Mathis/allianceauth
1
0
Fork 0
mirror of https://gitlab.com/allianceauth/allianceauth.git synced 2026-02-04 14:16:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: Mathis:v1.14.3
Branches Tags
Mathis:master Mathis:v5.x Mathis:v4.x Mathis:djangomumble Mathis:v3.x Mathis:v2.x Mathis:modular Mathis:v1.x
Mathis:v4.12.0 Mathis:v4.11.2 Mathis:v4.11.1 Mathis:v4.11.0 Mathis:v4.10.0 Mathis:v4.9.0 Mathis:v4.8.0 Mathis:v4.7.0 Mathis:v5.0.0a3 Mathis:v5.0.0a1 Mathis:v4.6.4 Mathis:v4.6.2a Mathis:v4.6.1 Mathis:v4.6.0 Mathis:v4.5.0 Mathis:v4.4.2 Mathis:v4.4.0 Mathis:v4.3.1 Mathis:v4.3.0 Mathis:v4.2.2 Mathis:v4.2.1 Mathis:v4.2.0 Mathis:v4.1.0 Mathis:v4.0.2 Mathis:v4.0.1 Mathis:v4.0.0 Mathis:v4.0.0rc1 Mathis:v4.0.0b2 Mathis:v4.0.0b1 Mathis:v3.8.1 Mathis:v4.0.0a5 Mathis:v4.0.0a4 Mathis:v3.8.0 Mathis:v4.0.0a3 Mathis:v4.0.0a2 Mathis:v3.7.1 Mathis:v4.0.0a1 Mathis:v3.7.0 Mathis:v3.6.1 Mathis:v3.6.0 Mathis:v3.5.1 Mathis:v3.5.0 Mathis:v3.4.0 Mathis:v3.3.0 Mathis:v3.2.0 Mathis:v3.1.1 Mathis:v3.1.0 Mathis:v3.0.0 Mathis:v2.15.1 Mathis:v2.15.0 Mathis:v2.14.0 Mathis:v3.0.0b3 Mathis:v3.0.0b2 Mathis:v3.0.0b1 Mathis:v2.13.0 Mathis:v3.0.0a5 Mathis:v2.12.1 Mathis:v2.12.0 Mathis:v2.11.2 Mathis:v2.11.1 Mathis:v2.11.0 Mathis:v3.0.0a1 Mathis:v2.10.1 Mathis:v2.10.0 Mathis:v2.9.4 Mathis:v2.9.3 Mathis:v2.9.2 Mathis:v2.9.1 Mathis:v2.9.0 Mathis:v2.8.8 Mathis:v2.9.0b1 Mathis:v2.8.7 Mathis:v2.9.0a4 Mathis:v2.8.6 Mathis:v2.8.5 Mathis:v2.9.0a2 Mathis:v2.9.0a1 Mathis:v2.8.4 Mathis:v2.8.3 Mathis:v2.8.2 Mathis:v2.8.1 Mathis:v2.8.0 Mathis:v2.8.0a2 Mathis:v2.8.0a1 Mathis:v2.7.5 Mathis:v2.7.4 Mathis:v2.7.3 Mathis:v2.7.2 Mathis:v2.7.1 Mathis:v2.7.0 Mathis:v2.6.6a10 Mathis:v2.6.6a9 Mathis:v2.6.5 Mathis:v2.6.4 Mathis:v2.6.3 Mathis:v2.6.2 Mathis:v2.6.1 Mathis:v.2.6.0 Mathis:v2.5.1 Mathis:v2.5.0 Mathis:v2.4.0 Mathis:v2.3.0 Mathis:v2.2.2 Mathis:v2.2.1 Mathis:v2.2.0 Mathis:v2.1.1 Mathis:v2.1.0 Mathis:v2.1b1 Mathis:v2.0.5 Mathis:v2.0.4 Mathis:v2.0.3 Mathis:v2.0.2 Mathis:v2.0.1 Mathis:v2.0.0 Mathis:v1.15.8 Mathis:v2.0b3 Mathis:v1.15.7 Mathis:v2.0b2 Mathis:v2.0b1 Mathis:v1.15.6 Mathis:v1.15.5 Mathis:v1.15.4 Mathis:v1.15.3 Mathis:v1.15.2 Mathis:v1.15.1 Mathis:v1.15.0 Mathis:v1.14.3 Mathis:v1.14.2 Mathis:v1.14.1 Mathis:v1.14 Mathis:v1.13
..
compare: Mathis:v1.15.1
Branches Tags
Mathis:master Mathis:v5.x Mathis:v4.x Mathis:djangomumble Mathis:v3.x Mathis:v2.x Mathis:modular Mathis:v1.x
Mathis:v4.12.0 Mathis:v4.11.2 Mathis:v4.11.1 Mathis:v4.11.0 Mathis:v4.10.0 Mathis:v4.9.0 Mathis:v4.8.0 Mathis:v4.7.0 Mathis:v5.0.0a3 Mathis:v5.0.0a1 Mathis:v4.6.4 Mathis:v4.6.2a Mathis:v4.6.1 Mathis:v4.6.0 Mathis:v4.5.0 Mathis:v4.4.2 Mathis:v4.4.0 Mathis:v4.3.1 Mathis:v4.3.0 Mathis:v4.2.2 Mathis:v4.2.1 Mathis:v4.2.0 Mathis:v4.1.0 Mathis:v4.0.2 Mathis:v4.0.1 Mathis:v4.0.0 Mathis:v4.0.0rc1 Mathis:v4.0.0b2 Mathis:v4.0.0b1 Mathis:v3.8.1 Mathis:v4.0.0a5 Mathis:v4.0.0a4 Mathis:v3.8.0 Mathis:v4.0.0a3 Mathis:v4.0.0a2 Mathis:v3.7.1 Mathis:v4.0.0a1 Mathis:v3.7.0 Mathis:v3.6.1 Mathis:v3.6.0 Mathis:v3.5.1 Mathis:v3.5.0 Mathis:v3.4.0 Mathis:v3.3.0 Mathis:v3.2.0 Mathis:v3.1.1 Mathis:v3.1.0 Mathis:v3.0.0 Mathis:v2.15.1 Mathis:v2.15.0 Mathis:v2.14.0 Mathis:v3.0.0b3 Mathis:v3.0.0b2 Mathis:v3.0.0b1 Mathis:v2.13.0 Mathis:v3.0.0a5 Mathis:v2.12.1 Mathis:v2.12.0 Mathis:v2.11.2 Mathis:v2.11.1 Mathis:v2.11.0 Mathis:v3.0.0a1 Mathis:v2.10.1 Mathis:v2.10.0 Mathis:v2.9.4 Mathis:v2.9.3 Mathis:v2.9.2 Mathis:v2.9.1 Mathis:v2.9.0 Mathis:v2.8.8 Mathis:v2.9.0b1 Mathis:v2.8.7 Mathis:v2.9.0a4 Mathis:v2.8.6 Mathis:v2.8.5 Mathis:v2.9.0a2 Mathis:v2.9.0a1 Mathis:v2.8.4 Mathis:v2.8.3 Mathis:v2.8.2 Mathis:v2.8.1 Mathis:v2.8.0 Mathis:v2.8.0a2 Mathis:v2.8.0a1 Mathis:v2.7.5 Mathis:v2.7.4 Mathis:v2.7.3 Mathis:v2.7.2 Mathis:v2.7.1 Mathis:v2.7.0 Mathis:v2.6.6a10 Mathis:v2.6.6a9 Mathis:v2.6.5 Mathis:v2.6.4 Mathis:v2.6.3 Mathis:v2.6.2 Mathis:v2.6.1 Mathis:v.2.6.0 Mathis:v2.5.1 Mathis:v2.5.0 Mathis:v2.4.0 Mathis:v2.3.0 Mathis:v2.2.2 Mathis:v2.2.1 Mathis:v2.2.0 Mathis:v2.1.1 Mathis:v2.1.0 Mathis:v2.1b1 Mathis:v2.0.5 Mathis:v2.0.4 Mathis:v2.0.3 Mathis:v2.0.2 Mathis:v2.0.1 Mathis:v2.0.0 Mathis:v1.15.8 Mathis:v2.0b3 Mathis:v1.15.7 Mathis:v2.0b2 Mathis:v2.0b1 Mathis:v1.15.6 Mathis:v1.15.5 Mathis:v1.15.4 Mathis:v1.15.3 Mathis:v1.15.2 Mathis:v1.15.1 Mathis:v1.15.0 Mathis:v1.14.3 Mathis:v1.14.2 Mathis:v1.14.1 Mathis:v1.14 Mathis:v1.13

58 Commits
v1.14.3 ... v1.15.1

Author SHA1 Message Date
Basraah
ecb74e67b0 Fix link format 2017-02-28 12:41:59 +10:00
Basraah
de47e94870 Version bump to 1.15.1 2017-02-28 11:39:25 +10:00
Basraah
9238ac97cf Remove unnecessary package 2017-02-28 11:38:47 +10:00
Basraah
2e274d3baf Update Openfire broadcast tool (#742) 
Allow users to ignore invalid certificates.
Added some limited user feedback.
Removed threading.
Prevent infinite connection attempt loops.
 2017-02-28 11:30:26 +10:00
Basraah
c6118beddf Teamspeak 3 Updates (#741) 
* Correct duplicate error and success messages to user

* Read out all buffer bytes before sending command

* Convert ts3 manager to use a single connection

Each instance of the class will now use a single connection and should
be cleanly disconnected when finished.

Compatible with `with` clauses and will automatically disconnect from
the TS3 server when it exits the `with` block.

* Update TS3 manager consumers to use new style

* Update unit tests to use new style manager
 2017-02-28 11:28:51 +10:00
Nathan Morgan
e6e1339d71 Added Google reCaptcha (#738) 2017-02-28 11:27:24 +10:00
Basraah
693016e171 CDN Javascript & CSS fix and cleanup (#743) 
* Add missing javascript and css

* Remove unnecessary javascript and css
 2017-02-27 19:29:05 +10:00
Basraah
3e09f2179f Fix translation 
Closes #740
 2017-02-26 19:37:26 +10:00
Adarnof
3a1d0d0335 use v1 Universe for structure names 2017-02-25 17:24:12 -05:00
Adarnof
7c14aede26 Correct ObjectNotFound message for ESI corp IDs 
Addresses #732
 2017-02-23 17:32:09 -05:00
Adarnof
308dc9191f Create v1 Character ESI client for names lookup 
Closes #731
Alter member sorting to put registered characters ahead of unregistered
Conditionally pluralize Main Characters on template
 2017-02-23 10:42:26 -05:00
Adarnof
1a958384c3 Include images instead of imgur links 2017-02-22 23:52:27 -05:00
Adarnof
078ec785e4 Alter docs link to default version 2017-02-22 23:35:53 -05:00
Basraah
97c725f58f Version bump to 1.15.0 2017-02-23 12:54:18 +10:00
Basraah
ed52f4f411 Change default database usernames 
Makes the source of SQL error messages more clear
 2017-02-23 11:08:16 +10:00
Basraah
4c1c33fa23 Add documentation for groups (#728) 2017-02-21 17:10:00 +10:00
Adarnof
3d15cb9c57 Prevent refresh from resubmitting comments (#715) 
Closes #711
 2017-02-20 23:24:19 -05:00
iAddz
e3e84158f8 Corputils Changes (#668) 
Order members by main characters

Display unique user count
 2017-02-20 23:22:01 -05:00
Basraah
2d6c641648 IPS4 and Market PHP hash fix (#727) 
Force bcrypt 2y for PHP apps

2b isn't supported by older versions of PHP supplied by e.g. Ubuntu
14.04. 2a is insecure.

Remove plaintext warning

No services store plaintext passwords anymore.

Switch form to password field
 2017-02-20 23:20:12 -05:00
Adarnof
5cec2f834b Hard-code ESI resource versions (#726) 
Should prevent #718
 2017-02-20 23:19:39 -05:00
Basraah
c0b1523f39 Fix translation tags 2017-02-20 12:24:15 +10:00
Basraah
f6ea9e0236 Force bcrypt version 2a 
Insecure, but 2b is not supported by IPS4 according to user reports. This manager needs to be changed to use the IPS4 API at some point anyway, so really a stop gap measure.
 2017-02-20 12:10:15 +10:00
Basraah
fd05eff5d4 Add missing trailing slash in API URL 2017-02-20 12:01:37 +10:00
Basraah
dfd416c38d Apply ESI endpoint changes (#719) 
And some more logging so the problem is obvious next time
 2017-02-14 23:07:03 -05:00
Basraah
3af1a6a1fb Correct scheduled task calls 2017-02-13 13:45:50 +10:00
Basraah
7ce47547ba Version bump 2017-02-12 19:27:26 +10:00
Basraah
fe9da4d5de Add fake initial 
Will cause Django to fake any initial migrations for tables that already exist. Required as we have moved some tables to other apps.

If the tables don't exist, the initial migrations run as normal.
 2017-02-12 17:23:33 +10:00
iAddz
a6c48f8d71 Localisation & German translation updates (#701) 2017-02-11 23:04:18 -05:00
Basraah
a33c8c14ee Grant service access by permissions (#692) 
* Add service access permissions and migration

`ENABLE_AUTH_<servicename> = True` will have the new permission applied
to the settings configured `DEFAULT_AUTH_GROUP` group or `Member` if
none is configured.

`ENABLE_BLUE_<servicename> = True` will have the new permission applied
to the settings configured `DEFAULT_BLUE_GROUP` group or `Blue` if none
is configured.

* Move views and hooks to permissions based access

* Remove access restriction to services view

Hypothetically non-member/blues could be granted permission to access
services manually as desired now. A user that has no permissions to
access any services will see a blank services list.

* Remove obsolete service settings

* Remove references to obsolete settings

* Adjusted tests to support permissions based access

* Fix incorrectly named permissions

* Add simple get_services generator function

* Added signals for user and groups perm changes

* Update validate_services to support permissions

deactivate_services removed as its surplus to requirements.

* Removed state parameter from validate_services calls

* Update tests to support signals changes

* Fix incorrect call to validate_services task

* Fix validate_services and test

* Add validate_user to changed user groups signal

* Added tests for new signals

* Remove unnecessary post_add signals

* Added documentation for service permissions

* Added detection for members with service active

If there are any service users in the Member or Blue groups active, then
the permission will be added to the respective Member or Blue group.
This means its no longer necessary to maintain the service enablesettings to migrate to permissions based service.

Remove obsolete state based status checking
 2017-02-11 22:51:30 -05:00
Basraah
58e121d10d Replace third party client libraries with CDN delivered versions (#709) 
* Correct invalid html

* Add bundle files for CDN CSS and javascript

* Replace static javascript refs with bundles

* Change password reset templates to use a basefile

And switch to use bundles

* Remove third party libraries

* Remove awkward margin styling on navbars
 2017-02-11 22:06:10 -05:00
Adarnof
8c82897a92 Support static blue corps and alliances (#708) 2017-02-11 22:05:32 -05:00
Basraah
d7291f83c3 Add Teamspeak 3 Py3 compatibility (#705) 
Replace sockets with telnetlib
Provides Python 2 and 3 compatibility
 2017-02-11 22:05:18 -05:00
Basraah
914c204a40 SeAT Manager (#704) 
* SeAT service in modular service app format

* Replace string concatenation with formatters

* Fix incorrect references to user

* Fix exception when user doesn't have seat active

* Prevent deletion of seat API keys by default

* Improve api response error handling

* Corrected notification message

* Added missing view returns

* Update SeAT to use permissions based access

* Update password generator to new style

* Correct logging message

* Fix seat role update tasks

* Correct validate user logic

* Add seat test settings

* Added basic seat unit tests

* Added add permissions function from other branch

* Remove obsolete settings references
 2017-02-11 22:04:47 -05:00
Basraah
918ecf812c Publically joinable Groups (#697) 
* Add public field to AuthGroup

* Add permission for users to join non-public groups

By default this permission will be applied to the "Member" group to
maintain the current behaviour.

* Allow users to join public groups

Users without the 'groupmanagement.request_groups' permission will be
able to join groups marked as public but will not be able to see or join
any other groups.

* Prevent None state change from purging groups

Currently when a user drops from Blue or Member state all groups and
permissions are discarded. This softens that approach by not removing
public groups and creates a distinction between the two activities. An
argument could maybe be made for not removing permissions on a state
change, but that is beyond the scope of this change.

* Correct syntax for removing filtered groups

* Add unit tests for disable user and member

* Update services signals tests

* Correct mocking call

* Remove permissions checking from menu item
 2017-02-11 22:03:39 -05:00
Basraah
b636262e0c Permissions Auditing Tool (#698) 
* Added block for page_title as title fragment

* Add permissions auditing tool

* Added tests for permissions audit tool

* Added documentation for permissions tool

* Add permissions tool to coverage
 2017-02-10 21:25:09 +10:00
Basraah
489b9a601d Implement Openfire username escaping (#703) 
* Fix openfire username sanitize function

* Use escaping instead of stripping characters
 2017-02-10 13:30:57 +10:00
Basraah
ff1c2030ca Update optimer and fleetup javascript (#695) 
* Split out moment duration formatter

* Replace fleetup timer js

* Replace optimer js

* Remove obsolete countdown.js library

* Remove unused dateformat.js references

* Remove obsolete dateformat library
 2017-02-07 19:04:31 +10:00
Basraah
1a749bf712 Update timerboard javascript (#688) 
* Fix and update javascript

Reformatted javascript.
Updated javascript to reduce duplicate code.

* Replace countdown and dateformat with moment

Improves i18n
Fixes #685
 2017-02-04 09:41:18 +10:00
Basraah
3f8b7f7fc1 Version bump to 1.15-alpha 2017-02-03 22:00:34 +10:00
nizzan
0902e250d3 Update pip packages during auth update (#681) 2017-02-03 00:08:52 -05:00
Basraah
c0885fa7c5 Stop search from failing with None alliance name (#684) 2017-02-02 13:23:23 -05:00
Basraah
038f948aab Specify short names for service tasks (#682) 2017-02-01 14:28:43 +10:00
Basraah
d7a4d06120 Prevent market url patterns from conflicting 
Addresses #683

Install instructions have people aliasing `/market/` to the alliance market app which prevents access to the market action URLs.
 2017-01-30 16:46:35 +10:00
Basraah
13204a7e91 Fixed incorrect parameters for task apply call (#680) 
Added test to ensure member groups are correctly applied after
`activate_mumble` is called.
 2017-01-29 10:46:51 +10:00
Basraah
3d645867bb Fix typo 2017-01-29 09:52:01 +10:00
Basraah
aa0148f23b Services Modules migration improvements (#676) 
* Added a check to prevent dataloss from missing service modules

Migration will raise an exception and refuse to run if a model has data
for a field which is missing its target service.

* Add setting to allow services to be installed after service migration

Previously django would complain about migrations being out of order. By
setting `SERVICES_MIGRATED=True` the
`authentication.0013_service_modules` migration drops all of its
'optional' dependencies which allows the initial migrations of service
modules to run normally. If the setting is missing or set to False, the
migration will require all installed and required services migrations to
have run before the `authentication.0013_service_modules` migration.

* Move setting to somewhere it makes more sense

* Modify celerybeat registration to automatically register services
 2017-01-28 18:15:58 +10:00
Basraah
ed32925525 Fix discourse example sso url 2017-01-28 10:34:01 +10:00
Basraah
4f7c7ca1c6 Fix example discord callback url 2017-01-28 10:31:46 +10:00
Basraah
35ceb53936 Fix some incorrect service example URLs 2017-01-28 08:53:49 +10:00
Basraah
c4c6d13d36 Documentation for Service Modules (#677) 
Added documentation for writing service integrations
Added menu hook documentation
Added notes about installing service modules before following service installation guide
 2017-01-27 11:20:06 -05:00
Adarnof
44256c3408 Remove legacy upgrade instructions. 2017-01-25 17:23:17 -05:00
Basraah
2c68f485e2 Upgrade Mumble password hashing to bcrypt (#671) 
Added transition to bcrypt-sha256 hashing for mumble passwords.
All new passwords will be hashed by bcrypt-sha256. The existing SHA-1
hashes will continue to work as a fallback for legacy password hashes.
 2017-01-25 15:10:07 -05:00
Basraah
11d52d476c Added build and coverage badges to readme 2017-01-25 13:08:53 +10:00
Basraah
1066e6ac98 The Great Services Refactor (#594) 
* Hooks registration, discovery and retrieval module

Will discover @hooks.register decorated functions inside
the auth_hooks module in any installed django app.

* Class to register modular service apps

* Register service modules URLs

* Example service module

* Refactor services into modules

Each service type has been split out into its own django app/module. A
hook mechanism is provided to register a subclass of the ServiceHook
class. The modules then overload functions defined in ServiceHook as
required to provide interoperability with alliance auth. Service modules
provide their own urls and views for user registration and account
management and a partial template to display on the services page. Where
possible, new modules should provide their own models for local data
storage.

* Added menu items hooks and template tags

* Added menu item hook for broadcasts

* Added str method to ServicesHook

* Added exception handling to hook iterators

* Refactor mumble migration and table name

Upgrading will require `migrate mumble --fake-initial` to be run first
and then `migrate mumble` to rename the table.

* Refactor teamspeak3 migration and rename table

Upgrading will require `migrate teamspeak3 --fake-initial`

* Added module models and migrations for refactoring AuthServicesInfo

* Migrate AuthServiceInfo fields to service modules models

* Added helper for getting a users main character

* Added new style celery instance

* Changed Discord from AuthServicesInfo to DiscordUser model

* Switch celery tasks to staticmethods

* Changed Discourse from AuthServicesInfo to DiscourseUser model

* Changed IPBoard from AuthServicesInfo to IpboardUser model

* Changed Ips4 from AuthServicesInfo to Ips4User model

Also added disable service task.

This service still needs some love though. Was always missing a
deactivate services hook (before refactoring) for reasons I'm unsure of
so I'm reluctant to add it without knowing why.

* Changed Market from AuthServicesInfo to MarketUser model

* Changed Mumble from AuthServicesInfo to MumbleUser model

Switched user foreign key to one to one relationship.
Removed implicit password change on user exists.
Combined regular and blue user creation.

* Changed Openfire from AuthServicesInfo to OpenfireUser model

* Changed SMF from AuthServicesInfo to SmfUser model

Added disable task

* Changed Phpbb3 from AuthServicesInfo to Phpbb3User model

* Changed XenForo from AuthServicesInfo to XenforoUser model

* Changed Teamspeak3 from AuthServicesInfo to Teamspeak3User model

* Remove obsolete manager functions

* Standardise URL format

This will break some callback URLs
Discord changes from /discord_callback/ to /discord/callback/

* Removed unnecessary imports

* Mirror upstream decorator change

* Setup for unit testing

* Unit tests for discord service

* Added add main character helper

* Added Discourse unit tests

* Added Ipboard unit tests

* Added Ips4 unit tests

* Fix naming of market manager, switch to use class methods

* Remove unused hook functions

* Added market service unit tests

* Added corp ticker to add main character helper

* Added mumble unit tests

* Fix url name and remove namespace

* Fix missing return and add missing URL

* Added openfire unit tests

* Added missing return

* Added phpbb3 unit tests

* Fix SmfManager naming inconsistency and switch to classmethods

* Added smf unit tests

* Remove unused functions, Added missing return

* Added xenforo unit tests

* Added missing return

* Fixed reference to old model

* Fixed error preventing groups from syncing on reset request

* Added teamspeak3 unit tests

* Added nose as test runner and some test settings

* Added package requirements for running tests

* Added unit tests for services signals and tasks

* Remove unused tests file

* Fix teamspeak3 service signals

* Added unit tests for teamspeak3 signals

Changed other unit tests setUp to inert signals

* Fix password gen and hashing python3 compatibility

Fixes #630

Adds unit tests to check the password functions run on both platforms.

* Fix unit test to not rely on checking url params

* Add Travis CI settings file

* Remove default blank values from services models

* Added dynamic user model admin actions for syncing service groups

* Remove unused search fields

* Add hook function for syncing nicknames

* Added discord hook for sync nickname

* Added user admin model menu actions for sync nickname hook

* Remove obsolete code

* Rename celery config app to avoid package name clash

* Added new style celerybeat schedule configuration

periodic_task decorator is depreciated

* Added string representations

* Added admin pages for services user models

* Removed legacy code

* Move link discord button to correct template

* Remove blank default fields from example model

* Disallow empty django setting

* Fix typos

* Added coverage configuration file

* Add coverage and coveralls to travis config

Should probably use nose's built in coverage, but this works for now.

* Replace AuthServicesInfo get_or_create instances with get

Reflects upstream changes to AuthServicesInfo behaviour.

* Update mumble user table name

* Split out mumble authenticator requirements

zeroc-ice seems to cause long build times on travis-ci and isn't
required for the core projects functionality or testing.
 2017-01-25 12:50:16 +10:00
Adarnof
5738b015c3 Correct typo in exception handling 2017-01-23 23:28:55 -05:00
Adarnof
88534837e2 Merge pull request #665 from allianceauth/provider 
Correct startup error when provider settings blank
 2017-01-22 12:27:21 -05:00
Adarnof
294cd6b781 Remove references to legacy jacknife setting 2017-01-20 10:00:24 -05:00
Adarnof
0292ad07ad Customizable API auditing URLs via template filter (#652) 
Closes #636
 2017-01-19 23:01:26 -05:00
374 changed files with 13644 additions and 21840 deletions
Expand all files Collapse all files

32
.coveragerc Normal file
View File

@@ -0,0 +1,32 @@
[run]
branch = True
source =
alliance_auth
authentication
corputils
eveonline
fleetactivitytracking
fleetup
groupmanagement
hrapplications
notifications
optimer
permissions_tool
services
srp
timerboard
omit =
*/migrations/*
*/example/*
[report]
exclude_lines =
if self.debug:
pragma: no cover
raise NotImplementedError
if __name__ == .__main__.:
def __repr__
raise AssertionError
ignore_errors = True

14
.travis.yml Normal file
View File

@@ -0,0 +1,14 @@
language: python
python:
- "2.7"
- "3.5"
# command to install dependencies
install:
- pip install requests
- pip install -r requirements.txt
- pip install -r testing-requirements.txt
# command to run tests
script: coverage run runtests.py
cache: pip
after_success:
coveralls

7
README.md
View File

@@ -2,11 +2,16 @@ Alliance Auth
============
[![Join the chat at https://gitter.im/R4stl1n/allianceauth](https://badges.gitter.im/R4stl1n/allianceauth.svg)](https://gitter.im/R4stl1n/allianceauth?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
[![Documentation Status](https://readthedocs.org/projects/allianceauth/badge/?version=latest)](http://allianceauth.readthedocs.io/en/latest/?badge=latest)
[![Documentation Status](https://readthedocs.org/projects/allianceauth/badge/?version=latest)](http://allianceauth.readthedocs.io/?badge=latest)
[![Build Status](https://travis-ci.org/allianceauth/allianceauth.svg?branch=master)](https://travis-ci.org/allianceauth/allianceauth)
[![Coverage Status](https://coveralls.io/repos/github/allianceauth/allianceauth/badge.svg?branch=master)](https://coveralls.io/github/allianceauth/allianceauth?branch=master)
EVE service auth to help corps, alliances, and coalitions manage services.
Built for "The 99 Percent" open for anyone to use.
[Read the docs here.](http://allianceauth.rtfd.io)
Special Permissions In Admin:
auth | user | group_management ( Access to add members to groups within the alliance )

8
alliance_auth/__init__.py
View File

@@ -1,4 +1,8 @@
from __future__ import unicode_literals
from __future__ import absolute_import, unicode_literals
__version__ = '1.14.2'
# This will make sure the app is always imported when
# Django starts so that shared_task will use this app.
from .celeryapp import app as celery_app # noqa
__version__ = '1.15.1'
NAME = 'Alliance Auth v%s' % __version__

17
alliance_auth/celeryapp.py Normal file
View File

@@ -0,0 +1,17 @@
from __future__ import absolute_import, unicode_literals
import os
from celery import Celery
# set the default Django settings module for the 'celery' program.
os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'alliance_auth.settings')
from django.conf import settings # noqa
app = Celery('alliance_auth')
# Using a string here means the worker don't have to serialize
# the configuration object to child processes.
app.config_from_object('django.conf:settings')
# Load task modules from all registered Django app configs.
app.autodiscover_tasks(lambda: settings.INSTALLED_APPS)

