Skip to content

tsprinz/account_management

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

105 Commits

app

app

 
 

docker

docker

 
 

migrations

migrations

 
 

test

test

 
 

vendor

vendor

 
 

.dockerignore

.dockerignore

 
 

.gitignore

.gitignore

 
 

.gitmodules

.gitmodules

 
 

Dockerfile

Dockerfile

 
 

README.md

README.md

 
 

__init__.py

__init__.py

 
 

config.py

config.py

 
 

docker-compose.yml

docker-compose.yml

 
 

docker.md

docker.md

 
 

gunicorn.conf

gunicorn.conf

 
 

manage.py

manage.py

 
 

requirements.txt

requirements.txt

 
 

zapf-auth.service

zapf-auth.service

 
 

Repository files navigation

ZaPF OAuth Provider

Code Climate Issue Count

Deployment

To deploy the flask app you can use the configuration and systemd service for a gunicorn provided in the repository. The gunicorn creates in the default configuration a socket that can be used by a proxy daemon like nginx to deploy the app to the internet. The proxy daemon also would be responsible for stuff like SSL encryption.

Environment Variables

Variable     Description
AUTH_SETTINGS A path to a config file that overrides the defaults

Commands

Apart from the usual manage.py runserver and manage.py shell, the following commands are supported:

  • manage.py createuser uid FirstName Surname [email] [password] - create a user
  • manage.py delete_user uid - delete a user
  • manage.py passwd uid - change a password for the user
  • manage.py sanity - runs sanity checks, like checking that the base DN's for different things exist, and creates them if necessary
  • manage.py groups - lists groups
  • manage.py members group_name - list members in a group
  • manage.py newgroup group_name - create a group
  • manage.py delgroup group_name - delete a group
  • manage.py join username group_name - add a user to a group
  • manage.py remove username group_name - remove a user from a group
  • manage.py unis - list unis and their tokens
  • manage.py adduni name token - add a uni and a token
  • manage.py deluni name - delete a uni
  • manage.py set_token name token - set the token for a uni
  • manage.py profile [length] [profile_dir] - run the app under a profiler
  • manage.py db - Flask-Migrate DB commands:
    • manage.py db upgrade - Run database migrations
    • manage.py db migrate - Create database migrations

Permissions

Permissions are managed via groups. The members of the following groups have special permissions:

  • members of admin are superusers, and can administrate oauth2 applications
  • members of orga can see and edit uni registration data

OAuth

Scopes

Scope Name Description
uni_list List all of the universities
ownUserData Get user data of currently logged in user
registration Allow a user to create a registration

Endpoints

URL Scopes required Description
/api/me ownUserData Get user data of currently logged in user
/api/unis uni_list Get a list of universities
/api/registration registration GET the registration of currently logged in user or POST a new registration

OpenLDAP notes

Schema

The following schema are required:

ACL's

Please make sure the bind user can bind and has read&write access to the users, groups, and oauth2 subtrees.

Good hashing

Using the contrib/sha2 module for OpenLDAP is highly recommended, otherwise the following hashes do not work:

  • HASHED_SHA256
  • HASHED_SHA385
  • HASHED_SHA512
  • HASHED_SALTED_SHA256
  • HASHED_SALTED_SHA385
  • HASHED_SALTED_SHA512

Testing

A sample OpenLDAP configuration to run a testing server is included. Tests hoever are run by mocking the ldap connection. A script is included to generate the serialized data objects used from a LDIF file.

About

(Heavy WIP: expect rebases.)

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 55.7%
  • HTML 43.2%
  • Other 1.1%