Compare commits
340 Commits
version/0.
...
version/0.
| Author | SHA1 | Date | |
|---|---|---|---|
| c38012f147 | |||
| 3676ff21c2 | |||
| 920e705d75 | |||
| de0b137b1e | |||
| d44ac6e2a3 | |||
| 71039a4012 | |||
| 8745ac7932 | |||
| 7f70048423 | |||
| 97dbfc8885 | |||
| 149ea22a93 | |||
| 404ed5406d | |||
| b8656858ec | |||
| 6b0f0e8993 | |||
| aec1ccd88d | |||
| bee5c200b6 | |||
| 9d640efc88 | |||
| f0907841dd | |||
| 2bffc12ef9 | |||
| 2ff9ec6522 | |||
| 43a54f5c54 | |||
| 7bff2734aa | |||
| 84768c0ec6 | |||
| f4499a5459 | |||
| b3aede5bba | |||
| 531ea1c039 | |||
| c2c5ff6912 | |||
| 9cddab8fd5 | |||
| 06d15d8a27 | |||
| b5c711854b | |||
| 4cf6c36f34 | |||
| 75a6f6c875 | |||
| 62abe3f256 | |||
| 9296c41650 | |||
| 7fb48fde6d | |||
| 174472bb45 | |||
| 17575ed921 | |||
| b1b1a27444 | |||
| f97a5eeefb | |||
| 10fd96981e | |||
| 67e3eb549c | |||
| 30a6d1f0b1 | |||
| 3d1fa9f048 | |||
| 1d2be6e68b | |||
| c21e343986 | |||
| ff37ed095c | |||
| 8623a2c3fc | |||
| 23d277eaf1 | |||
| 75ced59451 | |||
| bccf424c5e | |||
| 2f9ae40d20 | |||
| 11e1eec3fb | |||
| 765c5633df | |||
| 6344b1aafb | |||
| ed25801e6e | |||
| 4d0148193f | |||
| 804ae15c2e | |||
| b35a9fad86 | |||
| a4f83bd28a | |||
| 796f83c3d0 | |||
| 2099bbb713 | |||
| 67beba8f78 | |||
| a798412e17 | |||
| 3b2c2d781f | |||
| 98c844f3d6 | |||
| 2645bd0132 | |||
| 2c4fc56b49 | |||
| 0ec1468058 | |||
| 5d1a3043b2 | |||
| b46958d1f9 | |||
| 5daa8d5fe3 | |||
| 31846f1d05 | |||
| 1fac964b8b | |||
| dfa6ed8ac2 | |||
| 66fe10299e | |||
| e0a3ec033f | |||
| 7033ec0ab9 | |||
| 4004579905 | |||
| 9fe9e48a5c | |||
| 595a6c7fe6 | |||
| 11b5860d4a | |||
| 9bdbff4cda | |||
| e0d597eeac | |||
| f576985cc9 | |||
| 22a6aef60b | |||
| ec0a6e7854 | |||
| 6904608e6f | |||
| cb3732cb2b | |||
| 57de6cbafc | |||
| b1dda764a9 | |||
| 5ec2102487 | |||
| 9f8fb7378a | |||
| 98cd646044 | |||
| 0cba1b4c45 | |||
| 53918462b6 | |||
| 8a7e74b523 | |||
| 4dc7065e97 | |||
| 3c93bb9f9f | |||
| 8143fae2d6 | |||
| 3cfe45d3cb | |||
| 8e5c3f2f31 | |||
| 5a3b2fdd49 | |||
| e47b9f0d57 | |||
| 146dd747f1 | |||
| f2ce56063b | |||
| b26f378e4c | |||
| 9072b836c6 | |||
| 2fa57d064e | |||
| 146705c60a | |||
| 5029a99df6 | |||
| e7129d18f6 | |||
| d2bf9f81d6 | |||
| 30acf0660b | |||
| dda41af5c8 | |||
| 9b5b03647b | |||
| 940b3eb943 | |||
| 16eb629b71 | |||
| 755045b226 | |||
| 61478db94e | |||
| f69f959bdb | |||
| 146edb45d4 | |||
| 045a802365 | |||
| c90d8ddcff | |||
| 3ff2ec929f | |||
| a3ef26b7ad | |||
| 19cd1624c1 | |||
| 366ef352c6 | |||
| a9031a6abc | |||
| a1a5223b58 | |||
| c723b0233f | |||
| b369eb28f1 | |||
| 9b8f390e31 | |||
| 11630c9a74 | |||
| c9ac10f6f6 | |||
| 04d613cb28 | |||
| 40866f9ecd | |||
| d8585eb872 | |||
| 15aaeda475 | |||
| 8536ef9e23 | |||
| 35b6bb6b3f | |||
| eaa573c715 | |||
| 660972e303 | |||
| a21012bf0c | |||
| 8dbafa4bda | |||
| 80049413f0 | |||
| 2739442d4a | |||
| c679f0a67c | |||
| d9a952dd03 | |||
| 9a1a0f0aa8 | |||
| 4d6bb60134 | |||
| 80e6d59382 | |||
| 81ac951872 | |||
| f33e553cfd | |||
| 9b0240dc26 | |||
| c327310392 | |||
| 457375287c | |||
| 7e87bfef5b | |||
| a7af5268de | |||
| 6d916029bb | |||
| 81fdcbadad | |||
| ec1e25fe71 | |||
| b5306e4a94 | |||
| 801b8a1e59 | |||
| 3a52059793 | |||
| 10b7d99b37 | |||
| 6be8d0cbb2 | |||
| 5b8e3689ec | |||
| 25a5d8f5da | |||
| 883d439544 | |||
| 1c3b5889e5 | |||
| 87012b65e1 | |||
| 29913773a7 | |||
| 0bc6a4fed4 | |||
| 4645d8353f | |||
| 260c5555fa | |||
| 6f7b917c38 | |||
| 1456ee6d3e | |||
| ae3d3d0295 | |||
| c23ceacd0b | |||
| 5155204283 | |||
| 5509ec9b0f | |||
| d6f9b2e47d | |||
| 67aa4aef11 | |||
| 9e46c8bfec | |||
| 1eaa9b9733 | |||
| ee05834b69 | |||
| fccc8f4959 | |||
| c721620f96 | |||
| c9f73d718e | |||
| bfa58be721 | |||
| 4bb602149e | |||
| 81ab9092fc | |||
| 29d5962c4c | |||
| 5c75339946 | |||
| 4774d9a46c | |||
| dbe16ba4fd | |||
| 6972cf00a0 | |||
| 0445be9712 | |||
| 89dbdd9585 | |||
| da88ce7150 | |||
| 5f50fcfcf5 | |||
| 96be087221 | |||
| a53a269a8c | |||
| 59565a5286 | |||
| ae3c092238 | |||
| e98e5e4e3e | |||
| d50c7ec8d4 | |||
| c0fdf377d1 | |||
| 70c11c8988 | |||
| 67b19becc1 | |||
| ae64024ef4 | |||
| e6571826cb | |||
| c621e61978 | |||
| 3626fa4b98 | |||
| 01b0eb159a | |||
| 63aa48d981 | |||
| 2e0ba05d55 | |||
| b2ac57bb67 | |||
| 4c22e5c2c8 | |||
| 4a7b0ec8a9 | |||
| 330118249e | |||
| 8d4dabde02 | |||
| cf7323c41b | |||
| edd856df7d | |||
| 5e35859db6 | |||
| acabb2df54 | |||
| e6376a05f7 | |||
| 1f45aff7ad | |||
| e1f1f617b6 | |||
| 2690675dca | |||
| 7529b51358 | |||
| c394066d99 | |||
| 9c585032ef | |||
| d408031304 | |||
| c47bc11ec0 | |||
| 1deb094afe | |||
| 501fed1922 | |||
| ad8125ac1c | |||
| b42a551fb2 | |||
| 3256be23df | |||
| f7c0c0146a | |||
| e4baf8c21e | |||
| 364f040b36 | |||
| 2b8c2b2346 | |||
| 5f861189e4 | |||
| 5e11b6687e | |||
| c4b429825d | |||
| eebbae0677 | |||
| 42b30f4507 | |||
| 0e425418df | |||
| 7fe0300b86 | |||
| c012c6be5c | |||
| a5dc193cfd | |||
| 7507ad2620 | |||
| f1291fec8d | |||
| 37aeeea239 | |||
| 0fa1fc86da | |||
| c3034ab9ac | |||
| 76694e037a | |||
| 787db41cc3 | |||
| 74da3df7cd | |||
| a6e435bd70 | |||
| c313b496aa | |||
| a7eaa74191 | |||
| 11ecdc4fcf | |||
| 2f7781b67a | |||
| 296d4f691a | |||
| 64033031b1 | |||
| 9daff7608d | |||
| 0a4af80b9b | |||
| a54adb05c4 | |||
| 43a389e596 | |||
| 2d7e8f1b50 | |||
| cf11f6b121 | |||
| 6dcdf7bcce | |||
| 56d872af15 | |||
| ca663d16fc | |||
| e05c18b19b | |||
| a7b86e46bc | |||
| 84f56674c2 | |||
| 02ab177c6d | |||
| 1232c487e9 | |||
| ef0a2bfbe8 | |||
| 05242a11ad | |||
| 4593ad7bcc | |||
| d7fd5a7fa6 | |||
| 4439378fd4 | |||
| acf65eafdd | |||
| c2ebff55ef | |||
| 99c82676b6 | |||
| 4991e9b825 | |||
| 612f95c3ba | |||
| cd91d5ca15 | |||
| cbbbb5dc08 | |||
| c1640b9411 | |||
| a4842c1f95 | |||
| a4707ddc54 | |||
| fb82d56307 | |||
| 1a1005f80d | |||
| e86cae6cac | |||
| 0b282f45e0 | |||
| 791e88ffc1 | |||
| 7bd3c4bccf | |||
| 722e2e4050 | |||
| c7fc444c95 | |||
| 20ad062814 | |||
| fcb5d36e07 | |||
| 9b131b619f | |||
| 54427f7c68 | |||
| 35eef9c28d | |||
| e88a82553d | |||
| 01a9520140 | |||
| 46667615c3 | |||
| c6721a83a4 | |||
| 46866e8ef0 | |||
| 4a49681127 | |||
| 4c3fced4e9 | |||
| 172347d90f | |||
| f54520b5cf | |||
| d7c4697625 | |||
| 5584f5bda8 | |||
| 2ce6f5a714 | |||
| c66945623a | |||
| cbae05c74c | |||
| 5b771da972 | |||
| 2db1738e4a | |||
| 95de6a14fd | |||
| 17132ebc19 | |||
| 289be46388 | |||
| 6c300b7b31 | |||
| b726583084 | |||
| 48055d1cfd | |||
| 436070f5bd | |||
| 3ee79818db | |||
| e7a02104db | |||
| 556740d7bc | |||
| 421f51770c | |||
| 96f7e70f9e | |||
| ad96f7dbb8 | |||
| e7fb48eba2 | |||
| b19b5b644d |
@ -1,44 +1,27 @@
|
||||
[bumpversion]
|
||||
current_version = 0.0.10-alpha
|
||||
current_version = 0.4.1-beta
|
||||
tag = True
|
||||
commit = True
|
||||
parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-(?P<release>.*)
|
||||
serialize = {major}.{minor}.{patch}-{release}
|
||||
message = bump version: {current_version} -> {new_version}
|
||||
message = new release: {new_version}
|
||||
tag_name = version/{new_version}
|
||||
|
||||
[bumpversion:part:release]
|
||||
optional_value = stable
|
||||
first_value = beta
|
||||
values =
|
||||
alpha
|
||||
beta
|
||||
stable
|
||||
|
||||
[bumpversion:file:helm/passbook/values.yaml]
|
||||
|
||||
[bumpversion:file:helm/passbook/Chart.yaml]
|
||||
|
||||
[bumpversion:file:.gitlab-ci.yml]
|
||||
|
||||
[bumpversion:file:passbook/__init__.py]
|
||||
|
||||
[bumpversion:file:passbook/api/__init__.py]
|
||||
|
||||
[bumpversion:file:passbook/core/__init__.py]
|
||||
|
||||
[bumpversion:file:passbook/admin/__init__.py]
|
||||
|
||||
[bumpversion:file:passbook/captcha_factor/__init__.py]
|
||||
|
||||
[bumpversion:file:passbook/oauth_client/__init__.py]
|
||||
|
||||
[bumpversion:file:passbook/ldap/__init__.py]
|
||||
|
||||
[bumpversion:file:passbook/lib/__init__.py]
|
||||
|
||||
[bumpversion:file:passbook/saml_idp/__init__.py]
|
||||
|
||||
[bumpversion:file:passbook/audit/__init__.py]
|
||||
|
||||
[bumpversion:file:passbook/oauth_provider/__init__.py]
|
||||
|
||||
[bumpversion:file:passbook/otp/__init__.py]
|
||||
[bumpversion:file:passbook/core/nginx.conf]
|
||||
|
||||
|
||||
@ -6,7 +6,6 @@ omit =
|
||||
manage.py
|
||||
*/migrations/*
|
||||
*/apps.py
|
||||
passbook/management/commands/nexus_upload.py
|
||||
passbook/management/commands/web.py
|
||||
passbook/management/commands/worker.py
|
||||
docs/
|
||||
|
||||
@ -9,3 +9,6 @@ insert_final_newline = true
|
||||
|
||||
[html]
|
||||
indent_size = 2
|
||||
|
||||
[yaml]
|
||||
indent_size = 2
|
||||
|
||||
1
.gitignore
vendored
1
.gitignore
vendored
@ -191,3 +191,4 @@ pip-selfcheck.json
|
||||
# End of https://www.gitignore.io/api/python,django
|
||||
/static/
|
||||
local.env.yml
|
||||
.vscode/
|
||||
|
||||
197
.gitlab-ci.yml
197
.gitlab-ci.yml
@ -1,140 +1,135 @@
|
||||
# Global Variables
|
||||
before_script:
|
||||
- "python3 -m pip install -U virtualenv"
|
||||
- "virtualenv env"
|
||||
- "source env/bin/activate"
|
||||
- "pip3 install -U -r requirements-dev.txt"
|
||||
stages:
|
||||
- build-base-image
|
||||
- build-dev-image
|
||||
- test
|
||||
- build
|
||||
- docs
|
||||
image: python:3.6
|
||||
services:
|
||||
- postgres:latest
|
||||
- package
|
||||
image: docker.beryju.org/passbook/dev:latest
|
||||
|
||||
variables:
|
||||
POSTGRES_DB: passbook
|
||||
POSTGRES_USER: passbook
|
||||
POSTGRES_PASSWORD: 'EK-5jnKfjrGRm<77'
|
||||
SUPERVISR_ENV: ci
|
||||
POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77"
|
||||
|
||||
before_script:
|
||||
- pip install pipenv
|
||||
# Ensure all dependencies are installed, even those not included in passbook/dev
|
||||
# According to pipenv docs, -d outputs all packages, however it actually does not
|
||||
- pipenv lock -r > requirements-all.txt
|
||||
- pipenv lock -rd >> requirements-all.txt
|
||||
- pip install -r requirements-all.txt
|
||||
|
||||
create-base-image:
|
||||
image:
|
||||
name: gcr.io/kaniko-project/executor:debug
|
||||
entrypoint: [""]
|
||||
before_script:
|
||||
- echo "{\"auths\":{\"docker.beryju.org\":{\"auth\":\"$DOCKER_AUTH\"}}}" > /kaniko/.docker/config.json
|
||||
script:
|
||||
- /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/base.Dockerfile --destination docker.beryju.org/passbook/base:latest --destination docker.beryju.org/passbook/base:0.4.1-beta
|
||||
stage: build-base-image
|
||||
only:
|
||||
refs:
|
||||
- tags
|
||||
- /^version/.*$/
|
||||
|
||||
build-dev-image:
|
||||
image:
|
||||
name: gcr.io/kaniko-project/executor:debug
|
||||
entrypoint: [""]
|
||||
before_script:
|
||||
- echo "{\"auths\":{\"docker.beryju.org\":{\"auth\":\"$DOCKER_AUTH\"}}}" > /kaniko/.docker/config.json
|
||||
script:
|
||||
- /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/dev.Dockerfile --destination docker.beryju.org/passbook/dev:latest --destination docker.beryju.org/passbook/dev:0.4.1-beta
|
||||
stage: build-dev-image
|
||||
only:
|
||||
refs:
|
||||
- tags
|
||||
- /^version/.*$/
|
||||
|
||||
include:
|
||||
- /allauth/.gitlab-ci.yml
|
||||
|
||||
isort:
|
||||
script:
|
||||
- isort -c -sg env
|
||||
stage: test
|
||||
services:
|
||||
- postgres:latest
|
||||
- redis:latest
|
||||
migrations:
|
||||
script:
|
||||
- python manage.py migrate
|
||||
stage: test
|
||||
prospector:
|
||||
script:
|
||||
- prospector
|
||||
stage: test
|
||||
pylint:
|
||||
script:
|
||||
- pylint passbook
|
||||
stage: test
|
||||
services:
|
||||
- postgres:latest
|
||||
- redis:latest
|
||||
# prospector:
|
||||
# script:
|
||||
# - prospector
|
||||
# stage: test
|
||||
# services:
|
||||
# - postgres:latest
|
||||
# - redis:latest
|
||||
# pylint:
|
||||
# script:
|
||||
# - pylint passbook
|
||||
# stage: test
|
||||
# services:
|
||||
# - postgres:latest
|
||||
# - redis:latest
|
||||
coverage:
|
||||
script:
|
||||
- coverage run manage.py test
|
||||
- coverage report
|
||||
- coverage html
|
||||
stage: test
|
||||
bandit:
|
||||
script:
|
||||
- bandit -r passbook
|
||||
stage: test
|
||||
services:
|
||||
- postgres:latest
|
||||
- redis:latest
|
||||
|
||||
package-docker:
|
||||
package-passbook-server:
|
||||
image:
|
||||
name: gcr.io/kaniko-project/executor:debug
|
||||
entrypoint: [""]
|
||||
before_script:
|
||||
- echo "{\"auths\":{\"docker.$NEXUS_URL\":{\"auth\":\"$NEXUS_AUTH\"}}}" > /kaniko/.docker/config.json
|
||||
- echo "{\"auths\":{\"docker.beryju.org\":{\"auth\":\"$DOCKER_AUTH\"}}}" > /kaniko/.docker/config.json
|
||||
script:
|
||||
- /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination docker.pkg.beryju.org/passbook:latest --destination docker.pkg.beryju.org/passbook:0.0.10-alpha
|
||||
- /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination docker.beryju.org/passbook/server:latest --destination docker.beryju.org/passbook/server:0.4.1-beta
|
||||
stage: build
|
||||
only:
|
||||
- tags
|
||||
- /^version/.*$/
|
||||
package-helm:
|
||||
build-passbook-static:
|
||||
stage: build
|
||||
image:
|
||||
name: gcr.io/kaniko-project/executor:debug
|
||||
entrypoint: [""]
|
||||
before_script:
|
||||
- echo "{\"auths\":{\"docker.beryju.org\":{\"auth\":\"$DOCKER_AUTH\"}}}" > /kaniko/.docker/config.json
|
||||
script:
|
||||
- curl https://raw.githubusercontent.com/helm/helm/master/scripts/get | bash
|
||||
- helm init --client-only
|
||||
- helm package helm/passbook
|
||||
- ./manage.py nexus_upload --method put --url $NEXUS_URL --auth $NEXUS_AUTH --repo helm *.tgz
|
||||
- /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/static.Dockerfile --destination docker.beryju.org/passbook/static:latest --destination docker.beryju.org/passbook/static:0.4.1-beta
|
||||
only:
|
||||
- tags
|
||||
- /^version/.*$/
|
||||
# package-3.5:
|
||||
# before_script:
|
||||
# - apt update
|
||||
# - apt install -y build-essential debhelper devscripts equivs python3 python3-pip
|
||||
# - cp debian/control-3.5 debian/control
|
||||
# - mk-build-deps debian/control
|
||||
# - apt install ./*build-deps*deb -f -y
|
||||
# - "python3 -m pip install -U virtualenv"
|
||||
# - "virtualenv env"
|
||||
# - "source env/bin/activate"
|
||||
# - "pip3 install -U -r requirements.txt -r requirements-dev.txt"
|
||||
# image: debian
|
||||
# script:
|
||||
# - debuild -us -uc
|
||||
# - cp ../passbook*.deb .
|
||||
# - python manage.py nexus_upload
|
||||
# artifacts:
|
||||
# paths:
|
||||
# - passbook-python3.5*deb
|
||||
# expire_in: 2 days
|
||||
# stage: build
|
||||
# only:
|
||||
# - tags
|
||||
# - /^debian/.*$/
|
||||
# package-3.6:
|
||||
# before_script:
|
||||
# - apt update
|
||||
# - apt install -y build-essential debhelper devscripts equivs python3 python3-pip
|
||||
# - cp debian/control-3.6 debian/control
|
||||
# - mk-build-deps debian/control
|
||||
# - apt install ./*build-deps*deb -f -y
|
||||
# - "python3 -m pip install -U virtualenv"
|
||||
# - "virtualenv env"
|
||||
# - "source env/bin/activate"
|
||||
# - "pip3 install -U -r requirements.txt -r requirements-dev.txt"
|
||||
# image: debian:buster
|
||||
# script:
|
||||
# - debuild -us -uc
|
||||
# - cp ../passbook*.deb .
|
||||
# - python manage.py nexus_upload
|
||||
# artifacts:
|
||||
# paths:
|
||||
# - passbook-python3.6*deb
|
||||
# expire_in: 2 days
|
||||
# stage: build
|
||||
# only:
|
||||
# - tags
|
||||
# - /^debian/.*$r
|
||||
# running collectstatic fully initialises django, hence we need that databases
|
||||
services:
|
||||
- postgres:latest
|
||||
- redis:latest
|
||||
|
||||
# docs:
|
||||
# stage: docs
|
||||
# only:
|
||||
# - master
|
||||
# - tags
|
||||
# - /^debian/.*$/
|
||||
# environment:
|
||||
# name: docs
|
||||
# url: "https://passbook.beryju.org/docs/"
|
||||
# script:
|
||||
# - apt update
|
||||
# - apt install -y rsync
|
||||
# - "mkdir ~/.ssh"
|
||||
# - "cp .gitlab/known_hosts ~/.ssh/"
|
||||
# - "pip3 install -U -r requirements-docs.txt"
|
||||
# - "eval $(ssh-agent -s)"
|
||||
# - "echo \"${CI_SSH_PRIVATE}\" | ssh-add -"
|
||||
# - mkdocs build
|
||||
# - 'rsync -avh --delete web/* "beryjuorg@ory1-web-prod-1.ory1.beryju.org:passbook.beryju.org/"'
|
||||
# - 'rsync -avh --delete site/* "beryjuorg@ory1-web-prod-1.ory1.beryju.org:passbook.beryju.org/docs/"'
|
||||
package-helm:
|
||||
image: debian:stretch-slim
|
||||
stage: package
|
||||
before_script:
|
||||
- apt update && apt install -y curl
|
||||
- curl https://raw.githubusercontent.com/helm/helm/master/scripts/get | bash
|
||||
script:
|
||||
- helm init --client-only
|
||||
- helm dependency update helm/passbook
|
||||
- helm package helm/passbook
|
||||
artifacts:
|
||||
paths:
|
||||
- passbook-*.tgz
|
||||
expire_in: 1 week
|
||||
only:
|
||||
- tags
|
||||
- /^version/.*$/
|
||||
|
||||
@ -7,6 +7,7 @@ ignore-paths:
|
||||
- migrations
|
||||
- docs
|
||||
- node_modules
|
||||
- client-packages
|
||||
|
||||
uses:
|
||||
- django
|
||||
|
||||
114
.vscode/.ropeproject/config.py
vendored
114
.vscode/.ropeproject/config.py
vendored
@ -1,114 +0,0 @@
|
||||
# The default ``config.py``
|
||||
# flake8: noqa
|
||||
|
||||
|
||||
def set_prefs(prefs):
|
||||
"""This function is called before opening the project"""
|
||||
|
||||
# Specify which files and folders to ignore in the project.
|
||||
# Changes to ignored resources are not added to the history and
|
||||
# VCSs. Also they are not returned in `Project.get_files()`.
|
||||
# Note that ``?`` and ``*`` match all characters but slashes.
|
||||
# '*.pyc': matches 'test.pyc' and 'pkg/test.pyc'
|
||||
# 'mod*.pyc': matches 'test/mod1.pyc' but not 'mod/1.pyc'
|
||||
# '.svn': matches 'pkg/.svn' and all of its children
|
||||
# 'build/*.o': matches 'build/lib.o' but not 'build/sub/lib.o'
|
||||
# 'build//*.o': matches 'build/lib.o' and 'build/sub/lib.o'
|
||||
prefs['ignored_resources'] = ['*.pyc', '*~', '.ropeproject',
|
||||
'.hg', '.svn', '_svn', '.git', '.tox']
|
||||
|
||||
# Specifies which files should be considered python files. It is
|
||||
# useful when you have scripts inside your project. Only files
|
||||
# ending with ``.py`` are considered to be python files by
|
||||
# default.
|
||||
# prefs['python_files'] = ['*.py']
|
||||
|
||||
# Custom source folders: By default rope searches the project
|
||||
# for finding source folders (folders that should be searched
|
||||
# for finding modules). You can add paths to that list. Note
|
||||
# that rope guesses project source folders correctly most of the
|
||||
# time; use this if you have any problems.
|
||||
# The folders should be relative to project root and use '/' for
|
||||
# separating folders regardless of the platform rope is running on.
|
||||
# 'src/my_source_folder' for instance.
|
||||
# prefs.add('source_folders', 'src')
|
||||
|
||||
# You can extend python path for looking up modules
|
||||
# prefs.add('python_path', '~/python/')
|
||||
|
||||
# Should rope save object information or not.
|
||||
prefs['save_objectdb'] = True
|
||||
prefs['compress_objectdb'] = False
|
||||
|
||||
# If `True`, rope analyzes each module when it is being saved.
|
||||
prefs['automatic_soa'] = True
|
||||
# The depth of calls to follow in static object analysis
|
||||
prefs['soa_followed_calls'] = 0
|
||||
|
||||
# If `False` when running modules or unit tests "dynamic object
|
||||
# analysis" is turned off. This makes them much faster.
|
||||
prefs['perform_doa'] = True
|
||||
|
||||
# Rope can check the validity of its object DB when running.
|
||||
prefs['validate_objectdb'] = True
|
||||
|
||||
# How many undos to hold?
|
||||
prefs['max_history_items'] = 32
|
||||
|
||||
# Shows whether to save history across sessions.
|
||||
prefs['save_history'] = True
|
||||
prefs['compress_history'] = False
|
||||
|
||||
# Set the number spaces used for indenting. According to
|
||||
# :PEP:`8`, it is best to use 4 spaces. Since most of rope's
|
||||
# unit-tests use 4 spaces it is more reliable, too.
|
||||
prefs['indent_size'] = 4
|
||||
|
||||
# Builtin and c-extension modules that are allowed to be imported
|
||||
# and inspected by rope.
|
||||
prefs['extension_modules'] = []
|
||||
|
||||
# Add all standard c-extensions to extension_modules list.
|
||||
prefs['import_dynload_stdmods'] = True
|
||||
|
||||
# If `True` modules with syntax errors are considered to be empty.
|
||||
# The default value is `False`; When `False` syntax errors raise
|
||||
# `rope.base.exceptions.ModuleSyntaxError` exception.
|
||||
prefs['ignore_syntax_errors'] = False
|
||||
|
||||
# If `True`, rope ignores unresolvable imports. Otherwise, they
|
||||
# appear in the importing namespace.
|
||||
prefs['ignore_bad_imports'] = False
|
||||
|
||||
# If `True`, rope will insert new module imports as
|
||||
# `from <package> import <module>` by default.
|
||||
prefs['prefer_module_from_imports'] = False
|
||||
|
||||
# If `True`, rope will transform a comma list of imports into
|
||||
# multiple separate import statements when organizing
|
||||
# imports.
|
||||
prefs['split_imports'] = False
|
||||
|
||||
# If `True`, rope will remove all top-level import statements and
|
||||
# reinsert them at the top of the module when making changes.
|
||||
prefs['pull_imports_to_top'] = True
|
||||
|
||||
# If `True`, rope will sort imports alphabetically by module name instead
|
||||
# of alphabetically by import statement, with from imports after normal
|
||||
# imports.
|
||||
prefs['sort_imports_alphabetically'] = False
|
||||
|
||||
# Location of implementation of
|
||||
# rope.base.oi.type_hinting.interfaces.ITypeHintingFactory In general
|
||||
# case, you don't have to change this value, unless you're an rope expert.
|
||||
# Change this value to inject you own implementations of interfaces
|
||||
# listed in module rope.base.oi.type_hinting.providers.interfaces
|
||||
# For example, you can add you own providers for Django Models, or disable
|
||||
# the search type-hinting in a class hierarchy, etc.
|
||||
prefs['type_hinting_factory'] = (
|
||||
'rope.base.oi.type_hinting.factory.default_type_hinting_factory')
|
||||
|
||||
|
||||
def project_opened(project):
|
||||
"""This function is called after opening the project"""
|
||||
# Do whatever you like here!
|
||||
BIN
.vscode/.ropeproject/objectdb
vendored
BIN
.vscode/.ropeproject/objectdb
vendored
Binary file not shown.
11
.vscode/settings.json
vendored
11
.vscode/settings.json
vendored
@ -1,11 +0,0 @@
|
||||
{
|
||||
"python.pythonPath": "env/bin/python",
|
||||
"editor.tabSize": 4,
|
||||
"[html]": {
|
||||
"editor.tabSize": 2
|
||||
},
|
||||
"cSpell.words": [
|
||||
"SAML",
|
||||
"passbook"
|
||||
]
|
||||
}
|
||||
26
Dockerfile
26
Dockerfile
@ -1,28 +1,8 @@
|
||||
FROM python:3.6-slim-stretch as build
|
||||
FROM docker.beryju.org/passbook/base:latest
|
||||
|
||||
COPY ./passbook/ /app/passbook
|
||||
COPY ./manage.py /app/
|
||||
COPY ./requirements.txt /app/
|
||||
|
||||
WORKDIR /app/
|
||||
|
||||
RUN mkdir /app/static/ && \
|
||||
pip install -r requirements.txt && \
|
||||
pip install psycopg2 && \
|
||||
./manage.py collectstatic --no-input
|
||||
|
||||
FROM python:3.6-slim-stretch
|
||||
|
||||
COPY ./passbook/ /app/passbook
|
||||
COPY ./manage.py /app/
|
||||
COPY ./requirements.txt /app/
|
||||
COPY --from=build /app/static /app/static/
|
||||
|
||||
WORKDIR /app/
|
||||
|
||||
RUN pip install -r requirements.txt && \
|
||||
pip install psycopg2 && \
|
||||
adduser --system --home /app/ passbook && \
|
||||
chown -R passbook /app/
|
||||
|
||||
USER passbook
|
||||
|
||||
WORKDIR /app/
|
||||
|
||||
2
LICENSE
2
LICENSE
@ -1,6 +1,6 @@
|
||||
MIT License
|
||||
|
||||
Copyright (c) 2018 BeryJu.org
|
||||
Copyright (c) 2019 BeryJu.org
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
|
||||
62
Pipfile
Normal file
62
Pipfile
Normal file
@ -0,0 +1,62 @@
|
||||
[[source]]
|
||||
name = "pypi"
|
||||
url = "https://pypi.org/simple"
|
||||
verify_ssl = true
|
||||
|
||||
[packages]
|
||||
asgiref = "*"
|
||||
beautifulsoup4 = "*"
|
||||
celery = "*"
|
||||
channels = "*"
|
||||
cherrypy = "*"
|
||||
colorlog = "*"
|
||||
daphne = "*"
|
||||
defusedxml = "*"
|
||||
django = "*"
|
||||
django-cors-middleware = "*"
|
||||
django-filters = "*"
|
||||
django-ipware = "*"
|
||||
django-model-utils = "*"
|
||||
django-oauth-toolkit = "*"
|
||||
django-oidc-provider = "*"
|
||||
django-otp = "*"
|
||||
django-recaptcha = "*"
|
||||
django-redis = "*"
|
||||
django-rest-framework = "*"
|
||||
django-revproxy = "*"
|
||||
djangorestframework = "==3.9.4"
|
||||
drf-yasg = "*"
|
||||
ldap3 = "*"
|
||||
lxml = "*"
|
||||
markdown = "*"
|
||||
oauthlib = "*"
|
||||
packaging = "*"
|
||||
psycopg2 = "*"
|
||||
pycryptodome = "*"
|
||||
pyyaml = "*"
|
||||
qrcode = "*"
|
||||
requests-oauthlib = "*"
|
||||
sentry-sdk = "*"
|
||||
service_identity = "*"
|
||||
signxml = "*"
|
||||
urllib3 = {extras = ["secure"],version = "*"}
|
||||
websocket_client = "*"
|
||||
structlog = "*"
|
||||
uwsgi = "*"
|
||||
|
||||
[requires]
|
||||
python_version = "3.7"
|
||||
|
||||
[dev-packages]
|
||||
astroid = "==2.2.5"
|
||||
coverage = "*"
|
||||
isort = "*"
|
||||
pylint = "==2.3.1"
|
||||
pylint-django = "==2.0.10"
|
||||
prospector = "==1.1.7"
|
||||
django-debug-toolbar = "*"
|
||||
bumpversion = "*"
|
||||
unittest-xml-reporting = "*"
|
||||
autopep8 = "*"
|
||||
bandit = "*"
|
||||
colorama = "*"
|
||||
1332
Pipfile.lock
generated
Normal file
1332
Pipfile.lock
generated
Normal file
File diff suppressed because it is too large
Load Diff
@ -1,27 +0,0 @@
|
||||
# Global Variables
|
||||
before_script:
|
||||
- cd allauth/
|
||||
- "python3 -m pip install -U virtualenv"
|
||||
- "virtualenv env"
|
||||
- "source env/bin/activate"
|
||||
- "pip3 install -U -r requirements-dev.txt"
|
||||
stages:
|
||||
- test-allauth
|
||||
image: python:3.6
|
||||
|
||||
isort:
|
||||
script:
|
||||
- isort -c -sg env
|
||||
stage: test-allauth
|
||||
prospector:
|
||||
script:
|
||||
- prospector
|
||||
stage: test-allauth
|
||||
pylint:
|
||||
script:
|
||||
- pylint passbook
|
||||
stage: test-allauth
|
||||
bandit:
|
||||
script:
|
||||
- bandit -r allauth_passbook
|
||||
stage: test-allauth
|
||||
@ -1,35 +0,0 @@
|
||||
"""passbook provider"""
|
||||
from allauth.socialaccount.providers.base import ProviderAccount
|
||||
from allauth.socialaccount.providers.oauth2.provider import OAuth2Provider
|
||||
|
||||
|
||||
class PassbookAccount(ProviderAccount):
|
||||
"""passbook account"""
|
||||
|
||||
def to_str(self):
|
||||
dflt = super().to_str()
|
||||
return self.account.extra_data.get('username', dflt)
|
||||
|
||||
|
||||
class PassbookProvider(OAuth2Provider):
|
||||
"""passbook provider"""
|
||||
|
||||
id = 'passbook'
|
||||
name = 'passbook'
|
||||
account_class = PassbookAccount
|
||||
|
||||
def extract_uid(self, data):
|
||||
return str(data['sub'])
|
||||
|
||||
def extract_common_fields(self, data):
|
||||
return {
|
||||
'email': data.get('email'),
|
||||
'username': data.get('preferred_username'),
|
||||
'name': data.get('name'),
|
||||
}
|
||||
|
||||
def get_default_scope(self):
|
||||
return ['openid:userinfo']
|
||||
|
||||
|
||||
provider_classes = [PassbookProvider] # noqa
|
||||
@ -1,5 +0,0 @@
|
||||
"""passbook provider"""
|
||||
from allauth.socialaccount.providers.oauth2.urls import default_urlpatterns
|
||||
from allauth_passbook.provider import PassbookProvider
|
||||
|
||||
urlpatterns = default_urlpatterns(PassbookProvider)
|
||||
@ -1,37 +0,0 @@
|
||||
"""passbook adapter"""
|
||||
import requests
|
||||
|
||||
from allauth.socialaccount import app_settings
|
||||
from allauth.socialaccount.providers.oauth2.views import (OAuth2Adapter,
|
||||
OAuth2CallbackView,
|
||||
OAuth2LoginView)
|
||||
from allauth_passbook.provider import PassbookProvider
|
||||
|
||||
|
||||
class PassbookOAuth2Adapter(OAuth2Adapter):
|
||||
"""passbook OAuth2 Adapter"""
|
||||
provider_id = PassbookProvider.id
|
||||
# pylint: disable=no-member
|
||||
settings = app_settings.PROVIDERS.get(provider_id, {}) # noqa
|
||||
provider_base_url = settings.get("PASSBOOK_URL", 'https://id.beryju.org')
|
||||
|
||||
access_token_url = '{0}/application/oauth/token/'.format(provider_base_url)
|
||||
authorize_url = '{0}/application/oauth/authorize/'.format(provider_base_url)
|
||||
profile_url = '{0}/api/v1/openid/'.format(
|
||||
provider_base_url)
|
||||
|
||||
def complete_login(self, request, app, access_token, **kwargs):
|
||||
headers = {
|
||||
'Authorization': 'Bearer {0}'.format(access_token.token),
|
||||
'Content-Type': 'application/json',
|
||||
}
|
||||
extra_data = requests.get(self.profile_url, headers=headers)
|
||||
|
||||
return self.get_provider().sociallogin_from_response(
|
||||
request,
|
||||
extra_data.json()
|
||||
)
|
||||
|
||||
|
||||
oauth2_login = OAuth2LoginView.adapter_view(PassbookOAuth2Adapter) # noqa
|
||||
oauth2_callback = OAuth2CallbackView.adapter_view(PassbookOAuth2Adapter) # noqa
|
||||
@ -1 +0,0 @@
|
||||
django-allauth
|
||||
@ -1,33 +0,0 @@
|
||||
"""passbook allauth setup.py"""
|
||||
from setuptools import setup
|
||||
|
||||
setup(
|
||||
name='django-allauth-passbook',
|
||||
version='1.0.0',
|
||||
description='passbook support for django-allauth',
|
||||
# long_description='\n'.join(read_simple('docs/index.md')[2:]),
|
||||
long_description_content_type='text/markdown',
|
||||
author='BeryJu.org',
|
||||
author_email='hello@beryju.org',
|
||||
packages=['allauth_passbook'],
|
||||
include_package_data=True,
|
||||
install_requires=['django-allauth'],
|
||||
keywords='django allauth passbook',
|
||||
license='MIT',
|
||||
classifiers=[
|
||||
'Intended Audience :: Developers',
|
||||
'Topic :: Software Development :: Libraries :: Python Modules',
|
||||
'Environment :: Web Environment',
|
||||
'Topic :: Internet',
|
||||
'License :: OSI Approved :: MIT License',
|
||||
'Operating System :: OS Independent',
|
||||
'Programming Language :: Python',
|
||||
'Programming Language :: Python :: 3.4',
|
||||
'Programming Language :: Python :: 3.5',
|
||||
'Programming Language :: Python :: 3.6',
|
||||
'Framework :: Django',
|
||||
'Framework :: Django :: 1.11',
|
||||
'Framework :: Django :: 2.0',
|
||||
'Framework :: Django :: 2.1',
|
||||
],
|
||||
)
|
||||
15
base.Dockerfile
Normal file
15
base.Dockerfile
Normal file
@ -0,0 +1,15 @@
|
||||
FROM python:3.7-alpine
|
||||
|
||||
COPY ./Pipfile /app/
|
||||
COPY ./Pipfile.lock /app/
|
||||
|
||||
WORKDIR /app/
|
||||
|
||||
RUN apk update && \
|
||||
apk add --no-cache openssl-dev build-base libxml2-dev libxslt-dev libffi-dev gcc musl-dev libgcc zlib-dev postgresql-dev && \
|
||||
pip install pipenv --no-cache-dir && \
|
||||
pipenv lock -r > requirements.txt && \
|
||||
pipenv --rm && \
|
||||
pip install -r requirements.txt --no-cache-dir && \
|
||||
adduser -S passbook && \
|
||||
chown -R passbook /app
|
||||
4
dev.Dockerfile
Normal file
4
dev.Dockerfile
Normal file
@ -0,0 +1,4 @@
|
||||
FROM docker.beryju.org/passbook/base:latest
|
||||
|
||||
RUN pipenv lock --dev -r > requirements-dev.txt && \
|
||||
pip install -r /app/requirements-dev.txt --no-cache-dir
|
||||
9
helm/passbook/Chart.lock
Normal file
9
helm/passbook/Chart.lock
Normal file
@ -0,0 +1,9 @@
|
||||
dependencies:
|
||||
- name: postgresql
|
||||
repository: https://kubernetes-charts.storage.googleapis.com/
|
||||
version: 6.3.10
|
||||
- name: redis
|
||||
repository: https://kubernetes-charts.storage.googleapis.com/
|
||||
version: 9.2.1
|
||||
digest: sha256:bdde250e1401dccdd5161e39c807f9e88b05e3e8e72e74df767a1bbb5fc39a4a
|
||||
generated: "2019-10-01T10:46:06.542706+02:00"
|
||||
@ -1,6 +1,6 @@
|
||||
apiVersion: v1
|
||||
appVersion: "0.0.10-alpha"
|
||||
appVersion: "0.4.1-beta"
|
||||
description: A Helm chart for passbook.
|
||||
name: passbook
|
||||
version: "0.0.10-alpha"
|
||||
icon: https://passbook.beryju.org/images/logo.png
|
||||
version: "0.4.1-beta"
|
||||
icon: https://git.beryju.org/uploads/-/system/project/avatar/108/logo.png
|
||||
|
||||
Binary file not shown.
BIN
helm/passbook/charts/postgresql-4.2.2.tgz
Normal file
BIN
helm/passbook/charts/postgresql-4.2.2.tgz
Normal file
Binary file not shown.
Binary file not shown.
BIN
helm/passbook/charts/redis-9.2.1.tgz
Normal file
BIN
helm/passbook/charts/redis-9.2.1.tgz
Normal file
Binary file not shown.
@ -1,9 +1,9 @@
|
||||
dependencies:
|
||||
- name: redis
|
||||
repository: https://kubernetes-charts.storage.googleapis.com/
|
||||
version: 5.1.0
|
||||
- name: postgresql
|
||||
repository: https://kubernetes-charts.storage.googleapis.com/
|
||||
version: 3.10.1
|
||||
digest: sha256:04bd136761f070e94a2ff32ff48ff87f5e07fbd451e5fd7f65551e3bd4680e5e
|
||||
generated: 2019-02-08T12:08:49.090666+01:00
|
||||
version: 4.2.2
|
||||
- name: redis
|
||||
repository: https://kubernetes-charts.storage.googleapis.com/
|
||||
version: 9.2.1
|
||||
digest: sha256:8782e974a1094eaeecf1d68f093ca4fb84977217b2bd38b09790a05ec289aec2
|
||||
generated: "2019-10-02T21:03:25.90491153Z"
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
dependencies:
|
||||
- name: redis
|
||||
version: 5.1.0
|
||||
repository: https://kubernetes-charts.storage.googleapis.com/
|
||||
- name: postgresql
|
||||
version: 3.10.1
|
||||
version: 4.2.2
|
||||
repository: https://kubernetes-charts.storage.googleapis.com/
|
||||
- name: redis
|
||||
version: 9.2.1
|
||||
repository: https://kubernetes-charts.storage.googleapis.com/
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
apiVersion: apps/v1beta2
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "passbook.fullname" . }}-web
|
||||
name: {{ include "passbook.fullname" . }}-appgw
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "passbook.name" . }}
|
||||
helm.sh/chart: {{ include "passbook.chart" . }}
|
||||
@ -18,6 +18,7 @@ spec:
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "passbook.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
passbook.io/component: appgw
|
||||
spec:
|
||||
volumes:
|
||||
- name: config-volume
|
||||
@ -25,10 +26,27 @@ spec:
|
||||
name: {{ include "passbook.fullname" . }}-config
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}
|
||||
image: "docker.pkg.beryju.org/passbook:{{ .Values.image.tag }}"
|
||||
image: "docker.beryju.org/passbook/server:{{ .Values.image.tag }}"
|
||||
imagePullPolicy: IfNotPresent
|
||||
command: ["/bin/sh","-c"]
|
||||
args: ["./manage.py migrate && ./manage.py web"]
|
||||
command:
|
||||
- ./manage.py
|
||||
args:
|
||||
- app_gw_web
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: {{ include "passbook.fullname" . }}-config
|
||||
prefix: PASSBOOK_
|
||||
env:
|
||||
- name: PASSBOOK_REDIS__PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Release.Name }}-redis"
|
||||
key: redis-password
|
||||
- name: PASSBOOK_POSTGRESQL__PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Release.Name }}-postgresql"
|
||||
key: postgresql-password
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 8000
|
||||
@ -51,16 +69,9 @@ spec:
|
||||
- name: Host
|
||||
value: kubernetes-healthcheck-host
|
||||
resources:
|
||||
{{ toYaml .Values.resources | indent 12 }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.affinity }}
|
||||
affinity:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
requests:
|
||||
cpu: 150m
|
||||
memory: 300M
|
||||
limits:
|
||||
cpu: 500m
|
||||
memory: 500M
|
||||
20
helm/passbook/templates/appgw-service.yaml
Normal file
20
helm/passbook/templates/appgw-service.yaml
Normal file
@ -0,0 +1,20 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "passbook.fullname" . }}-appgw
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "passbook.name" . }}
|
||||
helm.sh/chart: {{ include "passbook.chart" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
spec:
|
||||
type: {{ .Values.service.type }}
|
||||
ports:
|
||||
- port: {{ .Values.service.port }}
|
||||
targetPort: http
|
||||
protocol: TCP
|
||||
name: http
|
||||
selector:
|
||||
app.kubernetes.io/name: {{ include "passbook.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
passbook.io/component: appgw
|
||||
@ -4,40 +4,16 @@ metadata:
|
||||
name: {{ include "passbook.fullname" . }}-config
|
||||
data:
|
||||
config.yml: |
|
||||
# Env for Docker images
|
||||
databases:
|
||||
default:
|
||||
engine: django.db.backends.postgresql
|
||||
name: {{ .Values.postgresql.postgresqlDatabase }}
|
||||
user: postgres
|
||||
password: {{ .Values.postgresql.postgresqlPassword }}
|
||||
host: {{ .Release.Name }}-postgresql
|
||||
port: ''
|
||||
log:
|
||||
level:
|
||||
console: DEBUG
|
||||
file: DEBUG
|
||||
file: /dev/null
|
||||
syslog:
|
||||
host: 127.0.0.1
|
||||
port: 514
|
||||
email:
|
||||
host: localhost
|
||||
port: 25
|
||||
user: ''
|
||||
password: ''
|
||||
use_tls: false
|
||||
use_ssl: false
|
||||
from: passbook <passbook@domain.tld>
|
||||
web:
|
||||
listen: 0.0.0.0
|
||||
port: 8000
|
||||
threads: 30
|
||||
debug: false
|
||||
secure_proxy_header:
|
||||
HTTP_X_FORWARDED_PROTO: https
|
||||
redis: {{ .Release.Name }}-redis
|
||||
# Error reporting, sends stacktrace to sentry.services.beryju.org
|
||||
postgresql:
|
||||
host: "{{ .Release.Name }}-postgresql"
|
||||
name: "{{ .Values.postgresql.postgresqlDatabase }}"
|
||||
user: postgres
|
||||
redis:
|
||||
host: "{{ .Release.Name }}-redis-master"
|
||||
cache_db: 0
|
||||
message_queue_db: 1
|
||||
|
||||
# Error reporting, sends stacktrace to sentry.beryju.org
|
||||
error_report_enabled: {{ .Values.config.error_reporting }}
|
||||
|
||||
{{- if .Values.config.secret_key }}
|
||||
@ -46,10 +22,12 @@ data:
|
||||
secret_key: {{ randAlphaNum 50 }}
|
||||
{{- end }}
|
||||
|
||||
primary_domain: {{ .Values.primary_domain }}
|
||||
domains:
|
||||
{{- range .Values.ingress.hosts }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- range .Values.ingress.hosts }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
- kubernetes-healthcheck-host
|
||||
|
||||
passbook:
|
||||
sign_up:
|
||||
@ -105,10 +83,9 @@ data:
|
||||
email: mail # or userPrincipalName
|
||||
user_attribute_map:
|
||||
active_directory:
|
||||
sAMAccountName: username
|
||||
mail: email
|
||||
given_name: first_name
|
||||
name: last_name
|
||||
username: "%(sAMAccountName)s"
|
||||
email: "%(mail)s"
|
||||
name: "%(displayName)"
|
||||
# # Create new users in LDAP upon sign-up
|
||||
# create_users: true
|
||||
# # Reset LDAP password when user reset their password
|
||||
@ -123,6 +100,7 @@ data:
|
||||
- passbook.oauth_client.source_types.reddit
|
||||
- passbook.oauth_client.source_types.supervisr
|
||||
- passbook.oauth_client.source_types.twitter
|
||||
- passbook.oauth_client.source_types.azure_ad
|
||||
saml_idp:
|
||||
signing: true
|
||||
autosubmit: false
|
||||
@ -131,8 +109,4 @@ data:
