From 70ccd137e13d8a4a6226cba6afc20d0538e38a48 Mon Sep 17 00:00:00 2001
From: kevgliss <kevgliss@gmail.com>
Date: Thu, 27 Aug 2015 13:09:02 -0700
Subject: [PATCH 1/3] removing netflix specific code from auth flow

---
 lemur/auth/views.py | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/lemur/auth/views.py b/lemur/auth/views.py
index 1ecbdeba..0c55f627 100644
--- a/lemur/auth/views.py
+++ b/lemur/auth/views.py
@@ -183,10 +183,6 @@ class Ping(Resource):
         # update their google 'roles'
         roles = []
 
-        # Legacy edge case - 'admin' has some special privileges associated with it
-        if 'secops@netflix.com' in profile['googleGroups']:
-            roles.append(role_service.get_by_name('admin'))
-
         for group in profile['googleGroups']:
             role = role_service.get_by_name(group)
             if not role:
@@ -196,10 +192,12 @@ class Ping(Resource):
         # if we get an sso user create them an account
         # we still pick a random password in case sso is down
         if not user:
-            # every user is an operator (tied to the verisignCA)
-            v = role_service.get_by_name('verisign')
-            if v:
-                roles.append(v)
+
+            # every user is an operator (tied to a default role)
+            if current_app.config.get('LEMUR_DEFAULT_ROLE'):
+                v = role_service.get_by_name(current_app.config.get('LEMUR_DEFAULT_ROLE'))
+                if v:
+                    roles.append(v)
 
             user = user_service.create(
                 profile['email'],

From 783acf6d8c08426f6abdc2bba4035817eb1f1314 Mon Sep 17 00:00:00 2001
From: kevgliss <kevgliss@gmail.com>
Date: Sat, 29 Aug 2015 10:10:42 -0700
Subject: [PATCH 2/3] Removing Meechum specific code

---
 lemur/static/app/angular/app.js                |  2 +-
 .../authentication/login/login.tpl.html        |  4 ++--
 .../angular/authentication/unlock/unlock.js    | 18 ------------------
 .../authentication/unlock/unlock.tpl.html      | 16 ----------------
 4 files changed, 3 insertions(+), 37 deletions(-)
 delete mode 100644 lemur/static/app/angular/authentication/unlock/unlock.js
 delete mode 100644 lemur/static/app/angular/authentication/unlock/unlock.tpl.html

diff --git a/lemur/static/app/angular/app.js b/lemur/static/app/angular/app.js
index 2f0cc90a..fd620ffe 100644
--- a/lemur/static/app/angular/app.js
+++ b/lemur/static/app/angular/app.js
@@ -25,7 +25,7 @@ var lemur = angular
       });
 
     $authProvider.oauth2({
-      name: 'ping',
+      name: 'example',
       url: 'http://localhost:5000/api/1/auth/ping',
       redirectUri: 'http://localhost:3000/',
       clientId: 'client-id',
diff --git a/lemur/static/app/angular/authentication/login/login.tpl.html b/lemur/static/app/angular/authentication/login/login.tpl.html
index 894a5e3a..fe69d4be 100644
--- a/lemur/static/app/angular/authentication/login/login.tpl.html
+++ b/lemur/static/app/angular/authentication/login/login.tpl.html
@@ -3,8 +3,8 @@
   <div class="login">
     <div class="row">
       <div class="col-xs-12 col-sm-12 col-md-12">
-        <button class="btn btn-block btn-default" ng-click="authenticate('ping')">
-          Login with Meechum
+        <button class="btn btn-block btn-default" ng-click="authenticate('Example')">
+          Login with Example
         </button>
       </div>
     </div>
diff --git a/lemur/static/app/angular/authentication/unlock/unlock.js b/lemur/static/app/angular/authentication/unlock/unlock.js
deleted file mode 100644
index 44304997..00000000
--- a/lemur/static/app/angular/authentication/unlock/unlock.js
+++ /dev/null
@@ -1,18 +0,0 @@
-'use strict';
-
-angular.module('lemur')
-  .config(function config($routeProvider) {
-    $routeProvider.when('/unlock', {
-      templateUrl: '/angular/authentication/unlock/unlock.tpl.html',
-      controller: 'UnlockCtrl'
-    });
-  })
-  .controller('UnlockCtrl', function ($scope, $location, lemurRestangular, messageService) {
-    $scope.unlock = function () {
-      lemurRestangular.one('unlock').customPOST({'password': $scope.password})
-        .then(function (data) {
-          messageService.addMessage(data);
-          $location.path('/dashboard');
-        });
-    };
-  });
diff --git a/lemur/static/app/angular/authentication/unlock/unlock.tpl.html b/lemur/static/app/angular/authentication/unlock/unlock.tpl.html
deleted file mode 100644
index 40ff5483..00000000
--- a/lemur/static/app/angular/authentication/unlock/unlock.tpl.html
+++ /dev/null
@@ -1,16 +0,0 @@
-<h2 class="featurette-heading">Unlock <span class="text-muted"><small>Assume 9 is twice 5; how will you write 6 times 5 in the same system of notation?</small></span></h2>
-<form class="form-horizontal" _lpchecked="1">
-  <fieldset class="col-lg-offset-4">
-    <div class="form-group">
-      <div class="col-lg-4">
-        <input type="password" ng-model="password" placeholder="Password" class="form-control"/>
-      </div>
-    </div>
-    <hr class="featurette-divider">
-    <div class="form-group">
-      <div class="col-lg-4">
-        <button ng-click="unlock()" class="btn btn-success">Unlock</button>
-      </div>
-    </div>
-  </fieldset>
-</form>

From 572c44b78b041e26a72a8f6997d42870f4facddd Mon Sep 17 00:00:00 2001
From: kevgliss <kevgliss@gmail.com>
Date: Sat, 29 Aug 2015 10:15:31 -0700
Subject: [PATCH 3/3] Adding a some more docs around oauth2

---
 docs/administration/index.rst | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/docs/administration/index.rst b/docs/administration/index.rst
index e57dd5c0..3ca887b8 100644
--- a/docs/administration/index.rst
+++ b/docs/administration/index.rst
@@ -186,8 +186,10 @@ Verisign/Symantec and CloudCA
 
 Authentication
 --------------
-Lemur currently supports Basic Authentication and Ping OAuth2, additional flows can be added relatively easily
-If you are not using PING you do not need to configure any of these options
+Lemur currently supports Basic Authentication and Ping OAuth2 out of the box, additional flows can be added relatively easily
+If you are not using Ping you do not need to configure any of these options.
+
+For more information about how to use social logins, see: `Satellizer <https://github.com/sahat/satellizer>`_
 
 .. data:: PING_SECRET
     :noindex: