From 34761e028bba33e5472a5246c018bb086a1867ac Mon Sep 17 00:00:00 2001 From: Evilham Date: Tue, 6 Sep 2022 19:29:37 +0200 Subject: [PATCH] [sso-admin] Improve postup's idempotency The class was only checking whether or not a specific token exists in moodle, and it should ensure that it has access to the right permissions Reported by: @elena61 --- dd-sso/admin/src/admin/lib/postup.py | 107 +++++++++++++++++---------- 1 file changed, 68 insertions(+), 39 deletions(-) diff --git a/dd-sso/admin/src/admin/lib/postup.py b/dd-sso/admin/src/admin/lib/postup.py index f083985..33c5456 100644 --- a/dd-sso/admin/src/admin/lib/postup.py +++ b/dd-sso/admin/src/admin/lib/postup.py @@ -33,7 +33,7 @@ from datetime import datetime, timedelta import psycopg2 import yaml -from typing import TYPE_CHECKING +from typing import TYPE_CHECKING, List, Set if TYPE_CHECKING: from admin.flaskapp import AdminFlaskApp @@ -41,6 +41,30 @@ if TYPE_CHECKING: from .postgres import Postgres +def moodle_functions() -> Set[str]: + return set( + [ + "core_course_update_courses", + "core_user_get_users", + "core_user_get_users_by_field", + "core_user_update_picture", + "core_user_update_users", + "core_user_delete_users", + "core_user_create_users", + "core_cohort_get_cohort_members", + "core_cohort_add_cohort_members", + "core_cohort_delete_cohort_members", + "core_cohort_create_cohorts", + "core_cohort_delete_cohorts", + "core_cohort_search_cohorts", + "core_cohort_update_cohorts", + "core_role_assign_roles", + "core_role_unassign_roles", + "core_cohort_get_cohorts", + ] + ) + + class Postup: def __init__(self, app: "AdminFlaskApp") -> None: ready = False @@ -98,7 +122,7 @@ class Postup: self.configure_tipnc() self.add_moodle_ws_token(app) - def select_and_configure_theme(self, theme : str="cbe") -> None: + def select_and_configure_theme(self, theme: str = "cbe") -> None: try: self.pg.update( """UPDATE "mdl_config" SET value = '%s' WHERE "name" = 'theme';""" @@ -158,47 +182,52 @@ class Postup: exit(1) def add_moodle_ws_token(self, app: "AdminFlaskApp") -> None: + srv_id = 3 try: - token = self.pg.select( - """SELECT * FROM "mdl_external_tokens" WHERE "externalserviceid" = 3""" - )[0][1] - app.config.setdefault("MOODLE_WS_TOKEN", token) - return - except: - # log.error(traceback.format_exc()) - pass + mdl_service = self.pg.select( + """SELECT name FROM "mdl_external_services" WHERE name='dd admin';""" + ) + if not mdl_service: + self.pg.update( + """INSERT INTO "mdl_external_services" ("name", "enabled", "requiredcapability", "restrictedusers", "component", "timecreated", "timemodified", "shortname", "downloadfiles", "uploadfiles") VALUES + ('dd admin', 1, '', 1, NULL, 1621719763, 1621719850, 'dd_admin', 0, 0);""" + ) - try: - self.pg.update( - """INSERT INTO "mdl_external_services" ("name", "enabled", "requiredcapability", "restrictedusers", "component", "timecreated", "timemodified", "shortname", "downloadfiles", "uploadfiles") VALUES - ('dd admin', 1, '', 1, NULL, 1621719763, 1621719850, 'dd_admin', 0, 0);""" + active_functions_res = self.pg.select( + 'SELECT functionname FROM "mdl_external_services_functions" ' + f'WHERE "externalserviceid" = {srv_id}' + ) + active_functions: List[str] = [ + a[0] if a and isinstance(a, tuple) else a for a in active_functions_res + ] + missing_functions = moodle_functions().difference(active_functions) + if missing_functions: + missing_functions_values = ", ".join( + (f"({srv_id}, '{f}')" for f in missing_functions) + ) + self.pg.update( + 'INSERT INTO "mdl_external_services_functions" ' + '("externalserviceid", "functionname") ' + f"VALUES {missing_functions_values};" + ) + + mdl_service_user = self.pg.select( + f"SELECT externalserviceid FROM mdl_external_services_users WHERE externalserviceid={srv_id}" + ) + if not mdl_service_user: + self.pg.update( + """INSERT INTO "mdl_external_services_users" ("externalserviceid", "userid", "iprestriction", "validuntil", "timecreated") VALUES + (3, 2, NULL, NULL, 1621719871);""" + ) + + token_results = self.pg.select( + f"""SELECT token FROM "mdl_external_tokens" WHERE "externalserviceid" = {srv_id}""" ) - self.pg.update( - """INSERT INTO "mdl_external_services_functions" ("externalserviceid", "functionname") VALUES - (3, 'core_course_update_courses'), - (3, 'core_user_get_users'), - (3, 'core_user_get_users_by_field'), - (3, 'core_user_update_picture'), - (3, 'core_user_update_users'), - (3, 'core_user_delete_users'), - (3, 'core_user_create_users'), - (3, 'core_cohort_get_cohort_members'), - (3, 'core_cohort_add_cohort_members'), - (3, 'core_cohort_delete_cohort_members'), - (3, 'core_cohort_create_cohorts'), - (3, 'core_cohort_delete_cohorts'), - (3, 'core_cohort_search_cohorts'), - (3, 'core_cohort_update_cohorts'), - (3, 'core_role_assign_roles'), - (3, 'core_role_unassign_roles'), - (3, 'core_cohort_get_cohorts');""" - ) - - self.pg.update( - """INSERT INTO "mdl_external_services_users" ("externalserviceid", "userid", "iprestriction", "validuntil", "timecreated") VALUES - (3, 2, NULL, NULL, 1621719871);""" - ) + if token_results: + token = token_results[0][0] + app.config.setdefault("MOODLE_WS_TOKEN", token) + return b32 = "".join( random.choices(