Compare commits
323 Commits
version/0.
...
version/0.
| Author | SHA1 | Date | |
|---|---|---|---|
| 9d640efc88 | |||
| f0907841dd | |||
| 2bffc12ef9 | |||
| 2ff9ec6522 | |||
| 43a54f5c54 | |||
| 7bff2734aa | |||
| 84768c0ec6 | |||
| f4499a5459 | |||
| b3aede5bba | |||
| 531ea1c039 | |||
| c2c5ff6912 | |||
| 9cddab8fd5 | |||
| 06d15d8a27 | |||
| b5c711854b | |||
| 4cf6c36f34 | |||
| 75a6f6c875 | |||
| 62abe3f256 | |||
| 9296c41650 | |||
| 7fb48fde6d | |||
| 174472bb45 | |||
| 17575ed921 | |||
| b1b1a27444 | |||
| f97a5eeefb | |||
| 10fd96981e | |||
| 67e3eb549c | |||
| 30a6d1f0b1 | |||
| 3d1fa9f048 | |||
| 1d2be6e68b | |||
| c21e343986 | |||
| ff37ed095c | |||
| 8623a2c3fc | |||
| 23d277eaf1 | |||
| 75ced59451 | |||
| bccf424c5e | |||
| 2f9ae40d20 | |||
| 11e1eec3fb | |||
| 765c5633df | |||
| 6344b1aafb | |||
| ed25801e6e | |||
| 4d0148193f | |||
| 804ae15c2e | |||
| b35a9fad86 | |||
| a4f83bd28a | |||
| 796f83c3d0 | |||
| 2099bbb713 | |||
| 67beba8f78 | |||
| a798412e17 | |||
| 3b2c2d781f | |||
| 98c844f3d6 | |||
| 2645bd0132 | |||
| 2c4fc56b49 | |||
| 0ec1468058 | |||
| 5d1a3043b2 | |||
| b46958d1f9 | |||
| 5daa8d5fe3 | |||
| 31846f1d05 | |||
| 1fac964b8b | |||
| dfa6ed8ac2 | |||
| 66fe10299e | |||
| e0a3ec033f | |||
| 7033ec0ab9 | |||
| 4004579905 | |||
| 9fe9e48a5c | |||
| 595a6c7fe6 | |||
| 11b5860d4a | |||
| 9bdbff4cda | |||
| e0d597eeac | |||
| f576985cc9 | |||
| 22a6aef60b | |||
| ec0a6e7854 | |||
| 6904608e6f | |||
| cb3732cb2b | |||
| 57de6cbafc | |||
| b1dda764a9 | |||
| 5ec2102487 | |||
| 9f8fb7378a | |||
| 98cd646044 | |||
| 0cba1b4c45 | |||
| 53918462b6 | |||
| 8a7e74b523 | |||
| 4dc7065e97 | |||
| 3c93bb9f9f | |||
| 8143fae2d6 | |||
| 3cfe45d3cb | |||
| 8e5c3f2f31 | |||
| 5a3b2fdd49 | |||
| e47b9f0d57 | |||
| 146dd747f1 | |||
| f2ce56063b | |||
| b26f378e4c | |||
| 9072b836c6 | |||
| 2fa57d064e | |||
| 146705c60a | |||
| 5029a99df6 | |||
| e7129d18f6 | |||
| d2bf9f81d6 | |||
| 30acf0660b | |||
| dda41af5c8 | |||
| 9b5b03647b | |||
| 940b3eb943 | |||
| 16eb629b71 | |||
| 755045b226 | |||
| 61478db94e | |||
| f69f959bdb | |||
| 146edb45d4 | |||
| 045a802365 | |||
| c90d8ddcff | |||
| 3ff2ec929f | |||
| a3ef26b7ad | |||
| 19cd1624c1 | |||
| 366ef352c6 | |||
| a9031a6abc | |||
| a1a5223b58 | |||
| c723b0233f | |||
| b369eb28f1 | |||
| 9b8f390e31 | |||
| 11630c9a74 | |||
| c9ac10f6f6 | |||
| 04d613cb28 | |||
| 40866f9ecd | |||
| d8585eb872 | |||
| 15aaeda475 | |||
| 8536ef9e23 | |||
| 35b6bb6b3f | |||
| eaa573c715 | |||
| 660972e303 | |||
| a21012bf0c | |||
| 8dbafa4bda | |||
| 80049413f0 | |||
| 2739442d4a | |||
| c679f0a67c | |||
| d9a952dd03 | |||
| 9a1a0f0aa8 | |||
| 4d6bb60134 | |||
| 80e6d59382 | |||
| 81ac951872 | |||
| f33e553cfd | |||
| 9b0240dc26 | |||
| c327310392 | |||
| 457375287c | |||
| 7e87bfef5b | |||
| a7af5268de | |||
| 6d916029bb | |||
| 81fdcbadad | |||
| ec1e25fe71 | |||
| b5306e4a94 | |||
| 801b8a1e59 | |||
| 3a52059793 | |||
| 10b7d99b37 | |||
| 6be8d0cbb2 | |||
| 5b8e3689ec | |||
| 25a5d8f5da | |||
| 883d439544 | |||
| 1c3b5889e5 | |||
| 87012b65e1 | |||
| 29913773a7 | |||
| 0bc6a4fed4 | |||
| 4645d8353f | |||
| 260c5555fa | |||
| 6f7b917c38 | |||
| 1456ee6d3e | |||
| ae3d3d0295 | |||
| c23ceacd0b | |||
| 5155204283 | |||
| 5509ec9b0f | |||
| d6f9b2e47d | |||
| 67aa4aef11 | |||
| 9e46c8bfec | |||
| 1eaa9b9733 | |||
| ee05834b69 | |||
| fccc8f4959 | |||
| c721620f96 | |||
| c9f73d718e | |||
| bfa58be721 | |||
| 4bb602149e | |||
| 81ab9092fc | |||
| 29d5962c4c | |||
| 5c75339946 | |||
| 4774d9a46c | |||
| dbe16ba4fd | |||
| 6972cf00a0 | |||
| 0445be9712 | |||
| 89dbdd9585 | |||
| da88ce7150 | |||
| 5f50fcfcf5 | |||
| 96be087221 | |||
| a53a269a8c | |||
| 59565a5286 | |||
| ae3c092238 | |||
| e98e5e4e3e | |||
| d50c7ec8d4 | |||
| c0fdf377d1 | |||
| 70c11c8988 | |||
| 67b19becc1 | |||
| ae64024ef4 | |||
| e6571826cb | |||
| c621e61978 | |||
| 3626fa4b98 | |||
| 01b0eb159a | |||
| 63aa48d981 | |||
| 2e0ba05d55 | |||
| b2ac57bb67 | |||
| 4c22e5c2c8 | |||
| 4a7b0ec8a9 | |||
| 330118249e | |||
| 8d4dabde02 | |||
| cf7323c41b | |||
| edd856df7d | |||
| 5e35859db6 | |||
| acabb2df54 | |||
| e6376a05f7 | |||
| 1f45aff7ad | |||
| e1f1f617b6 | |||
| 2690675dca | |||
| 7529b51358 | |||
| c394066d99 | |||
| 9c585032ef | |||
| d408031304 | |||
| c47bc11ec0 | |||
| 1deb094afe | |||
| 501fed1922 | |||
| ad8125ac1c | |||
| b42a551fb2 | |||
| 3256be23df | |||
| f7c0c0146a | |||
| e4baf8c21e | |||
| 364f040b36 | |||
| 2b8c2b2346 | |||
| 5f861189e4 | |||
| 5e11b6687e | |||
| c4b429825d | |||
| eebbae0677 | |||
| 42b30f4507 | |||
| 0e425418df | |||
| 7fe0300b86 | |||
| c012c6be5c | |||
| a5dc193cfd | |||
| 7507ad2620 | |||
| f1291fec8d | |||
| 37aeeea239 | |||
| 0fa1fc86da | |||
| c3034ab9ac | |||
| 76694e037a | |||
| 787db41cc3 | |||
| 74da3df7cd | |||
| a6e435bd70 | |||
| c313b496aa | |||
| a7eaa74191 | |||
| 11ecdc4fcf | |||
| 2f7781b67a | |||
| 296d4f691a | |||
| 64033031b1 | |||
| 9daff7608d | |||
| 0a4af80b9b | |||
| a54adb05c4 | |||
| 43a389e596 | |||
| 2d7e8f1b50 | |||
| cf11f6b121 | |||
| 6dcdf7bcce | |||
| 56d872af15 | |||
| ca663d16fc | |||
| e05c18b19b | |||
| a7b86e46bc | |||
| 84f56674c2 | |||
| 02ab177c6d | |||
| 1232c487e9 | |||
| ef0a2bfbe8 | |||
| 05242a11ad | |||
| 4593ad7bcc | |||
| d7fd5a7fa6 | |||
| 4439378fd4 | |||
| acf65eafdd | |||
| c2ebff55ef | |||
| 99c82676b6 | |||
| 4991e9b825 | |||
| 612f95c3ba | |||
| cd91d5ca15 | |||
| cbbbb5dc08 | |||
| c1640b9411 | |||
| a4842c1f95 | |||
| a4707ddc54 | |||
| fb82d56307 | |||
| 1a1005f80d | |||
| e86cae6cac | |||
| 0b282f45e0 | |||
| 791e88ffc1 | |||
| 7bd3c4bccf | |||
| 722e2e4050 | |||
| c7fc444c95 | |||
| 20ad062814 | |||
| fcb5d36e07 | |||
| 9b131b619f | |||
| 54427f7c68 | |||
| 35eef9c28d | |||
| e88a82553d | |||
| 01a9520140 | |||
| 46667615c3 | |||
| c6721a83a4 | |||
| 46866e8ef0 | |||
| 4a49681127 | |||
| 4c3fced4e9 | |||
| 172347d90f | |||
| f54520b5cf | |||
| d7c4697625 | |||
| 5584f5bda8 | |||
| 2ce6f5a714 | |||
| c66945623a | |||
| cbae05c74c | |||
| 5b771da972 | |||
| 2db1738e4a | |||
| 95de6a14fd | |||
| 17132ebc19 | |||
| 289be46388 | |||
| 6c300b7b31 | |||
| b726583084 | |||
| 48055d1cfd | |||
| 436070f5bd | |||
| 3ee79818db | |||
| e7a02104db | |||
| 556740d7bc | |||
| 421f51770c | |||
| 96f7e70f9e | |||
| ad96f7dbb8 |
@ -1,44 +1,27 @@
|
|||||||
[bumpversion]
|
[bumpversion]
|
||||||
current_version = 0.0.11-alpha
|
current_version = 0.3.0-beta
|
||||||
tag = True
|
tag = True
|
||||||
commit = True
|
commit = True
|
||||||
parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-(?P<release>.*)
|
parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-(?P<release>.*)
|
||||||
serialize = {major}.{minor}.{patch}-{release}
|
serialize = {major}.{minor}.{patch}-{release}
|
||||||
message = bump version: {current_version} -> {new_version}
|
message = new release: {new_version}
|
||||||
tag_name = version/{new_version}
|
tag_name = version/{new_version}
|
||||||
|
|
||||||
[bumpversion:part:release]
|
[bumpversion:part:release]
|
||||||
optional_value = stable
|
optional_value = stable
|
||||||
|
first_value = beta
|
||||||
values =
|
values =
|
||||||
alpha
|
alpha
|
||||||
beta
|
beta
|
||||||
stable
|
stable
|
||||||
|
|
||||||
|
[bumpversion:file:helm/passbook/values.yaml]
|
||||||
|
|
||||||
[bumpversion:file:helm/passbook/Chart.yaml]
|
[bumpversion:file:helm/passbook/Chart.yaml]
|
||||||
|
|
||||||
[bumpversion:file:.gitlab-ci.yml]
|
[bumpversion:file:.gitlab-ci.yml]
|
||||||
|
|
||||||
[bumpversion:file:passbook/__init__.py]
|
[bumpversion:file:passbook/__init__.py]
|
||||||
|
|
||||||
[bumpversion:file:passbook/api/__init__.py]
|
[bumpversion:file:passbook/core/nginx.conf]
|
||||||
|
|
||||||
[bumpversion:file:passbook/core/__init__.py]
|
|
||||||
|
|
||||||
[bumpversion:file:passbook/admin/__init__.py]
|
|
||||||
|
|
||||||
[bumpversion:file:passbook/captcha_factor/__init__.py]
|
|
||||||
|
|
||||||
[bumpversion:file:passbook/oauth_client/__init__.py]
|
|
||||||
|
|
||||||
[bumpversion:file:passbook/ldap/__init__.py]
|
|
||||||
|
|
||||||
[bumpversion:file:passbook/lib/__init__.py]
|
|
||||||
|
|
||||||
[bumpversion:file:passbook/saml_idp/__init__.py]
|
|
||||||
|
|
||||||
[bumpversion:file:passbook/audit/__init__.py]
|
|
||||||
|
|
||||||
[bumpversion:file:passbook/oauth_provider/__init__.py]
|
|
||||||
|
|
||||||
[bumpversion:file:passbook/otp/__init__.py]
|
|
||||||
|
|
||||||
|
|||||||
@ -6,7 +6,6 @@ omit =
|
|||||||
manage.py
|
manage.py
|
||||||
*/migrations/*
|
*/migrations/*
|
||||||
*/apps.py
|
*/apps.py
|
||||||
passbook/management/commands/nexus_upload.py
|
|
||||||
passbook/management/commands/web.py
|
passbook/management/commands/web.py
|
||||||
passbook/management/commands/worker.py
|
passbook/management/commands/worker.py
|
||||||
docs/
|
docs/
|
||||||
|
|||||||
@ -9,3 +9,6 @@ insert_final_newline = true
|
|||||||
|
|
||||||
[html]
|
[html]
|
||||||
indent_size = 2
|
indent_size = 2
|
||||||
|
|
||||||
|
[yaml]
|
||||||
|
indent_size = 2
|
||||||
|
|||||||
1
.gitignore
vendored
1
.gitignore
vendored
@ -191,3 +191,4 @@ pip-selfcheck.json
|
|||||||
# End of https://www.gitignore.io/api/python,django
|
# End of https://www.gitignore.io/api/python,django
|
||||||
/static/
|
/static/
|
||||||
local.env.yml
|
local.env.yml
|
||||||
|
.vscode/
|
||||||
|
|||||||
181
.gitlab-ci.yml
181
.gitlab-ci.yml
@ -1,140 +1,135 @@
|
|||||||
# Global Variables
|
# Global Variables
|
||||||
before_script:
|
|
||||||
- "python3 -m pip install -U virtualenv"
|
|
||||||
- "virtualenv env"
|
|
||||||
- "source env/bin/activate"
|
|
||||||
- "pip3 install -U -r requirements-dev.txt"
|
|
||||||
stages:
|
stages:
|
||||||
|
- build-base-image
|
||||||
|
- build-dev-image
|
||||||
- test
|
- test
|
||||||
- build
|
- build
|
||||||
- docs
|
- package
|
||||||
image: python:3.6
|
image: docker.beryju.org/passbook/dev:latest
|
||||||
services:
|
|
||||||
- postgres:latest
|
|
||||||
|
|
||||||
variables:
|
variables:
|
||||||
POSTGRES_DB: passbook
|
POSTGRES_DB: passbook
|
||||||
POSTGRES_USER: passbook
|
POSTGRES_USER: passbook
|
||||||
POSTGRES_PASSWORD: 'EK-5jnKfjrGRm<77'
|
POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77"
|
||||||
SUPERVISR_ENV: ci
|
|
||||||
|
before_script:
|
||||||
|
- pip install pipenv
|
||||||
|
# Ensure all dependencies are installed, even those not included in passbook/dev
|
||||||
|
# According to pipenv docs, -d outputs all packages, however it actually does not
|
||||||
|
- pipenv lock -r > requirements-all.txt
|
||||||
|
- pipenv lock -rd >> requirements-all.txt
|
||||||
|
- pip install -r requirements-all.txt
|
||||||
|
|
||||||
|
create-base-image:
|
||||||
|
image:
|
||||||
|
name: gcr.io/kaniko-project/executor:debug
|
||||||
|
entrypoint: [""]
|
||||||
|
before_script:
|
||||||
|
- echo "{\"auths\":{\"docker.beryju.org\":{\"auth\":\"$DOCKER_AUTH\"}}}" > /kaniko/.docker/config.json
|
||||||
|
script:
|
||||||
|
- /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/base.Dockerfile --destination docker.beryju.org/passbook/base:latest --destination docker.beryju.org/passbook/base:0.3.0-beta
|
||||||
|
stage: build-base-image
|
||||||
|
only:
|
||||||
|
refs:
|
||||||
|
- tags
|
||||||
|
- /^version/.*$/
|
||||||
|
|
||||||
|
build-dev-image:
|
||||||
|
image:
|
||||||
|
name: gcr.io/kaniko-project/executor:debug
|
||||||
|
entrypoint: [""]
|
||||||
|
before_script:
|
||||||
|
- echo "{\"auths\":{\"docker.beryju.org\":{\"auth\":\"$DOCKER_AUTH\"}}}" > /kaniko/.docker/config.json
|
||||||
|
script:
|
||||||
|
- /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/dev.Dockerfile --destination docker.beryju.org/passbook/dev:latest --destination docker.beryju.org/passbook/dev:0.3.0-beta
|
||||||
|
stage: build-dev-image
|
||||||
|
only:
|
||||||
|
refs:
|
||||||
|
- tags
|
||||||
|
- /^version/.*$/
|
||||||
|
|
||||||
include:
|
|
||||||
- /allauth/.gitlab-ci.yml
|
|
||||||
|
|
||||||
isort:
|
isort:
|
||||||
script:
|
script:
|
||||||
- isort -c -sg env
|
- isort -c -sg env
|
||||||
stage: test
|
stage: test
|
||||||
|
services:
|
||||||
|
- postgres:latest
|
||||||
|
- redis:latest
|
||||||
migrations:
|
migrations:
|
||||||
script:
|
script:
|
||||||
- python manage.py migrate
|
- python manage.py migrate
|
||||||
stage: test
|
stage: test
|
||||||
|
services:
|
||||||
|
- postgres:latest
|
||||||
|
- redis:latest
|
||||||
prospector:
|
prospector:
|
||||||
script:
|
script:
|
||||||
- prospector
|
- prospector
|
||||||
stage: test
|
stage: test
|
||||||
|
services:
|
||||||
|
- postgres:latest
|
||||||
|
- redis:latest
|
||||||
pylint:
|
pylint:
|
||||||
script:
|
script:
|
||||||
- pylint passbook
|
- pylint passbook
|
||||||
stage: test
|
stage: test
|
||||||
|
services:
|
||||||
|
- postgres:latest
|
||||||
|
- redis:latest
|
||||||
coverage:
|
coverage:
|
||||||
script:
|
script:
|
||||||
- coverage run manage.py test
|
- coverage run manage.py test
|
||||||
- coverage report
|
- coverage report
|
||||||
|
- coverage html
|
||||||
stage: test
|
stage: test
|
||||||
bandit:
|
services:
|
||||||
script:
|
- postgres:latest
|
||||||
- bandit -r passbook
|
- redis:latest
|
||||||
stage: test
|
|
||||||
|
|
||||||
package-docker:
|
package-passbook-server:
|
||||||
image:
|
image:
|
||||||
name: gcr.io/kaniko-project/executor:debug
|
name: gcr.io/kaniko-project/executor:debug
|
||||||
entrypoint: [""]
|
entrypoint: [""]
|
||||||
before_script:
|
before_script:
|
||||||
- echo "{\"auths\":{\"docker.$NEXUS_URL\":{\"auth\":\"$NEXUS_AUTH\"}}}" > /kaniko/.docker/config.json
|
- echo "{\"auths\":{\"docker.beryju.org\":{\"auth\":\"$DOCKER_AUTH\"}}}" > /kaniko/.docker/config.json
|
||||||
script:
|
script:
|
||||||
- /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination docker.pkg.beryju.org/passbook:latest --destination docker.pkg.beryju.org/passbook:0.0.11-alpha
|
- /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination docker.beryju.org/passbook/server:latest --destination docker.beryju.org/passbook/server:0.3.0-beta
|
||||||
stage: build
|
stage: build
|
||||||
only:
|
only:
|
||||||
- tags
|
- tags
|
||||||
- /^version/.*$/
|
- /^version/.*$/
|
||||||
package-helm:
|
build-passbook-static:
|
||||||
stage: build
|
stage: build
|
||||||
|
image:
|
||||||
|
name: gcr.io/kaniko-project/executor:debug
|
||||||
|
entrypoint: [""]
|
||||||
|
before_script:
|
||||||
|
- echo "{\"auths\":{\"docker.beryju.org\":{\"auth\":\"$DOCKER_AUTH\"}}}" > /kaniko/.docker/config.json
|
||||||
script:
|
script:
|
||||||
- curl https://raw.githubusercontent.com/helm/helm/master/scripts/get | bash
|
- /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/static.Dockerfile --destination docker.beryju.org/passbook/static:latest --destination docker.beryju.org/passbook/static:0.3.0-beta
|
||||||
- helm init --client-only
|
|
||||||
- helm package helm/passbook
|
|
||||||
- ./manage.py nexus_upload --method put --url $NEXUS_URL --auth $NEXUS_AUTH --repo helm *.tgz
|
|
||||||
only:
|
only:
|
||||||
- tags
|
- tags
|
||||||
- /^version/.*$/
|
- /^version/.*$/
|
||||||
# package-3.5:
|
# running collectstatic fully initialises django, hence we need that databases
|
||||||
# before_script:
|
services:
