WIP: Feat/vue

docker-compose.test.yml → backend/docker-compose.test.yml

@@ -20,9 +20,11 @@ services:
     depends_on:
       - ci_dblama
       - ci_ldap
+    volumes:
+      - ./coverage-reports:/coverage-reports
     ports:
       - 0.0.0.0:8888:80
-  
+
   ci_dblama:
     image: postgres:11.2-alpine
     networks:

backend/docker-compose.yml

@@ -0,0 +1,58 @@
+# DEV SETUP!
+version: "3"
+
+networks:
+  pg_db:
+    external: false
+  ldap_net:
+    external: false
+
+services:
+  api:
+    image: lama:0.1
+    build:
+      context: docker/lama
+      dockerfile: Dockerfile.dev
+    networks:
+      - ldap_net
+      - pg_db
+    env_file:
+      - docker/lama/dev.env
+    volumes:
+      - ./src:/lama
+      - ./coverage-reports:/coverage-reports
+    depends_on:
+      - db
+      - ldap
+    ports:
+      - 0.0.0.0:8000:80
+
+  db:
+    image: postgres:11.2-alpine
+    networks:
+      - pg_db
+    volumes:
+      - ./db/pgdata/:/var/lib/postgresql/data/
+    env_file:
+      - docker/lama/dev.env
+
+  ldap:
+    image: docker.clkl.de/ldap/ldap:0.3-lama
+    build:
+      context: docker/ldap
+      dockerfile: Dockerfile.ldap
+    env_file: docker/ldap/ldap.env
+    networks:
+      - ldap_net
+
+  ldap_admin:
+    image: docker.clkl.de/ldap/admin:0.1-lama
+    build:
+      context: docker/ldap
+      dockerfile: Dockerfile.admin
+    networks:
+      - ldap_net
+    depends_on:
+      - ldap
+    ports:
+      - 0.0.0.0:8888:80

docker/lama/Dockerfile.dev → backend/docker/lama/Dockerfile.dev

@@ -7,5 +7,7 @@ WORKDIR /lama
 EXPOSE 80
 
 COPY entrypoint.sh /
-CMD ["python3", "manage.py", "runserver", "0.0.0.0:80"]
-#CMD ["/entrypoint.sh"]
+RUN chmod +x /entrypoint.sh
+
+#CMD ["python3", "manage.py", "runserver", "0.0.0.0:80"]
+CMD ["/entrypoint.sh"]

docker/lama/Dockerfile.test → backend/docker/lama/Dockerfile.test

@@ -2,11 +2,13 @@ FROM alpine:3.9
 ADD ["docker/lama/requirements.txt", "/requirements.txt"]
 RUN apk upgrade --update && \
 	apk add --update python3 build-base openldap-dev python3-dev py3-psycopg2 && \
-	pip3 install -r /requirements.txt && rm /requirements.txt
+	pip3 install -r /requirements.txt && rm /requirements.txt && \
+	pip3 install coverage
 WORKDIR /lama
 EXPOSE 80
 
 #ENTRYPOINT ["python3", "manage.py"]
 ADD ["./src", "/lama"]
-ADD ["./docker/lama/entrypoint.sh", "/lama/entrypoint.sh"]
+ADD ["./docker/lama/entrypoint.test.sh", "/lama/entrypoint.sh"]
+RUN chmod +x /lama/entrypoint.sh
 CMD ["python3", "manage.py", "runserver", "0.0.0.0:80"]

docker/lama/dev.env → backend/docker/lama/dev.env

@@ -6,7 +6,7 @@ SITE_NAME=LAMa
 SECRET_KEY=supersecret
 ALLOWED_HOSTS=localhost
 
-DATABASE_HOST=dblama
+DATABASE_HOST=db
 DATABASE_PORT=5432
 
 POSTGRES_USER=lama

backend/docker/lama/entrypoint.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+echo "-------- make migrations --------"
+python3 /lama/manage.py makemigrations account_helper
+echo "-------- migrate --------"
+python3 /lama/manage.py migrate
+echo "-------- generate test data --------"
+python3 /lama/manage.py generate_test_data
+echo "-------- start server --------"
+python3 /lama/manage.py runserver 0.0.0.0:80

docker/lama/entrypoint.sh → backend/docker/lama/entrypoint.test.sh

@@ -4,4 +4,6 @@ python3 /lama/manage.py makemigrations account_helper
 echo "-------- migrate --------"
 python3 /lama/manage.py migrate
 echo "-------- start test --------"
-python3 /lama/manage.py test
+coverage run /lama/manage.py test
+echo "-------- write test report --------"
+coverage xml -i -o /coverage-reports/coverage.xml

backend/docker/lama/requirements.txt

@@ -0,0 +1,10 @@
+Django==3.0.3
+django-auth-ldap==2.1.0
+django-ldapdb==1.4.0
+Jinja2==2.10.3
+djangorestframework==3.11.0
+djangorestframework-simplejwt==4.4.0
+django-cors-headers==3.2.1
+PyYAML==5.3.1
+uritemplate==3.0.1
+drf-yasg==1.17.1

docker/ldap/Dockerfile.ldap → backend/docker/ldap/Dockerfile.ldap

@@ -1,13 +1,15 @@
-FROM alpine:3.9
+FROM alpine:3.11
+
+ENV LDAP_PACKAGE_NAME OPENLDAP_REL_ENG_2_4_49
 
