Commit 9b61f515 authored by Jonathan Schaeffer's avatar Jonathan Schaeffer

methode cleanup simplifiée

parent 7e0483e8
......@@ -8,40 +8,14 @@ Output : a login and password in the `login:password` form
This login and password is valid for a certain amount of time (24h typically)
## Playing around
``` shell
pip install gunicorn httpie
gunicorn --reload -w 1 eidaws_auth:auth
```
Then, to send a post request :
``` shell
http localhost:8000/version
http POST localhost:8000 < token.asc
```
## Running tests
``` shell
pip install -e .
pytest
```
## Configuration
The conifguration is set in the `eidawsauth/config.py` file.
To configure the database connection, copy `configurations/default.py` to `configurations/production.py` for instance. Then edit the file with everything you need.
There are 4 classes :
- `Config` : the root class with some defaults
- `Production` : the configuration suitable for production
- `Test` : the configuration suitable for pytest
- `Dev` : the configuration for the developpment environment
You can choose the configuration class by setting up the `RUNMODE` environment variable. Default value is DEVELOPMENT
From the value of the `RUNMODE` environment variable, the name of the configuration file is choosen.
``` shell
RUNMODE=PRODUCTION gunicorn -w 4 eidaws_auth:aut
RUNMODE=development python eidawsauth.py
```
## Database initialisation
......@@ -93,6 +67,25 @@ Contraintes de clés étrangères :
"aut_user_network_id_fkey" FOREIGN KEY (network_id) REFERENCES networks(network_id) ON DELETE SET DEFAULT
```
## Playing around
After the Database initialisation, the application can be run in a virtual environment.
``` shell
pip install -r requirements.txt
cd eidawsauth
FLASK_ENV=development RUNMODE=development python eidawsauth.py
```
Then, to send a post request :
``` shell
http localhost:8000/version
http POST localhost:8000 < token.asc
```
## Running tests
# Explanations
......
......@@ -4,6 +4,5 @@ import importlib
for module in os.listdir(os.path.dirname(__file__)):
if module == '__init__.py' or module[-3:] != '.py':
continue
# importlib.import_module(module[:-3])
importlib.import_module('.'+module[:-3], 'configurations')
del module
......@@ -65,6 +65,7 @@ def register_login(login, password):
- Generate Login and Password hash
- register in the users table
"""
expiration_time=datetime.datetime.now()+datetime.timedelta(days=1)
try:
conn = psycopg2.connect(dbname= application.config['AUTHDBNAME'],
port = application.config['AUTHDBPORT'],
......@@ -83,13 +84,13 @@ def register_login(login, password):
cur.execute("""
INSERT INTO users VALUES (DEFAULT, %(login)s, 'Temp', 'EIDA', %(tmpmail)s, %(expiration)s);
""",
{'login': login, 'tmpmail': "%s@eida"%(login),'expiration': datetime.datetime.now()+datetime.timedelta(days=1)}
{'login': login, 'tmpmail': "%s@eida"%(login),'expiration': expiration_time }
)
cur.execute("""
INSERT INTO credentials VALUES (CURRVAL('users_user_index_seq'), NULL, %(wsshash)s);
INSERT INTO credentials VALUES (CURRVAL('users_user_index_seq'), NULL, %(wsshash)s, %(expiration)s);
""",
{'wsshash': wsshash(login, password)}
{'wsshash': wsshash(login, password), 'expiration': expiration_time }
)
conn.commit()
conn.close()
......@@ -106,7 +107,7 @@ def register_privileges(login, fdsn_refs):
user= application.config['PRIVILEGEDBUSER'],
password = application.config['PRIVILEGEDBPASSWORD'])
cur = conn.cursor()
logging.debug("Connected to users database")
logging.debug("Connected to privileges database")
except Exception as e:
logging.error("Unable to connect to database %s as %s@%s:%s"%(application.config['PRIVILEGEDBNAME'],
application.config['PRIVILEGEDBUSER'],
......@@ -117,13 +118,14 @@ def register_privileges(login, fdsn_refs):
# Get the network id
for ref in fdsn_refs:
ref['login'] = login
ref['expiration'] = datetime.datetime.now()+datetime.timedelta(days=1)
cur.execute("""
select network_id from networks where start_year=%(startyear)s and end_year=%(endyear)s and network=%(networkcode)s;
""", ref)
ref['networkid'] = cur.fetchone()[0]
logging.info(ref)
logging.info("Inserting tupple in %s.eida_temp_users: %s"%(application.config['PRIVILEGEDBNAME'], ref))
cur.execute("""
insert into eida_temp_users (network_id, network, start_year, end_year, name) values (%(networkid)s, %(networkcode)s, %(startyear)s, %(endyear)s, %(login)s);
insert into eida_temp_users (network_id, network, start_year, end_year, name, expiration) values (%(networkid)s, %(networkcode)s, %(startyear)s, %(endyear)s, %(login)s, %(expiration)s);
""", ref)
conn.commit()
conn.close()
......@@ -139,9 +141,7 @@ def cleanup():
Clean old temporary logins and passwords in both databases.
