From 7bf216ef699eaf2eb32f1f220d98ccb713b08d6b Mon Sep 17 00:00:00 2001 From: Evilham Date: Mon, 1 Aug 2022 11:51:09 +0200 Subject: [PATCH 01/12] [sso-admin] Change container not to run as root --- dd-sso/.gitignore | 3 --- dd-sso/admin/docker/Dockerfile | 33 ++++++++------------------- dd-sso/admin/docker/run.sh | 17 +++++++------- dd-sso/admin/src/admin/flaskapp.py | 8 ++++--- dd-sso/docker-compose-parts/admin.yml | 11 +++------ 5 files changed, 26 insertions(+), 46 deletions(-) diff --git a/dd-sso/.gitignore b/dd-sso/.gitignore index 20afd7d..c0efa48 100644 --- a/dd-sso/.gitignore +++ b/dd-sso/.gitignore @@ -6,9 +6,6 @@ docker-compose.yml **/custom.yaml **/system.yaml -admin/src/node_modules -admin/src/admin/node_modules/ - # Byte-compiled / optimized / DLL files __pycache__/ *.py[cod] diff --git a/dd-sso/admin/docker/Dockerfile b/dd-sso/admin/docker/Dockerfile index 27dbd7c..b1d4f9d 100644 --- a/dd-sso/admin/docker/Dockerfile +++ b/dd-sso/admin/docker/Dockerfile @@ -20,6 +20,9 @@ FROM alpine:3.12.0 as production MAINTAINER isard +# Ensure python dependencies +COPY admin/docker/requirements.pip3 /requirements.pip3 + RUN apk add python3 py3-pip py3-pyldap~=3.2.0 RUN pip3 install --upgrade pip RUN apk add --no-cache --virtual .build_deps \ @@ -27,37 +30,19 @@ RUN apk add --no-cache --virtual .build_deps \ python3-dev \ libffi-dev \ gcc python3-dev linux-headers musl-dev postgresql-dev -COPY admin/docker/requirements.pip3 /requirements.pip3 RUN pip3 install --no-cache-dir -r requirements.pip3 RUN apk del .build_deps RUN apk add --no-cache curl py3-yaml yarn libpq openssl py3-pillow +# Add catalan words list (issue with newer diceweare) RUN wget -O /usr/lib/python3.8/site-packages/diceware/wordlists/wordlist_cat_ascii.txt https://raw.githubusercontent.com/1ma/diceware-cat/master/cat-wordlist-ascii.txt -# SSH configuration -# ARG SSH_ROOT_PWD -# RUN apk add openssh -# RUN echo "root:$SSH_ROOT_PWD" |chpasswd -# RUN sed -i \ -# -e 's|[#]*PermitRootLogin prohibit-password|PermitRootLogin yes|g' \ -# -e 's|[#]*PasswordAuthentication yes|PasswordAuthentication yes|g' \ -# -e 's|[#]*ChallengeResponseAuthentication yes|ChallengeResponseAuthentication yes|g' \ -# -e 's|[#]*UsePAM yes|UsePAM yes|g' \ -# -e 's|[#]#Port 22|Port 22|g' \ -# /etc/ssh/sshd_config - -# Let's test 0.26.1 python-keycloak version -# RUN apk add --no-cache git && \ -# git clone -b delete_realm_roles https://github.com/isard-vdi/python-keycloak.git && \ -# cd python-keycloak && \ -# python3 setup.py install && \ -# apk del git - +# Add code and entrypoint COPY admin/src /admin -RUN cd /admin/admin && yarn install - COPY admin/docker/run.sh /run.sh -#EXPOSE 7039 -CMD [ "/run.sh" ] \ No newline at end of file +# Ensure node dependencies +RUN cd /admin/admin && HOME=/tmp su -s /bin/sh -m nobody -c "yarn install" + +CMD [ "/run.sh" ] diff --git a/dd-sso/admin/docker/run.sh b/dd-sso/admin/docker/run.sh index 5f17e3d..9221577 100755 --- a/dd-sso/admin/docker/run.sh +++ b/dd-sso/admin/docker/run.sh @@ -18,13 +18,14 @@ # along with DD. If not, see . # # SPDX-License-Identifier: AGPL-3.0-or-later -# ssh-keygen -A -## Only in development -cd /admin/admin -yarn install -## End Only in development + +# We possibly need to fix bad old permissions +chown -R nobody:nogroup \ + /admin/custom \ + /admin/moodledata/saml2 /admin/saml_certs \ + "${DATA_FOLDER}" \ + "${LEGAL_PATH}" + cd /admin export PYTHONWARNINGS="ignore:Unverified HTTPS request" -python3 start.py -#& -# /usr/sbin/sshd -D -e -f /etc/ssh/sshd_config \ No newline at end of file +exec su -s /bin/sh -m nobody -c 'python3 start.py' diff --git a/dd-sso/admin/src/admin/flaskapp.py b/dd-sso/admin/src/admin/flaskapp.py index 19a7b7b..903872a 100644 --- a/dd-sso/admin/src/admin/flaskapp.py +++ b/dd-sso/admin/src/admin/flaskapp.py @@ -73,6 +73,7 @@ class AdminFlaskApp(Flask): custom_dir: str data_dir: str domain : str + node_modules_dir : str ready: bool = False def __init__(self, *args: Any, **kwargs: Any): @@ -141,6 +142,7 @@ class AdminFlaskApp(Flask): try: self.data_dir = os.environ.get("DATA_FOLDER", ".") self.custom_dir = os.environ.get("CUSTOM_FOLDER", ".") + self.node_modules_dir = os.environ.get("NODE_MODULES_FOLDER", "node_modules") # Handle secrets like Flask's session key secret_key_file = os.path.join(self.secrets_dir, "secret_key") if not os.path.exists(self.secrets_dir): @@ -202,19 +204,19 @@ class AdminFlaskApp(Flask): @self.route("/build/") def send_build(path: str) -> Response: return send_from_directory( - os.path.join(self.root_path, "node_modules/gentelella/build"), path + os.path.join(self.node_modules_dir, "gentelella/build"), path ) @self.route("/vendors/") def send_vendors(path: str) -> Response: return send_from_directory( - os.path.join(self.root_path, "node_modules/gentelella/vendors"), path + os.path.join(self.node_modules_dir, "gentelella/vendors"), path ) @self.route("/node_modules/") def send_nodes(path: str) -> Response: return send_from_directory( - os.path.join(self.root_path, "node_modules"), path + self.node_modules_dir, path ) @self.route("/templates/") diff --git a/dd-sso/docker-compose-parts/admin.yml b/dd-sso/docker-compose-parts/admin.yml index 91c87b1..164d51a 100644 --- a/dd-sso/docker-compose-parts/admin.yml +++ b/dd-sso/docker-compose-parts/admin.yml @@ -25,20 +25,14 @@ services: context: ${BUILD_SSO_ROOT_PATH} dockerfile: admin/docker/Dockerfile target: production - # args: ## DEVELOPMENT - # SSH_ROOT_PWD: ${IPA_ADMIN_PWD} - # SSH_PORT: 2022 networks: - dd_net - # ports: - # - "2022:22" - # - "9000:9000" restart: unless-stopped volumes: - /etc/localtime:/etc/localtime:ro - - ${BUILD_SSO_ROOT_PATH}/admin/src:/admin # Revome in production + - ${BUILD_SSO_ROOT_PATH}/admin/src:/admin:ro - ${BUILD_SSO_ROOT_PATH}/init/keycloak/jsons:/admin/keycloak-init:ro - - ${CUSTOM_PATH}/custom:/admin/custom + - ${CUSTOM_PATH}/custom:/admin/custom:rw - ${DATA_FOLDER}/avatars:/admin/avatars:ro - ${DATA_FOLDER}/moodle/saml2:/admin/moodledata/saml2:rw - ${DATA_FOLDER}/saml_certs:/admin/saml_certs:rw @@ -52,3 +46,4 @@ services: - MANAGED_EMAIL_DOMAIN=${MANAGED_EMAIL_DOMAIN} - DATA_FOLDER=/data - CUSTOM_FOLDER=/admin/custom + - LEGAL_PATH=/admin/admin/static/templates/pages/legal From da52d322af583c60e903d5257de033946dd1e679 Mon Sep 17 00:00:00 2001 From: Evilham Date: Mon, 1 Aug 2022 12:56:50 +0200 Subject: [PATCH 02/12] [sso-admin] Add cache decorator for python 3.7 --- dd-sso/admin/src/admin/lib/keys.py | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/dd-sso/admin/src/admin/lib/keys.py b/dd-sso/admin/src/admin/lib/keys.py index 076387b..3a56719 100644 --- a/dd-sso/admin/src/admin/lib/keys.py +++ b/dd-sso/admin/src/admin/lib/keys.py @@ -37,7 +37,7 @@ import stat from copy import deepcopy from datetime import datetime, timedelta from pathlib import Path -from typing import Any, Dict, List, Optional, Union +from typing import Any, Callable, Dict, List, Optional, Union import requests from attr import field, frozen @@ -52,10 +52,15 @@ from jose.backends.rsa_backend import RSAKey from jose.constants import ALGORITHMS try: - # Python 3.8 - from functools import cached_property as cache -except ImportError: from functools import cache # type: ignore # Python 3.9+ +except ImportError: + try: + from functools import cached_property as cache # type: ignore # Python 3.8 + except ImportError: + from functools import lru_cache + + def cache(call: Callable) -> property: # type: ignore # Python 3.7 + return property(lru_cache()(call)) Data = Union[str, bytes] From df29999e62225b7e93104c020c49763296172f3d Mon Sep 17 00:00:00 2001 From: Evilham Date: Mon, 1 Aug 2022 14:32:51 +0200 Subject: [PATCH 03/12] [sso-admin] Generate script for NC mail accounts This must be executed from cron on dd-apps-nextcloud-app. --- dd-apps/docker/nextcloud/nextcloud.yml | 1 + dd-sso/admin/src/admin/lib/admin.py | 43 +++++++++++++++++++---- dd-sso/admin/src/admin/views/MailViews.py | 8 ++--- dd-sso/docker-compose-parts/admin.yml | 2 ++ 4 files changed, 44 insertions(+), 10 deletions(-) diff --git a/dd-apps/docker/nextcloud/nextcloud.yml b/dd-apps/docker/nextcloud/nextcloud.yml index 5c18f57..690f360 100644 --- a/dd-apps/docker/nextcloud/nextcloud.yml +++ b/dd-apps/docker/nextcloud/nextcloud.yml @@ -33,6 +33,7 @@ services: - /etc/localtime:/etc/localtime:ro - ${SRC_FOLDER}/nextcloud:/var/www/html - ${DATA_FOLDER}/nextcloud:/var/www/html/data + - ${DATA_FOLDER}/nc-mail-queue:/nc-mail-queue:rw environment: - NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER} - NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD} diff --git a/dd-sso/admin/src/admin/lib/admin.py b/dd-sso/admin/src/admin/lib/admin.py index 0d8be94..5c1c24d 100644 --- a/dd-sso/admin/src/admin/lib/admin.py +++ b/dd-sso/admin/src/admin/lib/admin.py @@ -22,6 +22,8 @@ import json import logging as log import os import traceback +from datetime import datetime +from pathlib import Path from pprint import pprint from time import sleep @@ -60,7 +62,7 @@ from .helpers import ( rand_password, ) -from typing import TYPE_CHECKING, cast, Any, Dict, Iterable, List, Optional +from typing import TYPE_CHECKING, cast, Any, Dict, Iterable, List, Optional, Tuple if TYPE_CHECKING: from admin.flaskapp import AdminFlaskApp from admin.lib.callbacks import ThirdPartyCallbacks @@ -130,12 +132,41 @@ class Admin: res = res and tp.delete_user(user_id) return res - def nextcloud_mail_set(self, users : List[DDUser], extra_data : Dict) -> Dict: - # TODO: implement - return {} + def _nextcloud_mail_set_cmd(self, user : DDUser, kw : Dict) -> Tuple[str, str]: + account_name = 'DD' # Treating this as a constant + update_cmd = f"""mail:account:update \ + --imap-host '{ kw['inbound_host'] }' --imap-port '{ kw['inbound_port'] }' --imap-ssl-mode '{ kw['inbound_ssl_mode'] }' \\ + --imap-user '{ user['email'] }' --imap-password '{ user['password'] }' \\ + --smtp-host '{ kw['outbound_host'] }' --smtp-port'{ kw['outbound_port'] }' --smtp-ssl-mode '{ kw['outbound_ssl_mode'] }' \\ + --smtp-user '{ user['email'] }' --smtp-password '{ user['password'] }' \\ + -- '{ user['user_id'] }' '{ user['email']}'""" + create_cmd = f"""mail:account:create '{ user['user_id'] }' '{ account_name }' '{ user['email'] }' \\ + '{ kw['inbound_host'] }' '{ kw['inbound_port'] }' '{ kw['inbound_ssl_mode'] }' \\ + '{ user['email'] }' '{ user['password'] }' \\ + '{ kw['outbound_host'] }' '{ kw['outbound_port'] }' '{ kw['outbound_ssl_mode'] }' \\ + '{ user['email'] }' '{ user['password'] }'""" + return (update_cmd, create_cmd) - def nextcloud_mail_delete(self, users : List[DDUser], extra_data : Dict) -> Dict: - # TODO: implement + def _nextcloud_mail_set_sh(self, users : List[DDUser], extra_data : Dict) -> str: + cmds = '\n'.join((f"./occ {u} || ./occ {c}" for u, c in (self._nextcloud_mail_set_cmd(u, extra_data) for u in users))) + return f"""#!/bin/sh -eu +{cmds} +""" + + def nextcloud_mail_set(self, users : List[DDUser], extra_data : Dict) -> Dict: + # TODO: this could (and should) be nicer. + # Ideally we'd use the database as a queue instead of creating the + # shell scripts here. + d = Path(os.environ.get("NC_MAIL_QUEUE_FOLDER", "/nc-mail-queue")) + fn = datetime.utcnow().isoformat() + secrets.token_hex(4) + sh = d.joinpath(fn + '.sh') + tmp = d.joinpath(fn + '.tmp') + # Create executable file + tmp.touch(mode=0o750) + # Write script + tmp.write_text(self._nextcloud_mail_set_sh(users, extra_data)) + # Put it in-place + tmp.rename(sh) return {} def check_connections(self, app : "AdminFlaskApp") -> None: diff --git a/dd-sso/admin/src/admin/views/MailViews.py b/dd-sso/admin/src/admin/views/MailViews.py index 285274e..a152dfe 100644 --- a/dd-sso/admin/src/admin/views/MailViews.py +++ b/dd-sso/admin/src/admin/views/MailViews.py @@ -46,7 +46,7 @@ def setup_mail_views(app: "AdminFlaskApp") -> None: key = json.dumps(mail_3p.our_pubkey_jwk) return key, 200, {"Content-Type": "application/json"} - @app.route("/ddapi/mailusers", methods=["GET", "POST", "PUT", "DELETE"]) + @app.route("/ddapi/mailusers", methods=["GET", "POST", "PUT"]) @has_jws_token(app) def ddapi_mail_users() -> JsonResponse: users: List[Dict[str, Any]] = [] @@ -66,8 +66,10 @@ def setup_mail_views(app: "AdminFlaskApp") -> None: raise Error( "internal_server", "Failure sending users", traceback.format_exc() ) - if request.method not in ["POST", "PUT", "DELETE"]: + if request.method not in ["POST", "PUT"]: # Unsupported method + # Note we do not support DELETE as it is taken care of when the + # full Nextcloud user is deleted. return json.dumps({}), 400, JsonHeaders try: @@ -86,8 +88,6 @@ def setup_mail_views(app: "AdminFlaskApp") -> None: res: Dict if request.method in ["POST", "PUT"]: res = app.admin.nextcloud_mail_set(users, dec_data) - elif request.method == "DELETE": - res = app.admin.nextcloud_mail_delete(users, dec_data) return ( json.dumps(res), 200, diff --git a/dd-sso/docker-compose-parts/admin.yml b/dd-sso/docker-compose-parts/admin.yml index 164d51a..baf4897 100644 --- a/dd-sso/docker-compose-parts/admin.yml +++ b/dd-sso/docker-compose-parts/admin.yml @@ -38,6 +38,7 @@ services: - ${DATA_FOLDER}/saml_certs:/admin/saml_certs:rw - ${DATA_FOLDER}/legal:/admin/admin/static/templates/pages/legal:rw - ${DATA_FOLDER}/dd-admin:/data:rw + - ${DATA_FOLDER}/nc-mail-queue:/nc-mail-queue:rw env_file: - .env environment: @@ -46,4 +47,5 @@ services: - MANAGED_EMAIL_DOMAIN=${MANAGED_EMAIL_DOMAIN} - DATA_FOLDER=/data - CUSTOM_FOLDER=/admin/custom + - NC_MAIL_QUEUE_FOLDER=/nc-mail-queue - LEGAL_PATH=/admin/admin/static/templates/pages/legal From ac66814947f972903d66e7181fdeb8cb34101d43 Mon Sep 17 00:00:00 2001 From: Evilham Date: Mon, 1 Aug 2022 20:22:31 +0200 Subject: [PATCH 04/12] [sso-admin] Fix permsissions for node_modules, ncq node_modules needs proper permissions on image build and the Nextcloud queue on run-time. We also realised the user must be www-data for compatibility with the NC image. --- dd-sso/admin/docker/Dockerfile | 13 +++++++++++-- dd-sso/admin/docker/run.sh | 7 ++++--- dd-sso/docker-compose-parts/admin.yml | 1 - 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/dd-sso/admin/docker/Dockerfile b/dd-sso/admin/docker/Dockerfile index b1d4f9d..80855eb 100644 --- a/dd-sso/admin/docker/Dockerfile +++ b/dd-sso/admin/docker/Dockerfile @@ -42,7 +42,16 @@ RUN wget -O /usr/lib/python3.8/site-packages/diceware/wordlists/wordlist_cat_asc COPY admin/src /admin COPY admin/docker/run.sh /run.sh -# Ensure node dependencies -RUN cd /admin/admin && HOME=/tmp su -s /bin/sh -m nobody -c "yarn install" +# Ensure www-data group and user (82 is default in alpine) +RUN addgroup -g 82 -S www-data; adduser -u 82 -D -S -G www-data www-data + +# Fix directory permissions +# Ensure node dependencies too +RUN cd /admin/admin && \ + chown www-data:www-data "." && \ + mkdir -p "${NODE_MODULES_FOLDER:-node_modules}" && \ + chown www-data:www-data "${NODE_MODULES_FOLDER:-node_modules}" && \ + HOME=/tmp su -s /bin/sh -m www-data -c \ + "yarn install --modules-folder '${NODE_MODULES_FOLDER:-node_modules}'" CMD [ "/run.sh" ] diff --git