Commit Graph

53 Commits (65ddc5d11e47826c8a9765d3660124e22197daa4)

Author SHA1 Message Date
Evilham e5d2a20d37
[NC] Upgrade to Nextcloud 25.0.4
This still uses a fork of nextcloud/forms and reenables that plugin.

Since version 25 of Nextcloud uses the 2.X line of the nextcloud/mail
plugin, which already includes our patches, we can get rid of them to
easen future maintenance.
2023-03-14 16:59:38 +01:00
elena 895bd122ef new font LeagueSpartan added 2023-02-17 14:16:44 +00:00
elena 647191497d new fonts 2023-02-17 14:41:20 +01:00
Evilham 1d077b71f9
[sso-admin] Fix SocketIO transitive dependency (dnspython)
Flask-SocketIO depends on dnspython but dnspython 2.3 removes
dns.rdtypes.ANY, which is needed by Flask-SocketIO so we keep it below
version 2.3
2023-01-20 11:29:51 +01:00
Evilham c9af7242c0
[NC] Work arround issue nextcloud/server#33751
That issue is fixed in NC 25, but it will likely not be backported to
NC 24.

It produces issues when modifying users and not modifying their
display name.

See also:	https://github.com/nextcloud/server/issues/33751
2023-01-13 11:26:12 +01:00
Evilham 0994ea6bed
NotaBLE: add information about the project
NotaBLE és la col·laboració entre Gwido i el Workspace educatiu DD.

És un projecte de Xnet, IsardVDI, Gwido i Taller de Músics, guanyador
de la Ciutat Proactiva 2021, suport a la innovació urbana de la
Fundació BitHabitat.
2022-12-15 12:36:00 +01:00
Evilham 583664cca8
[dd-sso] Add project texts for API documentation 2022-12-12 12:50:41 +01:00
Evilham d37b4dfa6a
[dd-sso] Add API documentation
The API spec file can be generated with:

python -m admin.views.test.test_ApiViews --generate-spec

From the admin development environment.

A simple testing ground that serves the Swagger UI can also be started with:

python -m admin.views.test.test_ApiViews
2022-12-11 19:13:03 +01:00
Evilham 10e6afe351
[dd-sso] Add tests and refactor API
These tests can be executed with:
python -m unittest discover -s admin.views.test
2022-12-11 14:00:47 +01:00
Evilham 579af2b31c
[dd-sso] Adapt admin so it is easily importable
This paves the path forward for thorough testing.
2022-12-11 10:28:37 +01:00
Evilham f3108ac3dc
[api] Add type hints and cleanup
This makes modifying the existing code easier
2022-12-06 19:26:08 +01:00
elena 2368a072d1 new footer added to admin login page 2022-12-02 13:16:38 +00:00
Evilham 071bcd827f
[dd-admin] Fix issue propagating changes to NC
There was erroneous logic that only propagated the first attribute of
many, so some attribute changes were never propagated to NextCloud.
2022-10-30 20:01:44 +01:00
Evilham 895a20abba
[dd-admin] Fix email schemas in certain API endpoints
Dot character was not being properly escaped, we switch to using
bracket expressions to avoid possible future issues.
2022-10-23 19:45:40 +02:00
Evilham 559a90fba9
[mail] Refactor queue for easier maintenance, use name
We thought the name parameter was the account name to be shown in the
plugin, but it is the contents of the "From" email header instead.

While changing that, we also update the code to better match the open
Pull Request upstream that adds the update-account to the mail plugin
for nextcloud.
2022-10-17 19:06:59 +02:00
Evilham 8cbff5b8c6
[saml] Rework SAML handling
This separates stages more efficiently, and we are e.g. able to
support newer versions of Nextcloud's SAML plugin.
2022-09-23 08:39:40 +02:00
Evilham 34761e028b
[sso-admin] Improve postup's idempotency
The class was only checking whether or not a specific token exists in
moodle, and it should ensure that it has access to the right permissions

Reported by:	@elena61
2022-09-06 19:29:37 +02:00
elena 993b5f0e24 fixed mysql-connector-python version. fixed mariadb conection user and pwd 2022-08-30 16:58:30 +02:00
Evilham 2d057ec6bc
[sso-admin] Fix regression on new installations
When introducing typing, we erroneously started passing an empty parent
Id instead of None, and the underlying Keycloak library failed to create
the groups.

