Mathis/allianceauth
1
0
Fork 0
mirror of https://gitlab.com/allianceauth/allianceauth.git synced 2025-12-18 23:05:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

Enforce unique AuthServicesInfo (#618)

Browse Source 
Alter user field to OneToOneField
Migration to enforce uniqueness pre-change
Migration to ensure all users have an AuthServicesInfo
Receiver to automatically create one upon user creation
Replace AuthServicesInfo.get_or_create with get
Prevent deletion of AuthServicesInfo from admin site
Remove add and delete permissions from model.

Get character names in chunks on corpstats update to prevent HTTP400 when requesting >350(ish) names

Include corpstats docs.
Update settings docs.
This commit is contained in:
Adarnof
2017-01-11 21:48:20 -05:00
committed by GitHub
parent 33c2ba9bca
commit 8360371ab7
26 changed files with 406 additions and 129 deletions
Download Patch File Download Diff File Expand all files Collapse all files

133
docs/features/corpstats.md Normal file
View File

@@ -0,0 +1,133 @@
# Corp Stats
This module is used to check the registration status of corp members and to determine character relationships, being mains or alts.
## Creating a Corp Stats
Upon initial install, nothing will be visible. For every corp, a model will have to be created before data can be viewed.
![nothing is visible](http://i.imgur.com/va3DyT6.png)
If you are a superuser, the add button will be immediate visible to you. If not, your user account requires the `add_corpstats` permission.
Corp Stats requires an EVE SSO token to access data from the EVE Swagger Interface. Upon pressing the Add button, you will be prompted to authenticated. Please select the character who is in the corp you want data for.
![authorize from the EVE site](http://i.imgur.com/OnyoOAZ.png)
You will return to auth where you are asked to select a token with the green arrow button. If you want to use a different character, press the `LOG IN with EVE Online` button.
![select an SSO token to create with](http://i.imgur.com/KdA0XH0.png)
If this works (and you have permission to view the Corp Stats you just created) you'll be returned to a view of the Corp Stats.
If it fails an error message will be displayed.
## Corp Stats View
### Navigation Bar
![navigation bar](http://i.imgur.com/2l9gbml.png)
This bar contains a dropdown menu of all available corps. If the user has the `add_corpstats` permission, a button to add a Corp Stats will be shown.
On the right of this bar is a search field. Press enter to search. It checks all characters in all Corp Stats you have view permission to and returns search results. Generic searches (such as 'a') will be slow.
### API Index
![API Index](http://i.imgur.com/P1U2WJ2.png)
This is a visual indication of the number of registered characters.
### Last Update
![last update and update button](http://i.imgur.com/yHbueGK.png)
Corp Stats do not automatically update. They update once upon creation for initial data, and whenever someone presses the update button.
Only superusers and the creator of the Corp Stat can update it.
### Member List
![member list](http://i.imgur.com/udEVoSh.png)
The list contains all characters in the corp. Red backgrounds means they are not registered in auth. If registered, and the user has the required permission to view APIs, a link to JackKnife will be present.
A link to zKillboard is present for all characters.
If registered, the character will also have a main character, main corporation, and main alliance field.
This view is paginated: use the navigation arrows to view more pages (sorted alphabetically by character name), or search for a specific character.
![pagination buttons](http://i.imgur.com/otcPGsU.png)
## Search View
![search results](http://i.imgur.com/7wf0Q2C.png)
This view is essentially the same as the Corp Stats page, but not specific to a single corp.
The search query is visible in the search box.
