Issue: https://github.com/opencv/cvat/issues/1217
Currently there are a few proposals for SSO authentication to bypass the
current user/password login on the UI. By using Django social accounts
it is also possible to use SSO on the API, retrieving the security token
by passing the code from the OAuth2 workflow. This is an example using
Amazon Cognito, but any other social account could also be added.
### Motivation and context
Currently CVAT has no functionality to log in with SSO. Other current
proposals bypass the current Django framework to add SSO in the UI only,
but still use username and password for the API. Using Django social
accounts integrates SSO with the API as well, allowing it to be used as
an alternative to the username and password, but can also be used
together with other SSO frameworks that are UI only.
### How has this been tested?
Unit tests for SSO manager in cvat-core and integration test with
cvat-sdk for /auth/cognito endpoint.
### Checklist
<!-- Go over all the following points, and put an `x` in all the boxes
that apply.
If an item isn't applicable by a reason then ~~explicitly
strikethrough~~ the whole
line. If you don't do that github will show an incorrect process for the
pull request.
If you're unsure about any of these, don't hesitate to ask. We're here
to help! -->
- [x] I submit my changes into the `develop` branch
- [ ] I have added a description of my changes into
[CHANGELOG](https://github.com/cvat-ai/cvat/blob/develop/CHANGELOG.md)
file
- [x] I have updated the [documentation](
https://github.com/cvat-ai/cvat/blob/develop/README.md#documentation)
accordingly
- [x] I have added tests to cover my changes
- [x] I have linked related issues ([read github docs](
https://help.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword))
- [ ] I have increased versions of npm packages if it is necessary
([cvat-canvas](https://github.com/cvat-ai/cvat/tree/develop/cvat-canvas#versioning),
[cvat-core](https://github.com/cvat-ai/cvat/tree/develop/cvat-core#versioning),
[cvat-data](https://github.com/cvat-ai/cvat/tree/develop/cvat-data#versioning)
and
[cvat-ui](https://github.com/cvat-ai/cvat/tree/develop/cvat-ui#versioning))
### License
- [x] I submit _my code changes_ under the same [MIT License](
https://github.com/cvat-ai/cvat/blob/develop/LICENSE) that covers the
project.
Feel free to contact the maintainers if that's a concern.
Co-authored-by: Melanie Day <mday@EYEDIAGNOSIS.local>
Co-authored-by: Maria Khrustaleva <maria@cvat.ai>
Co-authored-by: Nikita Manovich <nikita@cvat.ai>
Turns out that #5456 had a nasty side effect. Session hooks are called
when pytest is run with `--collect-only` (even though no tests are
actually run in this case), and Visual Studio Code periodically runs
`pytest --collect-only` in order to learn what tests exist in the
project. As a result, it keeps restarting the services and restoring the
database in the background.
Work around this by skipping all logic in the hooks if `--collect-only`
is in the options.
OPA can take some time to load rules, but our tests don't wait for OPA,
and start right after the server is loaded.
Sometimes it works, but in other times the tests may fail because OPA is
still loading the rules.
This PR allows to wait for OPA during the test suite startup.
`pathlib` improves code readability and type safety. It is already used
in some of the tests; convert all remaining `os.path` usage to `pathlib`
equivalents.
Fixed REST API tests after merging #5408 and #5396 to develop
Co-authored-by: Boris Sekachev <sekachev.bs@gmail.com>
Co-authored-by: Nikita Manovich <nikita@cvat.ai>
* Move the test file share contents to tests/share
This way, it can be reused between tests.
* cvat-sdk: Fix creating tasks with non-local files
Forcing the `Content-Type` for the `upload_data` API call to
`multipart/form-data` does not work, because the current logic for
converting Python values to parts (`ApiClient._convert_body_to_post_params`)
does not encode them in a way that Django REST Framework can understand (it
JSON-encodes each part).
Fortunately, we don't actually need to do that, since when we create a task
with non-local files, we don't need to upload any files, and so we can just
post the original JSON, so do just that.
I couldn't add a test for the remote image case, because CVAT rejects all URLs
with non-public IP addressses. However, I did test this case manually.
Maxim Zhiltsov
ddx-day
Roman Donchenko
Maria Khrustaleva
Nikita Manovich
Kirill Sizov
Anastasia Yasakova
Andrey Zhavoronkov