Mathis/allianceauth
1
0
Fork 0
mirror of https://gitlab.com/allianceauth/allianceauth.git synced 2026-02-06 15:16:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

The Great Services Refactor (#594)

Browse Source 
* Hooks registration, discovery and retrieval module

Will discover @hooks.register decorated functions inside
the auth_hooks module in any installed django app.

* Class to register modular service apps

* Register service modules URLs

* Example service module

* Refactor services into modules

Each service type has been split out into its own django app/module. A
hook mechanism is provided to register a subclass of the ServiceHook
class. The modules then overload functions defined in ServiceHook as
required to provide interoperability with alliance auth. Service modules
provide their own urls and views for user registration and account
management and a partial template to display on the services page. Where
possible, new modules should provide their own models for local data
storage.

* Added menu items hooks and template tags

* Added menu item hook for broadcasts

* Added str method to ServicesHook

* Added exception handling to hook iterators

* Refactor mumble migration and table name

Upgrading will require `migrate mumble --fake-initial` to be run first
and then `migrate mumble` to rename the table.

* Refactor teamspeak3 migration and rename table

Upgrading will require `migrate teamspeak3 --fake-initial`

* Added module models and migrations for refactoring AuthServicesInfo

* Migrate AuthServiceInfo fields to service modules models

* Added helper for getting a users main character

* Added new style celery instance

* Changed Discord from AuthServicesInfo to DiscordUser model

* Switch celery tasks to staticmethods

* Changed Discourse from AuthServicesInfo to DiscourseUser model

* Changed IPBoard from AuthServicesInfo to IpboardUser model

* Changed Ips4 from AuthServicesInfo to Ips4User model

Also added disable service task.

This service still needs some love though. Was always missing a
deactivate services hook (before refactoring) for reasons I'm unsure of
so I'm reluctant to add it without knowing why.

* Changed Market from AuthServicesInfo to MarketUser model

* Changed Mumble from AuthServicesInfo to MumbleUser model

Switched user foreign key to one to one relationship.
Removed implicit password change on user exists.
Combined regular and blue user creation.

* Changed Openfire from AuthServicesInfo to OpenfireUser model

* Changed SMF from AuthServicesInfo to SmfUser model

Added disable task

* Changed Phpbb3 from AuthServicesInfo to Phpbb3User model

* Changed XenForo from AuthServicesInfo to XenforoUser model

* Changed Teamspeak3 from AuthServicesInfo to Teamspeak3User model

* Remove obsolete manager functions

* Standardise URL format

This will break some callback URLs
Discord changes from /discord_callback/ to /discord/callback/

* Removed unnecessary imports

* Mirror upstream decorator change

* Setup for unit testing

* Unit tests for discord service

* Added add main character helper

* Added Discourse unit tests

* Added Ipboard unit tests

* Added Ips4 unit tests

* Fix naming of market manager, switch to use class methods

* Remove unused hook functions

* Added market service unit tests

* Added corp ticker to add main character helper

* Added mumble unit tests

* Fix url name and remove namespace

* Fix missing return and add missing URL

* Added openfire unit tests

* Added missing return

* Added phpbb3 unit tests

* Fix SmfManager naming inconsistency and switch to classmethods

* Added smf unit tests

* Remove unused functions, Added missing return

* Added xenforo unit tests

* Added missing return

* Fixed reference to old model

* Fixed error preventing groups from syncing on reset request

* Added teamspeak3 unit tests

* Added nose as test runner and some test settings

* Added package requirements for running tests

* Added unit tests for services signals and tasks

* Remove unused tests file

* Fix teamspeak3 service signals

* Added unit tests for teamspeak3 signals

Changed other unit tests setUp to inert signals

* Fix password gen and hashing python3 compatibility

Fixes #630

Adds unit tests to check the password functions run on both platforms.

* Fix unit test to not rely on checking url params

* Add Travis CI settings file

* Remove default blank values from services models

* Added dynamic user model admin actions for syncing service groups

* Remove unused search fields

* Add hook function for syncing nicknames

* Added discord hook for sync nickname

* Added user admin model menu actions for sync nickname hook

* Remove obsolete code

* Rename celery config app to avoid package name clash

* Added new style celerybeat schedule configuration

periodic_task decorator is depreciated

* Added string representations

* Added admin pages for services user models

* Removed legacy code

* Move link discord button to correct template

* Remove blank default fields from example model

* Disallow empty django setting

* Fix typos

* Added coverage configuration file

* Add coverage and coveralls to travis config

Should probably use nose's built in coverage, but this works for now.

* Replace AuthServicesInfo get_or_create instances with get

Reflects upstream changes to AuthServicesInfo behaviour.

* Update mumble user table name

* Split out mumble authenticator requirements

zeroc-ice seems to cause long build times on travis-ci and isn't
required for the core projects functionality or testing.
This commit is contained in:
Basraah
2017-01-25 12:50:16 +10:00
committed by GitHub
parent 5738b015c3
commit 1066e6ac98
195 changed files with 8260 additions and 2699 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
services/modules/__init__.py Normal file
View File

0
services/modules/discord/__init__.py Normal file
View File

10
services/modules/discord/admin.py Normal file
View File

@@ -0,0 +1,10 @@
from __future__ import unicode_literals
from django.contrib import admin
from .models import DiscordUser
class DiscordUserAdmin(admin.ModelAdmin):
list_display = ('user', 'uid')
search_fields = ('user__username', 'uid')
admin.site.register(DiscordUser, DiscordUserAdmin)

7
services/modules/discord/apps.py Normal file
View File

@@ -0,0 +1,7 @@
from __future__ import unicode_literals
from django.apps import AppConfig
class DiscordServiceConfig(AppConfig):
name = 'discord'

59
services/modules/discord/auth_hooks.py Normal file
View File

@@ -0,0 +1,59 @@
from __future__ import unicode_literals
import logging
from django.conf import settings
from django.template.loader import render_to_string
from alliance_auth import hooks
from services.hooks import ServicesHook
from .tasks import DiscordTasks
from .urls import urlpatterns
logger = logging.getLogger(__name__)
class DiscordService(ServicesHook):
def __init__(self):
ServicesHook.__init__(self)
self.urlpatterns = urlpatterns
self.name = 'discord'
self.service_ctrl_template = 'registered/discord_service_ctrl.html'
def delete_user(self, user, notify_user=False):
logger.debug('Deleting user %s %s account' % (user, self.name))
return DiscordTasks.delete_user(user, notify_user=notify_user)
def update_groups(self, user):
logger.debug('Processing %s groups for %s' % (self.name, user))
if DiscordTasks.has_account(user):
DiscordTasks.update_groups.delay(user.pk)
def validate_user(self, user):
logger.debug('Validating user %s %s account' % (user, self.name))
if DiscordTasks.has_account(user) and not self.service_active_for_user(user):
self.delete_user(user, notify_user=True)
def sync_nickname(self, user):
logger.debug('Syncing %s nickname for user %s' % (self.name, user))
DiscordTasks.update_nickname.delay(user.pk)
def update_all_groups(self):
logger.debug('Update all %s groups called' % self.name)
DiscordTasks.update_all_groups.delay()
def service_enabled_members(self):
return settings.ENABLE_AUTH_DISCORD or False
def service_enabled_blues(self):
return settings.ENABLE_BLUE_DISCORD or False
def render_services_ctrl(self, request):
return render_to_string(self.service_ctrl_template, {
'discord_uid': request.user.discord.uid if DiscordTasks.has_account(request.user) else None,
}, request=request)
@hooks.register('services_hook')
def register_service():
return DiscordService()

201
services/modules/discord/manager.py Normal file
View File

@@ -0,0 +1,201 @@
from __future__ import unicode_literals
import requests
import json
import re
from django.conf import settings
from services.models import GroupCache
from requests_oauthlib import OAuth2Session
import logging
import datetime
from django.utils import timezone
logger = logging.getLogger(__name__)
DISCORD_URL = "https://discordapp.com/api"
EVE_IMAGE_SERVER = "https://image.eveonline.com"
AUTH_URL = "https://discordapp.com/api/oauth2/authorize"
TOKEN_URL = "https://discordapp.com/api/oauth2/token"
# needs administrator, since Discord can't get their permissions system to work
# was kick members, manage roles, manage nicknames
#BOT_PERMISSIONS = 0x00000002 + 0x10000000 + 0x08000000
BOT_PERMISSIONS = 0x00000008
# get user ID, accept invite
SCOPES = [
'identify',
'guilds.join',
]
GROUP_CACHE_MAX_AGE = datetime.timedelta(minutes=30)
class DiscordOAuthManager:
def __init__(self):
pass
@staticmethod
def _sanitize_groupname(name):
name = name.strip(' _')
return re.sub('[^\w.-]', '', name)
@staticmethod
def generate_bot_add_url():
return AUTH_URL + '?client_id=' + settings.DISCORD_APP_ID + '&scope=bot&permissions=' + str(BOT_PERMISSIONS)
@staticmethod
def generate_oauth_redirect_url():
oauth = OAuth2Session(settings.DISCORD_APP_ID, redirect_uri=settings.DISCORD_CALLBACK_URL, scope=SCOPES)
url, state = oauth.authorization_url(AUTH_URL)
return url
@staticmethod
def _process_callback_code(code):
oauth = OAuth2Session(settings.DISCORD_APP_ID, redirect_uri=settings.DISCORD_CALLBACK_URL)
token = oauth.fetch_token(TOKEN_URL, client_secret=settings.DISCORD_APP_SECRET, code=code)
return token
@staticmethod
def add_user(code):
try:
token = DiscordOAuthManager._process_callback_code(code)['access_token']
logger.debug("Received token from OAuth")
custom_headers = {'accept': 'application/json', 'authorization': 'Bearer ' + token}
path = DISCORD_URL + "/invites/" + str(settings.DISCORD_INVITE_CODE)
r = requests.post(path, headers=custom_headers)
logger.debug("Got status code %s after accepting Discord invite" % r.status_code)
r.raise_for_status()
path = DISCORD_URL + "/users/@me"
r = requests.get(path, headers=custom_headers)
logger.debug("Got status code %s after retrieving Discord profile" % r.status_code)
r.raise_for_status()
user_id = r.json()['id']
logger.info("Added Discord user ID %s to server." % user_id)
return user_id
except:
logger.exception("Failed to add Discord user")
return None
@staticmethod
def update_nickname(user_id, nickname):
try:
custom_headers = {'content-type': 'application/json', 'authorization': 'Bot ' + settings.DISCORD_BOT_TOKEN}
data = {'nick': nickname, }
path = DISCORD_URL + "/guilds/" + str(settings.DISCORD_GUILD_ID) + "/members/" + str(user_id)
r = requests.patch(path, headers=custom_headers, json=data)
logger.debug("Got status code %s after setting nickname for Discord user ID %s (%s)" % (
r.status_code, user_id, nickname))
if r.status_code == 404:
logger.warn("Discord user ID %s could not be found in server." % user_id)
return True
r.raise_for_status()
return True
except:
logger.exception("Failed to set nickname for Discord user ID %s (%s)" % (user_id, nickname))
return False
@staticmethod
def delete_user(user_id):
try:
custom_headers = {'accept': 'application/json', 'authorization': 'Bot ' + settings.DISCORD_BOT_TOKEN}
path = DISCORD_URL + "/guilds/" + str(settings.DISCORD_GUILD_ID) + "/members/" + str(user_id)
r = requests.delete(path, headers=custom_headers)
logger.debug("Got status code %s after removing Discord user ID %s" % (r.status_code, user_id))
if r.status_code == 404:
logger.warn("Discord user ID %s already left the server." % user_id)
return True
r.raise_for_status()
return True
except:
logger.exception("Failed to remove Discord user ID %s" % user_id)
return False
@staticmethod
def __get_groups():
custom_headers = {'accept': 'application/json', 'authorization': 'Bot ' + settings.DISCORD_BOT_TOKEN}
path = DISCORD_URL + "/guilds/" + str(settings.DISCORD_GUILD_ID) + "/roles"
r = requests.get(path, headers=custom_headers)
logger.debug("Got status code %s after retrieving Discord roles" % r.status_code)
r.raise_for_status()
return r.json()
@staticmethod
def __update_group_cache():
GroupCache.objects.filter(service="discord").delete()
cache = GroupCache.objects.create(service="discord")
cache.groups = json.dumps(DiscordOAuthManager.__get_groups())
cache.save()
return cache
@staticmethod
def __get_group_cache():
if not GroupCache.objects.filter(service="discord").exists():
DiscordOAuthManager.__update_group_cache()
cache = GroupCache.objects.get(service="discord")
age = timezone.now() - cache.created
if age > GROUP_CACHE_MAX_AGE:
logger.debug("Group cache has expired. Triggering update.")
cache = DiscordOAuthManager.__update_group_cache()
return json.loads(cache.groups)
@staticmethod
def __group_name_to_id(name):
cache = DiscordOAuthManager.__get_group_cache()
for g in cache:
if g['name'] == name:
return g['id']
logger.debug("Group %s not found on Discord. Creating" % name)
DiscordOAuthManager.__create_group(name)
return DiscordOAuthManager.__group_name_to_id(name)
@staticmethod
def __group_id_to_name(id):
cache = DiscordOAuthManager.__get_group_cache()
for g in cache:
if g['id'] == id:
return g['name']
raise KeyError("Group ID %s not found on Discord" % id)
@staticmethod
def __generate_role():
custom_headers = {'accept': 'application/json', 'authorization': 'Bot ' + settings.DISCORD_BOT_TOKEN}
path = DISCORD_URL + "/guilds/" + str(settings.DISCORD_GUILD_ID) + "/roles"
r = requests.post(path, headers=custom_headers)
logger.debug("Received status code %s after generating new role." % r.status_code)
r.raise_for_status()
return r.json()
@staticmethod
def __edit_role(role_id, name, color=0, hoist=True, permissions=36785152):
custom_headers = {'content-type': 'application/json', 'authorization': 'Bot ' + settings.DISCORD_BOT_TOKEN}
data = {
'color': color,
'hoist': hoist,
'name': name,
'permissions': permissions,
}
path = DISCORD_URL + "/guilds/" + str(settings.DISCORD_GUILD_ID) + "/roles/" + str(role_id)
r = requests.patch(path, headers=custom_headers, data=json.dumps(data))
logger.debug("Received status code %s after editing role id %s" % (r.status_code, role_id))
r.raise_for_status()
return r.json()
@staticmethod
def __create_group(name):
role = DiscordOAuthManager.__generate_role()
DiscordOAuthManager.__edit_role(role['id'], name)
DiscordOAuthManager.__update_group_cache()
@staticmethod
def update_groups(user_id, groups):
custom_headers = {'content-type': 'application/json', 'authorization': 'Bot ' + settings.DISCORD_BOT_TOKEN}
group_ids = [DiscordOAuthManager.__group_name_to_id(DiscordOAuthManager._sanitize_groupname(g)) for g in groups]
path = DISCORD_URL + "/guilds/" + str(settings.DISCORD_GUILD_ID) + "/members/" + str(user_id)
data = {'roles': group_ids}
r = requests.patch(path, headers=custom_headers, json=data)
logger.debug("Received status code %s after setting user roles" % r.status_code)
r.raise_for_status()

26
services/modules/discord/migrations/0001_initial.py Normal file
View File

@@ -0,0 +1,26 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.2 on 2016-12-12 03:14
from __future__ import unicode_literals
from django.conf import settings
from django.db import migrations, models
import django.db.models.deletion
class Migration(migrations.Migration):
initial = True
dependencies = [
('auth', '0008_alter_user_username_max_length'),
]
operations = [
migrations.CreateModel(
name='DiscordUser',
fields=[
('user', models.OneToOneField(on_delete=django.db.models.deletion.CASCADE, primary_key=True, related_name='discord', serialize=False, to=settings.AUTH_USER_MODEL)),
('uid', models.CharField(max_length=254)),
],
),
]

0
services/modules/discord/migrations/__init__.py Normal file
View File

15
services/modules/discord/models.py Normal file
View File

@@ -0,0 +1,15 @@
from __future__ import unicode_literals
from django.utils.encoding import python_2_unicode_compatible
from django.contrib.auth.models import User
from django.db import models
class DiscordUser(models.Model):
user = models.OneToOneField(User,
primary_key=True,
on_delete=models.CASCADE,
related_name='discord')
uid = models.CharField(max_length=254)
def __str__(self):
return "{} - {}".format(self.user.username, self.uid)

131
services/modules/discord/tasks.py Normal file
View File

@@ -0,0 +1,131 @@
from __future__ import unicode_literals
import logging
from alliance_auth.celeryapp import app
from django.conf import settings
from django.contrib.auth.models import User
from django.core.exceptions import ObjectDoesNotExist
from eveonline.managers import EveManager
from notifications import notify
from services.modules.discord.manager import DiscordOAuthManager
from services.tasks import only_one
from .models import DiscordUser
logger = logging.getLogger(__name__)
class DiscordTasks:
def __init__(self):
pass
@classmethod
def add_user(cls, user, code):
user_id = DiscordOAuthManager.add_user(code)
if user_id:
discord_user = DiscordUser()
discord_user.user = user
discord_user.uid = user_id
discord_user.save()
if settings.DISCORD_SYNC_NAMES:
cls.update_nickname.delay(user.pk)
cls.update_groups.delay(user.pk)
return True
return False
@classmethod
def delete_user(cls, user, notify_user=False):
if cls.has_account(user):
logger.debug("User %s has discord account %s. Deleting." % (user, user.discord.uid))
if DiscordOAuthManager.delete_user(user.discord.uid):
user.discord.delete()
if notify_user:
notify(user, 'Discord Account Disabled', level='danger')
return True
return False
@classmethod
def has_account(cls, user):
"""
Check if the user has an account (has a DiscordUser record)
:param user: django.contrib.auth.models.User
:return: bool
"""
try:
user.discord
except ObjectDoesNotExist:
return False
else:
return True
@staticmethod
@app.task(bind=True)
def update_groups(task_self, pk):
user = User.objects.get(pk=pk)
logger.debug("Updating discord groups for user %s" % user)
if DiscordTasks.has_account(user):
groups = []
for group in user.groups.all():
groups.append(str(group.name))
if len(groups) == 0:
logger.debug("No syncgroups found for user. Adding empty group.")
groups.append('empty')
logger.debug("Updating user %s discord groups to %s" % (user, groups))
try:
DiscordOAuthManager.update_groups(user.discord.uid, groups)
except Exception as e:
if task_self:
logger.exception("Discord group sync failed for %s, retrying in 10 mins" % user)
raise task_self.retry(countdown=60 * 10)
else:
# Rethrow
raise e
logger.debug("Updated user %s discord groups." % user)
else:
logger.debug("User does not have a discord account, skipping")
@staticmethod
@app.task
def update_all_groups():
logger.debug("Updating ALL discord groups")
for discord_user in DiscordUser.objects.exclude(uid__exact=''):
DiscordTasks.update_groups.delay(discord_user.user.pk)
@staticmethod
@app.task(bind=True)
def update_nickname(self, pk):
user = User.objects.get(pk=pk)
logger.debug("Updating discord nickname for user %s" % user)
if DiscordTasks.has_account(user):
character = EveManager.get_main_character(user)
logger.debug("Updating user %s discord nickname to %s" % (user, character.character_name))
try:
DiscordOAuthManager.update_nickname(user.discord.uid, character.character_name)
except Exception as e:
if self:
logger.exception("Discord nickname sync failed for %s, retrying in 10 mins" % user)
raise self.retry(countdown=60 * 10)
else:
# Rethrow
raise e
logger.debug("Updated user %s discord nickname." % user)
else:
logger.debug("User %s does not have a discord account" % user)
@staticmethod
@app.task
def update_all_nicknames():
logger.debug("Updating ALL discord nicknames")
for discord_user in DiscordUser.objects.exclude(uid__exact=''):
DiscordTasks.update_nickname.delay(discord_user.user.user_id)
@classmethod
def disable(cls):
if settings.ENABLE_AUTH_DISCORD:
logger.warn(
"ENABLE_AUTH_DISCORD still True, after disabling users will still be able to link Discord accounts")
if settings.ENABLE_BLUE_DISCORD:
logger.warn(
"ENABLE_BLUE_DISCORD still True, after disabling blues will still be able to link Discord accounts")
DiscordUser.objects.all().delete()

27
services/modules/discord/templates/registered/discord_service_ctrl.html Normal file
View File

@@ -0,0 +1,27 @@
{% load i18n %}
<tr>
<td class="text-center">Discord</td>
<td class="text-center"></td>
<td class="text-center"><a href="https://discordapp.com/channels/{{ DISCORD_SERVER_ID }}/{{ DISCORD_SERVER_ID}}">https://discordapp.com</a></td>
<td class="text-center">
{% if not discord_uid %}
<a href="{% url 'auth_activate_discord' %}" class="btn btn-warning">
<span class="glyphicon glyphicon-ok"></span>
</a>
{% else %}
<a href="{% url 'auth_reset_discord' %}" class="btn btn-primary">
<span class="glyphicon glyphicon-refresh"></span>
</a>
<a href="{% url 'auth_deactivate_discord' %}" class="btn btn-danger">
<span class="glyphicon glyphicon-remove"></span>
</a>
{% endif %}
{% if request.user.is_superuser %}
<div class="text-center" style="padding-top:5px;">
<a type="button" class="btn btn-success" href="{% url 'auth_discord_add_bot' %}">{% trans "Link Discord" %} Server</a>
</div>
{% endif %}
</td>
</tr>

