From 088b483aa57bfd7bae77ac3e4bb9ff73b2d884fb Mon Sep 17 00:00:00 2001
From: Jason Hansel <jasonh@ds.dfci.harvard.edu>
Date: Tue, 5 Dec 2023 12:30:31 -0500
Subject: [PATCH 1/2] Avoid issues with SAML auth when it isn't being used

---
 matchminer/custom.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/matchminer/custom.py b/matchminer/custom.py
index f683aab..78dcd1c 100644
--- a/matchminer/custom.py
+++ b/matchminer/custom.py
@@ -10,7 +10,6 @@
 from urllib.parse import urlparse
 from bson import ObjectId
 
-from onelogin.saml2.auth import OneLogin_Saml2_Auth
 import simplejson as json
 import oncotreenx
 from requests import post, get
@@ -653,6 +652,7 @@ def init_saml_auth(req):
     json_data_file.close()
 
     # create auth object with required settings.
+    from onelogin.saml2.auth import OneLogin_Saml2_Auth
     auth = OneLogin_Saml2_Auth(req, settings_data)
 
     # return it

From 3b635953fb1fabf3406e2b3025ee021ea6338018 Mon Sep 17 00:00:00 2001
From: Jason Hansel <jasonh@ds.dfci.harvard.edu>
Date: Tue, 5 Dec 2023 12:30:44 -0500
Subject: [PATCH 2/2] Allow disabling OnCore auth

---
 matchminer/security.py | 6 +++++-
 matchminer/settings.py | 1 +
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/matchminer/security.py b/matchminer/security.py
index 169d55b..f5905c8 100644
--- a/matchminer/security.py
+++ b/matchminer/security.py
@@ -19,7 +19,7 @@
 from bson.objectid import ObjectId
 
 from matchminer import database
-from matchminer.settings import ONCORE_CURATION_AUTH_TOKEN
+from matchminer.settings import ONCORE_CURATION_AUTH_TOKEN, DISABLE_ONCORE_AUTH
 
 logging.basicConfig(level=logging.INFO, format='[%(levelname)s] %(message)s', )
 
@@ -129,6 +129,10 @@ def authorize_oncore_curation(request):
     :return: {bool} True if user is not authenticated. False if user is authenticated
     """
 
+    if DISABLE_ONCORE_AUTH:
+        logging.info("Curation UI auth disabled")
+        return False
+
     user_id = request.cookies.get('user_id')
     if user_id is None:
         return True
diff --git a/matchminer/settings.py b/matchminer/settings.py
index 5c96bb2..146a25e 100644
--- a/matchminer/settings.py
+++ b/matchminer/settings.py
@@ -21,6 +21,7 @@
 SLS_URL = ""
 SAML_SETTINGS = ""
 NO_AUTH = ""
+DISABLE_ONCORE_AUTH = False
 WELCOME_EMAIL = ""
 API_PORT = ""
 API_TOKEN = ""