|
||||||
# - apt update
|
- postgres:latest
|
||||||
# - apt install -y build-essential debhelper devscripts equivs python3 python3-pip
|
- redis:latest
|
||||||
# - cp debian/control-3.5 debian/control
|
|
||||||
# - mk-build-deps debian/control
|
|
||||||
# - apt install ./*build-deps*deb -f -y
|
|
||||||
# - "python3 -m pip install -U virtualenv"
|
|
||||||
# - "virtualenv env"
|
|
||||||
# - "source env/bin/activate"
|
|
||||||
# - "pip3 install -U -r requirements.txt -r requirements-dev.txt"
|
|
||||||
# image: debian
|
|
||||||
# script:
|
|
||||||
# - debuild -us -uc
|
|
||||||
# - cp ../passbook*.deb .
|
|
||||||
# - python manage.py nexus_upload
|
|
||||||
# artifacts:
|
|
||||||
# paths:
|
|
||||||
# - passbook-python3.5*deb
|
|
||||||
# expire_in: 2 days
|
|
||||||
# stage: build
|
|
||||||
# only:
|
|
||||||
# - tags
|
|
||||||
# - /^debian/.*$/
|
|
||||||
# package-3.6:
|
|
||||||
# before_script:
|
|
||||||
# - apt update
|
|
||||||
# - apt install -y build-essential debhelper devscripts equivs python3 python3-pip
|
|
||||||
# - cp debian/control-3.6 debian/control
|
|
||||||
# - mk-build-deps debian/control
|
|
||||||
# - apt install ./*build-deps*deb -f -y
|
|
||||||
# - "python3 -m pip install -U virtualenv"
|
|
||||||
# - "virtualenv env"
|
|
||||||
# - "source env/bin/activate"
|
|
||||||
# - "pip3 install -U -r requirements.txt -r requirements-dev.txt"
|
|
||||||
# image: debian:buster
|
|
||||||
# script:
|
|
||||||
# - debuild -us -uc
|
|
||||||
# - cp ../passbook*.deb .
|
|
||||||
# - python manage.py nexus_upload
|
|
||||||
# artifacts:
|
|
||||||
# paths:
|
|
||||||
# - passbook-python3.6*deb
|
|
||||||
# expire_in: 2 days
|
|
||||||
# stage: build
|
|
||||||
# only:
|
|
||||||
# - tags
|
|
||||||
# - /^debian/.*$r
|
|
||||||
|
|
||||||
# docs:
|
package-helm:
|
||||||
# stage: docs
|
image: debian:stretch-slim
|
||||||
# only:
|
stage: package
|
||||||
# - master
|
before_script:
|
||||||
# - tags
|
- apt update && apt install -y curl
|
||||||
# - /^debian/.*$/
|
- curl https://raw.githubusercontent.com/helm/helm/master/scripts/get | bash
|
||||||
# environment:
|
script:
|
||||||
# name: docs
|
- helm init --client-only
|
||||||
# url: "https://passbook.beryju.org/docs/"
|
- helm dependency build helm/passbook
|
||||||
# script:
|
- helm package helm/passbook
|
||||||
# - apt update
|
artifacts:
|
||||||
# - apt install -y rsync
|
paths:
|
||||||
# - "mkdir ~/.ssh"
|
- passbook-*.tgz
|
||||||
# - "cp .gitlab/known_hosts ~/.ssh/"
|
expire_in: 1 week
|
||||||
# - "pip3 install -U -r requirements-docs.txt"
|
only:
|
||||||
# - "eval $(ssh-agent -s)"
|
- tags
|
||||||
# - "echo \"${CI_SSH_PRIVATE}\" | ssh-add -"
|
- /^version/.*$/
|
||||||
# - mkdocs build
|
|
||||||
# - 'rsync -avh --delete web/* "beryjuorg@ory1-web-prod-1.ory1.beryju.org:passbook.beryju.org/"'
|
|
||||||
# - 'rsync -avh --delete site/* "beryjuorg@ory1-web-prod-1.ory1.beryju.org:passbook.beryju.org/docs/"'
|
|
||||||
|
|||||||
@ -7,6 +7,7 @@ ignore-paths:
|
|||||||
- migrations
|
- migrations
|
||||||
- docs
|
- docs
|
||||||
- node_modules
|
- node_modules
|
||||||
|
- client-packages
|
||||||
|
|
||||||
uses:
|
uses:
|
||||||
- django
|
- django
|
||||||
|
|||||||
114
.vscode/.ropeproject/config.py
vendored
114
.vscode/.ropeproject/config.py
vendored
@ -1,114 +0,0 @@
|
|||||||
# The default ``config.py``
|
|
||||||
# flake8: noqa
|
|
||||||
|
|
||||||
|
|
||||||
def set_prefs(prefs):
|
|
||||||
"""This function is called before opening the project"""
|
|
||||||
|
|
||||||
# Specify which files and folders to ignore in the project.
|
|
||||||
# Changes to ignored resources are not added to the history and
|
|
||||||
# VCSs. Also they are not returned in `Project.get_files()`.
|
|
||||||
# Note that ``?`` and ``*`` match all characters but slashes.
|
|
||||||
# '*.pyc': matches 'test.pyc' and 'pkg/test.pyc'
|
|
||||||
# 'mod*.pyc': matches 'test/mod1.pyc' but not 'mod/1.pyc'
|
|
||||||
# '.svn': matches 'pkg/.svn' and all of its children
|
|
||||||
# 'build/*.o': matches 'build/lib.o' but not 'build/sub/lib.o'
|
|
||||||
# 'build//*.o': matches 'build/lib.o' and 'build/sub/lib.o'
|
|
||||||
prefs['ignored_resources'] = ['*.pyc', '*~', '.ropeproject',
|
|
||||||
'.hg', '.svn', '_svn', '.git', '.tox']
|
|
||||||
|
|
||||||
# Specifies which files should be considered python files. It is
|
|
||||||
# useful when you have scripts inside your project. Only files
|
|
||||||
# ending with ``.py`` are considered to be python files by
|
|
||||||
# default.
|
|
||||||
# prefs['python_files'] = ['*.py']
|
|
||||||
|
|
||||||
# Custom source folders: By default rope searches the project
|
|
||||||
# for finding source folders (folders that should be searched
|
|
||||||
# for finding modules). You can add paths to that list. Note
|
|
||||||
# that rope guesses project source folders correctly most of the
|
|
||||||
# time; use this if you have any problems.
|
|
||||||
# The folders should be relative to project root and use '/' for
|
|
||||||
# separating folders regardless of the platform rope is running on.
|
|
||||||
# 'src/my_source_folder' for instance.
|
|
||||||
# prefs.add('source_folders', 'src')
|
|
||||||
|
|
||||||
# You can extend python path for looking up modules
|
|
||||||
# prefs.add('python_path', '~/python/')
|
|
||||||
|
|
||||||
# Should rope save object information or not.
|
|
||||||
prefs['save_objectdb'] = True
|
|
||||||
prefs['compress_objectdb'] = False
|
|
||||||
|
|
||||||
# If `True`, rope analyzes each module when it is being saved.
|
|
||||||
prefs['automatic_soa'] = True
|
|
||||||
# The depth of calls to follow in static object analysis
|
|
||||||
prefs['soa_followed_calls'] = 0
|
|
||||||
|
|
||||||
# If `False` when running modules or unit tests "dynamic object
|
|
||||||
# analysis" is turned off. This makes them much faster.
|
|
||||||
prefs['perform_doa'] = True
|
|
||||||
|
|
||||||
# Rope can check the validity of its object DB when running.
|
|
||||||
prefs['validate_objectdb'] = True
|
|
||||||
|
|
||||||
# How many undos to hold?
|
|
||||||
prefs['max_history_items'] = 32
|
|
||||||
|
|
||||||
# Shows whether to save history across sessions.
|
|
||||||
prefs['save_history'] = True
|
|
||||||
prefs['compress_history'] = False
|
|
||||||
|
|
||||||
# Set the number spaces used for indenting. According to
|
|
||||||
# :PEP:`8`, it is best to use 4 spaces. Since most of rope's
|
|
||||||
# unit-tests use 4 spaces it is more reliable, too.
|
|
||||||
prefs['indent_size'] = 4
|
|
||||||
|
|
||||||
# Builtin and c-extension modules that are allowed to be imported
|
|
||||||
# and inspected by rope.
|
|
||||||
prefs['extension_modules'] = []
|
|
||||||
|
|
||||||
# Add all standard c-extensions to extension_modules list.
|
|
||||||
prefs['import_dynload_stdmods'] = True
|
|
||||||
|
|
||||||
# If `True` modules with syntax errors are considered to be empty.
|
|
||||||
# The default value is `False`; When `False` syntax errors raise
|
|
||||||
# `rope.base.exceptions.ModuleSyntaxError` exception.
|
|
||||||
prefs['ignore_syntax_errors'] = False
|
|
||||||
|
|
||||||
# If `True`, rope ignores unresolvable imports. Otherwise, they
|
|
||||||
# appear in the importing namespace.
|
|
||||||
prefs['ignore_bad_imports'] = False
|
|
||||||
|
|
||||||
# If `True`, rope will insert new module imports as
|
|
||||||
# `from <package> import <module>` by default.
|
|
||||||
prefs['prefer_module_from_imports'] = False
|
|
||||||
|
|
||||||
# If `True`, rope will transform a comma list of imports into
|
|
||||||
# multiple separate import statements when organizing
|
|
||||||
# imports.
|
|
||||||
prefs['split_imports'] = False
|
|
||||||
|
|
||||||
# If `True`, rope will remove all top-level import statements and
|
|
||||||
# reinsert them at the top of the module when making changes.
|
|
||||||
prefs['pull_imports_to_top'] = True
|
|
||||||
|
|
||||||
# If `True`, rope will sort imports alphabetically by module name instead
|
|
||||||
# of alphabetically by import statement, with from imports after normal
|
|
||||||
# imports.
|
|
||||||
prefs['sort_imports_alphabetically'] = False
|
|
||||||
|
|
||||||
# Location of implementation of
|
|
||||||
# rope.base.oi.type_hinting.interfaces.ITypeHintingFactory In general
|
|
||||||
# case, you don't have to change this value, unless you're an rope expert.
|
|
||||||
# Change this value to inject you own implementations of interfaces
|
|
||||||
# listed in module rope.base.oi.type_hinting.providers.interfaces
|
|
||||||
# For example, you can add you own providers for Django Models, or disable
|
|
||||||
# the search type-hinting in a class hierarchy, etc.
|
|
||||||
prefs['type_hinting_factory'] = (
|
|
||||||
'rope.base.oi.type_hinting.factory.default_type_hinting_factory')
|
|
||||||
|
|
||||||
|
|
||||||
def project_opened(project):
|
|
||||||
"""This function is called after opening the project"""
|
|
||||||
# Do whatever you like here!
|
|
||||||
BIN
.vscode/.ropeproject/objectdb
vendored
BIN
.vscode/.ropeproject/objectdb
vendored
Binary file not shown.
11
.vscode/settings.json
vendored
11
.vscode/settings.json
vendored
@ -1,11 +0,0 @@
|
|||||||
{
|
|
||||||
"python.pythonPath": "env/bin/python",
|
|
||||||
"editor.tabSize": 4,
|
|
||||||
"[html]": {
|
|
||||||
"editor.tabSize": 2
|
|
||||||
},
|
|
||||||
"cSpell.words": [
|
|
||||||
"SAML",
|
|
||||||
"passbook"
|
|
||||||
]
|
|
||||||
}
|
|
||||||
26
Dockerfile
26
Dockerfile
@ -1,28 +1,8 @@
|
|||||||
FROM python:3.6-slim-stretch as build
|
FROM docker.beryju.org/passbook/base:latest
|
||||||
|
|
||||||
COPY ./passbook/ /app/passbook
|
COPY ./passbook/ /app/passbook
|
||||||
COPY ./manage.py /app/
|
COPY ./manage.py /app/
|
||||||
COPY ./requirements.txt /app/
|
|
||||||
|
|
||||||
WORKDIR /app/
|
|
||||||
|
|
||||||
RUN mkdir /app/static/ && \
|
|
||||||
pip install -r requirements.txt && \
|
|
||||||
pip install psycopg2 && \
|
|
||||||
./manage.py collectstatic --no-input
|
|
||||||
|
|
||||||
FROM python:3.6-slim-stretch
|
|
||||||
|
|
||||||
COPY ./passbook/ /app/passbook
|
|
||||||
COPY ./manage.py /app/
|
|
||||||
COPY ./requirements.txt /app/
|
|
||||||
COPY --from=build /app/static /app/static/
|
|
||||||
|
|
||||||
WORKDIR /app/
|
|
||||||
|
|
||||||
RUN pip install -r requirements.txt && \
|
|
||||||
pip install psycopg2 && \
|
|
||||||
adduser --system --home /app/ passbook && \
|
|
||||||
chown -R passbook /app/
|
|
||||||
|
|
||||||
USER passbook
|
USER passbook
|
||||||
|
|
||||||
|
WORKDIR /app/
|
||||||
|
|||||||
2
LICENSE
2
LICENSE
@ -1,6 +1,6 @@
|
|||||||
MIT License
|
MIT License
|
||||||
|
|
||||||
Copyright (c) 2018 BeryJu.org
|
Copyright (c) 2019 BeryJu.org
|
||||||
|
|
||||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||||
of this software and associated documentation files (the "Software"), to deal
|
of this software and associated documentation files (the "Software"), to deal
|
||||||
|
|||||||
61
Pipfile
Normal file
61
Pipfile
Normal file
@ -0,0 +1,61 @@
|
|||||||
|
[[source]]
|
||||||
|
name = "pypi"
|
||||||
|
url = "https://pypi.org/simple"
|
||||||
|
verify_ssl = true
|
||||||
|
|
||||||
|
[packages]
|
||||||
|
asgiref = "*"
|
||||||
|
beautifulsoup4 = "*"
|
||||||
|
celery = "*"
|
||||||
|
channels = "*"
|
||||||
|
cherrypy = "*"
|
||||||
|
colorlog = "*"
|
||||||
|
daphne = "*"
|
||||||
|
defusedxml = "*"
|
||||||
|
django = "*"
|
||||||
|
django-cors-middleware = "*"
|
||||||
|
django-filters = "*"
|
||||||
|
django-ipware = "*"
|
||||||
|
django-model-utils = "*"
|
||||||
|
django-oauth-toolkit = "*"
|
||||||
|
django-oidc-provider = "*"
|
||||||
|
django-otp = "*"
|
||||||
|
django-recaptcha = "*"
|
||||||
|
django-redis = "*"
|
||||||
|
django-rest-framework = "*"
|
||||||
|
django-revproxy = "*"
|
||||||
|
djangorestframework = "==3.9.4"
|
||||||
|
drf-yasg = "*"
|
||||||
|
ldap3 = "*"
|
||||||
|
lxml = "*"
|
||||||
|
markdown = "*"
|
||||||
|
oauthlib = "*"
|
||||||
|
packaging = "*"
|
||||||
|
psycopg2 = "*"
|
||||||
|
pycryptodome = "*"
|
||||||
|
pyyaml = "*"
|
||||||
|
qrcode = "*"
|
||||||
|
requests-oauthlib = "*"
|
||||||
|
sentry-sdk = "*"
|
||||||
|
service_identity = "*"
|
||||||
|
signxml = "*"
|
||||||
|
urllib3 = {extras = ["secure"],version = "*"}
|
||||||
|
websocket_client = "*"
|
||||||
|
structlog = "*"
|
||||||
|
|
||||||
|
[requires]
|
||||||
|
python_version = "3.7"
|
||||||
|
|
||||||
|
[dev-packages]
|
||||||
|
coverage = "*"
|
||||||
|
isort = "*"
|
||||||
|
pylint = "*"
|
||||||
|
pylint-django = "*"
|
||||||
|
prospector = "*"
|
||||||
|
django-debug-toolbar = "*"
|
||||||
|
bumpversion = "*"
|
||||||
|
unittest-xml-reporting = "*"
|
||||||
|
autopep8 = "*"
|
||||||
|
bandit = "*"
|
||||||
|
twine = "*"
|
||||||
|
colorama = "*"
|
||||||
1348
Pipfile.lock
generated
Normal file
1348
Pipfile.lock
generated
Normal file
File diff suppressed because it is too large
Load Diff
@ -1,27 +0,0 @@
|
|||||||
# Global Variables
|
|
||||||
before_script:
|
|
||||||
- cd allauth/
|
|
||||||
- "python3 -m pip install -U virtualenv"
|
|
||||||
- "virtualenv env"
|
|
||||||
- "source env/bin/activate"
|
|
||||||
- "pip3 install -U -r requirements-dev.txt"
|
|
||||||
stages:
|
|
||||||
- test-allauth
|
|
||||||
image: python:3.6
|
|
||||||
|
|
||||||
isort:
|
|
||||||
script:
|
|
||||||
- isort -c -sg env
|
|
||||||
stage: test-allauth
|
|
||||||
prospector:
|
|
||||||
script:
|
|
||||||
- prospector
|
|
||||||
stage: test-allauth
|
|
||||||
pylint:
|
|
||||||
script:
|
|
||||||
- pylint passbook
|
|
||||||
stage: test-allauth
|
|
||||||
bandit:
|
|
||||||
script:
|
|
||||||
- bandit -r allauth_passbook
|
|
||||||
stage: test-allauth
|
|
||||||
@ -1,35 +0,0 @@
|
|||||||
"""passbook provider"""
|
|
||||||
from allauth.socialaccount.providers.base import ProviderAccount
|
|
||||||
from allauth.socialaccount.providers.oauth2.provider import OAuth2Provider
|
|
||||||
|
|
||||||
|
|
||||||
class PassbookAccount(ProviderAccount):
|
|
||||||
"""passbook account"""
|
|
||||||
|
|
||||||
def to_str(self):
|
|
||||||
dflt = super().to_str()
|
|
||||||
return self.account.extra_data.get('username', dflt)
|
|
||||||
|
|
||||||
|
|
||||||
class PassbookProvider(OAuth2Provider):
|
|
||||||
"""passbook provider"""
|
|
||||||
|
|
||||||
id = 'passbook'
|
|
||||||
name = 'passbook'
|
|
||||||
account_class = PassbookAccount
|
|
||||||
|
|
||||||
def extract_uid(self, data):
|
|
||||||
return str(data['sub'])
|
|
||||||
|
|
||||||
def extract_common_fields(self, data):
|
|
||||||
return {
|
|
||||||
'email': data.get('email'),
|
|
||||||
'username': data.get('preferred_username'),
|
|
||||||
'name': data.get('name'),
|
|
||||||
}
|
|
||||||
|
|
||||||
def get_default_scope(self):
|
|
||||||
return ['openid:userinfo']
|
|
||||||
|
|
||||||
|
|
||||||
provider_classes = [PassbookProvider] # noqa
|
|
||||||
@ -1,5 +0,0 @@
|
|||||||
"""passbook provider"""
|
|
||||||
from allauth.socialaccount.providers.oauth2.urls import default_urlpatterns
|
|
||||||
from allauth_passbook.provider import PassbookProvider
|
|
||||||
|
|
||||||
urlpatterns = default_urlpatterns(PassbookProvider)
|
|
||||||
@ -1,37 +0,0 @@
|
|||||||
"""passbook adapter"""
|
|
||||||
import requests
|
|
||||||
|
|
||||||
from allauth.socialaccount import app_settings
|
|
||||||
from allauth.socialaccount.providers.oauth2.views import (OAuth2Adapter,
|
|
||||||
OAuth2CallbackView,
|
|
||||||
OAuth2LoginView)
|
|
||||||
from allauth_passbook.provider import PassbookProvider
|
|
||||||
|
|
||||||
|
|
||||||
class PassbookOAuth2Adapter(OAuth2Adapter):
|
|
||||||
"""passbook OAuth2 Adapter"""
|
|
||||||
provider_id = PassbookProvider.id
|
|
||||||
# pylint: disable=no-member
|
|
||||||
settings = app_settings.PROVIDERS.get(provider_id, {}) # noqa
|
|
||||||
provider_base_url = settings.get("PASSBOOK_URL", 'https://id.beryju.org')
|
|
||||||
|
|
||||||
access_token_url = '{0}/application/oauth/token/'.format(provider_base_url)
|
|
||||||
authorize_url = '{0}/application/oauth/authorize/'.format(provider_base_url)
|
|
||||||
profile_url = '{0}/api/v1/openid/'.format(
|
|
||||||
provider_base_url)
|
|
||||||
|
|
||||||
def complete_login(self, request, app, access_token, **kwargs):
|
|
||||||
headers = {
|
|
||||||
'Authorization': 'Bearer {0}'.format(access_token.token),
|
|
||||||
'Content-Type': 'application/json',
|
|
||||||
}
|
|
||||||
extra_data = requests.get(self.profile_url, headers=headers)
|
|
||||||
|
|
||||||
return self.get_provider().sociallogin_from_response(
|
|
||||||
request,
|
|
||||||
extra_data.json()
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
oauth2_login = OAuth2LoginView.adapter_view(PassbookOAuth2Adapter) # noqa
|
|
||||||
oauth2_callback = OAuth2CallbackView.adapter_view(PassbookOAuth2Adapter) # noqa
|
|
||||||
@ -1 +0,0 @@
|
|||||||
django-allauth
|
|
||||||
@ -1,33 +0,0 @@
|
|||||||
"""passbook allauth setup.py"""
|
|
||||||
from setuptools import setup
|
|
||||||
|
|
||||||
setup(
|
|
||||||
name='django-allauth-passbook',
|
|
||||||
version='1.0.0',
|
|
||||||
description='passbook support for django-allauth',
|
|
||||||
# long_description='\n'.join(read_simple('docs/index.md')[2:]),
|
|
||||||
long_description_content_type='text/markdown',
|
|
||||||
author='BeryJu.org',
|
|
||||||
author_email='hello@beryju.org',
|
|
||||||
packages=['allauth_passbook'],
|
|
||||||
include_package_data=True,
|
|
||||||
install_requires=['django-allauth'],
|
|
||||||
keywords='django allauth passbook',
|
|
||||||
license='MIT',
|
|
||||||
classifiers=[
|
|
||||||
'Intended Audience :: Developers',
|
|
||||||
'Topic :: Software Development :: Libraries :: Python Modules',
|
|
||||||
'Environment :: Web Environment',
|
|
||||||
'Topic :: Internet',
|
|
||||||
'License :: OSI Approved :: MIT License',
|
|
||||||
'Operating System :: OS Independent',
|
|
||||||
'Programming Language :: Python',
|
|
||||||
'Programming Language :: Python :: 3.4',
|
|
||||||
'Programming Language :: Python :: 3.5',
|
|
||||||
'Programming Language :: Python :: 3.6',
|
|
||||||
'Framework :: Django',
|
|
||||||
'Framework :: Django :: 1.11',
|
|
||||||
'Framework :: Django :: 2.0',
|
|
||||||
'Framework :: Django :: 2.1',
|
|
||||||
],
|
|
||||||
)
|
|
||||||
15
base.Dockerfile
Normal file
15
base.Dockerfile
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
FROM python:3.7-alpine
|
||||||
|
|
||||||
|
COPY ./Pipfile /app/
|
||||||
|
COPY ./Pipfile.lock /app/
|
||||||
|
|
||||||
|
WORKDIR /app/
|
||||||
|
|
||||||
|
RUN apk update && \
|
||||||
|
apk add --no-cache openssl-dev build-base libxml2-dev libxslt-dev libffi-dev gcc musl-dev libgcc zlib-dev postgresql-dev && \
|
||||||
|
pip install pipenv --no-cache-dir && \
|
||||||
|
pipenv lock -r > requirements.txt && \
|
||||||
|
pipenv --rm && \
|
||||||
|
pip install -r requirements.txt --no-cache-dir && \
|
||||||
|
adduser -S passbook && \
|
||||||
|
chown -R passbook /app
|
||||||
4
dev.Dockerfile
Normal file
4
dev.Dockerfile
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
FROM docker.beryju.org/passbook/base:latest
|
||||||
|
|
||||||
|
RUN pipenv lock --dev -r > requirements-dev.txt && \
|
||||||
|
pip install -r /app/requirements-dev.txt --no-cache-dir
|
||||||
9
helm/passbook/Chart.lock
Normal file
9
helm/passbook/Chart.lock
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
dependencies:
|
||||||
|
- name: postgresql
|
||||||
|
repository: https://kubernetes-charts.storage.googleapis.com/
|
||||||
|
version: 6.3.10
|
||||||
|
- name: redis
|
||||||
|
repository: https://kubernetes-charts.storage.googleapis.com/
|
||||||
|
version: 9.2.1
|
||||||
|
digest: sha256:bdde250e1401dccdd5161e39c807f9e88b05e3e8e72e74df767a1bbb5fc39a4a
|
||||||
|
generated: "2019-10-01T10:46:06.542706+02:00"
|
||||||
@ -1,6 +1,6 @@
|
|||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
appVersion: "0.0.11-alpha"
|
appVersion: "0.3.0-beta"
|
||||||
description: A Helm chart for passbook.