193
services/modules/discord/tests.py Normal file
View File

@@ -0,0 +1,193 @@
from __future__ import unicode_literals
try:
# Py3
from unittest import mock
except ImportError:
# Py2
import mock
from django.test import TestCase, RequestFactory
from django.conf import settings
from django.contrib.auth.models import User
from django.core.exceptions import ObjectDoesNotExist
from alliance_auth.tests.auth_utils import AuthUtils
from .auth_hooks import DiscordService
from .models import DiscordUser
from .tasks import DiscordTasks
MODULE_PATH = 'services.modules.discord'
class DiscordHooksTestCase(TestCase):
def setUp(self):
self.member = 'member_user'
member = AuthUtils.create_member(self.member)
DiscordUser.objects.create(user=member, uid='12345')
self.blue = 'blue_user'
blue = AuthUtils.create_blue(self.blue)
DiscordUser.objects.create(user=blue, uid='67891')
self.none_user = 'none_user'
none_user = AuthUtils.create_user(self.none_user)
self.service = DiscordService
def test_has_account(self):
member = User.objects.get(username=self.member)
blue = User.objects.get(username=self.blue)
none_user = User.objects.get(username=self.none_user)
self.assertTrue(DiscordTasks.has_account(member))
self.assertTrue(DiscordTasks.has_account(blue))
self.assertFalse(DiscordTasks.has_account(none_user))
def test_service_enabled(self):
service = self.service()
member = User.objects.get(username=self.member)
blue = User.objects.get(username=self.blue)
none_user = User.objects.get(username=self.none_user)
self.assertTrue(service.service_enabled_members())
self.assertTrue(service.service_enabled_blues())
self.assertTrue(service.service_active_for_user(member))
self.assertTrue(service.service_active_for_user(blue))
self.assertFalse(service.service_active_for_user(none_user))
@mock.patch(MODULE_PATH + '.tasks.DiscordOAuthManager')
def test_update_all_groups(self, manager):
service = self.service()
service.update_all_groups()
# Check member and blue user have groups updated
self.assertTrue(manager.update_groups.called)
self.assertEqual(manager.update_groups.call_count, 2)
def test_update_groups(self):
# Check member has Member group updated
with mock.patch(MODULE_PATH + '.tasks.DiscordOAuthManager') as manager:
service = self.service()
member = User.objects.get(username=self.member)
service.update_groups(member)
self.assertTrue(manager.update_groups.called)
args, kwargs = manager.update_groups.call_args
user_id, groups = args
self.assertIn(settings.DEFAULT_AUTH_GROUP, groups)
self.assertEqual(user_id, member.discord.uid)
# Check none user does not have groups updated
with mock.patch(MODULE_PATH + '.tasks.DiscordOAuthManager') as manager:
service = self.service()
none_user = User.objects.get(username=self.none_user)
service.update_groups(none_user)
self.assertFalse(manager.update_groups.called)
@mock.patch(MODULE_PATH + '.tasks.DiscordOAuthManager')
def test_validate_user(self, manager):
service = self.service()
# Test member is not deleted
member = User.objects.get(username=self.member)
service.validate_user(member)
self.assertTrue(member.discord)
# Test none user is deleted
none_user = User.objects.get(username=self.none_user)
DiscordUser.objects.create(user=none_user, uid='abc123')
service.validate_user(none_user)
self.assertTrue(manager.delete_user.called)
with self.assertRaises(ObjectDoesNotExist):
none_discord = User.objects.get(username=self.none_user).discord
@mock.patch(MODULE_PATH + '.tasks.DiscordOAuthManager')
def test_sync_nickname(self, manager):
service = self.service()
member = User.objects.get(username=self.member)
AuthUtils.add_main_character(member, 'test user', '12345', corp_ticker='AAUTH')
service.sync_nickname(member)
self.assertTrue(manager.update_nickname.called)
args, kwargs = manager.update_nickname.call_args
self.assertEqual(args[0], member.discord.uid)
self.assertEqual(args[1], 'test user')
@mock.patch(MODULE_PATH + '.tasks.DiscordOAuthManager')
def test_delete_user(self, manager):
member = User.objects.get(username=self.member)
service = self.service()
result = service.delete_user(member)
self.assertTrue(result)
self.assertTrue(manager.delete_user.called)
with self.assertRaises(ObjectDoesNotExist):
discord_user = User.objects.get(username=self.member).discord
def test_render_services_ctrl(self):
service = self.service()
member = User.objects.get(username=self.member)
request = RequestFactory().get('/en/services/')
request.user = member
response = service.render_services_ctrl(request)
self.assertTemplateUsed(service.service_ctrl_template)
self.assertIn('/discord/reset/', response)
self.assertIn('/discord/deactivate/', response)
# Test register becomes available
member.discord.delete()
member = User.objects.get(username=self.member)
request.user = member
response = service.render_services_ctrl(request)
self.assertIn('/discord/activate/', response)
# TODO: Test update nicknames
class DiscordViewsTestCase(TestCase):
def setUp(self):
self.member = AuthUtils.create_member('auth_member')
self.member.set_password('password')
self.member.save()
def login(self):
self.client.login(username=self.member.username, password='password')
@mock.patch(MODULE_PATH + '.views.DiscordOAuthManager')
def test_activate(self, manager):
self.login()
manager.generate_oauth_redirect_url.return_value = '/example.com/oauth/'
response = self.client.get('/discord/activate/', follow=False)
self.assertRedirects(response, expected_url='/example.com/oauth/', target_status_code=404)
@mock.patch(MODULE_PATH + '.tasks.DiscordOAuthManager')
def test_callback(self, manager):
self.login()
manager.add_user.return_value = '1234'
response = self.client.get('/discord/callback/', data={'code': '1234'})
self.assertTrue(manager.add_user.called)
self.assertEqual(manager.update_nickname.called, settings.DISCORD_SYNC_NAMES)
self.assertEqual(self.member.discord.uid, '1234')
self.assertRedirects(response, expected_url='/en/services/', target_status_code=200)
@mock.patch(MODULE_PATH + '.tasks.DiscordOAuthManager')
def test_reset(self, manager):
self.login()
DiscordUser.objects.create(user=self.member, uid='12345')
manager.delete_user.return_value = True
response = self.client.get('/discord/reset/')
self.assertRedirects(response, expected_url='/discord/activate/', target_status_code=302)
@mock.patch(MODULE_PATH + '.tasks.DiscordOAuthManager')
def test_deactivate(self, manager):
self.login()
DiscordUser.objects.create(user=self.member, uid='12345')
manager.delete_user.return_value = True
response = self.client.get('/discord/deactivate/')
self.assertTrue(manager.delete_user.called)
self.assertRedirects(response, expected_url='/en/services/', target_status_code=200)
with self.assertRaises(ObjectDoesNotExist):
discord_user = User.objects.get(pk=self.member.pk).discord

17
services/modules/discord/urls.py Normal file
View File

@@ -0,0 +1,17 @@
from __future__ import unicode_literals
from django.conf.urls import url, include
from . import views
module_urls = [
# Discord Service Control
url(r'^activate/$', views.activate_discord, name='auth_activate_discord'),
url(r'^deactivate/$', views.deactivate_discord, name='auth_deactivate_discord'),
url(r'^reset/$', views.reset_discord, name='auth_reset_discord'),
url(r'^callback/$', views.discord_callback, name='auth_discord_callback'),
url(r'^add_bot/$', views.discord_add_bot, name='auth_discord_add_bot'),
]
urlpatterns = [
url(r'^discord/', include(module_urls))
]

71
services/modules/discord/views.py Normal file
View File

@@ -0,0 +1,71 @@
from __future__ import unicode_literals
import logging
from django.contrib import messages
from django.contrib.auth.decorators import login_required
from django.contrib.auth.decorators import user_passes_test
from django.shortcuts import redirect
from authentication.decorators import members_and_blues
from .manager import DiscordOAuthManager
from .tasks import DiscordTasks
from services.views import superuser_test
logger = logging.getLogger(__name__)
@login_required
@members_and_blues()
def deactivate_discord(request):
logger.debug("deactivate_discord called by user %s" % request.user)
if DiscordTasks.delete_user(request.user):
logger.info("Successfully deactivated discord for user %s" % request.user)
messages.success(request, 'Deactivated Discord account.')
else:
logger.error("Unsuccessful attempt to deactivate discord for user %s" % request.user)
messages.error(request, 'An error occurred while processing your Discord account.')
return redirect("auth_services")
@login_required
@members_and_blues()
def reset_discord(request):
logger.debug("reset_discord called by user %s" % request.user)
if DiscordTasks.delete_user(request.user):
logger.info("Successfully deleted discord user for user %s - forwarding to discord activation." % request.user)
return redirect("auth_activate_discord")
logger.error("Unsuccessful attempt to reset discord for user %s" % request.user)
messages.error(request, 'An error occurred while processing your Discord account.')
return redirect("auth_services")
@login_required
@members_and_blues()
def activate_discord(request):
logger.debug("activate_discord called by user %s" % request.user)
return redirect(DiscordOAuthManager.generate_oauth_redirect_url())
@login_required
@members_and_blues()
def discord_callback(request):
logger.debug("Received Discord callback for activation of user %s" % request.user)
code = request.GET.get('code', None)
if not code:
logger.warn("Did not receive OAuth code from callback of user %s" % request.user)
return redirect("auth_services")
if DiscordTasks.add_user(request.user, code):
logger.info("Successfully activated Discord for user %s" % request.user)
messages.success(request, 'Activated Discord account.')
else:
logger.error("Failed to activate Discord for user %s" % request.user)
messages.error(request, 'An error occurred while processing your Discord account.')
return redirect("auth_services")
@login_required
@user_passes_test(superuser_test)
def discord_add_bot(request):
return redirect(DiscordOAuthManager.generate_bot_add_url())

0
services/modules/discourse/__init__.py Normal file
View File

10
services/modules/discourse/admin.py Normal file
View File

@@ -0,0 +1,10 @@
from __future__ import unicode_literals
from django.contrib import admin
from .models import DiscourseUser
class DiscourseUserAdmin(admin.ModelAdmin):
list_display = ('user',)
search_fields = ('user__username',)
admin.site.register(DiscourseUser, DiscourseUserAdmin)

7
services/modules/discourse/apps.py Normal file
View File

@@ -0,0 +1,7 @@
from __future__ import unicode_literals
from django.apps import AppConfig
class DiscourseServiceConfig(AppConfig):
name = 'discourse'

57
services/modules/discourse/auth_hooks.py Normal file
View File

@@ -0,0 +1,57 @@
from __future__ import unicode_literals
from django.conf import settings
from django.template.loader import render_to_string
from services.hooks import ServicesHook
from alliance_auth import hooks
from eveonline.managers import EveManager
from .urls import urlpatterns
from .tasks import DiscourseTasks
import logging
logger = logging.getLogger(__name__)
class DiscourseService(ServicesHook):
def __init__(self):
ServicesHook.__init__(self)
self.urlpatterns = urlpatterns
self.name = 'discourse'
self.service_ctrl_template = 'registered/discourse_service_ctrl.html'
def delete_user(self, user, notify_user=False):
logger.debug('Deleting user %s %s account' % (user, self.name))
return DiscourseTasks.delete_user(user, notify_user=notify_user)
def update_groups(self, user):
logger.debug('Processing %s groups for %s' % (self.name, user))
if DiscourseTasks.has_account(user):
DiscourseTasks.update_groups.delay(user.pk)
def validate_user(self, user):
logger.debug('Validating user %s %s account' % (user, self.name))
if DiscourseTasks.has_account(user) and not self.service_active_for_user(user):
self.delete_user(user, notify_user=True)
def update_all_groups(self):
logger.debug('Update all %s groups called' % self.name)
DiscourseTasks.update_all_groups.delay()
def service_enabled_members(self):
return settings.ENABLE_AUTH_DISCOURSE or False
def service_enabled_blues(self):
return settings.ENABLE_BLUE_DISCOURSE or False
def render_services_ctrl(self, request):
return render_to_string(self.service_ctrl_template, {
'char': EveManager.get_main_character(request.user)
}, request=request)
@hooks.register('services_hook')
def register_service():
return DiscourseService()

381
services/modules/discourse/manager.py Normal file
View File

@@ -0,0 +1,381 @@
from __future__ import unicode_literals
import logging
import requests
import random
import string
import datetime
import json
import re
from django.conf import settings
from django.utils import timezone
from services.models import GroupCache
logger = logging.getLogger(__name__)
class DiscourseError(Exception):
def __init__(self, endpoint, errors):
self.endpoint = endpoint
self.errors = errors
def __str__(self):
return "API execution failed.\nErrors: %s\nEndpoint: %s" % (self.errors, self.endpoint)
# not exhaustive, only the ones we need
ENDPOINTS = {
'groups': {
'list': {
'path': "/admin/groups.json",
'method': requests.get,
'args': {
'required': [],
'optional': [],
},
},
'create': {
'path': "/admin/groups",
'method': requests.post,
'args': {
'required': ['name'],
'optional': ['visible'],
}
},
'add_user': {
'path': "/admin/groups/%s/members.json",
'method': requests.put,
'args': {
'required': ['usernames'],
'optional': [],
},
},
'remove_user': {
'path': "/admin/groups/%s/members.json",
'method': requests.delete,
'args': {
'required': ['username'],
'optional': [],
},
},
'delete': {
'path': "/admin/groups/%s.json",
'method': requests.delete,
'args': {
'required': [],
'optional': [],
},
},
},
'users': {
'create': {
'path': "/users",
'method': requests.post,
'args': {
'required': ['name', 'email', 'password', 'username'],
'optional': ['active'],
},
},
'update': {
'path': "/users/%s.json",
'method': requests.put,
'args': {
'required': ['params'],
'optional': [],
}
},
'get': {
'path': "/users/%s.json",
'method': requests.get,
'args': {
'required': [],
'optional': [],
},
},
'activate': {
'path': "/admin/users/%s/activate",
'method': requests.put,
'args': {
'required': [],
'optional': [],
},
},
'set_email': {
'path': "/users/%s/preferences/email",
'method': requests.put,
'args': {
'required': ['email'],
'optional': [],
},
},
'suspend': {
'path': "/admin/users/%s/suspend",
'method': requests.put,
'args': {
'required': ['duration', 'reason'],
'optional': [],
},
},
'unsuspend': {
'path': "/admin/users/%s/unsuspend",
'method': requests.put,
'args': {
'required': [],
'optional': [],
},
},
'logout': {
'path': "/admin/users/%s/log_out",
'method': requests.post,
'args': {
'required': [],
'optional': [],
},
},
'external': {
'path': "/users/by-external/%s.json",
'method': requests.get,
'args': {
'required': [],
'optional': [],
},
},
},
}
class DiscourseManager:
def __init__(self):
pass
GROUP_CACHE_MAX_AGE = datetime.timedelta(minutes=30)
REVOKED_EMAIL = 'revoked@' + settings.DOMAIN
SUSPEND_DAYS = 99999
SUSPEND_REASON = "Disabled by auth."
@staticmethod
def __exc(endpoint, *args, **kwargs):
params = {
'api_key': settings.DISCOURSE_API_KEY,
'api_username': settings.DISCOURSE_API_USERNAME,
}
silent = kwargs.pop('silent', False)
if args:
endpoint['parsed_url'] = endpoint['path'] % args
else:
endpoint['parsed_url'] = endpoint['path']
data = {}
for arg in endpoint['args']['required']:
data[arg] = kwargs[arg]
for arg in endpoint['args']['optional']:
if arg in kwargs:
data[arg] = kwargs[arg]
for arg in kwargs:
if arg not in endpoint['args']['required'] and arg not in endpoint['args']['optional'] and not silent:
logger.warn("Received unrecognized kwarg %s for endpoint %s" % (arg, endpoint))
r = endpoint['method'](settings.DISCOURSE_URL + endpoint['parsed_url'], params=params, json=data)
try:
if 'errors' in r.json() and not silent:
logger.error("Discourse execution failed.\nEndpoint: %s\nErrors: %s" % (endpoint, r.json()['errors']))
raise DiscourseError(endpoint, r.json()['errors'])
if 'success' in r.json():
if not r.json()['success'] and not silent:
raise DiscourseError(endpoint, None)
out = r.json()
except ValueError:
out = r.text
finally:
try:
r.raise_for_status()
except requests.exceptions.HTTPError as e:
raise DiscourseError(endpoint, e.response.status_code)
return out
@staticmethod
def __generate_random_pass():
return ''.join([random.choice(string.ascii_letters + string.digits) for n in range(16)])
@staticmethod
def __get_groups():
endpoint = ENDPOINTS['groups']['list']
data = DiscourseManager.__exc(endpoint)
return [g for g in data if not g['automatic']]
@staticmethod
def __update_group_cache():
GroupCache.objects.filter(service="discourse").delete()
cache = GroupCache.objects.create(service="discourse")
cache.groups = json.dumps(DiscourseManager.__get_groups())
cache.save()
return cache
@staticmethod
def __get_group_cache():
if not GroupCache.objects.filter(service="discourse").exists():
DiscourseManager.__update_group_cache()
cache = GroupCache.objects.get(service="discourse")
age = timezone.now() - cache.created
if age > DiscourseManager.GROUP_CACHE_MAX_AGE:
logger.debug("Group cache has expired. Triggering update.")
cache = DiscourseManager.__update_group_cache()
return json.loads(cache.groups)
@staticmethod
def __create_group(name):
endpoint = ENDPOINTS['groups']['create']
DiscourseManager.__exc(endpoint, name=name[:20], visible=True)
DiscourseManager.__update_group_cache()
@staticmethod
def __group_name_to_id(name):
cache = DiscourseManager.__get_group_cache()
for g in cache:
if g['name'] == name[0:20]:
return g['id']
logger.debug("Group %s not found on Discourse. Creating" % name)
DiscourseManager.__create_group(name)
return DiscourseManager.__group_name_to_id(name)
@staticmethod
def __group_id_to_name(id):
cache = DiscourseManager.__get_group_cache()
for g in cache:
if g['id'] == id:
return g['name']
raise KeyError("Group ID %s not found on Discourse" % id)
@staticmethod
def __add_user_to_group(id, username):
endpoint = ENDPOINTS['groups']['add_user']
DiscourseManager.__exc(endpoint, id, usernames=[username])
@staticmethod
def __remove_user_from_group(id, username):
endpoint = ENDPOINTS['groups']['remove_user']
DiscourseManager.__exc(endpoint, id, username=username)
@staticmethod
def __generate_group_dict(names):
group_dict = {}
for name in names:
group_dict[name] = DiscourseManager.__group_name_to_id(name)
return group_dict
@staticmethod
def __get_user_groups(username):
data = DiscourseManager.__get_user(username)
return [g['id'] for g in data['user']['groups'] if not g['automatic']]
@staticmethod
def __user_name_to_id(name, silent=False):
data = DiscourseManager.__get_user(name, silent=silent)
return data['user']['id']
@staticmethod
def __user_id_to_name(id):
raise NotImplementedError
@staticmethod
def __get_user(username, silent=False):
endpoint = ENDPOINTS['users']['get']
return DiscourseManager.__exc(endpoint, username, silent=silent)
@staticmethod
def __activate_user(username):
endpoint = ENDPOINTS['users']['activate']
id = DiscourseManager.__user_name_to_id(username)
DiscourseManager.__exc(endpoint, id)
@staticmethod
def __update_user(username, **kwargs):
endpoint = ENDPOINTS['users']['update']
id = DiscourseManager.__user_name_to_id(username)
DiscourseManager.__exc(endpoint, id, params=kwargs)
@staticmethod
def __create_user(username, email, password):
endpoint = ENDPOINTS['users']['create']
DiscourseManager.__exc(endpoint, name=username, username=username, email=email, password=password, active=True)
@staticmethod
def __check_if_user_exists(username):
try:
DiscourseManager.__user_name_to_id(username, silent=True)
return True
except:
return False
@staticmethod
def __suspend_user(username):
id = DiscourseManager.__user_name_to_id(username)
endpoint = ENDPOINTS['users']['suspend']
return DiscourseManager.__exc(endpoint, id, duration=DiscourseManager.SUSPEND_DAYS,
reason=DiscourseManager.SUSPEND_REASON)
@staticmethod
def __unsuspend(username):
id = DiscourseManager.__user_name_to_id(username)
endpoint = ENDPOINTS['users']['unsuspend']
return DiscourseManager.__exc(endpoint, id)
@staticmethod
def __set_email(username, email):
endpoint = ENDPOINTS['users']['set_email']
return DiscourseManager.__exc(endpoint, username, email=email)
@staticmethod
def __logout(id):
endpoint = ENDPOINTS['users']['logout']
return DiscourseManager.__exc(endpoint, id)
@staticmethod
def __get_user_by_external(id):
endpoint = ENDPOINTS['users']['external']
return DiscourseManager.__exc(endpoint, id)
@staticmethod
def __user_id_by_external_id(id):
data = DiscourseManager.__get_user_by_external(id)
return data['user']['id']
@staticmethod
def _sanitize_username(username):
sanitized = username.replace(" ", "_")
sanitized = sanitized.strip(' _')
sanitized = sanitized.replace("'", "")
return sanitized
@staticmethod
def _sanitize_groupname(name):
name = name.strip(' _')
name = re.sub('[^\w]', '', name)
if len(name) < 3:
name = name + "".join('_' for i in range(3-len(name)))
return name[:20]
@staticmethod
def update_groups(user):
groups = []
for g in user.groups.all():
groups.append(DiscourseManager._sanitize_groupname(str(g)[:20]))
logger.debug("Updating discourse user %s groups to %s" % (user, groups))
group_dict = DiscourseManager.__generate_group_dict(groups)
inv_group_dict = {v: k for k, v in group_dict.items()}
username = DiscourseManager.__get_user_by_external(user.pk)['user']['username']
user_groups = DiscourseManager.__get_user_groups(username)
add_groups = [group_dict[x] for x in group_dict if not group_dict[x] in user_groups]
rem_groups = [x for x in user_groups if not x in inv_group_dict]
if add_groups or rem_groups:
logger.info(
"Updating discourse user %s groups: adding %s, removing %s" % (username, add_groups, rem_groups))
for g in add_groups:
DiscourseManager.__add_user_to_group(g, username)
for g in rem_groups:
DiscourseManager.__remove_user_from_group(g, username)
@staticmethod
def disable_user(user):
logger.debug("Disabling user %s Discourse access." % user)
d_user = DiscourseManager.__get_user_by_external(user.pk)
DiscourseManager.__logout(d_user['user']['id'])
DiscourseManager.__suspend_user(d_user['user']['username'])
logger.info("Disabled user %s Discourse access." % user)
return True

