This still uses a fork of nextcloud/forms and reenables that plugin.
Since version 25 of Nextcloud uses the 2.X line of the nextcloud/mail
plugin, which already includes our patches, we can get rid of them to
easen future maintenance.
That issue is fixed in NC 25, but it will likely not be backported to
NC 24.
It produces issues when modifying users and not modifying their
display name.
See also: https://github.com/nextcloud/server/issues/33751
NotaBLE és la col·laboració entre Gwido i el Workspace educatiu DD.
És un projecte de Xnet, IsardVDI, Gwido i Taller de Músics, guanyador
de la Ciutat Proactiva 2021, suport a la innovació urbana de la
Fundació BitHabitat.
The API spec file can be generated with:
python -m admin.views.test.test_ApiViews --generate-spec
From the admin development environment.
A simple testing ground that serves the Swagger UI can also be started with:
python -m admin.views.test.test_ApiViews
We thought the name parameter was the account name to be shown in the
plugin, but it is the contents of the "From" email header instead.
While changing that, we also update the code to better match the open
Pull Request upstream that adds the update-account to the mail plugin
for nextcloud.
The class was only checking whether or not a specific token exists in
moodle, and it should ensure that it has access to the right permissions
Reported by: @elena61
When introducing typing, we erroneously started passing an empty parent
Id instead of None, and the underlying Keycloak library failed to create
the groups.
Closes#15
This was needed because previously the DEFAULT_SERVER_URL was hardcoded
in the compiled keycloak module and that URL has changed.
For consistency sso-admin uses the same environment variables (except it
needs AVATARS_SERVER_HOST instead of AVATARS_SERVER_URL).
node_modules needs proper permissions on image build and the Nextcloud
queue on run-time.
We also realised the user must be www-data for compatibility with the NC
image.
The endpoints for the mail integration are added here.
The ThirdPartyIntegrationKeys class in admin.lib.keys is intended to be
used on both the sending and receiving part of communications.
Implementations in other languages should closely follow its design, so
we are sure communication happens as it is expected.
Broadly speaking:
- Each party receives a name (DD is always "DD") that is well-known to
all communicating parties
- Each party sets up an endpoint sharing their public key in JWK format
See: https://datatracker.ietf.org/doc/html/rfc7517
And the many JWK implementations around. This class uses python-jose's
- In a key_store folder, the remote party's public key will be cached
and the local private key will be generated and saved
- Any data exchanged between the two parties must:
- Be first encrypted with the remote party's public key
See: https://datatracker.ietf.org/doc/html/rfc7516
- Then signed with the local party's private key, by adding its
payload to a 'data' claim.
See: https://datatracker.ietf.org/doc/html/rfc7515
- Have an Authorization header with a signed JWT containing the local
party's name as the 'kid' header.
This aids the remote party in deciding which key needs to be used.
FileStorage is in werkzeug.datastructures, this didn't get caught by
mypy due to lack of type hints.
AdminFlaskApp now loads the configuration earlier, otherwise the
connection to other systems gets started with the wrong values.
While there, use .update since values from the environment are exactly what
we want to be using and the way it was written, they are expected to be
set up.
We also had swapped creation of the admin.lib.admin.Admin object and
processing admin.lib.postup.Postup; which loads some secrets needed for
moodle.
While there, refactor thread handling in AppViews since it was not
practical.
Some issues found with mypy and fixed by this commit:
src/admin/views/ApiViews.py:240: error: Name "user_ddid" is not defined
src/admin/lib/nextcloud.py:331: error: Name "group" is not defined
src/admin/lib/nextcloud.py:394: error: Name "ProviderUserNotExists" is not defined
src/admin/lib/admin.py:1604: error: Trying to read deleted variable "se"
src/admin/lib/admin.py:1798: error: Trying to read deleted variable "se"
src/admin/lib/admin.py:1903: error: Name "group" is not defined
With this commit, code from the admin module can be re-used and thanks
to adding type-hints in most places we are able to discover some bugs.
This commit attempts to fix only that which was necessary to:
- Add a reasonable amount of type hints
- Disentangle the module
There are already some issues that have been discovered by mypy.
This is all relative to the dd-sso/admin directory.
With https://pipenv.pypa.io/en/latest/ it is simple to setup a
development environment (pipenv install --dev).
By running:
echo "PYTHONPATH=$(pwd)/src" > .env
The admin module will be loaded in the virtualenvironment and e.g.
running mypy src/admin will throw different errors in the existing code.
Evilham
elena