mirror of https://github.com/etesync/server
Compare commits
54 Commits
6ebdc0690d
...
799d17cdb1
Author | SHA1 | Date |
---|---|---|
Tom Hacohen | 799d17cdb1 | 10 months ago |
Tom Hacohen | a54afd5210 | 10 months ago |
Alejandro | 4293acb3a3 | 11 months ago |
LuPa | 55d3fb7e8e | 1 year ago |
Tom Hacohen | 9aaea7b6a7 | 2 years ago |
Tom Hacohen | 0bd40807ba | 2 years ago |
Tom Hacohen | d843d580eb | 2 years ago |
Victor R. Santos | a48f37c0c9 | 2 years ago |
Victor R. Santos | f9645917d7 | 2 years ago |
Tom Hacohen | 4bf81f49ad | 2 years ago |
Tom Hacohen | c61dd86a8c | 2 years ago |
Tom Hacohen | 8c6d04e8d3 | 2 years ago |
Tom Hacohen | 2f1f95fea9 | 2 years ago |
Tom Hacohen | 5f455e55b5 | 2 years ago |
Tom Hacohen | 709a607d47 | 2 years ago |
Tom Hacohen | 0563c6880a | 2 years ago |
Xiretza | cb790734e5 | 2 years ago |
PapaTutuWawa | fac36aae11 | 2 years ago |
Tom Hacohen | 3a4da142dc | 2 years ago |
Xiretza | 79cef79c52 | 2 years ago |
Tom Hacohen | c7d1de31a1 | 2 years ago |
Xiretza | aac27e6a43 | 2 years ago |
Xiretza | 791de952f4 | 2 years ago |
Xiretza | ada5181a7e | 2 years ago |
Xiretza | 9d6e0ae60a | 2 years ago |
Xiretza | 163f7766f1 | 2 years ago |
Xiretza | 13a137a128 | 2 years ago |
Xiretza | e635e081c7 | 2 years ago |
Xiretza | 04ca0ae5db | 2 years ago |
Xiretza | c6b1b855df | 2 years ago |
Xiretza | 5dbb8a4ad8 | 2 years ago |
Xiretza | 70b753cd31 | 2 years ago |
Xiretza | b620d0a39c | 2 years ago |
Xiretza | 76efbb6cb9 | 2 years ago |
Tom Hacohen | dd0e76fc02 | 2 years ago |
Tom Hacohen | 006c5fc242 | 2 years ago |
Tom Hacohen | f62d4ebdfc | 2 years ago |
Tom Hacohen | 247c5ea680 | 2 years ago |
Victor R. Santos | e0010f21f6 | 2 years ago |
Tom Hacohen | ed2e68d4d5 | 2 years ago |
Victor R. Santos | 7bb1bf9d22 | 2 years ago |
Victor R. Santos | d1d58f15c7 | 2 years ago |
Victor R. Santos | ce70045dac | 2 years ago |
Tom Hacohen | ee8349d419 | 2 years ago |
Tom Hacohen | f14d74510b | 2 years ago |
Tom Hacohen | 056d6853a0 | 2 years ago |
Simon Vandevelde | 4c4fa3d726 | 3 years ago |
James | 453869d71d | 3 years ago |
Mohammed Anas | d11504093c | 3 years ago |
Tom Hacohen | d4de717cf7 | 3 years ago |
Dustin J. Mitchell | 43d5af32d7 | 3 years ago |
Dustin J. Mitchell | 7c58540409 | 3 years ago |
Zakkumaru | 58163d6678 | 3 years ago |
Tom Hacohen | 21e5382fc4 | 3 years ago |
@ -0,0 +1,16 @@
|
|||||||
|
/db.sqlite3*
|
||||||
|
Session.vim
|
||||||
|
/local_settings.py
|
||||||
|
.venv
|
||||||
|
/assets
|
||||||
|
/logs
|
||||||
|
/.coverage
|
||||||
|
/tmp
|
||||||
|
/media
|
||||||
|
|
||||||
|
__pycache__
|
||||||
|
.*.swp
|
||||||
|
|
||||||
|
/.*
|
||||||
|
|
||||||
|
/sandbox
|
@ -1,3 +0,0 @@
|
|||||||
from django.dispatch import Signal
|
|
||||||
|
|
||||||
user_signed_up = Signal(providing_args=["request", "user"])
|
|
@ -0,0 +1,16 @@
|
|||||||
|
#! /bin/bash
|
||||||
|
|
||||||
|
# Build the `test-server` image, which runs the server in a simple configuration
|
||||||
|
# designed to be used in tests, based on the current git revision.
|
||||||
|
|
||||||
|
TAG="${1:-latest}"
|
||||||
|
|
||||||
|
echo "Building working copy to etesync/test-server:${TAG}"
|
||||||
|
|
||||||
|
ETESYNC_VERSION=$(git describe --tags)
|
||||||
|
|
||||||
|
docker build \
|
||||||
|
--build-arg ETESYNC_VERSION=${ETESYNC_VERSION} \
|
||||||
|
-t etesync/test-server:${TAG} \
|
||||||
|
-f docker/test-server/Dockerfile \
|
||||||
|
.
|
@ -0,0 +1,38 @@
|
|||||||
|
FROM python:3.11.0-alpine
|
||||||
|
|
||||||
|
ARG ETESYNC_VERSION
|
||||||
|
|
||||||
|
ENV PIP_DISABLE_PIP_VERSION_CHECK=1
|
||||||
|
ENV PIP_NO_CACHE_DIR=1
|
||||||
|
|
||||||
|
# install packages and pip requirements first, in a single step,
|
||||||
|
COPY /requirements.txt /requirements.txt
|
||||||
|
RUN set -ex ;\
|
||||||
|
apk add libpq postgresql-dev --virtual .build-deps coreutils gcc libc-dev libffi-dev make ;\
|
||||||
|
pip install -U pip ;\
|
||||||
|
pip install --no-cache-dir --progress-bar off -r /requirements.txt ;\
|
||||||
|
apk del .build-deps make gcc coreutils ;\
|
||||||
|
rm -rf /root/.cache
|
||||||
|
|
||||||
|
COPY . /app
|
||||||
|
|
||||||
|
RUN set -ex ;\
|
||||||
|
mkdir -p /data/static /data/media ;\
|
||||||
|
cd /app ;\
|
||||||
|
mkdir -p /etc/etebase-server ;\
|
||||||
|
cp docker/test-server/etebase-server.ini /etc/etebase-server ;\
|
||||||
|
sed -e '/ETEBASE_CREATE_USER_FUNC/ s/^#*/#/' -i /app/etebase_server/settings.py ;\
|
||||||
|
chmod +x docker/test-server/entrypoint.sh
|
||||||
|
|
||||||
|
# this is a test image and should start up quickly, so it starts with the DB
|
||||||
|
# and static data already fully set up.
|
||||||
|
RUN set -ex ;\
|
||||||
|
cd /app ;\
|
||||||
|
python manage.py migrate ;\
|
||||||
|
python manage.py collectstatic --noinput
|
||||||
|
|
||||||
|
ENV ETESYNC_VERSION=${ETESYNC_VERSION}
|
||||||
|
VOLUME /data
|
||||||
|
EXPOSE 3735
|
||||||
|
|
||||||
|
ENTRYPOINT ["/app/docker/test-server/entrypoint.sh"]
|
@ -0,0 +1,6 @@
|
|||||||
|
#! /bin/sh
|
||||||
|
|
||||||
|
echo "Running etesync test server ${ETESYNC_VERSION}"
|
||||||
|
|
||||||
|
cd /app
|
||||||
|
uvicorn etebase_server.asgi:application --host 0.0.0.0 --port 3735
|
@ -0,0 +1,12 @@
|
|||||||
|
[global]
|
||||||
|
secret_file = secret.txt
|
||||||
|
debug = true
|
||||||
|
static_root = /data/static
|
||||||
|
media_root = /data/media
|
||||||
|
|
||||||
|
[allowed_hosts]
|
||||||
|
allowed_host1 = *
|
||||||
|
|
||||||
|
[database]
|
||||||
|
engine = django.db.backends.sqlite3
|
||||||
|
name = /data/db.sqlite3
|
@ -0,0 +1,4 @@
|
|||||||
|
from django.dispatch import Signal
|
||||||
|
|
||||||
|
# Provides arguments "request" and "user"
|
||||||
|
user_signed_up = Signal()
|
@ -1,6 +1,6 @@
|
|||||||
from django import forms
|
from django import forms
|
||||||
from django.contrib.auth.forms import UsernameField
|
from django.contrib.auth.forms import UsernameField
|
||||||
from myauth.models import get_typed_user_model
|
from etebase_server.myauth.models import get_typed_user_model
|
||||||
|
|
||||||
User = get_typed_user_model()
|
User = get_typed_user_model()
|
||||||
|
|
@ -0,0 +1,109 @@
|
|||||||
|
import logging
|
||||||
|
|
||||||
|
from django.utils import timezone
|
||||||
|
from django.conf import settings
|
||||||
|
from django.core.exceptions import PermissionDenied as DjangoPermissionDenied
|
||||||
|
from etebase_server.django.utils import CallbackContext
|
||||||
|
from etebase_server.myauth.models import get_typed_user_model, UserType
|
||||||
|
from etebase_server.fastapi.dependencies import get_authenticated_user
|
||||||
|
from etebase_server.fastapi.exceptions import PermissionDenied as FastAPIPermissionDenied
|
||||||
|
from fastapi import Depends
|
||||||
|
|
||||||
|
import ldap
|
||||||
|
|
||||||
|
User = get_typed_user_model()
|
||||||
|
|
||||||
|
|
||||||
|
def ldap_setting(name, default):
|
||||||
|
"""Wrapper around django.conf.settings"""
|
||||||
|
return getattr(settings, f"LDAP_{name}", default)
|
||||||
|
|
||||||
|
|
||||||
|
class LDAPConnection:
|
||||||
|
__instance__ = None
|
||||||
|
__user_cache = {} # Username -> Valid until
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def get_instance():
|
||||||
|
"""To get a Singleton"""
|
||||||
|
if not LDAPConnection.__instance__:
|
||||||
|
return LDAPConnection()
|
||||||
|
else:
|
||||||
|
return LDAPConnection.__instance__
|
||||||
|
|
||||||
|
def __init__(self):
|
||||||
|
# Cache some settings
|
||||||
|
self.__LDAP_FILTER = ldap_setting("FILTER", "")
|
||||||
|
self.__LDAP_SEARCH_BASE = ldap_setting("SEARCH_BASE", "")
|
||||||
|
|
||||||
|
# The time a cache entry is valid (in hours)
|
||||||
|
try:
|
||||||
|
self.__LDAP_CACHE_TTL = int(ldap_setting("CACHE_TTL", ""))
|
||||||
|
except ValueError:
|
||||||
|
logging.error("Invalid value for cache_ttl. Defaulting to 1 hour")
|
||||||
|
self.__LDAP_CACHE_TTL = 1
|
||||||
|
|
||||||
|
password = ldap_setting("BIND_PW", "")
|
||||||
|
if not password:
|
||||||
|
pw_file = ldap_setting("BIND_PW_FILE", "")
|
||||||
|
if pw_file:
|
||||||
|
with open(pw_file, "r") as f:
|
||||||
|
password = f.read().replace("\n", "")
|
||||||
|
|
||||||
|
self.__ldap_connection = ldap.initialize(ldap_setting("SERVER", ""))
|
||||||
|
try:
|
||||||
|
self.__ldap_connection.simple_bind_s(ldap_setting("BIND_DN", ""), password)
|
||||||
|
except ldap.LDAPError as err:
|
||||||
|
logging.error(f"LDAP Error occurring during bind: {err.desc}")
|
||||||
|
|
||||||
|
def __is_cache_valid(self, username):
|
||||||
|
"""Returns True if the cache entry is still valid. Returns False otherwise."""
|
||||||
|
if username in self.__user_cache:
|
||||||
|
if timezone.now() <= self.__user_cache[username]:
|
||||||
|
# Cache entry is still valid
|
||||||
|
return True
|
||||||
|
return False
|
||||||
|
|
||||||
|
def __remove_cache(self, username):
|
||||||
|
del self.__user_cache[username]
|
||||||
|
|
||||||
|
def has_user(self, username):
|
||||||
|
"""
|
||||||
|
Since we don't care about the password and so authentication
|
||||||
|
another way, all we care about is whether the user exists.
|
||||||
|
"""
|
||||||
|
if self.__is_cache_valid(username):
|
||||||
|
return True
|
||||||
|
if username in self.__user_cache:
|
||||||
|
self.__remove_cache(username)
|
||||||
|
|
||||||
|
filterstr = self.__LDAP_FILTER.replace("%s", username)
|
||||||
|
try:
|
||||||
|
result = self.__ldap_connection.search_s(self.__LDAP_SEARCH_BASE, ldap.SCOPE_SUBTREE, filterstr=filterstr)
|
||||||
|
except ldap.NO_RESULTS_RETURNED:
|
||||||
|
# We handle the specific error first and the the generic error, as
|
||||||
|
# we may expect ldap.NO_RESULTS_RETURNED, but not any other error
|
||||||
|
return False
|
||||||
|
except ldap.LDAPError as err:
|
||||||
|
logging.error(f"Error occurred while performing an LDAP query: {err.desc}")
|
||||||
|
return False
|
||||||
|
|
||||||
|
if len(result) == 1:
|
||||||
|
self.__user_cache[username] = timezone.now() + timezone.timedelta(hours=self.__LDAP_CACHE_TTL)
|
||||||
|
return True
|
||||||
|
return False
|
||||||
|
|
||||||
|
|
||||||
|
def is_user_in_ldap(user: UserType = Depends(get_authenticated_user)):
|
||||||
|
if not LDAPConnection.get_instance().has_user(user.username):
|
||||||
|
raise FastAPIPermissionDenied(detail="User not in LDAP directory.")
|
||||||
|
|
||||||
|
|
||||||
|
def create_user(context: CallbackContext, *args, **kwargs):
|
||||||
|
"""
|
||||||
|
A create_user function which first checks if the user already exists in the
|
||||||
|
configured LDAP directory.
|
||||||
|
"""
|
||||||
|
if not LDAPConnection.get_instance().has_user(kwargs["username"]):
|
||||||
|
raise DjangoPermissionDenied("User not in the LDAP directory.")
|
||||||
|
return User.objects.create_user(*args, **kwargs)
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in new issue