26
services/modules/discourse/migrations/0001_initial.py Normal file
View File

@@ -0,0 +1,26 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.2 on 2016-12-12 03:15
from __future__ import unicode_literals
from django.conf import settings
from django.db import migrations, models
import django.db.models.deletion
class Migration(migrations.Migration):
initial = True
dependencies = [
('auth', '0008_alter_user_username_max_length'),
]
operations = [
migrations.CreateModel(
name='DiscourseUser',
fields=[
('user', models.OneToOneField(on_delete=django.db.models.deletion.CASCADE, primary_key=True, related_name='discourse', serialize=False, to=settings.AUTH_USER_MODEL)),
('enabled', models.BooleanField()),
],
),
]

0
services/modules/discourse/migrations/__init__.py Normal file
View File

15
services/modules/discourse/models.py Normal file
View File

@@ -0,0 +1,15 @@
from __future__ import unicode_literals
from django.utils.encoding import python_2_unicode_compatible
from django.contrib.auth.models import User
from django.db import models
class DiscourseUser(models.Model):
user = models.OneToOneField(User,
primary_key=True,
on_delete=models.CASCADE,
related_name='discourse')
enabled = models.BooleanField()
def __str__(self):
return self.user.username

62
services/modules/discourse/tasks.py Normal file
View File

@@ -0,0 +1,62 @@
from __future__ import unicode_literals
from alliance_auth.celeryapp import app
from django.contrib.auth.models import User
from django.core.exceptions import ObjectDoesNotExist
from notifications import notify
from services.tasks import only_one
from .manager import DiscourseManager
from .models import DiscourseUser
import logging
logger = logging.getLogger(__name__)
class DiscourseTasks:
def __init__(self):
pass
@classmethod
def delete_user(cls, user, notify_user=False):
if cls.has_account(user) and user.discourse.enabled:
logger.debug("User %s has a Discourse account. Disabling login." % user)
if DiscourseManager.disable_user(user):
user.discourse.delete()
if notify_user:
notify(user, 'Discourse Account Disabled', level='danger')
return True
return False
@staticmethod
def has_account(user):
"""
Check if the user has a discourse account
:param user: django.contrib.auth.models.User
:return: bool
"""
try:
return user.discourse.enabled
except ObjectDoesNotExist:
return False
@staticmethod
@app.task(bind=True)
def update_groups(self, pk):
user = User.objects.get(pk=pk)
logger.debug("Updating discourse groups for user %s" % user)
try:
DiscourseManager.update_groups(user)
except:
logger.warn("Discourse group sync failed for %s, retrying in 10 mins" % user)
raise self.retry(countdown=60 * 10)
logger.debug("Updated user %s discourse groups." % user)
@staticmethod
@app.task
def update_all_groups():
logger.debug("Updating ALL discourse groups")
for discourse_user in DiscourseUser.objects.filter(enabled=True):
DiscourseTasks.update_groups.delay(discourse_user.user.pk)

8
services/modules/discourse/templates/registered/discourse_service_ctrl.html Normal file
View File

@@ -0,0 +1,8 @@
{% load i18n %}
<td class="text-center">Discourse</td>
<td class="text-center">{{ char.character_name }}</td>
<td class="text-center"><a href="{{ DISCOURSE_URL }}">{{ DISCOURSE_URL }}</a></td>
<td class="text-center">
<a class="btn btn-success" href="{{ DISCOURSE_URL }}"><span class="glyphicon glyphicon-arrow-right"></span></a>
</td>

135
services/modules/discourse/tests.py Normal file
View File

@@ -0,0 +1,135 @@
from __future__ import unicode_literals
try:
# Py3
from unittest import mock
except ImportError:
# Py2
import mock
from django.test import TestCase, RequestFactory
from django.conf import settings
from django.contrib.auth.models import User
from django.core.exceptions import ObjectDoesNotExist
from alliance_auth.tests.auth_utils import AuthUtils
from .auth_hooks import DiscourseService
from .models import DiscourseUser
from .tasks import DiscourseTasks
MODULE_PATH = 'services.modules.discourse'
class DiscourseHooksTestCase(TestCase):
def setUp(self):
self.member = 'member_user'
member = AuthUtils.create_member(self.member)
DiscourseUser.objects.create(user=member, enabled=True)
self.blue = 'blue_user'
blue = AuthUtils.create_blue(self.blue)
DiscourseUser.objects.create(user=blue, enabled=True)
self.none_user = 'none_user'
none_user = AuthUtils.create_user(self.none_user)
self.service = DiscourseService
def test_has_account(self):
member = User.objects.get(username=self.member)
blue = User.objects.get(username=self.blue)
none_user = User.objects.get(username=self.none_user)
self.assertTrue(DiscourseTasks.has_account(member))
self.assertTrue(DiscourseTasks.has_account(blue))
self.assertFalse(DiscourseTasks.has_account(none_user))
def test_service_enabled(self):
service = self.service()
member = User.objects.get(username=self.member)
blue = User.objects.get(username=self.blue)
none_user = User.objects.get(username=self.none_user)
self.assertTrue(service.service_enabled_members())
self.assertTrue(service.service_enabled_blues())
self.assertEqual(service.service_active_for_user(member), settings.ENABLE_AUTH_DISCOURSE)
self.assertEqual(service.service_active_for_user(blue), settings.ENABLE_BLUE_DISCOURSE)
self.assertFalse(service.service_active_for_user(none_user))
@mock.patch(MODULE_PATH + '.tasks.DiscourseManager')
def test_update_all_groups(self, manager):
service = self.service()
service.update_all_groups()
# Check member and blue user have groups updated
self.assertTrue(manager.update_groups.called)
self.assertEqual(manager.update_groups.call_count, 2)
def test_update_groups(self):
# Check member has Member group updated
with mock.patch(MODULE_PATH + '.tasks.DiscourseManager') as manager:
service = self.service()
member = User.objects.get(username=self.member)
service.update_groups(member)
self.assertTrue(manager.update_groups.called)
args, kwargs = manager.update_groups.call_args
user, = args
self.assertEqual(user, member)
# Check none user does not have groups updated
with mock.patch(MODULE_PATH + '.tasks.DiscourseManager') as manager:
service = self.service()
none_user = User.objects.get(username=self.none_user)
service.update_groups(none_user)
self.assertFalse(manager.update_groups.called)
@mock.patch(MODULE_PATH + '.tasks.DiscourseManager')
def test_validate_user(self, manager):
service = self.service()
# Test member is not deleted
member = User.objects.get(username=self.member)
service.validate_user(member)
self.assertTrue(member.discourse)
# Test none user is deleted
none_user = User.objects.get(username=self.none_user)
DiscourseUser.objects.create(user=none_user, enabled=True)
service.validate_user(none_user)
self.assertTrue(manager.disable_user.called)
with self.assertRaises(ObjectDoesNotExist):
none_discourse = User.objects.get(username=self.none_user).discourse
@mock.patch(MODULE_PATH + '.tasks.DiscourseManager')
def test_delete_user(self, manager):
member = User.objects.get(username=self.member)
service = self.service()
result = service.delete_user(member)
self.assertTrue(result)
self.assertTrue(manager.disable_user.called)
with self.assertRaises(ObjectDoesNotExist):
discourse_user = User.objects.get(username=self.member).discourse
def test_render_services_ctrl(self):
service = self.service()
member = User.objects.get(username=self.member)
request = RequestFactory().get('/en/services/')
request.user = member
response = service.render_services_ctrl(request)
self.assertTemplateUsed(service.service_ctrl_template)
self.assertIn('href="%s"' % settings.DISCOURSE_URL, response)
class DiscourseViewsTestCase(TestCase):
def setUp(self):
self.member = AuthUtils.create_member('auth_member')
self.member.set_password('password')
self.member.save()
AuthUtils.add_main_character(self.member, 'auth_member', '12345', corp_id='111', corp_name='Test Corporation')
@mock.patch(MODULE_PATH + '.tasks.DiscourseManager')
def test_sso_member(self, manager):
self.client.login(username=self.member.username, password='password')
data = {'sso': 'bm9uY2U9Y2I2ODI1MWVlZmI1MjExZTU4YzAwZmYxMzk1ZjBjMGI%3D%0A',
'sig': '2828aa29899722b35a2f191d34ef9b3ce695e0e6eeec47deb46d588d70c7cb56'}
response = self.client.get('/discourse/sso', data=data, follow=False)
self.assertEqual(response.status_code, 302)
self.assertEqual(response.url[:37], 'https://example.com/session/sso_login')

9
services/modules/discourse/urls.py Normal file
View File

@@ -0,0 +1,9 @@
from __future__ import unicode_literals
from django.conf.urls import url
from . import views
urlpatterns = [
# Discourse Service Control
url(r'^discourse/sso$', views.discourse_sso, name='auth_discourse_sso'),
]

119
services/modules/discourse/views.py Normal file
View File

@@ -0,0 +1,119 @@
from __future__ import unicode_literals
from django.conf import settings
from django.contrib import messages
from django.contrib.auth.decorators import login_required
from django.shortcuts import render, redirect
from authentication.states import MEMBER_STATE, BLUE_STATE, NONE_STATE
from eveonline.models import EveCharacter
from eveonline.managers import EveManager
from authentication.models import AuthServicesInfo
from .manager import DiscourseManager
from .tasks import DiscourseTasks
from .models import DiscourseUser
import base64
import hmac
import hashlib
try:
from urllib import unquote, urlencode
except ImportError: #py3
from urllib.parse import unquote, urlencode
try:
from urlparse import parse_qs
except ImportError: #py3
from urllib.parse import parse_qs
import logging
logger = logging.getLogger(__name__)
@login_required
def discourse_sso(request):
## Check if user has access
auth = AuthServicesInfo.objects.get(user=request.user)
if not request.user.is_superuser:
if not settings.ENABLE_AUTH_DISCOURSE and auth.state == MEMBER_STATE:
messages.error(request, 'Members are not authorized to access Discourse.')
return redirect('auth_dashboard')
elif not settings.ENABLE_BLUE_DISCOURSE and auth.state == BLUE_STATE:
messages.error(request, 'Blues are not authorized to access Discourse.')
return redirect('auth_dashboard')
elif auth.state == NONE_STATE:
messages.error(request, 'You are not authorized to access Discourse.')
return redirect('auth_dashboard')
if not auth.main_char_id:
messages.error(request, "You must have a main character set to access Discourse.")
return redirect('auth_characters')
main_char = EveManager.get_main_character(request.user)
if main_char is None:
messages.error(request, "Your main character is missing a database model. Please select a new one.")
return redirect('auth_characters')
payload = request.GET.get('sso')
signature = request.GET.get('sig')
if None in [payload, signature]:
messages.error(request, 'No SSO payload or signature. Please contact support if this problem persists.')
return redirect('auth_dashboard')
## Validate the payload
try:
payload = unquote(payload).encode('utf-8')
decoded = base64.decodestring(payload).decode('utf-8')
assert 'nonce' in decoded
assert len(payload) > 0
except AssertionError:
messages.error(request, 'Invalid payload. Please contact support if this problem persists.')
return redirect('auth_dashboard')
key = str(settings.DISCOURSE_SSO_SECRET).encode('utf-8')
h = hmac.new(key, payload, digestmod=hashlib.sha256)
this_signature = h.hexdigest()
if this_signature != signature:
messages.error(request, 'Invalid payload. Please contact support if this problem persists.')
return redirect('auth_dashboard')
## Build the return payload
username = DiscourseManager._sanitize_username(main_char.character_name)
qs = parse_qs(decoded)
params = {
'nonce': qs['nonce'][0],
'email': request.user.email,
'external_id': request.user.pk,
'username': username,
'name': username,
}
if auth.main_char_id:
params['avatar_url'] = 'https://image.eveonline.com/Character/%s_256.jpg' % auth.main_char_id
return_payload = base64.encodestring(urlencode(params).encode('utf-8'))
h = hmac.new(key, return_payload, digestmod=hashlib.sha256)
query_string = urlencode({'sso': return_payload, 'sig': h.hexdigest()})
## Record activation and queue group sync
if not DiscourseTasks.has_account(request.user):
discourse_user = DiscourseUser()
discourse_user.user = request.user
discourse_user.enabled = True
discourse_user.save()
DiscourseTasks.update_groups.apply_async(args=[request.user.pk], countdown=30) # wait 30s for new user creation on Discourse
## Redirect back to Discourse
url = '%s/session/sso_login' % settings.DISCOURSE_URL
return redirect('%s?%s' % (url, query_string))

0
services/modules/example/__init__.py Normal file
View File

7
services/modules/example/apps.py Normal file
View File

@@ -0,0 +1,7 @@
from __future__ import unicode_literals
from django.apps import AppConfig
class ExampleServiceConfig(AppConfig):
name = 'example_service'

44
services/modules/example/auth_hooks.py Normal file
View File

@@ -0,0 +1,44 @@
from __future__ import unicode_literals
from django.template.loader import render_to_string
from services.hooks import ServicesHook
from alliance_auth import hooks
from .urls import urlpatterns
class ExampleService(ServicesHook):
def __init__(self):
ServicesHook.__init__(self)
self.urlpatterns = urlpatterns
self.service_url = 'http://exampleservice.example.com'
"""
Overload base methods here to implement functionality
"""
def render_services_ctrl(self, request):
"""
Example for rendering the service control panel row
You can override the default template and create a
custom one if you wish.
:param request:
:return:
"""
urls = self.Urls()
urls.auth_activate = 'auth_example_activate'
urls.auth_deactivate = 'auth_example_deactivate'
urls.auth_reset_password = 'auth_example_reset_password'
urls.auth_set_password = 'auth_example_set_password'
return render_to_string(self.service_ctrl_template, {
'service_name': self.title,
'urls': urls,
'service_url': self.service_url,
'username': 'example username'
}, request=request)
@hooks.register('services_hook')
def register_service():
return ExampleService()

16
services/modules/example/models.py Normal file
View File

@@ -0,0 +1,16 @@
from __future__ import unicode_literals
from django.utils.encoding import python_2_unicode_compatible
from django.contrib.auth.models import User
from django.db import models
@python_2_unicode_compatible
class ExampleUser(models.Model):
user = models.OneToOneField(User,
primary_key=True,
on_delete=models.CASCADE,
related_name='example')
username = models.CharField(max_length=254)
def __str__(self):
return self.username

10
services/modules/example/urls.py Normal file
View File

@@ -0,0 +1,10 @@
from __future__ import unicode_literals
from django.conf.urls import url, include
module_urls = [
# Add your module URLs here
]
urlpatterns = [
url(r'^example/', include(module_urls)),
]

1
services/modules/example/views.py Normal file
View File

@@ -0,0 +1 @@
# Add your Views here

0
services/modules/ipboard/__init__.py Normal file
View File

10
services/modules/ipboard/admin.py Normal file
View File

@@ -0,0 +1,10 @@
from __future__ import unicode_literals
from django.contrib import admin
from .models import IpboardUser
class IpboardUserAdmin(admin.ModelAdmin):
list_display = ('user', 'username')
search_fields = ('user__username', 'username')
admin.site.register(IpboardUser, IpboardUserAdmin)

7
services/modules/ipboard/apps.py Normal file
View File

@@ -0,0 +1,7 @@
from __future__ import unicode_literals
from django.apps import AppConfig
class IpboardServiceConfig(AppConfig):
name = 'ipboard'

68
services/modules/ipboard/auth_hooks.py Normal file
View File

@@ -0,0 +1,68 @@
from __future__ import unicode_literals
from django.conf import settings
from django.template.loader import render_to_string
from services.hooks import ServicesHook
from alliance_auth import hooks
from .urls import urlpatterns
from .tasks import IpboardTasks
import logging
logger = logging.getLogger(__name__)
class IpboardService(ServicesHook):
def __init__(self):
ServicesHook.__init__(self)
self.name = 'ipboard'
self.service_url = settings.IPBOARD_ENDPOINT
self.urlpatterns = urlpatterns
@property
def title(self):
return 'IPBoard Forums'
def delete_user(self, user, notify_user=False):
logger.debug('Deleting user %s %s account' % (user, self.name))
return IpboardTasks.delete_user(user, notify_user=notify_user)
def update_groups(self, user):
logger.debug("Updating %s groups for %s" % (self.name, user))
if IpboardTasks.has_account(user):
IpboardTasks.update_groups.delay(user.pk)
def validate_user(self, user):
logger.debug('Validating user %s %s account' % (user, self.name))
if IpboardTasks.has_account(user) and not self.service_active_for_user(user):
self.delete_user(user, notify_user=True)
def update_all_groups(self):
logger.debug('Update all %s groups called' % self.name)
IpboardTasks.update_all_groups.delay()
def service_enabled_members(self):
return settings.ENABLE_AUTH_IPBOARD or False
def service_enabled_blues(self):
return settings.ENABLE_BLUE_IPBOARD or False
def render_services_ctrl(self, request):
urls = self.Urls()
urls.auth_activate = 'auth_activate_ipboard'
urls.auth_deactivate = 'auth_deactivate_ipboard'
urls.auth_reset_password = 'auth_reset_ipboard_password'
urls.auth_set_password = 'auth_set_ipboard_password'
return render_to_string(self.service_ctrl_template, {
'service_name': self.title,
'urls': urls,
'service_url': self.service_url,
'username': request.user.ipboard.username if IpboardTasks.has_account(request.user) else '',
}, request=request)
@hooks.register('services_hook')
def register_service():
return IpboardService()

161
services/modules/ipboard/manager.py Executable file
View File

@@ -0,0 +1,161 @@
from __future__ import unicode_literals
import random
import string
import re
from hashlib import md5
try:
from xmlrpclib import Server
except ImportError:
# python 3
from xmlrpc import server as Server
from django.conf import settings
import logging
logger = logging.getLogger(__name__)
class IPBoardManager:
def __init__(self):
pass
@staticmethod
def __santatize_username(username):
sanatized = username.replace(" ", "_")
return sanatized.lower()
@staticmethod
def __generate_random_pass():
return ''.join([random.choice(string.ascii_letters + string.digits) for n in range(16)])
@staticmethod
def _gen_pwhash(password):
return md5(password.encode('utf-8')).hexdigest()
@staticmethod
def _sanitize_groupname(name):
name = name.strip(' _')
return re.sub('[^\w.-]', '', name)
@staticmethod
def exec_xmlrpc(func, **kwargs):
""" Send a XMLRPC request """
try:
server = Server(settings.IPBOARD_ENDPOINT, verbose=False)
params = {}
for i in kwargs:
params[i] = kwargs[i]
params['api_key'] = settings.IPBOARD_APIKEY
params['api_module'] = settings.IPBOARD_APIMODULE
return getattr(server, func)(params)
except:
return {}
@classmethod
def add_user(cls, username, email):
""" Add user to service """
sanatized = str(IPBoardManager.__santatize_username(username))
logger.debug("Adding user to IPBoard with username %s" % sanatized)
plain_password = IPBoardManager.__generate_random_pass()
password = cls._gen_pwhash(plain_password)
IPBoardManager.exec_xmlrpc('createUser', username=sanatized, email=str(email), display_name=sanatized,
md5_passwordHash=password)
logger.info("Added IPBoard user with username %s" % sanatized)
return sanatized, plain_password
@staticmethod
def delete_user(username):
""" Delete user """
IPBoardManager.exec_xmlrpc('deleteUser', username=username)
logger.info("Deleted IPBoard user with username %s" % username)
return username
@staticmethod
def disable_user(username):
""" Disable user """
IPBoardManager.exec_xmlrpc('disableUser', username=username)
logger.info("Disabled IPBoard user with username %s" % username)
return username
@classmethod
def update_user(cls, username, email, password):
""" Add user to service """
password = cls._gen_pwhash(password)
logger.debug("Updating IPBoard username %s with email %s and password hash starting with %s" % (
username, email, password[0:5]))
IPBoardManager.exec_xmlrpc('updateUser', username=username, email=email, md5_passwordHash=password)
logger.info("Updated IPBoard user with username %s" % username)
return username
@staticmethod
def get_all_groups():
groups = []
ret = IPBoardManager.exec_xmlrpc('getAllGroups')
for group in ret:
groups.append(group["g_title"])
logger.debug("Retrieved group list from IPBoard: %s" % groups)
return groups
@staticmethod
def get_user_groups(username):
groups = []
ret = IPBoardManager.exec_xmlrpc('getUserGroups', username=username)
if type(ret) is list:
for group in ret:
groups.append(group["g_title"])
logger.debug("Got user %s IPBoard groups %s" % (username, groups))
return groups
@staticmethod
def add_group(group):
ret = IPBoardManager.exec_xmlrpc('addGroup', group=group)
logger.info("Added IPBoard group %s" % group)
return ret
@staticmethod
def add_user_to_group(username, group):
ret = IPBoardManager.exec_xmlrpc('addUserToGroup', username=username, group=group)
logger.info("Added IPBoard user %s to group %s" % (username, group))
return ret
@staticmethod
def remove_user_from_group(username, group):
ret = IPBoardManager.exec_xmlrpc('removeUserFromGroup', username=username, group=group)
logger.info("Removed IPBoard user %s from group %s" % (username, group))
return ret
@staticmethod
def help_me():
ret = IPBoardManager.exec_xmlrpc('helpMe')
return ret
@staticmethod
def update_groups(username, groups):
logger.debug("Updating IPBoard user %s with groups %s" % (username, groups))
forum_groups = IPBoardManager.get_all_groups()
user_groups = set(IPBoardManager.get_user_groups(username))
act_groups = set([IPBoardManager._sanitize_groupname(g) for g in groups])
addgroups = act_groups - user_groups
remgroups = user_groups - act_groups
logger.info("Updating IPBoard groups for user %s - adding %s, removing %s" % (username, addgroups, remgroups))
for g in addgroups:
if g not in forum_groups:
IPBoardManager.add_group(g)
logger.debug("Adding user %s to IPBoard group %s" % (username, g))
IPBoardManager.add_user_to_group(username, g)
for g in remgroups:
logger.debug("Removing user %s from IPBoard group %s" % (username, g))
IPBoardManager.remove_user_from_group(username, g)
@staticmethod
def update_user_password(username, email, plain_password=None):
logger.debug("Settings new IPBoard password for user %s" % username)
if not plain_password:
plain_password = IPBoardManager.__generate_random_pass()
IPBoardManager.update_user(username, email, plain_password)
return plain_password

26
services/modules/ipboard/migrations/0001_initial.py Normal file
View File

@@ -0,0 +1,26 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.2 on 2016-12-12 03:27
from __future__ import unicode_literals
from django.conf import settings
from django.db import migrations, models
import django.db.models.deletion
class Migration(migrations.Migration):
initial = True
dependencies = [
('auth', '0008_alter_user_username_max_length'),
]
operations = [
migrations.CreateModel(
name='IpboardUser',
fields=[
('user', models.OneToOneField(on_delete=django.db.models.deletion.CASCADE, primary_key=True, related_name='ipboard', serialize=False, to=settings.AUTH_USER_MODEL)),
('username', models.CharField(max_length=254)),
],
),
]

0
services/modules/ipboard/migrations/__init__.py Normal file
View File

16
services/modules/ipboard/models.py Normal file
View File

@@ -0,0 +1,16 @@
from __future__ import unicode_literals
from django.utils.encoding import python_2_unicode_compatible
from django.contrib.auth.models import User
from django.db import models
@python_2_unicode_compatible
class IpboardUser(models.Model):
user = models.OneToOneField(User,
primary_key=True,
on_delete=models.CASCADE,
related_name='ipboard')
username = models.CharField(max_length=254)
def __str__(self):
return self.username

73
services/modules/ipboard/tasks.py Normal file
View File

@@ -0,0 +1,73 @@
from __future__ import unicode_literals
from alliance_auth.celeryapp import app
from django.conf import settings
from django.contrib.auth.models import User
from django.core.exceptions import ObjectDoesNotExist
from notifications import notify
from .manager import IPBoardManager
from .models import IpboardUser
import logging
logger = logging.getLogger(__name__)
class IpboardTasks:
def __init__(self):
pass
@classmethod
def delete_user(cls, user, notify_user=False):
if cls.has_account(user):
if IPBoardManager.disable_user(user.ipboard.username):
user.ipboard.delete()
if notify_user:
notify(user, 'IPBoard Account Disabled', level='danger')
return True
return False
@staticmethod
def has_account(user):
try:
return user.ipboard.username != ''
except ObjectDoesNotExist:
return False
@staticmethod
@app.task(bind=True)
def update_groups(self, pk):
user = User.objects.get(pk=pk)
logger.debug("Updating user %s ipboard groups." % user)
groups = []
for group in user.groups.all():
groups.append(str(group.name))
if len(groups) == 0:
groups.append('empty')
logger.debug("Updating user %s ipboard groups to %s" % (user, groups))
try:
IPBoardManager.update_groups(user.ipboard.username, groups)
except:
logger.exception("IPBoard group sync failed for %s, retrying in 10 mins" % user)
raise self.retry(countdown=60 * 10)
logger.debug("Updated user %s ipboard groups." % user)
@staticmethod
@app.task
def update_all_groups():
logger.debug("Updating ALL ipboard groups")
for ipboard_user in IpboardUser.objects.exclude(username__exact=''):
IpboardTasks.update_groups.delay(ipboard_user.user.pk)
@staticmethod
@app.task
def disable():
if settings.ENABLE_AUTH_IPBOARD:
logger.warn(
"ENABLE_AUTH_IPBOARD still True, after disabling users will still be able to create IPBoard accounts")
if settings.ENABLE_BLUE_IPBOARD:
logger.warn(
"ENABLE_BLUE_IPBOARD still True, after disabling blues will still be able to create IPBoard accounts")
logger.debug("Deleting all Ipboard Users")
IpboardUser.objects.all().delete()

207
services/modules/ipboard/tests.py Normal file
View File

@@ -0,0 +1,207 @@
from __future__ import unicode_literals
try:
# Py3
from unittest import mock
except ImportError:
# Py2
import mock
from django.test import TestCase, RequestFactory
from django.conf import settings
from django.contrib.auth.models import User
from django import urls
from django.core.exceptions import ObjectDoesNotExist
from alliance_auth.tests.auth_utils import AuthUtils
from .auth_hooks import IpboardService
from .models import IpboardUser
from .tasks import IpboardTasks
from .manager import IPBoardManager
MODULE_PATH = 'services.modules.ipboard'
class IpboardHooksTestCase(TestCase):
def setUp(self):
self.member = 'member_user'
member = AuthUtils.create_member(self.member)
IpboardUser.objects.create(user=member, username=self.member)
self.blue = 'blue_user'
blue = AuthUtils.create_blue(self.blue)
IpboardUser.objects.create(user=blue, username=self.blue)
self.none_user = 'none_user'
none_user = AuthUtils.create_user(self.none_user)
self.service = IpboardService
def test_has_account(self):
member = User.objects.get(username=self.member)
blue = User.objects.get(username=self.blue)
none_user = User.objects.get(username=self.none_user)
self.assertTrue(IpboardTasks.has_account(member))
self.assertTrue(IpboardTasks.has_account(blue))
self.assertFalse(IpboardTasks.has_account(none_user))
def test_service_enabled(self):
service = self.service()
member = User.objects.get(username=self.member)
blue = User.objects.get(username=self.blue)
none_user = User.objects.get(username=self.none_user)
self.assertTrue(service.service_enabled_members())
self.assertTrue(service.service_enabled_blues())
self.assertEqual(service.service_active_for_user(member), settings.ENABLE_AUTH_IPBOARD)
self.assertEqual(service.service_active_for_user(blue), settings.ENABLE_BLUE_IPBOARD)
self.assertFalse(service.service_active_for_user(none_user))
@mock.patch(MODULE_PATH + '.tasks.IPBoardManager')
def test_update_all_groups(self, manager):
service = self.service()
service.update_all_groups()
# Check member and blue user have groups updated
self.assertTrue(manager.update_groups.called)
self.assertEqual(manager.update_groups.call_count, 2)
def test_update_groups(self):
# Check member has Member group updated
with mock.patch(MODULE_PATH + '.tasks.IPBoardManager') as manager:
service = self.service()
member = User.objects.get(username=self.member)
service.update_groups(member)
self.assertTrue(manager.update_groups.called)
# Check none user does not have groups updated
with mock.patch(MODULE_PATH + '.tasks.IPBoardManager') as manager:
service = self.service()
none_user = User.objects.get(username=self.none_user)
service.update_groups(none_user)
self.assertFalse(manager.update_groups.called)
@mock.patch(MODULE_PATH + '.tasks.IPBoardManager')
def test_validate_user(self, manager):
service = self.service()
# Test member is not deleted
member = User.objects.get(username=self.member)
service.validate_user(member)
self.assertTrue(User.objects.get(username=self.member).ipboard)
# Test none user is deleted
none_user = User.objects.get(username=self.none_user)
IpboardUser.objects.create(user=none_user, username='none_user')
service.validate_user(none_user)
self.assertTrue(manager.disable_user.called)
with self.assertRaises(ObjectDoesNotExist):
none_ipboard = User.objects.get(username=self.none_user).ipboard
@mock.patch(MODULE_PATH + '.tasks.IPBoardManager')
def test_delete_user(self, manager):
member = User.objects.get(username=self.member)
service = self.service()
result = service.delete_user(member)
self.assertTrue(result)
self.assertTrue(manager.disable_user.called)
with self.assertRaises(ObjectDoesNotExist):
Ipboard_user = User.objects.get(username=self.member).ipboard
def test_render_services_ctrl(self):
service = self.service()
member = User.objects.get(username=self.member)
request = RequestFactory().get('/en/services/')
request.user = member
response = service.render_services_ctrl(request)
self.assertTemplateUsed(service.service_ctrl_template)
self.assertIn('/ipboard/set_password/', response)
self.assertIn('/ipboard/reset_password/', response)
self.assertIn('/ipboard/deactivate/', response)
# Test register becomes available
member.ipboard.delete()
member = User.objects.get(username=self.member)
request.user = member
response = service.render_services_ctrl(request)
self.assertIn('/ipboard/activate/', response)
class IpboardViewsTestCase(TestCase):
def setUp(self):
self.member = AuthUtils.create_member('auth_member')
self.member.set_password('password')
self.member.email = 'auth_member@example.com'
self.member.save()
AuthUtils.add_main_character(self.member, 'auth_member', '12345', corp_id='111', corp_name='Test Corporation')
def login(self):
self.client.login(username=self.member.username, password='password')
@mock.patch(MODULE_PATH + '.views.IPBoardManager')
def test_activate(self, manager):
self.login()
expected_username = 'auth_member'
expected_password = 'abc123'
manager.add_user.return_value = (expected_username, expected_password)
response = self.client.get(urls.reverse('auth_activate_ipboard'), follow=False)
self.assertEqual(response.status_code, 200)
self.assertContains(response, expected_username)
self.assertContains(response, expected_password)
self.assertTrue(manager.add_user.called)
args, kwargs = manager.add_user.call_args
self.assertEqual(args[0], 'auth_member') # Character name
self.assertEqual(args[1], self.member.email)
self.assertEqual(self.member.ipboard.username, expected_username)
@mock.patch(MODULE_PATH + '.tasks.IPBoardManager')
def test_deactivate(self, manager):
self.login()
IpboardUser.objects.create(user=self.member, username='12345')
manager.disable_user.return_value = True
response = self.client.get(urls.reverse('auth_deactivate_ipboard'))
self.assertTrue(manager.disable_user.called)
self.assertRedirects(response, expected_url=urls.reverse('auth_services'), target_status_code=200)
with self.assertRaises(ObjectDoesNotExist):
ipboard_user = User.objects.get(pk=self.member.pk).ipboard
@mock.patch(MODULE_PATH + '.views.IPBoardManager')
def test_set_password(self, manager):
self.login()
IpboardUser.objects.create(user=self.member, username='12345')
expected_password = 'password'
manager.update_user_password.return_value = expected_password
response = self.client.post(urls.reverse('auth_set_ipboard_password'), data={'password': expected_password})
self.assertTrue(manager.update_user_password.called)
args, kwargs = manager.update_user_password.call_args
self.assertEqual(kwargs['plain_password'], expected_password)
self.assertRedirects(response, expected_url=urls.reverse('auth_services'), target_status_code=200)
@mock.patch(MODULE_PATH + '.views.IPBoardManager')
def test_reset_password(self, manager):
self.login()
IpboardUser.objects.create(user=self.member, username='12345')
response = self.client.get(urls.reverse('auth_reset_ipboard_password'))
self.assertTrue(manager.update_user_password.called)
self.assertTemplateUsed(response, 'registered/service_credentials.html')
class IpboardManagerTestCase(TestCase):
def setUp(self):
self.manager = IPBoardManager
def test_generate_random_password(self):
password = self.manager._IPBoardManager__generate_random_pass()
self.assertEqual(len(password), 16)
self.assertIsInstance(password, type(''))
def test_gen_pwhash(self):
pwhash = self.manager._gen_pwhash('test')
self.assertEqual(pwhash, '098f6bcd4621d373cade4e832627b4f6')

16
services/modules/ipboard/urls.py Normal file
View File

@@ -0,0 +1,16 @@
from __future__ import unicode_literals
from django.conf.urls import url, include
from . import views
module_urls = [
# Ipboard service control
url(r'^activate/$', views.activate_ipboard_forum, name='auth_activate_ipboard'),
url(r'^deactivate/$', views.deactivate_ipboard_forum, name='auth_deactivate_ipboard'),
url(r'^reset_password/$', views.reset_ipboard_password, name='auth_reset_ipboard_password'),
url(r'^set_password/$', views.set_ipboard_password, name='auth_set_ipboard_password'),
]
urlpatterns = [
url(r'^ipboard/', include(module_urls))
]

110
services/modules/ipboard/views.py Normal file
View File

@@ -0,0 +1,110 @@
from __future__ import unicode_literals
from django.contrib import messages
from django.contrib.auth.decorators import login_required
from django.shortcuts import render, redirect
from authentication.decorators import members_and_blues
from services.forms import ServicePasswordForm
from eveonline.managers import EveManager
from .manager import IPBoardManager
from .tasks import IpboardTasks
from .models import IpboardUser
import logging
logger = logging.getLogger(__name__)
@login_required
@members_and_blues()
def activate_ipboard_forum(request):
logger.debug("activate_ipboard_forum called by user %s" % request.user)
character = EveManager.get_main_character(request.user)
logger.debug("Adding ipboard user for user %s with main character %s" % (request.user, character))
result = IPBoardManager.add_user(character.character_name, request.user.email)
if result[0] != "":
ipboard_user = IpboardUser()
ipboard_user.user = request.user
ipboard_user.username = result[0]
ipboard_user.save()
logger.debug("Updated authserviceinfo for user %s with ipboard credentials. Updating groups." % request.user)
IpboardTasks.update_groups.delay(request.user.pk)
logger.info("Successfully activated ipboard for user %s" % request.user)
messages.success(request, 'Activated IPBoard account.')
credentials = {
'username': result[0],
'password': result[1],
}
return render(request, 'registered/service_credentials.html',
context={'credentials': credentials, 'service': 'IPBoard'})
else:
logger.error("Unsuccessful attempt to activate ipboard for user %s" % request.user)
messages.error(request, 'An error occurred while processing your IPBoard account.')
return redirect("auth_services")
@login_required
@members_and_blues()
def deactivate_ipboard_forum(request):
logger.debug("deactivate_ipboard_forum called by user %s" % request.user)
# false we failed
if IpboardTasks.delete_user(request.user):
logger.info("Successfully deactivated ipboard for user %s" % request.user)
messages.success(request, 'Deactivated IPBoard account.')
else:
logger.error("Unsuccessful attempt to deactviate ipboard for user %s" % request.user)
messages.error(request, 'An error occurred while processing your IPBoard account.')
return redirect("auth_services")
@login_required
@members_and_blues()
def set_ipboard_password(request):
logger.debug("set_ipboard_password called by user %s" % request.user)
error = None
if request.method == 'POST':
logger.debug("Received POST request with form.")
form = ServicePasswordForm(request.POST)
logger.debug("Form is valid: %s" % form.is_valid())
if form.is_valid() and IpboardTasks.has_account(request.user):
password = form.cleaned_data['password']
logger.debug("Form contains password of length %s" % len(password))
result = IPBoardManager.update_user_password(request.user.ipboard.username, request.user.email,
plain_password=password)
if result != "":
logger.info("Successfully set IPBoard password for user %s" % request.user)
messages.success(request, 'Set IPBoard password.')
else:
logger.error("Failed to install custom ipboard password for user %s" % request.user)
messages.error(request, 'An error occurred while processing your IPBoard account.')
return redirect("auth_services")
else:
logger.debug("Request is not type POST - providing empty form.")
form = ServicePasswordForm()
logger.debug("Rendering form for user %s" % request.user)
context = {'form': form, 'service': 'IPBoard', 'error': error}
return render(request, 'registered/service_password.html', context=context)
@login_required
@members_and_blues()
def reset_ipboard_password(request):
logger.debug("reset_ipboard_password called by user %s" % request.user)
if IpboardTasks.has_account(request.user):
result = IPBoardManager.update_user_password(request.user.ipboard.username, request.user.email)
if result != "":
logger.info("Successfully reset ipboard password for user %s" % request.user)
messages.success(request, 'Reset IPBoard password.')
credentials = {
'username': request.user.ipboard.username,
'password': result,
}
return render(request, 'registered/service_credentials.html',
context={'credentials': credentials, 'service': 'IPBoard'})
logger.error("Unsuccessful attempt to reset ipboard password for user %s" % request.user)
messages.error(request, 'An error occurred while processing your IPBoard account.')
return redirect("auth_services")

0
services/modules/ips4/__init__.py Normal file
View File

10
services/modules/ips4/admin.py Normal file
View File

@@ -0,0 +1,10 @@
from __future__ import unicode_literals
from django.contrib import admin
from .models import Ips4User
class Ips4UserAdmin(admin.ModelAdmin):
list_display = ('user', 'username', 'id')
search_fields = ('user__username', 'username', 'id')
admin.site.register(Ips4User, Ips4UserAdmin)

7
services/modules/ips4/apps.py Normal file
View File

@@ -0,0 +1,7 @@
from __future__ import unicode_literals
from django.apps import AppConfig
class Ips4ServiceConfig(AppConfig):
name = 'ips4'

53
services/modules/ips4/auth_hooks.py Normal file
View File

@@ -0,0 +1,53 @@
from __future__ import unicode_literals
from django.conf import settings
from django.template.loader import render_to_string
from services.hooks import ServicesHook
from alliance_auth import hooks
from .urls import urlpatterns
from .tasks import Ips4Tasks
class Ips4Service(ServicesHook):
def __init__(self):
ServicesHook.__init__(self)
self.name = 'ips4'
self.urlpatterns = urlpatterns
self.service_url = settings.IPS4_URL
@property
def title(self):
return 'IPS4'
def service_enabled_members(self):
return settings.ENABLE_AUTH_IPS4 or False
def service_enabled_blues(self):
return settings.ENABLE_BLUE_IPS4 or False
def render_services_ctrl(self, request):
"""
Example for rendering the service control panel row
You can override the default template and create a
custom one if you wish.
:param request:
:return:
"""
urls = self.Urls()
urls.auth_activate = 'auth_activate_ips4'
urls.auth_deactivate = 'auth_deactivate_ips4'
urls.auth_reset_password = 'auth_reset_ips4_password'
urls.auth_set_password = 'auth_set_ips4_password'
return render_to_string(self.service_ctrl_template, {
'service_name': self.title,
'urls': urls,
'service_url': self.service_url,
'username': request.user.ips4.username if Ips4Tasks.has_account(request.user) else ''
}, request=request)
@hooks.register('services_hook')
def register_service():
return Ips4Service()

108
services/modules/ips4/manager.py Normal file
View File

@@ -0,0 +1,108 @@
from __future__ import unicode_literals
import logging
import random
import string
import re
from django.db import connections
from passlib.hash import bcrypt
logger = logging.getLogger(__name__)
class Ips4Manager:
SQL_ADD_USER = r"INSERT INTO core_members (name, email, members_pass_hash, members_pass_salt, " \
r"member_group_id) VALUES (%s, %s, %s, %s, %s)"
SQL_GET_ID = r"SELECT member_id FROM core_members WHERE name = %s"
SQL_UPDATE_PASSWORD = r"UPDATE core_members SET members_pass_hash = %s, members_pass_salt = %s WHERE name = %s"
SQL_DEL_USER = r"DELETE FROM core_members WHERE member_id = %s"
MEMBER_GROUP_ID = 3
@classmethod
def add_user(cls, username, email):
logger.debug("Adding new IPS4 user %s" % username)
plain_password = cls.__generate_random_pass()
hash = cls._gen_pwhash(plain_password)
salt = cls._get_salt(hash)
group = cls.MEMBER_GROUP_ID
cursor = connections['ips4'].cursor()
cursor.execute(cls.SQL_ADD_USER, [username, email, hash, salt, group])
member_id = cls.get_user_id(username)
return username, plain_password, member_id
@staticmethod
def get_user_id(username):
cursor = connections['ips4'].cursor()
cursor.execute(Ips4Manager.SQL_GET_ID, [username])
row = cursor.fetchone()
if row is not None:
logger.debug("Got user id %s for username %s" % (row[0], username))
return row[0]
else:
logger.error("username %s not found. Unable to determine id." % username)
return None
@staticmethod
def __generate_random_pass():
return ''.join([random.choice(string.ascii_letters + string.digits) for n in range(16)])
@staticmethod
def _gen_pwhash(password):
return bcrypt.encrypt(password.encode('utf-8'), rounds=13)
@staticmethod
def _get_salt(pw_hash):
search = re.compile(r"^\$2[a-z]?\$([0-9]+)\$(.{22})(.{31})$")
match = re.match(search, pw_hash)
return match.group(2)
@staticmethod
def delete_user(id):
logger.debug("Deleting IPS4 user id %s" % id)
try:
cursor = connections['ips4'].cursor()
cursor.execute(Ips4Manager.SQL_DEL_USER, [id])
logger.info("Deleted IPS4 user %s" % id)
return True
except:
logger.exception("Failed to delete IPS4 user id %s" % id)
return False
@classmethod
def update_user_password(cls, username):
logger.debug("Updating IPS4 user id %s password" % id)
if cls.check_user(username):
plain_password = Ips4Manager.__generate_random_pass()
hash = cls._gen_pwhash(plain_password)
salt = cls._get_salt(hash)
cursor = connections['ips4'].cursor()
cursor.execute(cls.SQL_UPDATE_PASSWORD, [hash, salt, username])
return plain_password
else:
logger.error("Unable to update ips4 user %s password" % username)
return ""
@staticmethod
def check_user(username):
logger.debug("Checking IPS4 username %s" % username)
cursor = connections['ips4'].cursor()
cursor.execute(Ips4Manager.SQL_GET_ID, [username])
row = cursor.fetchone()
if row:
logger.debug("Found user %s on IPS4" % username)
return True
logger.debug("User %s not found on IPS4" % username)
return False
@classmethod
def update_custom_password(cls, username, plain_password):
logger.debug("Updating IPS4 user id %s password" % id)
if cls.check_user(username):
hash = cls._gen_pwhash(plain_password)
salt = cls._get_salt(hash)
cursor = connections['ips4'].cursor()
cursor.execute(cls.SQL_UPDATE_PASSWORD, [hash, salt, username])
return plain_password
else:
logger.error("Unable to update ips4 user %s password" % username)
return ""