127
alliance_auth/hooks.py Normal file
View File

@@ -0,0 +1,127 @@
"""
Copyright (c) 2014 Torchbox Ltd and individual contributors.
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. Neither the name of Torchbox nor the names of its contributors may be used
to endorse or promote products derived from this software without
specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Based on https://github.com/torchbox/wagtail/blob/master/wagtail/wagtailcore/hooks.py
"""
from __future__ import unicode_literals
from importlib import import_module
from django.apps import apps
from django.utils.module_loading import module_has_submodule
import logging
logger = logging.getLogger(__name__)
_hooks = {} # Dict of Name: Fn's of registered hooks
_all_hooks_registered = False # If all hooks have been searched for and registered yet
def register(name, fn=None):
"""
Decorator to register a function as a hook
Register hook for ``hook_name``. Can be used as a decorator::
@register('hook_name')
def my_hook(...):
pass
or as a function call::
def my_hook(...):
pass
register('hook_name', my_hook)
:param name: str Name of the hook/callback to register it as
:param fn: function to register in the hook/callback
:return: function Decorator if applied as a decorator
"""
def _hook_add(func):
if name not in _hooks:
logger.debug("Creating new hook %s" % name)
_hooks[name] = []
logger.debug('Registering hook %s for function %s' % (name, fn))
_hooks[name].append(func)
if fn is None:
# Behave like a decorator
def decorator(func):
_hook_add(func)
return func
return decorator
else:
# Behave like a function, just register hook
_hook_add(fn)
def get_app_modules():
"""
Get all the modules of the django app
:return: name, module tuple
"""
for app in apps.get_app_configs():
yield app.name, app.module
def get_app_submodules(module_name):
"""
Get a specific sub module of the app
:param module_name: module name to get
:return: name, module tuple
"""
for name, module in get_app_modules():
if module_has_submodule(module, module_name):
yield name, import_module('{0}.{1}'.format(name, module_name))
def register_all_hooks():
"""
Register all hooks found in 'auth_hooks' sub modules
:return:
"""
global _all_hooks_registered
if not _all_hooks_registered:
logger.debug("Searching for hooks")
hooks = list(get_app_submodules('auth_hooks'))
logger.debug("Got %s hooks" % len(hooks))
_all_hooks_registered = True
def get_hooks(name):
"""
Get all the hook functions for the given hook name
:param name: str name of the hook to get the functions for
:return: list of hook functions
"""
register_all_hooks()
return _hooks.get(name, [])

169
alliance_auth/settings.py.example
View File

@@ -15,12 +15,14 @@ import os
import djcelery
from django.contrib import messages
from celery.schedules import crontab
djcelery.setup_loader()
# Celery configuration
BROKER_URL = 'redis://localhost:6379/0'
CELERYBEAT_SCHEDULER = "djcelery.schedulers.DatabaseScheduler"
CELERYBEAT_SCHEDULE = dict()
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
@@ -62,8 +64,24 @@ INSTALLED_APPS = [
'fleetactivitytracking',
'notifications',
'esi',
'permissions_tool',
'geelweb.django.navhelper',
'bootstrap_pagination',
'captcha',
# Services
'services.modules.mumble',
'services.modules.discord',
'services.modules.discourse',
'services.modules.ipboard',
'services.modules.ips4',
'services.modules.market',
'services.modules.openfire',
'services.modules.seat',
'services.modules.smf',
'services.modules.phpbb3',
'services.modules.xenforo',
'services.modules.teamspeak3',
]
MIDDLEWARE = [
@@ -134,6 +152,15 @@ DATABASES = {
},
}
# If you have run the authentication.0013_service_modules migration
# you will need to set this to True in order to install service modules
# which were involved in that migration after it has been run.
# If you are on a fresh install with no existing database you can safely
# set this to True
# If you have not run the authentication.0013_service_modules migration
# leave this set to False.
SERVICES_MIGRATED = False
# Password validation
# https://docs.djangoproject.com/en/1.10/ref/settings/#auth-password-validators
@@ -195,6 +222,15 @@ CACHES = {
}
}
# Google Recaptcha
CAPTCHA_ENABLED = False
RECAPTCHA_PUBLIC_KEY = 'MyRecaptchaKey'
RECAPTCHA_PRIVATE_KEY = 'MyRecaptchaPrivateKey'
NOCAPTCHA = True
#####################################################
##
## Auth configuration starts here
@@ -211,7 +247,7 @@ CACHES = {
# EMAIL_HOST_PASSWORD - Email Password
# EMAIL_USE_TLS - Set to use TLS encryption
#################
DOMAIN = os.environ.get('AA_DOMAIN', 'https://yourdomain.com')
DOMAIN = os.environ.get('AA_DOMAIN', 'https://example.com')
EMAIL_HOST = os.environ.get('AA_EMAIL_HOST', 'smtp.gmail.com')
EMAIL_PORT = int(os.environ.get('AA_EMAIL_PORT', '587'))
EMAIL_HOST_USER = os.environ.get('AA_EMAIL_HOST_USER', '')
@@ -236,7 +272,7 @@ SITE_NAME = os.environ.get('AA_SITE_NAME', 'Alliance Auth')
###################
# Get client ID and client secret from registering an app at
# https://developers.eveonline.com/
# Callback URL should be https://mydomain.com/sso/callback
# Callback URL should be https://example.com/sso/callback
###################
ESI_SSO_CLIENT_ID = os.environ.get('AA_ESI_SSO_CLIENT_ID', '')
ESI_SSO_CLIENT_SECRET = os.environ.get('AA_ESI_SSO_CLIENT_SECRET', '')
@@ -257,58 +293,6 @@ MEMBER_ALLIANCE_GROUPS = 'True' == os.environ.get('AA_MEMBER_ALLIANCE_GROUPS', '
BLUE_CORP_GROUPS = 'True' == os.environ.get('AA_BLUE_CORP_GROUPS', 'False')
BLUE_ALLIANCE_GROUPS = 'True' == os.environ.get('AA_BLUE_ALLIANCE_GROUPS', 'False')
#########################
# Alliance Service Setup
#########################
# ENABLE_AUTH_FORUM - Enable forum support in the auth for auth'd members
# ENABLE_AUTH_JABBER - Enable jabber support in the auth for auth'd members
# ENABLE_AUTH_MUMBLE - Enable mumble support in the auth for auth'd members
# ENABLE_AUTH_IPBOARD - Enable IPBoard forum support in the auth for auth'd members
# ENABLE_AUTH_DISCORD - Enable Discord support in the auth for auth'd members
# ENABLE_AUTH_DISCOURSE - Enable Discourse support in the auth for auth'd members
# ENABLE_AUTH_IPS4 - Enable IPS4 support in the auth for auth'd members
# ENABLE_AUTH_SMF - Enable SMF forum support in the auth for auth'd members
# ENABLE_AUTH_MARKET = Enable Alliance Market support in auth for auth'd members
# ENABLE_AUTH_XENFORO = Enable XenForo forums support in the auth for auth'd members
#########################
ENABLE_AUTH_FORUM = 'True' == os.environ.get('AA_ENABLE_AUTH_FORUM', 'False')
ENABLE_AUTH_JABBER = 'True' == os.environ.get('AA_ENABLE_AUTH_JABBER', 'False')
ENABLE_AUTH_MUMBLE = 'True' == os.environ.get('AA_ENABLE_AUTH_MUMBLE', 'False')
ENABLE_AUTH_IPBOARD = 'True' == os.environ.get('AA_ENABLE_AUTH_IPBOARD', 'False')
ENABLE_AUTH_TEAMSPEAK3 = 'True' == os.environ.get('AA_ENABLE_AUTH_TEAMSPEAK3', 'False')
ENABLE_AUTH_DISCORD = 'True' == os.environ.get('AA_ENABLE_AUTH_DISCORD', 'False')
ENABLE_AUTH_DISCOURSE = 'True' == os.environ.get('AA_ENABLE_AUTH_DISCOURSE', 'False')
ENABLE_AUTH_IPS4 = 'True' == os.environ.get('AA_ENABLE_AUTH_IPS4', 'False')
ENABLE_AUTH_SMF = 'True' == os.environ.get('AA_ENABLE_AUTH_SMF', 'False')
ENABLE_AUTH_MARKET = 'True' == os.environ.get('AA_ENABLE_AUTH_MARKET', 'False')
ENABLE_AUTH_XENFORO = 'True' == os.environ.get('AA_ENABLE_AUTH_XENFORO', 'False')
#####################
# Blue service Setup
#####################
# ENABLE_BLUE_FORUM - Enable forum support in the auth for blues
# ENABLE_BLUE_JABBER - Enable jabber support in the auth for blues
# ENABLE_BLUE_MUMBLE - Enable mumble support in the auth for blues
# ENABLE_BLUE_IPBOARD - Enable IPBoard forum support in the auth for blues
# ENABLE_BLUE_DISCORD - Enable Discord support in the auth for blues
# ENABLE_BLUE_DISCOURSE - Enable Discord support in the auth for blues
# ENABLE_BLUE_IPS4 - Enable IPS4 forum support in the auth for blues
# ENABLE_BLUE_SMF - Enable SMF forum support in the auth for blues
# ENABLE_BLUE_MARKET - Enable Alliance Market in the auth for blues
# ENABLE_BLUE_XENFORO = Enable XenForo forum support in the auth for blue
#####################
ENABLE_BLUE_FORUM = 'True' == os.environ.get('AA_ENABLE_BLUE_FORUM', 'False')
ENABLE_BLUE_JABBER = 'True' == os.environ.get('AA_ENABLE_BLUE_JABBER', 'False')
ENABLE_BLUE_MUMBLE = 'True' == os.environ.get('AA_ENABLE_BLUE_MUMBLE', 'False')
ENABLE_BLUE_IPBOARD = 'True' == os.environ.get('AA_ENABLE_BLUE_IPBOARD', 'False')
ENABLE_BLUE_TEAMSPEAK3 = 'True' == os.environ.get('AA_ENABLE_BLUE_TEAMSPEAK3', 'False')
ENABLE_BLUE_DISCORD = 'True' == os.environ.get('AA_ENABLE_BLUE_DISCORD', 'False')
ENABLE_BLUE_DISCOURSE = 'True' == os.environ.get('AA_ENABLE_BLUE_DISCOURSE', 'False')
ENABLE_BLUE_IPS4 = 'True' == os.environ.get('AA_ENABLE_BLUE_IPS4', 'False')
ENABLE_BLUE_SMF = 'True' == os.environ.get('AA_ENABLE_BLUE_SMF', 'False')
ENABLE_BLUE_MARKET = 'True' == os.environ.get('AA_ENABLE_BLUE_MARKET', 'False')
ENABLE_BLUE_XENFORO = 'True' == os.environ.get('AA_ENABLE_BLUE_XENFORO', 'False')
#########################
# Tenant Configuration
#########################
@@ -327,11 +311,15 @@ ALLIANCE_IDS = []
# CORP_API_VCODE - Set this to the api vcode for the corp API key
# BLUE_STANDING - The lowest standings value to consider blue
# STANDING_LEVEL - The level of standings to query. Accepted values are 'corp' and 'alliance'.
# BLUE_CORP_IDS - A list of corps to remain blue regardless of in-game standings
# BLUE_ALLIANCE_IDS - A list of alliances to remain blue regardless of in-game standings
########################
CORP_API_ID = os.environ.get('AA_CORP_API_ID', '')
CORP_API_VCODE = os.environ.get('AA_CORP_API_VCODE', '')
BLUE_STANDING = float(os.environ.get('AA_BLUE_STANDING', '5.0'))
STANDING_LEVEL = os.environ.get('AA_STANDING_LEVEL', 'corp')
BLUE_CORP_IDS = []
BLUE_ALLIANCE_IDS = []
########################
# API Configuration
@@ -371,11 +359,11 @@ EVEONLINE_ITEMTYPE_PROVIDER = os.environ.get('AA_EVEONLINE_ITEMTYPE_PROVIDER', '
#####################
# Alliance Market
#####################
MARKET_URL = os.environ.get('AA_MARKET_URL', 'http://yourdomain.com/market')
MARKET_URL = os.environ.get('AA_MARKET_URL', 'http://example.com/market')
MARKET_DB = {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'alliance_market',
'USER': os.environ.get('AA_DB_MARKET_USER', 'allianceserver'),
'USER': os.environ.get('AA_DB_MARKET_USER', 'allianceserver-market'),
'PASSWORD': os.environ.get('AA_DB_MARKET_PASSWORD', 'password'),
'HOST': os.environ.get('AA_DB_MARKET_HOST', '127.0.0.1'),
'PORT': os.environ.get('AA_DB_MARKET_PORT', '3306'),
@@ -384,10 +372,16 @@ MARKET_DB = {
#####################
# HR Configuration
#####################
# JACK_KNIFE_URL - Url for the audit page of API Jack knife
# Should seriously replace with your own.
# API_KEY_AUDIT_URL - URL for viewing API keys.
# Other URLs are supported. Use string formatting notation {} with parameter names api_id, vcode, pk
# Example URL formats are shown below:
# Old Jacknife: 'https://example.com/jacknife/eveapi/audit.php?usid={api_id}&apik={vcode}'
# New Jacknife: 'https://example.com/jacknife/?usid={api_id}&apik={vcode}'
# SeAT: 'https://seat.example.com/api-key/detail/{api_id}'
# Django Admin: '/admin/eveonline/eveapikeypair/{pk}/change'
# Leave blank for the verification code to be shown in a popup on click.
#####################
JACK_KNIFE_URL = os.environ.get('AA_JACK_KNIFE_URL', 'http://ridetheclown.com/eveapi/audit.php')
API_KEY_AUDIT_URL = os.environ.get('AA_API_KEY_AUDIT_URL', '')
#####################
# Forum Configuration
@@ -396,14 +390,14 @@ JACK_KNIFE_URL = os.environ.get('AA_JACK_KNIFE_URL', 'http://ridetheclown.com/ev
# IPBOARD_APIKEY - Api key to interact with ipboard
# IPBOARD_APIMODULE - Module for alliance auth *leave alone*
#####################
IPBOARD_ENDPOINT = os.environ.get('AA_IPBOARD_ENDPOINT', 'yourdomain.com/interface/board/index.php')
IPBOARD_ENDPOINT = os.environ.get('AA_IPBOARD_ENDPOINT', 'example.com/interface/board/index.php')
IPBOARD_APIKEY = os.environ.get('AA_IPBOARD_APIKEY', 'somekeyhere')
IPBOARD_APIMODULE = 'aa'
########################
# XenForo Configuration
########################
XENFORO_ENDPOINT = os.environ.get('AA_XENFORO_ENDPOINT', 'yourdomain.com/api.php')
XENFORO_ENDPOINT = os.environ.get('AA_XENFORO_ENDPOINT', 'example.com/api.php')
XENFORO_DEFAULT_GROUP = os.environ.get('AA_XENFORO_DEFAULT_GROUP', 0)
XENFORO_APIKEY = os.environ.get('AA_XENFORO_APIKEY', 'yourapikey')
#####################
@@ -420,10 +414,10 @@ XENFORO_APIKEY = os.environ.get('AA_XENFORO_APIKEY', 'yourapikey')
# BROADCAST_USER - Broadcast user JID
# BROADCAST_USER_PASSWORD - Broadcast user password
######################
JABBER_URL = os.environ.get('AA_JABBER_URL', "yourdomain.com")
JABBER_URL = os.environ.get('AA_JABBER_URL', "example.com")
JABBER_PORT = int(os.environ.get('AA_JABBER_PORT', '5223'))
JABBER_SERVER = os.environ.get('AA_JABBER_SERVER', "yourdomain.com")
OPENFIRE_ADDRESS = os.environ.get('AA_OPENFIRE_ADDRESS', "http://yourdomain.com:9090")
JABBER_SERVER = os.environ.get('AA_JABBER_SERVER', "example.com")
OPENFIRE_ADDRESS = os.environ.get('AA_OPENFIRE_ADDRESS', "http://example.com:9090")
OPENFIRE_SECRET_KEY = os.environ.get('AA_OPENFIRE_SECRET_KEY', "somekey")
BROADCAST_USER = os.environ.get('AA_BROADCAST_USER', "broadcast@") + JABBER_URL
BROADCAST_USER_PASSWORD = os.environ.get('AA_BROADCAST_USER_PASSWORD', "somepassword")
@@ -435,7 +429,7 @@ BROADCAST_SERVICE_NAME = os.environ.get('AA_BROADCAST_SERVICE_NAME', "broadcast"
# MUMBLE_URL - Mumble server url
# MUMBLE_SERVER_ID - Mumble server id
######################################
MUMBLE_URL = os.environ.get('AA_MUMBLE_URL', "yourdomain.com")
MUMBLE_URL = os.environ.get('AA_MUMBLE_URL', "https://example.com")
MUMBLE_SERVER_ID = int(os.environ.get('AA_MUMBLE_SERVER_ID', '1'))
######################################
@@ -444,7 +438,7 @@ MUMBLE_SERVER_ID = int(os.environ.get('AA_MUMBLE_SERVER_ID', '1'))
PHPBB3_DB = {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'alliance_forum',
'USER': os.environ.get('AA_DB_PHPBB3_USER', 'allianceserver'),
'USER': os.environ.get('AA_DB_PHPBB3_USER', 'allianceserver-phpbb3'),
'PASSWORD': os.environ.get('AA_DB_PHPBB3_PASSWORD', 'password'),
'HOST': os.environ.get('AA_DB_PHPBB3_HOST', '127.0.0.1'),
'PORT': os.environ.get('AA_DB_PHPBB3_PORT', '3306'),
@@ -466,7 +460,7 @@ TEAMSPEAK3_SERVER_PORT = int(os.environ.get('AA_TEAMSPEAK3_SERVER_PORT', '10011'
TEAMSPEAK3_SERVERQUERY_USER = os.environ.get('AA_TEAMSPEAK3_SERVERQUERY_USER', 'serveradmin')
TEAMSPEAK3_SERVERQUERY_PASSWORD = os.environ.get('AA_TEAMSPEAK3_SERVERQUERY_PASSWORD', 'passwordhere')
TEAMSPEAK3_VIRTUAL_SERVER = int(os.environ.get('AA_TEAMSPEAK3_VIRTUAL_SERVER', '1'))
TEAMSPEAK3_PUBLIC_URL = os.environ.get('AA_TEAMSPEAK3_PUBLIC_URL', 'yourdomain.com')
TEAMSPEAK3_PUBLIC_URL = os.environ.get('AA_TEAMSPEAK3_PUBLIC_URL', 'example.com')
######################################
# Discord Configuration
@@ -484,7 +478,7 @@ DISCORD_BOT_TOKEN = os.environ.get('AA_DISCORD_BOT_TOKEN', '')
DISCORD_INVITE_CODE = os.environ.get('AA_DISCORD_INVITE_CODE', '')
DISCORD_APP_ID = os.environ.get('AA_DISCORD_APP_ID', '')
DISCORD_APP_SECRET = os.environ.get('AA_DISCORD_APP_SECRET', '')
DISCORD_CALLBACK_URL = os.environ.get('AA_DISCORD_CALLBACK_URL', 'http://mydomain.com/discord_callback')
DISCORD_CALLBACK_URL = os.environ.get('AA_DISCORD_CALLBACK_URL', 'http://example.com/discord/callback')
DISCORD_SYNC_NAMES = 'True' == os.environ.get('AA_DISCORD_SYNC_NAMES', 'False')
######################################
@@ -506,26 +500,34 @@ DISCOURSE_SSO_SECRET = os.environ.get('AA_DISCOURSE_SSO_SECRET', '')
# IPS4_URL - base url of the IPS4 install (no trailing slash)
# IPS4_API_KEY - API key provided by IPS4
#####################################
IPS4_URL = os.environ.get('AA_IPS4_URL', 'http://yourdomain.com/ips4')
IPS4_URL = os.environ.get('AA_IPS4_URL', 'http://example.com/ips4')
IPS4_API_KEY = os.environ.get('AA_IPS4_API_KEY', '')
IPS4_DB = {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'alliance_ips4',
'USER': os.environ.get('AA_DB_IPS4_USER', 'allianceserver'),
'USER': os.environ.get('AA_DB_IPS4_USER', 'allianceserver-ips4'),
'PASSWORD': os.environ.get('AA_DB_IPS4_PASSWORD', 'password'),
'HOST': os.environ.get('AA_DB_IPS4_HOST', '127.0.0.1'),
'PORT': os.environ.get('AA_DB_IPS4_PORT', '3306'),
}
#####################################
# SEAT Configuration
#####################################
# SEAT_URL - base url of the seat install (no trailing slash)
# SEAT_XTOKEN - API key X-Token provided by SeAT
#####################################
SEAT_URL = os.environ.get('AA_SEAT_URL', 'http://example.com/seat')
SEAT_XTOKEN = os.environ.get('AA_SEAT_XTOKEN', '')
######################################
# SMF Configuration
######################################
SMF_URL = os.environ.get('AA_SMF_URL', '')
SMF_URL = os.environ.get('AA_SMF_URL', 'https://example.com')
SMF_DB = {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'alliance_smf',
'USER': os.environ.get('AA_DB_SMF_USER', 'allianceserver'),
'USER': os.environ.get('AA_DB_SMF_USER', 'allianceserver-smf'),
'PASSWORD': os.environ.get('AA_DB_SMF_PASSWORD', 'password'),
'HOST': os.environ.get('AA_DB_SMF_HOST', '127.0.0.1'),
'PORT': os.environ.get('AA_DB_SMF_PORT', '3306'),
@@ -658,15 +660,30 @@ LOGGING = {
}
# Conditionally add databases only if configured
if ENABLE_AUTH_FORUM or ENABLE_BLUE_FORUM:
if 'services.modules.phpbb3' in INSTALLED_APPS:
DATABASES['phpbb3'] = PHPBB3_DB
if ENABLE_AUTH_SMF or ENABLE_BLUE_SMF:
if 'services.modules.smf' in INSTALLED_APPS:
DATABASES['smf'] = SMF_DB
if ENABLE_AUTH_MARKET or ENABLE_BLUE_MARKET:
if 'services.modules.market' in INSTALLED_APPS:
DATABASES['market'] = MARKET_DB
if ENABLE_AUTH_IPS4 or ENABLE_BLUE_IPS4:
if 'services.modules.ips4' in INSTALLED_APPS:
DATABASES['ips4'] = IPS4_DB
# Ensure corp/alliance IDs are expected types
STR_CORP_IDS = [str(id) for id in CORP_IDS]
STR_ALLIANCE_IDS = [str(id) for id in ALLIANCE_IDS]
STR_BLUE_CORP_IDS = [str(id) for id in BLUE_CORP_IDS]
STR_BLUE_ALLIANCE_IDS = [str(id) for id in BLUE_ALLIANCE_IDS]
# Conditionally add periodic tasks for services if installed
if 'services.modules.teamspeak3' in INSTALLED_APPS:
CELERYBEAT_SCHEDULE['run_ts3_group_update'] = {
'task': 'services.modules.teamspeak3.tasks.run_ts3_group_update',
'schedule': crontab(minute='*/30'),
}
if 'services.modules.seat' in INSTALLED_APPS:
CELERYBEAT_SCHEDULE['run_seat_api_sync'] = {
'task': 'services.modules.seat.tasks.run_api_sync',
'schedule': crontab(minute='*/30'),
}

0
alliance_auth/tests/__init__.py Normal file
View File

98
alliance_auth/tests/auth_utils.py Normal file
View File

@@ -0,0 +1,98 @@
from __future__ import unicode_literals
from django.db.models.signals import m2m_changed, pre_save
from django.contrib.auth.models import User, Group, Permission
from services.signals import m2m_changed_user_groups, pre_save_user
from services.signals import m2m_changed_group_permissions, m2m_changed_user_permissions
from authentication.signals import pre_save_auth_state
from authentication.tasks import make_member, make_blue
from authentication.models import AuthServicesInfo
from authentication.states import MEMBER_STATE, BLUE_STATE, NONE_STATE
from eveonline.models import EveCharacter
class AuthUtils:
def __init__(self):
pass
@staticmethod
def _create_user(username):
return User.objects.create(username=username)
@classmethod
def create_user(cls, username, disconnect_signals=False):
if disconnect_signals:
cls.disconnect_signals()
user = cls._create_user(username)
user.authservicesinfo.state = NONE_STATE
user.authservicesinfo.save()
if disconnect_signals:
cls.connect_signals()
return user
@classmethod
def create_member(cls, username):
cls.disconnect_signals()
user = cls._create_user(username)
user.authservicesinfo.state = MEMBER_STATE
user.authservicesinfo.save()
make_member(user.authservicesinfo)
cls.connect_signals()
return user
@classmethod
def create_blue(cls, username):
cls.disconnect_signals()
user = cls._create_user(username)
user.authservicesinfo.state = BLUE_STATE
user.authservicesinfo.save()
make_blue(user.authservicesinfo)
cls.connect_signals()
return user
@classmethod
def disconnect_signals(cls):
m2m_changed.disconnect(m2m_changed_user_groups, sender=User.groups.through)
m2m_changed.disconnect(m2m_changed_group_permissions, sender=Group.permissions.through)
m2m_changed.disconnect(m2m_changed_user_permissions, sender=User.user_permissions.through)
pre_save.disconnect(pre_save_user, sender=User)
pre_save.disconnect(pre_save_auth_state, sender=AuthServicesInfo)
@classmethod
def connect_signals(cls):
m2m_changed.connect(m2m_changed_user_groups, sender=User.groups.through)
m2m_changed.connect(m2m_changed_group_permissions, sender=Group.permissions.through)
m2m_changed.connect(m2m_changed_user_permissions, sender=User.user_permissions.through)
pre_save.connect(pre_save_user, sender=User)
pre_save.connect(pre_save_auth_state, sender=AuthServicesInfo)
@classmethod
def add_main_character(cls, user, name, character_id, corp_id='', corp_name='', corp_ticker='', alliance_id='',
alliance_name=''):
EveCharacter.objects.create(
character_id=character_id,
character_name=name,
corporation_id=corp_id,
corporation_name=corp_name,
corporation_ticker=corp_ticker,
alliance_id=alliance_id,
alliance_name=alliance_name,
api_id='1234',
user=user
)
AuthServicesInfo.objects.update_or_create(user=user, defaults={'main_char_id': character_id})
@classmethod
def add_permissions_to_groups(cls, perms, groups, disconnect_signals=True):
if disconnect_signals:
cls.disconnect_signals()
for group in groups:
for perm in perms:
group.permissions.add(perm)
if disconnect_signals:
cls.connect_signals()

558
alliance_auth/tests/test_settings.py Normal file
View File

@@ -0,0 +1,558 @@
"""
Alliance Auth Test Suite Django settings.
"""
import os
import djcelery
from django.contrib import messages
import alliance_auth
djcelery.setup_loader()
# Use nose to run all tests
TEST_RUNNER = 'django_nose.NoseTestSuiteRunner'
NOSE_ARGS = [
#'--with-coverage',
#'--cover-package=',
]
# Celery configuration
CELERY_ALWAYS_EAGER = True # Forces celery to run locally for testing
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(alliance_auth.__file__)))
SECRET_KEY = 'testing only'
DEBUG = True
# Application definition
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'django.contrib.humanize',
'djcelery',
'bootstrapform',
'authentication',
'services',
'eveonline',
'groupmanagement',
'hrapplications',
'timerboard',
'srp',
'optimer',
'corputils',
'fleetactivitytracking',
'notifications',
'esi',
'permissions_tool',
'geelweb.django.navhelper',
'bootstrap_pagination',
'services.modules.mumble',
'services.modules.discord',
'services.modules.discourse',
'services.modules.ipboard',
'services.modules.ips4',
'services.modules.market',
'services.modules.openfire',
'services.modules.seat',
'services.modules.smf',
'services.modules.phpbb3',
'services.modules.xenforo',
'services.modules.teamspeak3',
'django_nose',
]
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django.middleware.locale.LocaleMiddleware',
]
ROOT_URLCONF = 'alliance_auth.urls'
LOCALE_PATHS = (
os.path.join(BASE_DIR, 'locale/'),
)
ugettext = lambda s: s
LANGUAGES = (
('en', ugettext('English')),
('de', ugettext('German')),
)
TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'DIRS': [
os.path.join(BASE_DIR, 'customization/templates'),
os.path.join(BASE_DIR, 'stock/templates'),
],
'APP_DIRS': True,
'OPTIONS': {
'context_processors': [
'django.template.context_processors.debug',
'django.template.context_processors.request',
'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages',
'django.template.context_processors.i18n',
'django.template.context_processors.media',
'django.template.context_processors.static',
'django.template.context_processors.tz',
'services.context_processors.auth_settings',
'notifications.context_processors.user_notification_count',
'authentication.context_processors.states',
'authentication.context_processors.membership_state',
'groupmanagement.context_processors.can_manage_groups',
],
},
},
]
# Database
# https://docs.djangoproject.com/en/1.10/ref/settings/#databases
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.sqlite3',
'NAME': 'alliance_auth',
'USER': os.environ.get('AA_DB_DEFAULT_USER', None),
'PASSWORD': os.environ.get('AA_DB_DEFAULT_PASSWORD', None),
'HOST': os.environ.get('AA_DB_DEFAULT_HOST', None)
},
}
LOGIN_URL = 'auth_login_user'
SUPERUSER_STATE_BYPASS = 'True' == os.environ.get('AA_SUPERUSER_STATE_BYPASS', 'True')
# Internationalization
# https://docs.djangoproject.com/en/1.10/topics/i18n/
LANGUAGE_CODE = os.environ.get('AA_LANGUAGE_CODE', 'en')
TIME_ZONE = os.environ.get('AA_TIME_ZONE', 'UTC')
USE_I18N = True
USE_L10N = True
USE_TZ = True
# Static files (CSS, JavaScript, Images)
STATIC_URL = '/static/'
STATIC_ROOT = os.path.join(BASE_DIR, "static")
STATICFILES_DIRS = (
os.path.join(BASE_DIR, "customization/static"),
os.path.join(BASE_DIR, "stock/static"),
)
# Bootstrap messaging css workaround
MESSAGE_TAGS = {
messages.ERROR: 'danger'
}
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.dummy.DummyCache',
}
}
#####################################################
##
## Auth configuration starts here
##
#####################################################
###########################
# ALLIANCE / CORP TOGGLE
###########################
# Specifies to run membership checks against corp or alliance
# Set to FALSE for alliance
# Set to TRUE for corp
###########################
IS_CORP = 'True' == os.environ.get('AA_IS_CORP', 'True')
#################
# EMAIL SETTINGS
#################
# DOMAIN - The alliance auth domain_url
# EMAIL_HOST - SMTP Server URL
# EMAIL_PORT - SMTP Server PORT
# EMAIL_HOST_USER - Email Username (for gmail, the entire address)
# EMAIL_HOST_PASSWORD - Email Password
# EMAIL_USE_TLS - Set to use TLS encryption
#################
DOMAIN = os.environ.get('AA_DOMAIN', 'https://example.com')
EMAIL_HOST = os.environ.get('AA_EMAIL_HOST', 'smtp.example.com')
EMAIL_PORT = int(os.environ.get('AA_EMAIL_PORT', '587'))
EMAIL_HOST_USER = os.environ.get('AA_EMAIL_HOST_USER', '')
EMAIL_HOST_PASSWORD = os.environ.get('AA_EMAIL_HOST_PASSWORD', '')
EMAIL_USE_TLS = 'True' == os.environ.get('AA_EMAIL_USE_TLS', 'True')
####################
# Front Page Links
####################
# KILLBOARD_URL - URL for your killboard. Blank to hide link
# MEDIA_URL - URL for your media page (youtube etc). Blank to hide link
# FORUM_URL - URL for your forums. Blank to hide link
# SITE_NAME - Name of the auth site.
####################
KILLBOARD_URL = os.environ.get('AA_KILLBOARD_URL', '')
EXTERNAL_MEDIA_URL = os.environ.get('AA_EXTERNAL_MEDIA_URL', '')
FORUM_URL = os.environ.get('AA_FORUM_URL', '')
SITE_NAME = os.environ.get('AA_SITE_NAME', 'Test Alliance Auth')
###################
# SSO Settings
###################
# Optional SSO.
# Get client ID and client secret from registering an app at
# https://developers.eveonline.com/
# Callback URL should be http://mydomain.com/sso/callback
# Leave callback blank to hide SSO button on login page
###################
ESI_SSO_CLIENT_ID = os.environ.get('AA_ESI_SSO_CLIENT_ID', '')
ESI_SSO_CLIENT_SECRET = os.environ.get('AA_ESI_SSO_CLIENT_SECRET', '')
ESI_SSO_CALLBACK_URL = os.environ.get('AA_ESI_SSO_CALLBACK_URL', '')
#########################
# Default Group Settings
#########################
# DEFAULT_AUTH_GROUP - Default group members are put in
# DEFAULT_BLUE_GROUP - Default group for blue members
# MEMBER_CORP_GROUPS - Assign members to a group representing their main corp
# BLUE_CORP_GROUPS - Assign blues to a group representing their main corp
#########################
DEFAULT_AUTH_GROUP = os.environ.get('AA_DEFAULT_ALLIANCE_GROUP', 'Member')
DEFAULT_BLUE_GROUP = os.environ.get('AA_DEFAULT_BLUE_GROUP', 'Blue')
MEMBER_CORP_GROUPS = 'True' == os.environ.get('AA_MEMBER_CORP_GROUPS', 'True')
MEMBER_ALLIANCE_GROUPS = 'True' == os.environ.get('AA_MEMBER_ALLIANCE_GROUPS', 'False')
BLUE_CORP_GROUPS = 'True' == os.environ.get('AA_BLUE_CORP_GROUPS', 'False')
BLUE_ALLIANCE_GROUPS = 'True' == os.environ.get('AA_BLUE_ALLIANCE_GROUPS', 'False')
#########################
# Corp Configuration
#########################
# If running in alliance mode, the following should be for the executor corp#
# CORP_ID - Set this to your corp ID (get this from https://zkillboard.com/corporation/#######)
# CORP_NAME - Set this to your Corporation Name
# CORP_API_ID - Set this to the api id for the corp API key
# CORP_API_VCODE - Set this to the api vcode for the corp API key
########################
CORP_ID = os.environ.get('AA_CORP_ID', '1234')
CORP_NAME = os.environ.get('AA_CORP_NAME', 'Alliance Auth Test Corp')
CORP_API_ID = os.environ.get('AA_CORP_API_ID', '')
CORP_API_VCODE = os.environ.get('AA_CORP_API_VCODE', '')
#########################
# Alliance Configuration
#########################
# ALLIANCE_ID - Set this to your Alliance ID (get this from https://zkillboard.com/alliance/#######)
# ALLIANCE_NAME - Set this to your Alliance Name
########################
ALLIANCE_ID = os.environ.get('AA_ALLIANCE_ID', '12345')
ALLIANCE_NAME = os.environ.get('AA_ALLIANCE_NAME', 'Alliance Auth Test Alliance')
########################
# API Configuration
########################
# MEMBER_API_MASK - Numeric value of minimum API mask required for members
# MEMBER_API_ACCOUNT - Require API to be for Account and not character restricted
# BLUE_API_MASK - Numeric value of minimum API mask required for blues
# BLUE_API_ACCOUNT - Require API to be for Account and not character restricted
# REJECT_OLD_APIS - Require each submitted API be newer than the latest submitted API
# REJECT_OLD_APIS_MARGIN - Margin from latest submitted API ID within which a newly submitted API is still accepted
# API_SSO_VALIDATION - Require users to prove ownership of newly entered API keys via SSO
# Requires SSO to be configured.
#######################
MEMBER_API_MASK = os.environ.get('AA_MEMBER_API_MASK', 268435455)
MEMBER_API_ACCOUNT = 'True' == os.environ.get('AA_MEMBER_API_ACCOUNT', 'True')
BLUE_API_MASK = os.environ.get('AA_BLUE_API_MASK', 8388608)
BLUE_API_ACCOUNT = 'True' == os.environ.get('AA_BLUE_API_ACCOUNT', 'True')
REJECT_OLD_APIS = 'True' == os.environ.get('AA_REJECT_OLD_APIS', 'False')
REJECT_OLD_APIS_MARGIN = os.environ.get('AA_REJECT_OLD_APIS_MARGIN', 50)
API_SSO_VALIDATION = 'True' == os.environ.get('AA_API_SSO_VALIDATION', 'False')
#######################
# EVE Provider Settings
#######################
# EVEONLINE_CHARACTER_PROVIDER - Name of default data source for getting eve character data
# EVEONLINE_CORP_PROVIDER - Name of default data source for getting eve corporation data
# EVEONLINE_ALLIANCE_PROVIDER - Name of default data source for getting eve alliance data
# EVEONLINE_ITEMTYPE_PROVIDER - Name of default data source for getting eve item type data
#
# Available sources are 'esi' and 'xml'. Leaving blank results in the default 'esi' being used.
#######################
EVEONLINE_CHARACTER_PROVIDER = os.environ.get('AA_EVEONLINE_CHARACTER_PROVIDER', 'xml')
EVEONLINE_CORP_PROVIDER = os.environ.get('AA_EVEONLINE_CORP_PROVIDER', 'xml')
EVEONLINE_ALLIANCE_PROVIDER = os.environ.get('AA_EVEONLINE_ALLIANCE_PROVIDER', 'xml')
EVEONLINE_ITEMTYPE_PROVIDER = os.environ.get('AA_EVEONLINE_ITEMTYPE_PROVIDER', 'xml')
#####################
# Alliance Market
#####################
MARKET_URL = os.environ.get('AA_MARKET_URL', 'http://yourdomain.com/market')
#####################
# HR Configuration
#####################
# JACK_KNIFE_URL - Url for the audit page of API Jack knife
# Should seriously replace with your own.
#####################
JACK_KNIFE_URL = os.environ.get('AA_JACK_KNIFE_URL', 'http://example.com/eveapi/audit.php')
#####################
# Forum Configuration
#####################
# IPBOARD_ENDPOINT - Api endpoint if using ipboard
# IPBOARD_APIKEY - Api key to interact with ipboard
# IPBOARD_APIMODULE - Module for alliance auth *leave alone*
#####################
IPBOARD_ENDPOINT = os.environ.get('AA_IPBOARD_ENDPOINT', 'example.com/interface/board/index.php')
IPBOARD_APIKEY = os.environ.get('AA_IPBOARD_APIKEY', 'somekeyhere')
IPBOARD_APIMODULE = 'aa'
########################
# XenForo Configuration
########################
XENFORO_ENDPOINT = os.environ.get('AA_XENFORO_ENDPOINT', 'example.com/api.php')
XENFORO_DEFAULT_GROUP = os.environ.get('AA_XENFORO_DEFAULT_GROUP', 0)
XENFORO_APIKEY = os.environ.get('AA_XENFORO_APIKEY', 'yourapikey')
#####################
######################
# Jabber Configuration
######################
# JABBER_URL - Jabber address url
# JABBER_PORT - Jabber service portal
# JABBER_SERVER - Jabber server url
# OPENFIRE_ADDRESS - Address of the openfire admin console including port
# Please use http with 9090 or https with 9091
# OPENFIRE_SECRET_KEY - Openfire REST API secret key
# BROADCAST_USER - Broadcast user JID
# BROADCAST_USER_PASSWORD - Broadcast user password
######################
JABBER_URL = os.environ.get('AA_JABBER_URL', "example.com")
JABBER_PORT = int(os.environ.get('AA_JABBER_PORT', '5223'))
JABBER_SERVER = os.environ.get('AA_JABBER_SERVER', "example.com")
OPENFIRE_ADDRESS = os.environ.get('AA_OPENFIRE_ADDRESS', "http://example.com:9090")
OPENFIRE_SECRET_KEY = os.environ.get('AA_OPENFIRE_SECRET_KEY', "somekey")
BROADCAST_USER = os.environ.get('AA_BROADCAST_USER', "broadcast@") + JABBER_URL
BROADCAST_USER_PASSWORD = os.environ.get('AA_BROADCAST_USER_PASSWORD', "somepassword")
BROADCAST_SERVICE_NAME = os.environ.get('AA_BROADCAST_SERVICE_NAME', "broadcast")
######################################
# Mumble Configuration
######################################
# MUMBLE_URL - Mumble server url
# MUMBLE_SERVER_ID - Mumble server id
######################################
MUMBLE_URL = os.environ.get('AA_MUMBLE_URL', "example.com")
MUMBLE_SERVER_ID = int(os.environ.get('AA_MUMBLE_SERVER_ID', '1'))
######################################
# PHPBB3 Configuration
######################################
######################################
# Teamspeak3 Configuration
######################################
# TEAMSPEAK3_SERVER_IP - Teamspeak3 server ip
# TEAMSPEAK3_SERVER_PORT - Teamspeak3 server port
# TEAMSPEAK3_SERVERQUERY_USER - Teamspeak3 serverquery username
# TEAMSPEAK3_SERVERQUERY_PASSWORD - Teamspeak3 serverquery password
# TEAMSPEAK3_VIRTUAL_SERVER - Virtual server id
# TEAMSPEAK3_AUTHED_GROUP_ID - Default authed group id
# TEAMSPEAK3_PUBLIC_URL - teamspeak3 public url used for link creation
######################################
TEAMSPEAK3_SERVER_IP = os.environ.get('AA_TEAMSPEAK3_SERVER_IP', '127.0.0.1')
TEAMSPEAK3_SERVER_PORT = int(os.environ.get('AA_TEAMSPEAK3_SERVER_PORT', '10011'))
TEAMSPEAK3_SERVERQUERY_USER = os.environ.get('AA_TEAMSPEAK3_SERVERQUERY_USER', 'serveradmin')
TEAMSPEAK3_SERVERQUERY_PASSWORD = os.environ.get('AA_TEAMSPEAK3_SERVERQUERY_PASSWORD', 'passwordhere')
TEAMSPEAK3_VIRTUAL_SERVER = int(os.environ.get('AA_TEAMSPEAK3_VIRTUAL_SERVER', '1'))
TEAMSPEAK3_PUBLIC_URL = os.environ.get('AA_TEAMSPEAK3_PUBLIC_URL', 'example.com')
######################################
# Discord Configuration
######################################
# DISCORD_GUILD_ID - ID of the guild to manage
# DISCORD_BOT_TOKEN - oauth token of the app bot user
# DISCORD_INVITE_CODE - invite code to the server
# DISCORD_APP_ID - oauth app client ID
# DISCORD_APP_SECRET - oauth app secret
# DISCORD_CALLBACK_URL - oauth callback url
# DISCORD_SYNC_NAMES - enable to force discord nicknames to be set to eve char name (bot needs Manage Nicknames permission)
######################################
DISCORD_GUILD_ID = os.environ.get('AA_DISCORD_GUILD_ID', '')
DISCORD_BOT_TOKEN = os.environ.get('AA_DISCORD_BOT_TOKEN', '')
DISCORD_INVITE_CODE = os.environ.get('AA_DISCORD_INVITE_CODE', '')
DISCORD_APP_ID = os.environ.get('AA_DISCORD_APP_ID', '')
DISCORD_APP_SECRET = os.environ.get('AA_DISCORD_APP_SECRET', '')
DISCORD_CALLBACK_URL = os.environ.get('AA_DISCORD_CALLBACK_URL', 'http://example.com/discord_callback')
DISCORD_SYNC_NAMES = 'True' == os.environ.get('AA_DISCORD_SYNC_NAMES', 'False')
######################################
# Discourse Configuration
######################################
# DISCOURSE_URL - Web address of the forums (no trailing slash)
# DISCOURSE_API_USERNAME - API account username
# DISCOURSE_API_KEY - API Key
# DISCOURSE_SSO_SECRET - SSO secret key
######################################
DISCOURSE_URL = os.environ.get('AA_DISCOURSE_URL', 'https://example.com')
DISCOURSE_API_USERNAME = os.environ.get('AA_DISCOURSE_API_USERNAME', '')
DISCOURSE_API_KEY = os.environ.get('AA_DISCOURSE_API_KEY', '')
DISCOURSE_SSO_SECRET = 'd836444a9e4084d5b224a60c208dce14'
# Example secret from https://meta.discourse.org/t/official-single-sign-on-for-discourse/13045
#####################################
# IPS4 Configuration
#####################################
# IPS4_URL - base url of the IPS4 install (no trailing slash)
# IPS4_API_KEY - API key provided by IPS4
#####################################
IPS4_URL = os.environ.get('AA_IPS4_URL', 'http://example.com/ips4')
IPS4_API_KEY = os.environ.get('AA_IPS4_API_KEY', '')
#####################################
# SEAT Configuration
#####################################
# SEAT_URL - base url of the seat install (no trailing slash)
# SEAT_XTOKEN - API key X-Token provided by SeAT
#####################################
SEAT_URL = os.environ.get('AA_SEAT_URL', 'http://example.com/seat')
SEAT_XTOKEN = os.environ.get('AA_SEAT_XTOKEN', 'tokentokentoken')
######################################
# SMF Configuration
######################################
SMF_URL = os.environ.get('AA_SMF_URL', '')
######################################
# Fleet-Up Configuration
######################################
# FLEETUP_APP_KEY - The app key from http://fleet-up.com/Api/MyApps
# FLEETUP_USER_ID - The user id from http://fleet-up.com/Api/MyKeys
# FLEETUP_API_ID - The API id from http://fleet-up.com/Api/MyKeys
# FLEETUP_GROUP_ID - The id of the group you want to pull data from, see http://fleet-up.com/Api/Endpoints#groups_mygroupmemberships
######################################
FLEETUP_APP_KEY = os.environ.get('AA_FLEETUP_APP_KEY', '')
FLEETUP_USER_ID = os.environ.get('AA_FLEETUP_USER_ID', '')
FLEETUP_API_ID = os.environ.get('AA_FLEETUP_API_ID', '')
FLEETUP_GROUP_ID = os.environ.get('AA_FLEETUP_GROUP_ID', '')
PASSWORD_HASHERS = [
'django.contrib.auth.hashers.MD5PasswordHasher',
]
LOGGING = {
'version': 1,
'disable_existing_loggers': False,
'formatters': {
'verbose': {
'format' : "[%(asctime)s] %(levelname)s [%(name)s:%(lineno)s] %(message)s",
'datefmt' : "%d/%b/%Y %H:%M:%S"
},
'simple': {
'format': '%(levelname)s %(message)s'
},
},
'handlers': {
'console': {
'level': 'DEBUG', # edit this line to change logging level to console
'class': 'logging.StreamHandler',
'formatter': 'verbose',
},
'notifications': { # creates notifications for users with logging_notifications permission
'level': 'ERROR', # edit this line to change logging level to notifications
'class': 'notifications.handlers.NotificationHandler',
'formatter': 'verbose',
},
},
'loggers': {
'authentication': {
'handlers': ['console', 'notifications'],
'level': 'DEBUG',
},
'celerytask': {
'handlers': ['console', 'notifications'],
'level': 'DEBUG',
},
'eveonline': {
'handlers': ['console', 'notifications'],
'level': 'DEBUG',
},
'groupmanagement': {
'handlers': ['console', 'notifications'],
'level': 'DEBUG',
},
'hrapplications': {
'handlers': ['console', 'notifications'],
'level': 'DEBUG',
},
'portal': {
'handlers': ['console', 'notifications'],
'level': 'DEBUG',
},
'registration': {
'handlers': ['console', 'notifications'],
'level': 'DEBUG',
},
'services': {
'handlers': ['console', 'notifications'],
'level': 'DEBUG',
},
'srp': {
'handlers': ['console', 'notifications'],
'level': 'DEBUG',
},
'timerboard': {
'handlers': ['console', 'notifications'],
'level': 'DEBUG',
},
'sigtracker': {
'handlers': ['console', 'notifications'],
'level': 'DEBUG',
},
'optimer': {
'handlers': ['console', 'notifications'],
'level': 'DEBUG',
},
'corputils': {
'handlers': ['console', 'notifications'],
'level': 'DEBUG',
},
'fleetactivitytracking': {
'handlers': ['console', 'notifications'],
'level': 'ERROR',
},
'util': {
'handlers': ['console', 'notifications'],
'level': 'DEBUG',
},
'django': {
'handlers': ['console', 'notifications'],
'level': 'ERROR',
},
}
}
LOGGING = None # Comment out to enable logging for debugging

104
alliance_auth/urls.py
View File

@@ -17,10 +17,13 @@ import notifications.views
import hrapplications.views
import corputils.urls
import esi.urls
import permissions_tool.urls
from alliance_auth import NAME
admin.site.site_header = NAME
from alliance_auth.hooks import get_hooks
# Functional/Untranslated URL's
urlpatterns = [
# Locale
@@ -33,9 +36,6 @@ urlpatterns = [
url(r'^sso/', include(esi.urls, namespace='esi')),
url(r'^sso/login$', authentication.views.sso_login, name='auth_sso_login'),
# Corputils
url(r'^corpstats/', include(corputils.urls, namespace='corputils')),
# Index
url(_(r'^$'), authentication.views.index_view, name='auth_index'),
@@ -47,85 +47,6 @@ urlpatterns = [
name='auth_main_character_change'),
url(r'^api_verify_owner/(\w+)/$', eveonline.views.api_sso_validate, name='auth_api_sso'),
# Forum Service Control
url(r'^activate_forum/$', services.views.activate_forum, name='auth_activate_forum'),
url(r'^deactivate_forum/$', services.views.deactivate_forum, name='auth_deactivate_forum'),
url(r'^reset_forum_password/$', services.views.reset_forum_password,
name='auth_reset_forum_password'),
url(r'^set_forum_password/$', services.views.set_forum_password, name='auth_set_forum_password'),
# Jabber Service Control
url(r'^activate_jabber/$', services.views.activate_jabber, name='auth_activate_jabber'),
url(r'^deactivate_jabber/$', services.views.deactivate_jabber, name='auth_deactivate_jabber'),
url(r'^reset_jabber_password/$', services.views.reset_jabber_password,
name='auth_reset_jabber_password'),
# Mumble service control
url(r'^activate_mumble/$', services.views.activate_mumble, name='auth_activate_mumble'),
url(r'^deactivate_mumble/$', services.views.deactivate_mumble, name='auth_deactivate_mumble'),
url(r'^reset_mumble_password/$', services.views.reset_mumble_password,
name='auth_reset_mumble_password'),
url(r'^set_mumble_password/$', services.views.set_mumble_password, name='auth_set_mumble_password'),
# Ipboard service control
url(r'^activate_ipboard/$', services.views.activate_ipboard_forum,
name='auth_activate_ipboard'),
url(r'^deactivate_ipboard/$', services.views.deactivate_ipboard_forum,
name='auth_deactivate_ipboard'),
url(r'^reset_ipboard_password/$', services.views.reset_ipboard_password,
name='auth_reset_ipboard_password'),
url(r'^set_ipboard_password/$', services.views.set_ipboard_password, name='auth_set_ipboard_password'),
# XenForo service control
url(r'^activate_xenforo/$', services.views.activate_xenforo_forum,
name='auth_activate_xenforo'),
url(r'^deactivate_xenforo/$', services.views.deactivate_xenforo_forum,
name='auth_deactivate_xenforo'),
url(r'^reset_xenforo_password/$', services.views.reset_xenforo_password,
name='auth_reset_xenforo_password'),
url(r'^set_xenforo_password/$', services.views.set_xenforo_password, name='auth_set_xenforo_password'),
# Teamspeak3 service control
url(r'^activate_teamspeak3/$', services.views.activate_teamspeak3,
name='auth_activate_teamspeak3'),
url(r'^deactivate_teamspeak3/$', services.views.deactivate_teamspeak3,
name='auth_deactivate_teamspeak3'),
url(r'reset_teamspeak3_perm/$', services.views.reset_teamspeak3_perm,
name='auth_reset_teamspeak3_perm'),
# Discord Service Control
url(r'^activate_discord/$', services.views.activate_discord, name='auth_activate_discord'),
url(r'^deactivate_discord/$', services.views.deactivate_discord, name='auth_deactivate_discord'),
url(r'^reset_discord/$', services.views.reset_discord, name='auth_reset_discord'),
url(r'^discord_callback/$', services.views.discord_callback, name='auth_discord_callback'),
url(r'^discord_add_bot/$', services.views.discord_add_bot, name='auth_discord_add_bot'),
# Discourse Service Control
url(r'^discourse_sso$', services.views.discourse_sso, name='auth_discourse_sso'),
# IPS4 Service Control
url(r'^activate_ips4/$', services.views.activate_ips4,
name='auth_activate_ips4'),
url(r'^deactivate_ips4/$', services.views.deactivate_ips4,
name='auth_deactivate_ips4'),
url(r'^reset_ips4_password/$', services.views.reset_ips4_password,
name='auth_reset_ips4_password'),
url(r'^set_ips4_password/$', services.views.set_ips4_password, name='auth_set_ips4_password'),
# SMF Service Control
url(r'^activate_smf/$', services.views.activate_smf, name='auth_activate_smf'),
url(r'^deactivate_smf/$', services.views.deactivate_smf, name='auth_deactivate_smf'),
url(r'^reset_smf_password/$', services.views.reset_smf_password,
name='auth_reset_smf_password'),
url(r'^set_smf_password/$', services.views.set_smf_password, name='auth_set_smf_password'),
# Alliance Market Control
url(r'^activate_market/$', services.views.activate_market, name='auth_activate_market'),
url(r'^deactivate_market/$', services.views.deactivate_market, name='auth_deactivate_market'),
url(r'^reset_market_password/$', services.views.reset_market_password,
name='auth_reset_market_password'),
url(r'^set_market_password/$', services.views.set_market_password, name='auth_set_market_password'),
# SRP URLS
url(r'^srp_fleet_remove/(\w+)$', srp.views.srp_fleet_remove, name='auth_srp_fleet_remove'),
url(r'^srp_fleet_disable/(\w+)$', srp.views.srp_fleet_disable, name='auth_srp_fleet_disable'),
@@ -183,6 +104,9 @@ urlpatterns += i18n_patterns(
url(_(r'^refresh_api_pair/([0-9]+)/$'), eveonline.views.user_refresh_api, name='auth_user_refresh_api'),
url(_(r'^delete_api_pair/(\w+)/$'), eveonline.views.api_key_removal, name='auth_api_key_removal'),
url(_(r'^characters/'), eveonline.views.characters_view, name='auth_characters'),
# Corputils
url(_(r'^corpstats/'), include(corputils.urls, namespace='corputils')),
# Group management
url(_(r'^groups/'), groupmanagement.views.groups_view, name='auth_groups'),
@@ -241,11 +165,6 @@ urlpatterns += i18n_patterns(
# Service Urls
url(_(r'^services/$'), services.views.services_view, name='auth_services'),
url(_(r'^services/jabber_broadcast/$'), services.views.jabber_broadcast_view,
name='auth_jabber_broadcast_view'),
# Teamspeak Urls
url(r'verify_teamspeak3/$', services.views.verify_teamspeak3, name='auth_verify_teamspeak3'),
# Timer URLS
url(_(r'^timers/$'), timerboard.views.timer_view, name='auth_timer_view'),
@@ -271,9 +190,6 @@ urlpatterns += i18n_patterns(
url(_(r'^notifications/$'), notifications.views.notification_list, name='auth_notification_list'),
url(_(r'^notifications/(\w+)/$'), notifications.views.notification_view, name='auth_notification_view'),
# Jabber
url(_(r'^set_jabber_password/$'), services.views.set_jabber_password, name='auth_set_jabber_password'),
# FleetActivityTracking (FAT)
url(r'^fat/$', fleetactivitytracking.views.fatlink_view, name='auth_fatlink_view'),
url(r'^fat/statistics/$', fleetactivitytracking.views.fatlink_statistics_view, name='auth_fatlink_view_statistics'),
@@ -296,4 +212,12 @@ urlpatterns += i18n_patterns(
url(r'^fat/link/$', fleetactivitytracking.views.fatlink_view, name='auth_click_fatlink_view'),
url(r'^fat/link/(?P<hash>[a-zA-Z0-9]+)/(?P<fatname>[a-z0-9_-]+)/$',
fleetactivitytracking.views.click_fatlink_view),
url(r'^permissions/', include(permissions_tool.urls))
)
# Append hooked service urls
services = get_hooks('services_hook')
for svc in services:
urlpatterns += svc().urlpatterns

188
authentication/admin.py
View File

@@ -1,22 +1,19 @@
from __future__ import unicode_literals
from django.contrib import admin
from django.contrib.auth.admin import UserAdmin as BaseUserAdmin
from django.contrib.auth.models import User
from django.utils.text import slugify
from authentication.models import AuthServicesInfo
from eveonline.models import EveCharacter
from services.tasks import update_jabber_groups
from services.tasks import update_mumble_groups
from services.tasks import update_forum_groups
from services.tasks import update_ipboard_groups
from services.tasks import update_smf_groups
from services.tasks import update_teamspeak3_groups
from services.tasks import update_discord_groups
from services.tasks import update_discord_nickname
from services.tasks import update_discourse_groups
from alliance_auth.hooks import get_hooks
from services.hooks import ServicesHook
@admin.register(AuthServicesInfo)
class AuthServicesInfoManager(admin.ModelAdmin):
@staticmethod
def main_character(obj):
if obj.main_char_id:
@@ -34,120 +31,69 @@ class AuthServicesInfoManager(admin.ModelAdmin):
def has_add_permission(request, obj=None):
return False
def sync_jabber(self, request, queryset):
count = 0
for a in queryset: # queryset filtering doesn't work here?
if a.jabber_username != "":
update_jabber_groups.delay(a.user.pk)
count += 1
self.message_user(request, "%s jabber accounts queued for group sync." % count)
sync_jabber.short_description = "Sync groups for selected jabber accounts"
def sync_mumble(self, request, queryset):
count = 0
for a in queryset:
if a.mumble_username != "":
update_mumble_groups.delay(a.user.pk)
count += 1
self.message_user(request, "%s mumble accounts queued for group sync." % count)
sync_mumble.short_description = "Sync groups for selected mumble accounts"
def sync_forum(self, request, queryset):
count = 0
for a in queryset:
if a.forum_username != "":
update_forum_groups.delay(a.user.pk)
count += 1
self.message_user(request, "%s forum accounts queued for group sync." % count)
sync_forum.short_description = "Sync groups for selected forum accounts"
def sync_ipboard(self, request, queryset):
count = 0
for a in queryset:
if a.ipboard_username != "":
update_ipboard_groups.delay(a.user.pk)
count += 1
self.message_user(request, "%s ipboard accounts queued for group sync." % count)
sync_ipboard.short_description = "Sync groups for selected ipboard accounts"
def sync_smf(self, request, queryset):
count = 0
for a in queryset:
if a.smf_username != "":
update_smf_groups.delay(a.user.pk)
count += 1
self.message_user(request, "%s smf accounts queued for group sync." % count)
sync_smf.short_description = "Sync groups for selected smf accounts"
def sync_teamspeak(self, request, queryset):
count = 0
for a in queryset:
if a.teamspeak3_uid != "":
update_teamspeak3_groups.delay(a.user.pk)
count += 1
self.message_user(request, "%s teamspeak accounts queued for group sync." % count)
sync_teamspeak.short_description = "Sync groups for selected teamspeak accounts"
def sync_discord(self, request, queryset):
count = 0
for a in queryset:
if a.discord_uid != "":
update_discord_groups.delay(a.user.pk)
count += 1
self.message_user(request, "%s discord accounts queued for group sync." % count)
sync_discord.short_description = "Sync groups for selected discord accounts"
def sync_discourse(self, request, queryset):
count = 0
for a in queryset:
if a.discourse_enabled:
update_discourse_groups.delay(a.user.pk)
count += 1
self.message_user(request, "%s discourse accounts queued for group sync." % count)
sync_discourse.short_description = "Sync groups for selected discourse accounts"
def sync_nicknames(self, request, queryset):
count = 0
for a in queryset:
if a.discord_uid != "":
update_discord_nickname(a.user.pk)
count += 1
self.message_user(request, "%s discord accounts queued for nickname sync." % count)
sync_nicknames.short_description = "Sync nicknames for selected discord accounts"
actions = [
'sync_jabber',
'sync_mumble',
'sync_forum',
'sync_ipboard',
'sync_smf',
'sync_teamspeak',
'sync_discord',
'sync_discourse',
'sync_nicknames',
]
search_fields = [
'user__username',
'ipboard_username',
'xenforo_username',
'forum_username',
'jabber_username',
'mumble_username',
'teamspeak3_uid',
'discord_uid',
'ips4_username',
'smf_username',
'market_username',
'main_char_id',
]
list_display = ('user', 'main_character')
def make_service_hooks_update_groups_action(service):
"""
Make a admin action for the given service
:param service: services.hooks.ServicesHook
:return: fn to update services groups for the selected users
"""
def update_service_groups(modeladmin, request, queryset):
for user in queryset: # queryset filtering doesn't work here?
service.update_groups(user)
update_service_groups.__name__ = str('update_{}_groups'.format(slugify(service.name)))
update_service_groups.short_description = "Sync groups for selected {} accounts".format(service.title)
return update_service_groups
def make_service_hooks_sync_nickname_action(service):
"""
Make a sync_nickname admin action for the given service
:param service: services.hooks.ServicesHook
:return: fn to sync nickname for the selected users
"""
def sync_nickname(modeladmin, request, queryset):
for user in queryset: # queryset filtering doesn't work here?
service.sync_nickname(user)
sync_nickname.__name__ = str('sync_{}_nickname'.format(slugify(service.name)))
sync_nickname.short_description = "Sync nicknames for selected {} accounts".format(service.title)
return sync_nickname
class UserAdmin(BaseUserAdmin):
"""
Extending Django's UserAdmin model
"""
def get_actions(self, request):
actions = super(BaseUserAdmin, self).get_actions(request)
for hook in get_hooks('services_hook'):
svc = hook()
# Check update_groups is redefined/overloaded
if svc.update_groups.__module__ != ServicesHook.update_groups.__module__:
action = make_service_hooks_update_groups_action(svc)
actions[action.__name__] = (action,
action.__name__,
action.short_description)
# Create sync nickname action if service implements it
if svc.sync_nickname.__module__ != ServicesHook.sync_nickname.__module__:
action = make_service_hooks_sync_nickname_action(svc)
actions[action.__name__] = (action,
action.__name__,
action.short_description)
return actions
# Re-register UserAdmin
try:
admin.site.unregister(User)
finally:
admin.site.register(User, UserAdmin)

9
authentication/forms.py
View File

@@ -2,6 +2,7 @@ from __future__ import unicode_literals
from django import forms
from django.utils.translation import ugettext_lazy as _
from django.contrib.auth.models import User
from django.conf import settings
import re
@@ -9,6 +10,10 @@ class LoginForm(forms.Form):
username = forms.CharField(label=_('Username'), max_length=32, required=True)
password = forms.CharField(label=_('Password'), widget=forms.PasswordInput())
if getattr(settings, 'CAPTCHA_ENABLED', False):
from captcha.fields import ReCaptchaField
captcha = ReCaptchaField()
class RegistrationForm(forms.Form):
username = forms.CharField(label=_('Username'), max_length=30, required=True)
@@ -17,6 +22,10 @@ class RegistrationForm(forms.Form):
email = forms.CharField(label=_('Email'), max_length=254, required=True)
email_again = forms.CharField(label=_('Email Again'), max_length=254, required=True)
if getattr(settings, 'CAPTCHA_ENABLED', False):
from captcha.fields import ReCaptchaField
captcha = ReCaptchaField()
def clean(self):
if ' ' in self.cleaned_data['username']:
raise forms.ValidationError('Username cannot contain a space')

112
authentication/managers.py
View File

@@ -24,73 +24,6 @@ class AuthServicesInfoManager:
else:
logger.error("Failed to update user %s main character id to %s: user does not exist." % (user, char_id))
@staticmethod
def update_user_forum_info(username, user):
if User.objects.filter(username=user.username).exists():
logger.debug("Updating user %s forum info: username %s" % (user, username))
authserviceinfo = AuthServicesInfo.objects.get(user=user)
authserviceinfo.forum_username = username
authserviceinfo.save(update_fields=['forum_username'])
logger.info("Updated user %s forum info in authservicesinfo model." % user)
else:
logger.error("Failed to update user %s forum info: user does not exist." % user)
@staticmethod
def update_user_jabber_info(username, user):
if User.objects.filter(username=user.username).exists():
logger.debug("Updating user %s jabber info: username %s" % (user, username))
authserviceinfo = AuthServicesInfo.objects.get(user=user)
authserviceinfo.jabber_username = username
authserviceinfo.save(update_fields=['jabber_username'])
logger.info("Updated user %s jabber info in authservicesinfo model." % user)
else:
logger.error("Failed to update user %s jabber info: user does not exist." % user)
@staticmethod
def update_user_mumble_info(username, user):
if User.objects.filter(username=user.username).exists():
logger.debug("Updating user %s mumble info: username %s" % (user, username))
authserviceinfo = AuthServicesInfo.objects.get(user=user)
authserviceinfo.mumble_username = username
authserviceinfo.save(update_fields=['mumble_username'])
logger.info("Updated user %s mumble info in authservicesinfo model." % user)
else:
logger.error("Failed to update user %s mumble info: user does not exist." % user)
@staticmethod
def update_user_ipboard_info(username, user):
if User.objects.filter(username=user.username).exists():
logger.debug("Updating user %s ipboard info: uername %s" % (user, username))
authserviceinfo = AuthServicesInfo.objects.get(user=user)
authserviceinfo.ipboard_username = username
authserviceinfo.save(update_fields=['ipboard_username'])
logger.info("Updated user %s ipboard info in authservicesinfo model." % user)
else:
logger.error("Failed to update user %s ipboard info: user does not exist." % user)
@staticmethod
def update_user_xenforo_info(username, user):
if User.objects.filter(username=user.username).exists():
logger.debug("Updating user %s xenforo info: uername %s" % (user, username))
authserviceinfo = AuthServicesInfo.objects.get(user=user)
authserviceinfo.xenforo_username = username
authserviceinfo.save(update_fields=['xenforo_username'])
logger.info("Updated user %s xenforo info in authservicesinfo model." % user)
else:
logger.error("Failed to update user %s xenforo info: user does not exist." % user)
@staticmethod
def update_user_teamspeak3_info(uid, perm_key, user):
if User.objects.filter(username=user.username).exists():
logger.debug("Updating user %s teamspeak3 info: uid %s" % (user, uid))
authserviceinfo = AuthServicesInfo.objects.get(user=user)
authserviceinfo.teamspeak3_uid = uid
authserviceinfo.teamspeak3_perm_key = perm_key
authserviceinfo.save(update_fields=['teamspeak3_uid', 'teamspeak3_perm_key'])
logger.info("Updated user %s teamspeak3 info in authservicesinfo model." % user)
else:
logger.error("Failed to update user %s teamspeak3 info: user does not exist." % user)
@staticmethod
def update_is_blue(is_blue, user):
if User.objects.filter(username=user.username).exists():
@@ -100,51 +33,6 @@ class AuthServicesInfoManager:
authserviceinfo.save(update_fields=['is_blue'])
logger.info("Updated user %s blue status to %s in authservicesinfo model." % (user, is_blue))
@staticmethod
def update_user_discord_info(user_id, user):
if User.objects.filter(username=user.username).exists():
logger.debug("Updating user %s discord info: user_id %s" % (user, user_id))
authserviceinfo = AuthServicesInfo.objects.get(user=user)
authserviceinfo.discord_uid = user_id
authserviceinfo.save(update_fields=['discord_uid'])
logger.info("Updated user %s discord info in authservicesinfo model." % user)
else:
logger.error("Failed to update user %s discord info: user does not exist." % user)
@staticmethod
def update_user_ips4_info(username, id, user):
if User.objects.filter(username=user.username).exists():
logger.debug("Updating user %s IPS4 info: username %s" % (user, username))
authserviceinfo = AuthServicesInfo.objects.get(user=user)
authserviceinfo.ips4_username = username
authserviceinfo.ips4_id = id
authserviceinfo.save(update_fields=['ips4_username', 'ips4_id'])
logger.info("Updated user %s IPS4 info in authservicesinfo model." % user)
else:
logger.error("Failed to update user %s IPS4 info: user does not exist." % user)
@staticmethod
def update_user_smf_info(username, user):
if User.objects.filter(username=user.username).exists():
logger.debug("Updating user %s forum info: username %s" % (user, username))
authserviceinfo = AuthServicesInfo.objects.get(user=user)
authserviceinfo.smf_username = username
authserviceinfo.save(update_fields=['smf_username'])
logger.info("Updated user %s smf info in authservicesinfo model." % user)
else:
logger.error("Failed to update user %s smf info: user does not exist." % user)
@staticmethod
def update_user_market_info(username, user):
if User.objects.filter(username=user.username).exists():
logger.debug("Updating user %s market info: username %s" % (user, username))
authserviceinfo = AuthServicesInfo.objects.get(user=user)
authserviceinfo.market_username = username
authserviceinfo.save(update_fields=['market_username'])
logger.info("Updated user %s market info in authservicesinfo model." % user)
else:
logger.error("Failed to update user %s market info: user does not exist." % user)
class UserState:
def __init__(self):

323
authentication/migrations/0013_service_modules.py Normal file
View File

@@ -0,0 +1,323 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.2 on 2016-12-11 23:14
from __future__ import unicode_literals
from django.db import migrations
from django.conf import settings
from django.core.exceptions import ObjectDoesNotExist
import logging
logger = logging.getLogger(__name__)
def optional_dependencies():
"""
Only require these migrations if the given app
is installed. If the app isn't installed then
the relevant AuthServicesInfo field will be LOST
when the data migration is run.
"""
installed_apps = settings.INSTALLED_APPS
dependencies = []
# Skip adding module dependencies if the settings specifies that services have been migrated
if hasattr(settings, 'SERVICES_MIGRATED') and settings.SERVICES_MIGRATED:
return dependencies
if 'services.modules.xenforo' in installed_apps:
dependencies.append(('xenforo', '0001_initial'))
if 'services.modules.discord' in installed_apps:
dependencies.append(('discord', '0001_initial'))
if 'services.modules.discourse' in installed_apps:
dependencies.append(('discourse', '0001_initial'))
if 'services.modules.ipboard' in installed_apps:
dependencies.append(('ipboard', '0001_initial'))
if 'services.modules.ips4' in installed_apps:
dependencies.append(('ips4', '0001_initial'))
if 'services.modules.market' in installed_apps:
dependencies.append(('market', '0001_initial'))
if 'services.modules.openfire' in installed_apps:
dependencies.append(('openfire', '0001_initial'))
if 'services.modules.smf' in installed_apps:
dependencies.append(('smf', '0001_initial'))
if 'services.modules.teamspeak3' in installed_apps:
dependencies.append(('teamspeak3', '0003_teamspeak3user'))
if 'services.modules.mumble' in installed_apps:
dependencies.append(('mumble', '0003_mumbleuser_user'))
if 'services.modules.phpbb3' in installed_apps:
dependencies.append(('phpbb3', '0001_initial'))
return dependencies
class DatalossException(Exception):
def __init__(self, field, app):
message = "This migration would cause a loss of data for the %s field, ensure the %s app is installed and" \
" run the migration again" % (field, app)
super(Exception, self).__init__(message)
def check_for_dataloss(authservicesinfo):
"""
Check if any of the authservicesinfo contain a field which contains data
that would be lost because the target module for migration is not installed.
If a record is found with no matching target installed an exception is raised.
:param authservicesinfo: AuthServicesInfo records to check
"""
installed_apps = settings.INSTALLED_APPS
for authinfo in authservicesinfo:
if authinfo.xenforo_username and 'services.modules.xenforo' not in installed_apps:
raise DatalossException('xenforo_username', 'services.modules.xenforo')
if authinfo.discord_uid and 'services.modules.discord' not in installed_apps:
raise DatalossException('discord_uid', 'services.modules.discord')
if authinfo.discourse_enabled and 'services.modules.discourse' not in installed_apps:
raise DatalossException('discourse_enabled', 'services.modules.discourse')
if authinfo.ipboard_username and 'services.modules.ipboard' not in installed_apps:
raise DatalossException('ipboard_username', 'services.modules.ipboard')
if authinfo.ips4_id and 'services.modules.ips4' not in installed_apps:
raise DatalossException('ips4_id', 'services.modules.ips4')
if authinfo.market_username and 'services.modules.market' not in installed_apps:
raise DatalossException('market_username', 'services.modules.market')
if authinfo.jabber_username and 'services.modules.openfire' not in installed_apps:
raise DatalossException('jabber_username', 'services.modules.openfire')
if authinfo.smf_username and 'services.modules.smf' not in installed_apps:
raise DatalossException('smf_username', 'services.modules.smf')
if authinfo.teamspeak3_uid and 'services.modules.teamspeak3' not in installed_apps:
raise DatalossException('teamspeak3_uid', 'services.modules.teamspeak3')
if authinfo.mumble_username and 'services.modules.mumble' not in installed_apps:
raise DatalossException('mumble_username', 'services.modules.mumble')
if authinfo.forum_username and 'services.modules.phpbb3' not in installed_apps:
raise DatalossException('forum_username', 'services.modules.phpbb3')
def forward(apps, schema_editor):
installed_apps = settings.INSTALLED_APPS
AuthServicesInfo = apps.get_model("authentication", "AuthServicesInfo")
# Check if any records would result in dataloss
check_for_dataloss(AuthServicesInfo.objects.all())
XenforoUser = apps.get_model('xenforo', 'XenforoUser') if 'services.modules.xenforo' in installed_apps else None
DiscordUser = apps.get_model('discord', 'DiscordUser') if 'services.modules.discord' in installed_apps else None
DiscourseUser = apps.get_model('discourse', 'DiscourseUser') if 'services.modules.discourse' in installed_apps else None
IpboardUser = apps.get_model('ipboard', 'IpboardUser') if 'services.modules.ipboard' in installed_apps else None
Ips4User = apps.get_model('ips4', 'Ips4User') if 'services.modules.ips4' in installed_apps else None
MarketUser = apps.get_model('market', 'MarketUser') if 'services.modules.market' in installed_apps else None
OpenfireUser = apps.get_model('openfire', 'OpenfireUser') if 'services.modules.openfire' in installed_apps else None
SmfUser = apps.get_model('smf', 'SmfUser') if 'services.modules.smf' in installed_apps else None
Teamspeak3User = apps.get_model('teamspeak3', 'Teamspeak3User') if 'services.modules.teamspeak3' in installed_apps else None
MumbleUser = apps.get_model('mumble', 'MumbleUser') if 'services.modules.mumble' in installed_apps else None
Phpbb3User = apps.get_model('phpbb3', 'Phpbb3User') if 'services.modules.phpbb3' in installed_apps else None
for authinfo in AuthServicesInfo.objects.all():
user = authinfo.user
if XenforoUser is not None and authinfo.xenforo_username:
logging.debug('Updating Xenforo info for %s' % user.username)
xfu = XenforoUser()
xfu.user = user
xfu.username = authinfo.xenforo_username
xfu.save()
if DiscordUser is not None and authinfo.discord_uid:
logging.debug('Updating Discord info for %s' % user.username)
du = DiscordUser()
du.user = user
du.uid = authinfo.discord_uid
du.save()
if DiscourseUser is not None and authinfo.discourse_enabled:
logging.debug('Updating Discourse info for %s' % user.username)
du = DiscourseUser()
du.user = user
du.enabled = authinfo.discourse_enabled
du.save()
if IpboardUser is not None and authinfo.ipboard_username:
logging.debug('Updating IPBoard info for %s' % user.username)
ipb = IpboardUser()
ipb.user = user
ipb.username = authinfo.ipboard_username
ipb.save()
if Ips4User is not None and authinfo.ips4_id:
logging.debug('Updating Ips4 info for %s' % user.username)
ips = Ips4User()
ips.user = user
ips.id = authinfo.ips4_id
ips.username = authinfo.ips4_username
ips.save()
if MarketUser is not None and authinfo.market_username:
logging.debug('Updating Market info for %s' % user.username)
mkt = MarketUser()
mkt.user = user
mkt.username = authinfo.market_username
mkt.save()
if OpenfireUser is not None and authinfo.jabber_username:
logging.debug('Updating Openfire (jabber) info for %s' % user.username)
ofu = OpenfireUser()
ofu.user = user
ofu.username = authinfo.jabber_username
ofu.save()
if SmfUser is not None and authinfo.smf_username:
logging.debug('Updating SMF info for %s' % user.username)
smf = SmfUser()
smf.user = user
smf.username = authinfo.smf_username
smf.save()
if Teamspeak3User is not None and authinfo.teamspeak3_uid:
logging.debug('Updating Teamspeak3 info for %s' % user.username)
ts3 = Teamspeak3User()
ts3.user = user
ts3.uid = authinfo.teamspeak3_uid
ts3.perm_key = authinfo.teamspeak3_perm_key
ts3.save()
if MumbleUser is not None and authinfo.mumble_username:
logging.debug('Updating mumble info for %s' % user.username)
try:
mbl = MumbleUser.objects.get(username=authinfo.mumble_username)
mbl.user = user
mbl.save()
except ObjectDoesNotExist:
logger.warn('AuthServiceInfo mumble_username for {} but no '
'corresponding record in MumbleUser, dropping'.format(user.username))
if Phpbb3User is not None and authinfo.forum_username:
logging.debug('Updating phpbb3 info for %s' % user.username)
phb = Phpbb3User()
phb.user = user
phb.username = authinfo.forum_username
phb.save()
def reverse(apps, schema_editor):
User = apps.get_model('auth', 'User')
AuthServicesInfo = apps.get_model("authentication", "AuthServicesInfo")
for user in User.objects.all():
authinfo, c = AuthServicesInfo.objects.get_or_create(user=user)
if hasattr(user, 'xenforo'):
logging.debug('Reversing xenforo for %s' % user.username)
authinfo.xenforo_username = user.xenforo.username
if hasattr(user, 'discord'):
logging.debug('Reversing discord for %s' % user.username)
authinfo.discord_uid = user.discord.uid
if hasattr(user, 'discourse'):
logging.debug('Reversing discourse for %s' % user.username)
authinfo.discourse_enabled = user.discourse.enabled
if hasattr(user, 'ipboard'):
logging.debug('Reversing ipboard for %s' % user.username)
authinfo.ipboard_username = user.ipboard.username
if hasattr(user, 'ips4'):
logging.debug('Reversing ips4 for %s' % user.username)
authinfo.ips4_id = user.ips4.id
authinfo.ips4_username = user.ips4.username
if hasattr(user, 'market'):
logging.debug('Reversing market for %s' % user.username)
authinfo.market_username = user.market.username
if hasattr(user, 'openfire'):
logging.debug('Reversing openfire (jabber) for %s' % user.username)
authinfo.jabber_username = user.openfire.username
if hasattr(user, 'smf'):
logging.debug('Reversing smf for %s' % user.username)
authinfo.smf_username = user.smf.username
if hasattr(user, 'teamspeak3'):
logging.debug('Reversing teamspeak3 for %s' % user.username)
authinfo.teamspeak3_uid = user.teamspeak3.uid
authinfo.teamspeak3_perm_key = user.teamspeak3.perm_key
if hasattr(user, 'mumble'):
logging.debug('Reversing mumble for %s' % user.username)
try:
authinfo.mumble_username = user.mumble.all()[:1].get().username
except ObjectDoesNotExist:
logging.debug('Failed to reverse mumble for %s' % user.username)
if hasattr(user, 'phpbb3'):
logging.debug('Reversing phpbb3 for %s' % user.username)
authinfo.forum_username = user.phpbb3.username
logging.debug('Saving AuthServicesInfo for %s ' % user.username)
authinfo.save()
class Migration(migrations.Migration):
dependencies = optional_dependencies() + [
('authentication', '0012_remove_add_delete_authservicesinfo_permissions'),
]
operations = [
# Migrate data
migrations.RunPython(forward, reverse),
# Remove fields
migrations.RemoveField(
model_name='authservicesinfo',
name='discord_uid',
),
migrations.RemoveField(
model_name='authservicesinfo',
name='discourse_enabled',
),
migrations.RemoveField(
model_name='authservicesinfo',
name='forum_username',
),
migrations.RemoveField(
model_name='authservicesinfo',
name='ipboard_username',
),
migrations.RemoveField(
model_name='authservicesinfo',
name='ips4_id',
),
migrations.RemoveField(
model_name='authservicesinfo',
name='ips4_username',
),
migrations.RemoveField(
model_name='authservicesinfo',
name='jabber_username',
),
migrations.RemoveField(
model_name='authservicesinfo',
name='market_username',
),
migrations.RemoveField(
model_name='authservicesinfo',
name='mumble_username',
),
migrations.RemoveField(
model_name='authservicesinfo',
name='smf_username',
),
migrations.RemoveField(
model_name='authservicesinfo',
name='teamspeak3_perm_key',
),
migrations.RemoveField(
model_name='authservicesinfo',
name='teamspeak3_uid',
),
migrations.RemoveField(
model_name='authservicesinfo',
name='xenforo_username',
),
]

13
authentication/models.py
View File

@@ -16,19 +16,6 @@ class AuthServicesInfo(models.Model):
(MEMBER_STATE, 'Member'),
)
ipboard_username = models.CharField(max_length=254, blank=True, default="")
xenforo_username = models.CharField(max_length=254, blank=True, default="")
forum_username = models.CharField(max_length=254, blank=True, default="")
jabber_username = models.CharField(max_length=254, blank=True, default="")
mumble_username = models.CharField(max_length=254, blank=True, default="")
teamspeak3_uid = models.CharField(max_length=254, blank=True, default="")
teamspeak3_perm_key = models.CharField(max_length=254, blank=True, default="")
discord_uid = models.CharField(max_length=254, blank=True, default="")
discourse_enabled = models.BooleanField(default=False, blank=True)
ips4_username = models.CharField(max_length=254, blank=True, default="")
ips4_id = models.CharField(max_length=254, blank=True, default="")
smf_username = models.CharField(max_length=254, blank=True, default="")
market_username = models.CharField(max_length=254, blank=True, default="")
main_char_id = models.CharField(max_length=64, blank=True, default="")
user = models.OneToOneField(User)
state = models.CharField(blank=True, null=True, choices=STATE_CHOICES, default=NONE_STATE, max_length=10)

2
authentication/signals.py
View File

@@ -23,7 +23,7 @@ def pre_save_auth_state(sender, instance, *args, **kwargs):
make_blue(instance)
else:
disable_member(instance.user)
validate_services(instance.user, instance.state)
validate_services.apply(args=(instance.user,))
@receiver(post_save, sender=User)

23
authentication/tasks.py
View File

@@ -20,14 +20,35 @@ def generate_alliance_group_name(alliancename):
def disable_member(user):
"""
Disable a member who is transitioning to a NONE state.
:param user: django.contrib.auth.models.User to disable
:return:
"""
logger.debug("Disabling member %s" % user)
if user.user_permissions.all().exists():
logger.info("Clearning user %s permission to deactivate user." % user)
user.user_permissions.clear()
if user.groups.all().exists():
logger.info("Clearing all non-public user %s groups to disable member." % user)
user.groups.remove(*user.groups.filter(authgroup__public=False))
validate_services.apply(args=(user,))
def disable_user(user):
"""
Disable a user who is being set inactive or deleted
:param user: django.contrib.auth.models.User to disable
:return:
"""
logger.debug("Disabling user %s" % user)
if user.user_permissions.all().exists():
logger.info("Clearning user %s permission to deactivate user." % user)
user.user_permissions.clear()
if user.groups.all().exists():
logger.info("Clearing user %s groups to deactivate user." % user)
user.groups.clear()
validate_services(user, None)
validate_services.apply(args=(user,))
def make_member(auth):

1
authentication/tests.py
View File

@@ -1 +0,0 @@
# Create your tests here.

0
authentication/tests/__init__.py Normal file
View File

84
authentication/tests/test_tasks.py Normal file
View File

@@ -0,0 +1,84 @@
from __future__ import unicode_literals
try:
# Py3
from unittest import mock
except ImportError:
# Py2
import mock
from django.test import TestCase
from django.contrib.auth.models import Group, Permission
from alliance_auth.tests.auth_utils import AuthUtils
from authentication.tasks import disable_member, disable_user
class AuthenticationTasksTestCase(TestCase):
def setUp(self):
self.member = AuthUtils.create_member('auth_member')
self.none_user = AuthUtils.create_user('none_user', disconnect_signals=True)
@mock.patch('services.signals.transaction')
def test_disable_member(self, transaction):
# Inert signals action
transaction.on_commit.side_effect = lambda fn: fn()
# Add permission
perm = Permission.objects.create(codename='test_perm', name='test perm', content_type_id=1)
# Add public group
pub_group = Group.objects.create(name="A Public group")
pub_group.authgroup.internal = False
pub_group.authgroup.public = True
pub_group.save()
# Setup member
self.member.user_permissions.add(perm)
self.member.groups.add(pub_group)
# Pre assertion
self.assertIn(pub_group, self.member.groups.all())
self.assertGreater(len(self.member.groups.all()), 1)
# Act
disable_member(self.member)
# Assert
self.assertIn(pub_group, self.member.groups.all())
# Everything but the single public group wiped
self.assertEqual(len(self.member.groups.all()), 1)
# All permissions wiped
self.assertEqual(len(self.member.user_permissions.all()), 0)
@mock.patch('services.signals.transaction')
def test_disable_user(self, transaction):
# Inert signals action
transaction.on_commit.side_effect = lambda fn: fn()
# Add permission
perm = Permission.objects.create(codename='test_perm', name='test perm', content_type_id=1)
# Add public group
pub_group = Group.objects.create(name="A Public group")
pub_group.authgroup.internal = False
pub_group.authgroup.public = True
pub_group.save()
# Setup member
self.member.user_permissions.add(perm)
self.member.groups.add(pub_group)
# Pre assertion
self.assertIn(pub_group, self.member.groups.all())
self.assertGreater(len(self.member.groups.all()), 1)
# Act
disable_user(self.member)
# Assert
# All groups wiped
self.assertEqual(len(self.member.groups.all()), 0)
# All permissions wiped
self.assertEqual(len(self.member.user_permissions.all()), 0)

13
authentication/views.py
View File

@@ -4,6 +4,7 @@ from django.contrib.auth import logout
from django.contrib.auth import authenticate
from django.shortcuts import render, redirect
from django.contrib.auth.decorators import login_required
from django.utils.translation import ugettext_lazy as _
from eveonline.managers import EveManager
from eveonline.models import EveCharacter
from authentication.models import AuthServicesInfo
@@ -34,10 +35,10 @@ def login_user(request):
return redirect(redirect_to)
else:
logger.info("Login attempt failed for user %s: user marked inactive." % user)
messages.warning(request, 'Your account has been disabled.')
messages.warning(request, _('Your account has been disabled.'))
else:
logger.info("Failed login attempt: provided username %s" % form.cleaned_data['username'])
messages.error(request, 'Username/password invalid.')
messages.error(request, _('Username/password invalid.'))
return render(request, 'public/login.html', context={'form': form})
else:
logger.debug("Providing new login form.")
@@ -68,7 +69,7 @@ def register_user_view(request):
user.save()
logger.info("Created new user %s" % user)
login(request, user)
messages.warning(request, 'Add an API key to set up your account.')
messages.warning(request, _('Add an API key to set up your account.'))
return redirect("auth_dashboard")
else:
@@ -106,10 +107,10 @@ def sso_login(request, token):
token.save()
return redirect('auth_dashboard')
else:
messages.error(request, 'Your account has been disabled.')
messages.error(request, _('Your account has been disabled.'))
else:
messages.warning(request,
'Authenticated character has no owning account. Please log in with username and password.')
_('Authenticated character has no owning account. Please log in with username and password.'))
except EveCharacter.DoesNotExist:
messages.error(request, 'No account exists with the authenticated character. Please create an account first.')
messages.error(request, _('No account exists with the authenticated character. Please create an account first.'))
return redirect(login_user)

21
corputils/models.py
View File

@@ -41,7 +41,7 @@ class CorpStats(models.Model):
def update(self):
try:
c = self.token.get_esi_client()
c = self.token.get_esi_client(Character='v4', Corporation='v2')
assert c.Character.get_characters_character_id(character_id=self.token.character_id).result()[
'corporation_id'] == int(self.corp.corporation_id)
members = c.Corporation.get_corporations_corporation_id_members(
@@ -52,6 +52,7 @@ class CorpStats(models.Model):
# the swagger spec doesn't have a maxItems count
# manual testing says we can do over 350, but let's not risk it
member_id_chunks = [member_ids[i:i + 255] for i in range(0, len(member_ids), 255)]
c = self.token.get_esi_client(Character='v1') # ccplease bump versions of whole resources
member_name_chunks = [c.Character.get_characters_names(character_ids=id_chunk).result() for id_chunk in
member_id_chunks]
member_list = {}
@@ -118,6 +119,13 @@ class CorpStats(models.Model):
def member_count(self):
return len(self.members)
def user_count(self, members):
mainchars = []
for member in members:
if hasattr(member.main, 'character_name'):
mainchars.append(member.main.character_name)
return len(set(mainchars))
@python_2_unicode_compatible
class MemberObject(object):
def __init__(self, character_id, character_name, show_apis=False):
@@ -128,8 +136,10 @@ class CorpStats(models.Model):
auth = AuthServicesInfo.objects.get(user=char.user)
try:
self.main = EveCharacter.objects.get(character_id=auth.main_char_id)
self.main_user = self.main.character_name
except EveCharacter.DoesNotExist:
self.main = None
self.main_user = ''
api = EveApiKeyPair.objects.get(api_id=char.api_id)
self.registered = True
if show_apis:
@@ -140,9 +150,11 @@ class CorpStats(models.Model):
self.main = None
self.api = None
self.registered = False
self.main_user = ''
except EveApiKeyPair.DoesNotExist:
self.api = None
self.registered = False
self.main_user = ''
def __str__(self):
return self.character_name
@@ -152,8 +164,10 @@ class CorpStats(models.Model):
def get_member_objects(self, user):
show_apis = self.show_apis(user)
return sorted([CorpStats.MemberObject(id, name, show_apis=show_apis) for id, name in self.members.items()],
key=attrgetter('character_name'))
member_list = [CorpStats.MemberObject(id, name, show_apis=show_apis) for id, name in self.members.items()]
outlist = sorted([m for m in member_list if m.main_user], key=attrgetter('main_user', 'character_name'))
outlist = outlist + sorted([m for m in member_list if not m.main_user], key=attrgetter('character_name'))
return outlist
def can_update(self, user):
return user.is_superuser or user == self.token.user
@@ -165,6 +179,7 @@ class CorpStats(models.Model):
self.members = corpstats.get_member_objects(user)
self.can_update = corpstats.can_update(user)
self.total_members = len(self.members)
self.total_users = corpstats.user_count(self.members)
self.registered_members = corpstats.entered_apis()
self.show_apis = corpstats.show_apis(user)
self.last_updated = corpstats.last_update

6
corputils/templates/corputils/base.html
View File

@@ -10,7 +10,7 @@
<div class="container-fluid">
<ul class="nav navbar-nav">
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">Corporations<span class="caret"></span></a>
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">{% trans "Corporations" %}<span class="caret"></span></a>
<ul class="dropdown-menu">
{% for corpstat in available %}
<li>
@@ -21,13 +21,13 @@
</li>
{% if perms.corputils.add_corpstats %}
<li>
<a href="{% url 'corputils:add' %}">Add</a>
<a href="{% url 'corputils:add' %}">{% trans "Add" %}</a>
</li>
{% endif %}
</ul>
<form class="navbar-form navbar-right" role="search" action="{% url 'corputils:search' %}" method="GET">
<div class="form-group">
<input type="text" class="form-control" name="search_string" placeholder="{% if search_string %}{{ search_string }}{% else %}Search characters...{% endif %}">
<input type="text" class="form-control" name="search_string" placeholder="{% if search_string %}{{ search_string }}{% else %}{% trans "Search characters..." %}{% endif %}">
</div>
</form>
</div>

19
corputils/templates/corputils/corpstats.html
View File

@@ -2,6 +2,7 @@
{% load i18n %}
{% load humanize %}
{% load bootstrap_pagination %}
{% load eveonline_extras %}
{% block member_data %}
{% if corpstats %}
<div class="row">
@@ -24,7 +25,7 @@
</div>
<div class="row">
<div class="col-lg-12">
<b>{% trans "API Index:" %}</b>
<b>{% trans "API Index: " %}</b> {{ corpstats.total_users }} Main Character{{ corpstats.total_users|pluralize }}
<div class="progress">
<div class="progress-bar" role="progressbar" aria-valuenow="{{ corpstats.registered_members }}" aria-valuemin="0" aria-valuemax="{{ corpstats.total_members }}" style="width: {% widthratio corpstats.registered_members corpstats.total_members 100 %}%;">
{{ corpstats.registered_members }}/{{ corpstats.total_members }}
@@ -37,10 +38,10 @@
<div class="panel panel-default">
<div class="panel-heading clearfix">
<div class="panel-title pull-left">
<h4>Members</h4>
<h4>{% trans "Members" %}</h4>
</div>
<div class="panel-title pull-right">
Last update: {{ corpstats.last_updated|naturaltime }}
{% trans "Last update:" %} {{ corpstats.last_updated|naturaltime }}
{% if corpstats.can_update %}
<a class="btn btn-success" type="button" href="{% url 'corputils:update' corpstats.corp.corporation_id %}" title="Update Now">
<span class="glyphicon glyphicon-refresh"></span>
@@ -56,14 +57,14 @@
<table class="table table-hover">
<tr>
<th></th>
<th class="text-center">Character</th>
<th class="text-center">{% trans "Character" %}</th>
{% if corpstats.show_apis %}
<th class="text-center">API</th>
{% endif %}
<th class="text-center">zKillboard</th>
<th class="text-center">Main Character</th>
<th class="text-center">Main Corporation</th>
<th class="text-center">Main Alliance</th>
<th class="text-center">{% trans "zKillboard" %}</th>
<th class="text-center">{% trans "Main Character" %}</th>
<th class="text-center">{% trans "Main Corporation" %}</th>
<th class="text-center">{% trans "Main Alliance" %}</th>
</tr>
{% for member in members %}
<tr {% if not member.registered %}class="danger"{% endif %}>
@@ -71,7 +72,7 @@
<td class="text-center">{{ member.character_name }}</td>
{% if corpstats.show_apis %}
{% if member.api %}
<td class="text-center"><a href="{{ JACK_KNIFE_URL }}?usid={{ member.api.api_id }}&apik={{ member.api.api_key }}" target="_blank" class="label label-primary">{{ member.api.api_id }}</td>
<td class="text-center">{{ member.api|api_link:'label label-primary' }}</td>
{% else %}
<td></td>
{% endif %}

19
corputils/templates/corputils/search.html
View File

@@ -1,10 +1,11 @@
{% extends "corputils/base.html" %}
{% load i18n %}
{% load bootstrap_pagination %}
{% load eveonline_extras %}
{% block member_data %}
<div class="panel panel-default">
<div class="panel-heading clearfix">
<div class="panel-title pull-left">Search Results</div>
<div class="panel-title pull-left">{% trans "Search Results" %}</div>
</div>
<div class="panel-body">
<div class="text-center">
@@ -13,13 +14,13 @@
<table class="table table-hover">
<tr>
<th class="text-center"></th>
<th class="text-center">Character</th>
<th class="text-center">Corporation</th>
<th class="text-center">API</th>
<th class="text-center">zKillboard</th>
<th class="text-center">Main Character</th>
<th class="text-center">Main Corporation</th>
<th class="text-center">Main Alliance</th>
<th class="text-center">{% trans "Character" %}</th>
<th class="text-center">{% trans "Corporation" %}</th>
<th class="text-center">{% trans "API" %}</th>
<th class="text-center">{% trans "zKillboard" %}</th>
<th class="text-center">{% trans "Main Character" %}</th>
<th class="text-center">{% trans "Main Corporation" %}</th>
<th class="text-center">{% trans "Main Alliance" %}</th>
</tr>
{% for result in results %}
<tr {% if not result.1.registered %}class="danger"{% endif %}>
@@ -27,7 +28,7 @@
<td class="text-center">{{ result.1.character_name }}</td>
<td class="text-center">{{ result.0.corp.corporation_name }}</td>
{% if result.1.api %}
<td class="text-center"><a href="{{ JACK_KNIFE_URL }}?usid={{ result.1.api.api_id }}&apik={{ result.1.api.api_key }}" target="_blank" class="label label-primary">{{ result.1.api.api_id }}</td>
<td class="text-center">{{ result.1.api|api_link:"label label-primary" }}</td>
{% else %}
<td></td>
{% endif %}

16
corputils/views.py
View File

@@ -6,6 +6,7 @@ from django.contrib import messages
from django.core.exceptions import PermissionDenied
from django.db import IntegrityError
from django.core.paginator import Paginator, EmptyPage, PageNotAnInteger
from django.utils.translation import ugettext_lazy as _
from django.conf import settings
from eveonline.models import EveCharacter, EveCorporationInfo
from corputils.models import CorpStats
@@ -41,20 +42,23 @@ def corpstats_add(request, token):
corp_id = EveCharacter.objects.get(character_id=token.character_id).corporation_id
else:
corp_id = \
token.get_esi_client().Character.get_characters_character_id(character_id=token.character_id).result()[
token.get_esi_client(Character='v4').Character.get_characters_character_id(character_id=token.character_id).result()[
'corporation_id']
corp = EveCorporationInfo.objects.get(corporation_id=corp_id)
cs = CorpStats.objects.create(token=token, corp=corp)
cs.update()
assert cs.pk # ensure update was succesful
try:
cs.update()
except HTTPError as e:
messages.error(request, str(e))
assert cs.pk # ensure update was successful
if CorpStats.objects.filter(pk=cs.pk).visible_to(request.user).exists():
return redirect('corputils:view_corp', corp_id=corp.corporation_id)
except EveCorporationInfo.DoesNotExist:
messages.error(request, 'Unrecognized corporation. Please ensure it is a member of the alliance or a blue.')
messages.error(request, _('Unrecognized corporation. Please ensure it is a member of the alliance or a blue.'))
except IntegrityError:
messages.error(request, 'Selected corp already has a statistics module.')
messages.error(request, _('Selected corp already has a statistics module.'))
except AssertionError:
messages.error(request, 'Failed to gather corporation statistics with selected token.')
messages.error(request, _('Failed to gather corporation statistics with selected token.'))
return redirect('corputils:view')

BIN
docs/_static/images/features/corpstats/api_index.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.7 KiB

BIN
docs/_static/images/features/corpstats/blank_header.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 14 KiB

BIN
docs/_static/images/features/corpstats/eve_sso_authorization.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 258 KiB

BIN
docs/_static/images/features/corpstats/last_update.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.2 KiB

BIN
docs/_static/images/features/corpstats/member_list.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 17 KiB

BIN
docs/_static/images/features/corpstats/navbar.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.9 KiB

BIN
docs/_static/images/features/corpstats/pagination.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 903 B

BIN
docs/_static/images/features/corpstats/search_view.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 30 KiB

BIN
docs/_static/images/features/corpstats/select_sso_token.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 24 KiB

BIN
docs/_static/images/features/group-admin.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 54 KiB

BIN
docs/_static/images/features/group-member-management.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 20 KiB

BIN
docs/_static/images/features/group-membership.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 36 KiB

2
docs/development/index.md
View File

@@ -4,4 +4,6 @@
.. toctree::
documentation
integrating-services
menu-hooks
```

302
docs/development/integrating-services.md Normal file
View File

@@ -0,0 +1,302 @@
# Integrating Services
One of the primary roles of Alliance Auth is integrating with external services in order to authenticate and manage users. This is achieved through the use of service modules.
## The Service Module
Each service module is its own self contained Django app. It will likely contain views, models, migrations and templates. Anything that is valid in a Django app is valid in a service module.
Normally service modules live in `services.modules` though they may also be installed as external packages and installed via `pip` if you wish. A module is installed by including it in the `INSTALLED_APPS` setting.
### Service Module Structure
Typically a service will contain 5 key components:
- [The Hook](#the-hook)
- [The Service Manager](#the-service-manager)
- [The Views](#the-views)
- [The Tasks](#the-tasks)
- [The Models](#the-models)
The architecture looks something like this:
urls -------▶ Views
▲ |
| |
| ▼
ServiceHook ----▶ Tasks ----▶ Manager
|
|
AllianceAuth
Where:
Module --▶ Dependency/Import
While this is the typical structure of the existing services modules, there is no enforcement of this structure and you are, effectively, free to create whatever architecture may be necessary. A service module need not even communicate with an external service, for example, if similar triggers such as validate_user, delete_user are required for a module it may be convenient to masquerade as a service. Ideally though, using the common structure improves the maintainability for other developers.
### The Hook
In order to integrate with Alliance Auth service modules must provide a `services_hook`. This hook will be a function that returns an instance of the `services.hooks.ServiceHook` class and decorated with the `@hooks.registerhook` decorator. For example:
@hooks.register('services_hook')
def register_service():
return ExampleService()
This would register the ExampleService class which would need to be a subclass of `services.hooks.ServiceHook`.
```eval_rst
.. important::
The hook **MUST** be registered in `yourservice.auth_hooks` along with any other hooks you are registering for Alliance Auth.
```
A subclassed `ServiceHook` might look like this:
class ExampleService(ServicesHook):
def __init__(self):
ServicesHook.__init__(self)
self.urlpatterns = urlpatterns
self.service_url = 'http://exampleservice.example.com'
"""
Overload base methods here to implement functionality
"""
### The ServiceHook class
The base `ServiceHook` class defines function signatures that Alliance Auth will call under certain conditions in order to trigger some action in the service.
You will need to subclass `services.hooks.ServiceHook` in order to provide implementation of the functions so that Alliance Auth can interact with the service correctly. All of the functions are optional, so its up to you to define what you need.
Instance Variables:
- [self.name](#self-name)
- [self.urlpatterns](#self-url-patterns)
- [self.service_ctrl_template](#self-service-ctrl-template)
Properties:
- [title](#title)
Functions:
- [delete_user](#delete-user)
- [validate_user](#validate-user)
- [sync_nickname](#sync-nickname)
- [update_groups](#update-groups)
- [update_all_groups](#update-all-groups)
- [service_enabled_members](#service-enabled-members)
- [service_enabled_blues](#service-enabled-blues)
- [service_active_for_user](#service-active-for-user)
- [show_service_ctrl](#show-service-ctrl)
- [render_service_ctrl](#render-service-ctrl)
#### self.name
Internal name of the module, should be unique amongst modules.
#### self.urlpatterns
You should define all of your service urls internally, usually in `urls.py`. Then you can import them and set `self.urlpatterns` to your defined urlpatterns.
from . import urls
...
class MyService(ServiceHook):
def __init__(self):
...
self.urlpatterns = urls.urlpatterns
All of your apps defined urlpatterns will then be included in the `URLconf` when the core application starts.
#### self.service_ctrl_template
This is provided as a courtesy and defines the default template to be used with [render_service_ctrl](#render-service-ctrl). You are free to redefine or not use this variable at all.
#### title
This is a property which provides a user friendly display of your service's name. It will usually do a reasonably good job unless your service name has punctuation or odd capitalisation. If this is the case you should override this method and return a string.
#### delete_user
`def delete_user(self, user, notify_user=False):`
Delete the users service account, optionally notify them that the service has been disabled. The `user` parameter should be a Django User object. If notify_user is set to `True` a message should be set to the user via the `notifications` module to alert them that their service account has been disabled.
The function should return a boolean, `True` if successfully disabled, `False` otherwise.
#### validate_user
`def validate_user(self, user):`
Validate the users service account, deleting it if they should no longer have access. The `user` parameter should be a Django User object.
An implementation will probably look like the following:
def validate_user(self, user):
logger.debug('Validating user %s %s account' % (user, self.name))
if ExampleTasks.has_account(user) and not self.service_active_for_user(user):
self.delete_user(user, notify_user=True)
No return value is expected.
This function will be called periodically on all users to validate that the given user should have their current service accounts.
#### sync_nickname
`def sync_nickname(self, user):`
Very optional. As of writing only one service defines this. The `user` parameter should be a Django User object. When called, the given users nickname for the service should be updated and synchronised with the service.
If this function is defined, an admin action will be registered on the Django Users view, allowing admins to manually trigger this action for one or many users. The hook will trigger this action user by user, so you won't have to manage a list of users.
#### update_groups
`def update_groups(self, user):`
Update the users group membership. The `user` parameter should be a Django User object.
When this is called the service should determine the groups the user is a member of and synchronise the group membership with the external service. If you service does not support groups then you are not required to define this.
If this function is defined, an admin action will be registered on the Django Users view, allowing admins to manually trigger this action for one or many users. The hook will trigger this action user by user, so you won't have to manage a list of users.
This action is usually called via a signal when a users group membership changes (joins or leaves a group).
#### update_all_groups
`def update_all_groups(self):`
The service should iterate through all of its recorded users and update their groups.
I'm really not sure when this is called, it may have been a hold over from before signals started to be used. Regardless, it can be useful to server admins who may call this from a Django shell to force a synchronisation of all user groups for a specific service.
#### service_enabled_members
`def service_enabled_members(self):`
Is this service enabled for users with the `Member` state? It should return `True` if the service is enabled for Members, and `False` otherwise. The default is `False`.
An implementation will usually look like:
def service_enabled_members(self):
return settings.ENABLE_AUTH_EXAMPLE or False
```eval_rst
.. note::
There has been discussion about moving services to permissions based access. You should review `Issue #663 <https://github.com/allianceauth/allianceauth/issues/663/>`_.
```
#### service_enabled_blues
`def service_enabled_blues(self):`
Is this service enabled for users with the `Blue` state? It should return `True` if the service is enabled for Blues, and `False` otherwise. The default is `False`.
An implementation will usually look like:
def service_enabled_blues(self):
return settings.ENABLE_BLUE_EXAMPLE or False
```eval_rst
.. note::
There has been discussion about moving services to permissions based access. You should review `Issue #663 <https://github.com/allianceauth/allianceauth/issues/663/>`_.
```
#### service_active_for_user
`def service_active_for_user(self, user):`
Is this service active for the given user? The `user` parameter should be a Django User object.
Usually you wont need to override this as it calls `service_enabled_members` or `service_enabled_blues` depending on the users state.
```eval_rst
.. note::
There has been discussion about moving services to permissions based access. You should review `Issue #663 <https://github.com/allianceauth/allianceauth/issues/663/>`_ as this function will likely need to be defined by each service to check its permission.
```
#### show_service_ctrl
`def show_service_ctrl(self, user, state):`
Should the service be shown for the given `user` with the given `state`? The `user` parameter should be a Django User object, and the `state` parameter should be a valid state from `authentication.states`.
Usually you wont need to override this function.
For more information see the [render_service_ctrl](#render-service-ctrl) section.
#### render_service_ctrl
`def render_services_ctrl(self, request):`
Render the services control row. This will be called for all active services when a user visits the `/services/` page and [show_service_ctrl](#show-service-ctrl) returns `True` for the given user.
It should return a string (usually from `render_to_string`) of a table row (`<tr>`) with 4 columns (`<td>`). Column #1 is the service name, column #2 is the users username for this service, column #3 is the services URL, and column #4 is the action buttons.
You may either define your own service template or use the default one provided. The default can be used like this example:
def render_services_ctrl(self, request):
"""
Example for rendering the service control panel row
You can override the default template and create a
custom one if you wish.
:param request:
:return:
"""
urls = self.Urls()
urls.auth_activate = 'auth_example_activate'
urls.auth_deactivate = 'auth_example_deactivate'
urls.auth_reset_password = 'auth_example_reset_password'
urls.auth_set_password = 'auth_example_set_password'
return render_to_string(self.service_ctrl_template, {
'service_name': self.title,
'urls': urls,
'service_url': self.service_url,
'username': 'example username'
}, request=request)
the `Urls` class defines the available URL names for the 4 actions available in the default template:
- Activate (create service account)
- Deactivate (delete service account)
- Reset Password (random password)
- Set Password (custom password)
If you don't define one or all of these variable the button for the undefined URLs will not be displayed.
Most services will survive with the default template. If, however, you require extra buttons for whatever reason, you are free to provide your own template as long as you stick within the 4 columns. Multiple rows should be OK, though may be confusing to users.
### Menu Item Hook
If you services needs cannot be satisfied by the Service Control row, you are free to specify extra hooks by subclassing or instantiating the `services.hooks.MenuItemHook` class.
For more information see the [Menu Hooks](menu-hooks.md) page.
### The Service Manager
The service manager is what interacts with the external service. Ideally it should be completely agnostic about its environment, meaning that it should avoid calls to Alliance Auth and Django in general (except in special circumstances where the service is managed locally, e.g. Mumble). Data should come in already arranged by the Tasks and data passed back for the tasks to manage or distribute.
The reason for maintaining this separation is that managers may be reused from other sources and there may not even be a need to write a custom manager. Likewise, by maintaining this neutral environment others may reuse the managers that we write. It can also significantly ease the unit testing of services.
### The Views
As mentioned at the start of this page, service modules are fully fledged Django apps. This means you're free to do whatever you wish with your views.
Typically most traditional username/password services define four views.
- Create Account
- Delete Account
- Reset Password
- Set Password
These views should interact with the service via the Tasks, though in some instances may bypass the Tasks and access the manager directly where necessary, for example OAuth functionality.
### The Tasks
The tasks component is the glue that holds all of the other components of the service module together. It provides the function implementation to handle things like adding and deleting users, updating groups, validating the existence of a users account. Whatever tasks `auth_hooks` and `views` have with interacting with the service will probably live here.
### The Models
Its very likely that you'll need to store data about a users remote service account locally. As service modules are fully fledged Django apps you are free to create as many models as necessary for persistent storage. You can create foreign keys to other models in Alliance Auth if necessary, though I _strongly_ recommend you limit this to the User and Groups models from `django.contrib.auth.models` and query any other data manually.
If you create models you should create the migrations that go along with these inside of your module/app.
## Examples
There is a bare bones example service included in `services.modules.example`, you may like to use this as the base for your new service.
You should have a look through some of the other service modules before you get started to get an idea of the general structure of one. A lot of them aren't perfect so don't feel like you have to rigidly follow the structure of the existing services if you think its sub-optimal or doesn't suit the external service you're integrating.
## Testing
You will need to add unit tests for all aspects of your service module before it is accepted. Be mindful that you don't actually want to make external calls to the service so you should mock the appropriate components to prevent this behaviour.

38
docs/development/menu-hooks.md Normal file
View File

@@ -0,0 +1,38 @@
# Menu Hooks
```eval_rst
.. note::
Currently most menu items are statically defined in the `base.html` template. Ideally this behaviour will change over time with each module of Alliance Auth providing all of its menu items via the hook. New modules should aim to use the hook over statically adding menu items to the base template.
```
The menu hooks allow you to dynamically specify menu items from your plugin app or service. To achieve this you should subclass or instantiate the `services.hooks.MenuItemHook` class and then register the menu item with one of the hooks.
There are three levels of Menu Item Hooks
- `menu_main_hook`
- `menu_aux_hook`
- `menu_util_hook`
These represent the 3 levels of menu displayed on the site.
To register a MenuItemHook class you would do the following:
@hooks.register('menu_util_hook')
def register_menu():
return MenuItemHook('Example Item', 'glyphicon glyphicon-heart', 'example_url_name', 150)
The `MenuItemHook` class specifies some parameters/instance variables required for menu item display.
`MenuItemHook(text, classes, url_name, order=None)`
#### text
The text value of the link
#### classes
The classes that should be applied to the bootstrap menu item icon
#### url_name
The name of the Django URL to use
#### order
An integer which specifies the order of the menu item, lowest to highest
If you cannot get the menu item to look the way you wish, you are free to subclass and override the default render function and the template used.

18
docs/features/corpstats.md
View File

@@ -6,17 +6,17 @@ This module is used to check the registration status of corp members and to dete
Upon initial install, nothing will be visible. For every corp, a model will have to be created before data can be viewed.
![nothing is visible](http://i.imgur.com/va3DyT6.png)
![nothing is visible](/_static/images/features/corpstats/blank_header.png)
If you are a superuser, the add button will be immediate visible to you. If not, your user account requires the `add_corpstats` permission.
Corp Stats requires an EVE SSO token to access data from the EVE Swagger Interface. Upon pressing the Add button, you will be prompted to authenticated. Please select the character who is in the corp you want data for.
![authorize from the EVE site](http://i.imgur.com/OnyoOAZ.png)
![authorize from the EVE site](/_static/images/features/corpstats/eve_sso_authorization.png)
You will return to auth where you are asked to select a token with the green arrow button. If you want to use a different character, press the `LOG IN with EVE Online` button.
![select an SSO token to create with](http://i.imgur.com/KdA0XH0.png)
![select an SSO token to create with](/_static/images/features/corpstats/select_sso_token.png)
If this works (and you have permission to view the Corp Stats you just created) you'll be returned to a view of the Corp Stats.
If it fails an error message will be displayed.
@@ -25,7 +25,7 @@ If it fails an error message will be displayed.
### Navigation Bar
![navigation bar](http://i.imgur.com/2l9gbml.png)
![navigation bar](/_static/images/features/corpstats/navbar.png)
This bar contains a dropdown menu of all available corps. If the user has the `add_corpstats` permission, a button to add a Corp Stats will be shown.
@@ -33,13 +33,13 @@ On the right of this bar is a search field. Press enter to search. It checks all
### API Index
![API Index](http://i.imgur.com/P1U2WJ2.png)
![API Index](/_static/images/features/corpstats/api_index.png)
This is a visual indication of the number of registered characters.
### Last Update
![last update and update button](http://i.imgur.com/yHbueGK.png)
![last update and update button](/_static/images/features/corpstats/last_update.png)
Corp Stats do not automatically update. They update once upon creation for initial data, and whenever someone presses the update button.
@@ -47,7 +47,7 @@ Only superusers and the creator of the Corp Stat can update it.
### Member List
![member list](http://i.imgur.com/udEVoSh.png)
![member list](/_static/images/features/corpstats/member_list.png)
The list contains all characters in the corp. Red backgrounds means they are not registered in auth. If registered, and the user has the required permission to view APIs, a link to JackKnife will be present.
A link to zKillboard is present for all characters.
@@ -55,11 +55,11 @@ If registered, the character will also have a main character, main corporation,
This view is paginated: use the navigation arrows to view more pages (sorted alphabetically by character name), or search for a specific character.
![pagination buttons](http://i.imgur.com/otcPGsU.png)
![pagination buttons](/_static/images/features/corpstats/pagination.png)
## Search View
![search results](http://i.imgur.com/7wf0Q2C.png)
![search results](/_static/images/features/corpstats/search_view.png)
This view is essentially the same as the Corp Stats page, but not specific to a single corp.
The search query is visible in the search box.

101
docs/features/groups.md Normal file
View File

@@ -0,0 +1,101 @@
# Groups
Group Management is one of the core tasks of Alliance Auth. Many of Alliance Auth's services allow for synchronising of group membership, allowing you to grant permissions or roles in services to access certain aspects of them.
## Automatic Groups
When a member registers in Alliance Auth and selects a main character, Auth will assign them some groups automatically based on some factors.
```eval_rst
.. important::
The ``Corp_`` and ``Alliance_`` group name prefixes are reserved for Alliance Auth internal group management. If you prefix a group with these you will find Alliance Auth automatically removes users from the group.
```
```eval_rst
+------------------------------+-----------------------------------------------------------------------------------+
| Group | Condition |
+------------------------------+-----------------------------------------------------------------------------------+
| ``Corp_<corp_name>`` | Users Main Character belongs to the Corporation |
+------------------------------+-----------------------------------------------------------------------------------+
| ``Alliance_<alliance_name>`` | Users Main Character belongs to the Alliance |
+------------------------------+-----------------------------------------------------------------------------------+
| ``Member`` | User is a member of one of the tenant Corps or Alliances |
+------------------------------+-----------------------------------------------------------------------------------+
| ``Blue`` | User is a member of a blue Corp or Alliance, be it via standings or static config |
+------------------------------+-----------------------------------------------------------------------------------+
```
When the user no longer has the condition required to be a member of that group they are automatically removed by Auth.
## User Organised Groups
Along with the automated groups, administrators can create custom groups for users to join. Examples might be groups like `Leadership`, `CEO` or `Scouts`.
When you create a Django `Group`, Auth automatically creates a corresponding `AuthGroup` model. The admin page looks like this:
![AuthGroup Admin page](/_static/images/features/group-admin.png)
Here you have several options:
#### Internal
Users cannot see, join or request to join this group. This is primarily used for Auth's internally managed groups, though can be useful if you want to prevent users from managing their membership of this group themselves. This option will override the Hidden, Open and Public options when enabled.
By default, every new group created will be an internal group.
#### Hidden
Group is hidden from the user interface, but users can still join if you give them the appropriate join link. The URL will be along the lines of `https://example.com/en/group/request_add/{group_id}`. You can get the Group ID from the admin page URL.
This option still respects the Open option.
### Open
When a group is toggled open, users who request to join the group will be immediately added to the group.
If the group is not open, their request will have to be approved manually by someone with the group management role, or a group leader of that group.
### Public
Group is accessible to any registered user, even when they do not have permission to join regular groups.
The key difference is that the group is completely unmanaged by Auth. **Once a member joins they will not be removed unless they leave manually, you remove them manually, or their account is deliberately set inactive or deleted.**
Most people won't have a use for public groups, though it can be useful if you wish to allow public access to some services. You can grant service permissions on a public group to allow this behaviour.
## Permission
In order to join a group other than a public group, the permission `groupmanagement.request_groups` (`Can request non-public groups` in the admin panel) must be active on their account, either via a group or directly applied to their User account.
When a user loses this permission, they will be removed from all groups _except_ Public groups.
```eval_rst
.. note::
By default, the ``groupmanagement.request_groups`` permission is applied to the ``Member`` group. In most instances this, and perhaps adding it to the ``Blue`` group, should be all that is ever needed. It is unsupported and NOT advisable to apply this permission to a public group. See #697 for more information.
```
# Group Management
In order to access group management, users need to be either a superuser, granted the `auth | user | group_management ( Access to add members to groups within the alliance )` permission or a group leader (discussed later).
## Group Requests
When a user joins or leaves a group which is not marked as "Open", their group request will have to be approved manually by a user with the `group_management` permission or by a group leader of the group they are requesting.
## Group Membership
The group membership tab gives an overview of all of the non-internal groups.
![Group overview](/_static/images/features/group-membership.png)
### Group Member Management
Clicking on the blue eye will take you to the group member management screen. Here you can see a list of people who are in the group, and remove members where necessary.
![Group overview](/_static/images/features/group-member-management.png)
## Group Leaders
Group leaders have the same abilities as users with the `group_management` permission, _however_, they will only be able to:
- Approve requests for groups they are a leader of.
- View the Group Membership and Group Members of groups they are leaders of.
This allows you to more finely control who has access to manage which groups. Currently it is not possible to add a Group as group leaders.

4
docs/features/index.md
View File

@@ -3,8 +3,10 @@
```eval_rst
.. toctree::
:maxdepth: 1
:caption: Contents
:caption: Features Contents
hrapplications
corpstats
groups
permissions_tool
```

39
docs/features/permissions_tool.md Normal file
View File

@@ -0,0 +1,39 @@
# Permissions Auditing
```eval_rst
.. note::
New in 1.15
```
Access to most of Alliance Auth's features are controlled by Django's permissions system. In order to help you secure your services, Alliance Auth provides a permissions auditing tool.
### Access
In order to grant users access to the permissions auditing tool they will need to be granted the `permissions_tool.audit_permissions` permission or be a superuser.
When a user has access to the tool they will see the "Permissions Audit" menu item under the "Util" sub menu.
### Permissions Overview
The first page gives you a general overview of permissions and how many users have access to each permission.
![permissions overview](https://i.imgur.com/XALVFtc.png)
**App**, **Model** and **Code Name** contain the internal details of the permission while **Name** contains the name/description you'll see in the admin panel.
**Users** is the number of users explicitly granted this permission on their account.
**Groups** is the number of groups with this permission assigned.
**Groups Users** is the total number of users in all of the groups with this permission assigned.
Clicking on the **Code Name** link will take you to the [Permissions Audit Page](#permissions-audit-page)
### Permissions Audit Page
The permissions audit page will give you an overview of all the users who have access to this permission either directly or granted via group membership.
![permissions audit](https://i.imgur.com/XjnfC9Z.png)
Please note that users may appear multiple times if this permission is granted via multiple sources.

34
docs/index.md
View File

@@ -11,44 +11,12 @@ For other distros, adapt the procedure and find distro-specific alternatives for
# Using
See the [Quick Start Guide](installation/auth/quickstart.md)
See the [Quick Start Guide](installation/auth/quickstart.md) and learn about individual [features.](features/index.md)
# Troubleshooting
Read the [list of common problems.](maintenance/troubleshooting.md)
# Upgrading
As AllianceAuth is developed, new features are added while old bugs are repaired. Its good practice to keep your instance of AllianceAuth up to date.
Some updates require specific instructions. Refer to their entry in the [changelog](maintenance/changelog.md)
In general, the update process has 4 steps:
- download the latest code
- generate new models in the database
- update current models in the database
- rebuild web cache
To perform each of these steps, youll need to be working from the console in the AllianceAuth directory. Usually `cd ~/allianceauth`
Start by pulling the code changes:
git pull
Modify settings.py according to the changelog.
For an automated upgrade, run the script:
bash update.sh
For a manual upgrade, execute the commands in this order:
sudo pip install -r requirements.txt
python manage.py migrate
python manage.py collectstatic
```eval_rst
.. toctree::

8
docs/installation/auth/cloudflare.md
View File

@@ -10,21 +10,21 @@ Along the top bar, select `Add Site`
Enter your domain name. It will scan records and let you know you can add the site. Continue setup.
On the next page you should see an A record for yourdomain.com pointing at your server IP. If not, manually add one:
On the next page you should see an A record for example.com pointing at your server IP. If not, manually add one:
A yourdomain.com my.server.ip.address Automatic TTL
A example.com my.server.ip.address Automatic TTL
Add the record and ensure the cloud under Status is orange. If not, click it. This ensures traffic gets screened by CloudFlare.
If you want forums or kb on a subdomain, and want these to be protected by CloudFlare, add an additional record for for each subdomain in the following format, ensuring the cloud is orange:
CNAME subdomain yourdomain.com Automatic TTL
CNAME subdomain example.com Automatic TTL
CloudFlare blocks ports outside 80 and 443 on hosts it protects. This means, if the cloud is orange, only web traffic will get through. We need to reconfigure AllianceAuth to provide services under a subdomain. Configure these subdomains as above, but ensure the cloud is not orange (arrow should go around a grey cloud).
## Redirect to HTTPS
Now we need to configure the https redirect to force all traffic to https. Along the top bar of CloudFlare, select `Page Rules`. Add a new rule, Pattern is yourdomain.com, toggle the `Always use https` to ON, and save. Itll take a few minutes to propagate.
Now we need to configure the https redirect to force all traffic to https. Along the top bar of CloudFlare, select `Page Rules`. Add a new rule, Pattern is example.com, toggle the `Always use https` to ON, and save. Itll take a few minutes to propagate.
![infographic](http://i.stack.imgur.com/VUBvo.jpg)

198
docs/installation/auth/settings.md
View File

@@ -19,145 +19,130 @@ When changing these booleans, edit the setting within the brackets (eg `('AA_MEM
# Fields to Modify
## Required
- [SECRET_KEY](#secret_key)
- [SECRET_KEY](#secret-key)
- Use [this tool](http://www.miniwebtool.com/django-secret-key-generator/) to generate a key on initial install
- [DEBUG](#debug)
- If issues are encountered, set this to `True` to view a more detailed error report, otherwise set `False`
- [ALLOWED_HOSTS](#allowed_hosts)
- [ALLOWED_HOSTS](#allowed-hosts)
- This restricts web addresses auth will answer to. Separate with commas.
- Should include localhost `127.0.0.1` and `yourdomain.com`
- Should include localhost `127.0.0.1` and `example.com`
- To allow from all, include `'*'`
- [DATABASES](#databases)
- Fill out the database name and user credentials to manage the auth database.
- [DOMAIN](#domain)
- Set to the domain name AllianceAuth will be accessible under
- [EMAIL_HOST_USER](#email_host_user)
- [EMAIL_HOST_USER](#email-host-user)
- Username to send emails from. If gmail account, the full gmail address.
- [EMAIL_HOST_PASSWORD](#email_host_password)
- [EMAIL_HOST_PASSWORD](#email-host-password)
- Password for the email user.
- [CORP_IDS](#corp_ids)
- [CORP_IDS](#corp-ids)
- List of corp IDs who are members. Exclude if their alliance is in `ALLIANCE_IDS`
- [ALLIANCE_IDS](#alliance_ids)
- [ALLIANCE_IDS](#alliance-ids)
- List of alliance IDs who are members.
- [ESI_SSO_CLIENT_ID](#esi_sso_client_id)
- EVE application ID from the developers site. See the [SSO Configuration Instruction](#ESI_SSO_CLIENT_ID)
- [ESI_SSO_CLIENT_SECRET](#esi_sso_client_secret)
- [ESI_SSO_CLIENT_ID](#esi-sso-client_id)
- EVE application ID from the developers site. See the [SSO Configuration Instruction](#sso-settings)
- [ESI_SSO_CLIENT_SECRET](#esi-sso-client-secret)
- EVE application secret from the developers site.
- [ESI_SSO_CALLBACK_URL](#esi_sso_callback_url)
- [ESI_SSO_CALLBACK_URL](#esi-sso-callback-url)
- OAuth callback URL. Should be `https://mydomain.com/sso/callback`
## Services
### Member Services
After installing services, enable specific services for members by setting the following to `True`
- [ENABLE_AUTH_FORUM](#enable_auth_forum)
- [ENABLE_AUTH_JABBER](#enable_auth_jabber)
- [ENABLE_AUTH_MUMBLE](#enable_auth_mumble)
- [ENABLE_AUTH_IPBOARD](#enable_auth_ipboard)
- [ENABLE_AUTH_TEAMSPEAK3](#enable_auth_teamspeak3)
- [ENABLE_AUTH_DISCORD](#enable_auth_discord)
- [ENABLE_AUTH_DISCOURSE](#enable_auth_discourse)
- [ENABLE_AUTH_IPS4](#enable_auth_ips4)
- [ENABLE_AUTH_SMF](#enable_auth_smf)
- [ENABLE_AUTH_MARKET](#enable_auth_market)
- [ENABLE_AUTH_XENFORO](#enable_auth_xenforo)
### Blue Services
After installing services, enable specific services for blues by setting the following to `True`
- [ENABLE_BLUE_FORUM](#enable_blue_forum)
- [ENABLE_BLUE_JABBER](#enable_blue_jabber)
- [ENABLE_BLUE_MUMBLE](#enable_blue_mumble)
- [ENABLE_BLUE_IPBOARD](#enable_blue_ipboard)
- [ENABLE_BLUE_TEAMSPEAK3](#enable_blue_teamspeak3)
- [ENABLE_BLUE_DISCORD](#enable_blue_discord)
- [ENABLE_BLUE_DISCOURSE](#enable_blue_discourse)
- [ENABLE_BLUE_IPS4](#enable_blue_ips4)
- [ENABLE_BLUE_SMF](#enable_blue_smf)
- [ENABLE_BLUE_MARKET](#enable_blue_market)
- [ENABLE_BLUE_XENFORO](#enable_blue_xenforo)
### IPBoard
If using IPBoard, the following need to be set
- [IPBOARD_ENDPOINT](#ipboard_endpoint)
- [IPBOARD_APIKEY](#ipboard_apikey)
- [IPBOARD_APIMODULE](#ipboard_apimodule)
If using IPBoard, the following need to be set in accordance with the [install instructions](../services/ipboard3.md)
- [IPBOARD_ENDPOINT](#ipboard-endpoint)
- [IPBOARD_APIKEY](#ipboard-apikey)
- [IPBOARD_APIMODULE](#ipboard-apimodule)
### XenForo
If using XenForo, the following need to be set
- [XENFORO_ENDPOINT](#xenforo_endpoint)
- [XENFORO_APIKEY](#xenforo_apikey)
If using XenForo, the following need to be set in accordance with the [install instructions](../services/xenforo.md)
- [XENFORO_ENDPOINT](#xenforo-endpoint)
- [XENFORO_APIKEY](#xenforo-apikey)
### Openfire
If using Openfire, the following need to be set
- [JABBER_URL](#jabber_url)
- [JABBER_PORT](#jabber_port)
- [JABBER_SERVER](#jabber_server)
- [OPENFIRE_ADDRESS](#openfire_address)
- [OPENFIRE_SECRET_KEY](#openfire_secret_key)
- [BROADCAST_USER](#broadcast_user)
- [BROADCAST_USER_PASSWORD](#broadcast_user_password)
- [BROADCAST_SERVICE_NAME](#broadcast_service_name)
If using Openfire, the following need to be set in accordance with the [install instructions](../services/openfire.md)
- [JABBER_URL](#jabber-url)
- [JABBER_PORT](#jabber-port)
- [JABBER_SERVER](#jabber-server)
- [OPENFIRE_ADDRESS](#openfire-address)
- [OPENFIRE_SECRET_KEY](#openfire-secret-key)
- [BROADCAST_USER](#broadcast-user)
- [BROADCAST_USER_PASSWORD](#broadcast-user-password)
- [BROADCAST_SERVICE_NAME](#broadcast-service-name)
- [BROADCAST_IGNORE_INVALID_CERT](#broadcast-ignore-invalid-cert)
### Mumble
If using Mumble, the following need to be set
- [MUMBLE_URL](#mumble_url)
If using Mumble, the following needs to be set to the address of the mumble server:
- [MUMBLE_URL](#mumble-url)
### PHPBB3
If using phpBB3, the database needs to be defined.
### Teamspeak3
If using Teamspeak3, the following need to be set
- [TEAMSPEAK3_SERVER_IP](#teamspeak3_server_ip)
- [TEAMSPEAK3_SERVER_PORT](#teamspeak3_server_port)
- [TEAMSPEAK3_SERVERQUERY_USER](#teamspeak3_serverquery_user)
- [TEAMSPEAK3_SERVERQUERY_PASSWORD](#teamspeak3_serverquery_password)
- [TEAMSPEAK3_VIRTUAL_SERVER](#teamspeak3_virtual_server)
- [TEAMSPEAK3_PUBLIC_URL](#teamspeak3_public_url)
If using Teamspeak3, the following need to be set in accordance with the [install instrictions](../services/teamspeak3.md)
- [TEAMSPEAK3_SERVER_IP](#teamspeak3-server-ip)
- [TEAMSPEAK3_SERVER_PORT](#teamspeak3-server-port)
- [TEAMSPEAK3_SERVERQUERY_USER](#teamspeak3-serverquery-user)
- [TEAMSPEAK3_SERVERQUERY_PASSWORD](#teamspeak3-serverquery-password)
- [TEAMSPEAK3_VIRTUAL_SERVER](#teamspeak3-virtual-server)
- [TEAMSPEAK3_PUBLIC_URL](#teamspeak3-public-url)
### Discord
If connecting to a Discord server, set the following
- [DISCORD_SERVER_ID](#discord_server_id)
- [DISCORD_USER_EMAIL](#discord_user_email)
- [DISCORD_USER_PASSWORD](#discord_user_password)
If connecting to a Discord server, set the following in accordance with the [install instructions](../services/discord.md)
- [DISCORD_GUILD_ID](#discord-guild-id)
- [DISCORD_BOT_TOKEN](#discord-bot-token)
- [DISCORD_INVITE_CODE](#discord-invite-code)
- [DISCORD_APP_ID](#discord-app-id)
- [DISCORD_APP_SECRET](#discord-app-secret)
- [DISCORD_CALLBACK_URL](#discord-callback-url)
- [DISCORD_SYNC_NAMES](#discord-sync-names)
### Discourse
If connecting to Discourse, set the following
- [DISCOURSE_URL](#discourse_url)
- [DISCOURSE_API_USERNAME](#discourse_api_username)
- [DISCOURSE_API_KEY](#discourse_api_key)
- [DISCOURSE_SSO_SECRET](#discourse_sso_secret)
If connecting to Discourse, set the following in accordance with the [install instructions](../services/discourse.md)
- [DISCOURSE_URL](#discourse-url)
- [DISCOURSE_API_USERNAME](#discourse-api-username)
- [DISCOURSE_API_KEY](#discourse-api-key)
- [DISCOURSE_SSO_SECRET](#discourse-sso-secret)
### IPSuite4
If using IPSuite4 (aka IPBoard4) the following are required:
- [IPS4_URL](#ips4_url)
- [IPS4_URL](#ips4-url)
- the database needs to be defined
### SMF
If using SMF the following are required:
- [SMF_URL](#smf_url)
- [SMF_URL](#smf-url)
- the database needs to be defined
## Optional
### Standings
To allow access to blues, a corp API key is required to pull standings from. Corp does not need to be owning corp or in owning alliance. Required mask is 16 (Communications/ContactList)
- [CORP_API_ID](#corp_api_id)
- [CORP_API_VCODE](#corp_api_vcode)
- [CORP_API_ID](#corp-api-id)
- [CORP_API_VCODE](#corp-api-vcode)
### Jacknife
To view APIs on a different Jacknife install, set [JACK_KNIFE_URL](#jack_knife_url)
### API Key Audit URL
To define what happens when an API is clicked, set according to [these instructions](#hr-configuration)
- [API_KEY_AUDIT_URL](#api-key-audit-url)
### Auto Groups
Groups can be automatically assigned based on a user's corp or alliance. Set the following to `True` to enable this feature.
- [MEMBER_CORP_GROUPS](#member_corp_groups)
- [MEMBER_ALLIANCE_GROUPS](#member_alliance_groups)
- [BLUE_CORP_GROUPS](#blue_corp_groups)
- [BLUE_ALLIANCE_GROUPS](#blue_alliance_groups)
- [MEMBER_CORP_GROUPS](#member-corp-groups)
- [MEMBER_ALLIANCE_GROUPS](#member-alliance-groups)
- [BLUE_CORP_GROUPS](#blue-corp-groups)
- [BLUE_ALLIANCE_GROUPS](#blue-alliance-groups)
### Fleet-Up
Fittings and operations can be imported from Fleet-Up. Define the following to do so.
- [FLEETUP_APP_KEY](#fleetup_app_key)
- [FLEETUP_USER_ID](#fleetup_user_id)
- [FLEETUP_API_ID](#fleetup_api_id)
- [FLEETUP_GROUP_ID](#fleetup_group_id)
- [FLEETUP_APP_KEY](#fleetup-app-key)
- [FLEETUP_USER_ID](#fleetup-user-id)
- [FLEETUP_API_ID](#fleetup-api-id)
- [FLEETUP_GROUP_ID](#fleetup-group-id)
### CAPTCHA
To help prevent bots from registering and brute forcing the login. Get the reCaptcha keys from [here](https://www.google.com/recaptcha/intro/index.html)
- [CAPTCHA_ENABLED](#captcha_enabled)
- [RECAPTCHA_PUBLIC_KEY](#recaptcha_public_key)
- [RECAPTCHA_PRIVATE_KEY](#recaptcha_private_key)
- [NOCAPTCHA](#nocaptcha)
# Description of Settings
## Django
@@ -166,19 +151,27 @@ A random string used in cryptographic functions, such as password hashing. Chang
### DEBUG
Replaces the generic `SERVER ERROR (500)` page when an error is encountered with a page containing a traceback and variables. May expose sensitive information so not recommended for production.
### ALLOWED_HOSTS
A list of addresses used to validate headers: AllianceAuth will block connection coming from any other address unless `DEBUG` is `True`. This should be a list of URLs and IPs to allow. For instance, include 'mydomain.com', 'www.mydomain.com', and the server's IP address to ensure connections will be accepted.
A list of addresses used to validate headers: AllianceAuth will block connection coming from any other address. This should be a list of URLs and IPs to allow. In most cases, just adding `'example.com'` is sufficient. This also accepts the `'*'` wildcard for testing purposes.
### DATABASES
List of databases available. Contains the Django database, and may include service ones if enabled. Service databases are defined in their individual sections and appended as needed automatically.
### LANGUAGE_CODE
Friendly name of the local language.
### TIME_ZONE
Friendly name of the local timezone.
### CAPTCHA_ENABLED
Enable Google reCaptcha
### RECAPTCHA_PUBLIC_KEY
Google reCaptcha public key
### RECAPTCHA_PRIVATE_KEY
Google reCaptcha private key
### NOCAPTCHA
Enable New No Captcha reCaptcha
### STATIC_URL
Absolute URL to serve static files from.
### STATIC_ROOT
Root folder to store static files in.
### SUPERUSER_STATE_BYPASS
Overrides superuser account states to always return True on membership tests. If issues are encountered, or you want to test access to certain portions of the site, set to False to disable.
Overrides superuser account states to always return True on membership tests. If issues are encountered, or you want to test access to certain portions of the site, set to False to respect true states of superusers.
## EMAIL SETTINGS
### DOMAIN
The URL to which emails will link.
@@ -208,7 +201,7 @@ The application cliend ID generated from the [developers site.](https://develope
### ESI_SSO_CLIENT_SECRET
The application secret key generated from the [developers site.](https://developers.eveonline.com)
### ESI_SSO_CALLBACK_URL
The callback URL for authentication handshake. Should be `https://mydomain.com/sso/callback`.
The callback URL for authentication handshake. Should be `https://example.com/sso/callback`.
## Default Group Settings
### DEFAULT_AUTH_GROUP
Name of the group members of the owning corp or alliance are put in.
@@ -318,8 +311,14 @@ The web address to access the Evernus Alliance Market application.
### MARKET_DB
The Evernus Alliance Market database connection information.
## HR Configuration
### JACK_KNIFE_URL
Link to an install of [eve-jackknife](https://code.google.com/archive/p/eve-jackknife/)
### API_KEY_AUDIT_URL
This setting defines what happens when someone clicks on an API key (such as in corpstats or an application).
Default behaviour is to show the verification code in a popup, but this can be set to link out to a website.
The URL set here uses python string formatting notation. Variable names are enclosed in `{}` brackets. Three variable names are available: `api_id`, `vcode`, and `pk` (which is the primary key of the API in the database - only useful on the admin site).
Example URL structures are provided. Jacknife can be installed on your server following [its setup guide.](../services/jacknife.md)
## IPBoard3 Configuration
### IPBOARD_ENDPOINT
URL to the `index.php` file of a IPBoard install's API server.
@@ -329,20 +328,20 @@ API key for accessing an IPBoard install's API
Module to access while using the API
## XenForo Configuration
### XENFORO_ENDPOINT
The address of the XenForo API. Should look like `https://mydomain.com/forum/api.php`
The address of the XenForo API. Should look like `https://example.com/forum/api.php`
### XENFORO_DEFAULT_GROUP
The group ID of the group to assign to member. Default is 0.
### XENFORO_APIKEY
The API key generated from XenForo to allow API access.
## Jabber Configuration
### JABBER_URL
Address to instruct members to connect their jabber clients to, in order to reach an Openfire install. Usually just `mydomain.com`
Address to instruct members to connect their jabber clients to, in order to reach an Openfire install. Usually just `example.com`
### JABBER_PORT
Port to instruct members to connect their jabber clients to, in order to reach an Openfire install. Usually 5223.
### JABBER_SERVER
Server name of an Openfire install. Usually `mydomain.com`
Server name of an Openfire install. Usually `example.com`
### OPENFIRE_ADDRESS
URL of the admin web interface for an Openfire install. Usually `http://mydomain.com:9090`. If HTTPS is desired, change port to 9091: `https://mydomain.com:9091`
URL of the admin web interface for an Openfire install. Usually `http://example.com:9090`. If HTTPS is desired, change port to 9091: `https://example.com:9091`
### OPENFIRE_SECRET_KEY
Secret key used to authenticate with an Openfire admin interface.
### BROADCAST_USER
@@ -368,7 +367,7 @@ Password to use when authenticating as the `TEAMSPEAK3_SERVERQUERY_USER`. Provid
### TEAMSPEAK3_VIRTUAL_SERVER
ID of the server on which to manage users. Usually `1`.
### TEAMSPEAK3_PUBLIC_URL
Address to instruct members to connect their Teamspeak3 clients to. Usually `mydomain.com`
Address to instruct members to connect their Teamspeak3 clients to. Usually `example.com`
## Discord Configuration
### DISCORD_GUILD_ID
The ID of a Discord server on which to manage users.
@@ -381,7 +380,7 @@ The application ID obtained from defining an application on the [Discord develop
### DISCORD_APP_SECRET
The application secret key obtained from defining an application on the [Discord developers site.](https://discordapp.com/developers/applications/me)
### DISCORD_CALLBACK_URL
The callback URL used for authenticaiton flow. Should be `https://mydomain.com/discord_callback`. Must match exactly the one used when defining the application.
The callback URL used for authenticaiton flow. Should be `https://example.com/discord_callback`. Must match exactly the one used when defining the application.
### DISCORD_SYNC_NAMES
Override usernames on the server to match the user's main character.
## Discourse Configuration
@@ -419,4 +418,5 @@ This section is used to manage how logging messages are processed.
To turn off logging notifications, change the `handlers` `notifications` `class` to `logging.NullHandler`
## Everything below logging is magic. Do Not Touch
## Danger Zone
Everything below logging is magic. **Do not touch.**

5
docs/installation/services/discord.md
View File

@@ -3,6 +3,9 @@
Discord is a web-based instant messaging client with voice. Kind of like teamspeak meets slack meets skype. It also has a standalone app for phones and desktop.
## Setup
Add `services.modules.discord` to your `INSTALLED_APPS` list and run migrations before continuing with this guide to ensure the service is installed.
### Creating a Server
*If you already have a Discord server, skip the creation step, but be sure to retrieve the server ID and enter it in settings.py*
@@ -29,7 +32,7 @@ This returns a code that looks like `https://discord.gg/0fmA8MyXV6qt7XAZ`. The p
Navigate to the [Discord Developers site.](https://discordapp.com/developers/applications/me) Press the plus sign to create a new application.
Give it a name and description relating to your auth site. Add a redirect to `https://mydomain.com/discord_callback`, substituting your domain. Press Create Application.
Give it a name and description relating to your auth site. Add a redirect to `https://example.com/discord/callback/`, substituting your domain. Press Create Application.
Update settings.py, inputting this redirect address as `DISCORD_CALLBACK_URL`

13
docs/installation/services/discourse.md
View File

@@ -1,4 +1,7 @@
# Discourse
Add `services.modules.discourse` to your `INSTALLED_APPS` list and run migrations before continuing with this guide to ensure the service is installed.
## Install Docker
wget -qO- https://get.docker.io/ | sh
@@ -71,7 +74,7 @@ Discourse must run on its own subdomain - it can't handle routing behind an alia
And enter the following, changing the port if you used a different number:
<VirtualHost *:80>
ServerName discourse.mydomain.com
ServerName discourse.example.com
ProxyPass / http://0.0.0.0:7890/
ProxyPassReverse / http://0.0.0.0:7890/
</VirtualHost>
@@ -94,22 +97,22 @@ Follow prompts, being sure to answer `y` when asked to allow admin privileges.
### Create API key
Navigate to `discourse.mydomain.com` and log on. Top right press the 3 lines and select `Admin`. Go to API tab and press `Generate Master API Key`.
Navigate to `discourse.example.com` and log on. Top right press the 3 lines and select `Admin`. Go to API tab and press `Generate Master API Key`.
Now go to the allianceauth folder and edit settings:
nano /home/allianceserver/allianceauth/alliance_auth/settings.py
Scroll down to the Discourse section and set the following:
- `DISCOURSE_URL`: `discourse.mydomain.com`
- `DISCOURSE_URL`: `discourse.example.com`
- `DISCOURSE_API_USERNAME`: the username of the admin account you generated the API key with
- `DISCOURSE_API_KEY`: the key you just generated
### Configure SSO
Navigate to `discourse.mydomain.com` and log in. Back to the admin site, scroll down to find SSO settings and set the following:
Navigate to `discourse.example.com` and log in. Back to the admin site, scroll down to find SSO settings and set the following:
- `enable_sso`: True
- `sso_url`: `http://mydomain.com/discourse_sso`
- `sso_url`: `http://example.com/discourse/sso`
- `sso_secret`: some secure key
Save, now change settings.py and add the following:

1
docs/installation/services/index.md
View File

@@ -3,6 +3,7 @@
```eval_rst
.. toctree::
permissions
market
discord
discourse

6
docs/installation/services/ipboard3.md
View File

@@ -1,5 +1,7 @@
# IPBoard3
Add `services.modules.ipboard` to your `INSTALLED_APPS` list and run migrations before continuing with this guide to ensure the service is installed.
Youre on your own for the initial install of IPBoard. Its pretty much just download, unzip, and move to `/var/www/ipboard/`. Make sure to
sudo chown -R www-data:www-data /var/www/ipboard
@@ -14,7 +16,7 @@ IPBoard needs a database table. Log in to mysql and run:
Thats all for SQL work. Control+D to close.
Navigate to http://yourdomain.com/ipboard and proceed with the install. If it whines about permissions make sure to `chown` again. Point it at that database we just made, using the `allianceserver` MySQL user account from the full install.
Navigate to http://example.com/ipboard and proceed with the install. If it whines about permissions make sure to `chown` again. Point it at that database we just made, using the `allianceserver` MySQL user account from the full install.
Once you get everything installed we need to copy the api module folder
@@ -29,7 +31,7 @@ Enable the API by toggling the `XML-RPC Status` from `disabled` to `enabled` (re
Copy the API key. Now edit your settings.py as follows:
- IPBOARD_APIKEY is the key you just copied
- IPBOARD_ENDPOINT is `http://yourdomain.com/ipboard/interface/board/index.php`
- IPBOARD_ENDPOINT is `http://example.com/ipboard/interface/board/index.php`
Now enable IPBoard for Auth and/or Blue by editing the auth settings.

6
docs/installation/services/jacknife.md
View File

@@ -32,14 +32,14 @@ Add the database user information:
Change ownership of the directory: `sudo chown -R www-data:www-data ../eve-jacknife`
Eve Jacknife can be served two ways: on its own subdomain (`jacknife.mydomain.com`) or as an alias (`mydomain.com/jacknife`)
Eve Jacknife can be served two ways: on its own subdomain (`jacknife.example.com`) or as an alias (`example.com/jacknife`)
### Subdomain
As its own subdomain, create a new apache config: `sudo nano /etc/apache2/sites-available/jacknife.conf` and enter the following:
<VirtualHost *:80>
DocumentRoot "/var/www/eve-jacknife"
ServerName jacknife.mydomain.com
ServerName jacknife.example.com
<Directory "/var/www/eve-jacknife">
Require all granted
AllowOverride all
@@ -68,4 +68,4 @@ Enter your database password and press Check. If all the boxes come back green p
## Update Auth Settings
Edit your aut settings file (`nano ~/allianceauth/alliance_auth/settings.py`) and replace `JACK_KNIFE_URL` with either `jacknife.mydomain.com/` or `mydomain.com/jacknife/` depending on your apache choice.
Edit your aut settings file (`nano ~/allianceauth/alliance_auth/settings.py`) and replace `API_KEY_AUDIT_URL` with either `jacknife.example.com/?usid={api_id}&apik={vcode}` or `example.com/jacknife/?usid={api_id}&apik={vcode}` depending on your apache choice.

2
docs/installation/services/market.md
View File

@@ -1,5 +1,7 @@
# Alliance Market
Add `services.modules.market` to your `INSTALLED_APPS` list and run migrations before continuing with this guide to ensure the service is installed.
Alliance Market needs a database. Create one in mysql. Default name is `alliance_market`:
mysql -u root -p

9
docs/installation/services/mumble.md
View File

@@ -1,4 +1,7 @@
# Mumble
Add `services.modules.mumble` to your `INSTALLED_APPS` list and run migrations before continuing with this guide to ensure the service is installed.
## Overview
Mumble is a free voice chat server. While not as flashy as teamspeak, it has all the functionality and is easier to customize. And is better. I may be slightly biased.
@@ -11,6 +14,10 @@ The mumble server package can be retrieved from a repository we need to add, mum
Now two packages need to be installed:
sudo apt-get install python-software-properties mumble-server
You will also need to install the python dependencies for the authenticator script:
pip install -r thirdparty/Mumble/requirements.txt
## Configuring Mumble
Mumble ships with a configuration file that needs customization. By default its located at /etc/mumble-server.ini. Open it with your favourite text editor:
@@ -44,7 +51,7 @@ Now restart the server to see the changes reflected.
sudo service mumble-server restart
Thats it! Your server is ready to be connected to at yourdomain.com:64738
Thats it! Your server is ready to be connected to at example.com:64738
## Configuring the Authenticator

10
docs/installation/services/openfire.md
View File

@@ -1,5 +1,7 @@
# Openfire
Add `services.modules.openfire` to your `INSTALLED_APPS` list and run migrations before continuing with this guide to ensure the service is installed.
## Overview
Openfire is a java-based xmpp server (jabber).
@@ -29,11 +31,11 @@ Now install from the debian. Replace the filename with your file name (the last
sudo dpkg -i openfire_4.1.1_all.deb
### Web Configuration
The remainder of the setup occurs through Openfires web interface. Navigate to http://yourdomain.com:9090, or if youre behind CloudFlare, go straight to your servers IP:9090.
The remainder of the setup occurs through Openfires web interface. Navigate to http://example.com:9090, or if youre behind CloudFlare, go straight to your servers IP:9090.
Select your language. I sure hope its english if youre reading this guide.
Under Server Settings, set the Domain to `yourdomain.com` replacing it with your actual domain. Dont touch the rest.
Under Server Settings, set the Domain to `example.com` replacing it with your actual domain. Dont touch the rest.
Under Database Settings, select `Standard Database Connection`
@@ -78,8 +80,10 @@ Navigate to the `Server` tab, `Server Manager` subtab, and select `System Proper
- Value: `True`
- Do not encrypt this property value
- Name: `plugin.broadcast.allowedUsers`
- Value: `broadcast@yourdomain.com`, replacing the domain name with yours
- Value: `broadcast@example.com`, replacing the domain name with yours
- Do not encrypt this property value
If you have troubles getting broadcasts to work, you can try setting the optional (you will need to add it) `BROADCAST_IGNORE_INVALID_CERT` setting to `True`. This will allow invalid certificates to be used when connecting to the Openfire server to send a broadcast.
### Group Chat
Channels are available which function like a chat room. Access can be controlled either by password or ACL (not unlike mumble).

6
docs/installation/services/pathfinder.md
View File

@@ -24,7 +24,7 @@ The logging and caching folders need to be created and have permission set. If u
## .htaccess Configuration
In your `pathfinder` directory there are two `.htaccess` files. The default installation instructions want you to choose one for rewriting purposes, and these force you to www.pathfinder.mydomain.com. Personally I don't like that.
In your `pathfinder` directory there are two `.htaccess` files. The default installation instructions want you to choose one for rewriting purposes, and these force you to www.pathfinder.example.com. Personally I don't like that.
So we'll frankenstein our own. We'll use the HTTP one as a base:
@@ -61,14 +61,14 @@ The default configuration should be fine in most cases. Edit all values with cau
environment.ini
- `SERVER` Should be changed to `PRODUCTION`
- `BASE` is the full filesystem path to the application root on your server. In our case, `/var/www/pathfinder/`
- `URL` Is the URL to your app (without a trailing slash). In our case, `http://pathfinder.mydomain.com`
- `URL` Is the URL to your app (without a trailing slash). In our case, `http://pathfinder.example.com`
- `DEBUG` sets the level of debugging (1,2 or 3) (check /logs for a more detail backtrace information)
- `DB_*` sets your DB connection information
- `SMTP_*` are used to send out emails, you will need an SMTP server login to make this work. (not required)
- `SSO_CCP_*` follow the [official docs](https://github.com/exodus4d/pathfinder/wiki/CREST)
## Database Setup
This is done through the browser. Go to `pathfinder.yourdomain.com/setup` and see the [official docs](https://github.com/exodus4d/pathfinder/wiki/Database) for instructions.
This is done through the browser. Go to `pathfinder.example.com/setup` and see the [official docs](https://github.com/exodus4d/pathfinder/wiki/Database) for instructions.
## Cron Jobs
Again the [official docs](https://github.com/exodus4d/pathfinder/wiki/Cronjob) do a good job here.

37
docs/installation/services/permissions.md Normal file
View File

@@ -0,0 +1,37 @@
# Service Permissions
```eval_rst
.. note::
New in 1.15
```
In the past, access to services was dictated by a list of settings in `settings.py`, granting access to each particular service for Members and/or Blues. This meant that granting access to a service was very broad and rigidly structured around these two states.
## Permissions based access
Instead of granting access to services by the previous rigid structure, access to services is now granted by the built in Django permissions system. This means that service access can be more granular, allowing only certain groups, for instance Corp CEOs, or even individual user access to each enabled service.
```eval_rst
.. important::
If you grant access to an individual user, they will have access to that service regardless of whether or not they are a member.
```
Each service has an access permission defined, named like `Can access the <service name> service`.
To mimick the old behaviour of enabling services for all members, you would select the `Member` group from the admin panel, add the required service permission to the group and save. Likewise for Blues, select the `Blue` group and add the required permission.
A user can be granted the same permission from multiple sources. e.g. they may have it granted by several groups and directly granted on their account as well. Auth will not remove their account until all instances of the permission for that service have been revoked.
## Removing access
```eval_rst
.. danger::
Access removal is processed immediately after removing a permission from a user or group. If you remove access from a large group, such as Member, it will immediately remove all users from that service.
```
When you remove a service permission from a user, a signal is triggered which will activate an immediate permission check. For users this will trigger an access check for all services. For groups, due to the potential extra load, only the services whose permissions have changed will be verified, and only the users in that group.
If a user no longer has permission to access the service when this permissions check is triggered, that service will be immediately disabled for them.
### Disabling user accounts
When you unset a user as active in the admin panel, all of that users service accounts will be immediately disabled or removed. This is due to the built in behaviour of Djangos permissions system, which will return False for all permissions if a users account is disabled, regardless of their actual permissions state.

4
docs/installation/services/phpbb3.md
View File

@@ -1,5 +1,7 @@
# phpBB3
Add `services.modules.phpbb3` to your `INSTALLED_APPS` list and run migrations before continuing with this guide to ensure the service is installed.
## Overview
phpBB is a free php-based forum. Its the default forum for AllianceAuth.
@@ -29,7 +31,7 @@ The web server needs read/write permission to this folder
sudo chown -R www-data:www-data /var/www/forums
### Web Install
Navigate to http://yourdomain.com/forums where you will be presented with an installer.
Navigate to http://example.com/forums where you will be presented with an installer.
Click on the `Install` tab.

4
docs/installation/services/smf.md
View File

@@ -1,5 +1,7 @@
# SMF
Add `services.modules.smf` to your `INSTALLED_APPS` list and run migrations before continuing with this guide to ensure the service is installed.
## Overview
SMF is a free php-based forum. Its the one of the forums for AllianceAuth.
@@ -29,7 +31,7 @@ The web server needs read/write permission to this folder
sudo chown -R www-data:www-data /var/www/forums
### Web Install
Navigate to http://yourdomain.com/forums where you will be presented with an installer.
Navigate to http://example.com/forums where you will be presented with an installer.
Click on the `Install` tab.

4
docs/installation/services/teamspeak3.md
View File

@@ -1,5 +1,7 @@
# Teamspeak 3
Add `services.modules.teamspeak3` to your `INSTALLED_APPS` list and run migrations before continuing with this guide to ensure the service is installed.
## Overview
Teamspeak3 is the most popular VOIP program for gamers.
@@ -67,7 +69,7 @@ Click the URL provided to automatically connect to our server. It will prompt yo
Now we need to make groups. AllianceAuth handles groups in teamspeak differently: instead of creating groups it creates an association between groups in TeamSpeak and groups in AllianceAuth. Go ahead and make the groups you want to associate with auth groups, keeping in mind multiple TeamSpeak groups can be associated with a single auth group.
Navigate back to the AllianceAuth admin interface (yourdomain.com/admin) and under `Services`, select `Auth / TS Groups`. In the top-right corner click `Add`.
Navigate back to the AllianceAuth admin interface (example.com/admin) and under `Services`, select `Auth / TS Groups`. In the top-right corner click `Add`.
The dropdown box provides all auth groups. Select one and assign TeamSpeak groups from the panels below. If these panels are empty, wait a minute for the database update to run, or see the [troubleshooting section](#ts-group-models-not-populating-on-admin-site) below.

2
docs/installation/services/xenforo.md
View File

@@ -1,5 +1,7 @@
# XenForo
Add `services.modules.xenforo` to your `INSTALLED_APPS` list and run migrations before continuing with this guide to ensure the service is installed.
In this chapter we will explore how to setup AllianceAuth to work with [XenForo](https://xenforo.com/). At this point we will assume that you already have XenForo installed with a valid license (please keep in mind that XenForo is not free nor open-source, therefore you need to purchase a license first). If you come across any problems related with the installation of XenForo please contact their support service.

79
eveonline/managers.py
View File

@@ -3,6 +3,7 @@ from eveonline.models import EveCharacter
from eveonline.models import EveApiKeyPair
from eveonline.models import EveAllianceInfo
from eveonline.models import EveCorporationInfo
from authentication.models import AuthServicesInfo
from eveonline.providers import eve_adapter_factory, EveXmlProvider
from services.managers.eve_api_manager import EveApiManager
import logging
@@ -29,16 +30,16 @@ class EveManager(object):
@staticmethod
def create_character_obj(character, user, api_id):
EveCharacter.objects.create(
character_id = character.id,
character_name = character.name,
corporation_id = character.corp.id,
corporation_name = character.corp.name,
corporation_ticker = character.corp.ticker,
alliance_id = character.alliance.id,
alliance_name = character.alliance.name,
user = user,
api_id = api_id,
return EveCharacter.objects.create(
character_id=character.id,
character_name=character.name,
corporation_id=character.corp.id,
corporation_name=character.corp.name,
corporation_ticker=character.corp.ticker,
alliance_id=character.alliance.id,
alliance_name=character.alliance.name,
user=user,
api_id=api_id,
)
@staticmethod
@@ -55,6 +56,7 @@ class EveManager(object):
model.alliance_id = char.alliance.id
model.alliance_name = char.alliance.name
model.save()
return model
@staticmethod
def create_api_keypair(api_id, api_key, user_id):
@@ -79,12 +81,12 @@ class EveManager(object):
@staticmethod
def create_alliance_obj(alliance, is_blue=False):
EveAllianceInfo.objects.create(
alliance_id = alliance.id,
alliance_name = alliance.name,
alliance_ticker = alliance.ticker,
executor_corp_id = alliance.executor_corp_id,
is_blue = is_blue,
return EveAllianceInfo.objects.create(
alliance_id=alliance.id,
alliance_name=alliance.name,
alliance_ticker=alliance.ticker,
executor_corp_id=alliance.executor_corp_id,
is_blue=is_blue,
)
@staticmethod
@@ -95,8 +97,9 @@ class EveManager(object):
def update_alliance_obj(alliance, is_blue=None):
model = EveAllianceInfo.objects.get(alliance_id=alliance.id)
model.executor_corp_id = alliance.executor_corp_id
model.is_blue = model.is_blue if is_blue == None else is_blue
model.is_blue = model.is_blue if is_blue is None else is_blue
model.save()
return model
@staticmethod
def populate_alliance(id):
@@ -104,9 +107,12 @@ class EveManager(object):
alliance = EveManager.get_alliance(id)
for corp_id in alliance.corp_ids:
if not EveCorporationInfo.objects.filter(corporation_id=corp_id).exists():
EveManager.create_corporation(corp_id, is_blue=alliance_model.is_blue)
EveManager.create_corporation(corp_id, is_blue=alliance_model.is_blue)
EveCorporationInfo.objects.filter(corporation_id__in=alliance.corp_ids).update(alliance=alliance_model)
EveCorporationInfo.objects.filter(alliance=alliance_model).exclude(corporation_id__in=alliance.corp_ids).update(alliance=None)
EveCorporationInfo.objects.filter(alliance=alliance_model).exclude(corporation_id__in=alliance.corp_ids).update(
alliance=None)
if alliance_model.is_blue:
EveCorporationInfo.objects.filter(alliance=alliance_model).update(is_blue=True)
@classmethod
def get_corporation(cls, corp_id):
@@ -122,13 +128,13 @@ class EveManager(object):
alliance = EveAllianceInfo.objects.get(alliance_id=corp.alliance_id)
except EveAllianceInfo.DoesNotExist:
alliance = None
EveCorporationInfo.objects.create(
corporation_id = corp.id,
corporation_name = corp.name,
corporation_ticker = corp.ticker,
member_count = corp.members,
alliance = alliance,
is_blue = is_blue,
return EveCorporationInfo.objects.create(
corporation_id=corp.id,
corporation_name=corp.name,
corporation_ticker=corp.ticker,
member_count=corp.members,
alliance=alliance,
is_blue=is_blue,
)
@staticmethod
@@ -143,8 +149,9 @@ class EveManager(object):
model.alliance = EveAllianceInfo.objects.get(alliance_id=corp.alliance_id)
except EveAllianceInfo.DoesNotExist:
model.alliance = None
model.is_blue = model.is_blue if is_blue == None else is_blue
model.is_blue = model.is_blue if is_blue is None else is_blue
model.save()
return model
@classmethod
def get_itemtype(cls, type_id):
@@ -164,6 +171,14 @@ class EveManager(object):
else:
logger.debug("No api keypairs found for user %s" % user)
@staticmethod
def get_all_api_key_pairs():
if EveApiKeyPair.objects.exists():
logger.debug("Returning all api keypairs.")
return EveApiKeyPair.objects.all()
else:
logger.debug("No api keypairs found.")
@staticmethod
def check_if_api_key_pair_exist(api_id):
if EveApiKeyPair.objects.filter(api_id=api_id).exists():
@@ -241,6 +256,16 @@ class EveManager(object):
return None
@staticmethod
def get_main_character(user):
"""
Get a characters main
:param user: django.contrib.auth.models.User
:return: EveCharacter
"""
authserviceinfo = AuthServicesInfo.objects.get(user=user)
return EveManager.get_character_by_id(authserviceinfo.main_char_id)
@staticmethod
def get_characters_by_api_id(api_id):
return EveCharacter.objects.filter(api_id=api_id)

6
eveonline/providers.py
View File

@@ -228,7 +228,7 @@ class EveProvider(object):
@python_2_unicode_compatible
class EveSwaggerProvider(EveProvider):
def __init__(self, token=None, adapter=None):
self.client = esi_client_factory(token=token)
self.client = esi_client_factory(token=token, Alliance='v1', Character='v4', Corporation='v2', Universe='v2')
self.adapter = adapter or self
def __str__(self):
@@ -244,7 +244,7 @@ class EveSwaggerProvider(EveProvider):
data['alliance_name'],
data['ticker'],
corps,
data['executor_corp'],
data['executor_corporation_id'],
)
return model
except HTTPNotFound:
@@ -264,7 +264,7 @@ class EveSwaggerProvider(EveProvider):
)
return model
except HTTPNotFound:
raise ObjectNotFound(id, 'corporation')
raise ObjectNotFound(corp_id, 'corporation')
def get_character(self, character_id):
try:

72
eveonline/tasks.py
View File

@@ -12,6 +12,7 @@ from services.managers.eve_api_manager import EveApiManager
from eveonline.models import EveCharacter
from eveonline.models import EveCorporationInfo
from eveonline.models import EveAllianceInfo
from eveonline.providers import eve_adapter_factory, ObjectNotFound
from authentication.tasks import set_state
import logging
import evelink
@@ -101,12 +102,13 @@ def run_api_refresh():
@task
def update_corp(id):
EveManager.update_corporation(id)
def update_corp(id, is_blue=None):
EveManager.update_corporation(id, is_blue=is_blue)
@task
def update_alliance(id):
EveManager.update_alliance(id)
def update_alliance(id, is_blue=None):
EveManager.update_alliance(id, is_blue=is_blue)
EveManager.populate_alliance(id)
@@ -117,27 +119,37 @@ def run_corp_update():
return
# generate member corps
for corp_id in settings.STR_CORP_IDS:
if EveCorporationInfo.objects.filter(corporation_id=corp_id).exists():
update_corp(corp_id)
else:
EveManager.create_corporation(corp_id)
for corp_id in settings.STR_CORP_IDS + settings.STR_BLUE_CORP_IDS:
is_blue = True if corp_id in settings.STR_BLUE_CORP_IDS else False
try:
if EveCorporationInfo.objects.filter(corporation_id=corp_id).exists():
update_corp(corp_id, is_blue=is_blue)
else:
EveManager.create_corporation(corp_id, is_blue=is_blue)
except ObjectNotFound:
logger.warn('Bad corp ID in settings: %s' % corp_id)
# generate member alliances
for alliance_id in settings.STR_ALLIANCE_IDS:
if EveAllianceInfo.objects.filter(alliance_id=alliance_id).exists():
logger.debug("Updating existing owner alliance model with id %s" % alliance_id)
update_alliance(alliance_id)
else:
EveManager.create_alliance(alliance_id)
EveManager.populate_alliance(alliance_id)
for alliance_id in settings.STR_ALLIANCE_IDS + settings.STR_BLUE_ALLIANCE_IDS:
is_blue = True if alliance_id in settings.STR_BLUE_ALLIANCE_IDS else False
try:
if EveAllianceInfo.objects.filter(alliance_id=alliance_id).exists():
logger.debug("Updating existing owner alliance model with id %s" % alliance_id)
update_alliance(alliance_id, is_blue=is_blue)
else:
EveManager.create_alliance(alliance_id, is_blue=is_blue)
EveManager.populate_alliance(alliance_id)
except ObjectNotFound:
logger.warn('Bad alliance ID in settings: %s' % alliance_id)
# update existing corp models
for corp in EveCorporationInfo.objects.all():
for corp in EveCorporationInfo.objects.exclude(
corporation_id__in=settings.STR_CORP_IDS + settings.STR_BLUE_CORP_IDS):
update_corp.delay(corp.corporation_id)
# update existing alliance models
for alliance in EveAllianceInfo.objects.all():
for alliance in EveAllianceInfo.objects.exclude(
alliance_id__in=settings.STR_ALLIANCE_IDS + settings.STR_BLUE_ALLIANCE_IDS):
update_alliance.delay(alliance.alliance_id)
try:
@@ -177,7 +189,7 @@ def run_corp_update():
logger.info("Alliance %s no longer meets minimum blue standing threshold" % alliance)
alliance.is_blue = False
alliance.save()
else:
elif alliance.alliance_id not in settings.STR_BLUE_ALLIANCE_IDS:
logger.info("Alliance %s no longer in standings" % alliance)
alliance.is_blue = False
alliance.save()
@@ -189,7 +201,7 @@ def run_corp_update():
logger.info("Corp %s no longer meets minimum blue standing threshold" % corp)
corp.is_blue = False
corp.save()
else:
elif corp.corporation_id not in settings.STR_BLUE_CORP_IDS:
if corp.alliance:
if not corp.alliance.is_blue:
logger.info("Corp %s and its alliance %s are no longer blue" % (corp, corp.alliance))
@@ -203,22 +215,8 @@ def run_corp_update():
logger.error("Model update failed with error code %s" % e.code)
# delete unnecessary alliance models
for alliance in EveAllianceInfo.objects.filter(is_blue=False):
logger.debug("Checking to delete alliance %s" % alliance)
if not alliance.alliance_id in settings.STR_ALLIANCE_IDS:
logger.info("Deleting unnecessary alliance model %s" % alliance)
alliance.delete()
EveAllianceInfo.objects.filter(is_blue=False).exclude(alliance_id__in=settings.STR_ALLIANCE_IDS).delete()
# delete unnecessary corp models
for corp in EveCorporationInfo.objects.filter(is_blue=False):
logger.debug("Checking to delete corp %s" % corp)
if not corp.corporation_id in settings.STR_CORP_IDS:
logger.debug("Corp %s is not member corp" % corp)
if corp.alliance:
logger.debug("Corp %s has alliance %s" % (corp, corp.alliance))
if not corp.alliance.alliance_id in settings.STR_ALLIANCE_IDS:
logger.info("Deleting unnecessary corp model %s" % corp)
corp.delete()
else:
logger.info("Deleting unnecessary corp model %s" % corp)
corp.delete()
EveCorporationInfo.objects.filter(is_blue=False).exclude(corporation_id__in=settings.STR_CORP_IDS).exclude(
alliance__alliance_id__in=settings.STR_ALLIANCE_IDS).delete()

0
eveonline/templatetags/__init__.py Normal file
View File

17
eveonline/templatetags/eveonline_extras.py Normal file
View File

@@ -0,0 +1,17 @@
from django import template
from django.conf import settings
from django.utils.safestring import mark_safe
register = template.Library()
@register.filter(name='api_link')
def api_link(api, style_class):
if settings.API_KEY_AUDIT_URL:
url = settings.API_KEY_AUDIT_URL.format(api_id=api.api_id, vcode=api.api_key, pk=api.pk)
element = "<a href='{url}' class='{style}' target='_new'>{api_id}</a>".format(url=url, style=style_class,
api_id=api.api_id)
else:
element = "<a href='#' class='{style}' onclick='return prompt({prompt}, {vcode})'>{api_id}</a>".format(
style=style_class, prompt='"Verification Code"', vcode='"%s"' % api.api_key, api_id=api.api_id)
return mark_safe(element)

25
eveonline/views.py
View File

@@ -2,6 +2,7 @@ from __future__ import unicode_literals
from django.shortcuts import render, redirect, get_object_or_404
from django.contrib.auth.decorators import login_required
from django.contrib import messages
from django.utils.translation import ugettext_lazy as _
from eveonline.forms import UpdateKeyForm
from eveonline.managers import EveManager
from authentication.managers import AuthServicesInfoManager
@@ -49,7 +50,7 @@ def add_api_key(request):
not EveCharacter.objects.filter(character_id=c.id).exists()]
logger.info("Successfully processed api add form for user %s" % request.user)
if not settings.API_SSO_VALIDATION:
messages.success(request, 'Added API key %s to your account.' % form.cleaned_data['api_id'])
messages.success(request, _('Added API key %(apiid)s to your account.') % {"apiid": form.cleaned_data['api_id']})
auth = AuthServicesInfo.objects.get(user=request.user)
if not auth.main_char_id:
return redirect('auth_characters')
@@ -73,11 +74,11 @@ def api_sso_validate(request, token, api_id):
api = get_object_or_404(EveApiKeyPair, api_id=api_id)
if api.user and api.user != request.user:
logger.warning('User %s attempting to take ownership of api %s from %s' % (request.user, api_id, api.user))
messages.warning(request, 'API %s already claimed by user %s' % (api_id, api.user))
messages.warning(request, _('API %(apiid)s already claimed by user %(user)s') % {"apiid": api_id, "user": api.user})
return redirect('auth_dashboard')
elif api.sso_verified:
logger.debug('API %s has already been verified.' % api_id)
messages.info(request, 'API %s has already been verified' % api_id)
messages.info(request, _('API %(apiid)s has already been verified') % {"apiid": api_id})
return redirect('auth_dashboard')
logger.debug('API %s has not been verified. Checking if token for %s matches.' % (api_id, token.character_name))
characters = EveApiManager.get_characters_from_api(api.api_id, api.api_key).result
@@ -86,14 +87,14 @@ def api_sso_validate(request, token, api_id):
api.sso_verified = True
api.save()
EveCharacter.objects.filter(character_id__in=characters).update(user=request.user, api_id=api_id)
messages.success(request, 'Confirmed ownership of API %s' % api.api_id)
messages.success(request, _('Confirmed ownership of API %(apiid)s') % {"apiid": api.api_id})
auth = AuthServicesInfo.objects.get(user=request.user)
if not auth.main_char_id:
return redirect('auth_characters')
return redirect('auth_dashboard')
else:
messages.warning(request, '%s not found on API %s. Please SSO as a character on the API.' % (
token.character_name, api.api_id))
messages.warning(request, _('%(character)s not found on API %(apiid)s. Please SSO as a character on the API.') % {
"character": token.character_name, "apiid": api.api_id})
return render(request, 'registered/apisso.html', context={'api': api})
@@ -127,7 +128,7 @@ def api_key_removal(request, api_id):
authinfo = AuthServicesInfo.objects.get(user=request.user)
EveManager.delete_api_key_pair(api_id, request.user.id)
EveManager.delete_characters_by_api_id(api_id, request.user.id)
messages.success(request, 'Deleted API key %s' % api_id)
messages.success(request, _('Deleted API key %(apiid)s') % {"apiid": api_id})
logger.info("Succesfully processed api delete request by user %s for api %s" % (request.user, api_id))
if not EveCharacter.objects.filter(character_id=authinfo.main_char_id).exists():
authinfo.main_char_id = None
@@ -150,10 +151,10 @@ def main_character_change(request, char_id):
if EveCharacter.objects.filter(character_id=char_id).exists() and EveCharacter.objects.get(
character_id=char_id).user == request.user:
AuthServicesInfoManager.update_main_char_id(char_id, request.user)
messages.success(request, 'Changed main character ID to %s' % char_id)
messages.success(request, _('Changed main character ID to %(charid)s') % {"charid": char_id})
set_state(request.user)
return redirect("auth_dashboard")
messages.error(request, 'Failed to change main character - selected character is not owned by your account.')
messages.error(request, _('Failed to change main character - selected character is not owned by your account.'))
return redirect("auth_characters")
@@ -164,12 +165,12 @@ def user_refresh_api(request, api_id):
api_key_pair = EveApiKeyPair.objects.get(api_id=api_id)
if api_key_pair.user == request.user:
refresh_api(api_key_pair)
messages.success(request, 'Refreshed API key %s' % api_id)
messages.success(request, _('Refreshed API key %(apiid)s') % {"apiid": api_id})
set_state(request.user)
else:
messages.warning(request, 'You are not authorized to refresh that API key.')
messages.warning(request, _('You are not authorized to refresh that API key.'))
logger.warn("User %s not authorized to refresh api id %s" % (request.user, api_id))
else:
messages.warning(request, 'Unable to locate API key %s' % api_id)
messages.warning(request, _('Unable to locate API key %(apiid)s') % {"apiid": api_id})
logger.warn("User %s unable to refresh api id %s - api key not found" % (request.user, api_id))
return redirect("auth_dashboard")

9
fleetactivitytracking/templates/fleetactivitytracking/characternotexisting.html
View File

@@ -1,8 +1,9 @@
{% extends 'public/base.html' %}
{% load i18n %}
{% block title %}Fleet Participation{% endblock %}
{% block page_title %}Fleet Participation{% endblock %}
{% block page_title %}{% trans "Fleet Participation" %}{% endblock %}
<div class="col-lg-12">
<h1 class="page-header text-center">Character not found!</h1>
<h1 class="page-header text-center">{% trans "Character not found!" %}</h1>
<div class="col-lg-12 container" id="example">
<div class="row">
<div class="col-lg-12">
@@ -13,8 +14,8 @@
<img class="ra-avatar img-responsive" src="https://image.eveonline.com/Character/{{ character_id }}_128.jpg">
