From a25a162229513d3315c5908b78e03aa235137616 Mon Sep 17 00:00:00 2001
From: Chris Church <chris@ninemoreminutes.com>
Date: Tue, 19 Nov 2013 14:45:39 -0500
Subject: [PATCH] AC-170 Disable REST session auth and Django admin by default.

---
 awx/main/admin.py        |  5 +++++
 awx/settings/defaults.py |  5 +++--
 awx/urls.py              | 12 +++++++++---
 3 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/awx/main/admin.py b/awx/main/admin.py
index 7e967bde94..154b201351 100644
--- a/awx/main/admin.py
+++ b/awx/main/admin.py
@@ -1,9 +1,13 @@
 # Copyright (c) 2013 AnsibleWorks, Inc.
 # All Rights Reserved.
 
+# Django admin isn't officially supported!
+
+# Python
 import json
 import urllib
 
+# Django
 from django.conf.urls import *
 from django.contrib import admin
 from django.contrib.admin.util import unquote
@@ -15,6 +19,7 @@ from django.utils.translation import ugettext_lazy as _
 from django.contrib.auth.models import User
 from django.contrib.auth.admin import UserAdmin
 
+# AWX
 from awx.lib.compat import format_html
 from awx.main.models import *
 from awx.main.forms import *
diff --git a/awx/settings/defaults.py b/awx/settings/defaults.py
index 80f8650411..c055b76476 100644
--- a/awx/settings/defaults.py
+++ b/awx/settings/defaults.py
@@ -117,7 +117,6 @@ ROOT_URLCONF = 'awx.urls'
 WSGI_APPLICATION = 'awx.wsgi.application'
 
 INSTALLED_APPS = (
-    'django.contrib.admin',
     'django.contrib.auth',
     'django.contrib.contenttypes',
     'django.contrib.messages',
@@ -133,6 +132,8 @@ INSTALLED_APPS = (
     'awx.main',
     'awx.api',
     'awx.ui',
+    # Django admin is disabled and not supported by default.
+    #'django.contrib.admin',
 )
 
 INTERNAL_IPS = ('127.0.0.1',)
@@ -144,7 +145,7 @@ REST_FRAMEWORK = {
     'DEFAULT_AUTHENTICATION_CLASSES': (
         'rest_framework.authentication.BasicAuthentication',
         'awx.api.authentication.TokenAuthentication',
-        'rest_framework.authentication.SessionAuthentication',
+        #'rest_framework.authentication.SessionAuthentication',
     ),
     'DEFAULT_PERMISSION_CLASSES': (
         'awx.api.permissions.ModelAccessPermission',
diff --git a/awx/urls.py b/awx/urls.py
index 1b8be274d9..33c73c3958 100644
--- a/awx/urls.py
+++ b/awx/urls.py
@@ -22,7 +22,13 @@ if 'django.contrib.admin' in settings.INSTALLED_APPS:
 
 if settings.DEBUG:
     urlpatterns += patterns('awx.main.views',
-        url(r'^(?:admin/)?403.html$', 'handle_403'),
-        url(r'^(?:admin/)?404.html$', 'handle_404'),
-        url(r'^(?:admin/)?500.html$', 'handle_500'),
+        url(r'^403.html$', 'handle_403'),
+        url(r'^404.html$', 'handle_404'),
+        url(r'^500.html$', 'handle_500'),
     )
+    if 'django.contrib.admin' in settings.INSTALLED_APPS:
+        urlpatterns += patterns('awx.main.views',
+            url(r'^admin/403.html$', 'handle_403'),
+            url(r'^admin/404.html$', 'handle_404'),
+            url(r'^admin/500.html$', 'handle_500'),
+        )