27
services/modules/ips4/migrations/0001_initial.py Normal file
View File

@@ -0,0 +1,27 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.2 on 2016-12-12 03:27
from __future__ import unicode_literals
from django.conf import settings
from django.db import migrations, models
import django.db.models.deletion
class Migration(migrations.Migration):
initial = True
dependencies = [
('auth', '0008_alter_user_username_max_length'),
]
operations = [
migrations.CreateModel(
name='Ips4User',
fields=[
('user', models.OneToOneField(on_delete=django.db.models.deletion.CASCADE, primary_key=True, related_name='ips4', serialize=False, to=settings.AUTH_USER_MODEL)),
('username', models.CharField(max_length=254)),
('id', models.CharField(max_length=254)),
],
),
]

0
services/modules/ips4/migrations/__init__.py Normal file
View File

17
services/modules/ips4/models.py Normal file
View File

@@ -0,0 +1,17 @@
from __future__ import unicode_literals
from django.utils.encoding import python_2_unicode_compatible
from django.contrib.auth.models import User
from django.db import models
@python_2_unicode_compatible
class Ips4User(models.Model):
user = models.OneToOneField(User,
primary_key=True,
on_delete=models.CASCADE,
related_name='ips4')
username = models.CharField(max_length=254)
id = models.CharField(max_length=254)
def __str__(self):
return self.username

43
services/modules/ips4/tasks.py Normal file
View File

@@ -0,0 +1,43 @@
from __future__ import unicode_literals, absolute_import
from django.conf import settings
from django.core.exceptions import ObjectDoesNotExist
from .manager import Ips4Manager
from .models import Ips4User
import logging
logger = logging.getLogger(__name__)
class Ips4Tasks:
def __init__(self):
pass
@classmethod
def delete_user(cls, user):
logging.debug("Attempting to delete IPS4 account for %s" % user)
if cls.has_account(user) and Ips4Manager.delete_user(user.ips4.id):
user.ips4.delete()
logger.info("Successfully deactivated IPS4 for user %s" % user)
return True
return False
@staticmethod
def has_account(user):
try:
return user.ips4.id != ''
except ObjectDoesNotExist:
return False
@staticmethod
def disable():
if settings.ENABLE_AUTH_IPS4:
logger.warn(
"ENABLE_AUTH_IPS4 still True, after disabling users will still be able to create IPS4 accounts")
if settings.ENABLE_BLUE_IPS4:
logger.warn(
"ENABLE_BLUE_IPS4 still True, after disabling blues will still be able to create IPS4 accounts")
logging.debug("Deleting all IPS4 users")
Ips4User.objects.all().delete()

164
services/modules/ips4/tests.py Normal file
View File

@@ -0,0 +1,164 @@
from __future__ import unicode_literals
try:
# Py3
from unittest import mock
except ImportError:
# Py2
import mock
from django.test import TestCase, RequestFactory
from django.conf import settings
from django import urls
from django.contrib.auth.models import User
from django.core.exceptions import ObjectDoesNotExist
from alliance_auth.tests.auth_utils import AuthUtils
from .auth_hooks import Ips4Service
from .models import Ips4User
from .tasks import Ips4Tasks
MODULE_PATH = 'services.modules.ips4'
class Ips4HooksTestCase(TestCase):
def setUp(self):
self.member = 'member_user'
member = AuthUtils.create_member(self.member)
Ips4User.objects.create(user=member, id='12345', username=self.member)
self.blue = 'blue_user'
blue = AuthUtils.create_blue(self.blue)
Ips4User.objects.create(user=blue, id='67891', username=self.blue)
self.none_user = 'none_user'
none_user = AuthUtils.create_user(self.none_user)
self.service = Ips4Service
def test_has_account(self):
member = User.objects.get(username=self.member)
blue = User.objects.get(username=self.blue)
none_user = User.objects.get(username=self.none_user)
self.assertTrue(Ips4Tasks.has_account(member))
self.assertTrue(Ips4Tasks.has_account(blue))
self.assertFalse(Ips4Tasks.has_account(none_user))
def test_service_enabled(self):
service = self.service()
member = User.objects.get(username=self.member)
blue = User.objects.get(username=self.blue)
none_user = User.objects.get(username=self.none_user)
self.assertTrue(service.service_enabled_members())
self.assertTrue(service.service_enabled_blues())
self.assertEqual(service.service_active_for_user(member), settings.ENABLE_AUTH_IPS4)
self.assertEqual(service.service_active_for_user(blue), settings.ENABLE_BLUE_IPS4)
self.assertFalse(service.service_active_for_user(none_user))
def test_render_services_ctrl(self):
service = self.service()
member = User.objects.get(username=self.member)
request = RequestFactory().get('/en/services/')
request.user = member
response = service.render_services_ctrl(request)
self.assertTemplateUsed(service.service_ctrl_template)
self.assertIn(urls.reverse('auth_set_ips4_password'), response)
self.assertIn(urls.reverse('auth_reset_ips4_password'), response)
self.assertIn(urls.reverse('auth_deactivate_ips4'), response)
# Test register becomes available
member.ips4.delete()
member = User.objects.get(username=self.member)
request.user = member
response = service.render_services_ctrl(request)
self.assertIn(urls.reverse('auth_activate_ips4'), response)
class Ips4ViewsTestCase(TestCase):
def setUp(self):
self.member = AuthUtils.create_member('auth_member')
self.member.set_password('password')
self.member.email = 'auth_member@example.com'
self.member.save()
AuthUtils.add_main_character(self.member, 'auth_member', '12345', corp_id='111', corp_name='Test Corporation')
def login(self):
self.client.login(username=self.member.username, password='password')
@mock.patch(MODULE_PATH + '.views.Ips4Manager')
def test_activate(self, manager):
self.login()
expected_username = 'auth_member'
expected_password = 'password'
expected_id = '1234'
manager.add_user.return_value = (expected_username, expected_password, expected_id)
response = self.client.get(urls.reverse('auth_activate_ips4'), follow=False)
self.assertTrue(manager.add_user.called)
args, kwargs = manager.add_user.call_args
self.assertEqual(args[0], expected_username)
self.assertEqual(args[1], self.member.email)
self.assertTemplateUsed(response, 'registered/service_credentials.html')
self.assertContains(response, expected_username)
self.assertContains(response, expected_password)
@mock.patch(MODULE_PATH + '.tasks.Ips4Manager')
def test_deactivate(self, manager):
self.login()
Ips4User.objects.create(user=self.member, username='12345', id='1234')
manager.delete_user.return_value = True
response = self.client.get(urls.reverse('auth_deactivate_ips4'))
self.assertTrue(manager.delete_user.called)
self.assertRedirects(response, expected_url=urls.reverse('auth_services'), target_status_code=200)
with self.assertRaises(ObjectDoesNotExist):
ips4_user = User.objects.get(pk=self.member.pk).ips4
@mock.patch(MODULE_PATH + '.views.Ips4Manager')
def test_set_password(self, manager):
self.login()
Ips4User.objects.create(user=self.member, username='12345', id='1234')
expected_password = 'password'
manager.update_user_password.return_value = expected_password
response = self.client.post(urls.reverse('auth_set_ips4_password'), data={'password': expected_password})
self.assertTrue(manager.update_custom_password.called)
args, kwargs = manager.update_custom_password.call_args
self.assertEqual(kwargs['plain_password'], expected_password)
self.assertRedirects(response, expected_url=urls.reverse('auth_services'), target_status_code=200)
@mock.patch(MODULE_PATH + '.views.Ips4Manager')
def test_reset_password(self, manager):
self.login()
Ips4User.objects.create(user=self.member, username='12345', id='1234')
response = self.client.get(urls.reverse('auth_reset_ips4_password'))
self.assertTrue(manager.update_user_password.called)
self.assertTemplateUsed(response, 'registered/service_credentials.html')
class Ips4ManagerTestCase(TestCase):
def setUp(self):
from .manager import Ips4Manager
self.manager = Ips4Manager
def test_generate_random_password(self):
password = self.manager._Ips4Manager__generate_random_pass()
self.assertEqual(len(password), 16)
self.assertIsInstance(password, type(''))
def test_gen_pwhash(self):
pwhash = self.manager._gen_pwhash('test')
salt = self.manager._get_salt(pwhash)
self.assertIsInstance(pwhash, str)
self.assertGreaterEqual(len(pwhash), 59)
self.assertIsInstance(salt, str)
self.assertEqual(len(salt), 22)

16
services/modules/ips4/urls.py Normal file
View File

@@ -0,0 +1,16 @@
from __future__ import unicode_literals
from django.conf.urls import url, include
from . import views
module_urls = [
# IPS4 Service Control
url(r'^activate/$', views.activate_ips4, name='auth_activate_ips4'),
url(r'^deactivate/$', views.deactivate_ips4, name='auth_deactivate_ips4'),
url(r'^reset_password/$', views.reset_ips4_password, name='auth_reset_ips4_password'),
url(r'^set_password/$', views.set_ips4_password, name='auth_set_ips4_password'),
]
urlpatterns = [
url(r'^ips4/', include(module_urls))
]

107
services/modules/ips4/views.py Normal file
View File

@@ -0,0 +1,107 @@
from __future__ import unicode_literals
from django.contrib import messages
from django.contrib.auth.decorators import login_required
from django.shortcuts import render, redirect
from authentication.decorators import members_and_blues
from eveonline.managers import EveManager
from services.forms import ServicePasswordForm
from .manager import Ips4Manager
from .models import Ips4User
from .tasks import Ips4Tasks
import logging
logger = logging.getLogger(__name__)
@login_required
@members_and_blues()
def activate_ips4(request):
logger.debug("activate_ips4 called by user %s" % request.user)
character = EveManager.get_main_character(request.user)
logger.debug("Adding IPS4 user for user %s with main character %s" % (request.user, character))
result = Ips4Manager.add_user(character.character_name, request.user.email)
# if empty we failed
if result[0] != "" and not Ips4Tasks.has_account(request.user):
ips_user = Ips4User.objects.create(user=request.user, id=result[2], username=result[0])
logger.debug("Updated authserviceinfo for user %s with IPS4 credentials." % request.user)
# update_ips4_groups.delay(request.user.pk)
logger.info("Successfully activated IPS4 for user %s" % request.user)
messages.success(request, 'Activated IPSuite4 account.')
credentials = {
'username': result[0],
'password': result[1],
}
return render(request, 'registered/service_credentials.html',
context={'credentials': credentials, 'service': 'IPSuite4'})
else:
logger.error("Unsuccessful attempt to activate IPS4 for user %s" % request.user)
messages.error(request, 'An error occurred while processing your IPSuite4 account.')
return redirect("auth_services")
@login_required
@members_and_blues()
def reset_ips4_password(request):
logger.debug("reset_ips4_password called by user %s" % request.user)
if Ips4Tasks.has_account(request.user):
result = Ips4Manager.update_user_password(request.user.ips4.username)
# false we failed
if result != "":
logger.info("Successfully reset IPS4 password for user %s" % request.user)
messages.success(request, 'Reset IPSuite4 password.')
credentials = {
'username': request.user.ips4.username,
'password': result,
}
return render(request, 'registered/service_credentials.html',
context={'credentials': credentials, 'service': 'IPSuite4'})
logger.error("Unsuccessful attempt to reset IPS4 password for user %s" % request.user)
messages.error(request, 'An error occurred while processing your IPSuite4 account.')
return redirect("auth_services")
@login_required
@members_and_blues()
def set_ips4_password(request):
logger.debug("set_ips4_password called by user %s" % request.user)
if request.method == 'POST':
logger.debug("Received POST request with form.")
form = ServicePasswordForm(request.POST)
logger.debug("Form is valid: %s" % form.is_valid())
if form.is_valid() and Ips4Tasks.has_account(request.user):
password = form.cleaned_data['password']
logger.debug("Form contains password of length %s" % len(password))
result = Ips4Manager.update_custom_password(request.user.ips4.username, plain_password=password)
if result != "":
logger.info("Successfully set IPS4 password for user %s" % request.user)
messages.success(request, 'Set IPSuite4 password.')
else:
logger.error("Failed to install custom IPS4 password for user %s" % request.user)
messages.error(request, 'An error occurred while processing your IPSuite4 account.')
return redirect('auth_services')
else:
logger.debug("Request is not type POST - providing empty form.")
form = ServicePasswordForm()
logger.debug("Rendering form for user %s" % request.user)
context = {'form': form, 'service': 'IPS4'}
return render(request, 'registered/service_password.html', context=context)
@login_required
@members_and_blues()
def deactivate_ips4(request):
logger.debug("deactivate_ips4 called by user %s" % request.user)
if Ips4Tasks.delete_user(request.user):
logger.info("Successfully deactivated IPS4 for user %s" % request.user)
messages.success(request, 'Deactivated IPSuite4 account.')
else:
logger.error("Unsuccessful attempt to deactivate IPS4 for user %s" % request.user)
messages.error(request, 'An error occurred while processing your IPSuite4 account.')
return redirect("auth_services")

0
services/modules/market/__init__.py Normal file
View File

10
services/modules/market/admin.py Normal file
View File

@@ -0,0 +1,10 @@
from __future__ import unicode_literals
from django.contrib import admin
from .models import MarketUser
class MarketUserAdmin(admin.ModelAdmin):
list_display = ('user', 'username')
search_fields = ('user__username', 'username')
admin.site.register(MarketUser, MarketUserAdmin)

7
services/modules/market/apps.py Normal file
View File

@@ -0,0 +1,7 @@
from __future__ import unicode_literals
from django.apps import AppConfig
class MarketServiceConfig(AppConfig):
name = 'market'

59
services/modules/market/auth_hooks.py Normal file
View File

@@ -0,0 +1,59 @@
from __future__ import unicode_literals
from django.conf import settings
from django.template.loader import render_to_string
from services.hooks import ServicesHook
from alliance_auth import hooks
from .urls import urlpatterns
from .tasks import MarketTasks
import logging
logger = logging.getLogger(__name__)
class MarketService(ServicesHook):
def __init__(self):
ServicesHook.__init__(self)
self.name = 'market'
self.urlpatterns = urlpatterns
self.service_url = settings.MARKET_URL
@property
def title(self):
return "Alliance Market"
def delete_user(self, user, notify_user=False):
logger.debug('Deleting user %s %s account' % (user, self.name))
return MarketTasks.delete_user(user, notify_user=notify_user)
def validate_user(self, user):
logger.debug('Validating user %s %s account' % (user, self.name))
if MarketTasks.has_account(user) and self.service_active_for_user(user):
self.delete_user(user)
def service_enabled_members(self):
return settings.ENABLE_AUTH_MARKET or False
def service_enabled_blues(self):
return settings.ENABLE_BLUE_MARKET or False
def render_services_ctrl(self, request):
urls = self.Urls()
urls.auth_activate = 'auth_activate_market'
urls.auth_deactivate = 'auth_deactivate_market'
urls.auth_reset_password = 'auth_reset_market_password'
urls.auth_set_password = 'auth_set_market_password'
return render_to_string(self.service_ctrl_template, {
'service_name': self.title,
'urls': urls,
'service_url': self.service_url,
'username': request.user.market.username if MarketTasks.has_account(request.user) else ''
}, request=request)
@hooks.register('services_hook')
def register_service():
return MarketService()

149
services/modules/market/manager.py Normal file
View File

@@ -0,0 +1,149 @@
from __future__ import unicode_literals
import logging
import random
import string
import re
from django.db import connections
from passlib.hash import bcrypt
# requires yum install libffi-devel and pip install bcrypt
logger = logging.getLogger(__name__)
class MarketManager:
def __init__(self):
pass
SQL_ADD_USER = r"INSERT INTO fos_user (username, username_canonical, email, email_canonical, enabled, salt," \
r"password, locked, expired, roles, credentials_expired, characterid, characterName)" \
r"VALUES (%s, %s, %s, %s, 1,%s, %s, 0, 0, 'a:0:{}', 0, %s, %s) "
SQL_GET_USER_ID = r"SELECT id FROM fos_user WHERE username = %s"
SQL_DISABLE_USER = r"UPDATE fos_user SET enabled = '0' WHERE username = %s"
SQL_ENABLE_USER = r"UPDATE fos_user SET enabled = '1' WHERE username = %s"
SQL_UPDATE_PASSWORD = r"UPDATE fos_user SET password = %s, salt = %s WHERE username = %s"
SQL_CHECK_EMAIL = r"SELECT email FROM fos_user WHERE email = %s"
SQL_CHECK_USERNAME = r"SELECT username FROM fos_user WHERE username = %s"
SQL_UPDATE_USER = r"UPDATE fos_user SET password = %s, salt = %s, enabled = '1' WHERE username = %s"
@staticmethod
def __santatize_username(username):
sanatized = username.replace(" ", "_")
return sanatized.lower()
@staticmethod
def __generate_random_pass():
return ''.join([random.choice(string.ascii_letters + string.digits) for n in range(16)])
@staticmethod
def _gen_pwhash(password):
return bcrypt.encrypt(password.encode('utf-8'), rounds=13)
@staticmethod
def _get_salt(pw_hash):
search = re.compile(r"^\$2[a-z]?\$([0-9]+)\$(.{22})(.{31})$")
match = re.match(search, pw_hash)
return match.group(2)
@classmethod
def check_username(cls, username):
logger.debug("Checking alliance market username %s" % username)
cursor = connections['market'].cursor()
cursor.execute(cls.SQL_CHECK_USERNAME, [cls.__santatize_username(username)])
row = cursor.fetchone()
if row:
logger.debug("Found user %s on alliance market" % username)
return True
logger.debug("User %s not found on alliance market" % username)
return False
@classmethod
def check_user_email(cls, username, email):
logger.debug("Checking if alliance market email exists for user %s" % username)
cursor = connections['market'].cursor()
cursor.execute(cls.SQL_CHECK_EMAIL, [email])
row = cursor.fetchone()
if row:
logger.debug("Found user %s email address on alliance market" % username)
return True
logger.debug("User %s email address not found on alliance market" % username)
return False
@classmethod
def add_user(cls, username, email, characterid, charactername):
logger.debug("Adding new market user %s" % username)
plain_password = cls.__generate_random_pass()
hash = cls._gen_pwhash(plain_password)
salt = cls._get_salt(hash)
username_clean = cls.__santatize_username(username)
if not cls.check_username(username):
if not cls.check_user_email(username, email):
try:
logger.debug("Adding user %s to alliance market" % username)
cursor = connections['market'].cursor()
cursor.execute(cls.SQL_ADD_USER, [username_clean, username_clean, email, email, salt,
hash, characterid, charactername])
return username_clean, plain_password
except:
logger.debug("Unsuccessful attempt to add market user %s" % username)
return "", ""
else:
logger.debug("Alliance market email %s already exists Updating instead" % email)
username_clean, password = cls.update_user_info(username)
return username_clean, password
else:
logger.debug("Alliance market username %s already exists Updating instead" % username)
username_clean, password = cls.update_user_info(username)
return username_clean, password
@classmethod
def disable_user(cls, username):
logger.debug("Disabling alliance market user %s " % username)
cursor = connections['market'].cursor()
cursor.execute(cls.SQL_DISABLE_USER, [username])
return True
@classmethod
def update_custom_password(cls, username, plain_password):
logger.debug("Updating alliance market user %s password" % username)
if cls.check_username(username):
username_clean = cls.__santatize_username(username)
hash = cls._gen_pwhash(plain_password)
salt = cls._get_salt(hash)
cursor = connections['market'].cursor()
cursor.execute(cls.SQL_UPDATE_PASSWORD, [hash, salt, username_clean])
return plain_password
else:
logger.error("Unable to update alliance market user %s password" % username)
return ""
@classmethod
def update_user_password(cls, username):
logger.debug("Updating alliance market user %s password" % username)
if cls.check_username(username):
username_clean = cls.__santatize_username(username)
plain_password = cls.__generate_random_pass()
hash = cls._gen_pwhash(plain_password)
salt = cls._get_salt(hash)
cursor = connections['market'].cursor()
cursor.execute(cls.SQL_UPDATE_PASSWORD, [hash, salt, username_clean])
return plain_password
else:
logger.error("Unable to update alliance market user %s password" % username)
return ""
@classmethod
def update_user_info(cls, username):
logger.debug("Updating alliance market user %s" % username)
try:
username_clean = cls.__santatize_username(username)
plain_password = cls.__generate_random_pass()
hash = cls._gen_pwhash(plain_password)
salt = cls._get_salt(hash)
cursor = connections['market'].cursor()
cursor.execute(cls.SQL_UPDATE_USER, [hash, salt, username_clean])
return username_clean, plain_password
except:
logger.debug("Alliance market update user failed for %s" % username)
return "", ""

