copr / copr

Clone

#15 make FAS links opt-out for krb5 deployments
Merged 8 years ago by praiskup. Opened 8 years ago by praiskup.
Unknown source flavored-approach  into  master

file modified
+3 -1 
@@ -20,7 +20,9 @@
 

  %staticdir/favicon.ico                          \
 

  %staticdir/copr_logo.png                        \
 

  %staticdir/css/style-overwrite.css              \
 

- %templatedir/project_info.html
 

+ %templatedir/project_info.html                  \
 

+ %templatedir/user_info.html                     \
 

+ %templatedir/welcome.html
 

  

  %global devel_files \
 

  %flavor_generator

file modified
+8 
@@ -105,3 +105,11 @@
 

  

  # Hide page parts not relevant to this Copr instance:
 

  # LAYOUT_OVERVIEW_HIDE_QUICK_ENABLE = False
 

+ 

+ # FAS_LOGIN = True
 

+ # LOGIN_INFO = {
 

+ #   # Link to user's profile, {username} expaneded.
 

+ #   'user_link': 'https://admin.fedoraproject.org/accounts/user/view/{username}/',
 

+ #   # Description sometimes put into template to make clear what we point to
 

+ #   'user_desc': 'FAS account'
 

+ # }

file modified
+8 
@@ -58,6 +58,14 @@
 

  

      LAYOUT_OVERVIEW_HIDE_QUICK_ENABLE = False
 

  

+     # We enable authentication against FAS by default.
 

+     FAS_LOGIN = True
 

+ 

+     LOGIN_INFO = {
 

+         'user_link': 'https://admin.fedoraproject.org/accounts/user/view/{username}/',
 

+         # 'user_desc': 'FAS'
 

+     }
 

+ 

  

  class ProductionConfig(Config):
 

      DEBUG = False

file modified
+49 
@@ -1,5 +1,6 @@
 

  import os
 

  from . import app
 

+ import flask
 

  

  BANNER_LOCATION = "/var/lib/copr/banner-include.html"
 

  
@@ -21,3 +22,51 @@
 

              fedmenu_data_url=app.config['FEDMENU_DATA_URL'],
 

          )
 

      return dict()
 

+ 

+ @app.context_processor
 

+ def login_menu():
 

+     """
 

+     Based on authentication configuration, construct the login menu links
 

+     to be placed at the top of each webui page.
 

+     """
 

+ 

+     menu = []
 

+     config = app.config
 

+     info = config['LOGIN_INFO']
 

+ 

+     if flask.g.user:
 

+         # User authenticated.
 

+         user = flask.g.user
 

+         desc = " ({})".format(info['user_desc']) if 'user_desc' in info else ''
 

+         menu.append({
 

+             'link': info['user_link'].format(username=user.name),
 

+             'desc': "{0}{1}".format(user.name, desc),
 

+         })
 

+ 

+         menu.append({
 

+             'link': flask.url_for('misc.logout'),
 

+             'desc': 'log out',
 

+         })
 

+ 

+     else:
 

+         if config['FAS_LOGIN']:
 

+             menu.append({
 

+                 'link': flask.url_for('misc.login'),
 

+                 'desc': 'log in',
 

+             })
 

+ 

+         if config['KRB5_LOGIN']:
 

+             base = config['KRB5_LOGIN_BASEURI']
 

+             for _, login in config['KRB5_LOGIN'].iteritems():
 

+                 menu.append({
 

+                     'link': base + login['URI'],
 

+                     'desc': login['log_text'],
 

+                 })
 

+ 

+         if config['FAS_LOGIN']:
 

+             menu.append({
 

+                 'link': 'https://admin.fedoraproject.org/accounts/user/new',
 

+                 'desc': 'sign up',
 

+             })
 

+ 

+     return dict(login_menu=menu)

file modified
+1 -8 
@@ -7,14 +7,7 @@
 

  <br>
 

  <div class="panel panel-default">
 

    <div class="panel-body">
 

-     <p> Copr is an easy-to-use automatic build system providing a package repository as its output. </p>
 

-     <p> Start with making your own repository in these three steps: </p>
 

-     <ol>
 

-       <li> choose an architecture and system you want to build for </li>
 

-       <li> provide Copr with src.rpm packages available online </li>
 

-       <li> let Copr do all the work and wait for your new repo </li>
 

-     </ol>
 

-     <p style="margin-bottom:0px"><i><small>NOTE: Copr is not yet officially supported by Fedora Infrastructure.</small></i></p>
 

+     {% include "welcome.html" %}
 

    </div>
 

  </div>
 

  {% endif %}

file modified
+9 -2 
@@ -21,8 +21,15 @@
 

        {% if g.user %}
 

          <a href="mailto:{{ user.mail }}" title="{{ user.mail }}">{{ user.mail }}</a> |
 

        {% endif %}
 

-       <a href="https://admin.fedoraproject.org/accounts/user/view/{{ user.name }}" title="{{ user.name}}'s FAS profile" target="_blank">FAS account</a> |
 

-       <a href="https://badges.fedoraproject.org/user/{{ user.name }}" title="{{ user.name }}'s badges" target="_blank">Fedora badges</a>
 

+ 

+       <a href="{{ config.LOGIN_INFO.user_link.format(username=user.name)}}">
 

+         {{ user.name }}
 

+         {% if config.LOGIN_INFO.user_desc %}
 

+         ({{ config.LOGIN_INFO.user_desc }})
 

+         {% endif %}
 

+       </a>
 

+ 

+       {% include "user_info.html" %}
 

    </p>
 

  </div>

file modified
+6 -9 
@@ -45,15 +45,12 @@
 

          </div>
 

          <div class="col-md-4 col-sm-5 col-xs-6">
 

            <div id="login-menu" class="text-right">
 

-           {% if g.user %}
 

-             <a href="https://admin.fedoraproject.org/accounts/user/view/{{ g.user.name }}">{{ g.user.name }}</a> | <a href="{{ url_for('misc.logout') }}">log out</a>
 

-           {% else %}
 

-             <a href="{{ url_for('misc.login') }}">log in</a> |
 

-             {% for key,val in config.KRB5_LOGIN.items() %}
 

-             <a href="{{ config.KRB5_LOGIN_BASEURI }}{{ val.URI }}/">{{ val.log_text }}</a> |
 

-             {% endfor %}
 

-             <a href="https://admin.fedoraproject.org/accounts/user/new">sign up</a>
 

-           {% endif %}
 

+ 

+           {% for item in login_menu %}
 

+           <a href="{{ item.link }}">{{ item.desc }}</a>
 

+           {% if not loop.last %}|{% endif %}
 

+           {% endfor %}
 

+ 

            </div>
 

            <form role="search" method="get" action="{{ url_for('coprs_ns.coprs_fulltext_search') }}">
 

              <div class="input-group menu-search">

file added
+4 
@@ -0,0 +1,4 @@
 

+ |
 

+ <a href="https://badges.fedoraproject.org/user/{{ user.name }}" title="{{ user.name }}'s badges" target="_blank">
 

+     Fedora badges
 

+ </a>

file added
+8 
@@ -0,0 +1,8 @@
 

+ <p> Copr is an easy-to-use automatic build system providing a package repository as its output. </p>
 

+ <p> Start with making your own repository in these three steps: </p>
 

+ <ol>
 

+   <li> choose a system and architecture you want to build for </li>
 

+   <li> provide Copr with src.rpm packages available online </li>
 

+   <li> let Copr do all the work and wait for your new repo </li>
 

+ </ol>
 

+ <p style="margin-bottom:0px"><i><small>NOTE: Copr is not yet officially supported by Fedora Infrastructure.</small></i></p>

file modified
+3 
@@ -184,6 +184,9 @@
 

  @misc.route("/login/", methods=["GET"])
 

  @oid.loginhandler
 

  def login():
 

+     if not app.config['FAS_LOGIN']:
clime commented 8 years ago

Do you forbid krb5 logins the same way when they are not enabled?

 
+         return "FAS login not allowed", 403
 

+ 

      if flask.g.user is not None:
 

          return flask.redirect(oid.get_next_url())
 

      else:

This would be used for Red Hat Internal Copr in coprs.conf:

LOGIN_INFO = {
'user_link': 'https://people.engineering.redhat.com/employee/{username}/',
'description': 'orgchart',
}

I.e. 'signup_link' and 'type' parameters are not defined.

Additional user info goes into separate template file
user_info.html.

rebased
8 years ago

1 new commit added

  • [frontend] new replaceable welcome.html template
8 years ago

FWIW, patches from this PR and PR11 allowed me to run (not publicly accessible link):
https://dev-copr.devel.redhat.com/coprs/

rebased
8 years ago

Please have a look. I have simplified the configuration a bit; and moved some procedural things out from template.

Do you mean "at the top"?

Just 'log in' should be enough.

Just name is alright, I think, as it is now. Assuming the auth methods are exclusive.

Do you forbid krb5 logins the same way when they are not enabled?

Hmm, I'm unable to comment inline :(, so let's try to respond in single comment:

  • ad "enough": those auth methods are not necessarily exclusive, but I don't care making them exclusive (stop me if you don't want to, I'll update tomorrow :) )
  • there's not need to forbid krb5 auth, you simply don't configure it in httpd and you won't get REMOTE_USER -> then you get 403 for every auth attempt ..

Updated, PTAL.

rebased
8 years ago

LGTM.

rebased
8 years ago

Thanks!

Pull-Request has been merged by praiskup
8 years ago
Metadata
None
No Tags
Changes Summary 10
+3 -1
file changed
frontend/copr-frontend.spec
+8 -0
file changed
frontend/coprs_frontend/config/copr.conf
+8 -0
file changed
frontend/coprs_frontend/coprs/config.py
+49 -0
file changed
frontend/coprs_frontend/coprs/context_processors.py
+1 -8
file changed
frontend/coprs_frontend/coprs/templates/coprs/show/all.html
+9 -2
file changed
frontend/coprs_frontend/coprs/templates/coprs/show/user.html
+6 -9
file changed
frontend/coprs_frontend/coprs/templates/layout.html
+4
file added
frontend/coprs_frontend/coprs/templates/user_info.html
+8
file added
frontend/coprs_frontend/coprs/templates/welcome.html
+3 -0
file changed
frontend/coprs_frontend/coprs/views/misc.py
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.