Ensure SSO works on admin level

[lcduong]

This PR closes/references issue #234 .
Implement new page /orga/admin/sso/settings which allow Admin to set key pair for SSO, Admin able to add/delete key pair

How has this been tested?

Checklist

• I have added tests to cover my changes.

Summary by Sourcery

Implement a new admin-level SSO settings page and refactor SSO functionality to be managed as an external plugin, enhancing the system's modularity and allowing administrators to manage SSO key pairs directly.

New Features:

• Introduce a new admin page for SSO settings, allowing administrators to add or delete key pairs for SSO.

Enhancements:

• Refactor SSO implementation to use an external plugin, improving modularity and maintainability.

[sourcery-ai]

Reviewer's Guide by Sourcery

This PR refactors the SSO implementation by moving it from the organizer level to the admin level and implementing it as an external plugin. The changes include removing SSO-related code from the organizer views and forms, creating new dedicated SSO views and templates, and updating the authentication flow to use dynamic SSO provider configuration.

Updated class diagram for SSO implementation

classDiagram
    class SSOConfigureView {
        +get_object()
        +get_success_url()
        +form_valid(form)
        +form_invalid(form)
        +get_context_data(**kwargs)
    }
    class SSODeleteView {
        +get_object(queryset=None)
        +action_object_name()
        +action_back_url
        +post(*args, **kwargs)
    }
    class SSOClientForm {
        +fields: client_id, secret
    }
    SSOConfigureView --> SSOClientForm
    SSODeleteView --> SocialApp
    SSOConfigureView --> SocialApp
    class SocialApp {
        +provider
        +name
        +client_id
        +secret
    }

Loading

File-Level Changes

Change	Details	Files
Moved SSO configuration from organizer level to admin level	Created new admin-level SSO settings page Added SSO settings link to admin navigation menu Removed SSO configuration from organizer detail page Created new SSO delete view for removing SSO configuration	src/pretalx/orga/urls.py src/pretalx/orga/templates/orga/base.html src/pretalx/orga/templates/orga/organiser/detail.html src/pretalx/eventyay_common/views/sso.py src/pretalx/eventyay_common/templates/eventyay_common/sso/detail.html
Refactored SSO implementation to use dynamic provider configuration	Updated OAuth2 session to use dynamically loaded SSO provider credentials Removed hardcoded SSO client settings from configuration Simplified SSO client form to handle only required fields	src/pretalx/eventyay_common/views/auth.py src/pretalx/settings.py src/pretalx/orga/forms/sso_client_form.py
Cleaned up and removed deprecated SSO code	Removed SSO-related methods from organizer views Deleted unused SSO template Removed organizer-specific SSO configuration handling	src/pretalx/orga/views/organiser.py src/pretalx/orga/templates/orga/organiser/organiser_sso.html

Possibly linked issues

• Ensure SSO works on admin level and change implementation to be an external plugin #234: The PR implements admin-level SSO settings and refactors SSO as an external plugin, addressing the issue.

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time. You can also use
  this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey @lcduong - I've reviewed your changes - here's some feedback:

Overall Comments:

• Please add tests to cover the new SSO configuration functionality and authentication flow changes, as these are security-critical features.

Here's what I looked at during the review

• 🟡 General issues: 2 issues found
• 🟢 Security: all looks good
• 🟢 Testing: all looks good
• 🟡 Complexity: 1 issue found
• 🟢 Documentation: all looks good

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

issue: Add error handling for missing SSO provider

The function should handle the case where no SSO provider exists, possibly redirecting to a configuration page with an appropriate message.

[sourcery-ai]

issue (complexity): Consider caching the get_object result and simplifying form handling to reduce code complexity.

The current implementation has unnecessary complexity that can be simplified while maintaining Django patterns:

1. Cache the get_object result as a property to avoid multiple database queries:

@property
def sso_provider(self):
    if not hasattr(self, '_sso_provider'):
        self._sso_provider = SocialApp.objects.filter(
            provider=settings.EVENTYAY_SSO_PROVIDER
        ).first()
    return self._sso_provider

2. Simplify form handling by leveraging Django's built-in functionality:

def form_valid(self, form):
    instance = form.save(commit=False)
    instance.provider = settings.EVENTYAY_SSO_PROVIDER
    instance.name = "Eventyay Ticket Provider"
    instance.save()
    instance.sites.add(Site.objects.get(pk=settings.SITE_ID))
    messages.success(self.request, phrases.base.saved)
    return super().form_valid(form)

def get_success_url(self):
    return self.request.path

This removes the need for a separate form_invalid method since the parent class already handles it appropriately. The property caching pattern reduces database queries and improves code organization while maintaining Django conventions.

[hongquan]

.first() returns nullable object. sso_provider can be None and sso_provider.client_id will raise error.