26
services/modules/market/migrations/0001_initial.py Normal file
View File

@@ -0,0 +1,26 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.2 on 2016-12-12 03:27
from __future__ import unicode_literals
from django.conf import settings
from django.db import migrations, models
import django.db.models.deletion
class Migration(migrations.Migration):
initial = True
dependencies = [
('auth', '0008_alter_user_username_max_length'),
]
operations = [
migrations.CreateModel(
name='MarketUser',
fields=[
('user', models.OneToOneField(on_delete=django.db.models.deletion.CASCADE, primary_key=True, related_name='market', serialize=False, to=settings.AUTH_USER_MODEL)),
('username', models.CharField(max_length=254)),
],
),
]

0
services/modules/market/migrations/__init__.py Normal file
View File

16
services/modules/market/models.py Normal file
View File

@@ -0,0 +1,16 @@
from __future__ import unicode_literals
from django.utils.encoding import python_2_unicode_compatible
from django.contrib.auth.models import User
from django.db import models
@python_2_unicode_compatible
class MarketUser(models.Model):
user = models.OneToOneField(User,
primary_key=True,
on_delete=models.CASCADE,
related_name='market')
username = models.CharField(max_length=254)
def __str__(self):
return self.username

44
services/modules/market/tasks.py Normal file
View File

@@ -0,0 +1,44 @@
from __future__ import unicode_literals
from django.conf import settings
from django.core.exceptions import ObjectDoesNotExist
from notifications import notify
from .models import MarketUser
from .manager import MarketManager
import logging
logger = logging.getLogger(__name__)
class MarketTasks:
def __init__(self):
pass
@classmethod
def delete_user(cls, user, notify_user=False):
if cls.has_account(user):
logger.debug("User %s has a Market account %s. Deleting." % (user, user.market.username))
if MarketManager.disable_user(user.market.username):
user.market.delete()
if notify_user:
notify(user, 'Alliance Market Account Disabled', level='danger')
return True
return False
@staticmethod
def has_account(user):
try:
return user.market.username != ''
except ObjectDoesNotExist:
return False
@staticmethod
def disable():
if settings.ENABLE_AUTH_MARKET:
logger.warn("ENABLE_AUTH_MARKET still True, after disabling users will still be able to activate Market accounts")
if settings.ENABLE_BLUE_MARKET:
logger.warn("ENABLE_BLUE_MARKET still True, after disabling blues will still be able to activate Market accounts")
MarketUser.objects.all().delete()

176
services/modules/market/tests.py Normal file
View File

@@ -0,0 +1,176 @@
from __future__ import unicode_literals
try:
# Py3
from unittest import mock
except ImportError:
# Py2
import mock
from django.test import TestCase, RequestFactory
from django.conf import settings
from django import urls
from django.contrib.auth.models import User
from django.core.exceptions import ObjectDoesNotExist
from alliance_auth.tests.auth_utils import AuthUtils
from .auth_hooks import MarketService
from .models import MarketUser
from .tasks import MarketTasks
MODULE_PATH = 'services.modules.market'
class MarketHooksTestCase(TestCase):
def setUp(self):
self.member = 'member_user'
member = AuthUtils.create_member(self.member)
MarketUser.objects.create(user=member, username=self.member)
self.blue = 'blue_user'
blue = AuthUtils.create_blue(self.blue)
MarketUser.objects.create(user=blue, username=self.blue)
self.none_user = 'none_user'
none_user = AuthUtils.create_user(self.none_user)
self.service = MarketService
def test_has_account(self):
member = User.objects.get(username=self.member)
blue = User.objects.get(username=self.blue)
none_user = User.objects.get(username=self.none_user)
self.assertTrue(MarketTasks.has_account(member))
self.assertTrue(MarketTasks.has_account(blue))
self.assertFalse(MarketTasks.has_account(none_user))
def test_service_enabled(self):
service = self.service()
member = User.objects.get(username=self.member)
blue = User.objects.get(username=self.blue)
none_user = User.objects.get(username=self.none_user)
self.assertTrue(service.service_enabled_members())
self.assertTrue(service.service_enabled_blues())
self.assertEqual(service.service_active_for_user(member), settings.ENABLE_AUTH_MARKET)
self.assertEqual(service.service_active_for_user(blue), settings.ENABLE_BLUE_MARKET)
self.assertFalse(service.service_active_for_user(none_user))
@mock.patch(MODULE_PATH + '.tasks.MarketManager')
def test_delete_user(self, manager):
member = User.objects.get(username=self.member)
service = self.service()
result = service.delete_user(member)
self.assertTrue(result)
self.assertTrue(manager.disable_user.called)
with self.assertRaises(ObjectDoesNotExist):
market_user = User.objects.get(username=self.member).market
def test_render_services_ctrl(self):
service = self.service()
member = User.objects.get(username=self.member)
request = RequestFactory().get('/en/services/')
request.user = member
response = service.render_services_ctrl(request)
self.assertTemplateUsed(service.service_ctrl_template)
self.assertIn(urls.reverse('auth_set_market_password'), response)
self.assertIn(urls.reverse('auth_reset_market_password'), response)
self.assertIn(urls.reverse('auth_deactivate_market'), response)
# Test register becomes available
member.market.delete()
member = User.objects.get(username=self.member)
request.user = member
response = service.render_services_ctrl(request)
self.assertIn(urls.reverse('auth_activate_market'), response)
class MarketViewsTestCase(TestCase):
def setUp(self):
self.member = AuthUtils.create_member('auth_member')
self.member.set_password('password')
self.member.email = 'auth_member@example.com'
self.member.save()
AuthUtils.add_main_character(self.member, 'auth_member', '12345', corp_id='111', corp_name='Test Corporation')
def login(self):
self.client.login(username=self.member.username, password='password')
@mock.patch(MODULE_PATH + '.views.MarketManager')
def test_activate(self, manager):
self.login()
expected_username = 'auth_member'
expected_password = 'password'
expected_id = '1234'
manager.add_user.return_value = (expected_username, expected_password, expected_id)
response = self.client.get(urls.reverse('auth_activate_market'), follow=False)
self.assertTrue(manager.add_user.called)
args, kwargs = manager.add_user.call_args
self.assertEqual(args[0], expected_username)
self.assertEqual(args[1], self.member.email)
self.assertTemplateUsed(response, 'registered/service_credentials.html')
self.assertContains(response, expected_username)
self.assertContains(response, expected_password)
@mock.patch(MODULE_PATH + '.tasks.MarketManager')
def test_deactivate(self, manager):
self.login()
MarketUser.objects.create(user=self.member, username='12345')
manager.disable_user.return_value = True
response = self.client.get(urls.reverse('auth_deactivate_market'))
self.assertTrue(manager.disable_user.called)
self.assertRedirects(response, expected_url=urls.reverse('auth_services'), target_status_code=200)
with self.assertRaises(ObjectDoesNotExist):
market_user = User.objects.get(pk=self.member.pk).market
@mock.patch(MODULE_PATH + '.views.MarketManager')
def test_set_password(self, manager):
self.login()
MarketUser.objects.create(user=self.member, username='12345')
expected_password = 'password'
manager.update_user_password.return_value = expected_password
response = self.client.post(urls.reverse('auth_set_market_password'), data={'password': expected_password})
self.assertTrue(manager.update_custom_password.called)
args, kwargs = manager.update_custom_password.call_args
self.assertEqual(args[1], expected_password)
self.assertRedirects(response, expected_url=urls.reverse('auth_services'), target_status_code=200)
@mock.patch(MODULE_PATH + '.views.MarketManager')
def test_reset_password(self, manager):
self.login()
MarketUser.objects.create(user=self.member, username='12345')
response = self.client.get(urls.reverse('auth_reset_market_password'))
self.assertTrue(manager.update_user_password.called)
self.assertTemplateUsed(response, 'registered/service_credentials.html')
class MarketManagerTestCase(TestCase):
def setUp(self):
from .manager import MarketManager
self.manager = MarketManager
def test_generate_random_password(self):
password = self.manager._MarketManager__generate_random_pass()
self.assertEqual(len(password), 16)
self.assertIsInstance(password, type(''))
def test_gen_pwhash(self):
pwhash = self.manager._gen_pwhash('test')
salt = self.manager._get_salt(pwhash)
self.assertIsInstance(pwhash, str)
self.assertGreaterEqual(len(pwhash), 59)
self.assertIsInstance(salt, str)
self.assertEqual(len(salt), 22)

16
services/modules/market/urls.py Normal file
View File

@@ -0,0 +1,16 @@
from __future__ import unicode_literals
from django.conf.urls import url, include
from . import views
module_urls = [
# Alliance Market Control
url(r'^activate/$', views.activate_market, name='auth_activate_market'),
url(r'^deactivate/$', views.deactivate_market, name='auth_deactivate_market'),
url(r'^reset_password/$', views.reset_market_password, name='auth_reset_market_password'),
url(r'^set_password/$', views.set_market_password, name='auth_set_market_password'),
]
urlpatterns = [
url(r'^market/', include(module_urls))
]

107
services/modules/market/views.py Normal file
View File

@@ -0,0 +1,107 @@
from __future__ import unicode_literals
from django.contrib import messages
from django.contrib.auth.decorators import login_required
from django.shortcuts import render, redirect
from authentication.decorators import members_and_blues
from services.forms import ServicePasswordForm
from eveonline.managers import EveManager
from .manager import MarketManager
from .models import MarketUser
from .tasks import MarketTasks
import logging
logger = logging.getLogger(__name__)
@login_required
@members_and_blues()
def activate_market(request):
logger.debug("activate_market called by user %s" % request.user)
character = EveManager.get_main_character(request.user)
if character is not None:
logger.debug("Adding market user for user %s with main character %s" % (request.user, character))
result = MarketManager.add_user(character.character_name, request.user.email, character.character_id,
character.character_name)
# if empty we failed
if result[0] != "":
MarketUser.objects.create(user=request.user, username=result[0])
logger.debug("Updated authserviceinfo for user %s with market credentials." % request.user)
logger.info("Successfully activated market for user %s" % request.user)
messages.success(request, 'Activated Alliance Market account.')
credentials = {
'username': result[0],
'password': result[1],
}
return render(request, 'registered/service_credentials.html',
context={'credentials': credentials, 'service': 'Alliance Market'})
logger.error("Unsuccessful attempt to activate market for user %s" % request.user)
messages.error(request, 'An error occurred while processing your Alliance Market account.')
return redirect("auth_services")
@login_required
@members_and_blues()
def deactivate_market(request):
logger.debug("deactivate_market called by user %s" % request.user)
# false we failed
if MarketTasks.delete_user(request.user):
logger.info("Successfully deactivated market for user %s" % request.user)
messages.success(request, 'Deactivated Alliance Market account.')
else:
logger.error("Unsuccessful attempt to activate market for user %s" % request.user)
messages.error(request, 'An error occurred while processing your Alliance Market account.')
return redirect("auth_services")
@login_required
@members_and_blues()
def reset_market_password(request):
logger.debug("reset_market_password called by user %s" % request.user)
if MarketTasks.has_account(request.user):
result = MarketManager.update_user_password(request.user.market.username)
# false we failed
if result != "":
logger.info("Successfully reset market password for user %s" % request.user)
messages.success(request, 'Reset Alliance Market password.')
credentials = {
'username': request.user.market.username,
'password': result,
}
return render(request, 'registered/service_credentials.html',
context={'credentials': credentials, 'service': 'Alliance Market'})
logger.error("Unsuccessful attempt to reset market password for user %s" % request.user)
messages.error(request, 'An error occurred while processing your Alliance Market account.')
return redirect("auth_services")
@login_required
@members_and_blues()
def set_market_password(request):
logger.debug("set_market_password called by user %s" % request.user)
if request.method == 'POST':
logger.debug("Received POST request with form.")
form = ServicePasswordForm(request.POST)
logger.debug("Form is valid: %s" % form.is_valid())
if form.is_valid() and MarketTasks.has_account(request.user):
password = form.cleaned_data['password']
logger.debug("Form contains password of length %s" % len(password))
result = MarketManager.update_custom_password(request.user.market.username, password)
if result != "":
logger.info("Successfully reset market password for user %s" % request.user)
messages.success(request, 'Set Alliance Market password.')
else:
logger.error("Failed to install custom market password for user %s" % request.user)
messages.error(request, 'An error occurred while processing your Alliance Market account.')
return redirect("auth_services")
else:
logger.debug("Request is not type POST - providing empty form.")
form = ServicePasswordForm()
logger.debug("Rendering form for user %s" % request.user)
context = {'form': form, 'service': 'Market'}
return render(request, 'registered/service_password.html', context=context)

0
services/modules/mumble/__init__.py Normal file
View File

11
services/modules/mumble/admin.py Normal file
View File

@@ -0,0 +1,11 @@
from __future__ import unicode_literals
from django.contrib import admin
from .models import MumbleUser
class MumbleUserAdmin(admin.ModelAdmin):
fields = ('user', 'username', 'groups') # pwhash is hidden from admin panel
list_display = ('user', 'username', 'groups')
search_fields = ('user__username', 'username', 'groups')
admin.site.register(MumbleUser, MumbleUserAdmin)

7
services/modules/mumble/apps.py Normal file
View File

@@ -0,0 +1,7 @@
from __future__ import unicode_literals
from django.apps import AppConfig
class MumbleServiceConfig(AppConfig):
name = 'mumble'

68
services/modules/mumble/auth_hooks.py Normal file
View File

@@ -0,0 +1,68 @@
from __future__ import unicode_literals
from django.template.loader import render_to_string
from django.conf import settings
from notifications import notify
from alliance_auth import hooks
from services.hooks import ServicesHook
from .tasks import MumbleTasks
from .manager import MumbleManager
from .urls import urlpatterns
import logging
logger = logging.getLogger(__name__)
class MumbleService(ServicesHook):
def __init__(self):
ServicesHook.__init__(self)
self.name = 'mumble'
self.urlpatterns = urlpatterns
self.service_url = settings.MUMBLE_URL
def delete_user(self, user, notify_user=False):
logging.debug("Deleting user %s %s account" % (user, self.name))
if MumbleManager.delete_user(user):
if notify_user:
notify(user, 'Mumble Account Disabled', level='danger')
return True
return False
def update_groups(self, user):
logger.debug("Updating %s groups for %s" % (self.name, user))
if MumbleTasks.has_account(user):
MumbleTasks.update_groups.delay(user.pk)
def validate_user(self, user):
if MumbleTasks.has_account(user) and not self.service_active_for_user(user):
self.delete_user(user, notify_user=True)
def update_all_groups(self):
logger.debug("Updating all %s groups" % self.name)
MumbleTasks.update_all_groups.delay()
def service_enabled_members(self):
return settings.ENABLE_AUTH_MUMBLE or False
def service_enabled_blues(self):
return settings.ENABLE_BLUE_MUMBLE or False
def render_services_ctrl(self, request):
urls = self.Urls()
urls.auth_activate = 'auth_activate_mumble'
urls.auth_deactivate = 'auth_deactivate_mumble'
urls.auth_reset_password = 'auth_reset_mumble_password'
urls.auth_set_password = 'auth_set_mumble_password'
return render_to_string(self.service_ctrl_template, {
'service_name': self.title,
'urls': urls,
'service_url': self.service_url,
'username': request.user.mumble.username if MumbleTasks.has_account(request.user) else '',
}, request=request)
@hooks.register('services_hook')
def register_mumble_service():
return MumbleService()

105
services/modules/mumble/manager.py Executable file
View File

@@ -0,0 +1,105 @@
from __future__ import unicode_literals
import random
import string
import hashlib
from django.core.exceptions import ObjectDoesNotExist
from .models import MumbleUser
import logging
logger = logging.getLogger(__name__)
class MumbleManager:
def __init__(self):
pass
@staticmethod
def __santatize_username(username):
sanatized = username.replace(" ", "_")
return sanatized
@staticmethod
def __generate_random_pass():
return ''.join([random.choice(string.ascii_letters + string.digits) for n in range(16)])
@staticmethod
def __generate_username(username, corp_ticker):
return "[" + corp_ticker + "]" + username
@staticmethod
def __generate_username_blue(username, corp_ticker):
return "[BLUE][" + corp_ticker + "]" + username
@staticmethod
def _gen_pwhash(password):
return hashlib.sha1(password.encode('utf-8')).hexdigest()
@staticmethod
def create_user(user, corp_ticker, username, blue=False):
logger.debug("Creating%s mumble user with username %s and ticker %s" % (' blue' if blue else '',
username, corp_ticker))
username_clean = MumbleManager.__santatize_username(
MumbleManager.__generate_username_blue(username, corp_ticker) if blue else
MumbleManager.__generate_username(username, corp_ticker))
password = MumbleManager.__generate_random_pass()
pwhash = MumbleManager._gen_pwhash(password)
logger.debug("Proceeding with mumble user creation: clean username %s, pwhash starts with %s" % (
username_clean, pwhash[0:5]))
if not MumbleUser.objects.filter(username=username_clean).exists():
logger.info("Creating mumble user %s" % username_clean)
MumbleUser.objects.create(user=user, username=username_clean, pwhash=pwhash)
return username_clean, password
else:
logger.warn("Mumble user %s already exists.")
return False
@staticmethod
def delete_user(user):
logger.debug("Deleting user %s from mumble." % user)
if MumbleUser.objects.filter(user=user).exists():
MumbleUser.objects.filter(user=user).delete()
logger.info("Deleted user %s from mumble" % user)
return True
logger.error("Unable to delete user %s from mumble: MumbleUser model not found" % user)
return False
@staticmethod
def update_user_password(user, password=None):
logger.debug("Updating mumble user %s password." % user)
if not password:
password = MumbleManager.__generate_random_pass()
pwhash = MumbleManager._gen_pwhash(password)
logger.debug("Proceeding with mumble user %s password update - pwhash starts with %s" % (user, pwhash[0:5]))
try:
model = MumbleUser.objects.get(user=user)
model.pwhash = pwhash
model.save()
return password
except ObjectDoesNotExist:
logger.error("User %s not found on mumble. Unable to update password." % user)
return False
@staticmethod
def update_groups(user, groups):
logger.debug("Updating mumble user %s groups %s" % (user, groups))
safe_groups = list(set([g.replace(' ', '-') for g in groups]))
groups = ''
for g in safe_groups:
groups = groups + g + ','
groups = groups.strip(',')
if MumbleUser.objects.filter(user=user).exists():
logger.info("Updating mumble user %s groups to %s" % (user, safe_groups))
model = MumbleUser.objects.get(user=user)
model.groups = groups
model.save()
return True
else:
logger.error("User %s not found on mumble. Unable to update groups." % user)
return False
@staticmethod
def user_exists(username):
return MumbleUser.objects.filter(username=username).exists()

28
services/modules/mumble/migrations/0001_initial.py Normal file
View File

@@ -0,0 +1,28 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.2 on 2016-12-12 00:58
from __future__ import unicode_literals
from django.db import migrations, models
class Migration(migrations.Migration):
initial = True
dependencies = [
]
operations = [
migrations.CreateModel(
name='MumbleUser',
fields=[
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('username', models.CharField(max_length=254, unique=True)),
('pwhash', models.CharField(max_length=40)),
('groups', models.TextField(blank=True, null=True)),
],
options={
'db_table': 'services_mumbleuser',
},
),
]

19
services/modules/mumble/migrations/0002_auto_20161212_0100.py Normal file
View File

@@ -0,0 +1,19 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.2 on 2016-12-12 01:00
from __future__ import unicode_literals
from django.db import migrations
class Migration(migrations.Migration):
dependencies = [
('mumble', '0001_initial'),
]
operations = [
migrations.AlterModelTable(
name='mumbleuser',
table=None,
),
]

23
services/modules/mumble/migrations/0003_mumbleuser_user.py Normal file
View File

@@ -0,0 +1,23 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.2 on 2016-12-12 03:31
from __future__ import unicode_literals
from django.conf import settings
from django.db import migrations, models
import django.db.models.deletion
class Migration(migrations.Migration):
dependencies = [
migrations.swappable_dependency(settings.AUTH_USER_MODEL),
('mumble', '0002_auto_20161212_0100'),
]
operations = [
migrations.AddField(
model_name='mumbleuser',
name='user',
field=models.ForeignKey(null=True, on_delete=django.db.models.deletion.CASCADE, related_name='mumble', to=settings.AUTH_USER_MODEL),
),
]

22
services/modules/mumble/migrations/0004_auto_20161214_1024.py Normal file
View File

@@ -0,0 +1,22 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.4 on 2016-12-14 10:24
from __future__ import unicode_literals
from django.conf import settings
from django.db import migrations, models
import django.db.models.deletion
class Migration(migrations.Migration):
dependencies = [
('mumble', '0003_mumbleuser_user'),
]
operations = [
migrations.AlterField(
model_name='mumbleuser',
name='user',
field=models.OneToOneField(null=True, on_delete=django.db.models.deletion.CASCADE, related_name='mumble', to=settings.AUTH_USER_MODEL),
),
]

0
services/modules/mumble/migrations/__init__.py Normal file
View File

14
services/modules/mumble/models.py Normal file
View File

@@ -0,0 +1,14 @@
from __future__ import unicode_literals
from django.utils.encoding import python_2_unicode_compatible
from django.db import models
@python_2_unicode_compatible
class MumbleUser(models.Model):
user = models.OneToOneField('auth.User', related_name='mumble', null=True)
username = models.CharField(max_length=254, unique=True)
pwhash = models.CharField(max_length=40)
groups = models.TextField(blank=True, null=True)
def __str__(self):
return self.username