Characters from all Corp Stats to which the user has view access will be displayed. APIs respect permissions.
This view is paginated: use the navigation arrows to view more pages (sorted alphabetically by character name).
## Permissions
To use this feature, users will require some of the following:
```eval_rst
+---------------------------------------+------------------+----------------------------------------------------+
| Permission | Admin Site | Auth Site |
+=======================================+==================+====================================================+
| corpstats.corp_apis | None | Can view API keys of members of their corporation. |
+---------------------------------------+------------------+----------------------------------------------------+
| corpstats.alliance_apis | None | Can view API keys of members of their alliance. |
+---------------------------------------+------------------+----------------------------------------------------+
| corpstats.blue_apis | None | Can view API keys of members of blue corporations. |
----------------------------------------+------------------+----------------------------------------------------+
| corpstats.view_corp_corpstats | None | Can view corp stats of their corporation. |
+---------------------------------------+------------------+----------------------------------------------------+
| corpstats.view_alliance_corpstats | None | Can view corp stats of members of their alliance. |
+---------------------------------------+------------------+----------------------------------------------------+
| corpstats.view_blue_corpstats | None | Can view corp stats of blue corporations. |
+---------------------------------------+------------------+----------------------------------------------------+
| corpstats.add_corpstats | Can create model | Can add new corpstats using an SSO token. |
+---------------------------------------+------------------+----------------------------------------------------+
| corpstats.change_corpstats | Can edit model | None. |
+---------------------------------------+------------------+----------------------------------------------------+
| corpstats.remove_corpstats | Can delete model | None. |
+---------------------------------------+------------------+----------------------------------------------------+
```
Typical use-cases would see the bundling of `corp_apis` and `view_corp_corpstats`, same for alliances and blues.
Alliance permissions supersede corp permissions. Note that these evaluate against the user's main character.
## Troubleshooting
### Failure to create Corp Stats
>Unrecognized corporation. Please ensure it is a member of the alliance or a blue.
Corp Stats can only be created for corporations who have a model in the database. These only exist for tenant corps,
corps of tenant alliances, blue corps, and members of blue alliances.
>Selected corp already has a statistics module.
Only one Corp Stats may exist at a time for a given corporation.
>Failed to gather corporation statistics with selected token.
During initial population, the EVE Swagger Interface did not return any member data. This aborts the creation process. Please wait for the API to start working before attempting to create again.
### Failure to update Corp Stats
Any of the following errors will result in a notification to the owning user, and deletion of the Corp Stats model.
>Your token has expired or is no longer valid. Please add a new one to create a new CorpStats.
This occurs when the SSO token is invalid, which can occur when deleted by the user, the character is transferred between accounts, or the API is having a bad day.
>CorpStats for corp_name cannot update with your ESI token as you have left corp.
The SSO token's character is no longer in the corp which the Corp Stats is for, and therefore membership data cannot be retrieved.
>HTTPForbidden
The SSO token lacks the required scopes to update membership data.