 RUN apk add --upgrade --no-cache build-base groff libtool openldap openssl-dev cyrus-sasl-dev util-linux-dev
 
 WORKDIR /openldap
-RUN wget https://github.com/openldap/openldap/archive/OPENLDAP_REL_ENG_2_4_47.zip\
-  && unzip -d /openldap OPENLDAP_REL_ENG_2_4_47.zip\
-  && rm OPENLDAP_REL_ENG_2_4_47.zip\
-  && mv openldap-OPENLDAP_REL_ENG_2_4_47/* .\
-  && rm -r openldap-OPENLDAP_REL_ENG_2_4_47/
+RUN wget https://github.com/openldap/openldap/archive/${LDAP_PACKAGE_NAME}.zip \
+  && unzip -d /openldap ${LDAP_PACKAGE_NAME}.zip\
+  && rm ${LDAP_PACKAGE_NAME}.zip\
+  && mv openldap-${LDAP_PACKAGE_NAME}/* .\
+  && rm -r openldap-${LDAP_PACKAGE_NAME}/
 
 RUN ./configure --prefix=/usr	\
 	--sysconfdir=/etc	\
@@ -37,7 +39,7 @@ RUN make depend \
 	&& make \
 	&& make prefix=/usr libexec=/usr/lib -C contrib/slapd-modules/lastbind \
 	&& make install \
-	&& make prefix=/usr libexec=/usr/lib -C contrib/slapd-modules/lastbind install 
+	&& make prefix=/usr libexec=/usr/lib -C contrib/slapd-modules/lastbind install
 
 
 #RUN adduser ldap -D
@@ -61,6 +63,7 @@ RUN sed -i s/dc:\ $dc/dc:\ $dcr/g /etc/openldap/start.ldif
 ADD slapd.conf /etc/openldap/slapd.conf
 RUN chown ldap:ldap -R /etc/openldap
 RUN chown ldap:ldap -R /var/lib/openldap
+RUN chmod +x /entrypoint.sh
 
 EXPOSE 389
 

backend/requirements.txt

@@ -0,0 +1,10 @@
+Django==3.0.3
+python-ldap==3.2.0
+django-auth-ldap==2.1.0
+django-ldapdb==1.4.0
+Jinja2==2.10.3
+djangorestframework==3.11.0
+django-cors-headers==3.2.1
+PyYAML==5.3.1
+uritemplate==3.0.1
+drf-yasg==1.17.1

src/account_helper/management/commands/deletable.py → backend/src/account_helper/management/commands/deletable.py

@@ -47,7 +47,7 @@ def handle(self, *args, **options):
                 LdapUser.base_dn = LdapUser.ROOT_DN
                 ldap_user = LdapUser.objects.get(dn=deletable.ldap_dn)
                 ldap_user.delete_complete()
-            except ObjectDoesNotExist as err:
+            except ObjectDoesNotExist:
                 self.stdout.write(self.style.ERROR(f"User with the username {options['fduser']} not found."))
             return
         elif not options['all'] and not options['fduser']:

backend/src/account_helper/management/commands/generate_test_data.py

@@ -0,0 +1,36 @@
+from django.contrib.auth.models import User, Permission
+from django.core.management.base import BaseCommand
+
+from account_helper.models import Realm
+from account_manager.models import LdapGroup, LdapUser
+
+
+class Command(BaseCommand):
+    help = 'Generate test data'
+
+    def handle(self, *args, **options):
+        try:
+            admin = User.objects.create_superuser(username="admin", email="admin@admin.de", password="2malDrei")
+            admin.is_superuser = True
+            admin.is_active = True
+            admin.is_staff = True
+            admin.is_admin = True
+            admin.save()
+        except Exception:
+            admin = User.objects.get(username="admin")
+
+        wiai = Realm.objects.create(name="WIAI", ldap_base_dn="ou=wiai,ou=fachschaften,dc=test,dc=de",
+                                    email="test@root.de")
+        Realm.objects.create(name="SOWI", ldap_base_dn="ou=sowi,ou=fachschaften,dc=test,dc=de")
+        Realm.objects.create(name="HUWI", ldap_base_dn="ou=huwi,ou=fachschaften,dc=test,dc=de")
+
+        ldap_user, user = LdapUser.create_with_django_user(realm=wiai,
+                                                           username="test",
+                                                           email="test@test.de",
+                                                           password="2malDrei")
+        ldap_group = LdapGroup.full_create(wiai, name="TestGroup", members=[ldap_user.dn])
+        django_group = ldap_group.get_django_group()
+
+        permission = Permission.objects.get(codename="add_deleteduser")
+        django_group.permissions.add(permission)
+        django_group.save()

src/account_helper/models.py → backend/src/account_helper/models.py

@@ -1,16 +1,38 @@
+from django.conf import settings
 from django.contrib.auth.models import Group, User
 from django.db import models
 from django.utils import timezone
-from django.conf import settings
-
 