|
description: A Helm chart for passbook.
|
||||||
name: passbook
|
name: passbook
|
||||||
version: "0.0.11-alpha"
|
version: "0.3.0-beta"
|
||||||
icon: https://passbook.beryju.org/images/logo.png
|
icon: https://git.beryju.org/uploads/-/system/project/avatar/108/logo.png
|
||||||
|
|||||||
Binary file not shown.
BIN
helm/passbook/charts/postgresql-6.3.10.tgz
Normal file
BIN
helm/passbook/charts/postgresql-6.3.10.tgz
Normal file
Binary file not shown.
Binary file not shown.
BIN
helm/passbook/charts/redis-9.2.1.tgz
Normal file
BIN
helm/passbook/charts/redis-9.2.1.tgz
Normal file
Binary file not shown.
@ -1,9 +1,12 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- name: redis
|
- name: rabbitmq
|
||||||
repository: https://kubernetes-charts.storage.googleapis.com/
|
repository: https://kubernetes-charts.storage.googleapis.com/
|
||||||
version: 5.1.0
|
version: 4.3.2
|
||||||
- name: postgresql
|
- name: postgresql
|
||||||
repository: https://kubernetes-charts.storage.googleapis.com/
|
repository: https://kubernetes-charts.storage.googleapis.com/
|
||||||
version: 3.10.1
|
version: 3.10.1
|
||||||
digest: sha256:04bd136761f070e94a2ff32ff48ff87f5e07fbd451e5fd7f65551e3bd4680e5e
|
- name: redis
|
||||||
generated: 2019-02-08T12:08:49.090666+01:00
|
repository: https://kubernetes-charts.storage.googleapis.com/
|
||||||
|
version: 5.1.0
|
||||||
|
digest: sha256:8bf68bc928a2e3c0f05139635be05fa0840554c7bde4cecd624fac78fb5fa5a3
|
||||||
|
generated: 2019-03-21T11:06:51.553379+01:00
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- name: redis
|
|
||||||
version: 5.1.0
|
|
||||||
repository: https://kubernetes-charts.storage.googleapis.com/
|
|
||||||
- name: postgresql
|
- name: postgresql
|
||||||
version: 3.10.1
|
version: 6.3.10
|
||||||
|
repository: https://kubernetes-charts.storage.googleapis.com/
|
||||||
|
- name: redis
|
||||||
|
version: 9.2.1
|
||||||
repository: https://kubernetes-charts.storage.googleapis.com/
|
repository: https://kubernetes-charts.storage.googleapis.com/
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
apiVersion: apps/v1beta2
|
apiVersion: apps/v1beta2
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ include "passbook.fullname" . }}-web
|
name: {{ include "passbook.fullname" . }}-appgw
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/name: {{ include "passbook.name" . }}
|
app.kubernetes.io/name: {{ include "passbook.name" . }}
|
||||||
helm.sh/chart: {{ include "passbook.chart" . }}
|
helm.sh/chart: {{ include "passbook.chart" . }}
|
||||||
@ -18,6 +18,7 @@ spec:
|
|||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/name: {{ include "passbook.name" . }}
|
app.kubernetes.io/name: {{ include "passbook.name" . }}
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
passbook.io/component: appgw
|
||||||
spec:
|
spec:
|
||||||
volumes:
|
volumes:
|
||||||
- name: config-volume
|
- name: config-volume
|
||||||
@ -25,10 +26,12 @@ spec:
|
|||||||
name: {{ include "passbook.fullname" . }}-config
|
name: {{ include "passbook.fullname" . }}-config
|
||||||
containers:
|
containers:
|
||||||
- name: {{ .Chart.Name }}
|
- name: {{ .Chart.Name }}
|
||||||
image: "docker.pkg.beryju.org/passbook:{{ .Values.image.tag }}"
|
image: "docker.beryju.org/passbook/server:{{ .Values.image.tag }}"
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
command: ["/bin/sh","-c"]
|
command:
|
||||||
args: ["./manage.py migrate && ./manage.py web"]
|
- ./manage.py
|
||||||
|
args:
|
||||||
|
- app_gw_web
|
||||||
ports:
|
ports:
|
||||||
- name: http
|
- name: http
|
||||||
containerPort: 8000
|
containerPort: 8000
|
||||||
@ -51,16 +54,9 @@ spec:
|
|||||||
- name: Host
|
- name: Host
|
||||||
value: kubernetes-healthcheck-host
|
value: kubernetes-healthcheck-host
|
||||||
resources:
|
resources:
|
||||||
{{ toYaml .Values.resources | indent 12 }}
|
requests:
|
||||||
{{- with .Values.nodeSelector }}
|
cpu: 150m
|
||||||
nodeSelector:
|
memory: 300M
|
||||||
{{ toYaml . | indent 8 }}
|
limits:
|
||||||
{{- end }}
|
cpu: 500m
|
||||||
{{- with .Values.affinity }}
|
memory: 500M
|
||||||
affinity:
|
|
||||||
{{ toYaml . | indent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.tolerations }}
|
|
||||||
tolerations:
|
|
||||||
{{ toYaml . | indent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
20
helm/passbook/templates/appgw-service.yaml
Normal file
20
helm/passbook/templates/appgw-service.yaml
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: {{ include "passbook.fullname" . }}-appgw
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: {{ include "passbook.name" . }}
|
||||||
|
helm.sh/chart: {{ include "passbook.chart" . }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
spec:
|
||||||
|
type: {{ .Values.service.type }}
|
||||||
|
ports:
|
||||||
|
- port: {{ .Values.service.port }}
|
||||||
|
targetPort: http
|
||||||
|
protocol: TCP
|
||||||
|
name: http
|
||||||
|
selector:
|
||||||
|
app.kubernetes.io/name: {{ include "passbook.name" . }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
passbook.io/component: appgw
|
||||||
@ -4,40 +4,18 @@ metadata:
|
|||||||
name: {{ include "passbook.fullname" . }}-config
|
name: {{ include "passbook.fullname" . }}-config
|
||||||
data:
|
data:
|
||||||
config.yml: |
|
config.yml: |
|
||||||
# Env for Docker images
|
postgresql:
|
||||||
databases:
|
host: "{{ .Release.Name }}-postgresql"
|
||||||
default:
|
name: "{{ .Values.postgresql.postgresqlDatabase }}"
|
||||||
engine: django.db.backends.postgresql
|
user: postgres
|
||||||
name: {{ .Values.postgresql.postgresqlDatabase }}
|
password: "{{ .Values.postgresql.postgresqlPassword }}"
|
||||||
user: postgres
|
redis:
|
||||||
password: {{ .Values.postgresql.postgresqlPassword }}
|
host: "{{ .Release.Name }}-redis-master"
|
||||||
host: {{ .Release.Name }}-postgresql
|
password: "{{ .Values.redis.password }}"
|
||||||
port: ''
|
cache_db: 0
|
||||||
log:
|
message_queue_db: 1
|
||||||
level:
|
|
||||||
console: DEBUG
|
# Error reporting, sends stacktrace to sentry.beryju.org
|
||||||
file: DEBUG
|
|
||||||
file: /dev/null
|
|
||||||
syslog:
|
|
||||||
host: 127.0.0.1
|
|
||||||
port: 514
|
|
||||||
email:
|
|
||||||
host: localhost
|
|
||||||
port: 25
|
|
||||||
user: ''
|
|
||||||
password: ''
|
|
||||||
use_tls: false
|
|
||||||
use_ssl: false
|
|
||||||
from: passbook <passbook@domain.tld>
|
|
||||||
web:
|
|
||||||
listen: 0.0.0.0
|
|
||||||
port: 8000
|
|
||||||
threads: 30
|
|
||||||
debug: false
|
|
||||||
secure_proxy_header:
|
|
||||||
HTTP_X_FORWARDED_PROTO: https
|
|
||||||
redis: {{ .Release.Name }}-redis
|
|
||||||
# Error reporting, sends stacktrace to sentry.services.beryju.org
|
|
||||||
error_report_enabled: {{ .Values.config.error_reporting }}
|
error_report_enabled: {{ .Values.config.error_reporting }}
|
||||||
|
|
||||||
{{- if .Values.config.secret_key }}
|
{{- if .Values.config.secret_key }}
|
||||||
@ -46,10 +24,12 @@ data:
|
|||||||
secret_key: {{ randAlphaNum 50 }}
|
secret_key: {{ randAlphaNum 50 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
|
primary_domain: {{ .Values.primary_domain }}
|
||||||
domains:
|
domains:
|
||||||
{{- range .Values.ingress.hosts }}
|
{{- range .Values.ingress.hosts }}
|
||||||
- {{ . | quote }}
|
- {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
- kubernetes-healthcheck-host
|
||||||
|
|
||||||
passbook:
|
passbook:
|
||||||
sign_up:
|
sign_up:
|
||||||
@ -105,10 +85,9 @@ data:
|
|||||||
email: mail # or userPrincipalName
|
email: mail # or userPrincipalName
|
||||||
user_attribute_map:
|
user_attribute_map:
|
||||||
active_directory:
|
active_directory:
|
||||||
sAMAccountName: username
|
username: "%(sAMAccountName)s"
|
||||||
mail: email
|
email: "%(mail)s"
|
||||||
given_name: first_name
|
name: "%(displayName)"
|
||||||
name: last_name
|
|
||||||
# # Create new users in LDAP upon sign-up
|
# # Create new users in LDAP upon sign-up
|
||||||
# create_users: true
|
# create_users: true
|
||||||
# # Reset LDAP password when user reset their password
|
# # Reset LDAP password when user reset their password
|
||||||
@ -123,6 +102,7 @@ data:
|
|||||||
- passbook.oauth_client.source_types.reddit
|
- passbook.oauth_client.source_types.reddit
|
||||||
- passbook.oauth_client.source_types.supervisr
|
- passbook.oauth_client.source_types.supervisr
|
||||||
- passbook.oauth_client.source_types.twitter
|
- passbook.oauth_client.source_types.twitter
|
||||||
|
- passbook.oauth_client.source_types.azure_ad
|
||||||
saml_idp:
|
saml_idp:
|
||||||
signing: true
|
signing: true
|
||||||
autosubmit: false
|
autosubmit: false
|
||||||
@ -131,8 +111,4 @@ data:
|
|||||||
# List of python packages with provider types to load.
|
# List of python packages with provider types to load.
|
||||||
types:
|
types:
|
||||||
- passbook.saml_idp.processors.generic
|
- passbook.saml_idp.processors.generic
|
||||||
- passbook.saml_idp.processors.gitlab
|
|
||||||
- passbook.saml_idp.processors.nextcloud
|
|
||||||
- passbook.saml_idp.processors.salesforce
|
- passbook.saml_idp.processors.salesforce
|
||||||
- passbook.saml_idp.processors.shibboleth
|
|
||||||
- passbook.saml_idp.processors.wordpress_orange
|
|
||||||
@ -1,6 +1,5 @@
|
|||||||
{{- if .Values.ingress.enabled -}}
|
{{- if .Values.ingress.enabled -}}
|
||||||
{{- $fullName := include "passbook.fullname" . -}}
|
{{- $fullName := include "passbook.fullname" . -}}
|
||||||
{{- $ingressPath := .Values.ingress.path -}}
|
|
||||||
apiVersion: extensions/v1beta1
|
apiVersion: extensions/v1beta1
|
||||||
kind: Ingress
|
kind: Ingress
|
||||||
metadata:
|
metadata:
|
||||||
@ -30,9 +29,22 @@ spec:
|
|||||||
- host: {{ . | quote }}
|
- host: {{ . | quote }}
|
||||||
http:
|
http:
|
||||||
paths:
|
paths:
|
||||||
- path: {{ $ingressPath }}
|
- path: /
|
||||||
backend:
|
backend:
|
||||||
serviceName: {{ $fullName }}
|
serviceName: {{ $fullName }}-web
|
||||||
|
servicePort: http
|
||||||
|
- path: /static/
|
||||||
|
backend:
|
||||||
|
serviceName: {{ $fullName }}-static
|
||||||
|
servicePort: http
|
||||||
|
{{- end }}
|
||||||
|
{{- range .Values.ingress.app_gw_hosts }}
|
||||||
|
- host: {{ . | quote }}
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
backend:
|
||||||
|
serviceName: {{ $fullName }}-appgw
|
||||||
servicePort: http
|
servicePort: http
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
55
helm/passbook/templates/static-deployment.yaml
Normal file
55
helm/passbook/templates/static-deployment.yaml
Normal file
@ -0,0 +1,55 @@
|
|||||||
|
apiVersion: apps/v1beta2
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: {{ include "passbook.fullname" . }}-static
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: {{ include "passbook.name" . }}
|
||||||
|
helm.sh/chart: {{ include "passbook.chart" . }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: {{ include "passbook.name" . }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: {{ include "passbook.name" . }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
k8s.passbook.io/component: static
|
||||||
|
annotations:
|
||||||
|
prometheus.io/scrape: "true"
|
||||||
|
prometheus.io/port: '9113'
|
||||||
|
field.cattle.io/workloadMetrics: '[{"path":"/metrics","port":9113,"schema":"HTTP"}]'
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: {{ .Chart.Name }}-static
|
||||||
|
image: "docker.beryju.org/passbook/static:{{ .Values.image.tag }}"
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
containerPort: 80
|
||||||
|
protocol: TCP
|
||||||
|
livenessProbe:
|
||||||
|
initialDelaySeconds: 10
|
||||||
|
timeoutSeconds: 5
|
||||||
|
httpGet:
|
||||||
|
path: /_/healthz
|
||||||
|
port: http
|
||||||
|
readinessProbe:
|
||||||
|
initialDelaySeconds: 10
|
||||||
|
timeoutSeconds: 5
|
||||||
|
httpGet:
|
||||||
|
path: /_/healthz
|
||||||
|
port: http
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 10m
|
||||||
|
memory: 10M
|
||||||
|
limits:
|
||||||
|
cpu: 20m
|
||||||
|
memory: 20M
|
||||||
|
- name: {{ .Chart.Name }}-static-prometheus
|
||||||
|
image: nginx/nginx-prometheus-exporter:0.4.1
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
21
helm/passbook/templates/static-service.yaml
Normal file
21
helm/passbook/templates/static-service.yaml
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: {{ include "passbook.fullname" . }}-static
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: {{ include "passbook.name" . }}
|
||||||
|
helm.sh/chart: {{ include "passbook.chart" . }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
k8s.passbook.io/component: static
|
||||||
|
spec:
|
||||||
|
type: ClusterIP
|
||||||
|
ports:
|
||||||
|
- port: 80
|
||||||
|
targetPort: http
|
||||||
|
protocol: TCP
|
||||||
|
name: http
|
||||||
|
selector:
|
||||||
|
app.kubernetes.io/name: {{ include "passbook.name" . }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
k8s.passbook.io/component: static
|
||||||
72
helm/passbook/templates/web-deployment.yaml
Normal file
72
helm/passbook/templates/web-deployment.yaml
Normal file
@ -0,0 +1,72 @@
|
|||||||
|
apiVersion: apps/v1beta2
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: {{ include "passbook.fullname" . }}-web
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: {{ include "passbook.name" . }}
|
||||||
|
helm.sh/chart: {{ include "passbook.chart" . }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
spec:
|
||||||
|
replicas: {{ .Values.replicaCount }}
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: {{ include "passbook.name" . }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: {{ include "passbook.name" . }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
passbook.io/component: web
|
||||||
|
spec:
|
||||||
|
volumes:
|
||||||
|
- name: config-volume
|
||||||
|
configMap:
|
||||||
|
name: {{ include "passbook.fullname" . }}-config
|
||||||
|
initContainers:
|
||||||
|
- name: passbook-database-migrations
|
||||||
|
image: "docker.beryju.org/passbook/server:{{ .Values.image.tag }}"
|
||||||
|
command:
|
||||||
|
- ./manage.py
|
||||||
|
args:
|
||||||
|
- migrate
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /etc/passbook
|
||||||
|
name: config-volume
|
||||||
|
containers:
|
||||||
|
- name: {{ .Chart.Name }}
|
||||||
|
image: "docker.beryju.org/passbook/server:{{ .Values.image.tag }}"
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
command:
|
||||||
|
- ./manage.py
|
||||||
|
args:
|
||||||
|
- web
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
containerPort: 8000
|
||||||
|
protocol: TCP
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /etc/passbook
|
||||||
|
name: config-volume
|
||||||
|
livenessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /
|
||||||
|
port: http
|
||||||
|
httpHeaders:
|
||||||
|
- name: Host
|
||||||
|
value: kubernetes-healthcheck-host
|
||||||
|
readinessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /
|
||||||
|
port: http
|
||||||
|
httpHeaders:
|
||||||
|
- name: Host
|
||||||
|
value: kubernetes-healthcheck-host
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 50m
|
||||||
|
memory: 150M
|
||||||
|
limits:
|
||||||
|
cpu: 200m
|
||||||
|
memory: 300M
|
||||||
@ -1,7 +1,7 @@
|
|||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ include "passbook.fullname" . }}
|
name: {{ include "passbook.fullname" . }}-web
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/name: {{ include "passbook.name" . }}
|
app.kubernetes.io/name: {{ include "passbook.name" . }}
|
||||||
helm.sh/chart: {{ include "passbook.chart" . }}
|
helm.sh/chart: {{ include "passbook.chart" . }}
|
||||||
@ -17,3 +17,4 @@ spec:
|
|||||||
selector:
|
selector:
|
||||||
app.kubernetes.io/name: {{ include "passbook.name" . }}
|
app.kubernetes.io/name: {{ include "passbook.name" . }}
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
passbook.io/component: web
|
||||||
@ -18,6 +18,7 @@ spec:
|
|||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/name: {{ include "passbook.name" . }}
|
app.kubernetes.io/name: {{ include "passbook.name" . }}
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
passbook.io/component: worker
|
||||||
spec:
|
spec:
|
||||||
volumes:
|
volumes:
|
||||||
- name: config-volume
|
- name: config-volume
|
||||||
@ -25,9 +26,12 @@ spec:
|
|||||||
name: {{ include "passbook.fullname" . }}-config
|
name: {{ include "passbook.fullname" . }}-config
|
||||||
containers:
|
containers:
|
||||||
- name: {{ .Chart.Name }}
|
- name: {{ .Chart.Name }}
|
||||||
image: "docker.pkg.beryju.org/passbook:{{ .Values.image.tag }}"
|
image: "docker.beryju.org/passbook/server:{{ .Values.image.tag }}"
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
command: ["./manage.py", "worker"]
|
command:
|
||||||
|
- ./manage.py
|
||||||
|
args:
|
||||||
|
- worker
|
||||||
ports:
|
ports:
|
||||||
- name: http
|
- name: http
|
||||||
containerPort: 8000
|
containerPort: 8000
|
||||||
@ -36,16 +40,9 @@ spec:
|
|||||||
- mountPath: /etc/passbook
|
- mountPath: /etc/passbook
|
||||||
name: config-volume
|
name: config-volume
|
||||||
resources:
|
resources:
|
||||||
{{ toYaml .Values.resources | indent 12 }}
|
requests:
|
||||||
{{- with .Values.nodeSelector }}
|
cpu: 150m
|
||||||
nodeSelector:
|
memory: 300M
|
||||||
{{ toYaml . | indent 8 }}
|
limits:
|
||||||
{{- end }}
|
cpu: 300m
|
||||||
{{- with .Values.affinity }}
|
memory: 500M
|
||||||
affinity:
|
|
||||||
{{ toYaml . | indent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.tolerations }}
|
|
||||||
tolerations:
|
|
||||||
{{ toYaml . | indent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
@ -5,7 +5,7 @@
|
|||||||
replicaCount: 1
|
replicaCount: 1
|
||||||
|
|
||||||
image:
|
image:
|
||||||
tag: latest
|
tag: 0.3.0-beta
|
||||||
|
|
||||||
nameOverride: ""
|
nameOverride: ""
|
||||||
|
|
||||||
@ -14,10 +14,16 @@ config:
|
|||||||
# secret_key: _k*@6h2u2@q-dku57hhgzb7tnx*ba9wodcb^s9g0j59@=y(@_o
|
# secret_key: _k*@6h2u2@q-dku57hhgzb7tnx*ba9wodcb^s9g0j59@=y(@_o
|
||||||
# Enable error reporting
|
# Enable error reporting
|
||||||
error_reporting: true
|
error_reporting: true
|
||||||
|
email:
|
||||||
|
host: localhost
|
||||||
|
|
||||||
postgresql:
|
postgresql:
|
||||||
postgresqlDatabase: passbook
|
postgresqlDatabase: passbook
|
||||||
postgresqlPassword: foo
|
postgresqlPassword: foo
|
||||||
|
|
||||||
|
rabbitmq:
|
||||||
|
rabbitmq:
|
||||||
|
password: foo
|
||||||
|
|
||||||
service:
|
service:
|
||||||
type: ClusterIP
|
type: ClusterIP
|
||||||
@ -31,7 +37,8 @@ ingress:
|
|||||||
path: /
|
path: /
|
||||||
hosts:
|
hosts:
|
||||||
- passbook.k8s.local
|
- passbook.k8s.local
|
||||||
- kubernetes-healthcheck-host
|
app_gw_hosts:
|
||||||
|
- '*.passbook.k8s.local'
|
||||||
defaultHost: passbook.k8s.local
|
defaultHost: passbook.k8s.local
|
||||||
tls: []
|
tls: []
|
||||||
# - secretName: chart-example-tls
|
# - secretName: chart-example-tls
|
||||||
|
|||||||
@ -4,7 +4,7 @@ import os
|
|||||||
import sys
|
import sys
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'passbook.core.settings')
|
os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'passbook.root.settings')
|
||||||
try:
|
try:
|
||||||
from django.core.management import execute_from_command_line
|
from django.core.management import execute_from_command_line
|
||||||
except ImportError as exc:
|
except ImportError as exc:
|
||||||
|
|||||||
@ -1,2 +1,2 @@
|
|||||||
"""passbook"""
|
"""passbook"""
|
||||||
__version__ = '0.0.11-alpha'
|
__version__ = '0.3.0-beta'
|
||||||
|
|||||||
@ -1,2 +0,0 @@
|
|||||||
"""passbook admin"""
|
|
||||||
__version__ = '0.0.11-alpha'
|
|
||||||
|
|||||||
@ -11,7 +11,7 @@ class UserSerializer(ModelSerializer):
|
|||||||
|
|
||||||
class Meta:
|
class Meta:
|
||||||
model = User
|
model = User
|
||||||
fields = ['is_superuser', 'username', 'first_name', 'last_name', 'email', 'date_joined',
|
fields = ['is_superuser', 'username', 'name', 'email', 'date_joined',
|
||||||
'uuid']
|
'uuid']
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
17
passbook/admin/forms/users.py
Normal file
17
passbook/admin/forms/users.py
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
"""passbook administrative user forms"""
|
||||||
|
|
||||||
|
from django import forms
|
||||||
|
|
||||||
|
from passbook.core.models import User
|
||||||
|
|
||||||
|
|
||||||
|
class UserForm(forms.ModelForm):
|
||||||
|
"""Update User Details"""
|
||||||
|
|
||||||
|
class Meta:
|
||||||
|
|
||||||
|
model = User
|
||||||
|
fields = ['username', 'name', 'email', 'is_staff', 'is_active']
|
||||||
|
widgets = {
|
||||||
|
'name': forms.TextInput
|
||||||
|
}
|
||||||
25
passbook/admin/middleware.py
Normal file
25
passbook/admin/middleware.py
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
"""passbook admin Middleware to impersonate users"""
|
||||||
|
|
||||||
|
from passbook.core.models import User
|
||||||
|
|
||||||
|
|
||||||
|
def impersonate(get_response):
|
||||||
|
"""Middleware to impersonate users"""
|
||||||
|
|
||||||
|
def middleware(request):
|
||||||
|
"""Middleware to impersonate users"""
|
||||||
|
|
||||||
|
# User is superuser and has __impersonate ID set
|
||||||
|
if request.user.is_superuser and "__impersonate" in request.GET:
|
||||||
|
request.session['impersonate_id'] = request.GET["__impersonate"]
|
||||||
|
# user wants to stop impersonation
|
||||||
|
elif "__unimpersonate" in request.GET and 'impersonate_id' in request.session:
|
||||||
|
del request.session['impersonate_id']
|
||||||
|
|
||||||
|
# Actually impersonate user
|
||||||
|
if request.user.is_superuser and 'impersonate_id' in request.session:
|
||||||
|
request.user = User.objects.get(pk=request.session['impersonate_id'])
|
||||||
|
|
||||||
|
response = get_response(request)
|
||||||
|
return response
|
||||||
|
return middleware
|
||||||
@ -1,2 +0,0 @@
|
|||||||
django-rest-framework
|
|
||||||
drf_yasg
|
|
||||||
5
passbook/admin/settings.py
Normal file
5
passbook/admin/settings.py
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
"""passbook admin settings"""
|
||||||
|
|
||||||
|
MIDDLEWARE = [
|
||||||
|
'passbook.admin.middleware.impersonate',
|
||||||
|
]
|
||||||
@ -12,7 +12,7 @@
|
|||||||
<h1><span class="pficon-applications"></span> {% trans "Applications" %}</h1>
|
<h1><span class="pficon-applications"></span> {% trans "Applications" %}</h1>
|
||||||
<span>{% trans "External Applications which use passbook as Identity-Provider, utilizing protocols like OAuth2 and SAML." %}</span>
|
<span>{% trans "External Applications which use passbook as Identity-Provider, utilizing protocols like OAuth2 and SAML." %}</span>
|
||||||
<hr>
|
<hr>
|
||||||
<a href="{% url 'passbook_admin:application-create' %}" class="btn btn-primary">
|
<a href="{% url 'passbook_admin:application-create' %}?back={{ request.get_full_path }}" class="btn btn-primary">
|
||||||
{% trans 'Create...' %}
|
{% trans 'Create...' %}
|
||||||
</a>
|
</a>
|
||||||
<hr>
|
<hr>
|
||||||
@ -21,6 +21,7 @@
|
|||||||
<tr>
|
<tr>
|
||||||
<th>{% trans 'Name' %}</th>
|
<th>{% trans 'Name' %}</th>
|
||||||
<th>{% trans 'Provider' %}</th>
|
<th>{% trans 'Provider' %}</th>
|
||||||
|
<th>{% trans 'Provider Type' %}</th>
|
||||||
<th></th>
|
<th></th>
|
||||||
</tr>
|
</tr>
|
||||||
</thead>
|
</thead>
|
||||||
@ -28,7 +29,8 @@
|
|||||||
{% for application in object_list %}
|
{% for application in object_list %}
|
||||||
<tr>
|
<tr>
|
||||||
<td>{{ application.name }}</td>
|
<td>{{ application.name }}</td>
|
||||||
<td>{{ application.provider }}</td>
|
<td>{{ application.get_provider }}</td>
|
||||||
|
<td>{{ application.get_provider|verbose_name }}</td>
|
||||||
<td>
|
<td>
|
||||||
<a class="btn btn-default btn-sm"
|
<a class="btn btn-default btn-sm"
|
||||||
href="{% url 'passbook_admin:application-update' pk=application.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
|
href="{% url 'passbook_admin:application-update' pk=application.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
|
||||||
|
|||||||
@ -4,36 +4,4 @@
|
|||||||
{% load is_active %}
|
{% load is_active %}
|
||||||
|
|
||||||
{% block nav_secondary %}
|
{% block nav_secondary %}
|
||||||
<ul class="nav navbar-nav navbar-persistent">
|
|
||||||
<li class="{% is_active 'passbook_admin:overview' %}">
|
|
||||||
<a href="{% url 'passbook_admin:overview' %}">{% trans 'Overview' %}</a>
|
|
||||||
</li>
|
|
||||||
<li class="{% is_active 'passbook_admin:applications' 'passbook_admin:application-create' 'passbook_admin:application-update' 'passbook_admin:application-delete' %}">
|
|
||||||
<a href="{% url 'passbook_admin:applications' %}">{% trans 'Applications' %}</a>
|
|
||||||
</li>
|
|
||||||
<li class="{% is_active 'passbook_admin:sources' 'passbook_admin:source-create' 'passbook_admin:source-update' 'passbook_admin:source-delete' %}">
|
|
||||||
<a href="{% url 'passbook_admin:sources' %}">{% trans 'Sources' %}</a>
|
|
||||||
</li>
|
|
||||||
<li class="{% is_active 'passbook_admin:providers' 'passbook_admin:provider-create' 'passbook_admin:provider-update' 'passbook_admin:provider-delete' %}">
|
|
||||||
<a href="{% url 'passbook_admin:providers' %}">{% trans 'Providers' %}</a>
|
|
||||||
</li>
|
|
||||||
<li class="{% is_active 'passbook_admin:factors' 'passbook_admin:factor-create' 'passbook_admin:factor-update' 'passbook_admin:factor-delete' %}">
|
|
||||||
<a href="{% url 'passbook_admin:factors' %}">{% trans 'Factors' %}</a>
|
|
||||||
</li>
|
|
||||||
<li class="{% is_active 'passbook_admin:policies' 'passbook_admin:policy-create' 'passbook_admin:policy-update' 'passbook_admin:policy-delete' 'passbook_admin:policy-test' %}">
|
|
||||||
<a href="{% url 'passbook_admin:policies' %}">{% trans 'Policies' %}</a>
|
|
||||||
</li>
|
|
||||||
<li class="{% is_active 'passbook_admin:invitations' 'passbook_admin:invitation-create' 'passbook_admin:invitation-update' 'passbook_admin:invitation-delete' 'passbook_admin:invitation-test' %}">
|
|
||||||
<a href="{% url 'passbook_admin:invitations' %}">{% trans 'Invitations' %}</a>
|
|
||||||
</li>
|
|
||||||
<li class="{% is_active 'passbook_admin:users' 'passbook_admin:user-update' 'passbook_admin:user-delete' %}">
|
|
||||||
<a href="{% url 'passbook_admin:users' %}">{% trans 'Users' %}</a>
|
|
||||||
</li>
|
|
||||||
<li class="{% is_active 'passbook_admin:audit-log' %}">
|
|
||||||
<a href="{% url 'passbook_admin:audit-log' %}">{% trans 'Audit Log' %}</a>
|
|
||||||
</li>
|
|
||||||
<li class="{% is_active_app 'admin' %}">
|
|
||||||
<a href="{% url 'admin:index' %}">{% trans 'Django' %}</a>
|
|
||||||
</li>
|
|
||||||
</ul>
|
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|||||||
31
passbook/admin/templates/administration/debug/request.html
Normal file
31
passbook/admin/templates/administration/debug/request.html
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
{% extends "administration/base.html" %}
|
||||||
|
|
||||||
|
{% load i18n %}
|
||||||
|
{% load utils %}
|
||||||
|
|
||||||
|
{% block title %}
|
||||||
|
{% title %}
|
||||||
|
{% endblock %}
|
||||||
|
|
||||||
|
{% block content %}
|
||||||
|
<div class="container">
|
||||||
|
<h1><span class="pficon-applications"></span> {% trans "Request" %}</h1>
|
||||||
|
<hr>
|
||||||
|
<table class="table table-striped table-bordered">
|
||||||
|
<thead>
|
||||||
|
<tr>
|
||||||
|
<th>{% trans 'Key' %}</th>
|
||||||
|
<th>{% trans 'Value' %}</th>
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
|
{% for key, value in request_dict.items %}
|
||||||
|
<tr>
|
||||||
|
<td>{{ key }}</td>
|
||||||
|
<td>{{ value }}</td>
|
||||||
|
</tr>
|
||||||
|
{% endfor %}
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
</div>
|
||||||
|
{% endblock %}
|
||||||
@ -21,7 +21,7 @@
|
|||||||
<ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
|
<ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
|
||||||
{% for type, name in types.items %}
|
{% for type, name in types.items %}
|
||||||
<li role="presentation"><a role="menuitem" tabindex="-1"
|
<li role="presentation"><a role="menuitem" tabindex="-1"
|
||||||
href="{% url 'passbook_admin:factor-create' %}?type={{ type }}">{{ name }}</a></li>
|
href="{% url 'passbook_admin:factor-create' %}?type={{ type }}&back={{ request.get_full_path }}">{{ name }}</a></li>
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
</ul>
|
</ul>
|
||||||
</div>
|
</div>
|
||||||
@ -40,7 +40,7 @@
|
|||||||
{% for factor in object_list %}
|
{% for factor in object_list %}
|
||||||
<tr>
|
<tr>
|
||||||
<td>{{ factor.name }} ({{ factor.slug }})</td>
|
<td>{{ factor.name }} ({{ factor.slug }})</td>
|
||||||
<td>{{ factor.type }}</td>
|
<td>{{ factor|verbose_name }}</td>
|
||||||
<td>{{ factor.order }}</td>
|
<td>{{ factor.order }}</td>
|
||||||
<td>{{ factor.enabled }}</td>
|
<td>{{ factor.enabled }}</td>
|
||||||
<td>
|
<td>
|
||||||
|
|||||||
45
passbook/admin/templates/administration/group/list.html
Normal file
45
passbook/admin/templates/administration/group/list.html
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
{% extends "administration/base.html" %}
|
||||||
|
|
||||||
|
{% load i18n %}
|
||||||
|
{% load utils %}
|
||||||
|
|
||||||
|
{% block title %}
|
||||||
|
{% title %}
|
||||||
|
{% endblock %}
|
||||||
|
|
||||||
|
{% block content %}
|
||||||
|
<div class="container">
|
||||||
|
<h1><span class="pficon-users"></span> {% trans "Groups" %}</h1>
|
||||||
|