|
||||
# List of python packages with provider types to load.
|
||||
types:
|
||||
- passbook.saml_idp.processors.generic
|
||||
- passbook.saml_idp.processors.gitlab
|
||||
- passbook.saml_idp.processors.nextcloud
|
||||
- passbook.saml_idp.processors.salesforce
|
||||
- passbook.saml_idp.processors.shibboleth
|
||||
- passbook.saml_idp.processors.wordpress_orange
|
||||
@ -1,6 +1,5 @@
|
||||
{{- if .Values.ingress.enabled -}}
|
||||
{{- $fullName := include "passbook.fullname" . -}}
|
||||
{{- $ingressPath := .Values.ingress.path -}}
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
@ -30,9 +29,22 @@ spec:
|
||||
- host: {{ . | quote }}
|
||||
http:
|
||||
paths:
|
||||
- path: {{ $ingressPath }}
|
||||
- path: /
|
||||
backend:
|
||||
serviceName: {{ $fullName }}
|
||||
serviceName: {{ $fullName }}-web
|
||||
servicePort: http
|
||||
- path: /static/
|
||||
backend:
|
||||
serviceName: {{ $fullName }}-static
|
||||
servicePort: http
|
||||
{{- end }}
|
||||
{{- range .Values.ingress.app_gw_hosts }}
|
||||
- host: {{ . | quote }}
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
backend:
|
||||
serviceName: {{ $fullName }}-appgw
|
||||
servicePort: http
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
55
helm/passbook/templates/static-deployment.yaml
Normal file
55
helm/passbook/templates/static-deployment.yaml
Normal file
@ -0,0 +1,55 @@
|
||||
apiVersion: apps/v1beta2
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "passbook.fullname" . }}-static
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "passbook.name" . }}
|
||||
helm.sh/chart: {{ include "passbook.chart" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: {{ include "passbook.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "passbook.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
k8s.passbook.io/component: static
|
||||
annotations:
|
||||
prometheus.io/scrape: "true"
|
||||
prometheus.io/port: '9113'
|
||||
field.cattle.io/workloadMetrics: '[{"path":"/metrics","port":9113,"schema":"HTTP"}]'
|
||||
spec:
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}-static
|
||||
image: "docker.beryju.org/passbook/static:{{ .Values.image.tag }}"
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 80
|
||||
protocol: TCP
|
||||
livenessProbe:
|
||||
initialDelaySeconds: 10
|
||||
timeoutSeconds: 5
|
||||
httpGet:
|
||||
path: /_/healthz
|
||||
port: http
|
||||
readinessProbe:
|
||||
initialDelaySeconds: 10
|
||||
timeoutSeconds: 5
|
||||
httpGet:
|
||||
path: /_/healthz
|
||||
port: http
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 10M
|
||||
limits:
|
||||
cpu: 20m
|
||||
memory: 20M
|
||||
- name: {{ .Chart.Name }}-static-prometheus
|
||||
image: nginx/nginx-prometheus-exporter:0.4.1
|
||||
imagePullPolicy: IfNotPresent
|
||||
21
helm/passbook/templates/static-service.yaml
Normal file
21
helm/passbook/templates/static-service.yaml
Normal file
@ -0,0 +1,21 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "passbook.fullname" . }}-static
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "passbook.name" . }}
|
||||
helm.sh/chart: {{ include "passbook.chart" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
k8s.passbook.io/component: static
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: http
|
||||
protocol: TCP
|
||||
name: http
|
||||
selector:
|
||||
app.kubernetes.io/name: {{ include "passbook.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
k8s.passbook.io/component: static
|
||||
109
helm/passbook/templates/web-deployment.yaml
Normal file
109
helm/passbook/templates/web-deployment.yaml
Normal file
@ -0,0 +1,109 @@
|
||||
apiVersion: apps/v1beta2
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "passbook.fullname" . }}-web
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "passbook.name" . }}
|
||||
helm.sh/chart: {{ include "passbook.chart" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
spec:
|
||||
replicas: {{ .Values.replicaCount }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: {{ include "passbook.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "passbook.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
passbook.io/component: web
|
||||
spec:
|
||||
volumes:
|
||||
- name: config-volume
|
||||
configMap:
|
||||
name: {{ include "passbook.fullname" . }}-config
|
||||
initContainers:
|
||||
- name: passbook-database-migrations
|
||||
image: "docker.beryju.org/passbook/server:{{ .Values.image.tag }}"
|
||||
command:
|
||||
- ./manage.py
|
||||
args:
|
||||
- migrate
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: {{ include "passbook.fullname" . }}-config
|
||||
prefix: PASSBOOK_
|
||||
env:
|
||||
- name: PASSBOOK_REDIS__PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Release.Name }}-redis"
|
||||
key: redis-password
|
||||
- name: PASSBOOK_POSTGRESQL__PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Release.Name }}-postgresql"
|
||||
key: postgresql-password
|
||||
volumeMounts:
|
||||
- mountPath: /etc/passbook
|
||||
name: config-volume
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}
|
||||
image: "docker.beryju.org/passbook/server:{{ .Values.image.tag }}"
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- uwsgi
|
||||
args:
|
||||
- --http 0.0.0.0:8000
|
||||
- --wsgi-file passbook/root/wsgi.py
|
||||
- --master
|
||||
- --processes 24
|
||||
- --threads 2
|
||||
- --offload-threads 4
|
||||
- --stats 0.0.0.0:8001
|
||||
- --stats-http
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: {{ include "passbook.fullname" . }}-config
|
||||
prefix: PASSBOOK_
|
||||
env:
|
||||
- name: PASSBOOK_REDIS__PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Release.Name }}-redis"
|
||||
key: redis-password
|
||||
- name: PASSBOOK_POSTGRESQL__PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Release.Name }}-postgresql"
|
||||
key: postgresql-password
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 8000
|
||||
protocol: TCP
|
||||
volumeMounts:
|
||||
- mountPath: /etc/passbook
|
||||
name: config-volume
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: http
|
||||
httpHeaders:
|
||||
- name: Host
|
||||
value: kubernetes-healthcheck-host
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: http
|
||||
httpHeaders:
|
||||
- name: Host
|
||||
value: kubernetes-healthcheck-host
|
||||
resources:
|
||||
requests:
|
||||
cpu: 50m
|
||||
memory: 150M
|
||||
limits:
|
||||
cpu: 200m
|
||||
memory: 300M
|
||||
@ -1,7 +1,7 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "passbook.fullname" . }}
|
||||
name: {{ include "passbook.fullname" . }}-web
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "passbook.name" . }}
|
||||
helm.sh/chart: {{ include "passbook.chart" . }}
|
||||
@ -17,3 +17,4 @@ spec:
|
||||
selector:
|
||||
app.kubernetes.io/name: {{ include "passbook.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
passbook.io/component: web
|
||||
@ -18,6 +18,7 @@ spec:
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "passbook.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
passbook.io/component: worker
|
||||
spec:
|
||||
volumes:
|
||||
- name: config-volume
|
||||
@ -25,9 +26,27 @@ spec:
|
||||
name: {{ include "passbook.fullname" . }}-config
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}
|
||||
image: "docker.pkg.beryju.org/passbook:{{ .Values.image.tag }}"
|
||||
image: "docker.beryju.org/passbook/server:{{ .Values.image.tag }}"
|
||||
imagePullPolicy: IfNotPresent
|
||||
command: ["./manage.py", "worker"]
|
||||
command:
|
||||
- ./manage.py
|
||||
args:
|
||||
- worker
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: {{ include "passbook.fullname" . }}-config
|
||||
prefix: PASSBOOK_
|
||||
env:
|
||||
- name: PASSBOOK_REDIS__PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Release.Name }}-redis"
|
||||
key: redis-password
|
||||
- name: PASSBOOK_POSTGRESQL__PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Release.Name }}-postgresql"
|
||||
key: postgresql-password
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 8000
|
||||
@ -36,16 +55,9 @@ spec:
|
||||
- mountPath: /etc/passbook
|
||||
name: config-volume
|
||||
resources:
|
||||
{{ toYaml .Values.resources | indent 12 }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.affinity }}
|
||||
affinity:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
requests:
|
||||
cpu: 150m
|
||||
memory: 300M
|
||||
limits:
|
||||
cpu: 300m
|
||||
memory: 500M
|
||||
@ -5,7 +5,7 @@
|
||||
replicaCount: 1
|
||||
|
||||
image:
|
||||
tag: latest
|
||||
tag: 0.4.1-beta
|
||||
|
||||
nameOverride: ""
|
||||
|
||||
@ -14,10 +14,16 @@ config:
|
||||
# secret_key: _k*@6h2u2@q-dku57hhgzb7tnx*ba9wodcb^s9g0j59@=y(@_o
|
||||
# Enable error reporting
|
||||
error_reporting: true
|
||||
email:
|
||||
host: localhost
|
||||
|
||||
postgresql:
|
||||
postgresqlDatabase: passbook
|
||||
postgresqlPassword: foo
|
||||
postgresqlDatabase: passbook
|
||||
postgresqlPassword: foo
|
||||
|
||||
rabbitmq:
|
||||
rabbitmq:
|
||||
password: foo
|
||||
|
||||
service:
|
||||
type: ClusterIP
|
||||
@ -31,7 +37,8 @@ ingress:
|
||||
path: /
|
||||
hosts:
|
||||
- passbook.k8s.local
|
||||
- kubernetes-healthcheck-host
|
||||
app_gw_hosts:
|
||||
- '*.passbook.k8s.local'
|
||||
defaultHost: passbook.k8s.local
|
||||
tls: []
|
||||
# - secretName: chart-example-tls
|
||||
|
||||
@ -4,7 +4,7 @@ import os
|
||||
import sys
|
||||
|
||||
if __name__ == '__main__':
|
||||
os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'passbook.core.settings')
|
||||
os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'passbook.root.settings')
|
||||
try:
|
||||
from django.core.management import execute_from_command_line
|
||||
except ImportError as exc:
|
||||
|
||||
@ -1,2 +1,2 @@
|
||||
"""passbook"""
|
||||
__version__ = '0.0.10-alpha'
|
||||
__version__ = '0.4.1-beta'
|
||||
|
||||
@ -1,2 +0,0 @@
|
||||
"""passbook admin"""
|
||||
__version__ = '0.0.10-alpha'
|
||||
|
||||
@ -11,7 +11,7 @@ class UserSerializer(ModelSerializer):
|
||||
|
||||
class Meta:
|
||||
model = User
|
||||
fields = ['is_superuser', 'username', 'first_name', 'last_name', 'email', 'date_joined',
|
||||
fields = ['is_superuser', 'username', 'name', 'email', 'date_joined',
|
||||
'uuid']
|
||||
|
||||
|
||||
|
||||
17
passbook/admin/forms/users.py
Normal file
17
passbook/admin/forms/users.py
Normal file
@ -0,0 +1,17 @@
|
||||
"""passbook administrative user forms"""
|
||||
|
||||
from django import forms
|
||||
|
||||
from passbook.core.models import User
|
||||
|
||||
|
||||
class UserForm(forms.ModelForm):
|
||||
"""Update User Details"""
|
||||
|
||||
class Meta:
|
||||
|
||||
model = User
|
||||
fields = ['username', 'name', 'email', 'is_staff', 'is_active']
|
||||
widgets = {
|
||||
'name': forms.TextInput
|
||||
}
|
||||
25
passbook/admin/middleware.py
Normal file
25
passbook/admin/middleware.py
Normal file
@ -0,0 +1,25 @@
|
||||
"""passbook admin Middleware to impersonate users"""
|
||||
|
||||
from passbook.core.models import User
|
||||
|
||||
|
||||
def impersonate(get_response):
|
||||
"""Middleware to impersonate users"""
|
||||
|
||||
def middleware(request):
|
||||
"""Middleware to impersonate users"""
|
||||
|
||||
# User is superuser and has __impersonate ID set
|
||||
if request.user.is_superuser and "__impersonate" in request.GET:
|
||||
request.session['impersonate_id'] = request.GET["__impersonate"]
|
||||
# user wants to stop impersonation
|
||||
elif "__unimpersonate" in request.GET and 'impersonate_id' in request.session:
|
||||
del request.session['impersonate_id']
|
||||
|
||||
# Actually impersonate user
|
||||
if request.user.is_superuser and 'impersonate_id' in request.session:
|
||||
request.user = User.objects.get(pk=request.session['impersonate_id'])
|
||||
|
||||
response = get_response(request)
|
||||
return response
|
||||
return middleware
|
||||
@ -1,2 +0,0 @@
|
||||
django-rest-framework
|
||||
drf_yasg
|
||||
5
passbook/admin/settings.py
Normal file
5
passbook/admin/settings.py
Normal file
@ -0,0 +1,5 @@
|
||||
"""passbook admin settings"""
|
||||
|
||||
MIDDLEWARE = [
|
||||
'passbook.admin.middleware.impersonate',
|
||||
]
|
||||
@ -12,7 +12,7 @@
|
||||
<h1><span class="pficon-applications"></span> {% trans "Applications" %}</h1>
|
||||
<span>{% trans "External Applications which use passbook as Identity-Provider, utilizing protocols like OAuth2 and SAML." %}</span>
|
||||
<hr>
|
||||
<a href="{% url 'passbook_admin:application-create' %}" class="btn btn-primary">
|
||||
<a href="{% url 'passbook_admin:application-create' %}?back={{ request.get_full_path }}" class="btn btn-primary">
|
||||
{% trans 'Create...' %}
|
||||
</a>
|
||||
<hr>
|
||||
@ -21,6 +21,7 @@
|
||||
<tr>
|
||||
<th>{% trans 'Name' %}</th>
|
||||
<th>{% trans 'Provider' %}</th>
|
||||
<th>{% trans 'Provider Type' %}</th>
|
||||
<th></th>
|
||||
</tr>
|
||||
</thead>
|
||||
@ -28,7 +29,8 @@
|
||||
{% for application in object_list %}
|
||||
<tr>
|
||||
<td>{{ application.name }}</td>
|
||||
<td>{{ application.provider }}</td>
|
||||
<td>{{ application.get_provider }}</td>
|
||||
<td>{{ application.get_provider|verbose_name }}</td>
|
||||
<td>
|
||||
<a class="btn btn-default btn-sm"
|
||||
href="{% url 'passbook_admin:application-update' pk=application.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
|
||||
|
||||
@ -4,36 +4,4 @@
|
||||
{% load is_active %}
|
||||
|
||||
{% block nav_secondary %}
|
||||
<ul class="nav navbar-nav navbar-persistent">
|
||||
<li class="{% is_active 'passbook_admin:overview' %}">
|
||||
<a href="{% url 'passbook_admin:overview' %}">{% trans 'Overview' %}</a>
|
||||
</li>
|
||||
<li class="{% is_active 'passbook_admin:applications' 'passbook_admin:application-create' 'passbook_admin:application-update' 'passbook_admin:application-delete' %}">
|
||||
<a href="{% url 'passbook_admin:applications' %}">{% trans 'Applications' %}</a>
|
||||
</li>
|
||||
<li class="{% is_active 'passbook_admin:sources' 'passbook_admin:source-create' 'passbook_admin:source-update' 'passbook_admin:source-delete' %}">
|
||||
<a href="{% url 'passbook_admin:sources' %}">{% trans 'Sources' %}</a>
|
||||
</li>
|
||||
<li class="{% is_active 'passbook_admin:providers' 'passbook_admin:provider-create' 'passbook_admin:provider-update' 'passbook_admin:provider-delete' %}">
|
||||
<a href="{% url 'passbook_admin:providers' %}">{% trans 'Providers' %}</a>
|
||||
</li>
|
||||
<li class="{% is_active 'passbook_admin:factors' 'passbook_admin:factor-create' 'passbook_admin:factor-update' 'passbook_admin:factor-delete' %}">
|
||||
<a href="{% url 'passbook_admin:factors' %}">{% trans 'Factors' %}</a>
|
||||
</li>
|
||||
<li class="{% is_active 'passbook_admin:policies' 'passbook_admin:policy-create' 'passbook_admin:policy-update' 'passbook_admin:policy-delete' 'passbook_admin:policy-test' %}">
|
||||
<a href="{% url 'passbook_admin:policies' %}">{% trans 'Policies' %}</a>
|
||||
</li>
|
||||
<li class="{% is_active 'passbook_admin:invitations' 'passbook_admin:invitation-create' 'passbook_admin:invitation-update' 'passbook_admin:invitation-delete' 'passbook_admin:invitation-test' %}">
|
||||
<a href="{% url 'passbook_admin:invitations' %}">{% trans 'Invitations' %}</a>
|
||||
</li>
|
||||
<li class="{% is_active 'passbook_admin:users' 'passbook_admin:user-update' 'passbook_admin:user-delete' %}">
|
||||
<a href="{% url 'passbook_admin:users' %}">{% trans 'Users' %}</a>
|
||||
</li>
|
||||
<li class="{% is_active 'passbook_admin:audit-log' %}">
|
||||
<a href="{% url 'passbook_admin:audit-log' %}">{% trans 'Audit Log' %}</a>
|
||||
</li>
|
||||
<li class="{% is_active_app 'admin' %}">
|
||||
<a href="{% url 'admin:index' %}">{% trans 'Django' %}</a>
|
||||
</li>
|
||||
</ul>
|
||||
{% endblock %}
|
||||
|
||||
31
passbook/admin/templates/administration/debug/request.html
Normal file
31
passbook/admin/templates/administration/debug/request.html
Normal file
@ -0,0 +1,31 @@
|
||||
{% extends "administration/base.html" %}
|
||||
|
||||
{% load i18n %}
|
||||
{% load utils %}
|
||||
|
||||
{% block title %}
|
||||
{% title %}
|
||||
{% endblock %}
|
||||
|
||||
{% block content %}
|
||||
<div class="container">
|
||||
<h1><span class="pficon-applications"></span> {% trans "Request" %}</h1>
|
||||
<hr>
|
||||
<table class="table table-striped table-bordered">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>{% trans 'Key' %}</th>
|
||||
<th>{% trans 'Value' %}</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
{% for key, value in request_dict.items %}
|
||||
<tr>
|
||||
<td>{{ key }}</td>
|
||||
<td>{{ value }}</td>
|
||||
</tr>
|
||||
{% endfor %}