63
services/modules/mumble/tasks.py Normal file
View File

@@ -0,0 +1,63 @@
from __future__ import unicode_literals
from alliance_auth.celeryapp import app
from django.conf import settings
from django.contrib.auth.models import User
from django.core.exceptions import ObjectDoesNotExist
from .models import MumbleUser
from .manager import MumbleManager
import logging
logger = logging.getLogger(__name__)
class MumbleTasks:
def __init__(self):
pass
@staticmethod
def has_account(user):
try:
return user.mumble.username != ''
except ObjectDoesNotExist:
return False
@staticmethod
def disable_mumble():
if settings.ENABLE_AUTH_MUMBLE:
logger.warn("ENABLE_AUTH_MUMBLE still True, after disabling users will still be able to create mumble accounts")
if settings.ENABLE_BLUE_MUMBLE:
logger.warn("ENABLE_BLUE_MUMBLE still True, after disabling blues will still be able to create mumble accounts")
logger.info("Deleting all MumbleUser models")
MumbleUser.objects.all().delete()
@staticmethod
@app.task(bind=True)
def update_groups(self, pk):
user = User.objects.get(pk=pk)
logger.debug("Updating mumble groups for user %s" % user)
if MumbleTasks.has_account(user):
groups = []
for group in user.groups.all():
groups.append(str(group.name))
if len(groups) == 0:
groups.append('empty')
logger.debug("Updating user %s mumble groups to %s" % (user, groups))
try:
if not MumbleManager.update_groups(user, groups):
raise Exception("Group sync failed")
except:
logger.exception("Mumble group sync failed for %s, retrying in 10 mins" % user)
raise self.retry(countdown=60 * 10)
logger.debug("Updated user %s mumble groups." % user)
else:
logger.debug("User %s does not have a mumble account, skipping" % user)
@staticmethod
@app.task
def update_all_groups():
logger.debug("Updating ALL mumble groups")
for mumble_user in MumbleUser.objects.exclude(username__exact=''):
MumbleTasks.update_groups.delay(mumble_user.user.pk)

201
services/modules/mumble/tests.py Normal file
View File

@@ -0,0 +1,201 @@
from __future__ import unicode_literals
try:
# Py3
from unittest import mock
except ImportError:
# Py2
import mock
from django.test import TestCase, RequestFactory
from django.conf import settings
from django import urls
from django.contrib.auth.models import User
from django.core.exceptions import ObjectDoesNotExist
from alliance_auth.tests.auth_utils import AuthUtils
from .auth_hooks import MumbleService
from .models import MumbleUser
from .tasks import MumbleTasks
import hashlib
MODULE_PATH = 'services.modules.mumble'
def gen_pwhash(password):
return hashlib.sha1(password).hexdigest()
class MumbleHooksTestCase(TestCase):
def setUp(self):
self.member = 'member_user'
member = AuthUtils.create_member(self.member)
MumbleUser.objects.create(user=member, username=self.member, pwhash='password', groups='Member')
self.blue = 'blue_user'
blue = AuthUtils.create_blue(self.blue)
MumbleUser.objects.create(user=blue, username=self.blue, pwhash='password', groups='Blue')
self.none_user = 'none_user'
none_user = AuthUtils.create_user(self.none_user)
self.service = MumbleService
def test_has_account(self):
member = User.objects.get(username=self.member)
blue = User.objects.get(username=self.blue)
none_user = User.objects.get(username=self.none_user)
self.assertTrue(MumbleTasks.has_account(member))
self.assertTrue(MumbleTasks.has_account(blue))
self.assertFalse(MumbleTasks.has_account(none_user))
def test_service_enabled(self):
service = self.service()
member = User.objects.get(username=self.member)
blue = User.objects.get(username=self.blue)
none_user = User.objects.get(username=self.none_user)
self.assertTrue(service.service_enabled_members())
self.assertTrue(service.service_enabled_blues())
self.assertEqual(service.service_active_for_user(member), settings.ENABLE_AUTH_MUMBLE)
self.assertEqual(service.service_active_for_user(blue), settings.ENABLE_BLUE_MUMBLE)
self.assertFalse(service.service_active_for_user(none_user))
@mock.patch(MODULE_PATH + '.tasks.MumbleManager')
def test_update_all_groups(self, manager):
service = self.service()
service.update_all_groups()
# Check member and blue user have groups updated
self.assertTrue(manager.update_groups.called)
self.assertEqual(manager.update_groups.call_count, 2)
def test_update_groups(self):
# Check member has Member group updated
service = self.service()
member = User.objects.get(username=self.member)
member.mumble.groups = '' # Remove the group set in setUp
member.mumble.save()
service.update_groups(member)
mumble_user = MumbleUser.objects.get(user=member)
self.assertIn(settings.DEFAULT_AUTH_GROUP, mumble_user.groups)
# Check none user does not have groups updated
with mock.patch(MODULE_PATH + '.tasks.MumbleManager') as manager:
service = self.service()
none_user = User.objects.get(username=self.none_user)
service.update_groups(none_user)
self.assertFalse(manager.update_groups.called)
def test_validate_user(self):
service = self.service()
# Test member is not deleted
member = User.objects.get(username=self.member)
service.validate_user(member)
self.assertTrue(member.mumble)
# Test none user is deleted
none_user = User.objects.get(username=self.none_user)
MumbleUser.objects.create(user=none_user, username='mr no-name', pwhash='password', groups='Blue,Orange')
service.validate_user(none_user)
with self.assertRaises(ObjectDoesNotExist):
none_mumble = User.objects.get(username=self.none_user).mumble
def test_delete_user(self):
member = User.objects.get(username=self.member)
service = self.service()
result = service.delete_user(member)
self.assertTrue(result)
with self.assertRaises(ObjectDoesNotExist):
mumble_user = User.objects.get(username=self.member).mumble
def test_render_services_ctrl(self):
service = self.service()
member = User.objects.get(username=self.member)
request = RequestFactory().get('/en/services/')
request.user = member
response = service.render_services_ctrl(request)
self.assertTemplateUsed(service.service_ctrl_template)
self.assertIn(urls.reverse('auth_deactivate_mumble'), response)
self.assertIn(urls.reverse('auth_reset_mumble_password'), response)
self.assertIn(urls.reverse('auth_set_mumble_password'), response)
# Test register becomes available
member.mumble.delete()
member = User.objects.get(username=self.member)
request.user = member
response = service.render_services_ctrl(request)
self.assertIn(urls.reverse('auth_activate_mumble'), response)
class MumbleViewsTestCase(TestCase):
def setUp(self):
self.member = AuthUtils.create_member('auth_member')
self.member.set_password('password')
self.member.email = 'auth_member@example.com'
self.member.save()
AuthUtils.add_main_character(self.member, 'auth_member', '12345', corp_id='111', corp_name='Test Corporation',
corp_ticker='TESTR')
def login(self):
self.client.login(username=self.member.username, password='password')
def test_activate(self):
self.login()
expected_username = '[TESTR]auth_member'
response = self.client.get(urls.reverse('auth_activate_mumble'), follow=False)
self.assertEqual(response.status_code, 200)
self.assertContains(response, expected_username)
mumble_user = MumbleUser.objects.get(user=self.member)
self.assertEqual(mumble_user.username, expected_username)
self.assertTrue(mumble_user.pwhash)
self.assertEqual(self.member.mumble.username, expected_username)
def test_deactivate(self):
self.login()
MumbleUser.objects.create(user=self.member, username='some member')
response = self.client.get(urls.reverse('auth_deactivate_mumble'))
self.assertRedirects(response, expected_url=urls.reverse('auth_services'), target_status_code=200)
with self.assertRaises(ObjectDoesNotExist):
mumble_user = User.objects.get(pk=self.member.pk).mumble
def test_set_password(self):
self.login()
MumbleUser.objects.create(user=self.member, username='some member', pwhash='old')
response = self.client.post(urls.reverse('auth_set_mumble_password'), data={'password': '1234asdf'})
self.assertNotEqual(MumbleUser.objects.get(user=self.member).pwhash, 'old')
self.assertRedirects(response, expected_url=urls.reverse('auth_services'), target_status_code=200)
def test_reset_password(self):
self.login()
MumbleUser.objects.create(user=self.member, username='some member', pwhash='old')
response = self.client.get(urls.reverse('auth_reset_mumble_password'))
self.assertNotEqual(MumbleUser.objects.get(user=self.member).pwhash, 'old')
self.assertTemplateUsed(response, 'registered/service_credentials.html')
self.assertContains(response, 'some member')
class MumbleManagerTestCase(TestCase):
def setUp(self):
from .manager import MumbleManager
self.manager = MumbleManager
def test_generate_random_password(self):
password = self.manager._MumbleManager__generate_random_pass()
self.assertEqual(len(password), 16)
self.assertIsInstance(password, type(''))
def test_gen_pwhash(self):
pwhash = self.manager._gen_pwhash('test')
self.assertEqual(pwhash, 'a94a8fe5ccb19ba61c4c0873d391e987982fbbd3')

17
services/modules/mumble/urls.py Normal file
View File

@@ -0,0 +1,17 @@
from __future__ import unicode_literals
from django.conf.urls import url, include
from . import views
module_urls = [
# Mumble service control
url(r'^activate/$', views.activate_mumble, name='auth_activate_mumble'),
url(r'^deactivate/$', views.deactivate_mumble, name='auth_deactivate_mumble'),
url(r'^reset_password/$', views.reset_mumble_password,
name='auth_reset_mumble_password'),
url(r'^set_password/$', views.set_mumble_password, name='auth_set_mumble_password'),
]
urlpatterns = [
url(r'^mumble/', include(module_urls))
]

120
services/modules/mumble/views.py Normal file
View File

@@ -0,0 +1,120 @@
from __future__ import unicode_literals
from django.contrib.auth.decorators import login_required
from django.shortcuts import render, redirect
from django.contrib import messages
from authentication.decorators import members_and_blues
from eveonline.managers import EveManager
from eveonline.models import EveAllianceInfo
from authentication.states import MEMBER_STATE, BLUE_STATE, NONE_STATE
from authentication.models import AuthServicesInfo
from services.forms import ServicePasswordForm
from .manager import MumbleManager
from .tasks import MumbleTasks
from .models import MumbleUser
import logging
logger = logging.getLogger(__name__)
@login_required
@members_and_blues()
def activate_mumble(request):
logger.debug("activate_mumble called by user %s" % request.user)
authinfo = AuthServicesInfo.objects.get(user=request.user)
character = EveManager.get_main_character(request.user)
ticker = character.corporation_ticker
if authinfo.state == BLUE_STATE:
logger.debug("Adding mumble user for blue user %s with main character %s" % (request.user, character))
# Blue members should have alliance ticker (if in alliance)
if EveAllianceInfo.objects.filter(alliance_id=character.alliance_id).exists():
alliance = EveAllianceInfo.objects.filter(alliance_id=character.alliance_id)[0]
ticker = alliance.alliance_ticker
result = MumbleManager.create_user(request.user, ticker, character.character_name, blue=True)
else:
logger.debug("Adding mumble user for user %s with main character %s" % (request.user, character))
result = MumbleManager.create_user(request.user, ticker, character.character_name)
if result:
logger.debug("Updated authserviceinfo for user %s with mumble credentials. Updating groups." % request.user)
MumbleTasks.update_groups.apply(request.user.pk) # Run synchronously to prevent timing issues
logger.info("Successfully activated mumble for user %s" % request.user)
messages.success(request, 'Activated Mumble account.')
credentials = {
'username': result[0],
'password': result[1],
}
return render(request, 'registered/service_credentials.html',
context={'credentials': credentials, 'service': 'Mumble'})
else:
logger.error("Unsuccessful attempt to activate mumble for user %s" % request.user)
messages.error(request, 'An error occurred while processing your Mumble account.')
return redirect("auth_services")
@login_required
@members_and_blues()
def deactivate_mumble(request):
logger.debug("deactivate_mumble called by user %s" % request.user)
# if we successfully remove the user or the user is already removed
if MumbleManager.delete_user(request.user):
logger.info("Successfully deactivated mumble for user %s" % request.user)
messages.success(request, 'Deactivated Mumble account.')
else:
logger.error("Unsuccessful attempt to deactivate mumble for user %s" % request.user)
messages.error(request, 'An error occurred while processing your Mumble account.')
return redirect("auth_services")
@login_required
@members_and_blues()
def reset_mumble_password(request):
logger.debug("reset_mumble_password called by user %s" % request.user)
result = MumbleManager.update_user_password(request.user)
# if blank we failed
if result != "":
logger.info("Successfully reset mumble password for user %s" % request.user)
messages.success(request, 'Reset Mumble password.')
credentials = {
'username': request.user.mumble.username,
'password': result,
}
return render(request, 'registered/service_credentials.html',
context={'credentials': credentials, 'service': 'Mumble'})
else:
logger.error("Unsuccessful attempt to reset mumble password for user %s" % request.user)
messages.error(request, 'An error occurred while processing your Mumble account.')
return redirect("auth_services")
@login_required
@members_and_blues()
def set_mumble_password(request):
logger.debug("set_mumble_password called by user %s" % request.user)
if request.method == 'POST':
logger.debug("Received POST request with form.")
form = ServicePasswordForm(request.POST)
logger.debug("Form is valid: %s" % form.is_valid())
if form.is_valid() and MumbleTasks.has_account(request.user):
password = form.cleaned_data['password']
logger.debug("Form contains password of length %s" % len(password))
result = MumbleManager.update_user_password(request.user, password=password)
if result != "":
logger.info("Successfully reset forum password for user %s" % request.user)
messages.success(request, 'Set Mumble password.')
else:
logger.error("Failed to install custom mumble password for user %s" % request.user)
messages.error(request, 'An error occurred while processing your Mumble account.')
return redirect("auth_services")
else:
logger.debug("Request is not type POST - providing empty form.")
form = ServicePasswordForm()
logger.debug("Rendering form for user %s" % request.user)
context = {'form': form, 'service': 'Mumble'}
return render(request, 'registered/service_password.html', context=context)

0
services/modules/openfire/__init__.py Normal file
View File

10
services/modules/openfire/admin.py Normal file
View File

@@ -0,0 +1,10 @@
from __future__ import unicode_literals
from django.contrib import admin
from .models import OpenfireUser
class OpenfireUserAdmin(admin.ModelAdmin):
list_display = ('user', 'username')
search_fields = ('user__username', 'username')
admin.site.register(OpenfireUser, OpenfireUserAdmin)

7
services/modules/openfire/apps.py Normal file
View File

@@ -0,0 +1,7 @@
from __future__ import unicode_literals
from django.apps import AppConfig
class OpenfireServiceConfig(AppConfig):
name = 'openfire'

93
services/modules/openfire/auth_hooks.py Normal file
View File

@@ -0,0 +1,93 @@
from __future__ import unicode_literals
from django.conf import settings
from django.template.loader import render_to_string
from services.hooks import ServicesHook, MenuItemHook
from alliance_auth import hooks
from .urls import urlpatterns
from .tasks import OpenfireTasks
import logging
logger = logging.getLogger(__name__)
class OpenfireService(ServicesHook):
def __init__(self):
ServicesHook.__init__(self)
self.name = 'openfire'
self.urlpatterns = urlpatterns
self.service_url = settings.JABBER_URL
@property
def title(self):
return "Jabber"
def delete_user(self, user, notify_user=False):
logger.debug('Deleting user %s %s account' % (user, self.name))
return OpenfireTasks.delete_user(user, notify_user=notify_user)
def validate_user(self, user):
logger.debug('Validating user %s %s account' % (user, self.name))
if OpenfireTasks.has_account(user) and not self.service_active_for_user(user):
self.delete_user(user, notify_user=True)
def update_groups(self, user):
logger.debug('Updating %s groups for %s' % (self.name, user))
if OpenfireTasks.has_account(user):
OpenfireTasks.update_groups.delay(user.pk)
def update_all_groups(self):
logger.debug('Update all %s groups called' % self.name)
OpenfireTasks.update_all_groups.delay()
def service_enabled_members(self):
return settings.ENABLE_AUTH_JABBER or False # TODO: Rename this setting
def service_enabled_blues(self):
return settings.ENABLE_BLUE_JABBER or False # TODO: Rename this setting
def render_services_ctrl(self, request):
"""
Example for rendering the service control panel row
You can override the default template and create a
custom one if you wish.
:param request:
:return:
"""
urls = self.Urls()
urls.auth_activate = 'auth_activate_openfire'
urls.auth_deactivate = 'auth_deactivate_openfire'
urls.auth_set_password = 'auth_set_openfire_password'
urls.auth_reset_password = 'auth_reset_openfire_password'
return render_to_string(self.service_ctrl_template, {
'service_name': self.title,
'urls': urls,
'service_url': self.service_url,
'username': request.user.openfire.username if OpenfireTasks.has_account(request.user) else ''
}, request=request)
@hooks.register('services_hook')
def register_service():
return OpenfireService()
class JabberBroadcast(MenuItemHook):
def __init__(self):
MenuItemHook.__init__(self,
'Jabber Broadcast',
'fa fa-lock fa-fw fa-bullhorn grayiconecolor',
'auth_jabber_broadcast_view')
def render(self, request):
if request.user.has_perm('auth.jabber_broadcast'):
return MenuItemHook.render(self, request)
return ''
@hooks.register('menu_util_hook')
def register_menu():
return JabberBroadcast()

9
services/modules/openfire/forms.py Normal file
View File

@@ -0,0 +1,9 @@
from __future__ import unicode_literals
from django import forms
from django.utils.translation import ugettext_lazy as _
class JabberBroadcastForm(forms.Form):
group = forms.ChoiceField(label=_('Group'), widget=forms.Select)
message = forms.CharField(label=_('Message'), widget=forms.Textarea)

201
services/modules/openfire/manager.py Executable file
View File

@@ -0,0 +1,201 @@
from __future__ import unicode_literals
from django.utils import six
import re
import random
import string
try:
from urlparse import urlparse
except ImportError:
# python 3
from urllib.parse import urlparse
import sleekxmpp
from django.conf import settings
import threading
from ofrestapi.users import Users as ofUsers
from ofrestapi import exception
import logging
logger = logging.getLogger(__name__)
class OpenfireManager:
def __init__(self):
pass
@staticmethod
def send_broadcast_threaded(group_name, broadcast_message):
logger.debug("Starting broadcast to %s with message %s" % (group_name, broadcast_message))
broadcast_thread = XmppThread(1, "XMPP Broadcast Thread", 1, group_name, broadcast_message)
broadcast_thread.start()
@staticmethod
def __add_address_to_username(username):
address = urlparse(settings.OPENFIRE_ADDRESS).netloc.split(":")[0]
completed_username = username + "@" + address
return completed_username
@staticmethod
def __santatize_username(username):
sanatized = username.replace(" ", "_")
return sanatized.lower()
@staticmethod
def __generate_random_pass():
return ''.join([random.choice(string.ascii_letters + string.digits) for n in range(16)])
@staticmethod
def _sanitize_groupname(name):
name = name.strip(' _')
return re.sub('[^\w.-]', '', name)
@staticmethod
def add_user(username):
logger.debug("Adding username %s to openfire." % username)
try:
sanatized_username = OpenfireManager.__santatize_username(username)
password = OpenfireManager.__generate_random_pass()
api = ofUsers(settings.OPENFIRE_ADDRESS, settings.OPENFIRE_SECRET_KEY)
api.add_user(sanatized_username, password)
logger.info("Added openfire user %s" % username)
except exception.UserAlreadyExistsException:
# User exist
logger.error("Attempting to add a user %s to openfire which already exists on server." % username)
return "", ""
return sanatized_username, password
@staticmethod
def delete_user(username):
logger.debug("Deleting user %s from openfire." % username)
try:
api = ofUsers(settings.OPENFIRE_ADDRESS, settings.OPENFIRE_SECRET_KEY)
api.delete_user(username)
logger.info("Deleted user %s from openfire." % username)
return True
except exception.UserNotFoundException:
logger.error("Attempting to delete a user %s from openfire which was not found on server." % username)
return False
@staticmethod
def lock_user(username):
logger.debug("Locking openfire user %s" % username)
api = ofUsers(settings.OPENFIRE_ADDRESS, settings.OPENFIRE_SECRET_KEY)
api.lock_user(username)
logger.info("Locked openfire user %s" % username)
@staticmethod
def unlock_user(username):
logger.debug("Unlocking openfire user %s" % username)
api = ofUsers(settings.OPENFIRE_ADDRESS, settings.OPENFIRE_SECRET_KEY)
api.unlock_user(username)
logger.info("Unlocked openfire user %s" % username)
@staticmethod
def update_user_pass(username, password=None):
logger.debug("Updating openfire user %s password." % username)
try:
if not password:
password = OpenfireManager.__generate_random_pass()
api = ofUsers(settings.OPENFIRE_ADDRESS, settings.OPENFIRE_SECRET_KEY)
api.update_user(username, password=password)
logger.info("Updated openfire user %s password." % username)
return password
except exception.UserNotFoundException:
logger.error("Unable to update openfire user %s password - user not found on server." % username)
return ""
@staticmethod
def update_user_groups(username, groups):
logger.debug("Updating openfire user %s groups %s" % (username, groups))
api = ofUsers(settings.OPENFIRE_ADDRESS, settings.OPENFIRE_SECRET_KEY)
response = api.get_user_groups(username)
remote_groups = []
if response:
remote_groups = response['groupname']
if isinstance(remote_groups, six.string_types):
remote_groups = [remote_groups]
logger.debug("Openfire user %s has groups %s" % (username, remote_groups))
add_groups = []
del_groups = []
for g in groups:
g = OpenfireManager._sanitize_groupname(g)
if g not in remote_groups:
add_groups.append(g)
for g in remote_groups:
g = OpenfireManager._sanitize_groupname(g)
if g not in groups:
del_groups.append(g)
logger.info(
"Updating openfire groups for user %s - adding %s, removing %s" % (username, add_groups, del_groups))
if add_groups:
api.add_user_groups(username, add_groups)
if del_groups:
api.delete_user_groups(username, del_groups)
@staticmethod
def delete_user_groups(username, groups):
logger.debug("Deleting openfire groups %s from user %s" % (groups, username))
api = ofUsers(settings.OPENFIRE_ADDRESS, settings.OPENFIRE_SECRET_KEY)
api.delete_user_groups(username, groups)
logger.info("Deleted groups %s from openfire user %s" % (groups, username))
@staticmethod
def send_broadcast_message(group_name, broadcast_message):
logger.debug("Sending jabber ping to group %s with message %s" % (group_name, broadcast_message))
to_address = group_name + '@' + settings.BROADCAST_SERVICE_NAME + '.' + settings.JABBER_URL
xmpp = PingBot(settings.BROADCAST_USER, settings.BROADCAST_USER_PASSWORD, to_address, broadcast_message)
xmpp.register_plugin('xep_0030') # Service Discovery
xmpp.register_plugin('xep_0199') # XMPP Ping
if xmpp.connect():
xmpp.process(block=True)
logger.info("Sent jabber ping to group %s" % group_name)
else:
raise ValueError("Unable to connect to jabber server.")
class PingBot(sleekxmpp.ClientXMPP):
"""
A copy-paste of the example client bot from
http://sleekxmpp.com/getting_started/sendlogout.html
"""
def __init__(self, jid, password, recipient, message):
sleekxmpp.ClientXMPP.__init__(self, jid, password)
# The message we wish to send, and the JID that
# will receive it.
self.recipient = recipient
self.msg = message
# The session_start event will be triggered when
# the bot establishes its connection with the server
# and the XML streams are ready for use. We want to
# listen for this event so that we we can initialize
# our roster.
self.add_event_handler("session_start", self.start)
def start(self, event):
self.send_presence()
self.get_roster()
self.send_message(mto=self.recipient,
mbody=self.msg,
mtype='chat')
# Using wait=True ensures that the send queue will be
# emptied before ending the session.
self.disconnect(wait=True)
class XmppThread(threading.Thread):
def __init__(self, thread_id, name, counter, group, message, ):
threading.Thread.__init__(self)
self.threadID = thread_id
self.name = name
self.counter = counter
self.group = group
self.message = message
def run(self):
OpenfireManager.send_broadcast_message(self.group, self.message)

