[Fixes #14177] Implement storage and handling of authentications for external resources

[sijandh35]

Fixes #14177

Checklist

Reviewing is a process done by project maintainers, mostly on a volunteer basis. We try to keep the overhead as small as possible and appreciate if you help us to do so by completing the following items. Feel free to ask in a comment if you have troubles with any of them.

For all pull requests:

• Confirm you have read the contribution guidelines
• You have sent a Contribution Licence Agreement (CLA) as necessary (not required for small changes, e.g., fixing typos in the documentation)
• Make sure the first PR targets the master branch, eventual backports will be managed later. This can be ignored if the PR is fixing an issue that only happens in a specific branch, but not in newer ones.

The following are required only for core and extension modules (they are welcomed, but not required, for contrib modules):

• There is a ticket in https://github.com/GeoNode/geonode/issues describing the issue/improvement/feature (a notable exemption is, changes not visible to end-users)
• The issue connected to the PR must have Labels and Milestone assigned
• PR for bug fixes and small new features are presented as a single commit
• PR title must be in the form "[Fixes #<issue_number>] Title of the PR"
• New unit tests have been added covering the changes, unless there is an explanation on why the tests are not necessary/implemented

Submitting the PR does not require you to check all items, but by the time it gets merged, they should be either satisfied or inapplicable.

[gemini-code-assist]

Warning

Gemini is experiencing higher than usual traffic and was unable to create the review. Please try again in a few hours by commenting /gemini review.

[codecov]

Codecov Report

❌ Patch coverage is 79.56403% with 75 lines in your changes missing coverage. Please review.
✅ Project coverage is 64.96%. Comparing base (32ab42e) to head (f984ab4).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #14192      +/-   ##
==========================================
+ Coverage   64.82%   64.96%   +0.13%     
==========================================
  Files         960      967       +7     
  Lines       58865    59208     +343     
  Branches     8069     8104      +35     
==========================================
+ Hits        38159    38462     +303     
- Misses      19083    19115      +32     
- Partials     1623     1631       +8     

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[giohappy]

@sijandh35 I would move these utils under the security module

[sijandh35]

Updated.

[giohappy]

Call the registry to obtain the handler for the type, and deledate payload validation to t handler classmethod, like AuthHandler.validate(cleaned_data)

[giohappy]

Let's avoid conditions on specific types. This couples the Admin to the implemented handlers.
For safety and simplicity, let's encrypt/decrypt the entire payload.

[giohappy]

we don't need this util. The caller can just use auth_handler_registry.build(config) itself.

[giohappy]

This can be a class method on the AuthBasicHandler

[giohappy]

This can be a class methos on BasicAuthHandler.
However, see my comment inside services...

[giohappy]

I wouldn't pass username/password around anymore.
owslib.WebMapService supports passing an auth object (see the signature here). So here and here we can pass an auth object.
I suggest adapting the handler to handle an auth object in place of username and password.

[gitguardian]

⚠️ GitGuardian has uncovered 2 secrets following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secrets in your pull request

GitGuardian id	GitGuardian status	Secret	Commit	Filename
32555648	Triggered	Authentication Tuple	eebd47c	geonode/security/tests.py	View secret
32555648	Triggered	Authentication Tuple	eebd47c	geonode/services/tests.py	View secret

🛠 Guidelines to remediate hardcoded secrets

1. Understand the implications of revoking this secret by investigating where it is used in your code.
2. Replace and store your secrets safely. Learn here the best practices.
3. Revoke and rotate these secrets.
4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

• following these best practices for managing and storing secrets including API keys and other credentials
• install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.

---

^{🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.}