a/dd-sso/admin/docker/run.sh b/dd-sso/admin/docker/run.sh index 9221577..f87c69f 100755 --- a/dd-sso/admin/docker/run.sh +++ b/dd-sso/admin/docker/run.sh @@ -20,12 +20,13 @@ # SPDX-License-Identifier: AGPL-3.0-or-later # We possibly need to fix bad old permissions -chown -R nobody:nogroup \ +chown -R www-data:www-data \ /admin/custom \ /admin/moodledata/saml2 /admin/saml_certs \ "${DATA_FOLDER}" \ - "${LEGAL_PATH}" + "${LEGAL_PATH}" \ + "${NC_MAIL_QUEUE_FOLDER}" cd /admin export PYTHONWARNINGS="ignore:Unverified HTTPS request" -exec su -s /bin/sh -m nobody -c 'python3 start.py' +exec su -s /bin/sh -m www-data -c 'python3 start.py' diff --git a/dd-sso/docker-compose-parts/admin.yml b/dd-sso/docker-compose-parts/admin.yml index baf4897..24aea8f 100644 --- a/dd-sso/docker-compose-parts/admin.yml +++ b/dd-sso/docker-compose-parts/admin.yml @@ -30,7 +30,6 @@ services: restart: unless-stopped volumes: - /etc/localtime:/etc/localtime:ro - - ${BUILD_SSO_ROOT_PATH}/admin/src:/admin:ro - ${BUILD_SSO_ROOT_PATH}/init/keycloak/jsons:/admin/keycloak-init:ro - ${CUSTOM_PATH}/custom:/admin/custom:rw - ${DATA_FOLDER}/avatars:/admin/avatars:ro From d26df2779ee32a02ca6f53e4922ff3e2c5171048 Mon Sep 17 00:00:00 2001 From: Evilham Date: Mon, 1 Aug 2022 23:30:56 +0200 Subject: [PATCH 05/12] [nc] Add temporary queue processing from admin This should run scripts every minute and delete them on correct execution. --- dd-apps/docker/nextcloud/Dockerfile | 4 ++++ dd-apps/docker/nextcloud/nc-queue.sh | 5 +++++ 2 files changed, 9 insertions(+) create mode 100755 dd-apps/docker/nextcloud/nc-queue.sh diff --git a/dd-apps/docker/nextcloud/Dockerfile b/dd-apps/docker/nextcloud/Dockerfile index f21832f..137c8c3 100644 --- a/dd-apps/docker/nextcloud/Dockerfile +++ b/dd-apps/docker/nextcloud/Dockerfile @@ -66,6 +66,10 @@ RUN mkdir -p \ COPY supervisord.conf / +# Temporary replacement for a real queue +RUN echo '*/1 * * * * /nc-queue.sh' >> /etc/crontabs/www-data +COPY nc-queue.sh / + ENV NEXTCLOUD_UPDATE=1 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"] diff --git a/dd-apps/docker/nextcloud/nc-queue.sh b/dd-apps/docker/nextcloud/nc-queue.sh new file mode 100755 index 0000000..70e5fc4 --- /dev/null +++ b/dd-apps/docker/nextcloud/nc-queue.sh @@ -0,0 +1,5 @@ +#/bin/sh + +find "${NC_MAIL_QUEUE_FOLDER:-/nc-mail-queue}" -name '*.sh' -exec sh -c \ + 'cd /var/www/html && {} && rm {}' \ + ';' From cf05b9675c91b96ced4780c70b8489eb5e12f507 Mon Sep 17 00:00:00 2001 From: Evilham Date: Wed, 3 Aug 2022 08:16:19 +0200 Subject: [PATCH 06/12] [dd-sso] Fix minio issue and MailViews API Email service sends a JSON with: {"config": {...}, "users": [...]} --- dd-sso/admin/docker/requirements.pip3 | 3 ++- dd-sso/admin/src/admin/flaskapp.py | 3 ++- dd-sso/admin/src/admin/lib/admin.py | 2 +- dd-sso/admin/src/admin/lib/avatars.py | 2 +- dd-sso/admin/src/admin/views/MailViews.py | 20 +++++++++++--------- 5 files changed, 17 insertions(+), 13 deletions(-) diff --git a/dd-sso/admin/docker/requirements.pip3 b/dd-sso/admin/docker/requirements.pip3 index 91b9549..2fd988d 100644 --- a/dd-sso/admin/docker/requirements.pip3 +++ b/dd-sso/admin/docker/requirements.pip3 @@ -30,7 +30,8 @@ mysql-connector-python==8.0.30 psycopg2==2.9.3 # python-keycloak can't be upgraded without issues python-keycloak==0.26.1 -minio==7.1.11 +# minio can't be upgraded without issues +minio==7.0.3 urllib3==1.26.11 schema==0.7.5 Werkzeug==2.2.1 diff --git a/dd-sso/admin/src/admin/flaskapp.py b/dd-sso/admin/src/admin/flaskapp.py index 903872a..80bc065 100644 --- a/dd-sso/admin/src/admin/flaskapp.py +++ b/dd-sso/admin/src/admin/flaskapp.py @@ -75,6 +75,7 @@ class AdminFlaskApp(Flask): domain : str node_modules_dir : str ready: bool = False + validators: Dict def __init__(self, *args: Any, **kwargs: Any): super().