26
services/modules/openfire/migrations/0001_initial.py Normal file
View File

@@ -0,0 +1,26 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.2 on 2016-12-12 03:27
from __future__ import unicode_literals
from django.conf import settings
from django.db import migrations, models
import django.db.models.deletion
class Migration(migrations.Migration):
initial = True
dependencies = [
('auth', '0008_alter_user_username_max_length'),
]
operations = [
migrations.CreateModel(
name='OpenfireUser',
fields=[
('user', models.OneToOneField(on_delete=django.db.models.deletion.CASCADE, primary_key=True, related_name='openfire', serialize=False, to=settings.AUTH_USER_MODEL)),
('username', models.CharField(max_length=254)),
],
),
]

0
services/modules/openfire/migrations/__init__.py Normal file
View File

15
services/modules/openfire/models.py Normal file
View File

@@ -0,0 +1,15 @@
from __future__ import unicode_literals
from django.utils.encoding import python_2_unicode_compatible
from django.db import models
@python_2_unicode_compatible
class OpenfireUser(models.Model):
user = models.OneToOneField('auth.User',
primary_key=True,
on_delete=models.CASCADE,
related_name='openfire')
username = models.CharField(max_length=254)
def __str__(self):
return self.username

75
services/modules/openfire/tasks.py Normal file
View File

@@ -0,0 +1,75 @@
from __future__ import unicode_literals
import logging
from alliance_auth.celeryapp import app
from django.conf import settings
from django.core.exceptions import ObjectDoesNotExist
from django.contrib.auth.models import User
from notifications import notify
from services.modules.openfire.manager import OpenfireManager
from .models import OpenfireUser
logger = logging.getLogger(__name__)
class OpenfireTasks:
def __init__(self):
pass
@classmethod
def delete_user(cls, user, notify_user=False):
if cls.has_account(user):
logger.debug("User %s has jabber account %s. Deleting." % (user, user.openfire.username))
OpenfireManager.delete_user(user.openfire.username)
user.openfire.delete()
if notify_user:
notify(user, 'Jabber Account Disabled', level='danger')
return True
return False
@staticmethod
def has_account(user):
try:
return user.openfire.username != ''
except ObjectDoesNotExist:
return False
@staticmethod
def disable_jabber():
if settings.ENABLE_AUTH_JABBER:
logger.warn("ENABLE_AUTH_JABBER still True, after disabling users will still be able to create jabber accounts")
if settings.ENABLE_BLUE_JABBER:
logger.warn("ENABLE_BLUE_JABBER still True, after disabling blues will still be able to create jabber accounts")
logging.debug("Deleting all Openfire users")
OpenfireUser.objects.all().delete()
@staticmethod
@app.task(bind=True)
def update_groups(self, pk):
user = User.objects.get(pk=pk)
logger.debug("Updating jabber groups for user %s" % user)
if OpenfireTasks.has_account(user):
groups = []
for group in user.groups.all():
groups.append(str(group.name))
if len(groups) == 0:
groups.append('empty')
logger.debug("Updating user %s jabber groups to %s" % (user, groups))
try:
OpenfireManager.update_user_groups(user.openfire.username, groups)
except:
logger.exception("Jabber group sync failed for %s, retrying in 10 mins" % user)
raise self.retry(countdown=60 * 10)
logger.debug("Updated user %s jabber groups." % user)
else:
logger.debug("User does not have an openfire account")
@staticmethod
@app.task
def update_all_groups():
logger.debug("Updating ALL jabber groups")
for openfire_user in OpenfireUser.objects.exclude(username__exact=''):
OpenfireTasks.update_groups.delay(openfire_user.user.pk)

207
services/modules/openfire/tests.py Normal file
View File

@@ -0,0 +1,207 @@
from __future__ import unicode_literals
try:
# Py3
from unittest import mock
except ImportError:
# Py2
import mock
from django.test import TestCase, RequestFactory
from django.conf import settings
from django import urls
from django.contrib.auth.models import User
from django.core.exceptions import ObjectDoesNotExist
from alliance_auth.tests.auth_utils import AuthUtils
from .auth_hooks import OpenfireService
from .models import OpenfireUser
from .tasks import OpenfireTasks
MODULE_PATH = 'services.modules.openfire'
class OpenfireHooksTestCase(TestCase):
def setUp(self):
self.member = 'member_user'
member = AuthUtils.create_member(self.member)
OpenfireUser.objects.create(user=member, username=self.member)
self.blue = 'blue_user'
blue = AuthUtils.create_blue(self.blue)
OpenfireUser.objects.create(user=blue, username=self.blue)
self.none_user = 'none_user'
none_user = AuthUtils.create_user(self.none_user)
self.service = OpenfireService
def test_has_account(self):
member = User.objects.get(username=self.member)
blue = User.objects.get(username=self.blue)
none_user = User.objects.get(username=self.none_user)
self.assertTrue(OpenfireTasks.has_account(member))
self.assertTrue(OpenfireTasks.has_account(blue))
self.assertFalse(OpenfireTasks.has_account(none_user))
def test_service_enabled(self):
service = self.service()
member = User.objects.get(username=self.member)
blue = User.objects.get(username=self.blue)
none_user = User.objects.get(username=self.none_user)
self.assertTrue(service.service_enabled_members())
self.assertTrue(service.service_enabled_blues())
self.assertEqual(service.service_active_for_user(member), settings.ENABLE_AUTH_JABBER)
self.assertEqual(service.service_active_for_user(blue), settings.ENABLE_BLUE_JABBER)
self.assertFalse(service.service_active_for_user(none_user))
@mock.patch(MODULE_PATH + '.tasks.OpenfireManager')
def test_update_all_groups(self, manager):
service = self.service()
service.update_all_groups()
# Check member and blue user have groups updated
self.assertTrue(manager.update_user_groups.called)
self.assertEqual(manager.update_user_groups.call_count, 2)
def test_update_groups(self):
# Check member has Member group updated
with mock.patch(MODULE_PATH + '.tasks.OpenfireManager') as manager:
service = self.service()
member = User.objects.get(username=self.member)
service.update_groups(member)
self.assertTrue(manager.update_user_groups.called)
args, kwargs = manager.update_user_groups.call_args
user_id, groups = args
self.assertIn(settings.DEFAULT_AUTH_GROUP, groups)
self.assertEqual(user_id, member.openfire.username)
# Check none user does not have groups updated
with mock.patch(MODULE_PATH + '.tasks.OpenfireManager') as manager:
service = self.service()
none_user = User.objects.get(username=self.none_user)
service.update_groups(none_user)
self.assertFalse(manager.update_user_groups.called)
@mock.patch(MODULE_PATH + '.tasks.OpenfireManager')
def test_validate_user(self, manager):
service = self.service()
# Test member is not deleted
member = User.objects.get(username=self.member)
service.validate_user(member)
self.assertTrue(member.openfire)
# Test none user is deleted
none_user = User.objects.get(username=self.none_user)
OpenfireUser.objects.create(user=none_user, username='abc123')
service.validate_user(none_user)
self.assertTrue(manager.delete_user.called)
with self.assertRaises(ObjectDoesNotExist):
none_openfire = User.objects.get(username=self.none_user).openfire
@mock.patch(MODULE_PATH + '.tasks.OpenfireManager')
def test_delete_user(self, manager):
member = User.objects.get(username=self.member)
service = self.service()
result = service.delete_user(member)
self.assertTrue(result)
self.assertTrue(manager.delete_user.called)
with self.assertRaises(ObjectDoesNotExist):
openfire_user = User.objects.get(username=self.member).openfire
def test_render_services_ctrl(self):
service = self.service()
member = User.objects.get(username=self.member)
request = RequestFactory().get('/en/services/')
request.user = member
response = service.render_services_ctrl(request)
self.assertTemplateUsed(service.service_ctrl_template)
self.assertIn(urls.reverse('auth_deactivate_openfire'), response)
self.assertIn(urls.reverse('auth_reset_openfire_password'), response)
self.assertIn(urls.reverse('auth_set_openfire_password'), response)
# Test register becomes available
member.openfire.delete()
member = User.objects.get(username=self.member)
request.user = member
response = service.render_services_ctrl(request)
self.assertIn(urls.reverse('auth_activate_openfire'), response)
class OpenfireViewsTestCase(TestCase):
def setUp(self):
self.member = AuthUtils.create_member('auth_member')
self.member.set_password('password')
self.member.email = 'auth_member@example.com'
self.member.save()
AuthUtils.add_main_character(self.member, 'auth_member', '12345', corp_id='111', corp_name='Test Corporation')
def login(self):
self.client.login(username=self.member.username, password='password')
@mock.patch(MODULE_PATH + '.tasks.OpenfireManager')
@mock.patch(MODULE_PATH + '.views.OpenfireManager')
def test_activate(self, manager, tasks_manager):
self.login()
expected_username = 'auth_member'
manager.add_user.return_value = (expected_username, 'abc123')
response = self.client.get(urls.reverse('auth_activate_openfire'))
self.assertTrue(manager.add_user.called)
self.assertTrue(tasks_manager.update_user_groups.called)
self.assertEqual(response.status_code, 200)
self.assertTemplateUsed('registered/service_credentials.html')
self.assertContains(response, expected_username)
openfire_user = OpenfireUser.objects.get(user=self.member)
self.assertEqual(openfire_user.username, expected_username)
@mock.patch(MODULE_PATH + '.tasks.OpenfireManager')
def test_deactivate(self, manager):
self.login()
OpenfireUser.objects.create(user=self.member, username='some member')
response = self.client.get(urls.reverse('auth_deactivate_openfire'))
self.assertTrue(manager.delete_user.called)
self.assertRedirects(response, expected_url=urls.reverse('auth_services'), target_status_code=200)
with self.assertRaises(ObjectDoesNotExist):
openfire_user = User.objects.get(pk=self.member.pk).openfire
@mock.patch(MODULE_PATH + '.views.OpenfireManager')
def test_set_password(self, manager):
self.login()
OpenfireUser.objects.create(user=self.member, username='some member')
response = self.client.post(urls.reverse('auth_set_openfire_password'), data={'password': '1234asdf'})
self.assertTrue(manager.update_user_pass.called)
args, kwargs = manager.update_user_pass.call_args
self.assertEqual(kwargs['password'], '1234asdf')
self.assertRedirects(response, expected_url=urls.reverse('auth_services'), target_status_code=200)
@mock.patch(MODULE_PATH + '.views.OpenfireManager')
def test_reset_password(self, manager):
self.login()
OpenfireUser.objects.create(user=self.member, username='some member')
manager.update_user_pass.return_value = 'hunter2'
response = self.client.get(urls.reverse('auth_reset_openfire_password'))
self.assertTemplateUsed(response, 'registered/service_credentials.html')
self.assertContains(response, 'some member')
self.assertContains(response, 'hunter2')
class OpenfireManagerTestCase(TestCase):
def setUp(self):
from .manager import OpenfireManager
self.manager = OpenfireManager
def test_generate_random_password(self):
password = self.manager._OpenfireManager__generate_random_pass()
self.assertEqual(len(password), 16)
self.assertIsInstance(password, type(''))

28
services/modules/openfire/urls.py Normal file
View File

@@ -0,0 +1,28 @@
from __future__ import unicode_literals
from django.conf.urls import url, include
from django.conf.urls.i18n import i18n_patterns
from django.utils.translation import ugettext_lazy as _
from . import views
module_urls = [
# Jabber Service Control
url(r'^activate/$', views.activate_jabber, name='auth_activate_openfire'),
url(r'^deactivate/$', views.deactivate_jabber, name='auth_deactivate_openfire'),
url(r'^reset_password/$', views.reset_jabber_password, name='auth_reset_openfire_password'),
]
module_i18n_urls = [
url(_(r'^set_password/$'), views.set_jabber_password, name='auth_set_openfire_password'),
]
urlpatterns = [
url(r'^openfire/', include(module_urls))
]
urlpatterns += i18n_patterns(
# Jabber Broadcast
url(_(r'^services/jabber_broadcast/$'), views.jabber_broadcast_view, name='auth_jabber_broadcast_view'),
# Jabber
url(r'openfire/', include(module_i18n_urls))
)

160
services/modules/openfire/views.py Normal file
View File

@@ -0,0 +1,160 @@
from __future__ import unicode_literals
from django.contrib import messages
from django.contrib.auth.decorators import login_required, permission_required
from django.contrib.auth.models import Group
from django.shortcuts import render, redirect
from authentication.decorators import members_and_blues
from eveonline.managers import EveManager
from eveonline.models import EveCharacter
from services.forms import ServicePasswordForm
from .manager import OpenfireManager
from .tasks import OpenfireTasks
from .forms import JabberBroadcastForm
from .models import OpenfireUser
import datetime
import logging
logger = logging.getLogger(__name__)
@login_required
@members_and_blues()
def activate_jabber(request):
logger.debug("activate_jabber called by user %s" % request.user)
character = EveManager.get_main_character(request.user)
logger.debug("Adding jabber user for user %s with main character %s" % (request.user, character))
info = OpenfireManager.add_user(character.character_name)
# If our username is blank means we already had a user
if info[0] is not "":
OpenfireUser.objects.update_or_create(user=request.user, defaults={'username': info[0]})
logger.debug("Updated authserviceinfo for user %s with jabber credentials. Updating groups." % request.user)
OpenfireTasks.update_groups.delay(request.user.pk)
logger.info("Successfully activated jabber for user %s" % request.user)
messages.success(request, 'Activated jabber account.')
credentials = {
'username': info[0],
'password': info[1],
}
return render(request, 'registered/service_credentials.html',
context={'credentials': credentials, 'service': 'Jabber'})
else:
logger.error("Unsuccessful attempt to activate jabber for user %s" % request.user)
messages.error(request, 'An error occurred while processing your jabber account.')
return redirect("auth_services")
@login_required
@members_and_blues()
def deactivate_jabber(request):
logger.debug("deactivate_jabber called by user %s" % request.user)
if OpenfireTasks.has_account(request.user) and OpenfireTasks.delete_user(request.user):
logger.info("Successfully deactivated jabber for user %s" % request.user)
messages.success(request, 'Deactivated jabber account.')
else:
logger.error("Unsuccessful attempt to deactivate jabber for user %s" % request.user)
messages.error(request, 'An error occurred while processing your jabber account.')
return redirect("auth_services")
@login_required
@members_and_blues()
def reset_jabber_password(request):
logger.debug("reset_jabber_password called by user %s" % request.user)
if OpenfireTasks.has_account(request.user):
result = OpenfireManager.update_user_pass(request.user.openfire.username)
# If our username is blank means we failed
if result != "":
logger.info("Successfully reset jabber password for user %s" % request.user)
messages.success(request, 'Reset jabber password.')
credentials = {
'username': request.user.openfire.username,
'password': result,
}
return render(request, 'registered/service_credentials.html',
context={'credentials': credentials, 'service': 'Jabber'})
logger.error("Unsuccessful attempt to reset jabber for user %s" % request.user)
messages.error(request, 'An error occurred while processing your jabber account.')
return redirect("auth_services")
@login_required
@permission_required('auth.jabber_broadcast')
def jabber_broadcast_view(request):
logger.debug("jabber_broadcast_view called by user %s" % request.user)
allchoices = []
if request.user.has_perm('auth.jabber_broadcast_all'):
allchoices.append(('all', 'all'))
for g in Group.objects.all():
allchoices.append((str(g.name), str(g.name)))
else:
for g in request.user.groups.all():
allchoices.append((str(g.name), str(g.name)))
if request.method == 'POST':
form = JabberBroadcastForm(request.POST)
form.fields['group'].choices = allchoices
logger.debug("Received POST request containing form, valid: %s" % form.is_valid())
if form.is_valid():
main_char = EveManager.get_main_character(request.user)
logger.debug("Processing jabber broadcast for user %s with main character %s" % (request.user, main_char))
if main_char is not None:
message_to_send = form.cleaned_data[
'message'] + "\n##### SENT BY: " + "[" + main_char.corporation_ticker + "]" + \
main_char.character_name + " TO: " + \
form.cleaned_data['group'] + " WHEN: " + datetime.datetime.utcnow().strftime(
"%Y-%m-%d %H:%M:%S") + " #####\n##### Replies are NOT monitored #####\n"
group_to_send = form.cleaned_data['group']
OpenfireManager.send_broadcast_threaded(group_to_send, message_to_send, )
else:
message_to_send = form.cleaned_data[
'message'] + "\n##### SENT BY: " + "No character but can send pings?" + " TO: " + \
form.cleaned_data['group'] + " WHEN: " + datetime.datetime.utcnow().strftime(
"%Y-%m-%d %H:%M:%S") + " #####\n##### Replies are NOT monitored #####\n"
group_to_send = form.cleaned_data['group']
OpenfireManager.send_broadcast_threaded(group_to_send, message_to_send, )
messages.success(request, 'Sent jabber broadcast to %s' % group_to_send)
logger.info("Sent jabber broadcast on behalf of user %s" % request.user)
else:
form = JabberBroadcastForm()
form.fields['group'].choices = allchoices
logger.debug("Generated broadcast form for user %s containing %s groups" % (
request.user, len(form.fields['group'].choices)))
context = {'form': form}
return render(request, 'registered/jabberbroadcast.html', context=context)
@login_required
@members_and_blues()
def set_jabber_password(request):
logger.debug("set_jabber_password called by user %s" % request.user)
if request.method == 'POST':
logger.debug("Received POST request with form.")
form = ServicePasswordForm(request.POST)
logger.debug("Form is valid: %s" % form.is_valid())
if form.is_valid() and OpenfireTasks.has_account(request.user):
password = form.cleaned_data['password']
logger.debug("Form contains password of length %s" % len(password))
result = OpenfireManager.update_user_pass(request.user.openfire.username, password=password)
if result != "":
logger.info("Successfully set jabber password for user %s" % request.user)
messages.success(request, 'Set jabber password.')
else:
logger.error("Failed to install custom jabber password for user %s" % request.user)
messages.error(request, 'An error occurred while processing your jabber account.')
return redirect("auth_services")
else:
logger.debug("Request is not type POST - providing empty form.")
form = ServicePasswordForm()
logger.debug("Rendering form for user %s" % request.user)
context = {'form': form, 'service': 'Jabber'}
return render(request, 'registered/service_password.html', context=context)

0
services/modules/phpbb3/__init__.py Normal file
View File

10
services/modules/phpbb3/admin.py Normal file
View File

@@ -0,0 +1,10 @@
from __future__ import unicode_literals
from django.contrib import admin
from .models import Phpbb3User
class Phpbb3UserAdmin(admin.ModelAdmin):
list_display = ('user', 'username')
search_fields = ('user__username', 'username')
admin.site.register(Phpbb3User, Phpbb3UserAdmin)

7
services/modules/phpbb3/apps.py Normal file
View File

@@ -0,0 +1,7 @@
from __future__ import unicode_literals
from django.apps import AppConfig
class Phpbb3ServiceConfig(AppConfig):
name = 'phpbb3'

Some files were not shown because too many files have changed in this diff Show More