1
docs/features/index.md
View File

@@ -6,4 +6,5 @@
:caption: Contents
hrapplications
corpstats
```

108
docs/installation/auth/settings.md
View File

@@ -16,41 +16,35 @@ They're handled as strings because when settings are exported from shell command
When changing these booleans, edit the setting within the brackets (eg `('AA_MEMBER_CORP_GROUPS', 'True')` vs `('AA_MEMBER_CORP_GROUPS', 'False')`) and not the `True` earlier in the statement. Otherwise these will have unexpected behaviours.
## Fields to Modify
# Fields to Modify
### Required
## Required
- [SECRET_KEY](#secret_key)
- Use [this tool](http://www.miniwebtool.com/django-secret-key-generator/) to generate a key on initial install
- [DEBUG](#debug)
- If issues are encountered, set this to `True` to view a more detailed error report, otherwise set `False`
- [ALLOWED_HOSTS](#allowed_hosts)
- This restricts web addresses auth will answer to. Separate with commas.
- Should include localhost `127.0.0.1` and `yourdomain.com`
- To allow from all, include `'*'`
- [DATABASES](#databases)
- Fill out the database name and user credentials to manage the auth database.
- [IS_CORP](#is_corp)
- Set to `True` to run in corp mode, or `False` to run in alliance mode
- [DOMAIN](#domain)
- Set to the domain name AllianceAuth will be accessible under
- [EMAIL_HOST_USER](#email_host_user)
- Username to send emails from. If gmail account, the full gmail address.
- [EMAIL_HOST_PASSWORD](#email_host_password)
- Password for the email user.
- [CORP_ID](#corp_id)
- If running in corp mode, set to the corp ID of the owning corp.
- [CORP_NAME](#corp_name)
- If running in corp mode, set to the name of the owning corp.
- [ALLIANCE_ID](#alliance_id)
- If running in alliance mode, set to the alliance ID of the owning alliance.
- [ALLIANCE_NAME](#alliance_name)
- If running in alliance mode, set to the name of the owning alliance.
- [MEMBER_API_MASK](#member_api_mask)
- Set the minimum access mask for member API keys.
- [MEMBER_API_ACCOUNT](#member_api_account)
- Set to `True` to require member API keys be account keys.
- [BLUE_API_MASK](#blue_api_mask)
- Set the minimum access mask for blue API keys.
- [BLUE_API_ACCOUNT](#blue_api_account)
- Set to `True` to require blue API keys be account keys.
- [CORP_IDS](#corp_ids)
- List of corp IDs who are members. Exclude if their alliance is in `ALLIANCE_IDS`
- [ALLIANCE_IDS](#alliance_ids)
- List of alliance IDs who are members.
- [ESI_SSO_CLIENT_ID](#esi_sso_client_id)
- EVE application ID from the developers site. See the [SSO Configuration Instruction](#ESI_SSO_CLIENT_ID)
- [ESI_SSO_CLIENT_SECRET](#esi_sso_client_secret)
- EVE application secret from the developers site.
- [ESI_SSO_CALLBACK_URL](#esi_sso_callback_url)
- OAuth callback URL. Should be `https://mydomain.com/sso/callback`
## Services
### Member Services
@@ -130,6 +124,7 @@ If connecting to Discourse, set the following
- [DISCOURSE_URL](#discourse_url)
- [DISCOURSE_API_USERNAME](#discourse_api_username)
- [DISCOURSE_API_KEY](#discourse_api_key)
- [DISCOURSE_SSO_SECRET](#discourse_sso_secret)
### IPSuite4
If using IPSuite4 (aka IPBoard4) the following are required:
@@ -184,9 +179,6 @@ Absolute URL to serve static files from.
Root folder to store static files in.
### SUPERUSER_STATE_BYPASS
Overrides superuser account states to always return True on membership tests. If issues are encountered, or you want to test access to certain portions of the site, set to False to disable.
## ALLIANCE / CORP TOGGLE
### IS_CORP
Used to determine the criteria used for member and blue validation, either requiring membership in the corp or alliance specified later, and being a standing of the corp or alliance specified later.
## EMAIL SETTINGS
### DOMAIN
The URL to which emails will link.
@@ -195,11 +187,11 @@ The host address of the email server.
### EMAIL_PORT
The host port of the email server.
### EMAIL_HOST_USER
The username to authenticate as on the email server.
The username to authenticate as on the email server. For GMail, this is the full address.
### EMAIL_HOST_PASSWORD
The password of the user used to authenticate on the email server.
### EMAIL_USE_TLS
Enable TLS connections to the email server.
Enable TLS connections to the email server. Default is True.
## Front Page Links
### KILLBOARD_URL
Link to a killboard.
@@ -207,13 +199,15 @@ Link to a killboard.
Link to another media site, eg YouTube channel.
### FORUM_URL
Link to forums. Also used as the phpbb3 URL if enabled.
### SITE_NAME
Name to show in the top-left corner of auth.
## SSO Settings
If defined below, a `LOG IN WITH EVE ONLINE` button will be present on the login page. This allows registered users to log in as their characters instead of username/password.
### EVE_SSO_CLIENT_ID
An application will need to be created on the developers site. Please select `Authenticated API Access`, and choose all scopes starting with `esi`.
