Require staff accounts to authenticate through SSO.

Glob to investigate keeping external Bugmails.

Design Document: https://docs.google.com/document/d/1n9u6bQHmAXlDxpY78KTpFpSWIAhLyeyiK74Y4kf-zaE

Notes for self:

curl 'https://iam.api.sso.mozilla.com/api/v1/ldap-lookup-email/sidler@mozilla.com' -H 'Origin: https://auth.mozilla.auth0.com'

{"exists": {"ldap": true}}

{
  "access_information": {
    "access_provider": null,
    "hris": {
      "egencia_pos_country": "US",
      "employee_id": "",
      "managers_primary_work_email": "bjones@mozilla.com",
      "primary_work_email": "dlawrence@mozilla.com",
      "worker_type": "Employee"
    },
    "ldap": {
      "BugzillaTesters": null,
      "DevServicesWiki": null,
      "IntranetWiki": null,
      "StatsDashboard": null,
      "all_ldap_users": null,
      "all_scm_level_1": null,
      "ateam": null,
      "cloudservices_dev_ssh": null,
      "egencia_us": null,
      "engineering_workflow": null,
      "expired_scm_level_1": null,
      "managers_all": null,
      "managers_moco": null,
      "mozilla-devservices-dev": null,
      "mptvpn": null,
      "nagiosadmin": null,
      "office_remote": null,
      "phonebook_access": null,
      "tableau_users": null,
      "team_moco": null,
      "vpn_ateam": null,
      "vpn_corp": null,
      "vpn_default": null,
      "vpn_nagios_web": null
    },
    "mozilliansorg": {}
  },
  "active": true,
  "alternative_name": "Dave",
  "created": "2019-03-15T23:15:03.000Z",
  "description": "Bugzilla",
  "first_name": "David",
  "fun_title": "Bugzilla Developer",
  "identities": {
    "bugzilla_mozilla_org_id": "",
    "bugzilla_mozilla_org_primary_email": "dkl@mozilla.com",
    "custom_1_primary_email": "",
    "custom_2_primary_email": "dkl@mozilla.com",
    "custom_3_primary_email": null,
    "firefox_accounts_id": null,
    "firefox_accounts_primary_email": null,
    "github_id_v3": "",
    "github_id_v4": "",
    "github_primary_email": "",
    "google_oauth2_id": null,
    "google_primary_email": null,
    "mozilla_ldap_id": "mail=dlawrence@mozilla.com,o=com,dc=mozilla",
    "mozilla_ldap_primary_email": "dlawrence@mozilla.com",
    "mozilla_posix_id": "dkl",
    "mozilliansorg_id": null
  },
  "languages": {
    "1": "English"
  },
  "last_modified": "2020-10-15T00:53:03.000Z",
  "last_name": "Lawrence",
  "location": "",
  "login_method": "",
  "pgp_public_keys": {
    "LDAP-1": ""
  },
  "phone_numbers": {
    "Home#1#n": "",
    "Primary#0#n": ""
  },
  "picture": "",
  "primary_email": "dlawrence@mozilla.com",
  "primary_username": "dkl",
  "pronouns": "he/him",
  "schema": "https://auth.mozilla.com/.well-known/profile.schema",
  "ssh_public_keys": {
    "LDAP-1": "ssh-dss",
    "LDAP-2": "ssh-rsa",
    "LDAP-3": "ecdsa-sha2-nistp256"
  },
  "staff_information": {
    "cost_center": "",
    "director": false,
    "manager": true,
    "office_location": "US Remote (NC)",
    "staff": true,
    "team": "Engineering Workflow (glob .)",
    "title": "Senior Software Engineer",
    "worker_type": "Employee",
    "wpr_desk_number": "Off-Site"
  },
  "tags": {
    "1": "Bugzilla",
    "2": "BMO",
    "3": "Phabricator",
    "4": "Conduit"
  },
  "timezone": "America/New_York",
  "uris": {
    "EA#IRC#n": "dkl",
    "EA#SLACK#n": "dkl"
  },
  "user_id": "ad|Mozilla-LDAP|dkl",
  "usernames": {
    "HACK#BMOMAIL": "dkl@mozilla.com",
    "HACK#BMONICK": "dkl",
    "HACK#GITHUB": "dklawren",
    "LDAP-im-unverified-1": "aim: dklawren",
    "LDAP-im-unverified-2": "irc: dkl",
    "LDAP-im-unverified-3": "gtalk:dklawren@gmail.com",
    "LDAP-im-unverified-4": "",
    "LDAP-posix_id": "dkl",
    "LDAP-posix_uid": ""
  },
  "uuid": ""
}

In order to cut down on bit-rot, I have merged this and any changes will be done as new bugs as needed. This code can be turned off for the time being and enabled after sufficient testing.

https://github.com/mozilla-bteam/bmo/commit/a20fbcafd368cdc6c07308ce603b931a2fc97623