__init__(*args, **kwargs) @@ -83,7 +84,7 @@ class AdminFlaskApp(Flask): self.url_map.strict_slashes = False self._load_config() # Minor setup tasks - self._load_validators() + self.validators = self._load_validators() self._setup_routes() self._setup_api_3p() setup_api_views(self) diff --git a/dd-sso/admin/src/admin/lib/admin.py b/dd-sso/admin/src/admin/lib/admin.py index 5c1c24d..aab2fa3 100644 --- a/dd-sso/admin/src/admin/lib/admin.py +++ b/dd-sso/admin/src/admin/lib/admin.py @@ -137,7 +137,7 @@ class Admin: update_cmd = f"""mail:account:update \ --imap-host '{ kw['inbound_host'] }' --imap-port '{ kw['inbound_port'] }' --imap-ssl-mode '{ kw['inbound_ssl_mode'] }' \\ --imap-user '{ user['email'] }' --imap-password '{ user['password'] }' \\ - --smtp-host '{ kw['outbound_host'] }' --smtp-port'{ kw['outbound_port'] }' --smtp-ssl-mode '{ kw['outbound_ssl_mode'] }' \\ + --smtp-host '{ kw['outbound_host'] }' --smtp-port '{ kw['outbound_port'] }' --smtp-ssl-mode '{ kw['outbound_ssl_mode'] }' \\ --smtp-user '{ user['email'] }' --smtp-password '{ user['password'] }' \\ -- '{ user['user_id'] }' '{ user['email']}'""" create_cmd = f"""mail:account:create '{ user['user_id'] }' '{ account_name }' '{ user['email'] }' \\ diff --git a/dd-sso/admin/src/admin/lib/avatars.py b/dd-sso/admin/src/admin/lib/avatars.py index a5f08d5..d0f2880 100644 --- a/dd-sso/admin/src/admin/lib/avatars.py +++ b/dd-sso/admin/src/admin/lib/avatars.py @@ -45,7 +45,7 @@ class Avatars: # self.update_missing_avatars() def add_user_default_avatar(self, userid : str, role : str="unknown") -> None: - path = os.path.join(self.avatars_path, role) + ".jpg", + path = os.path.join(self.avatars_path, role) + ".jpg" self.mclient.fput_object( self.bucket, userid, diff --git a/dd-sso/admin/src/admin/views/MailViews.py b/dd-sso/admin/src/admin/views/MailViews.py index a152dfe..dac99bd 100644 --- a/dd-sso/admin/src/admin/views/MailViews.py +++ b/dd-sso/admin/src/admin/views/MailViews.py @@ -77,17 +77,19 @@ def setup_mail_views(app: "AdminFlaskApp") -> None: Dict, mail_3p.verify_and_decrypt_incoming_json(request.get_data()) ) users = dec_data.pop("users") - for user in users: - if not app.validators["mail"].validate(user): - raise Error( - "bad_request", - "Data validation for mail failed: " - + str(app.validators["mail"].errors), - traceback.format_exc(), - ) + config = dec_data.pop("config", {}) + # TODO: fix these validators + #for user in users: + # if not app.validators["mail"].validate(user): + # raise Error( + # "bad_request", + # "Data validation for mail failed: " + # + str(app.validators["mail"].errors), + # traceback.format_exc(), + # ) res: Dict if request.method in ["POST", "PUT"]: - res = app.admin.nextcloud_mail_set(users, dec_data) + res = app.admin.nextcloud_mail_set(users, config) return ( json.dumps(res), 200, From e07249a1cb6fb1fa42140c683cd50408eb48fffd Mon Sep 17 00:00:00 2001 From: Evilham Date: Wed, 3 Aug 2022 09:30:15 +0200 Subject: [PATCH 07/12] [dd-sso] Fix leftover old container names --- dd-sso/docker-compose-parts/adminer.yml | 4 ++-- dd-sso/docker-compose-parts/pgtuner.yml | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/dd-sso/docker-compose-parts/adminer.yml b/dd-sso/docker-compose-parts/adminer.yml index 5281fa7..10e5109 100644 --- a/dd-sso/docker-compose-parts/adminer.yml +++ b/dd-sso/docker-compose-parts/adminer.yml @@ -19,9 +19,9 @@ # SPDX-License-Identifier: AGPL-3.0-or-later version: '3.7' services: - isard-sso-adminer: + dd-sso-adminer: image: adminer - container_name: isard-sso-adminer + container_name: dd-sso-adminer restart: unless-stopped networks: isard_net: {} diff --git a/dd-sso/docker-compose-parts/pgtuner.yml b/dd-sso/docker-compose-parts/pgtuner.yml index 79acd9a..d64c375 100644 --- a/dd-sso/docker-compose-parts/pgtuner.yml +++ b/dd-sso/docker-compose-parts/pgtuner.yml @@ -19,10 +19,10 @@ # SPDX-License-Identifier: AGPL-3.0-or-later version: '3.7' services: - isard-sso-pgtuner: + dd-sso-pgtuner: image: jfcoz/postgresqltuner - container_name: isard-sso-pgtuner + container_name: dd-sso-pgtuner restart: "no" - command: --host isard-apps-postgresql --user ${NEXTCLOUD_POSTGRES_USER} --password ${NEXTCLOUD_POSTGRES_PASSWORD} --database nextcloud + command: --host dd-apps-postgresql --user ${NEXTCLOUD_POSTGRES_USER} --password ${NEXTCLOUD_POSTGRES_PASSWORD} --database nextcloud networks: isard_net: {} From 71237cabb6c1aca2df8e947dc45a64bc2ba529a2 Mon Sep 17 00:00:00 2001 From: Evilham Date: Wed, 3 Aug 2022 10:29:25 +0200 Subject: [PATCH 08/12] [dd-ctl] Remove some docker calls --- dd-ctl | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/dd-ctl b/dd-ctl index 87da8e0..6152d97 100755 --- a/dd-ctl +++ b/dd-ctl @@ -655,9 +655,11 @@ configure_nextcloud_logo(){ local instance_id=$(docker exec -u www-data dd-apps-nextcloud-app php occ config:system:get instanceid) local cachebuster=$(docker exec -u www-data dd-apps-nextcloud-app php occ config:app:get theming cachebuster) docker exec -u www-data dd-apps-nextcloud-app mkdir -p /var/www/html/data/appdata_$instance_id/theming/images - docker cp custom/img/logo.png dd-apps-nextcloud-app:/var/www/html/data/appdata_$instance_id/theming/images/logo - docker cp custom/img/background.png dd-apps-nextcloud-app:/var/www/html/data/appdata_$instance_id/theming/images/background - docker exec dd-apps-nextcloud-app chown www-data:www-data /var/www/html/data/appdata_$instance_id/theming/images/{logo,background} + nc_logo="${DATA_FOLDER}/nextcloud/appdata_$instance_id/theming/images/logo" + nc_background="${DATA_FOLDER}/nextcloud/appdata_$instance_id/theming/images/background" + cp custom/img/logo.png "${nc_logo}" + cp custom/img/background.png "${nc_background}" + chown 82:82 "${nc_logo}" "${nc_background}" docker exec -u www-data dd-apps-nextcloud-app php occ config:app:set theming logoMime --value="image/png" docker exec -u www-data dd-apps-nextcloud-app php occ config:app:set theming backgroundMime --value="image/png" docker exec -u www-data dd-apps-nextcloud-app php occ config:app:set theming cachebuster --value="$(expr $cachebuster + 1 )" From 7392aeb0f279cb9148c5c9dfbce86f6704197bd7 Mon Sep 17 00:00:00 2001 From: elena Date: Wed, 3 Aug 2022 11:09:52 +0200 Subject: [PATCH 09/12] Nextcloud fix theme name --- .../nextcloud/src/themes/dd/core/templates/layout.user.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dd-apps/docker/nextcloud/src/themes/dd/core/templates/layout.user.php b/dd-apps/docker/nextcloud/src/themes/dd/core/templates/layout.user.php index 51cb4d0..bcf4056 100644 --- a/dd-apps/docker/nextcloud/src/themes/dd/core/templates/layout.user.php +++ b/dd-apps/docker/nextcloud/src/themes/dd/core/templates/layout.user.php @@ -53,10 +53,10 @@ - + - + @@ -137,7 +137,7 @@ From 2830f8da46ae67613cb438b5b00119968203258c Mon Sep 17 00:00:00 2001 From: elena Date: Wed, 3 Aug 2022 11:25:40 +0200 Subject: [PATCH 10/12] Nextcloud - fix js line comments --- .../nextcloud/src/themes/dd/core/js/navbar.js | 39 ++++++++++--------- 1 file changed, 20 insertions(+), 19 deletions(-) diff --git a/dd-apps/docker/nextcloud/src/themes/dd/core/js/navbar.js b/dd-apps/docker/nextcloud/src/themes/dd/core/js/navbar.js index 491eff3..fd9aaca 100644 --- a/dd-apps/docker/nextcloud/src/themes/dd/core/js/navbar.js +++ b/dd-apps/docker/nextcloud/src/themes/dd/core/js/navbar.js @@ -1,22 +1,23 @@ -# -# Copyright © 2021,2022 IsardVDI S.L. -# -# This file is part of DD -# -# DD is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as published by -# the Free Software