<span>{% trans "Group users together and give them permissions based on the membership." %}</span>
|
||||||
|
<hr>
|
||||||
|
<a href="{% url 'passbook_admin:group-create' %}?back={{ request.get_full_path }}" class="btn btn-primary">
|
||||||
|
{% trans 'Create...' %}
|
||||||
|
</a>
|
||||||
|
<hr>
|
||||||
|
<table class="table table-striped table-bordered">
|
||||||
|
<thead>
|
||||||
|
<tr>
|
||||||
|
<th>{% trans 'Name' %}</th>
|
||||||
|
<th>{% trans 'Parent' %}</th>
|
||||||
|
<th>{% trans 'Members' %}</th>
|
||||||
|
<th></th>
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
|
{% for group in object_list %}
|
||||||
|
<tr>
|
||||||
|
<td>{{ group.name }}</td>
|
||||||
|
<td>{{ group.parent }}</td>
|
||||||
|
<td>{{ group.user_set.all|length }}</td>
|
||||||
|
<td>
|
||||||
|
<a class="btn btn-default btn-sm"
|
||||||
|
href="{% url 'passbook_admin:group-update' pk=group.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
|
||||||
|
<a class="btn btn-default btn-sm"
|
||||||
|
href="{% url 'passbook_admin:group-delete' pk=group.uuid %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
{% endfor %}
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
</div>
|
||||||
|
{% endblock %}
|
||||||
@ -1,83 +0,0 @@
|
|||||||
{% extends "administration/base.html" %}
|
|
||||||
|
|
||||||
{% load i18n %}
|
|
||||||
{% load static %}
|
|
||||||
{% load utils %}
|
|
||||||
|
|
||||||
{% block head %}
|
|
||||||
{{ block.super }}
|
|
||||||
<link rel="stylesheet" href="{% static 'css/bootstrap-treeview.min.css'%}">
|
|
||||||
{% endblock %}
|
|
||||||
|
|
||||||
{% block scripts %}
|
|
||||||
{{ block.super }}
|
|
||||||
<script src="{% static 'js/bootstrap-treeview.min.js' %}"></script>
|
|
||||||
<script>
|
|
||||||
var cleanupData = function (obj) {
|
|
||||||
return {
|
|
||||||
text: obj.name,
|
|
||||||
href: '?group=' + obj.uuid,
|
|
||||||
nodes: obj.children.map(cleanupData),
|
|
||||||
};
|
|
||||||
}
|
|
||||||
$(function() {
|
|
||||||
var apiUrl = "{% url 'passbook_admin:group-list' %}?format=json";
|
|
||||||
$.ajax({
|
|
||||||
url: apiUrl,
|
|
||||||
}).done(function(data) {
|
|
||||||
$('#treeview1').treeview({
|
|
||||||
collapseIcon: "fa fa-angle-down",
|
|
||||||
data: data.map(cleanupData),
|
|
||||||
expandIcon: "fa fa-angle-right",
|
|
||||||
nodeIcon: "fa pficon-users",
|
|
||||||
showBorder: true,
|
|
||||||
enableLinks: true,
|
|
||||||
onNodeSelected: function (event, node) {
|
|
||||||
window.location.href = node.href;
|
|
||||||
}
|
|
||||||
});
|
|
||||||
});
|
|
||||||
});
|
|
||||||
</script>
|
|
||||||
{% endblock %}
|
|
||||||
|
|
||||||
{% block title %}
|
|
||||||
{% title %}
|
|
||||||
{% endblock %}
|
|
||||||
|
|
||||||
{% block content %}
|
|
||||||
<div class="col-md-3">
|
|
||||||
<div id="treeview1" class="treeview">
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
<div class="col-md-9">
|
|
||||||
<h1>{% trans "Invitations" %}</h1>
|
|
||||||
<a href="{% url 'passbook_admin:invitation-create' %}" class="btn btn-primary">
|
|
||||||
{% trans 'Create...' %}
|
|
||||||
</a>
|
|
||||||
<hr>
|
|
||||||
<table class="table table-striped table-bordered">
|
|
||||||
<thead>
|
|
||||||
<tr>
|
|
||||||
<th>{% trans 'Expiry' %}</th>
|
|
||||||
<th>{% trans 'Link' %}</th>
|
|
||||||
<th></th>
|
|
||||||
</tr>
|
|
||||||
</thead>
|
|
||||||
<tbody>
|
|
||||||
{% for invitation in object_list %}
|
|
||||||
<tr>
|
|
||||||
<td>{{ invitation.expires|default:"Never" }}</td>
|
|
||||||
<td>
|
|
||||||
<pre>{{ invitation.link }}</pre>
|
|
||||||
</td>
|
|
||||||
<td>
|
|
||||||
<a class="btn btn-default btn-sm" href="{% url 'passbook_admin:invitation-delete' pk=invitation.uuid %}?back={{ request.get_full_path }}">{%
|
|
||||||
trans 'Delete' %}</a>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
{% endfor %}
|
|
||||||
</tbody>
|
|
||||||
</table>
|
|
||||||
</div>
|
|
||||||
{% endblock %}
|
|
||||||
@ -12,7 +12,7 @@
|
|||||||
<h1><span class="pficon-migration"></span> {% trans "Invitations" %}</h1>
|
<h1><span class="pficon-migration"></span> {% trans "Invitations" %}</h1>
|
||||||
<span>{% trans "Create Invitation Links which optionally force a username or expire on a set date." %}</span>
|
<span>{% trans "Create Invitation Links which optionally force a username or expire on a set date." %}</span>
|
||||||
<hr>
|
<hr>
|
||||||
<a href="{% url 'passbook_admin:invitation-create' %}" class="btn btn-primary">
|
<a href="{% url 'passbook_admin:invitation-create' %}?back={{ request.get_full_path }}" class="btn btn-primary">
|
||||||
{% trans 'Create...' %}
|
{% trans 'Create...' %}
|
||||||
</a>
|
</a>
|
||||||
<hr>
|
<hr>
|
||||||
|
|||||||
@ -54,7 +54,11 @@
|
|||||||
<p class="card-pf-aggregate-status-notifications">
|
<p class="card-pf-aggregate-status-notifications">
|
||||||
<span class="card-pf-aggregate-status-notification">
|
<span class="card-pf-aggregate-status-notification">
|
||||||
<a href="{% url 'passbook_admin:providers' %}">
|
<a href="{% url 'passbook_admin:providers' %}">
|
||||||
<span class="pficon pficon-ok"></span>{{ provider_count }}
|
{% if providers_without_application.exists %}
|
||||||
|
<span class="pficon-warning-triangle-o" data-toggle="tooltip" data-placement="right" title="{% trans 'Warning: At least one Provider has no application assigned.' %}"></span> {{ provider_count }}
|
||||||
|
{% else %}
|
||||||
|
<span class="pficon pficon-ok"></span> {{ provider_count }}
|
||||||
|
{% endif %}
|
||||||
</a>
|
</a>
|
||||||
</span>
|
</span>
|
||||||
</p>
|
</p>
|
||||||
@ -72,9 +76,13 @@
|
|||||||
<div class="card-pf-body">
|
<div class="card-pf-body">
|
||||||
<p class="card-pf-aggregate-status-notifications">
|
<p class="card-pf-aggregate-status-notifications">
|
||||||
<span class="card-pf-aggregate-status-notification">
|
<span class="card-pf-aggregate-status-notification">
|
||||||
<a href="{% url 'passbook_admin:factors' %}">
|
{% if factor_count < 1 %}
|
||||||
<span class="pficon pficon-ok"></span>{{ factor_count }}
|
<span class="pficon-error-circle-o" data-toggle="tooltip" data-placement="right"
|
||||||
</a>
|
title="{% trans 'No Factors configured. No Users will be able to login.' %}"></span>
|
||||||
|
{{ factor_count }}
|
||||||
|
{% else %}
|
||||||
|
<span class="pficon pficon-ok"></span>{{ factor_count }}
|
||||||
|
{% endif %}
|
||||||
</span>
|
</span>
|
||||||
</p>
|
</p>
|
||||||
</div>
|
</div>
|
||||||
@ -91,9 +99,13 @@
|
|||||||
<div class="card-pf-body">
|
<div class="card-pf-body">
|
||||||
<p class="card-pf-aggregate-status-notifications">
|
<p class="card-pf-aggregate-status-notifications">
|
||||||
<span class="card-pf-aggregate-status-notification">
|
<span class="card-pf-aggregate-status-notification">
|
||||||
<a href="{% url 'passbook_admin:policies' %}">
|
{% if policies_without_attachment > 0 %}
|
||||||
<span class="pficon pficon-ok"></span>{{ policy_count }}
|
<span class="pficon-warning-triangle-o" data-toggle="tooltip" data-placement="right"
|
||||||
</a>
|
title="{% trans 'Policies without attachment exist.' %}"></span>
|
||||||
|
{{ policy_count }}
|
||||||
|
{% else %}
|
||||||
|
<span class="pficon pficon-ok"></span>{{ policy_count }}
|
||||||
|
{% endif %}
|
||||||
</span>
|
</span>
|
||||||
</p>
|
</p>
|
||||||
</div>
|
</div>
|
||||||
@ -140,10 +152,8 @@
|
|||||||
<div class="col-xs-6 col-sm-2 col-md-2">
|
<div class="col-xs-6 col-sm-2 col-md-2">
|
||||||
<div class="card-pf card-pf-accented card-pf-aggregate-status">
|
<div class="card-pf card-pf-accented card-pf-aggregate-status">
|
||||||
<h2 class="card-pf-title">
|
<h2 class="card-pf-title">
|
||||||
<a href="#">
|
<span class="pficon-bundle"></span>
|
||||||
<span class="pficon-bundle"></span>
|
<span class="card-pf-aggregate-status-count"></span> {% trans 'Version' %}
|
||||||
<span class="card-pf-aggregate-status-count"></span> {% trans 'Version' %}
|
|
||||||
</a>
|
|
||||||
</h2>
|
</h2>
|
||||||
<div class="card-pf-body">
|
<div class="card-pf-body">
|
||||||
<p class="card-pf-aggregate-status-notifications">
|
<p class="card-pf-aggregate-status-notifications">
|
||||||
@ -168,7 +178,34 @@
|
|||||||
<p class="card-pf-aggregate-status-notifications">
|
<p class="card-pf-aggregate-status-notifications">
|
||||||
<span class="card-pf-aggregate-status-notification">
|
<span class="card-pf-aggregate-status-notification">
|
||||||
<a href="#">
|
<a href="#">
|
||||||
|
{% if worker_count < 1%}
|
||||||
|
<span class="pficon-error-circle-o" data-toggle="tooltip" data-placement="right"
|
||||||
|
title="{% trans 'No workers connected. Policies will not work and you may expect other issues.' %}"></span> {{ worker_count }}
|
||||||
|
{% else %}
|
||||||
<span class="pficon pficon-ok"></span>{{ worker_count }}
|
<span class="pficon pficon-ok"></span>{{ worker_count }}
|
||||||
|
{% endif %}
|
||||||
|
</a>
|
||||||
|
</span>
|
||||||
|
</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="col-xs-6 col-sm-2 col-md-2">
|
||||||
|
<div class="card-pf card-pf-accented card-pf-aggregate-status">
|
||||||
|
<h2 class="card-pf-title">
|
||||||
|
<span class="pficon-server"></span>
|
||||||
|
<span class="card-pf-aggregate-status-count"></span> {% trans 'Cached Policies' %}
|
||||||
|
</h2>
|
||||||
|
<div class="card-pf-body">
|
||||||
|
<p class="card-pf-aggregate-status-notifications">
|
||||||
|
<span class="card-pf-aggregate-status-notification">
|
||||||
|
<a href="#" data-toggle="modal" data-target="#clearCacheMOdal">
|
||||||
|
{% if cached_policies < 1 %}
|
||||||
|
<span class="pficon-warning-triangle-o" data-toggle="tooltip" data-placement="right"
|
||||||
|
title="{% trans 'No policies cached. Users may experience slow response times.' %}"></span> {{ cached_policies }}
|
||||||
|
{% else %}
|
||||||
|
<span class="pficon pficon-ok"></span>{{ cached_policies }}
|
||||||
|
{% endif %}
|
||||||
</a>
|
</a>
|
||||||
</span>
|
</span>
|
||||||
</p>
|
</p>
|
||||||
@ -176,4 +213,36 @@
|
|||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
<div class="modal fade" id="clearCacheMOdal" tabindex="-1" role="dialog" aria-labelledby="clearCacheMOdalLabel" aria-hidden="true">
|
||||||
|
<div class="modal-dialog">
|
||||||
|
<div class="modal-content">
|
||||||
|
<div class="modal-header">
|
||||||
|
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">
|
||||||
|
<span class="pficon pficon-close"></span>
|
||||||
|
</button>
|
||||||
|
<h4 class="modal-title" id="clearCacheMOdalLabel">{% trans 'Clear Cache' %}</h4>
|
||||||
|
</div>
|
||||||
|
<div class="modal-body">
|
||||||
|
<form method="post" id="clearForm">
|
||||||
|
{% csrf_token %}
|
||||||
|
<input type="hidden" name="clear">
|
||||||
|
<p>
|
||||||
|
{% blocktrans %}
|
||||||
|
Are you sure you want to clear the cache? This includes all user sessions and all cached Policy results.
|
||||||
|
{% endblocktrans %}
|
||||||
|
</p>
|
||||||
|
<h3>
|
||||||
|
{% blocktrans %}
|
||||||
|
This will also log you out.
|
||||||
|
{% endblocktrans %}
|
||||||
|
</h3>
|
||||||
|
</form>
|
||||||
|
</div>
|
||||||
|
<div class="modal-footer">
|
||||||
|
<button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
|
||||||
|
<button form="clearForm" type="submit" type="button" class="btn btn-danger">{% trans 'Clear' %}</button>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|||||||
@ -20,7 +20,7 @@
|
|||||||
<ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
|
<ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
|
||||||
{% for type, name in types.items %}
|
{% for type, name in types.items %}
|
||||||
<li role="presentation"><a role="menuitem" tabindex="-1"
|
<li role="presentation"><a role="menuitem" tabindex="-1"
|
||||||
href="{% url 'passbook_admin:policy-create' %}?type={{ type }}">{{ name }}</a></li>
|
href="{% url 'passbook_admin:policy-create' %}?type={{ type }}&back={{ request.get_full_path }}">{{ name }}</a></li>
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
</ul>
|
</ul>
|
||||||
</div>
|
</div>
|
||||||
@ -28,16 +28,24 @@
|
|||||||
<table class="table table-striped table-bordered">
|
<table class="table table-striped table-bordered">
|
||||||
<thead>
|
<thead>
|
||||||
<tr>
|
<tr>
|
||||||
|
<th></th>
|
||||||
<th>{% trans 'Name' %}</th>
|
<th>{% trans 'Name' %}</th>
|
||||||
<th>{% trans 'Class' %}</th>
|
<th>{% trans 'Type' %}</th>
|
||||||
<th></th>
|
<th></th>
|
||||||
</tr>
|
</tr>
|
||||||
</thead>
|
</thead>
|
||||||
<tbody>
|
<tbody>
|
||||||
{% for policy in object_list %}
|
{% for policy in object_list %}
|
||||||
<tr>
|
<tr {% if not policy.policymodel_set.exists %} class="warning" {% endif %}>
|
||||||
|
<th>
|
||||||
|
{% if not policy.policymodel_set.exists %}
|
||||||
|
<span class="pficon-warning-triangle-o" data-toggle="tooltip" data-placement="right" title="{% trans 'Warning: Policy is not assigned.' %}"></span>
|
||||||
|
{% else %}
|
||||||
|
<span class="pficon-ok" data-toggle="tooltip" data-placement="right" title="{% blocktrans with objects=policy.policymodel_set.all|join:', ' %}Assigned to objects {{ objects }}{% endblocktrans %}"></span>
|
||||||
|
{% endif %}
|
||||||
|
</th>
|
||||||
<td>{{ policy.name }}</td>
|
<td>{{ policy.name }}</td>
|
||||||
<td>{{ policy|fieldtype }}</td>
|
<td>{{ policy|verbose_name }}</td>
|
||||||
<td>
|
<td>
|
||||||
<a class="btn btn-default btn-sm"
|
<a class="btn btn-default btn-sm"
|
||||||
href="{% url 'passbook_admin:policy-update' pk=policy.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
|
href="{% url 'passbook_admin:policy-update' pk=policy.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
|
||||||
|
|||||||
@ -5,3 +5,22 @@
|
|||||||
{% block above_form %}
|
{% block above_form %}
|
||||||
<h1>{% blocktrans with policy=policy %}Test policy {{ policy }}{% endblocktrans %}</h1>
|
<h1>{% blocktrans with policy=policy %}Test policy {{ policy }}{% endblocktrans %}</h1>
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
||||||
|
{% block action %}
|
||||||
|
{% trans 'Test' %}
|
||||||
|
{% endblock %}
|
||||||
|
|
||||||
|
{% block beneath_form %}
|
||||||
|
<p class="loading" style="display: none;">
|
||||||
|
<span class="spinner spinner-xs spinner-inline"></span> {% trans 'Processing, please wait...' %}
|
||||||
|
</p>
|
||||||
|
{% endblock %}
|
||||||
|
|
||||||
|
{% block scripts %}
|
||||||
|
{{ block.super }}
|
||||||
|
<script>
|
||||||
|
$('form').on('submit', function () {
|
||||||
|
$('p.loading').show();
|
||||||
|
})
|
||||||
|
</script>
|
||||||
|
{% endblock %}
|
||||||
|
|||||||
@ -0,0 +1,52 @@
|
|||||||
|
{% extends "administration/base.html" %}
|
||||||
|
|
||||||
|
{% load i18n %}
|
||||||
|
{% load utils %}
|
||||||
|
|
||||||
|
{% block title %}
|
||||||
|
{% title %}
|
||||||
|
{% endblock %}
|
||||||
|
|
||||||
|
{% block content %}
|
||||||
|
<div class="container">
|
||||||
|
<h1><span class="fa fa-table"></span> {% trans "Property Mappings" %}</h1>
|
||||||
|
<span>{% trans "Property Mappings allow you expose provider-specific attributes." %}</span>
|
||||||
|
<hr>
|
||||||
|
<div class="dropdown">
|
||||||
|
<button class="btn btn-primary dropdown-toggle" type="button" id="createDropdown" data-toggle="dropdown">
|
||||||
|
{% trans 'Create...' %}
|
||||||
|
<span class="caret"></span>
|
||||||
|
</button>
|
||||||
|
<ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
|
||||||
|
{% for type, name in types.items %}
|
||||||
|
<li role="presentation"><a role="menuitem" tabindex="-1"
|
||||||
|
href="{% url 'passbook_admin:property-mapping-create' %}?type={{ type }}&back={{ request.get_full_path }}">{{ name }}</a></li>
|
||||||
|
{% endfor %}
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
<hr>
|
||||||
|
<table class="table table-striped table-bordered">
|
||||||
|
<thead>
|
||||||
|
<tr>
|
||||||
|
<th>{% trans 'Name' %}</th>
|
||||||
|
<th>{% trans 'Type' %}</th>
|
||||||
|
<th></th>
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
|
{% for property_mapping in object_list %}
|
||||||
|
<tr>
|
||||||
|
<td>{{ property_mapping.name }}</td>
|
||||||
|
<td>{{ property_mapping|verbose_name }}</td>
|
||||||
|
<td>
|
||||||
|
<a class="btn btn-default btn-sm"
|
||||||
|
href="{% url 'passbook_admin:property-mapping-update' pk=property_mapping.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
|
||||||
|
<a class="btn btn-default btn-sm"
|
||||||
|
href="{% url 'passbook_admin:property-mapping-delete' pk=property_mapping.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
{% endfor %}
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
</div>
|
||||||
|
{% endblock %}
|
||||||
@ -21,7 +21,7 @@
|
|||||||
<ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
|
<ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
|
||||||
{% for type, name in types.items %}
|
{% for type, name in types.items %}
|
||||||
<li role="presentation"><a role="menuitem" tabindex="-1"
|
<li role="presentation"><a role="menuitem" tabindex="-1"
|
||||||
href="{% url 'passbook_admin:provider-create' %}?type={{ type }}">{{ name }}</a></li>
|
href="{% url 'passbook_admin:provider-create' %}?type={{ type }}&back={{ request.get_full_path }}">{{ name }}</a></li>
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
</ul>
|
</ul>
|
||||||
</div>
|
</div>
|
||||||
@ -29,16 +29,24 @@
|
|||||||
<table class="table table-striped table-bordered">
|
<table class="table table-striped table-bordered">
|
||||||
<thead>
|
<thead>
|
||||||
<tr>
|
<tr>
|
||||||
|
<th></th>
|
||||||
<th>{% trans 'Name' %}</th>
|
<th>{% trans 'Name' %}</th>
|
||||||
<th>{% trans 'Class' %}</th>
|
<th>{% trans 'Type' %}</th>
|
||||||
<th></th>
|
<th></th>
|
||||||
</tr>
|
</tr>
|
||||||
</thead>
|
</thead>
|
||||||
<tbody>
|
<tbody>
|
||||||
{% for provider in object_list %}
|
{% for provider in object_list %}
|
||||||
<tr>
|
<tr {% if not provider.application %} class="warning" {% endif %}>
|
||||||
|
<th>
|
||||||
|
{% if not provider.application %}
|
||||||
|
<span class="pficon-warning-triangle-o" data-toggle="tooltip" data-placement="right" title="{% trans 'Warning: Provider has no application assigned.' %}"></span>
|
||||||
|
{% else %}
|
||||||
|
<span class="pficon-ok" data-toggle="tooltip" data-placement="right" title="{% blocktrans with app=provider.application %}Assigned to Application {{ app }}{% endblocktrans %}"></span>
|
||||||
|
{% endif %}
|
||||||
|
</th>
|
||||||
<td>{{ provider.name }}</td>
|
<td>{{ provider.name }}</td>
|
||||||
<td>{{ provider|fieldtype }}</td>
|
<td>{{ provider|verbose_name }}</td>
|
||||||
<td>
|
<td>
|
||||||
<a class="btn btn-default btn-sm"
|
<a class="btn btn-default btn-sm"
|
||||||
href="{% url 'passbook_admin:provider-update' pk=provider.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
|
href="{% url 'passbook_admin:provider-update' pk=provider.pk %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
|
||||||
@ -49,6 +57,10 @@
|
|||||||
<a class="btn btn-default btn-sm"
|
<a class="btn btn-default btn-sm"
|
||||||
href="{{ href }}?back={{ request.get_full_path }}">{% trans name %}</a>
|
href="{{ href }}?back={{ request.get_full_path }}">{% trans name %}</a>
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
{% get_htmls provider as htmls %}
|
||||||
|
{% for html in htmls %}
|
||||||
|
{{ html|safe }}
|
||||||
|
{% endfor %}
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|||||||
@ -17,7 +17,7 @@
|
|||||||
<ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
|
<ul class="dropdown-menu" role="menu" aria-labelledby="createDropdown">
|
||||||
{% for type, name in types.items %}
|
{% for type, name in types.items %}
|
||||||
<li role="presentation"><a role="menuitem" tabindex="-1"
|
<li role="presentation"><a role="menuitem" tabindex="-1"
|
||||||
href="{% url 'passbook_admin:source-create' %}?type={{ type }}">{{ name }}</a></li>
|
href="{% url 'passbook_admin:source-create' %}?type={{ type }}&back={{ request.get_full_path }}">{{ name }}</a></li>
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
</ul>
|
</ul>
|
||||||
</div>
|
</div>
|
||||||
@ -36,7 +36,7 @@
|
|||||||
<tr>
|
<tr>
|
||||||
<td>{{ source.name }}</td>
|
<td>{{ source.name }}</td>
|
||||||
<td>{{ source|fieldtype }}</td>
|
<td>{{ source|fieldtype }}</td>
|
||||||
<td>{{ source.additional_info }}</td>
|
<td>{{ source.additional_info|safe }}</td>
|
||||||
<td>
|
<td>
|
||||||
<a class="btn btn-default btn-sm"
|
<a class="btn btn-default btn-sm"
|
||||||
href="{% url 'passbook_admin:source-update' pk=source.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
|
href="{% url 'passbook_admin:source-update' pk=source.uuid %}?back={{ request.get_full_path }}">{% trans 'Edit' %}</a>
|
||||||
|
|||||||
@ -11,8 +11,7 @@
|
|||||||
<thead>
|
<thead>
|
||||||
<tr>
|
<tr>
|
||||||
<th>{% trans 'Username' %}</th>
|
<th>{% trans 'Username' %}</th>
|
||||||
<th>{% trans 'First Name' %}</th>
|
<th>{% trans 'Name' %}</th>
|
||||||
<th>{% trans 'Last Name' %}</th>
|
|
||||||
<th>{% trans 'Active' %}</th>
|
<th>{% trans 'Active' %}</th>
|
||||||
<th>{% trans 'Last Login' %}</th>
|
<th>{% trans 'Last Login' %}</th>
|
||||||
<th></th>
|
<th></th>
|
||||||
@ -22,8 +21,7 @@
|
|||||||
{% for user in object_list %}
|
{% for user in object_list %}
|
||||||
<tr>
|
<tr>
|
||||||
<td>{{ user.username }}</td>
|
<td>{{ user.username }}</td>
|
||||||
<td>{{ user.first_name|default:'-' }}</td>
|
<td>{{ user.name|default:'-' }}</td>
|
||||||
<td>{{ user.last_name|default:'-' }}</td>
|
|
||||||
<td>{{ user.is_active }}</td>
|
<td>{{ user.is_active }}</td>
|
||||||
<td>{{ user.last_login }}</td>
|
<td>{{ user.last_login }}</td>
|
||||||
<td>
|
<td>
|
||||||
@ -33,6 +31,8 @@
|
|||||||
href="{% url 'passbook_admin:user-delete' pk=user.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
|
href="{% url 'passbook_admin:user-delete' pk=user.pk %}?back={{ request.get_full_path }}">{% trans 'Delete' %}</a>
|
||||||
<a class="btn btn-default btn-sm"
|
<a class="btn btn-default btn-sm"
|
||||||
href="{% url 'passbook_admin:user-password-reset' pk=user.pk %}?back={{ request.get_full_path }}">{% trans 'Reset Password' %}</a>
|
href="{% url 'passbook_admin:user-password-reset' pk=user.pk %}?back={{ request.get_full_path }}">{% trans 'Reset Password' %}</a>
|
||||||
|
<a class="btn btn-default btn-sm"
|
||||||
|
href="{% url 'passbook_core:overview' %}?__impersonate={{ user.pk }}">{% trans 'Impersonate' %}</a>
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|||||||
@ -1,11 +1,12 @@
|
|||||||
{% extends "generic/form.html" %}
|
{% extends "generic/form.html" %}
|
||||||
|
|
||||||
|
{% load utils %}
|
||||||
{% load i18n %}
|
{% load i18n %}
|
||||||
|
|
||||||
{% block above_form %}
|
{% block above_form %}
|
||||||
<h1>{% trans 'Create' %}</h1>
|
<h1>{% blocktrans with type=form|form_verbose_name %}Create {{ type }}{% endblocktrans %}</h1>
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
||||||
{% block action %}
|
{% block action %}
|
||||||
{% trans 'Create' %}
|
{% blocktrans with type=form|form_verbose_name %}Create {{ type }}{% endblocktrans %}
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|||||||
@ -1,11 +0,0 @@
|
|||||||
{% extends "generic/create.html" %}
|
|
||||||
|
|
||||||
{% load i18n %}
|
|
||||||
|
|
||||||
{% block title %}
|
|
||||||
{% blocktrans with type=request.GET.type %}Create {{ type }}{% endblocktrans %}
|
|
||||||
{% endblock %}
|
|
||||||
|
|
||||||
{% block above_form %}
|
|
||||||
<h1>{% blocktrans with type=request.GET.type %}Create {{ type }}{% endblocktrans %}</h1>
|
|
||||||
{% endblock %}
|
|
||||||
@ -2,6 +2,21 @@
|
|||||||
|
|
||||||
{% load i18n %}
|
{% load i18n %}
|
||||||
{% load utils %}
|
{% load utils %}
|
||||||
|
{% load static %}
|
||||||
|
|
||||||
|
{% block head %}
|
||||||
|
{{ block.super }}
|
||||||
|
{{ form.media.css }}
|
||||||
|
<script type="text/javascript" src="{% url 'admin:jsi18n' %}"></script>
|
||||||
|
<script type="text/javascript" src="{% static 'admin/js/vendor/jquery/jquery.js' %}"></script>
|
||||||
|
<script type="text/javascript" src="{% static 'admin/js/jquery.init.js' %}"></script>
|
||||||
|
<script type="text/javascript" src="{% static 'admin/js/core.js' %}"></script>
|
||||||
|
<script type="text/javascript" src="{% static 'admin/js/actions.js' %}"></script>
|
||||||
|
<script type="text/javascript" src="{% static 'admin/js/urlify.js' %}"></script>
|
||||||
|
<script type="text/javascript" src="{% static 'admin/js/prepopulate.js' %}"></script>
|
||||||
|
<script type="text/javascript" src="{% static 'admin/js/SelectBox.js' %}"></script>
|
||||||
|
<script type="text/javascript" src="{% static 'admin/js/SelectFilter2.js' %}"></script>
|
||||||
|
{% endblock %}
|
||||||
|
|
||||||
{% block content %}
|
{% block content %}
|
||||||
<div class="container">
|
<div class="container">
|
||||||
@ -14,5 +29,12 @@
|
|||||||
<input type="submit" class="btn btn-primary" value="{% block action %}{% endblock %}" />
|
<input type="submit" class="btn btn-primary" value="{% block action %}{% endblock %}" />
|
||||||
</form>
|
</form>
|
||||||
</div>
|
</div>
|
||||||
|
{% block beneath_form %}
|
||||||
|
{% endblock %}
|
||||||
</div>
|
</div>
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
||||||
|
{% block scripts %}
|
||||||
|
{{ block.super }}
|
||||||
|
{{ form.media.js }}
|
||||||
|
{% endblock %}
|
||||||
|
|||||||
@ -1,11 +1,12 @@
|
|||||||
{% extends "generic/form.html" %}
|
{% extends "generic/form.html" %}
|
||||||
|
|
||||||
|
{% load utils %}
|
||||||
{% load i18n %}
|
{% load i18n %}
|
||||||
|
|
||||||
{% block above_form %}
|
{% block above_form %}
|
||||||
<h1>{% trans 'Update' %}</h1>
|
<h1>{% blocktrans with type=form|form_verbose_name %}Update {{ type }}{% endblocktrans %}</h1>
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
||||||
{% block action %}
|
{% block action %}
|
||||||
{% trans 'Update' %}
|
{% blocktrans with type=form|form_verbose_name %}Update {{ type }}{% endblocktrans %}
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|||||||
@ -1,12 +1,14 @@
|
|||||||
"""passbook admin templatetags"""
|
"""passbook admin templatetags"""
|
||||||
import inspect
|
import inspect
|
||||||
from logging import getLogger
|
|
||||||
|
|
||||||
from django import template
|
from django import template
|
||||||
from django.db.models import Model
|
from django.db.models import Model
|
||||||
|
from structlog import get_logger
|
||||||
|
|
||||||
|
from passbook.lib.utils.template import render_to_string
|
||||||
|
|
||||||
register = template.Library()
|
register = template.Library()
|
||||||
LOGGER = getLogger(__name__)
|
LOGGER = get_logger(__name__)
|
||||||
|
|
||||||
@register.simple_tag()
|
@register.simple_tag()
|
||||||
def get_links(model_instance):
|
def get_links(model_instance):
|
||||||
@ -29,3 +31,24 @@ def get_links(model_instance):
|
|||||||
pass
|
pass
|
||||||
|
|
||||||
return links
|
return links
|
||||||
|
|
||||||
|
|
||||||
|
@register.simple_tag(takes_context=True)
|
||||||
|
def get_htmls(context, model_instance):
|
||||||
|
"""Find all html_ methods on an object instance, run them and return as dict"""
|
||||||
|
prefix = 'html_'
|
||||||
|
htmls = []
|
||||||
|
|
||||||
|
if not isinstance(model_instance, Model):
|
||||||
|
LOGGER.warning("Model %s is not instance of Model", model_instance)
|
||||||
|
return htmls
|
||||||
|
|
||||||
|
try:
|
||||||
|
for name, method in inspect.getmembers(model_instance, predicate=inspect.ismethod):
|
||||||
|
if name.startswith(prefix):
|
||||||
|
template, _context = method(context.get('request'))
|
||||||
|
htmls.append(render_to_string(template, _context))
|
||||||
|
except NotImplementedError:
|
||||||
|
pass
|
||||||
|
|
||||||
|
return htmls
|
||||||
|
|||||||
@ -1,9 +1,9 @@
|
|||||||
"""passbook URL Configuration"""
|
"""passbook URL Configuration"""
|
||||||
from django.urls import include, path
|
from django.urls import include, path
|
||||||
|
|
||||||
from passbook.admin.views import (applications, audit, factors, groups,
|
from passbook.admin.views import (applications, audit, debug, factors, groups,
|
||||||
invitations, overview, policy, providers,
|
invitations, overview, policy,
|
||||||
sources, users)
|
property_mapping, providers, sources, users)
|
||||||
|
|
||||||
urlpatterns = [
|
urlpatterns = [
|
||||||
path('', overview.AdministrationOverviewView.as_view(), name='overview'),
|
path('', overview.AdministrationOverviewView.as_view(), name='overview'),
|
||||||
@ -43,6 +43,15 @@ urlpatterns = [
|
|||||||
factors.FactorUpdateView.as_view(), name='factor-update'),
|
factors.FactorUpdateView.as_view(), name='factor-update'),
|
||||||
path('factors/<uuid:pk>/delete/',
|
path('factors/<uuid:pk>/delete/',
|
||||||
factors.FactorDeleteView.as_view(), name='factor-delete'),
|
factors.FactorDeleteView.as_view(), name='factor-delete'),
|
||||||
|
# Factors
|
||||||
|
path('property-mappings/', property_mapping.PropertyMappingListView.as_view(),
|
||||||
|
name='property-mappings'),
|
||||||
|
path('property-mappings/create/',
|
||||||
|
property_mapping.PropertyMappingCreateView.as_view(), name='property-mapping-create'),
|
||||||
|
path('property-mappings/<uuid:pk>/update/',
|
||||||
|
property_mapping.PropertyMappingUpdateView.as_view(), name='property-mapping-update'),
|
||||||
|
path('property-mappings/<uuid:pk>/delete/',
|
||||||
|
property_mapping.PropertyMappingDeleteView.as_view(), name='property-mapping-delete'),
|
||||||
# Invitations
|
# Invitations
|
||||||
path('invitations/', invitations.InvitationListView.as_view(), name='invitations'),
|
path('invitations/', invitations.InvitationListView.as_view(), name='invitations'),
|
||||||
path('invitations/create/',
|
path('invitations/create/',
|
||||||
@ -58,10 +67,17 @@ urlpatterns = [
|
|||||||
users.UserDeleteView.as_view(), name='user-delete'),
|
users.UserDeleteView.as_view(), name='user-delete'),
|
||||||
path('users/<int:pk>/reset/',
|
path('users/<int:pk>/reset/',
|
||||||
users.UserPasswordResetView.as_view(), name='user-password-reset'),
|
users.UserPasswordResetView.as_view(), name='user-password-reset'),
|
||||||
|
# Groups
|
||||||
|
path('group/', groups.GroupListView.as_view(), name='group'),
|
||||||
|
path('group/create/', groups.GroupCreateView.as_view(), name='group-create'),
|
||||||
|
path('group/<uuid:pk>/update/', groups.GroupUpdateView.as_view(), name='group-update'),
|
||||||
|
path('group/<uuid:pk>/delete/', groups.GroupDeleteView.as_view(), name='group-delete'),
|
||||||
# Audit Log
|
# Audit Log
|
||||||
path('audit/', audit.AuditEntryListView.as_view(), name='audit-log'),
|
path('audit/', audit.AuditEntryListView.as_view(), name='audit-log'),
|
||||||
# Groups
|
# Groups
|
||||||
path('groups/', groups.GroupListView.as_view(), name='groups'),
|
path('groups/', groups.GroupListView.as_view(), name='groups'),
|
||||||
# API
|
# API
|
||||||
path('api/', include('passbook.admin.api.urls'))
|
path('api/', include('passbook.admin.api.urls')),
|
||||||
|
# Debug
|
||||||
|
path('debug/request/', debug.DebugRequestView.as_view(), name='debug-request'),
|
||||||
]
|
]
|
||||||
|
|||||||
@ -14,6 +14,7 @@ class ApplicationListView(AdminRequiredMixin, ListView):
|
|||||||
"""Show list of all applications"""
|
"""Show list of all applications"""
|
||||||
|
|
||||||
model = Application
|
model = Application
|
||||||
|
ordering = 'name'
|
||||||
template_name = 'administration/application/list.html'
|
template_name = 'administration/application/list.html'
|
||||||
|
|
||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
@ -29,6 +30,10 @@ class ApplicationCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView)
|
|||||||
success_url = reverse_lazy('passbook_admin:applications')
|
success_url = reverse_lazy('passbook_admin:applications')
|
||||||
success_message = _('Successfully created Application')
|
success_message = _('Successfully created Application')
|
||||||
|
|
||||||
|
def get_context_data(self, **kwargs):
|
||||||
|
kwargs['type'] = 'Application'
|
||||||
|
return super().get_context_data(**kwargs)
|
||||||
|
|
||||||
|
|
||||||
class ApplicationUpdateView(SuccessMessageMixin, AdminRequiredMixin, UpdateView):
|
class ApplicationUpdateView(SuccessMessageMixin, AdminRequiredMixin, UpdateView):
|
||||||
"""Update application"""
|
"""Update application"""
|
||||||
|
|||||||
17
passbook/admin/views/debug.py
Normal file
17
passbook/admin/views/debug.py
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
"""passbook administration debug views"""
|
||||||
|
|
||||||
|
from django.views.generic import TemplateView
|
||||||
|
|
||||||
|
from passbook.admin.mixins import AdminRequiredMixin
|
||||||
|
|
||||||
|
|
||||||
|
class DebugRequestView(AdminRequiredMixin, TemplateView):
|
||||||
|
"""Show debug info about request"""
|
||||||
|
|
||||||
|
template_name = 'administration/debug/request.html'
|
||||||
|
|
||||||
|
def get_context_data(self, **kwargs):
|
||||||
|
kwargs['request_dict'] = {}
|
||||||
|
for key in dir(self.request):
|
||||||
|
kwargs['request_dict'][key] = getattr(self.request, key)
|
||||||
|
return super().get_context_data(**kwargs)
|
||||||
@ -34,7 +34,7 @@ class FactorListView(AdminRequiredMixin, ListView):
|
|||||||
class FactorCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
|
class FactorCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
|
||||||
"""Create new Factor"""
|
"""Create new Factor"""
|
||||||
|
|
||||||
template_name = 'generic/create_inheritance.html'
|
template_name = 'generic/create.html'
|
||||||
success_url = reverse_lazy('passbook_admin:factors')
|
success_url = reverse_lazy('passbook_admin:factors')
|
||||||
success_message = _('Successfully created Factor')
|
success_message = _('Successfully created Factor')
|
||||||
|
|
||||||
|
|||||||
@ -1,12 +1,57 @@
|
|||||||
"""passbook Group administration"""
|
"""passbook Group administration"""
|
||||||
from django.views.generic import ListView
|
from django.contrib import messages
|
||||||
|
from django.contrib.messages.views import SuccessMessageMixin
|
||||||
|
from django.urls import reverse_lazy
|
||||||
|
from django.utils.translation import ugettext as _
|
||||||
|
from django.views.generic import CreateView, DeleteView, ListView, UpdateView
|
||||||
|
|
||||||
from passbook.admin.mixins import AdminRequiredMixin
|
from passbook.admin.mixins import AdminRequiredMixin
|
||||||
|
from passbook.core.forms.groups import GroupForm
|
||||||
from passbook.core.models import Group
|
from passbook.core.models import Group
|
||||||
|
|
||||||
|
|
||||||
class GroupListView(AdminRequiredMixin, ListView):
|
class GroupListView(AdminRequiredMixin, ListView):
|
||||||
"""Show list of all invitations"""
|
"""Show list of all groups"""
|
||||||
|
|
||||||
model = Group
|
model = Group
|
||||||
template_name = 'administration/groups/list.html'
|
ordering = 'name'
|
||||||
|
template_name = 'administration/group/list.html'
|
||||||
|
|
||||||
|
|
||||||
|
class GroupCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
|
||||||
|
"""Create new Group"""
|
||||||
|
|
||||||
|
form_class = GroupForm
|
||||||
|
|
||||||
|
template_name = 'generic/create.html'
|
||||||
|
success_url = reverse_lazy('passbook_admin:groups')
|
||||||
|
success_message = _('Successfully created Group')
|
||||||
|
|
||||||
|
def get_context_data(self, **kwargs):
|
||||||
|
kwargs['type'] = 'Group'
|
||||||
|
return super().get_context_data(**kwargs)
|
||||||
|
|
||||||
|
|
||||||
|
class GroupUpdateView(SuccessMessageMixin, AdminRequiredMixin, UpdateView):
|
||||||
|
"""Update group"""
|
||||||
|
|
||||||
|
model = Group
|
||||||
|
form_class = GroupForm
|
||||||
|
|
||||||
|
template_name = 'generic/update.html'
|
||||||
|
success_url = reverse_lazy('passbook_admin:groups')
|
||||||
|
success_message = _('Successfully updated Group')
|
||||||
|
|
||||||
|
|
||||||
|
class GroupDeleteView(SuccessMessageMixin, AdminRequiredMixin, DeleteView):
|
||||||
|
"""Delete group"""
|
||||||
|
|
||||||
|
model = Group
|
||||||
|
|
||||||
|
template_name = 'generic/delete.html'
|
||||||
|
success_url = reverse_lazy('passbook_admin:groups')
|
||||||
|
success_message = _('Successfully deleted Group')
|
||||||
|
|
||||||
|
def delete(self, request, *args, **kwargs):
|
||||||
|
messages.success(self.request, self.success_message)
|
||||||
|
return super().delete(request, *args, **kwargs)
|
||||||
|
|||||||
@ -27,6 +27,10 @@ class InvitationCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
|
|||||||
success_message = _('Successfully created Invitation')
|
success_message = _('Successfully created Invitation')
|
||||||
form_class = InvitationForm
|
form_class = InvitationForm
|
||||||
|
|
||||||
|
def get_context_data(self, **kwargs):
|
||||||
|
kwargs['type'] = 'Invitation'
|
||||||
|
return super().get_context_data(**kwargs)
|
||||||
|
|
||||||
def form_valid(self, form):
|
def form_valid(self, form):
|
||||||
obj = form.save(commit=False)
|
obj = form.save(commit=False)
|
||||||
obj.created_by = self.request.user
|
obj.created_by = self.request.user
|
||||||
|
|||||||
@ -1,11 +1,13 @@
|
|||||||
"""passbook administration overview"""
|
"""passbook administration overview"""
|
||||||
|
from django.core.cache import cache
|
||||||
|
from django.shortcuts import redirect, reverse
|
||||||
from django.views.generic import TemplateView
|
from django.views.generic import TemplateView
|
||||||
|
|
||||||
from passbook.admin.mixins import AdminRequiredMixin
|
from passbook.admin.mixins import AdminRequiredMixin
|
||||||
from passbook.core import __version__
|
from passbook.core import __version__
|
||||||
from passbook.core.celery import CELERY_APP
|
|
||||||
from passbook.core.models import (Application, Factor, Invitation, Policy,
|
from passbook.core.models import (Application, Factor, Invitation, Policy,
|
||||||
Provider, Source, User)
|
Provider, Source, User)
|
||||||
|
from passbook.root.celery import CELERY_APP
|
||||||
|
|
||||||
|
|
||||||
class AdministrationOverviewView(AdminRequiredMixin, TemplateView):
|
class AdministrationOverviewView(AdminRequiredMixin, TemplateView):
|
||||||
@ -13,6 +15,13 @@ class AdministrationOverviewView(AdminRequiredMixin, TemplateView):
|
|||||||
|
|
||||||
template_name = 'administration/overview.html'
|
template_name = 'administration/overview.html'
|
||||||
|
|
||||||
|
def post(self, *args, **kwargs):
|
||||||
|
"""Handle post (clear cache from modal)"""
|
||||||
|
if 'clear' in self.request.POST:
|
||||||
|
cache.clear()
|
||||||
|
return redirect(reverse('passbook_core:auth-login'))
|
||||||
|
return self.get(*args, **kwargs)
|
||||||
|
|
||||||
def get_context_data(self, **kwargs):
|
def get_context_data(self, **kwargs):
|
||||||
kwargs['application_count'] = len(Application.objects.all())
|
kwargs['application_count'] = len(Application.objects.all())
|
||||||
kwargs['policy_count'] = len(Policy.objects.all())
|
kwargs['policy_count'] = len(Policy.objects.all())
|
||||||
@ -23,4 +32,7 @@ class AdministrationOverviewView(AdminRequiredMixin, TemplateView):
|
|||||||
kwargs['invitation_count'] = len(Invitation.objects.all())
|
kwargs['invitation_count'] = len(Invitation.objects.all())
|
||||||
kwargs['version'] = __version__
|
kwargs['version'] = __version__
|
||||||
kwargs['worker_count'] = len(CELERY_APP.control.ping(timeout=0.5))
|
kwargs['worker_count'] = len(CELERY_APP.control.ping(timeout=0.5))
|
||||||
|
kwargs['providers_without_application'] = Provider.objects.filter(application=None)
|
||||||
|
kwargs['policies_without_attachment'] = len(Policy.objects.filter(policymodel__isnull=True))
|
||||||
|
kwargs['cached_policies'] = len(cache.keys('policy_*'))
|
||||||
return super().get_context_data(**kwargs)
|
return super().get_context_data(**kwargs)
|
||||||
|
|||||||
@ -12,6 +12,7 @@ from passbook.admin.forms.policies import PolicyTestForm
|
|||||||
from passbook.admin.mixins import AdminRequiredMixin
|
from passbook.admin.mixins import AdminRequiredMixin
|
||||||
from passbook.core.models import Policy
|
from passbook.core.models import Policy
|
||||||
from passbook.lib.utils.reflection import path_to_class
|
from passbook.lib.utils.reflection import path_to_class
|
||||||
|
from passbook.policy.engine import PolicyEngine
|
||||||
|
|
||||||
|
|
||||||
class PolicyListView(AdminRequiredMixin, ListView):
|
class PolicyListView(AdminRequiredMixin, ListView):
|
||||||
@ -32,7 +33,7 @@ class PolicyListView(AdminRequiredMixin, ListView):
|
|||||||
class PolicyCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
|
class PolicyCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
|
||||||
"""Create new Policy"""
|
"""Create new Policy"""
|
||||||
|
|
||||||
template_name = 'generic/create_inheritance.html'
|
template_name = 'generic/create.html'
|
||||||
success_url = reverse_lazy('passbook_admin:policies')
|
success_url = reverse_lazy('passbook_admin:policies')
|
||||||
success_message = _('Successfully created Policy')
|
success_message = _('Successfully created Policy')
|
||||||
|
|
||||||
@ -100,7 +101,9 @@ class PolicyTestView(AdminRequiredMixin, DetailView, FormView):
|
|||||||
def form_valid(self, form):
|
def form_valid(self, form):
|
||||||
policy = self.get_object()
|
policy = self.get_object()
|
||||||
user = form.cleaned_data.get('user')
|
user = form.cleaned_data.get('user')
|
||||||
result = policy.passes(user)
|
policy_engine = PolicyEngine([policy])
|
||||||
|
policy_engine.for_user(user).with_request(self.request).build()
|
||||||
|
result = policy_engine.passing
|
||||||
if result:
|
if result:
|
||||||
messages.success(self.request, _('User successfully passed policy.'))
