ungleich-public/dynamicweb
6
0
Fork 0
Code Issues 1 Pull requests 2 Projects Releases Wiki Activity

Merge remote-tracking branch 'mainRepo/master' into feature/VAT_number

Browse source
This commit is contained in:
PCoder 2019-12-21 08:19:23 +05:30
commit c9de757bc7
19 changed files with 521 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.gitignore vendored
View file

@ -10,7 +10,7 @@ __pycache__/
.ropeproject/
#django
local_settings.py
Pipfile
media/
!media/keep
/CACHE/
@ -43,3 +43,4 @@ secret-key
# to keep empty dirs
!.gitkeep
*.orig
.vscode/settings.json

12
Changelog
View file

@ -1,3 +1,15 @@
2.8: 2019-12-20
* ldap_migration: Migrate django users to Ldap
Notes for deployment:
```
1. Git Pull
2. Ensure the newly dependencies in requirements.txt are installed
3. Put new values in .env
4. Run migrations
5. Restart uwsgi
```
2.7.3: 2019-12-18
* Bugfix: Swiss VAT being wrongly added to non-EU customers
2.7.2: 2019-12-17
* Add vat rates for AD, TK and IS
* Improve billing address' string representation

28
INSTALLATION.rst
View file

@ -10,13 +10,35 @@ Requirements
Install
=======
.. note::
lxml that is one of the dependency of dynamicweb couldn't
get build on Python 3.7 so, please use Python 3.5.
First install packages from requirements.archlinux.txt or
requirements.debian.txt based on your distribution.
The quick way:
``pip install -r requirements.txt``
Next find the dump.db file on stagging server. Path for the file is under the base application folder.
or you can create one for yourself by running the following commands on dynamicweb server
.. code:: sh
sudo su - postgres
pg_dump app > /tmp/postgres_db.bak
exit
cp /tmp/postgres_db.bak /root/postgres_db.bak
Now, you can download this using sftp.
Install the postgresql server and import the database::
``psql -d app < dump.db``
``psql -d app -U root < dump.db``
**No migration is needed after a clean install, and You are ready to start developing.**
@ -25,9 +47,9 @@ Development
Project is separated in master branch and development branch, and feature branches.
Master branch is currently used on `Digital Glarus <https://digitalglarus.ungleich.ch/en-us/digitalglarus/>`_ and `Ungleich blog <https://digitalglarus.ungleich.ch/en-us/blog/>`_.
If You are starting to create a new feature fork the github `repo <https://github.com/ungleich/dynamicweb>`_ and branch the development branch.
If You are starting to create a new feature fork the github `repo <https://github.com/ungleich/dynamicweb>`_ and branch the development branch.
After You have complited the task create a pull request and ask someone to review the code from other developers.
After You have completed the task, create a pull request and ask someone to review the code from other developers.
**Cheat sheet for branching and forking**:

1
datacenterlight/views.py
View file

@ -625,6 +625,7 @@ class OrderConfirmationView(DetailView, FormView):
vm_specs["vat_country"] = user_vat_country
vm_specs["discount"] = discount
vm_specs["total_price"] = round(price + vat - discount['amount'], 2)
request.session['specs'] = vm_specs
context.update({
'vm': vm_specs,

30
dynamicweb/settings/base.py
View file

@ -52,7 +52,7 @@ PROJECT_DIR = os.path.abspath(
)
# load .env file
dotenv.read_dotenv("{0}/.env".format(PROJECT_DIR))
dotenv.load_dotenv("{0}/.env".format(PROJECT_DIR))
from multisite import SiteID
@ -244,8 +244,9 @@ DATABASES = {
}
AUTHENTICATION_BACKENDS = (
'utils.backend.MyLDAPBackend',
'guardian.backends.ObjectPermissionBackend',
'django.contrib.auth.backends.ModelBackend',
)
# Internationalization
@ -721,6 +722,31 @@ X_FRAME_OPTIONS = ('SAMEORIGIN' if X_FRAME_OPTIONS_ALLOW_FROM_URI is None else
DEBUG = bool_env('DEBUG')
# LDAP setup
LDAP_ADMIN_DN = env('LDAP_ADMIN_DN')
LDAP_ADMIN_PASSWORD = env('LDAP_ADMIN_PASSWORD')
AUTH_LDAP_SERVER = env('LDAPSERVER')
LDAP_CUSTOMER_DN = env('LDAP_CUSTOMER_DN')
LDAP_CUSTOMER_GROUP_ID = int(env('LDAP_CUSTOMER_GROUP_ID'))
LDAP_MAX_UID_FILE_PATH = os.environ.get('LDAP_MAX_UID_FILE_PATH',
os.path.join(os.path.abspath(os.path.dirname(__file__)), 'ldap_max_uid_file')
)
LDAP_DEFAULT_START_UID = int(env('LDAP_DEFAULT_START_UID'))
# Search union over OUs
AUTH_LDAP_START_TLS = bool(os.environ.get('LDAP_USE_TLS', False))
ENTIRE_SEARCH_BASE = env("ENTIRE_SEARCH_BASE")
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}
READ_VM_REALM = env('READ_VM_REALM')
AUTH_NAME = env('AUTH_NAME')
AUTH_SEED = env('AUTH_SEED')

1
hosting/static/hosting/css/dashboard.css
View file

@ -23,7 +23,6 @@
.hosting-dashboard .dashboard-container-head {
color: #fff;
margin-bottom: 60px;
}
.hosting-dashboard-item {

11
hosting/static/hosting/css/virtual-machine.css
View file

@ -248,6 +248,9 @@
.dashboard-title-thin {
font-size: 22px;
}
.dashboard-greetings-thin {
font-size: 16px;
}
}
.btn-vm-invoice {
@ -315,6 +318,11 @@
font-size: 32px;
}
.dashboard-greetings-thin {
font-weight: 300;
font-size: 24px;
}
.dashboard-title-thin .un-icon {
height: 34px;
margin-right: 5px;
@ -411,6 +419,9 @@
.dashboard-title-thin {
font-size: 22px;
}
.dashboard-greetings-thin {
font-size: 16px;
}
.dashboard-title-thin .un-icon {
height: 22px;
width: 22px;

3
hosting/templates/hosting/dashboard.html
View file

@ -7,6 +7,9 @@
<div class="dashboard-container-head">
<h1 class="dashboard-title-thin">{% trans "My Dashboard" %}</h1>
</div>
<div style="color:#fff; font-size: 18px; font-weight:300; padding: 0 8px; margin-top: 30px; margin-bottom: 30px;">
{% trans "Welcome" %} {{request.user.name}}
</div>
<div class="hosting-dashboard-content">
<a href="{% url 'hosting:create_virtual_machine' %}" class="hosting-dashboard-item">
<h2>{% trans "Create VM" %}</h2>

2
hosting/templates/hosting/includes/_navbar_user.html
View file

@ -26,7 +26,7 @@
</li>
<li class="dropdown highlights-dropdown">
<a class="dropdown-toggle" role="button" data-toggle="dropdown" href="#">
<i class="fa fa-fw fa-user"></i>&nbsp;&nbsp;{{request.user.name}}&nbsp;<span class="fa fa-fw fa-caret-down"></span>
<i class="fa fa-fw fa-user"></i>&nbsp;&nbsp;{{request.user.username}}&nbsp;<span class="fa fa-fw fa-caret-down"></span>
</a>
<ul id="g-account-menu" class="dropdown-menu" role="menu">
<li><a href="{% url 'hosting:logout' %}">{% trans "Logout"%}</a></li>

4
hosting/templates/hosting/settings.html
View file

@ -15,6 +15,10 @@
<div class="settings-container">
<div class="row">
<div class="col-sm-5 col-md-6 billing dcl-billing">
<h3><b>{%trans "My Username"%}</b></h3>
<hr class="top-hr">
<p>{{request.user.username}}</p>
<br>
<h3>{%trans "Billing Address" %}</h3>
<hr>
<form role="form" id="billing-form" method="post" action="" novalidate>

35
hosting/views.py
View file

@ -57,6 +57,8 @@ from utils.hosting_utils import (
from utils.mailer import BaseEmail
from utils.stripe_utils import StripeUtils
from utils.tasks import send_plain_email_task
from utils.ldap_manager import LdapManager
from utils.views import (
PasswordResetViewMixin, PasswordResetConfirmViewMixin, LoginViewMixin,
ResendActivationLinkViewMixin
@ -394,21 +396,30 @@ class PasswordResetConfirmView(HostingContextMixin,
if user is not None and default_token_generator.check_token(user,
token):
if form.is_valid():
ldap_manager = LdapManager()
new_password = form.cleaned_data['new_password2']
user.set_password(new_password)
user.save()
messages.success(request, _('Password has been reset.'))
# Change opennebula password
opennebula_client.change_user_password(user.password)
# Make sure the user have an ldap account already
user.create_ldap_account(new_password)
return self.form_valid(form)
else:
messages.error(
request, _('Password reset has not been successful.'))
form.add_error(None,
_('Password reset has not been successful.'))
return self.form_invalid(form)
# We are changing password in ldap before changing in database because
# ldap have more chances of failure than local database
if ldap_manager.change_password(user.username, new_password):
user.set_password(new_password)
user.save()
messages.success(request, _('Password has been reset.'))
# Change opennebula password
opennebula_client.change_user_password(user.password)
return self.form_valid(form)
messages.error(
request, _('Password reset has not been successful.'))
form.add_error(None,
_('Password reset has not been successful.'))
return self.form_invalid(form)
else:
error_msg = _('The reset password link is no longer valid.')

31
membership/migrations/0011_auto_20191218_1050.py Normal file
View file

@ -0,0 +1,31 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.9.4 on 2019-12-18 10:50
from __future__ import unicode_literals
from django.db import migrations, models
import membership.models
class Migration(migrations.Migration):
dependencies = [
('membership', '0010_customuser_import_stripe_bill_remark'),
]
operations = [
migrations.AddField(
model_name='customuser',
name='in_ldap',
field=models.BooleanField(default=False),
),
migrations.AddField(
model_name='customuser',
name='username',
field=models.CharField(max_length=60, null=True, unique=True),
),
migrations.AlterField(
model_name='customuser',
name='name',
field=models.CharField(max_length=50, validators=[membership.models.validate_name]),
),
]

20
membership/migrations/0011_customuser_vat_number.py
View file

@ -1,20 +0,0 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.9.4 on 2019-12-17 16:37
from __future__ import unicode_literals
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('membership', '0010_customuser_import_stripe_bill_remark'),
]
operations = [
migrations.AddField(
model_name='customuser',
name='vat_number',
field=models.CharField(default='', max_length=100),
),
]

79
membership/models.py
View file

@ -1,5 +1,8 @@
from datetime import datetime
import logging
import random
import unicodedata
from datetime import datetime
from django.conf import settings
from django.contrib.auth.hashers import make_password
from django.contrib.auth.models import AbstractBaseUser, BaseUserManager, \
@ -7,13 +10,17 @@ from django.contrib.auth.models import AbstractBaseUser, BaseUserManager, \
from django.contrib.sites.models import Site
from django.core.urlresolvers import reverse
from django.core.validators import RegexValidator
from django.db import models
from django.db import models, IntegrityError
from django.utils.crypto import get_random_string
from django.utils.translation import ugettext_lazy as _
from django.core.exceptions import ValidationError
from utils.mailer import BaseEmail
from utils.mailer import DigitalGlarusRegistrationMailer
from utils.stripe_utils import StripeUtils
from utils.ldap_manager import LdapManager
logger = logging.getLogger(__name__)
REGISTRATION_MESSAGE = {'subject': "Validation mail",
'message': 'Please validate Your account under this link '
@ -42,6 +49,7 @@ class MyUserManager(BaseUserManager):
user.is_admin = False
user.set_password(password)
user.save(using=self._db)
user.create_ldap_account(password)
return user
def create_superuser(self, email, name, password):
@ -63,14 +71,56 @@ def get_validation_slug():
return make_password(None)
def get_first_and_last_name(full_name):
first_name, *last_name = full_name.split(" ")
last_name = " ".join(last_name)
return first_name, last_name
def assign_username(user):
if not user.username:
ldap_manager = LdapManager()
# Try to come up with a username
first_name, last_name = get_first_and_last_name(user.name)
user.username = unicodedata.normalize('NFKD', first_name + last_name)
user.username = "".join([char for char in user.username if char.isalnum()]).lower()
exist = True
while exist:
# Check if it exists
exist, entries = ldap_manager.check_user_exists(user.username)
if exist:
# If username exists in ldap, come up with a new user name and check it again
user.username = user.username + str(random.randint(0, 2 ** 10))
else:
# If username does not exists in ldap, try to save it in database
try:
user.save()
except IntegrityError:
# If username exists in database then come up with a new username
user.username = user.username + str(random.randint(0, 2 ** 10))
exist = True
def validate_name(value):
valid_chars = [char for char in value if (char.isalpha() or char == "-" or char == " ")]
if len(valid_chars) < len(value):
raise ValidationError(
_('%(value)s is not a valid name. A valid name can only include letters, spaces or -'),
params={'value': value},
)
class CustomUser(AbstractBaseUser, PermissionsMixin):
VALIDATED_CHOICES = ((0, 'Not validated'), (1, 'Validated'))
site = models.ForeignKey(Site, default=1)
name = models.CharField(max_length=50)
name = models.CharField(max_length=50, validators=[validate_name])
email = models.EmailField(unique=True)
username = models.CharField(max_length=60, unique=True, null=True)
vat_number = models.CharField(max_length=100, default="")
validated = models.IntegerField(choices=VALIDATED_CHOICES, default=0)
in_ldap = models.BooleanField(default=False)
# By default, we initialize the validation_slug with appropriate value
# This is required for User(page) admin
validation_slug = models.CharField(
@ -165,6 +215,29 @@ class CustomUser(AbstractBaseUser, PermissionsMixin):
# The user is identified by their email address
return self.email
def create_ldap_account(self, password):
# create ldap account for user if it does not exists already.
if self.in_ldap:
return
assign_username(self)
ldap_manager = LdapManager()
try:
user_exists_in_ldap, entries = ldap_manager.check_user_exists(self.username)
except Exception:
logger.exception("Exception occur while searching for user in LDAP")
else:
if not user_exists_in_ldap:
# IF no ldap account
first_name, last_name = get_first_and_last_name(self.name)
if not last_name:
last_name = first_name
ldap_manager.create_user(self.username, password=password,
firstname=first_name, lastname=last_name,
email=self.email)
self.in_ldap = True
self.save()
def __str__(self): # __unicode__ on Python 2
return self.email

8
opennebula_api/models.py
View file

@ -485,9 +485,15 @@ class OpenNebulaManager():
)
def change_user_password(self, passwd_hash):
if type(self.opennebula_user) == int:
logger.debug("opennebula_user is int and has value = %s" %
self.opennebula_user)
else:
logger.debug("opennebula_user is object and corresponding id is %s"
% self.opennebula_user.id)
self.oneadmin_client.call(
oca.User.METHODS['passwd'],
self.opennebula_user.id,
self.opennebula_user if type(self.opennebula_user) == int else self.opennebula_user.id,
passwd_hash
)

1
requirements.archlinux.txt
View file

@ -1 +1,2 @@
base-devel
libmemcached

3
requirements.txt
View file

@ -23,7 +23,7 @@ django-classy-tags==0.7.2
django-cms==3.2.5
django-compressor==2.0
django-debug-toolbar==1.4
django-dotenv==1.4.1
python-dotenv==0.10.3
django-extensions==1.6.7
django-filer==1.2.0
django-filter==0.13.0
@ -63,6 +63,7 @@ djangocms-text-ckeditor==2.9.3
djangocms-video==1.0.0
easy-thumbnails==2.3
html5lib==0.9999999
ldap3==2.6.1
lxml==3.6.0
model-mommy==1.2.6
phonenumbers==7.4.0

13
utils/backend.py Normal file
View file

@ -0,0 +1,13 @@
import logging
from django.contrib.auth.backends import ModelBackend
logger = logging.getLogger(__name__)
class MyLDAPBackend(ModelBackend):
def authenticate(self, username=None, password=None, **kwargs):
user = super().authenticate(username, password, **kwargs)
if user:
user.create_ldap_account(password)
return user

281
utils/ldap_manager.py Normal file
View file

@ -0,0 +1,281 @@
import base64
import hashlib
import random
import ldap3
import logging
from django.conf import settings
logger = logging.getLogger(__name__)
class LdapManager:
__instance = None
def __new__(cls):
if LdapManager.__instance is None:
LdapManager.__instance = object.__new__(cls)
return LdapManager.__instance
def __init__(self):
"""
Initialize the LDAP subsystem.
"""
self.rng = random.SystemRandom()
self.server = ldap3.Server(settings.AUTH_LDAP_SERVER)
def get_admin_conn(self):
"""
Return a bound :class:`ldap3.Connection` instance which has write
permissions on the dn in which the user accounts reside.
"""
conn = self.get_conn(user=settings.LDAP_ADMIN_DN,
password=settings.LDAP_ADMIN_PASSWORD,
raise_exceptions=True)
conn.bind()
return conn
def get_conn(self, **kwargs):
"""
Return an unbound :class:`ldap3.Connection` which talks to the configured
LDAP server.
The *kwargs* are passed to the constructor of :class:`ldap3.Connection` and
can be used to set *user*, *password* and other useful arguments.
"""
return ldap3.Connection(self.server, **kwargs)
def _ssha_password(self, password):
"""
Apply the SSHA password hashing scheme to the given *password*.
*password* must be a :class:`bytes` object, containing the utf-8
encoded password.
Return a :class:`bytes` object containing ``ascii``-compatible data
which can be used as LDAP value, e.g. after armoring it once more using
base64 or decoding it to unicode from ``ascii``.
"""
SALT_BYTES = 15
sha1 = hashlib.sha1()
salt = self.rng.getrandbits(SALT_BYTES * 8).to_bytes(SALT_BYTES, "little")
sha1.update(password)
sha1.update(salt)
digest = sha1.digest()
passwd = b"{SSHA}" + base64.b64encode(digest + salt)
return passwd
def create_user(self, user, password, firstname, lastname, email):
conn = self.get_admin_conn()
uidNumber = self._get_max_uid() + 1
logger.debug("uidNumber={uidNumber}".format(uidNumber=uidNumber))
user_exists = True
while user_exists:
user_exists, _ = self.check_user_exists(
"",
'(&(objectClass=inetOrgPerson)(objectClass=posixAccount)'
'(objectClass=top)(uidNumber={uidNumber}))'.format(
uidNumber=uidNumber
)
)
if user_exists:
logger.debug(
"{uid} exists. Trying next.".format(uid=uidNumber)
)
uidNumber += 1
logger.debug("{uid} does not exist. Using it".format(uid=uidNumber))
self._set_max_uid(uidNumber)
try:
uid = user.encode("utf-8")
conn.add("uid={uid},{customer_dn}".format(
uid=uid, customer_dn=settings.LDAP_CUSTOMER_DN
),
["inetOrgPerson", "posixAccount", "ldapPublickey"],
{
"uid": [uid],
"sn": [lastname.encode("utf-8")],
"givenName": [firstname.encode("utf-8")],
"cn": [uid],
"displayName": ["{} {}".format(firstname, lastname).encode("utf-8")],
"uidNumber": [str(uidNumber)],
"gidNumber": [str(settings.LDAP_CUSTOMER_GROUP_ID)],
"loginShell": ["/bin/bash"],
"homeDirectory": ["/home/{}".format(user).encode("utf-8")],
"mail": email.encode("utf-8"),
"userPassword": [self._ssha_password(
password.encode("utf-8")
)]
}
)
logger.debug('Created user %s %s' % (user.encode('utf-8'),
uidNumber))
except Exception as ex:
logger.debug('Could not create user %s' % user.encode('utf-8'))
logger.error("Exception: " + str(ex))
raise Exception(ex)
finally:
conn.unbind()
def change_password(self, uid, new_password):
"""
Changes the password of the user identified by user_dn
:param uid: str The uid that identifies the user
:param new_password: str The new password string
:return: True if password was changed successfully False otherwise
"""
conn = self.get_admin_conn()
# Make sure the user exists first to change his/her details
user_exists, entries = self.check_user_exists(
uid=uid,
search_base=settings.ENTIRE_SEARCH_BASE
)
return_val = False
if user_exists:
try:
return_val = conn.modify(
entries[0].entry_dn,
{
"userpassword": (
ldap3.MODIFY_REPLACE,
[self._ssha_password(new_password.encode("utf-8"))]
)
}
)
except Exception as ex:
logger.error("Exception: " + str(ex))
else:
logger.error("User {} not found".format(uid))
conn.unbind()
return return_val
def change_user_details(self, uid, details):
"""
Updates the user details as per given values in kwargs of the user
identified by user_dn.
Assumes that all attributes passed in kwargs are valid.
:param uid: str The uid that identifies the user
:param details: dict A dictionary containing the new values
:return: True if user details were updated successfully False otherwise
"""
conn = self.get_admin_conn()
# Make sure the user exists first to change his/her details
user_exists, entries = self.check_user_exists(
uid=uid,
search_base=settings.ENTIRE_SEARCH_BASE
)
return_val = False
if user_exists:
details_dict = {k: (ldap3.MODIFY_REPLACE, [v.encode("utf-8")]) for
k, v in details.items()}
try:
return_val = conn.modify(entries[0].entry_dn, details_dict)
msg = "success"
except Exception as ex:
msg = str(ex)
logger.error("Exception: " + msg)
finally:
conn.unbind()
else:
msg = "User {} not found".format(uid)
logger.error(msg)
conn.unbind()
return return_val, msg
def check_user_exists(self, uid, search_filter="", attributes=None,
search_base=settings.LDAP_CUSTOMER_DN, search_attr="uid"):
"""
Check if the user with the given uid exists in the customer group.
:param uid: str representing the user
:param search_filter: str representing the filter condition to find
users. If its empty, the search finds the user with
the given uid.
:param attributes: list A list of str representing all the attributes
to be obtained in the result entries
:param search_base: str
:return: tuple (bool, [ldap3.abstract.entry.Entry ..])
A bool indicating if the user exists
A list of all entries obtained in the search
"""
conn = self.get_admin_conn()
entries = []
try:
result = conn.search(
search_base=search_base,
search_filter=search_filter if len(search_filter) > 0 else
'(uid={uid})'.format(uid=uid),
attributes=attributes
)
entries = conn.entries
finally:
conn.unbind()
return result, entries
def delete_user(self, uid):
"""
Deletes the user with the given uid from ldap
:param uid: str representing the user
:return: True if the delete was successful False otherwise
"""
conn = self.get_admin_conn()
try:
return_val = conn.delete(
("uid={uid}," + settings.LDAP_CUSTOMER_DN).format(uid=uid),
)
msg = "success"
except Exception as ex:
msg = str(ex)
logger.error("Exception: " + msg)
return_val = False
finally:
conn.unbind()
return return_val, msg
def _set_max_uid(self, max_uid):
"""
a utility function to save max_uid value to a file
:param max_uid: an integer representing the max uid
:return:
"""
with open(settings.LDAP_MAX_UID_FILE_PATH, 'w+') as handler:
handler.write(str(max_uid))
def _get_max_uid(self):
"""
A utility function to read the max uid value that was previously set
:return: An integer representing the max uid value that was previously
set
"""
try:
with open(settings.LDAP_MAX_UID_FILE_PATH, 'r+') as handler:
try:
return_value = int(handler.read())
except ValueError as ve:
logger.error(
"Error reading int value from {}. {}"
"Returning default value {} instead".format(
settings.LDAP_MAX_UID_PATH,
str(ve),
settings.LDAP_DEFAULT_START_UID
)
)
return_value = settings.LDAP_DEFAULT_START_UID
return return_value
except FileNotFoundError as fnfe:
logger.error("File not found : " + str(fnfe))
return_value = settings.LDAP_DEFAULT_START_UID
logger.error("So, returning UID={}".format(return_value))
return return_value