### ESI_SSO_CLIENT_ID
The application cliend ID generated from the [developers site.](https://developers.eveonline.com)
### EVE_SSO_CLIENT_SECRET
### ESI_SSO_CLIENT_SECRET
The application secret key generated from the [developers site.](https://developers.eveonline.com)
### EVE_SSO_CALLBACK_URL
### ESI_SSO_CALLBACK_URL
The callback URL for authentication handshake. Should be `https://mydomain.com/sso/callback`.
## Default Group Settings
### DEFAULT_AUTH_GROUP
@@ -276,20 +270,22 @@ Allow blues of the owning corp or alliance to generate accounts on a SMF install
Allow blues of the owning corp or alliance to generate accounts on an alliance market install.
### ENABLE_BLUE_XENFORO
Allow blues of the owning corp or alliance to generate accounts on a XenForo install.
## Corp Configuration
### CORP_ID
EVE corp ID of the owning corp, if `IS_CORP` is set to `True`
## CORP_NAME
Name of the owning corp, if `IS_CORP` is set to `True`
## CORP_API_ID
## Tenant Configuration
Characters of any corp or alliance with their ID here will be treated as a member.
### CORP_IDS
EVE corp IDs of member corps. Separate with a comma.
### ALLIANCE_IDS
EVE alliance IDs of member alliances. Separate with a comma.
## Standings Configuration
To allow blues to access auth, standings must be pulled from a corp-level API. This API needs access mask 16 (ContactList).
### CORP_API_ID
The ID of an API key for a corp from which to pull standings, if desired. Needed for blues to gain access.
## CORP_API_VCODE
### CORP_API_VCODE
The verification code of an API key for a corp from which to pull standings, if desired. Needed for blues to gain access.
## Alliance Configuration
### ALLIANCE_ID
EVE alliance ID of the owning alliance, if `IS_CORP` is set to `False`
### ALLIANCE_NAME
Name of the owning alliance, if `IS_CORP` is set to `False`
### BLUE_STANDING
The minimum standing value to consider blue. Default is 5.0
### STANDING_LEVEL
Standings from the API come at two levels: `corp` and `alliance`. Select which level to consider here.
## API Configuration
### MEMBER_API_MASK
Required access mask for members' API keys to be considered valid.
@@ -303,10 +299,28 @@ If `True`, require API keys from blues to be account-wide, not character-restric
Require each submitted API be newer than the latest submitted API. Protects against recycled or stolen API keys.
### REJECT_OLD_APIS_MARGIN
Allows newly submitted APIs to have their ID this value lower than the highest API ID on record and still be accepted. Default is 50, 0 is safest.
## EVE Provider Settings
Data about EVE objects (characters, corps, alliances) can come from two sources: the XML API or the EVE Swagger Interface.
These settings define the default source.
For most situations, the EVE Swagger Interface is best. But if it goes down or experiences issues, these can be reverted to the XML API.
Accepted values are `esi` and `xml`.
### EVEONLINE_CHARACTER_PROVIDER
The default data source to get character information. Default is `esi`
### EVEONLINE_CORP_PROVIDER
The default data source to get corporation information. Default is `esi`
### EVEONLINE_ALLIANCE_PROVIDER
The default data source to get alliance information. Default is `esi`
## Alliance Market
### MARKET_URL
The web address to access the Evernus Alliance Market application.
### MARKET_DB
The Evernus Alliance Market database connection information.
## HR Configuration
### JACK_KNIFE_URL
Link to an install of [eve-jackknife](https://code.google.com/archive/p/eve-jackknife/)
## Forum Configuration
## IPBoard3 Configuration
### IPBOARD_ENDPOINT
URL to the `index.php` file of a IPBoard install's API server.
### IPBOARD_APIKEY
@@ -340,6 +354,8 @@ Name of the broadcast service running on an Openfire install. Usually `broadcast
## Mumble Configuration
### MUMBLE_URL
Address to instruct members to connect their Mumble clients to.
### MUMBLE_SERVER_ID
Depreciated. We're too scared to delete it.
## Teamspeak3 Configuration
### TEAMSPEAK3_SERVER_IP
IP of a Teamspeak3 server on which to manage users. Usually `127.0.0.1`
@@ -375,11 +391,13 @@ The web address of the Discourse server to direct users to.
Username of the account which generated the API key on Discourse.
### DISCOURSE_API_KEY
API key defined on Discourse.
### DISCOURSE_SSO_SECRET
The SSO secret key defined on Discourse.
## IPS4 Configuration
### IPS4_URL
URL of the IPSuite4 install to direct users to.
### IPS4_API_KEY
Depreciated.
Depreciated. We're too scared to delete it.
### IPS4_DB
The database connection to manage users on.
## SMF Configuration
@@ -398,3 +416,7 @@ API ID as [defined on Fleet-Up.](http://fleet-up.com/Api/MyKeys)
The group ID from which to pull data. Can be [retrieved from Fleet-Up](http://fleet-up.com/Api/Endpoints#groups_mygroupmemberships)
## Logging Configuration
This section is used to manage how logging messages are processed.
To turn off logging notifications, change the `handlers` `notifications` `class` to `logging.NullHandler`
## Everything below logging is magic. Do Not Touch