"""
logging.info("Cleaning up expired temporary accounts")
nb_expired_accounts = 0
old_users_entries = 0
old_users = ""
rows_deleted = 0
try:
conn = psycopg2.connect(dbname= application.config['AUTHDBNAME'],
port = application.config['AUTHDBPORT'],
......@@ -150,10 +150,11 @@ def cleanup():
password = application.config['AUTHDBPASSWORD'])
cur = conn.cursor()
logging.debug("Connected to users database")
cur.execute("select user_index,login from users where expires_at < now();")
nb_expired_accounts = cur.rowcount
old_users_entries = cur.fetchall()[:1000]
old_users = ','.join( str(u[0]) for u in old_users_entries )
cur.execute("delete from credentials where expiration < now();")
cur.execute("delete from users where expires_at < now();")
rows_deleted = cur.rowcount
conn.commit()
conn.close()
except Exception as e:
logging.error("Unable to connect to database %s as %s@%s:%s"%(application.config['AUTHDBNAME'],
application.config['AUTHDBUSER'],
......@@ -161,17 +162,6 @@ def cleanup():
application.config['AUTHDBPORT']))
raise e
logging.debug("%d users to delete"%(len(old_users_entries)))
if len(old_users_entries) > 0 :
try :
cur.execute("delete from credentials where user_index in (%s);",(AsIs(old_users),))
cur.execute("delete from users where user_index in (%s);", (AsIs(old_users),))
except Exception as e:
logging.error("Unable de delete from credentials or users")
logging.error(e)
conn.commit()
conn.close()
try:
conn = psycopg2.connect(dbname= application.config['PRIVILEGEDBNAME'],
port = application.config['PRIVILEGEDBPORT'],
......@@ -180,11 +170,8 @@ def cleanup():
password = application.config['PRIVILEGEDBPASSWORD'])
cur = conn.cursor()
logging.debug("Connected to privlieges database")
old_users = ','.join(str(u[1]) for u in old_users_entries)
logging.debug("Deleting from privileges database: %s", old_users)
cur.execute("""
delete from eida_temp_users where name in (%s);
""", (AsIs(old_users),))
cur.execute("delete from eida_temp_users where expiration < now();")
conn.commit()
conn.close()
except Exception as e:
......@@ -193,8 +180,7 @@ def cleanup():
application.config['PRIVILEGEDBHOST'],
application.config['PRIVILEGEDBPORT']))
raise e
logging.info("Deleted %d over %d expired accounts"%(len(old_users_entries), nb_expired_accounts))
return Response("Deleted %d expired accounts."%(len(old_users_entries)), status=200)
return Response("Deleted %d expired accounts."%(rows_deleted), status=200)
@application.route("/", methods=['POST'])
def auth():
......@@ -221,7 +207,9 @@ def auth():
# Check membership and get FDSN references
fdsn_memberships = []
for em in tokendict['memberof'].split(';'):
logging.debug("EPOS membership: "+em)
if em in application.config['EPOS_FDSN_MAP']:
logging.debug(" ... is in epos fdsn map")
fdsn_memberships.append(application.config['EPOS_FDSN_MAP'][em])
# If fdsn_memberships is empty, there is no point to continue.
if len(fdsn_memberships) == 0 :
......@@ -236,6 +224,7 @@ def auth():
register_login(login, password)
# Store in PRIVILEGEDB
logging.debug("FDSN memberships: %s"%(fdsn_memberships))
register_privileges(login, fdsn_memberships)
# Return
return "%s:%s"%(login, password)
......
atomicwrites==1.3.0
attrs==19.1.0
bleach==3.1.0
certifi==2019.3.9
chardet==3.0.4
Click==7.0
coverage==4.5.3
docutils==0.14
eidaws-auth==0.0.1
-e git+git@gitlab.com:resif/ws-eidaauth.git@c904cdb6b3c0b5e52b554dd5fcf4fee095d6f104#egg=eidawsauth
filelock==3.0.10
click==7.1.1
Flask==1.1.1
gunicorn==19.9.0
idna==2.8
itsdangerous==1.1.0
Jinja2==2.10.3
Jinja2==2.11.1
MarkupSafe==1.1.1
more-itertools==6.0.0
PACKAGENAME==0.0.0
pkginfo==1.5.0.1
pluggy==0.9.0
psycopg2-binary==2.7.7
py==1.8.0
Pygments==2.3.1
pytest==4.3.1
pytest-datafiles==2.0
python-gnupg==0.4.4
readme-renderer==24.0
requests==2.21.0
requests-toolbelt==0.9.1
six==1.12.0
toml==0.10.0
tox==3.7.0
tqdm==4.31.1
twine==1.13.0
urllib3==1.24.1
virtualenv==16.4.3
webencodings==0.5.1
Werkzeug==0.15.4
psutil==5.7.0
psycopg2-binary==2.8.4
python-gnupg==0.4.5
Werkzeug==1.0.0
......@@ -19,7 +19,7 @@ setup(
license='GPL-3.0',
packages=find_packages(),
install_requires=[
'Flask==1.0.2', 'psycopg2-binary==2.7.7', 'python-gnupg==0.4.4'
'Flask==1.1.1', 'psycopg2-binary', 'python-gnupg==0.4.5'
],
keywords=[
'',
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment