Commit Graph

128 Commits (53674bfb243eabe3085a040f4638e1b609b47066)

Author SHA1 Message Date
Evilham df29999e62
[sso-admin] Generate script for NC mail accounts
This must be executed from cron on dd-apps-nextcloud-app.
2022-08-01 14:32:51 +02:00
Evilham da52d322af
[sso-admin] Add cache decorator for python 3.7 2022-08-01 12:59:10 +02:00
Evilham 7bf216ef69
[sso-admin] Change container not to run as root 2022-08-01 12:47:30 +02:00
elena 5af70cd6ea solved conflict main merge 2022-08-01 09:23:49 +02:00
elena 9cb2b68543 FIX: role changed on admin and on moodle 2022-08-01 09:12:55 +02:00
Evilham c19ff6cd8d
[sso-admin] Add third-party integrations
The endpoints for the mail integration are added here.

The ThirdPartyIntegrationKeys class in admin.lib.keys is intended to be
used on both the sending and receiving part of communications.

Implementations in other languages should closely follow its design, so
we are sure communication happens as it is expected.

Broadly speaking:

- Each party receives a name (DD is always "DD") that is well-known to
  all communicating parties
- Each party sets up an endpoint sharing their public key in JWK format
  See: https://datatracker.ietf.org/doc/html/rfc7517
  And the many JWK implementations around. This class uses python-jose's
- In a key_store folder, the remote party's public key will be cached
  and the local private key will be generated and saved
- Any data exchanged between the two parties must:
  - Be first encrypted with the remote party's public key
    See: https://datatracker.ietf.org/doc/html/rfc7516
  - Then signed with the local party's private key, by adding its
    payload to a 'data' claim.
    See: https://datatracker.ietf.org/doc/html/rfc7515
  - Have an Authorization header with a signed JWT containing the local
    party's name as the 'kid' header.
    This aids the remote party in deciding which key needs to be used.
2022-07-31 12:18:13 +02:00
Evilham 74b209b55b
[dd-ctl] [nc] Add patches while they land upstream
See: https://github.com/nextcloud/mail/pull/6908
2022-07-30 23:05:51 +02:00
Evilham 38cc2a0564
[sso-admin] Improve data and custom dir handling
While there also improve the default permissions for the secrets
directory.
2022-07-30 09:41:20 +02:00
Evilham 4421c5a5df
[sso-admin] Fix import and config issues
FileStorage is in werkzeug.datastructures, this didn't get caught by
mypy due to lack of type hints.

AdminFlaskApp now loads the configuration earlier, otherwise the
connection to other systems gets started with the wrong values.
While there, use .update since values from the environment are exactly what
we want to be using and the way it was written, they are expected to be
set up.

We also had swapped creation of the admin.lib.admin.Admin object and
processing admin.lib.postup.Postup; which loads some secrets needed for
moodle.
2022-07-29 20:30:43 +02:00
Evilham 64c0869e46
[sso-admin] Update requirements file 2022-07-29 19:28:42 +02:00
Evilham f80664a38b
[sso-admin] Add license entry to package.json
This was the intended license as stated in all source files.

This commit silences a warning when building the corresponding docker
images.
2022-07-29 19:05:04 +02:00
Evilham 6b4fd5482e
[sso-admin] Fix issues detected with mypy
While there, refactor thread handling in AppViews since it was not
practical.

Some issues found with mypy and fixed by this commit:

src/admin/views/ApiViews.py:240: error: Name "user_ddid" is not defined
src/admin/lib/nextcloud.py:331: error: Name "group" is not defined
src/admin/lib/nextcloud.py:394: error: Name "ProviderUserNotExists" is not defined
src/admin/lib/admin.py:1604: error: Trying to read deleted variable "se"
src/admin/lib/admin.py:1798: error: Trying to read deleted variable "se"
src/admin/lib/admin.py:1903: error: Name "group" is not defined
2022-07-29 17:25:25 +02:00
Evilham 81fff214d5
[sso-admin] Disentangle module and add type hints
With this commit, code from the admin module can be re-used and thanks
to adding type-hints in most places we are able to discover some bugs.

This commit attempts to fix only that which was necessary to:

- Add a reasonable amount of type hints
- Disentangle the module

There are already some issues that have been discovered by mypy.
2022-07-29 14:02:49 +02:00
Evilham e98323913d
[sso-admin] Add base for QA checks
This is all relative to the dd-sso/admin directory.

With https://pipenv.pypa.io/en/latest/ it is simple to setup a
development environment (pipenv install --dev).

By running:

    echo "PYTHONPATH=$(pwd)/src" > .env

The admin module will be loaded in the virtualenvironment and e.g.
running mypy src/admin will throw different errors in the existing code.
2022-07-29 13:10:33 +02:00
Evilham 1f962dbef7
[sso-admin] Fix secret handling in check script 2022-07-28 18:28:22 +02:00
Evilham 4fb3b02a46
[sso-admin] Remove left over OIDC code
This was left over by a previous contributor and is not being used and
was never really used; it looks like we can safely remove these.
2022-07-28 18:27:27 +02:00
Evilham 4324812807
[correu] Add registration for SAML client 2022-07-28 16:28:47 +02:00
Evilham 7bcc08bc6d Merge branch 'git' into 'main'
[README] List commiters before git changes

See merge request DD-workspace/DD!5
2022-07-22 11:27:18 +00:00
Evilham 9dd719a712
[README] List commiters before git changes
The authorship of the previous commits is from:

- Josep Maria Viñolas Auquer
- Simó Albert i Beltran
- Alberto Larraz Dalmases
- Yoselin Ribero
- Elena Barrios Galán
- Melina Gamboa
- Antonio Manzano
- Cecilia Bayo
- Naomi Hidalgo
- Joan Cervan Andreu
- Jose Antonio Exposito Garcia
- Raúl FS
- Unai Tolosa Pontesta
- Evilham
2022-07-22 13:25:13 +02:00
Evilham 4e625e2213
[admin] Update yarn.lock to prevent dirty workdirs 2022-07-22 12:53:41 +02:00
Evilham f5a833f5a5 Merge branch 'git' into 'main'
[README] Clarify why repo starts populated

See merge request DD-workspace/DD!4
2022-07-21 08:49:38 +00:00
Evilham c7dfd2f9d3
[README] Clarify why repo starts populated 2022-07-21 10:48:21 +02:00
Evilham c54963552f Merge branch 'main' into 'main'
Documentació per usar certificats propis

See merge request DD-workspace/DD!3
2022-07-21 08:37:47 +00:00
palaueb 71b005a42b Idealment no toquis el dd.conf.sample 2022-07-20 17:17:41 +02:00
palaueb 4ce03f8690 Afegim informació sobre com fer que funcioni amb un certificat extern a let's encrypt. 2022-07-20 16:58:38 +02:00
Evilham 56f4d7a0aa Merge branch 'mtu' into 'main'
[net] Add environment variable for MTU

Closes #1

See merge request DD-workspace/DD!1
2022-07-19 14:52:59 +00:00
Evilham 66c2544a71
[net] Add environment variable for MTU
This enables proper function in certain setups where MTU is lower than
the default (1500).

Closes #1

Reported by:	@palaueb
2022-07-18 19:17:44 +02:00
Evilham 78b0254ba0
DD education workspace
DD is the education workspace generated within the framework of Xnet's
Democratic Digitalisation Plan. It has been created and powered by Xnet,
families and promoting centres, IsardVDI, 3iPunt, MaadiX, eXO.cat,
Evilham and funded by the Directorate for Democratic Innovation, the
Barcelona City Council's Digital Innovation Commissioner, Social Economy
Commissioner, in collaboration with the Barcelona Education Consortium,
aFFaC and AirVPN.

DD can be used freely as long as this footer is included and the AGPLv3
license (https://www.gnu.org/licenses/agpl-3.0.en.html) is respected.

Trobareu meś informació en català a la documentació:
[https://dd.digitalitzacio-democratica.xnet-x.net/docs/index.ca/](https://dd.digitalitzacio-democratica.xnet-x.net/docs/index.ca/).

Más información en castellano en la documentación:
[https://dd.digitalitzacio-democratica.xnet-x.net/docs/index.es/](https://dd.digitalitzacio-democratica.xnet-x.net/docs/index.es/).

More info in English in the documentation:
[https://dd.digitalitzacio-democratica.xnet-x.net/docs/](https://dd.digitalitzacio-democratica.xnet-x.net/docs/).

We thank the help of Miriam Carles, Cristian Ruiz, Anna Francàs,
Christopher Millard.
2022-07-10 12:15:47 +02:00