|
messages.success(self.request, _('User successfully passed policy.'))
|
||||||
else:
|
else:
|
||||||
|
|||||||
90
passbook/admin/views/property_mapping.py
Normal file
90
passbook/admin/views/property_mapping.py
Normal file
@ -0,0 +1,90 @@
|
|||||||
|
"""passbook PropertyMapping administration"""
|
||||||
|
from django.contrib import messages
|
||||||
|
from django.contrib.messages.views import SuccessMessageMixin
|
||||||
|
from django.http import Http404
|
||||||
|
from django.urls import reverse_lazy
|
||||||
|
from django.utils.translation import ugettext as _
|
||||||
|
from django.views.generic import CreateView, DeleteView, ListView, UpdateView
|
||||||
|
|
||||||
|
from passbook.admin.mixins import AdminRequiredMixin
|
||||||
|
from passbook.core.models import PropertyMapping
|
||||||
|
from passbook.lib.utils.reflection import path_to_class
|
||||||
|
|
||||||
|
|
||||||
|
def all_subclasses(cls):
|
||||||
|
"""Recursively return all subclassess of cls"""
|
||||||
|
return set(cls.__subclasses__()).union(
|
||||||
|
[s for c in cls.__subclasses__() for s in all_subclasses(c)])
|
||||||
|
|
||||||
|
|
||||||
|
class PropertyMappingListView(AdminRequiredMixin, ListView):
|
||||||
|
"""Show list of all property_mappings"""
|
||||||
|
|
||||||
|
model = PropertyMapping
|
||||||
|
template_name = 'administration/property_mapping/list.html'
|
||||||
|
ordering = 'name'
|
||||||
|
|
||||||
|
def get_context_data(self, **kwargs):
|
||||||
|
kwargs['types'] = {
|
||||||
|
x.__name__: x._meta.verbose_name for x in all_subclasses(PropertyMapping)}
|
||||||
|
return super().get_context_data(**kwargs)
|
||||||
|
|
||||||
|
def get_queryset(self):
|
||||||
|
return super().get_queryset().select_subclasses()
|
||||||
|
|
||||||
|
|
||||||
|
class PropertyMappingCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
|
||||||
|
"""Create new PropertyMapping"""
|
||||||
|
|
||||||
|
template_name = 'generic/create.html'
|
||||||
|
success_url = reverse_lazy('passbook_admin:property-mappings')
|
||||||
|
success_message = _('Successfully created Property Mapping')
|
||||||
|
|
||||||
|
def get_context_data(self, **kwargs):
|
||||||
|
kwargs = super().get_context_data(**kwargs)
|
||||||
|
property_mapping_type = self.request.GET.get('type')
|
||||||
|
model = next(x for x in all_subclasses(PropertyMapping)
|
||||||
|
if x.__name__ == property_mapping_type)
|
||||||
|
kwargs['type'] = model._meta.verbose_name
|
||||||
|
return kwargs
|
||||||
|
|
||||||
|
def get_form_class(self):
|
||||||
|
property_mapping_type = self.request.GET.get('type')
|
||||||
|
model = next(x for x in all_subclasses(PropertyMapping)
|
||||||
|
if x.__name__ == property_mapping_type)
|
||||||
|
if not model:
|
||||||
|
raise Http404
|
||||||
|
return path_to_class(model.form)
|
||||||
|
|
||||||
|
|
||||||
|
class PropertyMappingUpdateView(SuccessMessageMixin, AdminRequiredMixin, UpdateView):
|
||||||
|
"""Update property_mapping"""
|
||||||
|
|
||||||
|
model = PropertyMapping
|
||||||
|
template_name = 'generic/update.html'
|
||||||
|
success_url = reverse_lazy('passbook_admin:property-mappings')
|
||||||
|
success_message = _('Successfully updated Property Mapping')
|
||||||
|
|
||||||
|
def get_form_class(self):
|
||||||
|
form_class_path = self.get_object().form
|
||||||
|
form_class = path_to_class(form_class_path)
|
||||||
|
return form_class
|
||||||
|
|
||||||
|
def get_object(self, queryset=None):
|
||||||
|
return PropertyMapping.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
|
||||||
|
|
||||||
|
|
||||||
|
class PropertyMappingDeleteView(SuccessMessageMixin, AdminRequiredMixin, DeleteView):
|
||||||
|
"""Delete property_mapping"""
|
||||||
|
|
||||||
|
model = PropertyMapping
|
||||||
|
template_name = 'generic/delete.html'
|
||||||
|
success_url = reverse_lazy('passbook_admin:property-mappings')
|
||||||
|
success_message = _('Successfully deleted Property Mapping')
|
||||||
|
|
||||||
|
def get_object(self, queryset=None):
|
||||||
|
return PropertyMapping.objects.filter(pk=self.kwargs.get('pk')).select_subclasses().first()
|
||||||
|
|
||||||
|
def delete(self, request, *args, **kwargs):
|
||||||
|
messages.success(self.request, self.success_message)
|
||||||
|
return super().delete(request, *args, **kwargs)
|
||||||
@ -29,7 +29,7 @@ class ProviderListView(AdminRequiredMixin, ListView):
|
|||||||
class ProviderCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
|
class ProviderCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
|
||||||
"""Create new Provider"""
|
"""Create new Provider"""
|
||||||
|
|
||||||
template_name = 'generic/create_inheritance.html'
|
template_name = 'generic/create.html'
|
||||||
success_url = reverse_lazy('passbook_admin:providers')
|
success_url = reverse_lazy('passbook_admin:providers')
|
||||||
success_message = _('Successfully created Provider')
|
success_message = _('Successfully created Provider')
|
||||||
|
|
||||||
|
|||||||
@ -34,7 +34,7 @@ class SourceListView(AdminRequiredMixin, ListView):
|
|||||||
class SourceCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
|
class SourceCreateView(SuccessMessageMixin, AdminRequiredMixin, CreateView):
|
||||||
"""Create new Source"""
|
"""Create new Source"""
|
||||||
|
|
||||||
template_name = 'generic/create_inheritance.html'
|
template_name = 'generic/create.html'
|
||||||
success_url = reverse_lazy('passbook_admin:sources')
|
success_url = reverse_lazy('passbook_admin:sources')
|
||||||
success_message = _('Successfully created Source')
|
success_message = _('Successfully created Source')
|
||||||
|
|
||||||
|
|||||||
@ -7,8 +7,8 @@ from django.utils.translation import ugettext as _
|
|||||||
from django.views import View
|
from django.views import View
|
||||||
from django.views.generic import DeleteView, ListView, UpdateView
|
from django.views.generic import DeleteView, ListView, UpdateView
|
||||||
|
|
||||||
|
from passbook.admin.forms.users import UserForm
|
||||||
from passbook.admin.mixins import AdminRequiredMixin
|
from passbook.admin.mixins import AdminRequiredMixin
|
||||||
from passbook.core.forms.users import UserDetailForm
|
|
||||||
from passbook.core.models import Nonce, User
|
from passbook.core.models import Nonce, User
|
||||||
|
|
||||||
|
|
||||||
@ -23,7 +23,7 @@ class UserUpdateView(SuccessMessageMixin, AdminRequiredMixin, UpdateView):
|
|||||||
"""Update user"""
|
"""Update user"""
|
||||||
|
|
||||||
model = User
|
model = User
|
||||||
form_class = UserDetailForm
|
form_class = UserForm
|
||||||
|
|
||||||
template_name = 'generic/update.html'
|
template_name = 'generic/update.html'
|
||||||
success_url = reverse_lazy('passbook_admin:users')
|
success_url = reverse_lazy('passbook_admin:users')
|
||||||
|
|||||||
@ -1,2 +0,0 @@
|
|||||||
"""passbook api"""
|
|
||||||
__version__ = '0.0.11-alpha'
|
|
||||||
|
|||||||
@ -1,3 +0,0 @@
|
|||||||
django-rest-framework
|
|
||||||
drf_yasg
|
|
||||||
django-filters
|
|
||||||
@ -14,8 +14,8 @@ class OpenIDUserInfoView(ScopedResourceMixin, View):
|
|||||||
payload = {
|
payload = {
|
||||||
'sub': request.user.uuid.int,
|
'sub': request.user.uuid.int,
|
||||||
'name': request.user.get_full_name(),
|
'name': request.user.get_full_name(),
|
||||||
'given_name': request.user.first_name,
|
'given_name': request.user.name,
|
||||||
'family_name': request.user.last_name,
|
'family_name': '',
|
||||||
'preferred_username': request.user.username,
|
'preferred_username': request.user.username,
|
||||||
'email': request.user.email,
|
'email': request.user.email,
|
||||||
}
|
}
|
||||||
|
|||||||
BIN
passbook/app_gw/.DS_Store
vendored
Normal file
BIN
passbook/app_gw/.DS_Store
vendored
Normal file
Binary file not shown.
5
passbook/app_gw/admin.py
Normal file
5
passbook/app_gw/admin.py
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
"""passbook Application Security Gateway model admin"""
|
||||||
|
|
||||||
|
from passbook.lib.admin import admin_autoregister
|
||||||
|
|
||||||
|
admin_autoregister('passbook_app_gw')
|
||||||
16
passbook/app_gw/apps.py
Normal file
16
passbook/app_gw/apps.py
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
"""passbook Application Security Gateway app"""
|
||||||
|
from importlib import import_module
|
||||||
|
|
||||||
|
from django.apps import AppConfig
|
||||||
|
|
||||||
|
|
||||||
|
class PassbookApplicationApplicationGatewayConfig(AppConfig):
|
||||||
|
"""passbook app_gw app"""
|
||||||
|
|
||||||
|
name = 'passbook.app_gw'
|
||||||
|
label = 'passbook_app_gw'
|
||||||
|
verbose_name = 'passbook Application Security Gateway'
|
||||||
|
mountpoint = 'app_gw/'
|
||||||
|
|
||||||
|
def ready(self):
|
||||||
|
import_module('passbook.app_gw.signals')
|
||||||
13
passbook/app_gw/asgi.py
Normal file
13
passbook/app_gw/asgi.py
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
"""
|
||||||
|
ASGI entrypoint. Configures Django and then runs the application
|
||||||
|
defined in the ASGI_APPLICATION setting.
|
||||||
|
"""
|
||||||
|
|
||||||
|
import os
|
||||||
|
|
||||||
|
import django
|
||||||
|
from channels.routing import get_default_application
|
||||||
|
|
||||||
|
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "passbook.root.settings")
|
||||||
|
django.setup()
|
||||||
|
application = get_default_application()
|
||||||
66
passbook/app_gw/forms.py
Normal file
66
passbook/app_gw/forms.py
Normal file
@ -0,0 +1,66 @@
|
|||||||
|
"""passbook Application Security Gateway Forms"""
|
||||||
|
from urllib.parse import urlparse
|
||||||
|
|
||||||
|
from django import forms
|
||||||
|
from django.contrib.admin.widgets import FilteredSelectMultiple
|
||||||
|
from django.forms import ValidationError
|
||||||
|
from django.utils.translation import gettext as _
|
||||||
|
|
||||||
|
from passbook.app_gw.models import ApplicationGatewayProvider, RewriteRule
|
||||||
|
from passbook.lib.fields import DynamicArrayField
|
||||||
|
|
||||||
|
|
||||||
|
class ApplicationGatewayProviderForm(forms.ModelForm):
|
||||||
|
"""Security Gateway Provider form"""
|
||||||
|
|
||||||
|
def clean_server_name(self):
|
||||||
|
"""Check if server_name is in DB already, since
|
||||||
|
Postgres ArrayField doesn't suppport keys."""
|
||||||
|
current = self.cleaned_data.get('server_name')
|
||||||
|
if ApplicationGatewayProvider.objects \
|
||||||
|
.filter(server_name__overlap=current) \
|
||||||
|
.exclude(pk=self.instance.pk).exists():
|
||||||
|
raise ValidationError(_("Server Name already in use."))
|
||||||
|
return current
|
||||||
|
|
||||||
|
def clean_upstream(self):
|
||||||
|
"""Check that upstream begins with http(s)"""
|
||||||
|
for upstream in self.cleaned_data.get('upstream'):
|
||||||
|
_parsed_url = urlparse(upstream)
|
||||||
|
|
||||||
|
if _parsed_url.scheme not in ('http', 'https'):
|
||||||
|
raise ValidationError(_("URL Scheme must be either http or https"))
|
||||||
|
return self.cleaned_data.get('upstream')
|
||||||
|
|
||||||
|
class Meta:
|
||||||
|
|
||||||
|
model = ApplicationGatewayProvider
|
||||||
|
fields = ['server_name', 'upstream', 'enabled', 'authentication_header',
|
||||||
|
'default_content_type', 'upstream_ssl_verification', 'property_mappings']
|
||||||
|
widgets = {
|
||||||
|
'authentication_header': forms.TextInput(),
|
||||||
|
'default_content_type': forms.TextInput(),
|
||||||
|
'property_mappings': FilteredSelectMultiple(_('Property Mappings'), False)
|
||||||
|
}
|
||||||
|
field_classes = {
|
||||||
|
'server_name': DynamicArrayField,
|
||||||
|
'upstream': DynamicArrayField
|
||||||
|
}
|
||||||
|
labels = {
|
||||||
|
'upstream_ssl_verification': _('Verify upstream SSL Certificates?'),
|
||||||
|
'property_mappings': _('Rewrite Rules')
|
||||||
|
}
|
||||||
|
|
||||||
|
class RewriteRuleForm(forms.ModelForm):
|
||||||
|
"""Rewrite Rule Form"""
|
||||||
|
|
||||||
|
class Meta:
|
||||||
|
|
||||||
|
model = RewriteRule
|
||||||
|
fields = ['name', 'match', 'halt', 'replacement', 'redirect', 'conditions']
|
||||||
|
widgets = {
|
||||||
|
'name': forms.TextInput(),
|
||||||
|
'match': forms.TextInput(attrs={'data-is-monospace': True}),
|
||||||
|
'replacement': forms.TextInput(attrs={'data-is-monospace': True}),
|
||||||
|
'conditions': FilteredSelectMultiple(_('Conditions'), False)
|
||||||
|
}
|
||||||
0
passbook/app_gw/management/__init__.py
Normal file
0
passbook/app_gw/management/__init__.py
Normal file
0
passbook/app_gw/management/commands/__init__.py
Normal file
0
passbook/app_gw/management/commands/__init__.py
Normal file
29
passbook/app_gw/management/commands/app_gw_web.py
Normal file
29
passbook/app_gw/management/commands/app_gw_web.py
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
"""passbook app_gw webserver management command"""
|
||||||
|
|
||||||
|
from daphne.cli import CommandLineInterface
|
||||||
|
from django.core.management.base import BaseCommand
|
||||||
|
from django.utils import autoreload
|
||||||
|
from structlog import get_logger
|
||||||
|
|
||||||
|
from passbook.lib.config import CONFIG
|
||||||
|
|
||||||
|
LOGGER = get_logger(__name__)
|
||||||
|
|
||||||
|
|
||||||
|
class Command(BaseCommand):
|
||||||
|
"""Run Daphne Webserver for app_gw"""
|
||||||
|
|
||||||
|
def handle(self, *args, **options):
|
||||||
|
"""passbook daphne server"""
|
||||||
|
autoreload.run_with_reloader(self.daphne_server)
|
||||||
|
|
||||||
|
def daphne_server(self):
|
||||||
|
"""Run daphne server within autoreload"""
|
||||||
|
autoreload.raise_last_exception()
|
||||||
|
CommandLineInterface().run([
|
||||||
|
'-p', str(CONFIG.y('app_gw.port', 8000)),
|
||||||
|
'-b', CONFIG.y('app_gw.listen', '0.0.0.0'), # nosec
|
||||||
|
'--access-log', '/dev/null',
|
||||||
|
'--application-close-timeout', '500',
|
||||||
|
'passbook.app_gw.asgi:application'
|
||||||
|
])
|
||||||
33
passbook/app_gw/middleware.py
Normal file
33
passbook/app_gw/middleware.py
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
"""passbook app_gw middleware"""
|
||||||
|
from django.views.generic import RedirectView
|
||||||
|
|
||||||
|
from passbook.app_gw.proxy.handler import RequestHandler
|
||||||
|
from passbook.lib.config import CONFIG
|
||||||
|
|
||||||
|
|
||||||
|
class ApplicationGatewayMiddleware:
|
||||||
|
"""Check if request should be proxied or handeled normally"""
|
||||||
|
|
||||||
|
_app_gw_cache = {}
|
||||||
|
|
||||||
|
def __init__(self, get_response):
|
||||||
|
self.get_response = get_response
|
||||||
|
|
||||||
|
def __call__(self, request):
|
||||||
|
# Rudimentary cache
|
||||||
|
host_header = request.META.get('HTTP_HOST')
|
||||||
|
if host_header not in self._app_gw_cache:
|
||||||
|
self._app_gw_cache[host_header] = RequestHandler.find_app_gw_for_request(request)
|
||||||
|
if self._app_gw_cache[host_header]:
|
||||||
|
return self.dispatch(request, self._app_gw_cache[host_header])
|
||||||
|
return self.get_response(request)
|
||||||
|
|
||||||
|
def dispatch(self, request, app_gw):
|
||||||
|
"""Build proxied request and pass to upstream"""
|
||||||
|
handler = RequestHandler(app_gw, request)
|
||||||
|
|
||||||
|
if not handler.check_permission():
|
||||||
|
to_url = 'https://%s/?next=%s' % (CONFIG.y('domains')[0], request.get_full_path())
|
||||||
|
return RedirectView.as_view(url=to_url)(request)
|
||||||
|
|
||||||
|
return handler.get_response()
|
||||||
BIN
passbook/app_gw/migrations/.DS_Store
vendored
Normal file
BIN
passbook/app_gw/migrations/.DS_Store
vendored
Normal file
Binary file not shown.
