', 'description']
-    list_editable = ['symbol']
-
-
-class ReferenceDataSignatureAdmin(admin.ModelAdmin):
-    list_display = ["name", "signature", "build_os_name", "build_platform",
-                    "build_architecture", "machine_os_name", "machine_platform",
-                    "machine_architecture", "job_group_name", "job_group_symbol",
-                    "job_type_name", "job_type_symbol", "option_collection_hash", "build_system_type",
-                    "first_submission_timestamp"]
-
-    search_fields = ["name", "signature", "build_os_name", "build_platform",
-                     "build_architecture", "machine_os_name", "machine_platform",
-                     "machine_architecture", "job_group_name", "job_group_symbol",
-                     "job_type_name", "job_type_symbol", "option_collection_hash", "build_system_type"]
-
-
-# custom admin classes
-admin.site.register(JobType, JobTypeAdmin)
-admin.site.register(Repository)
-admin.site.register(ReferenceDataSignatures, ReferenceDataSignatureAdmin)
-# default admin classes
-admin.site.register(Product)
-admin.site.register(BuildPlatform)
-admin.site.register(Option)
-admin.site.register(RepositoryGroup)
-admin.site.register(MachinePlatform)
-admin.site.register(Bugscache)
-admin.site.register(Machine)
-admin.site.register(JobGroup)
-admin.site.register(OptionCollection)
-admin.site.register(FailureClassification)
-admin.site.register(PerformanceFramework)
--- a/treeherder/webapp/templates/webapp/admin_login.html
+++ b/treeherder/webapp/templates/webapp/admin_login.html
@ -1,17 +0,0 @@
-{% extends "admin/base_site.html" %}
-{% block content %}
-<html>
-  <body>
-    <div>
-        {% if user.is_authenticated %}
-        <!--shouldn't see this page if you're logged in.  It should just go to admin-->
-            Current user: {{ user.email }} - {{ user.username}} - {{user.is_superuser}}
-            <div>Something went wrong.
-                 Try logging out and back in through the main <a href="/" target="_blank">Treeherder UI</a>.</div>
-        {% else %}
-            <div>Please login through the main <a href="/" target="_blank">Treeherder UI</a>.</div>
-        {% endif %}
-    </div>
-  </body>
-</html>
-{% endblock %}