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
{% endblock %}
|
||||
@ -21,7 +21,7 @@
|
||||
<ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
|
||||
{% for type, name in types.items %}
|
||||
<li role="presentation"><a role="menuitem" tabindex="-1"
|
||||
href="{% url 'passbook_admin:factor-create' %}?type={{ type }}">{{ name }}</a></li>
|
||||
href="{% url 'passbook_admin:factor-create' %}?type={{ type }}&back={{ request.get_full_path }}">{{ name }}</a></li>
|
||||
{% endfor %}
|
||||
</ul>
|
||||
</div>
|
||||
@ -40,7 +40,7 @@
|
||||
{% for factor in object_list %}
|
||||
<tr>
|
||||
<td>{{ factor.name }} ({{ factor.slug }})</td>
|
||||
<td>{{ factor.type }}</td>
|
||||
<td>{{ factor|verbose_name }}</td>
|
||||
<td>{{ factor.order }}</td>
|
||||
<td>{{ factor.enabled }}</td>
|
||||
<td>
|
||||
|
||||
45
passbook/admin/templates/administration/group/list.html
Normal file
45
passbook/admin/templates/administration/group/list.html
Normal file
@ -0,0 +1,45 @@
|
||||
{% extends "administration/base.html" %}
|
||||
|
||||
{% load i18n %}
|
||||
{% load utils %}
|
||||
|
||||
{% block title %}
|
||||
{% title %}
|
||||
{% endblock %}
|
||||
|
||||
{% block content %}
|
||||
<div class="container">
|
||||
<h1><span class="pficon-users"></span> {% trans "Groups" %}</h1>
|
||||
<span>{% trans "Group users together and give them permissions based on the membership." %}</span>
|
||||
<hr>
|
||||
<a href="{% url 'passbook_admin:group-create' %}?back={{ request.get_full_path }}" class="btn btn-primary">
|
||||
{% trans 'Create...' %}
|
||||
</a>
|
||||
<hr>
|
||||
<table class="table table-striped table-bordered">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>{% trans 'Name' %}</th>
|
||||
<th>{% trans 'Parent' %}</th>
|
||||
<th>{% trans 'Members' %}</th>
|
||||
<th></th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
{% for group in object_list %}
|
||||
<tr>
|
||||
<td>{{ group.name }}</td>
|
||||
<td>{{ group.parent }}</td>
|
||||
<td>{{ group.user_set.all|length }}</td>
|
||||
<td>
|
||||
<a class="btn btn-default btn-sm"
|
||||
href="{% url 'passbook_admin:group-update' pk=group.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
|
||||
<a class="btn btn-default btn-sm"
|
||||
href="{% url 'passbook_admin:group-delete' pk=group.uuid %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
|
||||
</td>
|
||||
</tr>
|
||||
{% endfor %}
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
{% endblock %}
|
||||
@ -1,83 +0,0 @@
|
||||
{% extends "administration/base.html" %}
|
||||
|
||||
{% load i18n %}
|
||||
{% load static %}
|
||||
{% load utils %}
|
||||
|
||||
{% block head %}
|
||||
{{ block.super }}
|
||||
<link rel="stylesheet" href="{% static 'css/bootstrap-treeview.min.css'%}">
|
||||
{% endblock %}
|
||||
|
||||
{% block scripts %}
|
||||
{{ block.super }}
|
||||
<script src="{% static 'js/bootstrap-treeview.min.js' %}"></script>
|
||||
<script>
|
||||
var cleanupData = function (obj) {
|
||||
return {
|
||||
text: obj.name,
|
||||
href: '?group=' + obj.uuid,
|
||||
nodes: obj.children.map(cleanupData),
|
||||
};
|
||||
}
|
||||
$(function() {
|
||||
var apiUrl = "{% url 'passbook_admin:group-list' %}?format=json";
|
||||
$.ajax({
|
||||
url: apiUrl,
|
||||
}).done(function(data) {
|
||||
$('#treeview1').treeview({
|
||||
collapseIcon: "fa fa-angle-down",
|
||||
data: data.map(cleanupData),
|
||||
expandIcon: "fa fa-angle-right",
|
||||
nodeIcon: "fa pficon-users",
|
||||
showBorder: true,
|
||||
enableLinks: true,
|
||||
onNodeSelected: function (event, node) {
|
||||
window.location.href = node.href;
|
||||
}
|
||||
});
|
||||
});
|
||||
});
|
||||
</script>
|
||||
{% endblock %}
|
||||
|
||||
{% block title %}
|
||||
{% title %}
|
||||
{% endblock %}
|
||||
|
||||
{% block content %}
|
||||
<div class="col-md-3">
|
||||
<div id="treeview1" class="treeview">
|
||||
</div>
|
||||
</div>
|
||||
<div class="col-md-9">
|
||||
<h1>{% trans "Invitations" %}</h1>
|
||||
<a href="{% url 'passbook_admin:invitation-create' %}" class="btn btn-primary">
|
||||
{% trans 'Create...' %}
|
||||
</a>
|
||||
<hr>
|
||||
<table class="table table-striped table-bordered">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>{% trans 'Expiry' %}</th>
|
||||
<th>{% trans 'Link' %}</th>
|
||||
<th></th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
{% for invitation in object_list %}
|
||||
<tr>
|
||||
<td>{{ invitation.expires|default:"Never" }}</td>
|
||||
<td>
|
||||
<pre>{{ invitation.link }}</pre>
|
||||
</td>
|
||||
<td>
|
||||
<a class="btn btn-default btn-sm" href="{% url 'passbook_admin:invitation-delete' pk=invitation.uuid %}?back={{ request.get_full_path }}">{%
|
||||
trans 'Delete' %}</a>
|
||||
</td>
|
||||
</tr>
|
||||
{% endfor %}
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
{% endblock %}
|
||||
@ -12,7 +12,7 @@
|
||||
<h1><span class="pficon-migration"></span> {% trans "Invitations" %}</h1>
|
||||
<span>{% trans "Create Invitation Links which optionally force a username or expire on a set date." %}</span>
|
||||
<hr>
|
||||
<a href="{% url 'passbook_admin:invitation-create' %}" class="btn btn-primary">
|
||||
<a href="{% url 'passbook_admin:invitation-create' %}?back={{ request.get_full_path }}" class="btn btn-primary">
|
||||
{% trans 'Create...' %}
|
||||
</a>
|
||||
<hr>
|
||||
|
||||
@ -54,7 +54,11 @@
|
||||
<p class="card-pf-aggregate-status-notifications">
|
||||
<span class="card-pf-aggregate-status-notification">
|
||||
<a href="{% url 'passbook_admin:providers' %}">
|
||||
<span class="pficon pficon-ok"></span>{{ provider_count }}
|
||||
{% if providers_without_application.exists %}
|
||||
<span class="pficon-warning-triangle-o" data-toggle="tooltip" data-placement="right" title="{% trans 'Warning: At least one Provider has no application assigned.' %}"></span> {{ provider_count }}
|
||||
{% else %}
|
||||
<span class="pficon pficon-ok"></span> {{ provider_count }}
|
||||
{% endif %}
|
||||
</a>
|
||||
</span>
|
||||
</p>
|
||||
@ -72,9 +76,13 @@
|
||||
<div class="card-pf-body">
|
||||
<p class="card-pf-aggregate-status-notifications">
|
||||
<span class="card-pf-aggregate-status-notification">
|
||||
<a href="{% url 'passbook_admin:factors' %}">
|
||||
<span class="pficon pficon-ok"></span>{{ factor_count }}
|
||||
</a>
|
||||
{% if factor_count < 1 %}
|
||||
<span class="pficon-error-circle-o" data-toggle="tooltip" data-placement="right"
|
||||
title="{% trans 'No Factors configured. No Users will be able to login.' %}"></span>
|
||||
{{ factor_count }}
|
||||
{% else %}
|
||||
<span class="pficon pficon-ok"></span>{{ factor_count }}
|
||||
{% endif %}
|
||||
</span>
|
||||
</p>
|
||||
</div>
|
||||
@ -91,9 +99,13 @@
|
||||
<div class="card-pf-body">
|
||||
<p class="card-pf-aggregate-status-notifications">
|
||||
<span class="card-pf-aggregate-status-notification">
|
||||
<a href="{% url 'passbook_admin:policies' %}">
|
||||
<span class="pficon pficon-ok"></span>{{ policy_count }}
|
||||
</a>
|
||||
{% if policies_without_attachment > 0 %}
|
||||
<span class="pficon-warning-triangle-o" data-toggle="tooltip" data-placement="right"
|
||||
title="{% trans 'Policies without attachment exist.' %}"></span>
|
||||
{{ policy_count }}
|
||||
{% else %}
|
||||
<span class="pficon pficon-ok"></span>{{ policy_count }}
|
||||
{% endif %}
|
||||
</span>
|
||||
</p>
|
||||
</div>
|
||||
@ -140,10 +152,8 @@
|
||||
<div class="col-xs-6 col-sm-2 col-md-2">
|
||||
<div class="card-pf card-pf-accented card-pf-aggregate-status">
|
||||
<h2 class="card-pf-title">
|
||||
<a href="#">
|
||||
<span class="pficon-bundle"></span>
|
||||
<span class="card-pf-aggregate-status-count"></span> {% trans 'Version' %}
|
||||
</a>
|
||||
<span class="pficon-bundle"></span>
|
||||
<span class="card-pf-aggregate-status-count"></span> {% trans 'Version' %}
|
||||
</h2>
|
||||
<div class="card-pf-body">
|
||||
<p class="card-pf-aggregate-status-notifications">
|
||||
@ -168,7 +178,34 @@
|
||||
<p class="card-pf-aggregate-status-notifications">
|
||||
<span class="card-pf-aggregate-status-notification">
|
||||
<a href="#">
|
||||
{% if worker_count < 1%}
|
||||
<span class="pficon-error-circle-o" data-toggle="tooltip" data-placement="right"
|
||||
title="{% trans 'No workers connected. Policies will not work and you may expect other issues.' %}"></span> {{ worker_count }}
|
||||
{% else %}
|
||||
<span class="pficon pficon-ok"></span>{{ worker_count }}
|
||||
{% endif %}
|
||||
</a>
|
||||
</span>
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="col-xs-6 col-sm-2 col-md-2">
|
||||
<div class="card-pf card-pf-accented card-pf-aggregate-status">
|
||||
<h2 class="card-pf-title">
|
||||
<span class="pficon-server"></span>
|
||||
<span class="card-pf-aggregate-status-count"></span> {% trans 'Cached Policies' %}
|
||||
</h2>
|
||||
<div class="card-pf-body">
|
||||
<p class="card-pf-aggregate-status-notifications">
|
||||
<span class="card-pf-aggregate-status-notification">
|
||||
<a href="#" data-toggle="modal" data-target="#clearCacheMOdal">
|
||||
{% if cached_policies < 1 %}
|
||||
<span class="pficon-warning-triangle-o" data-toggle="tooltip" data-placement="right"
|
||||
title="{% trans 'No policies cached. Users may experience slow response times.' %}"></span> {{ cached_policies }}
|
||||
{% else %}
|
||||
<span class="pficon pficon-ok"></span>{{ cached_policies }}
|
||||
{% endif %}
|
||||
</a>
|
||||
</span>
|
||||
</p>
|
||||
@ -176,4 +213,36 @@
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="modal fade" id="clearCacheMOdal" tabindex="-1" role="dialog" aria-labelledby="clearCacheMOdalLabel" aria-hidden="true">
|
||||
<div class="modal-dialog">
|
||||
<div class="modal-content">
|
||||
<div class="modal-header">
|
||||
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">
|
||||
<span class="pficon pficon-close"></span>
|
||||
</button>
|
||||
<h4 class="modal-title" id="clearCacheMOdalLabel">{% trans 'Clear Cache' %}</h4>
|
||||
</div>
|
||||
<div class="modal-body">
|
||||
<form method="post" id="clearForm">
|
||||
{% csrf_token %}
|
||||
<input type="hidden" name="clear">
|
||||
<p>
|
||||
{% blocktrans %}
|
||||
Are you sure you want to clear the cache? This includes all user sessions and all cached Policy results.
|
||||
{% endblocktrans %}
|
||||
</p>
|
||||
<h3>
|
||||
{% blocktrans %}
|
||||
This will also log you out.
|
||||
{% endblocktrans %}
|
||||
</h3>
|
||||
</form>
|
||||
</div>
|
||||
<div class="modal-footer">
|
||||
<button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
|
||||
<button form="clearForm" type="submit" type="button" class="btn btn-danger">{% trans 'Clear' %}</button>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
{% endblock %}
|
||||
|
||||
@ -20,7 +20,7 @@
|
||||
<ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
|
||||
{% for type, name in types.items %}
|
||||
<li role="presentation"><a role="menuitem" tabindex="-1"
|
||||
href="{% url 'passbook_admin:policy-create' %}?type={{ type }}">{{ name }}</a></li>
|
||||
href="{% url 'passbook_admin:policy-create' %}?type={{ type }}&back={{ request.get_full_path }}">{{ name }}</a></li>
|
||||
{% endfor %}
|
||||
</ul>
|
||||
</div>
|
||||
@ -28,16 +28,24 @@
|
||||
<table class="table table-striped table-bordered">
|
||||
<thead>
|
||||
<tr>
|
||||
<th></th>
|
||||
<th>{% trans 'Name' %}</th>
|
||||
<th>{% trans 'Class' %}</th>
|
||||
<th>{% trans 'Type' %}</th>
|
||||
<th></th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
{% for policy in object_list %}
|
||||
<tr>
|
||||
<tr {% if not policy.policymodel_set.exists %} class="warning" {% endif %}>
|
||||
<th>
|
||||
{% if not policy.policymodel_set.exists %}
|
||||
<span class="pficon-warning-triangle-o" data-toggle="tooltip" data-placement="right" title="{% trans 'Warning: Policy is not assigned.' %}"></span>
|
||||
{% else %}
|
||||
<span class="pficon-ok" data-toggle="tooltip" data-placement="right" title="{% blocktrans with objects=policy.policymodel_set.all|join:', ' %}Assigned to objects {{ objects }}{% endblocktrans %}"></span>
|
||||
{% endif %}
|
||||
</th>
|
||||
<td>{{ policy.name }}</td>
|
||||
<td>{{ policy|fieldtype }}</td>
|
||||
<td>{{ policy|verbose_name }}</td>
|
||||
<td>
|
||||
<a class="btn btn-default btn-sm"
|
||||
href="{% url 'passbook_admin:policy-update' pk=policy.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
|
||||
|
||||
@ -5,3 +5,22 @@
|
||||
{% block above_form %}
|
||||
<h1>{% blocktrans with policy=policy %}Test policy {{ policy }}{% endblocktrans %}</h1>
|
||||
{% endblock %}
|
||||
|
||||
{% block action %}
|
||||
{% trans 'Test' %}
|
||||
{% endblock %}
|
||||
|
||||
{% block beneath_form %}
|
||||
<p class="loading" style="display: none;">
|
||||
<span class="spinner spinner-xs spinner-inline"></span> {% trans 'Processing, please wait...' %}
|
||||
</p>
|
||||
{% endblock %}
|
||||
|
||||
{% block scripts %}
|
||||
{{ block.super }}
|
||||
<script>
|
||||
$('form').on('submit', function () {
|
||||
$('p.loading').show();
|
||||
})
|
||||
</script>
|
||||
{% endblock %}
|
||||
|
||||
@ -0,0 +1,52 @@
|
||||
{% extends "administration/base.html" %}
|
||||
|
||||
{% load i18n %}
|
||||
{% load utils %}
|
||||
|
||||
{% block title %}
|
||||
{% title %}
|
||||
{% endblock %}
|
||||
|
||||
{% block content %}
|
||||
<div class="container">
|
||||
<h1><span class="fa fa-table"></span> {% trans "Property Mappings" %}</h1>
|
||||
<span>{% trans "Property Mappings allow you expose provider-specific attributes." %}</span>
|
||||
<hr>
|
||||
<div class="dropdown">
|
||||
<button class="btn btn-primary dropdown-toggle" type="button" id="createDropdown" data-toggle="dropdown">
|
||||
{% trans 'Create...' %}
|
||||
<span class="caret"></span>
|
||||
</button>
|
||||
<ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
|
||||
{% for type, name in types.items %}
|
||||
<li role="presentation"><a role="menuitem" tabindex="-1"
|
||||
href="{% url 'passbook_admin:property-mapping-create' %}?type={{ type }}&back={{ request.get_full_path }}">{{ name }}</a></li>
|
||||
{% endfor %}
|
||||
</ul>
|
||||
</div>
|
||||
<hr>
|
||||
<table class="table table-striped table-bordered">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>{% trans 'Name' %}</th>
|
||||
<th>{% trans 'Type' %}</th>
|
||||
<th></th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
{% for property_mapping in object_list %}
|
||||
<tr>
|
||||
<td>{{ property_mapping.name }}</td>
|
||||
<td>{{ property_mapping|verbose_name }}</td>
|
||||
<td>
|
||||
<a class="btn btn-default btn-sm"
|
||||
href="{% url 'passbook_admin:property-mapping-update' pk=property_mapping.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
|
||||
<a class="btn btn-default btn-sm"
|
||||
href="{% url 'passbook_admin:property-mapping-delete' pk=property_mapping.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
|
||||
</td>
|
||||
</tr>
|
||||
{% endfor %}
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
{% endblock %}
|
||||
@ -21,7 +21,7 @@
|
||||
<ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
|
||||
{% for type, name in types.items %}
|
||||
<li role="presentation"><a role="menuitem" tabindex="-1"
|
||||
href="{% url 'passbook_admin:provider-create' %}?type={{ type }}">{{ name }}</a></li>
|
||||
href="{% url 'passbook_admin:provider-create' %}?type={{ type }}&back={{ request.get_full_path }}">{{ name }}</a></li>
|
||||
{% endfor %}
|
||||
</ul>
|
||||
</div>
|
||||
@ -29,16 +29,24 @@
|
||||
<table class="table table-striped table-bordered">
|
||||
<thead>
|
||||
<tr>
|
||||
<th></th>
|
||||
<th>{% trans 'Name' %}</th>
|
||||
<th>{% trans 'Class' %}</th>
|
||||
<th>{% trans 'Type' %}</th>
|
||||
<th></th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
{% for provider in object_list %}
|
||||
<tr>
|
||||
<tr {% if not provider.application %} class="warning" {% endif %}>
|
||||
<th>
|
||||
{% if not provider.application %}
|
||||
<span class="pficon-warning-triangle-o" data-toggle="tooltip" data-placement="right" title="{% trans 'Warning: Provider has no application assigned.' %}"></span>
|
||||
{% else %}
|
||||
<span class="pficon-ok" data-toggle="tooltip" data-placement="right" title="{% blocktrans with app=provider.application %}Assigned to Application {{ app }}{% endblocktrans %}"></span>
|
||||
{% endif %}
|
||||
</th>
|
||||
<td>{{ provider.name }}</td>
|
||||
<td>{{ provider|fieldtype }}</td>
|
||||
<td>{{ provider|verbose_name }}</td>
|
||||
<td>
|
||||
<a class="btn btn-default btn-sm"
|
||||
href="{% url 'passbook_admin:provider-update' pk=provider.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
|
||||
@ -49,6 +57,10 @@
|
||||