50
passbook/app_gw/migrations/0001_initial.py
Normal file
50
passbook/app_gw/migrations/0001_initial.py
Normal file
@ -0,0 +1,50 @@
|
|||||||
|
# Generated by Django 2.1.7 on 2019-03-20 21:38
|
||||||
|
|
||||||
|
import django.contrib.postgres.fields
|
||||||
|
import django.db.models.deletion
|
||||||
|
from django.db import migrations, models
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
initial = True
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('passbook_core', '0020_groupmembershippolicy'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.CreateModel(
|
||||||
|
name='ApplicationGatewayProvider',
|
||||||
|
fields=[
|
||||||
|
('provider_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='passbook_core.Provider')),
|
||||||
|
('server_name', django.contrib.postgres.fields.ArrayField(base_field=models.TextField(), size=None)),
|
||||||
|
('upstream', django.contrib.postgres.fields.ArrayField(base_field=models.TextField(), size=None)),
|
||||||
|
('enabled', models.BooleanField(default=True)),
|
||||||
|
('authentication_header', models.TextField(default='X-Remote-User')),
|
||||||
|
('default_content_type', models.TextField(default='application/octet-stream')),
|
||||||
|
('upstream_ssl_verification', models.BooleanField(default=True)),
|
||||||
|
],
|
||||||
|
options={
|
||||||
|
'verbose_name': 'Application Gateway Provider',
|
||||||
|
'verbose_name_plural': 'Application Gateway Providers',
|
||||||
|
},
|
||||||
|
bases=('passbook_core.provider',),
|
||||||
|
),
|
||||||
|
migrations.CreateModel(
|
||||||
|
name='RewriteRule',
|
||||||
|
fields=[
|
||||||
|
('propertymapping_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='passbook_core.PropertyMapping')),
|
||||||
|
('match', models.TextField()),
|
||||||
|
('halt', models.BooleanField(default=False)),
|
||||||
|
('replacement', models.TextField()),
|
||||||
|
('redirect', models.CharField(choices=[('internal', 'Internal'), (301, 'Moved Permanently'), (302, 'Found')], max_length=50)),
|
||||||
|
('conditions', models.ManyToManyField(to='passbook_core.Policy')),
|
||||||
|
],
|
||||||
|
options={
|
||||||
|
'verbose_name': 'Rewrite Rule',
|
||||||
|
'verbose_name_plural': 'Rewrite Rules',
|
||||||
|
},
|
||||||
|
bases=('passbook_core.propertymapping',),
|
||||||
|
),
|
||||||
|
]
|
||||||
18
passbook/app_gw/migrations/0002_auto_20190321_1521.py
Normal file
18
passbook/app_gw/migrations/0002_auto_20190321_1521.py
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
# Generated by Django 2.1.7 on 2019-03-21 15:21
|
||||||
|
|
||||||
|
from django.db import migrations, models
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('passbook_app_gw', '0001_initial'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name='rewriterule',
|
||||||
|
name='conditions',
|
||||||
|
field=models.ManyToManyField(blank=True, to='passbook_core.Policy'),
|
||||||
|
),
|
||||||
|
]
|
||||||
18
passbook/app_gw/migrations/0003_auto_20190411_1314.py
Normal file
18
passbook/app_gw/migrations/0003_auto_20190411_1314.py
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
# Generated by Django 2.2 on 2019-04-11 13:14
|
||||||
|
|
||||||
|
from django.db import migrations, models
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('passbook_app_gw', '0002_auto_20190321_1521'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name='applicationgatewayprovider',
|
||||||
|
name='authentication_header',
|
||||||
|
field=models.TextField(blank=True, default='X-Remote-User'),
|
||||||
|
),
|
||||||
|
]
|
||||||
0
passbook/app_gw/migrations/__init__.py
Normal file
0
passbook/app_gw/migrations/__init__.py
Normal file
74
passbook/app_gw/models.py
Normal file
74
passbook/app_gw/models.py
Normal file
@ -0,0 +1,74 @@
|
|||||||
|
"""passbook app_gw models"""
|
||||||
|
import re
|
||||||
|
|
||||||
|
from django.contrib.postgres.fields import ArrayField
|
||||||
|
from django.db import models
|
||||||
|
from django.utils.translation import gettext as _
|
||||||
|
|
||||||
|
from passbook.core.models import Policy, PropertyMapping, Provider
|
||||||
|
|
||||||
|
|
||||||
|
class ApplicationGatewayProvider(Provider):
|
||||||
|
"""Virtual server which proxies requests to any hostname in server_name to upstream"""
|
||||||
|
|
||||||
|
server_name = ArrayField(models.TextField())
|
||||||
|
upstream = ArrayField(models.TextField())
|
||||||
|
enabled = models.BooleanField(default=True)
|
||||||
|
|
||||||
|
authentication_header = models.TextField(default='X-Remote-User', blank=True)
|
||||||
|
default_content_type = models.TextField(default='application/octet-stream')
|
||||||
|
upstream_ssl_verification = models.BooleanField(default=True)
|
||||||
|
|
||||||
|
form = 'passbook.app_gw.forms.ApplicationGatewayProviderForm'
|
||||||
|
|
||||||
|
@property
|
||||||
|
def name(self):
|
||||||
|
"""since this model has no name property, return a joined list of server_names as name"""
|
||||||
|
return ', '.join(self.server_name)
|
||||||
|
|
||||||
|
def __str__(self):
|
||||||
|
return "Application Gateway %s" % ', '.join(self.server_name)
|
||||||
|
|
||||||
|
class Meta:
|
||||||
|
|
||||||
|
verbose_name = _('Application Gateway Provider')
|
||||||
|
verbose_name_plural = _('Application Gateway Providers')
|
||||||
|
|
||||||
|
|
||||||
|
class RewriteRule(PropertyMapping):
|
||||||
|
"""Rewrite requests matching `match` with `replacement`, if all polcies in `conditions` apply"""
|
||||||
|
|
||||||
|
REDIRECT_INTERNAL = 'internal'
|
||||||
|
REDIRECT_PERMANENT = 301
|
||||||
|
REDIRECT_FOUND = 302
|
||||||
|
|
||||||
|
REDIRECTS = (
|
||||||
|
(REDIRECT_INTERNAL, _('Internal')),
|
||||||
|
(REDIRECT_PERMANENT, _('Moved Permanently')),
|
||||||
|
(REDIRECT_FOUND, _('Found')),
|
||||||
|
)
|
||||||
|
|
||||||
|
match = models.TextField()
|
||||||
|
halt = models.BooleanField(default=False)
|
||||||
|
conditions = models.ManyToManyField(Policy, blank=True)
|
||||||
|
replacement = models.TextField() # python formatted strings, use {match.1}
|
||||||
|
redirect = models.CharField(max_length=50, choices=REDIRECTS)
|
||||||
|
|
||||||
|
form = 'passbook.app_gw.forms.RewriteRuleForm'
|
||||||
|
|
||||||
|
_matcher = None
|
||||||
|
|
||||||
|
@property
|
||||||
|
def compiled_matcher(self):
|
||||||
|
"""Cache the compiled regex in memory"""
|
||||||
|
if not self._matcher:
|
||||||
|
self._matcher = re.compile(self.match)
|
||||||
|
return self._matcher
|
||||||
|
|
||||||
|
def __str__(self):
|
||||||
|
return "Rewrite Rule %s" % self.name
|
||||||
|
|
||||||
|
class Meta:
|
||||||
|
|
||||||
|
verbose_name = _('Rewrite Rule')
|
||||||
|
verbose_name_plural = _('Rewrite Rules')
|
||||||
0
passbook/app_gw/proxy/__init__.py
Normal file
0
passbook/app_gw/proxy/__init__.py
Normal file
8
passbook/app_gw/proxy/exceptions.py
Normal file
8
passbook/app_gw/proxy/exceptions.py
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
"""Exception classes"""
|
||||||
|
|
||||||
|
class ReverseProxyException(Exception):
|
||||||
|
"""Base for revproxy exception"""
|
||||||
|
|
||||||
|
|
||||||
|
class InvalidUpstream(ReverseProxyException):
|
||||||
|
"""Invalid upstream set"""
|
||||||
233
passbook/app_gw/proxy/handler.py
Normal file
233
passbook/app_gw/proxy/handler.py
Normal file
@ -0,0 +1,233 @@
|
|||||||
|
"""passbook app_gw request handler"""
|
||||||
|
import mimetypes
|
||||||
|
from random import SystemRandom
|
||||||
|
from urllib.parse import urlparse
|
||||||
|
|
||||||
|
import certifi
|
||||||
|
import urllib3
|
||||||
|
from django.core.cache import cache
|
||||||
|
from django.utils.http import urlencode
|
||||||
|
from structlog import get_logger
|
||||||
|
|
||||||
|
from passbook.app_gw.models import ApplicationGatewayProvider
|
||||||
|
from passbook.app_gw.proxy.exceptions import InvalidUpstream
|
||||||
|
from passbook.app_gw.proxy.response import get_django_response
|
||||||
|
from passbook.app_gw.proxy.rewrite import Rewriter
|
||||||
|
from passbook.app_gw.proxy.utils import encode_items, normalize_request_headers
|
||||||
|
from passbook.core.models import Application
|
||||||
|
from passbook.policy.engine import PolicyEngine
|
||||||
|
|
||||||
|
SESSION_UPSTREAM_KEY = 'passbook_app_gw_upstream'
|
||||||
|
IGNORED_HOSTNAMES_KEY = 'passbook_app_gw_ignored'
|
||||||
|
LOGGER = get_logger(__name__)
|
||||||
|
QUOTE_SAFE = r'<.;>\(}*+|~=-$/_:^@)[{]&\'!,"`'
|
||||||
|
ERRORS_MESSAGES = {
|
||||||
|
'upstream-no-scheme': ("Upstream URL scheme must be either "
|
||||||
|
"'http' or 'https' (%s).")
|
||||||
|
}
|
||||||
|
HTTP_NO_VERIFY = urllib3.PoolManager()
|
||||||
|
HTTP = urllib3.PoolManager(
|
||||||
|
cert_reqs='CERT_REQUIRED',
|
||||||
|
ca_certs=certifi.where())
|
||||||
|
IGNORED_HOSTS = cache.get(IGNORED_HOSTNAMES_KEY, [])
|
||||||
|
POLICY_CACHE = {}
|
||||||
|
|
||||||
|
class RequestHandler:
|
||||||
|
"""Forward requests"""
|
||||||
|
|
||||||
|
_parsed_url = None
|
||||||
|
_request_headers = None
|
||||||
|
|
||||||
|
def __init__(self, app_gw, request):
|
||||||
|
self.app_gw = app_gw
|
||||||
|
self.request = request
|
||||||
|
if self.app_gw.pk not in POLICY_CACHE:
|
||||||
|
POLICY_CACHE[self.app_gw.pk] = self.app_gw.application.policies.all()
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def find_app_gw_for_request(request):
|
||||||
|
"""Check if a request should be proxied or forwarded to passbook"""
|
||||||
|
# Check if hostname is in cached list of ignored hostnames
|
||||||
|
# This saves us having to query the database on each request
|
||||||
|
host_header = request.META.get('HTTP_HOST')
|
||||||
|
if host_header in IGNORED_HOSTS:
|
||||||
|
# LOGGER.debug("%s is ignored", host_header)
|
||||||
|
return False
|
||||||
|
# Look through all ApplicationGatewayProviders and check hostnames
|
||||||
|
matches = ApplicationGatewayProvider.objects.filter(
|
||||||
|
server_name__contains=[host_header],
|
||||||
|
enabled=True)
|
||||||
|
if not matches.exists():
|
||||||
|
# Mo matching Providers found, add host header to ignored list
|
||||||
|
IGNORED_HOSTS.append(host_header)
|
||||||
|
cache.set(IGNORED_HOSTNAMES_KEY, IGNORED_HOSTS)
|
||||||
|
# LOGGER.debug("Ignoring %s", host_header)
|
||||||
|
return False
|
||||||
|
# At this point we're certain there's a matching ApplicationGateway
|
||||||
|
if len(matches) > 1:
|
||||||
|
# This should never happen
|
||||||
|
raise ValueError
|
||||||
|
app_gw = matches.first()
|
||||||
|
try:
|
||||||
|
# Check if ApplicationGateway is associated with application
|
||||||
|
getattr(app_gw, 'application')
|
||||||
|
if app_gw:
|
||||||
|
return app_gw
|
||||||
|
except Application.DoesNotExist:
|
||||||
|
pass
|
||||||
|
# LOGGER.debug("ApplicationGateway not associated with Application")
|
||||||
|
return True
|
||||||
|
|
||||||
|
def _get_upstream(self):
|
||||||
|
"""Choose random upstream and save in session"""
|
||||||
|
if SESSION_UPSTREAM_KEY not in self.request.session:
|
||||||
|
self.request.session[SESSION_UPSTREAM_KEY] = {}
|
||||||
|
if self.app_gw.pk not in self.request.session[SESSION_UPSTREAM_KEY]:
|
||||||
|
upstream_index = int(SystemRandom().random() * len(self.app_gw.upstream))
|
||||||
|
self.request.session[SESSION_UPSTREAM_KEY][self.app_gw.pk] = upstream_index
|
||||||
|
return self.app_gw.upstream[self.request.session[SESSION_UPSTREAM_KEY][self.app_gw.pk]]
|
||||||
|
|
||||||
|
def get_upstream(self):
|
||||||
|
"""Get upstream as parsed url"""
|
||||||
|
upstream = self._get_upstream()
|
||||||
|
|
||||||
|
self._parsed_url = urlparse(upstream)
|
||||||
|
|
||||||
|
if self._parsed_url.scheme not in ('http', 'https'):
|
||||||
|
raise InvalidUpstream(ERRORS_MESSAGES['upstream-no-scheme'] %
|
||||||
|
upstream)
|
||||||
|
|
||||||
|
return upstream
|
||||||
|
|
||||||
|
def _format_path_to_redirect(self):
|
||||||
|
# LOGGER.debug("Path before: %s", self.request.get_full_path())
|
||||||
|
rewriter = Rewriter(self.app_gw, self.request)
|
||||||
|
after = rewriter.build()
|
||||||
|
# LOGGER.debug("Path after: %s", after)
|
||||||
|
return after
|
||||||
|
|
||||||
|
def get_proxy_request_headers(self):
|
||||||
|
"""Get normalized headers for the upstream
|
||||||
|
Gets all headers from the original request and normalizes them.
|
||||||
|
Normalization occurs by removing the prefix ``HTTP_`` and
|
||||||
|
replacing and ``_`` by ``-``. Example: ``HTTP_ACCEPT_ENCODING``
|
||||||
|
becames ``Accept-Encoding``.
|
||||||
|
.. versionadded:: 0.9.1
|
||||||
|
:param request: The original HTTPRequest instance
|
||||||
|
:returns: Normalized headers for the upstream
|
||||||
|
"""
|
||||||
|
return normalize_request_headers(self.request)
|
||||||
|
|
||||||
|
def get_request_headers(self):
|
||||||
|
"""Return request headers that will be sent to upstream.
|
||||||
|
The header REMOTE_USER is set to the current user
|
||||||
|
if AuthenticationMiddleware is enabled and
|
||||||
|
the view's add_remote_user property is True.
|
||||||
|
.. versionadded:: 0.9.8
|
||||||
|
"""
|
||||||
|
request_headers = self.get_proxy_request_headers()
|
||||||
|
if not self.app_gw.authentication_header:
|
||||||
|
return request_headers
|
||||||
|
request_headers[self.app_gw.authentication_header] = self.request.user.get_username()
|
||||||
|
# LOGGER.debug("%s set", self.app_gw.authentication_header)
|
||||||
|
|
||||||
|
return request_headers
|
||||||
|
|
||||||
|
def check_permission(self):
|
||||||
|
"""Check if user is authenticated and has permission to access app"""
|
||||||
|
if not hasattr(self.request, 'user'):
|
||||||
|
return False
|
||||||
|
if not self.request.user.is_authenticated:
|
||||||
|
return False
|
||||||
|
policy_engine = PolicyEngine(POLICY_CACHE[self.app_gw.pk])
|
||||||
|
policy_engine.for_user(self.request.user).with_request(self.request).build()
|
||||||
|
passing, _messages = policy_engine.result
|
||||||
|
|
||||||
|
return passing
|
||||||
|
|
||||||
|
def get_encoded_query_params(self):
|
||||||
|
"""Return encoded query params to be used in proxied request"""
|
||||||
|
get_data = encode_items(self.request.GET.lists())
|
||||||
|
return urlencode(get_data)
|
||||||
|
|
||||||
|
def _created_proxy_response(self, path):
|
||||||
|
request_payload = self.request.body
|
||||||
|
|
||||||
|
# LOGGER.debug("Request headers: %s", self._request_headers)
|
||||||
|
|
||||||
|
request_url = self.get_upstream() + path
|
||||||
|
# LOGGER.debug("Request URL: %s", request_url)
|
||||||
|
|
||||||
|
if self.request.GET:
|
||||||
|
request_url += '?' + self.get_encoded_query_params()
|
||||||
|
# LOGGER.debug("Request URL: %s", request_url)
|
||||||
|
|
||||||
|
http = HTTP
|
||||||
|
if not self.app_gw.upstream_ssl_verification:
|
||||||
|
http = HTTP_NO_VERIFY
|
||||||
|
|
||||||
|
try:
|
||||||
|
proxy_response = http.urlopen(self.request.method,
|
||||||
|
request_url,
|
||||||
|
redirect=False,
|
||||||
|
retries=None,
|
||||||
|
headers=self._request_headers,
|
||||||
|
body=request_payload,
|
||||||
|
decode_content=False,
|
||||||
|
preload_content=False)
|
||||||
|
# LOGGER.debug("Proxy response header: %s",
|
||||||
|
# proxy_response.getheaders())
|
||||||
|
except urllib3.exceptions.HTTPError as error:
|
||||||
|
LOGGER.exception(error)
|
||||||
|
raise
|
||||||
|
|
||||||
|
return proxy_response
|
||||||
|
|
||||||
|
def _replace_host_on_redirect_location(self, proxy_response):
|
||||||
|
location = proxy_response.headers.get('Location')
|
||||||
|
if location:
|
||||||
|
if self.request.is_secure():
|
||||||
|
scheme = 'https://'
|
||||||
|
else:
|
||||||
|
scheme = 'http://'
|
||||||
|
request_host = scheme + self.request.META.get('HTTP_HOST')
|
||||||
|
|
||||||
|
upstream_host_http = 'http://' + self._parsed_url.netloc
|
||||||
|
upstream_host_https = 'https://' + self._parsed_url.netloc
|
||||||
|
|
||||||
|
location = location.replace(upstream_host_http, request_host)
|
||||||
|
location = location.replace(upstream_host_https, request_host)
|
||||||
|
proxy_response.headers['Location'] = location
|
||||||
|
# LOGGER.debug("Proxy response LOCATION: %s",
|
||||||
|
# proxy_response.headers['Location'])
|
||||||
|
|
||||||
|
def _set_content_type(self, proxy_response):
|
||||||
|
content_type = proxy_response.headers.get('Content-Type')
|
||||||
|
if not content_type:
|
||||||
|
content_type = (mimetypes.guess_type(self.request.path)
|
||||||
|
[0] or self.app_gw.default_content_type)
|
||||||
|
proxy_response.headers['Content-Type'] = content_type
|
||||||
|
# LOGGER.debug("Proxy response CONTENT-TYPE: %s",
|
||||||
|
# proxy_response.headers['Content-Type'])
|
||||||
|
|
||||||
|
def get_response(self):
|
||||||
|
"""Pass request to upstream and return response"""
|
||||||
|
self._request_headers = self.get_request_headers()
|
||||||
|
|
||||||
|
path = self._format_path_to_redirect()
|
||||||
|
proxy_response = self._created_proxy_response(path)
|
||||||
|
|
||||||
|
self._replace_host_on_redirect_location(proxy_response)
|
||||||
|
self._set_content_type(proxy_response)
|
||||||
|
response = get_django_response(proxy_response, strict_cookies=False)
|
||||||
|
|
||||||
|
# If response has a 'Location' header, we rewrite that location as well
|
||||||
|
if 'Location' in response:
|
||||||
|
LOGGER.debug("Rewriting Location header")
|
||||||
|
for server_name in self.app_gw.server_name:
|
||||||
|
response['Location'] = response['Location'].replace(
|
||||||
|
self._parsed_url.hostname, server_name)
|
||||||
|
LOGGER.debug(response['Location'])
|
||||||
|
|
||||||
|
# LOGGER.debug("RESPONSE RETURNED: %s", response)
|
||||||
|
return response
|
||||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user