Merge pull request #176 from ComputerScienceHouse/develop

Conditional v1.7.0

Author: devinmatte

.travis.yml

@@ -1,6 +1,6 @@
 language: python
 python:
-  - "3.3"
+  - "3.6"
 
 install:
   - "pip install -r requirements.txt"

Dockerfile

@@ -0,0 +1,26 @@
+FROM python:3.6-stretch
+MAINTAINER Devin Matte <matted@csh.rit.edu>
+
+RUN mkdir /opt/conditional
+
+ADD requirements.txt /opt/conditional
+
+WORKDIR /opt/conditional
+
+RUN apt-get -yq update && \
+    apt-get -yq install libsasl2-dev libldap2-dev libssl-dev && \
+    pip install -r requirements.txt && \
+    apt-get -yq clean all
+
+ADD . /opt/conditional
+
+RUN curl -sL https://deb.nodesource.com/setup_6.x | bash - && \
+    apt-get -yq update && \
+    apt-get -yq install nodejs npm && \
+    npm install && \
+    npm run production && \
+    rm -rf node_modules && \
+    apt-get -yq remove nodejs npm && \
+    apt-get -yq clean all
+
+CMD ["gunicorn", "conditional:app", "--bind=0.0.0.0:8080", "--access-logfile=-"]

README.md

@@ -31,8 +31,24 @@ Then, install the pipeline and frontend dependencies:
 npm install
 ```
 
+### Config
+
 You must create `config.py` in the top-level directory with the appropriate credentials for the application to run. See `config.sample.py` for an example.
 
+#### Add OIDC Config
+Reach out to an RTP to get OIDC credentials that will allow you to develop locally behind OIDC auth
+```
+# OIDC Config
+OIDC_ISSUER = "https://sso.csh.rit.edu/auth/realms/csh"
+OIDC_CLIENT_CONFIG = {
+    'client_id': '',
+    'client_secret': '',
+    'post_logout_redirect_uris': ['http://0.0.0.0:6969/logout']
+}
+```
+
+### Run
+
 Once you have all of the dependencies installed, simply run:
 
 ```

conditional/__init__.py

@@ -1,27 +1,28 @@
+# pylint: disable=wrong-import-order
+from ._version import __version__
+
 import os
-import subprocess
 from datetime import datetime
-from flask import Flask, redirect, request, render_template, g
-from flask_sqlalchemy import SQLAlchemy
-from flask_migrate import Migrate
+
 from csh_ldap import CSHLDAP
-from raven import fetch_git_sha
+from flask import Flask, redirect, render_template, g
+from flask_migrate import Migrate
+from flask_pyoidc.flask_pyoidc import OIDCAuthentication
+from flask_sqlalchemy import SQLAlchemy
 from raven.contrib.flask import Sentry
-from raven.exceptions import InvalidGitRepository
 import structlog
 
+from conditional import config
+
 app = Flask(__name__)
 
-config = os.path.join(app.config.get('ROOT_DIR', os.getcwd()), "config.py")
+app.config.from_object(config)
+if os.path.exists(os.path.join(os.getcwd(), "config.py")):
+    app.config.from_pyfile(os.path.join(os.getcwd(), "config.py"))
 
-app.config.from_pyfile(config)
 app.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = False
 
-app.config["GIT_REVISION"] = subprocess.check_output(['git',
-                                                      'rev-parse',
-                                                      '--short',
-                                                      'HEAD']).decode('utf-8').rstrip()
-
+app.config["VERSION"] = __version__
 
 db = SQLAlchemy(app)
 migrate = Migrate(app, db)
@@ -31,28 +32,38 @@
                app.config['LDAP_BIND_PW'],
                ro=app.config['LDAP_RO'])
 
+auth = OIDCAuthentication(app, issuer=app.config["OIDC_ISSUER"],
+                          client_registration_info=app.config["OIDC_CLIENT_CONFIG"])
+
+app.secret_key = app.config["SECRET_KEY"]
+
+
 def start_of_year():
     start = datetime(datetime.today().year, 6, 1)
     if datetime.today() < start:
-        start = datetime(datetime.today().year-1, 6, 1)
+        start = datetime(datetime.today().year - 1, 6, 1)
     return start
 
+
 # pylint: disable=C0413
-from conditional.models.models import UserLog
+from .models.models import UserLog
+
 
 # Configure Logging
-def request_processor(logger, log_method, event_dict): # pylint: disable=unused-argument, redefined-outer-name
+def request_processor(logger, log_method, event_dict):  # pylint: disable=unused-argument, redefined-outer-name
     if 'request' in event_dict:
         flask_request = event_dict['request']
-        event_dict['user'] = flask_request.headers.get("x-webauth-user")
         event_dict['ip'] = flask_request.remote_addr
         event_dict['method'] = flask_request.method
         event_dict['blueprint'] = flask_request.blueprint
         event_dict['path'] = flask_request.full_path
+    if 'auth_dict' in event_dict:
+        auth_dict = event_dict['auth_dict']
+        event_dict['user'] = auth_dict['username']
     return event_dict
 
 
-def database_processor(logger, log_method, event_dict): # pylint: disable=unused-argument, redefined-outer-name
+def database_processor(logger, log_method, event_dict):  # pylint: disable=unused-argument, redefined-outer-name
     if 'request' in event_dict:
         if event_dict['method'] != 'GET':
             log = UserLog(
@@ -62,35 +73,37 @@ def database_processor(logger, log_method, event_dict): # pylint: disable=unused
                 blueprint=event_dict['blueprint'],
                 path=event_dict['path'],
                 description=event_dict['event']
-                )
+            )
             db.session.add(log)
             db.session.flush()
             db.session.commit()
         del event_dict['request']
     return event_dict
 
+
 structlog.configure(processors=[
     request_processor,
     database_processor,
     structlog.processors.KeyValueRenderer()
-    ])
+])
 
 logger = structlog.get_logger()
 
-
-from conditional.blueprints.dashboard import dashboard_bp # pylint: disable=ungrouped-imports
-from conditional.blueprints.attendance import attendance_bp
-from conditional.blueprints.major_project_submission import major_project_bp
-from conditional.blueprints.intro_evals import intro_evals_bp
-from conditional.blueprints.intro_evals_form import intro_evals_form_bp
-from conditional.blueprints.housing import housing_bp
-from conditional.blueprints.spring_evals import spring_evals_bp
-from conditional.blueprints.conditional import conditionals_bp
-from conditional.blueprints.member_management import member_management_bp
-from conditional.blueprints.slideshow import slideshow_bp
-from conditional.blueprints.cache_management import cache_bp
-from conditional.blueprints.co_op import co_op_bp
-from conditional.blueprints.logs import log_bp
+from conditional.util.auth import get_user
+
+from .blueprints.dashboard import dashboard_bp  # pylint: disable=ungrouped-imports
+from .blueprints.attendance import attendance_bp
+from .blueprints.major_project_submission import major_project_bp
+from .blueprints.intro_evals import intro_evals_bp
+from .blueprints.intro_evals_form import intro_evals_form_bp
+from .blueprints.housing import housing_bp
+from .blueprints.spring_evals import spring_evals_bp
+from .blueprints.conditional import conditionals_bp
+from .blueprints.member_management import member_management_bp
+from .blueprints.slideshow import slideshow_bp
+from .blueprints.cache_management import cache_bp
+from .blueprints.co_op import co_op_bp
+from .blueprints.logs import log_bp
 
 app.register_blueprint(dashboard_bp)
 app.register_blueprint(attendance_bp)
@@ -106,7 +119,8 @@ def database_processor(logger, log_method, event_dict): # pylint: disable=unused
 app.register_blueprint(co_op_bp)
 app.register_blueprint(log_bp)
 
-from conditional.util.ldap import ldap_get_member
+from .util.ldap import ldap_get_member
+
 
 @app.route('/<path:path>')
 def static_proxy(path):
@@ -115,20 +129,28 @@ def static_proxy(path):
 
 
 @app.route('/')
+@auth.oidc_auth
 def default_route():
     return redirect('/dashboard')
 
+
+@app.route("/logout")
+@auth.oidc_logout
+def logout():
+    return redirect("/", 302)
+
+
 @app.errorhandler(404)
 @app.errorhandler(500)
-def route_errors(error):
+@auth.oidc_auth
+@get_user
+def route_errors(error, user_dict=None):
     data = dict()
-    username = request.headers.get('x-webauth-user')
 
     # Handle the case where the header isn't present
-    if username is not None:
-        member = ldap_get_member(username)
-        data['username'] = member.uid
-        data['name'] = member.cn
+    if user_dict['username'] is not None:
+        data['username'] = user_dict['account'].uid
+        data['name'] = user_dict['account'].cn
     else:
         data['username'] = "unknown"
         data['name'] = "Unknown"
@@ -149,15 +171,17 @@ def route_errors(error):
         error_desc = type(error).__name__
 
     return render_template('errors.html',
-                            error=error_desc,
-                            error_code=code,
-                            event_id=g.sentry_event_id,
-                            public_dsn=sentry.client.get_public_dsn('https'),
-                            **data), int(code)
+                           error=error_desc,
+                           error_code=code,
+                           event_id=g.sentry_event_id,
+                           public_dsn=sentry.client.get_public_dsn('https'),
+                           **data), int(code)
+
 
 @app.cli.command()
 def zoo():
     from conditional.models.migrate import free_the_zoo
     free_the_zoo(app.config['ZOO_DATABASE_URI'])
 
+
 logger.info('conditional started')

conditional/_version.py

@@ -0,0 +1 @@
+__version__ = "1.7.0"