<a class="btn btn-default btn-sm"
|
||||
href="{{ href }}?back={{ request.get_full_path }}">{% trans name %}</a>
|
||||
{% endfor %}
|
||||
{% get_htmls provider as htmls %}
|
||||
{% for html in htmls %}
|
||||
{{ html|safe }}
|
||||
{% endfor %}
|
||||
</td>
|
||||
</tr>
|
||||
{% endfor %}
|
||||
|
||||
@ -17,7 +17,7 @@
|
||||
<ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
|
||||
{% for type, name in types.items %}
|
||||
<li role="presentation"><a role="menuitem" tabindex="-1"
|
||||
href="{% url 'passbook_admin:source-create' %}?type={{ type }}">{{ name }}</a></li>
|
||||
href="{% url 'passbook_admin:source-create' %}?type={{ type }}&back={{ request.get_full_path }}">{{ name }}</a></li>
|
||||
{% endfor %}
|
||||
</ul>
|
||||
</div>
|
||||
@ -36,7 +36,7 @@
|
||||
<tr>
|
||||
<td>{{ source.name }}</td>
|
||||
<td>{{ source|fieldtype }}</td>
|
||||
<td>{{ source.additional_info }}</td>
|
||||
<td>{{ source.additional_info|safe }}</td>
|
||||
<td>
|
||||
<a class="btn btn-default btn-sm"
|
||||
href="{% url 'passbook_admin:source-update' pk=source.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
|
||||
|
||||
@ -11,8 +11,7 @@
|
||||
<thead>
|
||||
<tr>
|
||||
<th>{% trans 'Username' %}</th>
|
||||
<th>{% trans 'First Name' %}</th>
|
||||
<th>{% trans 'Last Name' %}</th>
|
||||
<th>{% trans 'Name' %}</th>
|
||||
<th>{% trans 'Active' %}</th>
|
||||
<th>{% trans 'Last Login' %}</th>
|
||||
<th></th>
|
||||
@ -22,8 +21,7 @@
|
||||
{% for user in object_list %}
|
||||
<tr>
|
||||
<td>{{ user.username }}</td>
|
||||
<td>{{ user.first_name|default:'-' }}</td>
|
||||
<td>{{ user.last_name|default:'-' }}</td>
|
||||
<td>{{ user.name|default:'-' }}</td>
|
||||
<td>{{ user.is_active }}</td>
|
||||
<td>{{ user.last_login }}</td>
|
||||
<td>
|
||||
@ -33,6 +31,8 @@
|
||||
href="{% url 'passbook_admin:user-delete' pk=user.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
|
||||
<a class="btn btn-default btn-sm"
|
||||
href="{% url 'passbook_admin:user-password-reset' pk=user.pk %}?back={{ request.get_full_path }}">{% trans 'Reset Password' %}</a>
|
||||
<a class="btn btn-default btn-sm"
|
||||
href="{% url 'passbook_core:overview' %}?__impersonate={{ user.pk }}">{% trans 'Impersonate' %}</a>
|
||||
</td>
|
||||
</tr>
|
||||
{% endfor %}
|
||||
|
||||
@ -1,11 +1,12 @@
|
||||
{% extends "generic/form.html" %}
|
||||
|
||||
{% load utils %}
|
||||
{% load i18n %}
|
||||
|
||||
{% block above_form %}
|
||||
<h1>{% trans 'Create' %}</h1>
|
||||
<h1>{% blocktrans with type=form|form_verbose_name %}Create {{ type }}{% endblocktrans %}</h1>
|
||||
{% endblock %}
|
||||
|
||||
{% block action %}
|
||||
{% trans 'Create' %}
|
||||
{% blocktrans with type=form|form_verbose_name %}Create {{ type }}{% endblocktrans %}
|
||||
{% endblock %}
|
||||
|
||||
@ -1,11 +0,0 @@
|
||||
{% extends "generic/create.html" %}
|
||||
|
||||
{% load i18n %}
|
||||
|
||||
{% block title %}
|
||||
{% blocktrans with type=request.GET.type %}Create {{ type }}{% endblocktrans %}
|
||||
{% endblock %}
|
||||
|
||||
{% block above_form %}
|
||||
<h1>{% blocktrans with type=request.GET.type %}Create {{ type }}{% endblocktrans %}</h1>
|
||||
{% endblock %}
|
||||
@ -2,6 +2,21 @@
|
||||
|
||||
{% load i18n %}
|
||||
{% load utils %}
|
||||
{% load static %}
|
||||
|
||||
{% block head %}
|
||||
{{ block.super }}
|
||||
{{ form.media.css }}
|
||||
<script type="text/javascript" src="{% url 'admin:jsi18n' %}"></script>
|
||||
<script type="text/javascript" src="{% static 'admin/js/vendor/jquery/jquery.js' %}"></script>
|
||||
<script type="text/javascript" src="{% static 'admin/js/jquery.init.js' %}"></script>
|
||||
<script type="text/javascript" src="{% static 'admin/js/core.js' %}"></script>
|
||||
<script type="text/javascript" src="{% static 'admin/js/actions.js' %}"></script>
|
||||
<script type="text/javascript" src="{% static 'admin/js/urlify.js' %}"></script>
|
||||
<script type="text/javascript" src="{% static 'admin/js/prepopulate.js' %}"></script>
|
||||
<script type="text/javascript" src="{% static 'admin/js/SelectBox.js' %}"></script>
|
||||
<script type="text/javascript" src="{% static 'admin/js/SelectFilter2.js' %}"></script>
|
||||
{% endblock %}
|
||||
|
||||
{% block content %}
|
||||
<div class="container">
|
||||
@ -14,5 +29,12 @@
|
||||
<input type="submit" class="btn btn-primary" value="{% block action %}{% endblock %}" />
|
||||
</form>
|
||||
</div>
|
||||
{% block beneath_form %}
|
||||
{% endblock %}
|
||||
</div>
|
||||
{% endblock %}
|
||||
|
||||
{% block scripts %}
|
||||
{{ block.super }}
|
||||
{{ form.media.js }}
|
||||
{% endblock %}
|
||||
|
||||
@ -1,11 +1,12 @@
|
||||
{% extends "generic/form.html" %}
|
||||
|
||||
{% load utils %}
|
||||
{% load i18n %}
|
||||
|
||||
{% block above_form %}
|
||||
<h1>{% trans 'Update' %}</h1>
|
||||
<h1>{% blocktrans with type=form|form_verbose_name %}Update {{ type }}{% endblocktrans %}</h1>
|
||||
{% endblock %}
|
||||
|
||||
{% block action %}
|
||||
{% trans 'Update' %}
|
||||
{% blocktrans with type=form|form_verbose_name %}Update {{ type }}{% endblocktrans %}
|
||||
{% endblock %}
|
||||
|
||||
@ -1,12 +1,14 @@
|
||||
"""passbook admin templatetags"""
|
||||
import inspect
|
||||
from logging import getLogger
|
||||
|
||||
from django import template
|
||||
from django.db.models import Model
|
||||
from structlog import get_logger
|
||||
|
||||
from passbook.lib.utils.template import render_to_string
|
||||
|
||||
register = template.Library()
|
||||
LOGGER = getLogger(__name__)
|
||||
LOGGER = get_logger(__name__)
|
||||
|
||||
@register.simple_tag()
|
||||
def get_links(model_instance):
|
||||
@ -29,3 +31,24 @@ def get_links(model_instance):
|
||||
pass
|
||||
|
||||
return links
|
||||
|
||||
|
||||
@register.simple_tag(takes_context=True)
|
||||
def get_htmls(context, model_instance):
|
||||
"""Find all html_ methods on an object instance, run them and return as dict"""
|
||||
prefix = 'html_'
|
||||
htmls = []
|
||||
|
||||
if not isinstance(model_instance, Model):
|
||||
LOGGER.warning("Model %s is not instance of Model", model_instance)
|
||||
return htmls
|
||||
|
||||
try:
|
||||
for name, method in inspect.getmembers(model_instance, predicate=inspect.ismethod):
|
||||
if name.startswith(prefix):
|
||||
template, _context = method(context.get('request'))
|
||||
htmls.append(render_to_string(template, _context))
|
||||
except NotImplementedError:
|
||||
pass
|
||||
|
||||
return htmls
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
"""passbook URL Configuration"""
|
||||
from django.urls import include, path
|
||||
|
||||
from passbook.admin.views import (applications, audit, factors, groups,
|
||||
invitations, overview, policy, providers,
|
||||
sources, users)
|
||||
from passbook.admin.views import (applications, audit, debug, factors, groups,
|
||||
invitations, overview, policy,
|
||||
property_mapping, providers, sources, users)
|
||||
|
||||
urlpatterns = [
|
||||
path('', overview.AdministrationOverviewView.as_view(), name='overview'),
|
||||
@ -43,6 +43,15 @@ urlpatterns = [
|
||||
factors.FactorUpdateView.as_view(), name='factor-update'),
|
||||
path('factors/<uuid:pk>/delete/',
|
||||
factors.FactorDeleteView.as_view(), name='factor-delete'),
|
||||
# Factors
|
||||
path('property-mappings/', property_mapping.PropertyMappingListView.as_view(),
|
||||
name='property-mappings'),
|
||||
path('property-mappings/create/',
|
||||
property_mapping.PropertyMappingCreateView.as_view(), name='property-mapping-create'),
|
||||
path('property-mappings/<uuid:pk>/update/',
|
||||
property_mapping.PropertyMappingUpdateView.as_view(), name='property-mapping-update'),
|
||||
path('property-mappings/<uuid:pk>/delete/',
|
||||
property_mapping.PropertyMappingDeleteView.as_view(), name='property-mapping-delete'),
|
||||
# Invitations
|
||||
path('invitations/', invitations.InvitationListView.as_view(), name='invitations'),
|
||||
path('invitations/create/',
|
||||
@ -58,10 +67,17 @@ urlpatterns = [
|
||||
users.UserDeleteView.as_view(), name='user-delete'),
|
||||
path('users/<int:pk>/reset/',
|
||||
users.UserPasswordResetView.as_view(), name='user-password-reset'),
|
||||
# Groups
|
||||
path('group/', groups.GroupListView.as_view(), name='group'),
|
||||
path('group/create/', groups.GroupCreateView.as_view(), name='group-create'),
|
||||
path('group/<uuid:pk>/update/', groups.GroupUpdateView.as_view(), name='group-update'),
|
||||
path('group/<uuid:pk>/delete/', groups.GroupDeleteView.as_view(), name='group-delete'),
|
||||
# Audit Log
|
||||
path('audit/', audit.AuditEntryListView.as_view(), name='audit-log'),
|
||||
# Groups
|
||||
path('groups/', groups.GroupListView.as_view(), name='groups'),
|
||||
# API
|
||||
path('api/', include('passbook.admin.api.urls'))
|
||||
path('api/', include('passbook.admin.api.urls')),
|
||||
# Debug
|
||||
path('debug/request/', debug.DebugRequestView.as_view(), name='debug-request'),
|
||||
]
|
||||
|
||||
@ -14,6 +14,7 @@ class ApplicationListView(AdminRequiredMixin, ListView):
|
||||
"""Show list of all applications"""
|
||||
|
||||
model = Application
|
||||
ordering = 'name'
|
||||
template_name = 'administration/application/list.html'
|
||||
|
||||
def get_queryset(self):
|
||||
@ -29,6 +30,10 @@ class ApplicationCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView)
|
||||
success_url = reverse_lazy('passbook_admin:applications')
|
||||
success_message = _('Successfully created Application')
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
kwargs['type'] = 'Application'
|
||||
return super().get_context_data(**kwargs)
|
||||
|
||||
|
||||
class ApplicationUpdateView(SuccessMessageMixin, AdminRequiredMixin, UpdateView):
|
||||
"""Update application"""
|
||||
|
||||
17
passbook/admin/views/debug.py
Normal file
17
passbook/admin/views/debug.py
Normal file
@ -0,0 +1,17 @@
|
||||
"""passbook administration debug views"""
|
||||
|
||||
from django.views.generic import TemplateView
|
||||
|
||||
from passbook.admin.mixins import AdminRequiredMixin
|
||||
|
||||
|
||||
class DebugRequestView(AdminRequiredMixin, TemplateView):
|
||||
"""Show debug info about request"""
|
||||
|
||||
template_name = 'administration/debug/request.html'
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
kwargs['request_dict'] = {}
|
||||
for key in dir(self.request):
|
||||
kwargs['request_dict'][key] = getattr(self.request, key)
|
||||
return super().get_context_data(**kwargs)
|
||||
@ -34,7 +34,7 @@ class FactorListView(AdminRequiredMixin, ListView):
|
||||
class FactorCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
|
||||
"""Create new Factor"""
|
||||
|
||||
template_name = 'generic/create_inheritance.html'
|
||||
template_name = 'generic/create.html'
|
||||
success_url = reverse_lazy('passbook_admin:factors')
|
||||
success_message = _('Successfully created Factor')
|
||||
|
||||
|
||||
@ -1,12 +1,57 @@
|
||||
"""passbook Group administration"""
|
||||
from django.views.generic import ListView
|
||||
from django.contrib import messages
|
||||
from django.contrib.messages.views import SuccessMessageMixin
|
||||
from django.urls import reverse_lazy
|
||||
from django.utils.translation import ugettext as _
|
||||
from django.views.generic import CreateView, DeleteView, ListView, UpdateView
|
||||
|
||||
from passbook.admin.mixins import AdminRequiredMixin
|
||||
from passbook.core.forms.groups import GroupForm
|
||||
from passbook.core.models import Group
|
||||
|
||||
|
||||
class GroupListView(AdminRequiredMixin, ListView):
|
||||
"""Show list of all invitations"""
|
||||
"""Show list of all groups"""
|
||||
|
||||
model = Group
|
||||
template_name = 'administration/groups/list.html'
|
||||
ordering = 'name'
|
||||
template_name = 'administration/group/list.html'
|
||||
|
||||
|
||||
class GroupCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
|
||||
"""Create new Group"""
|
||||
|
||||
form_class = GroupForm
|
||||
|
||||
template_name = 'generic/create.html'
|
||||
success_url = reverse_lazy('passbook_admin:groups')
|
||||
success_message = _('Successfully created Group')
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
kwargs['type'] = 'Group'
|
||||
return super().get_context_data(**kwargs)
|
||||
|
||||
|
||||
class GroupUpdateView(SuccessMessageMixin, AdminRequiredMixin, UpdateView):
|
||||
"""Update group"""
|
||||
|
||||
model = Group
|
||||
form_class = GroupForm
|
||||
|
||||
template_name = 'generic/update.html'
|
||||
success_url = reverse_lazy('passbook_admin:groups')
|
||||
success_message = _('Successfully updated Group')
|
||||
|
||||
|
||||
class GroupDeleteView(SuccessMessageMixin, AdminRequiredMixin, DeleteView):
|
||||
"""Delete group"""
|
||||
|
||||
model = Group
|
||||
|
||||
template_name = 'generic/delete.html'
|
||||
success_url = reverse_lazy('passbook_admin:groups')
|
||||
success_message = _('Successfully deleted Group')
|
||||
|
||||
def delete(self, request, *args, **kwargs):
|
||||
messages.success(self.request, self.success_message)
|
||||
return super().delete(request, *args, **kwargs)
|
||||
|
||||
@ -27,6 +27,10 @@ class InvitationCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
|
||||
success_message = _('Successfully created Invitation')
|
||||
form_class = InvitationForm
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
kwargs['type'] = 'Invitation'
|
||||
return super().get_context_data(**kwargs)
|
||||
|
||||
def form_valid(self, form):
|
||||
obj = form.save(commit=False)
|
||||
obj.created_by = self.request.user
|
||||
|
||||
@ -1,11 +1,13 @@
|
||||
"""passbook administration overview"""
|
||||
from django.core.cache import cache
|
||||
from django.shortcuts import redirect, reverse
|
||||
from django.views.generic import TemplateView
|
||||
|
||||
from passbook.admin.mixins import AdminRequiredMixin
|
||||
from passbook.core import __version__
|
||||
from passbook.core.celery import CELERY_APP
|
||||
from passbook.core.models import (Application, Factor, Invitation, Policy,
|
||||
Provider, Source, User)
|
||||
from passbook.root.celery import CELERY_APP
|
||||
|
||||
|
||||
class AdministrationOverviewView(AdminRequiredMixin, TemplateView):
|
||||
@ -13,6 +15,13 @@ class AdministrationOverviewView(AdminRequiredMixin, TemplateView):
|
||||
|
||||
template_name = 'administration/overview.html'
|
||||
|
||||
def post(self, *args, **kwargs):
|
||||
"""Handle post (clear cache from modal)"""
|
||||
if 'clear' in self.request.POST:
|
||||
cache.clear()
|
||||
return redirect(reverse('passbook_core:auth-login'))
|
||||
return self.get(*args, **kwargs)
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
kwargs['application_count'] = len(Application.objects.all())
|
||||
kwargs['policy_count'] = len(Policy.objects.all())
|
||||
@ -23,4 +32,7 @@ class AdministrationOverviewView(AdminRequiredMixin, TemplateView):
|
||||
kwargs['invitation_count'] = len(Invitation.objects.all())
|
||||
kwargs['version'] = __version__
|
||||
kwargs['worker_count'] = len(CELERY_APP.control.ping(timeout=0.5))
|
||||
kwargs['providers_without_application'] = Provider.objects.filter(application=None)
|
||||
kwargs['policies_without_attachment'] = len(Policy.objects.filter(policymodel__isnull=True))
|
||||
kwargs['cached_policies'] = len(cache.keys('policy_*'))
|
||||
return super().get_context_data(**kwargs)
|
||||
|
||||
@ -12,6 +12,7 @@ from passbook.admin.forms.policies import PolicyTestForm
|
||||
from passbook.admin.mixins import AdminRequiredMixin
|
||||
from passbook.core.models import Policy
|
||||
from passbook.lib.utils.reflection import path_to_class
|
||||
from passbook.policy.engine import PolicyEngine
|
||||
|
||||
|
||||
class PolicyListView(AdminRequiredMixin, ListView):
|
||||
@ -32,7 +33,7 @@ class PolicyListView(AdminRequiredMixin, ListView):
|
||||
class PolicyCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
|
||||
"""Create new Policy"""
|
||||
|
||||
template_name = 'generic/create_inheritance.html'
|
||||
template_name = 'generic/create.html'
|
||||
success_url = reverse_lazy('passbook_admin:policies')
|
||||
success_message = _('Successfully created Policy')
|
||||
|
||||
@ -100,7 +101,9 @@ class PolicyTestView(AdminRequiredMixin, DetailView, FormView):
|
||||
def form_valid(self, form):
|
||||
policy = self.get_object()
|
||||
user = form.cleaned_data.get('user')
|
||||
result = policy.passes(user)
|
||||
policy_engine = PolicyEngine([policy])
|
||||
policy_engine.for_user(user).with_request(self.request).build()
|
||||
result = policy_engine.passing
|
||||
if result:
|
||||
messages.success(self.request, _('User successfully passed policy.'))
|
||||
else:
|
||||
|
||||
90
passbook/admin/views/property_mapping.py
Normal file
90
passbook/admin/views/property_mapping.py
Normal file
@ -0,0 +1,90 @@
|
||||
"""passbook PropertyMapping administration"""
|
||||
from django.contrib import messages
|
||||
from django.contrib.messages.views import SuccessMessageMixin
|
||||
from django.http import Http404
|
||||
from django.urls import reverse_lazy
|
||||
from django.utils.translation import ugettext as _
|
||||
from django.views.generic import CreateView, DeleteView, ListView, UpdateView
|
||||
|
||||
from passbook.admin.mixins import AdminRequiredMixin
|
||||
from passbook.core.models import PropertyMapping
|
||||
from passbook.lib.utils.reflection import path_to_class
|
||||
|
||||
|
||||
def all_subclasses(cls):
|
||||
"""Recursively return all subclassess of cls"""
|
||||
return set(cls.__subclasses__()).union(
|
||||
[s for c in cls.__subclasses__() for s in all_subclasses(c)])
|
||||
|
||||
|
||||
class PropertyMappingListView(AdminRequiredMixin, ListView):
|
||||
"""Show list of all property_mappings"""
|
||||
|
||||
model = PropertyMapping
|
||||
template_name = 'administration/property_mapping/list.html'
|
||||
ordering = 'name'
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
kwargs['types'] = {
|
||||
x.__name__: x._meta.verbose_name for x in all_subclasses(PropertyMapping)}
|
||||
return super().get_context_data(**kwargs)
|
||||
|
||||
def get_queryset(self):
|
||||
return super().get_queryset().select_subclasses()
|
||||
|
||||
|
||||
class PropertyMappingCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
|
||||
"""Create new PropertyMapping"""
|
||||
|
||||
template_name = 'generic/create.html'
|
||||
success_url = reverse_lazy('passbook_admin:property-mappings')
|
||||
success_message = _('Successfully created Property Mapping')
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
kwargs = super().get_context_data(**kwargs)
|
||||
property_mapping_type = self.request.GET.get('type')
|
||||
model = next(x for x in all_subclasses(PropertyMapping)
|
||||
if x.__name__ == property_mapping_type)
|
||||
kwargs['type'] = model._meta.verbose_name
|
||||
return kwargs
|
||||
|
||||
def get_form_class(self):
|
||||
property_mapping_type = self.request.GET.get('type')
|
||||
model = next(x for x in all_subclasses(PropertyMapping)
|
||||
if x.__name__ == property_mapping_type)
|
||||
if not model:
|
||||
raise Http404
|
||||
return path_to_class(model.form)
|
||||
|
||||
|
||||
class PropertyMappingUpdateView(SuccessMessageMixin, AdminRequiredMixin, UpdateView):
|
||||
"""Update property_mapping"""
|
||||
|
||||
model = PropertyMapping
|
||||
template_name = 'generic/update.html'
|
||||
success_url = reverse_lazy('passbook_admin:property-mappings')
|
||||
success_message = _('Successfully updated Property Mapping')
|
||||
|
||||
def get_form_class(self):
|
||||
form_class_path = self.get_object().form
|
||||
form_class = path_to_class(form_class_path)
|
||||
return form_class
|
||||
|
||||
def get_object(self, queryset=None):
|
||||
return PropertyMapping.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
|
||||
|
||||
|
||||
class PropertyMappingDeleteView(SuccessMessageMixin, AdminRequiredMixin, DeleteView):
|
||||
"""Delete property_mapping"""
|
||||
|
||||
model = PropertyMapping
|
||||
template_name = 'generic/delete.html'
|
||||
success_url = reverse_lazy('passbook_admin:property-mappings')
|
||||
success_message = _('Successfully deleted Property Mapping')
|
||||
|
||||
def get_object(self, queryset=None):
|
||||
return PropertyMapping.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
|
||||
|
||||
def delete(self, request, *args, **kwargs):
|
||||
messages.success(self.request, self.success_message)
|
||||
return super().delete(request, *args, **kwargs)
|
||||
@ -29,7 +29,7 @@ class ProviderListView(AdminRequiredMixin, ListView):
|
||||
class ProviderCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
|
||||
"""Create new Provider"""
|
||||
|
||||
template_name = 'generic/create_inheritance.html'
|
||||
template_name = 'generic/create.html'
|
||||
success_url = reverse_lazy('passbook_admin:providers')
|
||||
success_message = _('Successfully created Provider')
|
||||
|
||||
|
||||
@ -34,7 +34,7 @@ class SourceListView(AdminRequiredMixin, ListView):
|
||||
class SourceCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
|
||||
"""Create new Source"""
|
||||
|
||||
template_name = 'generic/create_inheritance.html'
|
||||
template_name = 'generic/create.html'
|
||||
success_url = reverse_lazy('passbook_admin:sources')
|
||||
success_message = _('Successfully created Source')
|
||||
|
||||
|
||||
@ -7,8 +7,8 @@ from django.utils.translation import ugettext as _
|
||||
from django.views import View
|
||||
from django.views.generic import DeleteView, ListView, UpdateView
|
||||
|
||||
from passbook.admin.forms.users import UserForm
|
||||
from passbook.admin.mixins import AdminRequiredMixin
|
||||
from passbook.core.forms.users import UserDetailForm
|
||||
from passbook.core.models import Nonce, User
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@ class UserUpdateView(SuccessMessageMixin, AdminRequiredMixin, UpdateView):
|
||||
"""Update user"""
|
||||
|
||||
model = User
|
||||
form_class = UserDetailForm
|
||||
form_class = UserForm
|
||||
|
||||
template_name = 'generic/update.html'
|
||||
success_url = reverse_lazy('passbook_admin:users')
|
||||
|
||||
@ -1,2 +0,0 @@
|
||||
"""passbook api"""
|
||||
__version__ = '0.0.10-alpha'
|
||||
|
||||
@ -1,3 +0,0 @@
|
||||
django-rest-framework
|
||||
drf_yasg
|
||||
django-filters
|
||||
@ -14,8 +14,8 @@ class OpenIDUserInfoView(ScopedResourceMixin, View):
|
||||
payload = {
|
||||
'sub': request.user.uuid.int,
|
||||
'name': request.user.get_full_name(),
|
||||
'given_name': request.user.first_name,
|
||||
'family_name': request.user.last_name,
|
||||
'given_name': request.user.name,
|
||||
'family_name': '',
|
||||
'preferred_username': request.user.username,
|
||||
'email': request.user.email,
|
||||
}
|
||||
|
||||
BIN
passbook/app_gw/.DS_Store
vendored
Normal file
BIN
passbook/app_gw/.DS_Store
vendored
Normal file
Binary file not shown.
5
passbook/app_gw/admin.py
Normal file
5
passbook/app_gw/admin.py
Normal file
@ -0,0 +1,5 @@
|
||||
"""passbook Application Security Gateway model admin"""
|
||||
|
||||
from passbook.lib.admin import admin_autoregister
|
||||
|
||||
admin_autoregister('passbook_app_gw')
|
||||
16
passbook/app_gw/apps.py
Normal file
16
passbook/app_gw/apps.py
Normal file
@ -0,0 +1,16 @@
|
||||
"""passbook Application Security Gateway app"""
|
||||
from importlib import import_module
|
||||
|
||||
from django.apps import AppConfig
|
||||
|
||||
|
||||
class PassbookApplicationApplicationGatewayConfig(AppConfig):
|
||||
"""passbook app_gw app"""
|
||||
|
||||
name = 'passbook.app_gw'
|
||||
label = 'passbook_app_gw'
|
||||
verbose_name = 'passbook Application Security Gateway'
|
||||
mountpoint = 'app_gw/'
|
||||
|
||||
def ready(self):
|
||||
import_module('passbook.app_gw.signals')
|
||||
13
passbook/app_gw/asgi.py
Normal file
13
passbook/app_gw/asgi.py
Normal file
@ -0,0 +1,13 @@
|
||||
"""
|
||||
ASGI entrypoint. Configures Django and then runs the application
|
||||
defined in the ASGI_APPLICATION setting.
|
||||
"""
|
||||
|
||||
import os
|
||||
|
||||
import django
|
||||
from channels.routing import get_default_application
|
||||
|
||||
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "passbook.root.settings")
|
||||
django.setup()
|
||||
application = get_default_application()
|
||||
66
passbook/app_gw/forms.py
Normal file
66
passbook/app_gw/forms.py
Normal file
@ -0,0 +1,66 @@
|
||||
"""passbook Application Security Gateway Forms"""
|
||||
from urllib.parse import urlparse
|
||||
|
||||
from django import forms
|
||||
from django.contrib.admin.widgets import FilteredSelectMultiple
|
||||
from django.forms import ValidationError
|
||||
from django.utils.translation import gettext as _
|
||||
|
||||
from passbook.app_gw.models import ApplicationGatewayProvider, RewriteRule
|
||||
from passbook.lib.fields import DynamicArrayField
|
||||
|
||||
|
||||
class ApplicationGatewayProviderForm(forms.ModelForm):
|
||||
"""Security Gateway Provider form"""
|
||||
|
||||
def clean_server_name(self):
|
||||
"""Check if server_name is in DB already, since
|
||||
Postgres ArrayField doesn't suppport keys."""
|
||||
current = self.cleaned_data.get('server_name')
|
||||
if ApplicationGatewayProvider.objects \
|
||||
.filter(server_name__overlap=current) \
|
||||
.exclude(pk=self.instance.pk).exists():
|
||||
raise ValidationError(_("Server Name already in use."))
|
||||
return current
|
||||
|
||||
def clean_upstream(self):
|
||||
"""Check that upstream begins with http(s)"""
|
||||
for upstream in self.cleaned_data.get('upstream'):
|
||||
_parsed_url = urlparse(upstream)
|
||||
|
||||
if _parsed_url.scheme not in ('http', 'https'):
|
||||
raise ValidationError(_("URL Scheme must be either http or https"))
|
||||
return self.cleaned_data.get('upstream')
|
||||
|
||||
class Meta:
|
||||
|
||||
model = ApplicationGatewayProvider
|
||||
fields = ['server_name', 'upstream', 'enabled', 'authentication_header',
|
||||
'default_content_type', 'upstream_ssl_verification', 'property_mappings']
|
||||
widgets = {
|
||||
'authentication_header': forms.TextInput(),
|
||||
'default_content_type': forms.TextInput(),
|
||||
'property_mappings': FilteredSelectMultiple(_('Property Mappings'), False)
|
||||
}
|
||||
field_classes = {
|
||||
'server_name': DynamicArrayField,
|
||||
'upstream': DynamicArrayField
|
||||
}
|
||||
labels = {
|
||||
'upstream_ssl_verification': _('Verify upstream SSL Certificates?'),
|
||||
'property_mappings': _('Rewrite Rules')
|
||||
}
|
||||
|
||||
class RewriteRuleForm(forms.ModelForm):
|
||||
"""Rewrite Rule Form"""
|
||||
|
||||
class Meta:
|
||||
|
||||
model = RewriteRule
|
||||
fields = ['name', 'match', 'halt', 'replacement', 'redirect', 'conditions']
|
||||
widgets = {
|
||||
'name': forms.TextInput(),
|
||||
'match': forms.TextInput(attrs={'data-is-monospace': True}),
|
||||
'replacement': forms.TextInput(attrs={'data-is-monospace': True}),
|
||||
'conditions': FilteredSelectMultiple(_('Conditions'), False)
|
||||
}
|
||||
0
passbook/app_gw/management/__init__.py
Normal file
0
passbook/app_gw/management/__init__.py
Normal file
0
passbook/app_gw/management/commands/__init__.py
Normal file
0
passbook/app_gw/management/commands/__init__.py
Normal file
29
passbook/app_gw/management/commands/app_gw_web.py
Normal file
29
passbook/app_gw/management/commands/app_gw_web.py
Normal file
@ -0,0 +1,29 @@
|
||||
"""passbook app_gw webserver management command"""
|
||||
|
||||
from daphne.cli import CommandLineInterface
|
||||
from django.core.management.base import BaseCommand
|
||||
from django.utils import autoreload
|
||||
from structlog import get_logger
|
||||
|
||||
from passbook.lib.config import CONFIG
|
||||
|
||||
LOGGER = get_logger(__name__)
|
||||
|
||||
|
||||
class Command(BaseCommand):
|
||||
"""Run Daphne Webserver for app_gw"""
|
||||
|
||||
def handle(self, *args, **options):
|
||||
"""passbook daphne server"""
|
||||
autoreload.run_with_reloader(self.daphne_server)
|
||||
|
||||
def daphne_server(self):
|
||||
"""Run daphne server within autoreload"""
|
||||
autoreload.raise_last_exception()
|
||||
CommandLineInterface().run([
|
||||
'-p', str(CONFIG.y('app_gw.port', 8000)),
|
||||
'-b', CONFIG.y('app_gw.listen', '0.0.0.0'), # nosec
|
||||
'--access-log', '/dev/null',
|
||||
'--application-close-timeout', '500',
|
||||
'passbook.app_gw.asgi:application'
|
||||
])
|
||||
33
passbook/app_gw/middleware.py
Normal file
33
passbook/app_gw/middleware.py
Normal file
@ -0,0 +1,33 @@
|
||||
"""passbook app_gw middleware"""
|
||||
from django.views.generic import RedirectView
|
||||
|
||||
from passbook.app_gw.proxy.handler import RequestHandler
|
||||
from passbook.lib.config import CONFIG
|
||||
|
||||
|
||||
class ApplicationGatewayMiddleware:
|
||||
"""Check if request should be proxied or handeled normally"""
|
||||
|
||||
_app_gw_cache = {}
|
||||
|
||||
def __init__(self, get_response):
|
||||
self.get_response = get_response
|
||||
|
||||
def __call__(self, request):
|
||||
# Rudimentary cache
|
||||
host_header = request.META.get('HTTP_HOST')
|
||||
if host_header not in self._app_gw_cache:
|
||||
self._app_gw_cache[host_header] = RequestHandler.find_app_gw_for_request(request)
|
||||
if self._app_gw_cache[host_header]:
|
||||
return self.dispatch(request, self._app_gw_cache[host_header])
|
||||
return self.get_response(request)
|
||||
|
||||
def dispatch(self, request, app_gw):
|
||||
"""Build proxied request and pass to upstream"""
|
||||
handler = RequestHandler(app_gw, request)
|
||||
|
||||
if not handler.check_permission():
|
||||
to_url = 'https://%s/?next=%s' % (CONFIG.y('domains')[0], request.get_full_path())
|
||||
return RedirectView.as_view(url=to_url)(request)
|
||||
|
||||
return handler.get_response()
|
||||
BIN
passbook/app_gw/migrations/.DS_Store
vendored
Normal file
BIN
passbook/app_gw/migrations/.DS_Store
vendored
Normal file
Binary file not shown.
50
passbook/app_gw/migrations/0001_initial.py
Normal file
50
passbook/app_gw/migrations/0001_initial.py
Normal file
@ -0,0 +1,50 @@
|
||||
# Generated by Django 2.1.7 on 2019-03-20 21:38
|
||||
|
||||
import django.contrib.postgres.fields
|
||||
import django.db.models.deletion
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
initial = True
|
||||
|
||||
dependencies = [
|
||||
('passbook_core', '0020_groupmembershippolicy'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.CreateModel(
|
||||
name='ApplicationGatewayProvider',
|
||||
fields=[
|
||||
('provider_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='passbook_core.Provider')),
|
||||
('server_name', django.contrib.postgres.fields.ArrayField(base_field=models.TextField(), size=None)),
|
||||
('upstream', django.contrib.postgres.fields.ArrayField(base_field=models.TextField(), size=None)),
|
||||
('enabled', models.BooleanField(default=True)),
|
||||
('authentication_header', models.TextField(default='X-Remote-User')),
|
||||
('default_content_type', models.TextField(default='application/octet-stream')),
|
||||
('upstream_ssl_verification', models.BooleanField(default=True)),
|
||||
],
|
||||
options={
|
||||
'verbose_name': 'Application Gateway Provider',
|
||||
'verbose_name_plural': 'Application Gateway Providers',
|
||||
},
|
||||
bases=('passbook_core.provider',),
|
||||
),
|
||||
migrations.CreateModel(
|
||||
name='RewriteRule',
|
||||
fields=[
|
||||
('propertymapping_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='passbook_core.PropertyMapping')),
|
||||
('match', models.TextField()),
|
||||
('halt', models.BooleanField(default=False)),
|
||||
('replacement', models.TextField()),
|
||||
('redirect', models.CharField(choices=[('internal', 'Internal'), (301, 'Moved Permanently'), (302, 'Found')], max_length=50)),
|
||||
('conditions', models.ManyToManyField(to='passbook_core.Policy')),
|
||||
],
|
||||
options={
|
||||
'verbose_name': 'Rewrite Rule',
|
||||
'verbose_name_plural': 'Rewrite Rules',
|
||||
},
|
||||
bases=('passbook_core.propertymapping',),
|
||||
),
|
||||
]
|
||||
18
passbook/app_gw/migrations/0002_auto_20190321_1521.py
Normal file
18
passbook/app_gw/migrations/0002_auto_20190321_1521.py
Normal file
@ -0,0 +1,18 @@
|
||||
# Generated by Django 2.1.7 on 2019-03-21 15:21
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
('passbook_app_gw', '0001_initial'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterField(
|
||||
model_name='rewriterule',
|
||||
name='conditions',
|
||||
field=models.ManyToManyField(blank=True, to='passbook_core.Policy'),
|
||||
),
|
||||
]
|
||||
18
passbook/app_gw/migrations/0003_auto_20190411_1314.py
Normal file
18
passbook/app_gw/migrations/0003_auto_20190411_1314.py
Normal file
@ -0,0 +1,18 @@
|
||||
# Generated by Django 2.2 on 2019-04-11 13:14
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
('passbook_app_gw', '0002_auto_20190321_1521'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterField(
|
||||
model_name='applicationgatewayprovider',
|
||||
name='authentication_header',
|
||||
field=models.TextField(blank=True, default='X-Remote-User'),
|
||||
),
|
||||
]
|
||||
0
passbook/app_gw/migrations/__init__.py
Normal file
0
passbook/app_gw/migrations/__init__.py
Normal file
74
passbook/app_gw/models.py
Normal file
74
passbook/app_gw/models.py
Normal file
@ -0,0 +1,74 @@
|
||||
"""passbook app_gw models"""
|
||||
import re
|
||||
|
||||
from django.contrib.postgres.fields import ArrayField
|
||||
from django.db import models
|
||||
from django.utils.translation import gettext as _
|
||||
|
||||
from passbook.core.models import Policy, PropertyMapping, Provider
|
||||
|
||||
|
||||
class ApplicationGatewayProvider(Provider):
|
||||
"""Virtual server which proxies requests to any hostname in server_name to upstream"""
|
||||
|
||||
server_name = ArrayField(models.TextField())
|
||||
upstream = ArrayField(models.TextField())
|
||||
enabled = models.BooleanField(default=True)
|
||||
|
||||
authentication_header = models.TextField(default='X-Remote-User', blank=True)
|
||||
default_content_type = models.TextField(default='application/octet-stream')
|
||||
upstream_ssl_verification = models.BooleanField(default=True)
|
||||
|
||||
form = 'passbook.app_gw.forms.ApplicationGatewayProviderForm'
|
||||
|
||||
@property
|
||||
def name(self):
|
||||
"""since this model has no name property, return a joined list of server_names as name"""
|
||||
return ', '.join(self.server_name)
|
||||
|
||||
def __str__(self):
|
||||
return "Application Gateway %s" % ', '.join(self.server_name)
|
||||
|
||||
class Meta:
|
||||
|
||||
verbose_name = _('Application Gateway Provider')
|
||||
verbose_name_plural = _('Application Gateway Providers')
|
||||
|
||||
|
||||
class RewriteRule(PropertyMapping):
|
||||
"""Rewrite requests matching `match` with `replacement`, if all polcies in `conditions` apply"""
|
||||
|
||||
REDIRECT_INTERNAL = 'internal'
|
||||
REDIRECT_PERMANENT = 301
|
||||
REDIRECT_FOUND = 302
|
||||
|
||||
REDIRECTS = (
|
||||
(REDIRECT_INTERNAL, _('Internal')),
|
||||
(REDIRECT_PERMANENT, _('Moved Permanently')),
|
||||
(REDIRECT_FOUND, _('Found')),
|
||||
)
|
||||
|
||||
match = models.TextField()
|
||||
halt = models.BooleanField(default=False)
|
||||
conditions = models.ManyToManyField(Policy, blank=True)
|
||||
replacement = models.TextField() # python formatted strings, use {match.1}
|
||||
redirect = models.CharField(max_length=50, choices=REDIRECTS)
|
||||
|
||||
form = 'passbook.app_gw.forms.RewriteRuleForm'
|
||||
|
||||
_matcher = None
|
||||
|
||||
@property
|
||||
def compiled_matcher(self):
|
||||
"""Cache the compiled regex in memory"""
|
||||
if not self._matcher:
|
||||
self._matcher = re.compile(self.match)
|
||||
return self._matcher
|
||||
|
||||
def __str__(self):
|
||||
return "Rewrite Rule %s" % self.name
|
||||
|
||||
class Meta:
|
||||
|
||||
verbose_name = _('Rewrite Rule')
|
||||
verbose_name_plural = _('Rewrite Rules')
|
||||
0
passbook/app_gw/proxy/__init__.py
Normal file
0
passbook/app_gw/proxy/__init__.py
Normal file
8
passbook/app_gw/proxy/exceptions.py
Normal file
8
passbook/app_gw/proxy/exceptions.py
Normal file
@ -0,0 +1,8 @@
|
||||
"""Exception classes"""
|
||||
|
||||
class ReverseProxyException(Exception):
|
||||
"""Base for revproxy exception"""
|
||||
|
||||
|
||||
class InvalidUpstream(ReverseProxyException):
|
||||
"""Invalid upstream set"""
|
||||
233
passbook/app_gw/proxy/handler.py
Normal file
233
passbook/app_gw/proxy/handler.py
Normal file
@ -0,0 +1,233 @@
|
||||
"""passbook app_gw request handler"""
|
||||
import mimetypes
|
||||
from random import SystemRandom
|
||||
from urllib.parse import urlparse
|
||||
|
||||
import certifi
|
||||
import urllib3
|
||||
from django.core.cache import cache
|
||||
from django.utils.http import urlencode
|
||||
from structlog import get_logger
|
||||
|
||||
from passbook.app_gw.models import ApplicationGatewayProvider
|
||||
from passbook.app_gw.proxy.exceptions import InvalidUpstream
|
||||
from passbook.app_gw.proxy.response import get_django_response
|
||||
from passbook.app_gw.proxy.rewrite import Rewriter
|
||||
from passbook.app_gw.proxy.utils import encode_items, normalize_request_headers
|
||||
from passbook.core.models import Application
|
||||
from passbook.policy.engine import PolicyEngine
|
||||
|
||||
SESSION_UPSTREAM_KEY = 'passbook_app_gw_upstream'
|
||||
IGNORED_HOSTNAMES_KEY = 'passbook_app_gw_ignored'
|
||||
LOGGER = get_logger(__name__)
|
||||
QUOTE_SAFE = r'<.;>\(}*+|~=-$/_:^@)[{]&\'!,"`'
|
||||
ERRORS_MESSAGES = {
|
||||
'upstream-no-scheme': ("Upstream URL scheme must be either "
|
||||
"'http' or 'https' (%s).")
|
||||
}
|
||||
HTTP_NO_VERIFY = urllib3.PoolManager()
|
||||
HTTP = urllib3.PoolManager(
|
||||
cert_reqs='CERT_REQUIRED',
|
||||
ca_certs=certifi.where())
|
||||
IGNORED_HOSTS = cache.get(IGNORED_HOSTNAMES_KEY, [])
|
||||
POLICY_CACHE = {}
|
||||
|
||||
class RequestHandler:
|
||||
"""Forward requests"""
|
||||
|
||||
_parsed_url = None
|
||||
_request_headers = None
|
||||
|
||||
def __init__(self, app_gw, request):
|
||||
self.app_gw = app_gw
|
||||
self.request = request
|
||||
if self.app_gw.pk not in POLICY_CACHE:
|
||||
POLICY_CACHE[self.app_gw.pk] = self.app_gw.application.policies.all()
|
||||
|
||||
@staticmethod
|
||||
def find_app_gw_for_request(request):
|
||||
"""Check if a request should be proxied or forwarded to passbook"""
|
||||
# Check if hostname is in cached list of ignored hostnames
|
||||
# This saves us having to query the database on each request
|
||||
host_header = request.META.get('HTTP_HOST')
|
||||
if host_header in IGNORED_HOSTS:
|
||||
# LOGGER.debug("%s is ignored", host_header)
|
||||
return False
|
||||
# Look through all ApplicationGatewayProviders and check hostnames
|
||||
matches = ApplicationGatewayProvider.objects.filter(
|
||||
server_name__contains=[host_header],
|
||||
enabled=True)
|
||||
if not matches.exists():
|
||||
# Mo matching Providers found, add host header to ignored list
|
||||
IGNORED_HOSTS.append(host_header)
|
||||
cache.set(IGNORED_HOSTNAMES_KEY, IGNORED_HOSTS)
|
||||
# LOGGER.debug("Ignoring %s", host_header)
|
||||
return False
|
||||
# At this point we're certain there's a matching ApplicationGateway
|
||||
if len(matches) > 1:
|
||||
# This should never happen
|
||||
raise ValueError
|
||||
app_gw = matches.first()
|
||||
try:
|
||||
# Check if ApplicationGateway is associated with application
|
||||
getattr(app_gw, 'application')
|
||||
if app_gw:
|
||||
return app_gw
|
||||
except Application.DoesNotExist:
|
||||
pass
|
||||
# LOGGER.debug("ApplicationGateway not associated with Application")
|
||||
return True
|
||||
|
||||
def _get_upstream(self):
|
||||
"""Choose random upstream and save in session"""
|
||||
if SESSION_UPSTREAM_KEY not in self.request.session:
|
||||
self.request.session[SESSION_UPSTREAM_KEY] = {}
|
||||
if self.app_gw.pk not in self.request.session[SESSION_UPSTREAM_KEY]:
|
||||
upstream_index = int(SystemRandom().random() * len(self.app_gw.upstream))
|
||||
self.request.session[SESSION_UPSTREAM_KEY][self.app_gw.pk] = upstream_index
|
||||
return self.app_gw.upstream[self.request.session[SESSION_UPSTREAM_KEY][self.app_gw.pk]]
|
||||
|
||||
def get_upstream(self):
|
||||
"""Get upstream as parsed url"""
|
||||
upstream = self._get_upstream()
|
||||
|
||||
self._parsed_url = urlparse(upstream)
|
||||
|
||||
if self._parsed_url.scheme not in ('http', 'https'):
|
||||
raise InvalidUpstream(ERRORS_MESSAGES['upstream-no-scheme'] %
|
||||
upstream)
|
||||
|
||||
return upstream
|
||||
|
||||
def _format_path_to_redirect(self):
|
||||
# LOGGER.debug("Path before: %s", self.request.get_full_path())
|
||||
rewriter = Rewriter(self.app_gw, self.request)
|
||||
after = rewriter.build()
|
||||
# LOGGER.debug("Path after: %s", after)
|
||||
return after
|
||||
|
||||
def get_proxy_request_headers(self):
|
||||
"""Get normalized headers for the upstream
|
||||
Gets all headers from the original request and normalizes them.
|
||||
Normalization occurs by removing the prefix ``HTTP_`` and
|
||||
replacing and ``_`` by ``-``. Example: ``HTTP_ACCEPT_ENCODING``
|
||||
becames ``Accept-Encoding``.
|
||||
.. versionadded:: 0.9.1
|
||||
:param request: The original HTTPRequest instance
|
||||
:returns: Normalized headers for the upstream
|
||||
"""
|
||||
return normalize_request_headers(self.request)
|
||||
|
||||
def get_request_headers(self):
|
||||
"""Return request headers that will be sent to upstream.
|
||||
The header REMOTE_USER is set to the current user
|
||||
if AuthenticationMiddleware is enabled and
|
||||
the view's add_remote_user property is True.
|
||||
.. versionadded:: 0.9.8
|
||||
"""
|
||||
request_headers = self.get_proxy_request_headers()
|
||||
if not self.app_gw.authentication_header:
|
||||
return request_headers
|
||||
request_headers[self.app_gw.authentication_header] = self.request.user.get_username()
|
||||
# LOGGER.debug("%s set", self.app_gw.authentication_header)
|
||||
|
||||
return request_headers
|
||||
|
||||
def check_permission(self):
|
||||
"""Check if user is authenticated and has permission to access app"""
|
||||
if not hasattr(self.request, 'user'):
|
||||
return False
|
||||
if not self.request.user.is_authenticated:
|
||||
return False
|
||||
policy_engine = PolicyEngine(POLICY_CACHE[self.app_gw.pk])
|
||||
policy_engine.for_user(self.request.user).with_request(self.request).build()
|
||||
passing, _messages = policy_engine.result
|
||||
|
||||
return passing
|
||||
|
||||
def get_encoded_query_params(self):
|
||||
"""Return encoded query params to be used in proxied request"""
|
||||
get_data = encode_items(self.request.GET.lists())
|
||||
return urlencode(get_data)
|
||||
|
||||
def _created_proxy_response(self, path):
|
||||
request_payload = self.request.body
|
||||
|
||||
# LOGGER.debug("Request headers: %s", self._request_headers)
|
||||
|
||||
request_url = self.get_upstream() + path
|
||||
# LOGGER.debug("Request URL: %s", request_url)
|
||||
|
||||
if self.request.GET:
|
||||
request_url += '?' + self.get_encoded_query_params()
|
||||
# LOGGER.debug("Request URL: %s", request_url)
|
||||
|
||||
http = HTTP
|
||||
if not self.app_gw.upstream_ssl_verification:
|
||||
http = HTTP_NO_VERIFY
|
||||
|
||||
try:
|
||||
proxy_response = http.urlopen(self.request.method,
|
||||
request_url,
|
||||
redirect=False,
|
||||
retries=None,
|
||||
headers=self._request_headers,
|
||||
body=request_payload,
|
||||
decode_content=False,
|
||||
preload_content=False)
|
||||
# LOGGER.debug("Proxy response header: %s",
|
||||
# proxy_response.getheaders())
|
||||
except urllib3.exceptions.HTTPError as error:
|
||||
LOGGER.exception(error)
|
||||
raise
|
||||
|
||||
return proxy_response
|
||||
|
||||
def _replace_host_on_redirect_location(self, proxy_response):
|
||||
location = proxy_response.headers.get('Location')
|
||||
if location:
|
||||
if self.request.is_secure():
|
||||
scheme = 'https://'
|
||||
else:
|
||||
scheme = 'http://'
|
||||
request_host = scheme + self.request.META.get('HTTP_HOST')
|
||||
|
||||
upstream_host_http = 'http://' + self._parsed_url.netloc
|
||||
upstream_host_https = 'https://' + self._parsed_url.netloc
|
||||
|
||||
location = location.replace(upstream_host_http, request_host)
|
||||
location = location.replace(upstream_host_https, request_host)
|
||||
proxy_response.headers['Location'] = location
|
||||
# LOGGER.debug("Proxy response LOCATION: %s",
|
||||
# proxy_response.headers['Location'])
|
||||
|
||||
def _set_content_type(self, proxy_response):
|
||||
content_type = proxy_response.headers.get('Content-Type')
|
||||
if not content_type:
|
||||
content_type = (mimetypes.guess_type(self.request.path)
|
||||
[0] or self.app_gw.default_content_type)
|
||||
proxy_response.headers['Content-Type'] = content_type
|
||||
# LOGGER.debug("Proxy response CONTENT-TYPE: %s",
|
||||
# proxy_response.headers['Content-Type'])
|
||||
|
||||
def get_response(self):
|
||||
"""Pass request to upstream and return response"""
|
||||
self._request_headers = self.get_request_headers()
|
||||
|
||||
path = self._format_path_to_redirect()
|
||||
proxy_response = self._created_proxy_response(path)
|
||||
|
||||
self._replace_host_on_redirect_location(proxy_response)
|
||||
self._set_content_type(proxy_response)
|
||||
response = get_django_response(proxy_response, strict_cookies=False)
|
||||
|
||||
# If response has a 'Location' header, we rewrite that location as well
|
||||
if 'Location' in response:
|
||||
LOGGER.debug("Rewriting Location header")
|
||||
for server_name in self.app_gw.server_name:
|
||||
response['Location'] = response['Location'].replace(
|
||||
self._parsed_url.hostname, server_name)
|
||||
LOGGER.debug(response['Location'])
|
||||
|
||||
# LOGGER.debug("RESPONSE RETURNED: %s", response)
|
||||
return response
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user