Closes #15
2022-08-29 12:22:58 +02:00
Evilham 701be40cf5
[sso-admin] load svg from DOMAIN
This was previously using digitaldemocratic.net
2022-08-08 13:10:47 +02:00
Evilham 519146a58f
[sso-admin] Fix bug in user_parser 2022-08-08 12:05:42 +02:00
Evilham 1ba5e51c41
bugfix in user_parser 2022-08-06 21:47:57 +02:00
Evilham 38d4e517b3
[sso-avatars] Actually use environment variables
This was needed because previously the DEFAULT_SERVER_URL was hardcoded
in the compiled keycloak module and that URL has changed.

For consistency sso-admin uses the same environment variables (except it
needs AVATARS_SERVER_HOST instead of AVATARS_SERVER_URL).
2022-08-06 21:47:35 +02:00
elena beb0350e9a Merge branch 'main' into develop 2022-08-05 15:42:57 +02:00
elena 6ad8df956e Merge branch 'develop' of https://gitlab.com/DD-workspace/DD into develop 2022-08-05 15:42:52 +02:00
elena bf0aeaf991 ADMIN: fix moodle db name 2022-08-05 15:42:27 +02:00
elena 5c3967cbe6
variable format changed 2022-08-05 10:55:13 +02:00
elena 77342f6e8a
FIX: role changed on admin and on moodle 2022-08-05 10:55:11 +02:00
elena d9d9fc8ef0 variable format changed 2022-08-05 09:43:58 +02:00
Evilham 86baf7bd69
[sso-admin] Add compatibility keys in outgoing API 2022-08-04 14:42:17 +02:00
Evilham 822ed98ab4
[dd-sso-admin] bugfix and add tracing for 3p cbs 2022-08-04 14:05:02 +02:00
elena 8152d24b29 Merge branch 'main' into develop 2022-08-04 09:48:39 +02:00
Evilham 0eb8f5f549
[sso-admin] Fix issue when editing users
Co-written with:	@elena61
2022-08-04 09:24:37 +02:00
Evilham cf05b9675c
[dd-sso] Fix minio issue and MailViews API
Email service sends a JSON with: {"config": {...}, "users": [...]}
2022-08-03 08:16:19 +02:00
Evilham ac66814947
[sso-admin] Fix permsissions for node_modules, ncq
node_modules needs proper permissions on image build and the Nextcloud
queue on run-time.

We also realised the user must be www-data for compatibility with the NC
image.
2022-08-01 23:04:39 +02:00
Evilham df29999e62
[sso-admin] Generate script for NC mail accounts
This must be executed from cron on dd-apps-nextcloud-app.
2022-08-01 14:32:51 +02:00
Evilham da52d322af
[sso-admin] Add cache decorator for python 3.7 2022-08-01 12:59:10 +02:00
Evilham 7bf216ef69
[sso-admin] Change container not to run as root 2022-08-01 12:47:30 +02:00
elena 5af70cd6ea solved conflict main merge 2022-08-01 09:23:49 +02:00
elena 9cb2b68543 FIX: role changed on admin and on moodle 2022-08-01 09:12:55 +02:00
Evilham c19ff6cd8d
[sso-admin] Add third-party integrations
The endpoints for the mail integration are added here.

The ThirdPartyIntegrationKeys class in admin.lib.keys is intended to be
used on both the sending and receiving part of communications.

Implementations in other languages should closely follow its design, so
we are sure communication happens as it is expected.

Broadly speaking:

- Each party receives a name (DD is always "DD") that is well-known to
  all communicating parties
- Each party sets up an endpoint sharing their public key in JWK format
  See: https://datatracker.ietf.org/doc/html/rfc7517
  And the many JWK implementations around. This class uses python-jose's
- In a key_store folder, the remote party's public key will be cached
  and the local private key will be generated and saved
- Any data exchanged between the two parties must:
  - Be first encrypted with the remote party's public key
    See: https://datatracker.ietf.org/doc/html/rfc7516
  - Then signed with the local party's private key, by adding its
    payload to a 'data' claim.
    See: https://datatracker.ietf.org/doc/html/rfc7515
  - Have an Authorization header with a signed JWT containing the local
    party's name as the 'kid' header.
    This aids the remote party in deciding which key needs to be used.
2022-07-31 12:18:13 +02:00
Evilham 38cc2a0564
[sso-admin] Improve data and custom dir handling
While there also improve the default permissions for the secrets
directory.
2022-07-30 09:41:20 +02:00
Evilham 4421c5a5df
[sso-admin] Fix import and config issues
FileStorage is in werkzeug.datastructures, this didn't get caught by
mypy due to lack of type hints.

AdminFlaskApp now loads the configuration earlier, otherwise the
connection to other systems gets started with the wrong values.
While there, use .update since values from the environment are exactly what
we want to be using and the way it was written, they are expected to be
set up.

We also had swapped creation of the admin.lib.admin.Admin object and
processing admin.lib.postup.Postup; which loads some secrets needed for
moodle.
2022-07-29 20:30:43 +02:00
Evilham 64c0869e46
[sso-admin] Update requirements file 2022-07-29 19:28:42 +02:00
Evilham f80664a38b
[sso-admin] Add license entry to package.json
This was the intended license as stated in all source files.

This commit silences a warning when building the corresponding docker
images.
2022-07-29 19:05:04 +02:00
Evilham 6b4fd5482e
[sso-admin] Fix issues detected with mypy
While there, refactor thread handling in AppViews since it was not
practical.

Some issues found with mypy and fixed by this commit:

src/admin/views/ApiViews.py:240: error: Name "user_ddid" is not defined
src/admin/lib/nextcloud.py:331: error: Name "group" is not defined
src/admin/lib/nextcloud.py:394: error: Name "ProviderUserNotExists" is not defined
src/admin/lib/admin.py:1604: error: Trying to read deleted variable "se"
src/admin/lib/admin.py:1798: error: Trying to read deleted variable "se"
src/admin/lib/admin.py:1903: error: Name "group" is not defined
2022-07-29 17:25:25 +02:00
Evilham 81fff214d5
[sso-admin] Disentangle module and add type hints
With this commit, code from the admin module can be re-used and thanks
to adding type-hints in most places we are able to discover some bugs.

This commit attempts to fix only that which was necessary to:

- Add a reasonable amount of type hints
- Disentangle the module

There are already some issues that have been discovered by mypy.
2022-07-29 14:02:49 +02:00
Evilham e98323913d
[sso-admin] Add base for QA checks
This is all relative to the dd-sso/admin directory.

With https://pipenv.pypa.io/en/latest/ it is simple to setup a
development environment (pipenv install --dev).

By running:

    echo "PYTHONPATH=$(pwd)/src" > .env

The admin module will be loaded in the virtualenvironment and e.g.
running mypy src/admin will throw different errors in the existing code.
2022-07-29 13:10:33 +02:00
Evilham 1f962dbef7
[sso-admin] Fix secret handling in check script 2022-07-28 18:28:22 +02:00
Evilham 4fb3b02a46
[sso-admin] Remove left over OIDC code
This was left over by a previous contributor and is not being used and
was never really used; it looks like we can safely remove these.
2022-07-28 18:27:27 +02:00