Merge remote-tracking branch 'origin/master' into edge

Author: jonasbardino

mig/shared/functionality/extcert.py

@@ -4,7 +4,7 @@
 # --- BEGIN_HEADER ---
 #
 # extcert - External certificate account sign up backend
-# Copyright (C) 2003-2023  The MiG Project lead by Brian Vinter
+# Copyright (C) 2003-2025  The MiG Project by the Science HPC Center at UCPH
 #
 # This file is part of MiG.
 #
@@ -25,7 +25,7 @@
 # -- END_HEADER ---
 #
 
-"""Request account sign up with external certificate back end"""
+"""Request account access through externally signed X509 certificate auth"""
 
 from __future__ import absolute_import
 
@@ -159,11 +159,9 @@ def main(client_id, user_arguments_dict):
         fill_helpers['readonly_%s' % field] = ''
     ro_fields = [i for i in accepted['ro_fields'] if i in
                  list(cert_field_map) + given_peers]
-    # Only write-protect ID fields in auto-mode
-    if keyword_auto in accepted['ro_fields']:
+    # Write-protect ID fields in auto-mode or if already logged in
+    if keyword_auto in accepted['ro_fields'] or client_id:
         ro_fields += [i for i in list(cert_field_map) if not i in ro_fields]
-    # NOTE: lock all ID fields to current certificate here
-    ro_fields += [i for i in id_fields if not i in ro_fields]
     for field in ro_fields:
         fill_helpers['readonly_%s' % field] = 'readonly'
     fill_helpers.update(user_fields)

mig/shared/functionality/reqcert.py

@@ -3,8 +3,8 @@
 #
 # --- BEGIN_HEADER ---
 #
-# reqcert - Certificate account request backend
-# Copyright (C) 2003-2023  The MiG Project lead by Brian Vinter
+# reqcert - Local certificate request and account sign up backend
+# Copyright (C) 2003-2025  The MiG Project by the Science HPC Center at UCPH
 #
 # This file is part of MiG.
 #
@@ -25,7 +25,7 @@
 # -- END_HEADER ---
 #
 
-"""Request certificate account back end"""
+"""Request account access through locally signed X509 certificate auth"""
 
 from __future__ import absolute_import
 
@@ -196,8 +196,8 @@ def main(client_id, user_arguments_dict):
         fill_helpers['readonly_%s' % field] = ''
     ro_fields = [i for i in accepted['ro_fields'] if i in
                  list(cert_field_map) + given_peers]
-    # Only write-protect ID fields in auto-mode
-    if keyword_auto in accepted['ro_fields']:
+    # Write-protect ID fields in auto-mode or if already logged in
+    if keyword_auto in accepted['ro_fields'] or client_id:
         ro_fields += [i for i in list(cert_field_map) if not i in ro_fields]
     if reset_token:
         user_fields['reset_token'] = reset_token

mig/shared/functionality/reqoid.py

@@ -4,7 +4,7 @@
 # --- BEGIN_HEADER ---
 #
 # reqoid - OpenID account request backend
-# Copyright (C) 2003-2023  The MiG Project lead by Brian Vinter
+# Copyright (C) 2003-2025  The MiG Project by the Science HPC Center at UCPH
 #
 # This file is part of MiG.
 #
@@ -25,7 +25,7 @@
 # -- END_HEADER ---
 #
 
-"""Request OpenID account back end"""
+"""Request account access through built-in OpenID 2.0 service auth"""
 
 from __future__ import absolute_import
 
@@ -198,8 +198,8 @@ def main(client_id, user_arguments_dict):
         fill_helpers['readonly_%s' % field] = ''
     ro_fields = [i for i in accepted['ro_fields'] if i in
                  list(cert_field_map) + given_peers]
-    # Only write-protect ID fields in auto-mode
-    if keyword_auto in accepted['ro_fields']:
+    # Write-protect ID fields in auto-mode or if already logged in
+    if keyword_auto in accepted['ro_fields'] or client_id:
         ro_fields += [i for i in list(cert_field_map) if not i in ro_fields]
     if reset_token:
         user_fields['reset_token'] = reset_token

mig/shared/functionality/vgridman.py

@@ -4,7 +4,7 @@
 # --- BEGIN_HEADER ---
 #
 # vgridman - backend to manage vgrids
-# Copyright (C) 2003-2024  The MiG Project lead by Brian Vinter
+# Copyright (C) 2003-2025  The MiG Project lead by the Science HPC Center at UCPH
 #
 # This file is part of MiG.
 #
@@ -64,6 +64,7 @@ def main(client_id, user_arguments_dict):
     defaults = signature()[1]
     title_entry = find_entry(output_objects, 'title')
     label = "%s" % configuration.site_vgrid_label
+    support_email = "%s" % configuration.support_email
     title_entry['text'] = "%s Management" % label
     (validate_status, accepted) = validate_input_and_cert(
         user_arguments_dict,
@@ -106,6 +107,7 @@ def main(client_id, user_arguments_dict):
     form_method = 'post'
     csrf_limit = get_csrf_limit(configuration)
     fill_helpers = {'vgrid_label': label,
+                    'support_email': support_email,
                     'form_method': form_method,
                     'csrf_field': csrf_field,
                     'csrf_limit': csrf_limit}
@@ -488,11 +490,11 @@ def main(client_id, user_arguments_dict):
     if operation in show_operations:
         user_map = get_full_user_map(configuration)
         user_dict = user_map.get(client_id, None)
+        output_objects.append({'object_type': 'sectionheader', 'text':
+                               'Additional %ss' % label})
+
         # Optional limitation of create vgrid permission
         if user_dict and vgrid_create_allowed(configuration, user_dict):
-            output_objects.append({'object_type': 'sectionheader', 'text':
-                                   'Additional %ss' % label})
-
             output_objects.append(
                 {'object_type': 'text', 'text':
                  '''Please enter a name for the new %(vgrid_label)s to add,
@@ -515,6 +517,15 @@ def main(client_id, user_arguments_dict):
         <input type="submit" value="Create %(vgrid_label)s" />
         </form>
      ''' % fill_helpers})
+        else:
+            output_objects.append(
+                {'object_type': 'warning', 'text':
+                 """You don't have permission to create %(vgrid_label)ss on
+this site.""" % fill_helpers})
+            output_objects.append(
+                {'object_type': 'text', 'text':
+                 """Please contact support at %(support_email)s if you think
+that you qualify for it.""" % fill_helpers})
 
         output_objects.append({'object_type': 'sectionheader', 'text':
                                'Request Access to %ss' % label})