Foundation, either version 3 of the License, or (at your -# option) any later version. -# -# DD is distributed in the hope that it will be useful, but WITHOUT ANY -# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS -# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more -# details. -# -# You should have received a copy of the GNU Affero General Public License -# along with DD. If not, see . -# -# SPDX-License-Identifier: AGPL-3.0-or-later +/* +* Copyright © 2021,2022 IsardVDI S.L. +* +* This file is part of DD +* +* DD is free software: you can redistribute it and/or modify +* it under the terms of the GNU Affero General Public License as published by +* the Free Software Foundation, either version 3 of the License, or (at your +* option) any later version. +* +* DD is distributed in the hope that it will be useful, but WITHOUT ANY +* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +* FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more +* details. +* +* You should have received a copy of the GNU Affero General Public License +* along with DD. If not, see . +* +* SPDX-License-Identifier: AGPL-3.0-or-later +*/ jQuery(document).ready(() => { base_url = `${window.location.protocol}//${window.location.host.replace(/^nextcloud\./, 'api.')}` $.getJSON(`${base_url}/json`, (result) => { From cb219ac87fcd54fdb70868ca91b86a61d05469ac Mon Sep 17 00:00:00 2001 From: Xnet Xnet Date: Wed, 3 Aug 2022 11:46:10 +0000 Subject: [PATCH 11/12] Update README.md --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 4512b08..9c71823 100644 --- a/README.md +++ b/README.md @@ -57,8 +57,10 @@ environment in education: - **Documents**: A document viewer and editor integrated with Nextcloud - **Web pages**: A Wordpress instance with custom theme and custom plugins - **Pad**: An Etherpad instance integrated with Nextcloud -- **Conferences**: BigBlueButton integrated with Moodle and Nextcloud (needs a standalone host) +- **Video calls**: BigBlueButton integrated with Moodle and Nextcloud (needs a standalone host) - **Forms**: A forms Nextcloud plugin +- **Email, lists, chat, calendar, surveys...** +- **Import & export from other environments** | | | | ---------------------------- | ------------------------------- | @@ -98,6 +100,7 @@ public announcement on the Using that version as a clean slate got us to the repo you see here, where changes will be reviewed before going in and anyone is welcome. +We will reopen for the public the previous repository when evere we find the time to clean it up. When in doubt about authorship, please check each file's license headers. @@ -117,4 +120,5 @@ The authorship of the previous commits is from: - Raúl FS - Unai Tolosa Pontesta - Evilham +- Xnet From 0eb8f5f549f0ea352857e825d838c2965f4901ad Mon Sep 17 00:00:00 2001 From: Evilham Date: Thu, 4 Aug 2022 09:24:37 +0200 Subject: [PATCH 12/12] [sso-admin] Fix issue when editing users Co-written with: @elena61 --- dd-sso/admin/src/admin/lib/admin.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dd-sso/admin/src/admin/lib/admin.py b/dd-sso/admin/src/admin/lib/admin.py index aab2fa3..4d3de22 100644 --- a/dd-sso/admin/src/admin/lib/admin.py +++ b/dd-sso/admin/src/admin/lib/admin.py @@ -1618,7 +1618,7 @@ class Admin: internaluser : DDUser = [u for u in self.internal["users"] if u["id"] == user_id][0] cohorts = self.moodle.get_cohorts() for group in mdelete: - cohort = [c for c in cohorts if c["name"] == group[0]][0] + cohort = [c for c in cohorts if c["name"] == group][0] try: self.moodle.delete_user_in_cohort( internaluser["moodle_id"], cohort["id"] @@ -1908,7 +1908,7 @@ class Admin: " NEXTCLOUD USERS: Creating nextcloud user: " + u["username"] + " in groups " - + str(list) + + str(u.get("groups", [])) ) try: # Quota is in MB