 # Create your models here.
+from account_helper.validators import validate_ldap_base_dn
+
+
 class Realm(models.Model):
     name = models.CharField(max_length=200, unique=True)
     email = models.CharField(max_length=200)
     admin_group = models.ForeignKey(Group, models.PROTECT, blank=True, null=True, related_name='admin_groups')
     default_group = models.ForeignKey(Group, models.PROTECT, blank=True, null=True, related_name='default_groups')
-    ldap_base_dn = models.CharField(max_length=400, unique=True)
+    ldap_base_dn = models.CharField(max_length=400, unique=True, validators=[validate_ldap_base_dn])
+
+    def delete(self, using=None, keep_parents=False):
+        from account_manager.models import LdapUser
+        from account_manager.models import LdapGroup
+        from _ldap import LDAPError
+        try:
+            ldap_users = LdapUser.get_users(self)
+            ldap_usernames = [user.username for user in ldap_users]
+            ldap_groups = LdapGroup.get_groups(self)
+            ldap_groupnames = [group.name for group in ldap_groups]
+            django_user = User.objects.filter(username__contains=ldap_usernames)
+            django_groups = Group.objects.filter(name__contains=ldap_groupnames)
+            django_user.delete()
+            django_groups.delete()
+            ldap_users.delete()
+            ldap_groups.delete()
+        except LDAPError:
+            # TODO: Save delete
+            pass
+        return super().delete(using, keep_parents)
 
     def __str__(self):
         return f'{self.name} - {self.ldap_base_dn}'

backend/src/account_helper/validators.py

@@ -0,0 +1,8 @@
+import logging
+
+logger = logging.getLogger(__name__)
+
+
+def validate_ldap_base_dn(ldap_base_dn):
+    from account_manager.models import LdapUser
+    LdapUser.creation_test(ldap_base_dn)

backend/src/account_manager/api/v1/authentication/serializers.py

@@ -0,0 +1,36 @@
+from django.contrib.auth.models import User, Permission
+from rest_framework_simplejwt.serializers import TokenObtainPairSerializer
+
+import logging
+
+logger = logging.getLogger(__name__)
+
+
+class LamaTokenObtainPairSerializer(TokenObtainPairSerializer):
+
+    @classmethod
+    def get_token(cls, user: User):
+        token = super().get_token(user)
+
+        if user.is_superuser:
+            permissions = Permission.objects.all()
+        else:
+            permissions = user.user_permissions.all() | Permission.objects.filter(group__user=user)
+        perm_tuple = [LamaTokenObtainPairSerializer._get_casl_dict(x.codename, x.name) for x in permissions]
+
+        logger.error(Permission.objects.all())
+        logger.error(user.user_permissions.all())
+        # Add custom claims
+        token['user'] = {'username': user.username, 'email': user.email, 'rules': perm_tuple}
+        # ...
+
+        return token
+
+    @staticmethod
+    def _get_casl_dict(codename: str, description: str):
+        splitted_codename = codename.split('_')
+        subject = splitted_codename[-1]
+        subject = subject.capitalize()
+        action = "_".join(splitted_codename[0:-2]) if len(splitted_codename) > 2 else splitted_codename[0]
+
+        return {'action': action, 'subject': subject, 'description': description}

backend/src/account_manager/api/v1/authentication/views.py

@@ -0,0 +1,6 @@
+from .serializers import LamaTokenObtainPairSerializer
+from rest_framework_simplejwt.views import TokenObtainPairView
+
+
+class LamaTokenObtainPairView(TokenObtainPairView):
+    serializer_class = LamaTokenObtainPairSerializer

backend/src/account_manager/api/v1/group/serializers.py

@@ -0,0 +1,25 @@
+from rest_framework import serializers
+from rest_framework.exceptions import ValidationError
+from rest_framework.serializers import raise_errors_on_nested_writes
+
+from account_helper.models import Realm
+from account_manager.models import LdapGroup
+
+
+class LdapGroupSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = LdapGroup
+        fields = ('dn', 'name', 'description', 'members')
+        read_only_fields = ('dn',)
+        extra_kwargs = {'description': {'required': False}}
+
+    def create(self, validated_data):
+        realm_id = self.context["view"].kwargs.get("realm_id")
+        realms = Realm.objects.filter(id=realm_id)
+        if not realms.exists():
+            raise ValidationError(f"Realm with {realm_id} not found")
+        return LdapGroup.full_create(realms.first(), **validated_data)
+
+    def update(self, instance, validated_data):
+        raise_errors_on_nested_writes('update', self, validated_data)
+        return instance.full_update(instance, **validated_data)