</div>
<div class="col-lg-10 col-sm-2">
<div class="alert alert-danger" role="alert">Character not registered!</div>
This character is not part of any registered API-key. You must go to <a href=" {% url 'auth_api_key_management' %}">API key management</a> and add an API with the character on before being able to click fleet attendance links.
<div class="alert alert-danger" role="alert">{% trans "Character not registered!" %}</div>
{% trans "This character is not part of any registered API-key. You must go to" %} <a href=" {% url 'auth_api_key_management' %}">{% trans "API key management</a> and add an API with the character on before being able to click fleet attendance links." %}
</div>
</div>
</div>

2
fleetactivitytracking/templates/fleetactivitytracking/fatlinkformatter.html
View File

@@ -6,8 +6,6 @@
{% block title %}Alliance Auth - Fatlink Create{% endblock %}
{% block page_title %}{% trans "Create Fatlink" %}{% endblock page_title %}
{% block extra_css %}
<link href="{% static 'css/jquery.datetimepicker.css' %}" rel="stylesheet" type="text/css">{% endblock extra_css %}
{% block content %}
<div class="col-lg-12">

8
fleetactivitytracking/templates/fleetactivitytracking/fatlinkmodify.html
View File

@@ -8,7 +8,7 @@
{% block content %}
<div class="col-lg-12">
<h1 class="page-header text-center">{% blocktrans %}Edit fatlink "{{ fatlink }}"{% endblocktrans %}
<h1 class="page-header text-center">{% trans "Edit fatlink" %} "{{ fatlink }}"
<div class="text-right">
<form>
<button type="submit" onclick="return confirm('Are you sure?')" class="btn btn-danger" name="deletefat" value="True">
@@ -37,7 +37,7 @@
<td class="text-center">{{ fat.user }}</td>
<td class="text-center">{{ fat.character.character_name }}</td>
{% if fat.station != "No Station" %}
<td class="text-center">Docked in {{ fat.system }}</td>
<td class="text-center">{% blocktrans %}Docked in {{ fat.system }}{% endblocktrans %}</td>
{% else %}
<td class="text-center">{{ fat.system }}</td>
{% endif %}
@@ -56,8 +56,4 @@
</div>
</div>
</div>
<script src="/static/js/dateformat.js"></script>
{% endblock content %}

6
fleetactivitytracking/templates/fleetactivitytracking/fatlinkpersonalmonthlystatisticsview.html
View File

@@ -8,7 +8,7 @@
{% block content %}
<div class="col-lg-12">
<h1 class="page-header text-center">{% trans "Participation data statistics for" %} {{ month }}, {{ year }}
<h1 class="page-header text-center">{% blocktrans %}Participation data statistics for {{ month }}, {{ year }}{% endblocktrans %}
{% if char_id %}
<div class="text-right">
<a href="{% url 'auth_fatlink_view_user_statistics_month' char_id previous_month|date:"Y" previous_month|date:"m" %}" class="btn btn-info">{% trans "Previous month" %}</a>
@@ -61,8 +61,4 @@
{% endif %}
{% endif %}
</div>
<script src="/static/js/dateformat.js"></script>
{% endblock content %}

6
fleetactivitytracking/templates/fleetactivitytracking/fatlinkpersonalstatisticsview.html
View File

@@ -8,7 +8,7 @@
{% block content %}
<div class="col-lg-12">
<h1 class="page-header text-center">{% trans "Participation data statistics for" %} {{ year }}
<h1 class="page-header text-center">{% blocktrans %}Participation data statistics for {{ year }}{% endblocktrans %}
<div class="text-right">
<a href="{% url 'auth_fatlink_view_personal_statistics_year' previous_year %}" class="btn btn-info">{% trans "Previous year" %}</a>
{% if next_year %}
@@ -35,8 +35,4 @@
</table>
</div>
</div>
<script src="/static/js/dateformat.js"></script>
{% endblock content %}

4
fleetactivitytracking/templates/fleetactivitytracking/fatlinkstatisticsview.html
View File

@@ -41,8 +41,4 @@
</table>
{% endif %}
</div>
<script src="/static/js/dateformat.js"></script>
{% endblock content %}

10
fleetactivitytracking/templates/fleetactivitytracking/fatlinkview.html
View File

@@ -36,7 +36,7 @@
<td class="text-center">{{ fat.fatlink.name }}</td>
<td class="text-center">{{ fat.character.character_name }}</td>
{% if fat.station != "No Station" %}
<td class="text-center">Docked in {{ fat.system }}</td>
<td class="text-center">{% blocktrans %}Docked in {{ fat.system }}{% endblocktrans %}</td>
{% else %}
<td class="text-center">{{ fat.system }}</td>
{% endif %}
@@ -46,7 +46,7 @@
{% endfor %}
</table>
{% else %}
<div class="alert alert-warning text-center">No fleet activity on record.</div>
<div class="alert alert-warning text-center">{% trans "No fleet activity on record." %}</div>
{% endif %}
{% if perms.auth.fleetactivitytracking%}
@@ -95,12 +95,8 @@
</table>
{% else %}
<div class="alert alert-warning text-center">No created fatlinks on record.</div>
<div class="alert alert-warning text-center">{% trans "No created fatlinks on record." %}</div>
{% endif %}
{% endif %}
</div>
<script src="/static/js/dateformat.js"></script>
{% endblock content %}

22
fleetactivitytracking/views.py
View File

@@ -5,6 +5,7 @@ from django.core.exceptions import ObjectDoesNotExist
from django.contrib.auth.decorators import login_required
from django.contrib.auth.decorators import permission_required
from django.core.exceptions import ValidationError
from django.utils.translation import ugettext_lazy as _
from django.utils import timezone
from django.contrib import messages
from django.core.paginator import Paginator, EmptyPage, PageNotAnInteger
@@ -205,20 +206,20 @@ def click_fatlink_view(request, token, hash, fatname):
if character:
# get data
c = token.get_esi_client()
c = token.get_esi_client(Location='v1', Universe='v2')
location = c.Location.get_characters_character_id_location(character_id=token.character_id).result()
ship = c.Location.get_characters_character_id_ship(character_id=token.character_id).result()
location['solar_system_name'] = \
c.Universe.get_universe_systems_system_id(system_id=location['solar_system_id']).result()[
'solar_system_name']
if location['structure_id']:
'name']
if location['station_id']:
location['station_name'] = \
c.Universe.get_universe_stations_station_id(station_id=location['station_id']).result()['name']
elif location['structure_id']:
c = token.get_esi_client(Universe='v1')
location['station_name'] = \
c.Universe.get_universe_structures_structure_id(structure_id=location['structure_id']).result()[
'name']
elif location['station_id']:
location['station_name'] = \
c.Universe.get_universe_stations_station_id(station_id=location['station_id']).result()[
'station_name']
else:
location['station_name'] = "No Station"
ship['ship_type_name'] = EveManager.get_itemtype(ship['ship_type_id']).name
@@ -233,7 +234,7 @@ def click_fatlink_view(request, token, hash, fatname):
try:
fat.full_clean()
fat.save()
messages.success(request, 'Fleet participation registered.')
messages.success(request, _('Fleet participation registered.'))
except ValidationError as e:
err_messages = []
for errorname, message in e.message_dict.items():
@@ -244,9 +245,10 @@ def click_fatlink_view(request, token, hash, fatname):
'character_name': token.character_name}
return render(request, 'fleetactivitytracking/characternotexisting.html', context=context)
else:
messages.error(request, 'FAT link has expired.')
messages.error(request, _('FAT link has expired.'))
except (ObjectDoesNotExist, KeyError):
messages.error(request, 'Invalid FAT link.')
logger.exception("Failed to process FAT link.")
messages.error(request, _('Invalid FAT link.'))
return redirect('auth_fatlink_view')

0
services/managers/fleetup_manager.py → fleetup/managers.py
View File

2
fleetup/views.py
View File

@@ -4,7 +4,7 @@ from django.shortcuts import render
from django.contrib.auth.decorators import login_required
from django.contrib.auth.decorators import permission_required
from django.template.defaulttags import register
from services.managers.fleetup_manager import FleetUpManager
from fleetup.managers import FleetUpManager
from authentication.decorators import members_and_blues
import logging

20
groupmanagement/migrations/0005_authgroup_public.py Normal file
View File

@@ -0,0 +1,20 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.5 on 2017-02-04 06:11
from __future__ import unicode_literals
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('groupmanagement', '0004_authgroup'),
]
operations = [
migrations.AddField(
model_name='authgroup',
name='public',
field=models.BooleanField(default=False, help_text='Group is public. Any registered user is able to join this group, with visibility based on the other options set for this group.<br> Auth will not remove users from this group automatically when they are no longer authenticated.'),
),
]

44
groupmanagement/migrations/0006_request_groups_perm.py Normal file
View File

@@ -0,0 +1,44 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.5 on 2017-02-04 07:17
from __future__ import unicode_literals
from django.db import migrations
from django.conf import settings
from django.core.exceptions import ObjectDoesNotExist
from django.contrib.auth.management import create_permissions
import logging
logger = logging.getLogger(__name__)
def add_default_member_permission(apps, schema_editor):
for app_config in apps.get_app_configs():
app_config.models_module = True
create_permissions(app_config, apps=apps, verbosity=0)
app_config.models_module = None
Group = apps.get_model("auth", "Group")
Permission = apps.get_model("auth", "Permission")
try:
perm = Permission.objects.get(codename='request_groups', name='Can request non-public groups')
group = Group.objects.get(name=getattr(settings, str('DEFAULT_AUTH_GROUP'), 'Member'))
group.permissions.add(perm)
except ObjectDoesNotExist:
logger.warning('Failed to add default request_groups permission to Member group')
class Migration(migrations.Migration):
dependencies = [
('groupmanagement', '0005_authgroup_public'),
]
operations = [
migrations.AlterModelOptions(
name='authgroup',
options={'permissions': (('request_groups', 'Can request non-public groups'),)},
),
migrations.RunPython(add_default_member_permission),
]

14
groupmanagement/models.py
View File

@@ -32,6 +32,10 @@ class AuthGroup(models.Model):
Internal - not requestable by users, at all. Covers Corp_, Alliance_, Members etc groups.
Groups are internal by default
Public - Other options are respected, but any user will be able to become and remain a member, even if they
have no API etc entered. Auth will not manage these groups automatically so user removal is up to
group managers/leaders.
Not Internal and:
Hidden - users cannot view, can request if they have the direct link.
Not Hidden - Users can view and request the group
@@ -49,6 +53,11 @@ class AuthGroup(models.Model):
open = models.BooleanField(default=False,
help_text="Group is open and users will be automatically added upon request. <br>"
"If the group is not open users will need their request manually approved.")
public = models.BooleanField(default=False,
help_text="Group is public. Any registered user is able to join this group, with "
"visibility based on the other options set for this group.<br> Auth will "
"not remove users from this group automatically when they are no longer "
"authenticated.")
# Group leaders have management access to this group
group_leaders = models.ManyToManyField(User, related_name='leads_groups', blank=True,
help_text="Group leaders can process group requests for this group "
@@ -60,6 +69,11 @@ class AuthGroup(models.Model):
def __str__(self):
return self.group.name
class Meta:
permissions = (
("request_groups", u"Can request non-public groups"),
)
@receiver(post_save, sender=Group)
def create_auth_group(sender, instance, created, **kwargs):

55
groupmanagement/views.py
View File

@@ -12,7 +12,9 @@ from django.http import Http404
from groupmanagement.managers import GroupManager
from groupmanagement.models import GroupRequest
from authentication.models import AuthServicesInfo
from authentication.managers import UserState
from eveonline.managers import EveManager
from django.utils.translation import ugettext_lazy as _
import logging
@@ -118,12 +120,12 @@ def group_membership_remove(request, group_id, user_id):
# Remove group from user
user.groups.remove(group)
logger.info("User %s removed user %s from group %s" % (request.user, user, group))
messages.success(request, "Removed user %s from group %s" % (user, group))
messages.success(request, _("Removed user %(user)s from group %(group)s.") % {"user": user, "group": group})
except ObjectDoesNotExist:
messages.warning(request, "User does not exist in that group")
messages.warning(request, _("User does not exist in that group"))
except ObjectDoesNotExist:
messages.warning(request, "Group does not exist")
messages.warning(request, _("Group does not exist"))
return redirect('auth_group_membership_list', group_id)
@@ -148,15 +150,14 @@ def group_accept_request(request, group_request_id):
notify(group_request.user, "Group Application Accepted", level="success",
message="Your application to %s has been accepted." % group_request.group)
messages.success(request,
'Accepted application from %s to %s.' % (group_request.main_char, group_request.group))
_('Accepted application from %(mainchar)s to %(group)s.') % {"mainchar": group_request.main_char, "group": group_request.group})
except PermissionDenied as p:
logger.warning("User %s attempted to accept group join request %s but permission was denied" %
(request.user, group_request_id))
raise p
except:
messages.error(request, 'An unhandled error occurred while processing the application from %s to %s.' % (
group_request.main_char, group_request.group))
messages.error(request, _('An unhandled error occurred while processing the application from %(mainchar)s to %(group)s.') % {"mainchar": group_request.main_char, "group": group_request.group})
logger.exception("Unhandled exception occurred while user %s attempting to accept grouprequest id %s." % (
request.user, group_request_id))
pass
@@ -181,15 +182,14 @@ def group_reject_request(request, group_request_id):
notify(group_request.user, "Group Application Rejected", level="danger",
message="Your application to %s has been rejected." % group_request.group)
messages.success(request,
'Rejected application from %s to %s.' % (group_request.main_char, group_request.group))
_('Rejected application from %(mainchar)s to %(group)s.') % {"mainchar": group_request.main_char, "group": group_request.group})
except PermissionDenied as p:
logger.warning("User %s attempted to reject group join request %s but permission was denied" %
(request.user, group_request_id))
raise p
except:
messages.error(request, 'An unhandled error occured while processing the application from %s to %s.' % (
group_request.main_char, group_request.group))
messages.error(request, _('An unhandled error occurred while processing the application from %(mainchar)s to %(group)s.') % {"mainchar": group_request.main_char, "group": group_request.group})
logger.exception("Unhandled exception occured while user %s attempting to reject group request id %s" % (
request.user, group_request_id))
pass
@@ -217,14 +217,14 @@ def group_leave_accept_request(request, group_request_id):
notify(group_request.user, "Group Leave Request Accepted", level="success",
message="Your request to leave %s has been accepted." % group_request.group)
messages.success(request,
'Accepted application from %s to leave %s.' % (group_request.main_char, group_request.group))
_('Accepted application from %(mainchar)s to leave %(group)s.') % {"mainchar": group_request.main_char, "group": group_request.group})
except PermissionDenied as p:
logger.warning("User %s attempted to accept group leave request %s but permission was denied" %
(request.user, group_request_id))
raise p
except:
messages.error(request, 'An unhandled error occured while processing the application from %s to leave %s.' % (
group_request.main_char, group_request.group))
messages.error(request, _('An unhandled error occured while processing the application from %(mainchar)s to leave %(group)s.') % {
"mainchar": group_request.main_char, "group": group_request.group})
logger.exception("Unhandled exception occured while user %s attempting to accept group leave request id %s" % (
request.user, group_request_id))
pass
@@ -249,15 +249,15 @@ def group_leave_reject_request(request, group_request_id):
request.user, group_request.user, group_request.group.name))
notify(group_request.user, "Group Leave Request Rejected", level="danger",
message="Your request to leave %s has been rejected." % group_request.group)
messages.success(request, 'Rejected application from %s to leave %s.' % (
group_request.main_char, group_request.group))
messages.success(request, _('Rejected application from %(mainchar)s to leave %(group)s.') % {
"mainchar": group_request.main_char, "group": group_request.group})
except PermissionDenied as p:
logger.warning("User %s attempted to reject group leave request %s but permission was denied" %
(request.user, group_request_id))
raise p
except:
messages.error(request, 'An unhandled error occured while processing the application from %s to leave %s.' % (
group_request.main_char, group_request.group))
messages.error(request, _('An unhandled error occured while processing the application from %(mainchar)s to leave %(group)s.') % {
"mainchar": group_request.main_char, "group": group_request.group})
logger.exception("Unhandled exception occured while user %s attempting to reject group leave request id %s" % (
request.user, group_request_id))
pass
@@ -270,7 +270,14 @@ def groups_view(request):
logger.debug("groups_view called by user %s" % request.user)
groups = []
for group in GroupManager.get_joinable_groups():
group_query = GroupManager.get_joinable_groups()
if not request.user.has_perm('groupmanagement.request_groups'):
# Filter down to public groups only for non-members
group_query = group_query.filter(authgroup__public=True)
logger.debug("Not a member, only public groups will be available")
for group in group_query:
# Exclude hidden
if not group.authgroup.hidden:
group_request = GroupRequest.objects.filter(user=request.user).filter(group=group)
@@ -288,6 +295,12 @@ def group_request_add(request, group_id):
if not GroupManager.joinable_group(group):
logger.warning("User %s attempted to join group id %s but it is not a joinable group" %
(request.user, group_id))
messages.warning(request, _("You cannot join that group"))
return redirect('auth_groups')
if not request.user.has_perm('groupmanagement.request_groups') and not group.authgroup.public:
# Does not have the required permission, trying to join a non-public group
logger.warning("User %s attempted to join group id %s but it is not a public group" %
(request.user, group_id))
messages.warning(request, "You cannot join that group")
return redirect('auth_groups')
if group.authgroup.open:
@@ -303,7 +316,7 @@ def group_request_add(request, group_id):
grouprequest.leave_request = False
grouprequest.save()
logger.info("Created group request for user %s to group %s" % (request.user, Group.objects.get(id=group_id)))
messages.success(request, 'Applied to group %s.' % group)
messages.success(request, _('Applied to group %(group)s.') % {"group": group})
return redirect("auth_groups")
@@ -314,12 +327,12 @@ def group_request_leave(request, group_id):
if not GroupManager.joinable_group(group):
logger.warning("User %s attempted to leave group id %s but it is not a joinable group" %
(request.user, group_id))
messages.warning(request, "You cannot leave that group")
messages.warning(request, _("You cannot leave that group"))
return redirect('auth_groups')
if group not in request.user.groups.all():
logger.debug("User %s attempted to leave group id %s but they are not a member" %
(request.user, group_id))
messages.warning(request, "You are not a member of that group")
messages.warning(request, _("You are not a member of that group"))
return redirect('auth_groups')
if group.authgroup.open:
logger.info("%s leaving %s as is an open group" % (request.user, group))
@@ -334,5 +347,5 @@ def group_request_leave(request, group_id):
grouprequest.leave_request = True
grouprequest.save()
logger.info("Created group leave request for user %s to group %s" % (request.user, Group.objects.get(id=group_id)))
messages.success(request, 'Applied to leave group %s.' % group)
messages.success(request, _('Applied to leave group %(group)s.') % {"group": group})
return redirect("auth_groups")

2
hrapplications/models.py
View File

@@ -15,7 +15,7 @@ class ApplicationQuestion(models.Model):
help_text = models.CharField(max_length=254, blank=True, null=True)
def __str__(self):
return "Question: " + self.title.encode('utf-8')
return "Question: " + self.title
@python_2_unicode_compatible

6
hrapplications/views.py
View File

@@ -138,6 +138,7 @@ def hr_application_view(request, app_id):
comment.text = form.cleaned_data['comment']
comment.save()
logger.info("Saved comment by user %s to %s" % (request.user, app))
return redirect(hr_application_view, app_id)
else:
logger.warn("User %s does not have permission to add ApplicationComments" % request.user)
else:
@@ -231,14 +232,15 @@ def hr_application_search(request):
applications.add(application)
if searchstring in application.main_character.corporation_name.lower():
applications.add(application)
if searchstring in application.main_character.alliance_name.lower():
if application.main_character.alliance_name \
and searchstring in application.main_character.alliance_name.lower():
applications.add(application)
for character in application.characters:
if searchstring in character.character_name.lower():
applications.add(application)
if searchstring in character.corporation_name.lower():
applications.add(application)
if searchstring in character.alliance_name.lower():
if character.alliance_name and searchstring in character.alliance_name.lower():
applications.add(application)
if searchstring in application.user.username.lower():
applications.add(application)

BIN
locale/de/LC_MESSAGES/django.mo
View File

Binary file not shown.

2393
locale/de/LC_MESSAGES/django.po
View File

File diff suppressed because it is too large Load Diff

11
notifications/views.py
View File

@@ -3,6 +3,7 @@ from django.shortcuts import render, get_object_or_404, redirect
from .models import Notification
from django.contrib.auth.decorators import login_required
from django.contrib import messages
from django.utils.translation import ugettext_lazy as _
import logging
logger = logging.getLogger(__name__)
@@ -33,7 +34,7 @@ def notification_view(request, notif_id):
else:
logger.warn(
"User %s not authorized to view notif_id %s belonging to user %s" % (request.user, notif_id, notif.user))
messages.error(request, 'You are not authorized to view that notification.')
messages.error(request, _('You are not authorized to view that notification.'))
return redirect('auth_notification_list')
@@ -45,11 +46,11 @@ def remove_notification(request, notif_id):
if Notification.objects.filter(id=notif_id).exists():
notif.delete()
logger.info("Deleting notif id %s by user %s" % (notif_id, request.user))
messages.success(request, 'Deleted notification.')
messages.success(request, _('Deleted notification.'))
else:
logger.error(
"Unable to delete notif id %s for user %s - notif matching id not found." % (notif_id, request.user))
messages.error(request, 'Failed to locate notification.')
messages.error(request, _('Failed to locate notification.'))
return redirect('auth_notification_list')
@@ -57,7 +58,7 @@ def remove_notification(request, notif_id):
def mark_all_read(request):
logger.debug('mark all notifications read called by user %s' % request.user)
Notification.objects.filter(user=request.user).update(viewed=True)
messages.success(request, 'Marked all notifications as read.')
messages.success(request, _('Marked all notifications as read.'))
return redirect('auth_notification_list')
@@ -65,5 +66,5 @@ def mark_all_read(request):
def delete_all_read(request):
logger.debug('delete all read notifications called by user %s' % request.user)
Notification.objects.filter(user=request.user).filter(viewed=True).delete()
messages.success(request, 'Deleted all read notifications.')
messages.success(request, _('Deleted all read notifications.'))
return redirect('auth_notification_list')

7
optimer/views.py
View File

@@ -2,6 +2,7 @@ from __future__ import unicode_literals
from django.contrib.auth.decorators import login_required
from django.contrib.auth.decorators import permission_required
from django.utils import timezone
from django.utils.translation import ugettext_lazy as _
from django.shortcuts import get_object_or_404
from django.shortcuts import render, redirect
from django.contrib import messages
@@ -53,7 +54,7 @@ def add_optimer_view(request):
op.eve_character = character
op.save()
logger.info("User %s created op timer with name %s" % (request.user, op.operation_name))
messages.success(request, 'Created operation timer for %s.' % op.operation_name)
messages.success(request, _('Created operation timer for %(opname)s.') % {"opname": op.operation_name})
return redirect("/optimer/")
else:
logger.debug("Returning new opForm")
@@ -72,7 +73,7 @@ def remove_optimer(request, optimer_id):
op = optimer.objects.get(id=optimer_id)
op.delete()
logger.info("Deleting optimer id %s by user %s" % (optimer_id, request.user))
messages.success(request, 'Removed operation timer for %s.' % op.operation_name)
messages.success(request, _('Removed operation timer for %(opname)s.') % {"opname": op.operation_name})
else:
logger.error("Unable to delete optimer id %s for user %s - operation matching id not found." % (
optimer_id, request.user))
@@ -101,7 +102,7 @@ def edit_optimer(request, optimer_id):
op.eve_character = character
logger.info("User %s updating optimer id %s " % (request.user, optimer_id))
op.save()
messages.success(request, 'Saved changes to operation timer for %s.' % op.operation_name)
messages.success(request, _('Saved changes to operation timer for %(opname)s.') % {"opname": op.operation_name})
return redirect("auth_optimer_view")
else:
data = {

0
permissions_tool/__init__.py Normal file
View File

8
permissions_tool/apps.py Normal file
View File

@@ -0,0 +1,8 @@
from __future__ import unicode_literals
from django.apps import AppConfig
class ServicesConfig(AppConfig):
name = 'permissions_tool'

20
permissions_tool/auth_hooks.py Normal file
View File

@@ -0,0 +1,20 @@
from services.hooks import MenuItemHook
from alliance_auth import hooks
class PermissionsTool(MenuItemHook):
def __init__(self):
MenuItemHook.__init__(self,
'Permissions Audit',
'fa fa-key fa-id-card grayiconecolor',
'permissions_overview', 400)
def render(self, request):
if request.user.has_perm('permissions_tool.audit_permissions'):
return MenuItemHook.render(self, request)
return ''
@hooks.register('menu_util_hook')
def register_menu():
return PermissionsTool()

26
permissions_tool/migrations/0001_initial.py Normal file
View File

@@ -0,0 +1,26 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.5 on 2017-02-06 08:58
from __future__ import unicode_literals
from django.db import migrations, models
class Migration(migrations.Migration):
initial = True
dependencies = [
]
operations = [
migrations.CreateModel(
name='PermissionsTool',
fields=[
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
],
options={
'managed': False,
'permissions': (('audit_permissions', 'Can audit permissions'),),
},
),
]

0
permissions_tool/migrations/__init__.py Normal file
View File

12
permissions_tool/models.py Normal file
View File

@@ -0,0 +1,12 @@
from django.db import models
class PermissionsTool(models.Model):
"""
Dummy model for holding permissions
"""
class Meta:
managed = False
permissions = (
('audit_permissions', 'Can audit permissions'),
)

39
permissions_tool/templates/permissions_tool/audit.html Normal file
View File

@@ -0,0 +1,39 @@
{% extends "public/base.html" %}
{% load bootstrap %}
{% load staticfiles %}
{% load i18n %}
{% block page_title %}{{ permission.permission.codename }} - {% trans "Permissions Audit" %}{% endblock page_title %}
{% block content %}
<div>
<h1 class="page-header">{% trans "Permissions Audit" %}: {{ permission.permission.codename }}</h1>
<a href="{% url 'permissions_overview' %}" class="btn btn-default">
<i class="glyphicon glyphicon-chevron-left"></i> {% trans "Back" %}
</a>
<table class="table table-hover">
<thead>
<tr>
<th class="col-md-3">
{% trans "Group" %}
</th>
<th class="col-md-3">
{% trans "User" %}
</th>
</tr>
</thead>
<tbody>
{% for user in permission.users %}
<tr>
{% include 'permissions_tool/audit_row.html' with group="Permission Granted Directly (No Group)" %}
</tr>
{% endfor %}
{% for group in permission.groups %}
{% for user in group.user_set.all %}
{% include 'permissions_tool/audit_row.html' %}
{% endfor %}
{% endfor %}
</tbody>
</table>
</div>
{% endblock content %}

10
permissions_tool/templates/permissions_tool/audit_row.html Normal file
View File

@@ -0,0 +1,10 @@
<tr>
<td>
{% if forloop.first %}
<b>{{ group }}</b>
{% endif %}
</td>
<td>
{{ user }}
</td>
</tr>

79
permissions_tool/templates/permissions_tool/overview.html Normal file
View File

@@ -0,0 +1,79 @@
{% extends "public/base.html" %}
{% load bootstrap %}
{% load staticfiles %}
{% load i18n %}
{% block page_title %}{% trans "Permissions Overview" %}{% endblock page_title %}
{% block content %}
<div>
<h1 class="page-header">{% trans "Permissions Overview" %}</h1>
{% if request.GET.all != 'yes' %}
<span class="pull-right">
{% blocktrans %}Showing only applied permissions{% endblocktrans %}
<a href="{% url 'permissions_overview' %}?all=yes" class="btn btn-primary">{% trans "Show All" %}</a>
</span>
{% else %}
<span class="pull-right">
{% blocktrans %}Showing all permissions{% endblocktrans %}
<a href="{% url 'permissions_overview' %}?all=no" class="btn btn-primary">{% trans "Show Applied" %}</a>
</span>
{% endif %}
<table class="table table-hover">
<thead>
<tr>
<th>
{% trans "App" %}
</th>
<th>
{% trans "Model" %}
</th>
<th>
{% trans "Code Name" %}
</th>
<th>
{% trans "Name" %}
</th>
<th class="col-md-1">
{% trans "Users" %}
</th>
<th class="col-md-1">
{% trans "Groups" %}
</th>
<th class="col-md-1">
{% trans "Groups Users" %}
</th>
</tr>
</thead>
<tbody>
{% for perm in permissions %}
<tr>
<td>
{{ perm.permission.content_type.app_label }}
</td>
<td>
{{ perm.permission.content_type.model }}
</td>
<td>
<a href="{% url "permissions_audit" app_label=perm.permission.content_type.app_label model=perm.permission.content_type.model codename=perm.permission.codename %}">
{{ perm.permission.codename }}
</a>
</td>
<td>
{{ perm.permission.name }}
</td>
<td class="{% if perm.users > 0 %}info {% endif %}text-right">
{{ perm.users }}
</td>
<td class="{% if perm.groups > 0 %}info {% endif %}text-right">
{{ perm.groups }}
</td>
<td class="{% if perm.group_users > 0 %}info {% endif %}text-right">
{{ perm.group_users }}
</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
{% endblock content %}

122
permissions_tool/tests.py Normal file
View File

@@ -0,0 +1,122 @@
from __future__ import unicode_literals
try:
# Py3
from unittest import mock
except ImportError:
# Py2
import mock
from django.test import TestCase
from django import urls
from django.contrib.auth.models import User, Group, Permission
from alliance_auth.tests.auth_utils import AuthUtils
import six
class PermissionsToolViewsTestCase(TestCase):
def setUp(self):
self.member = AuthUtils.create_member('auth_member')
self.member.set_password('password')
self.member.email = 'auth_member@example.com'
self.member.save()
self.none_user = AuthUtils.create_user('none_user', disconnect_signals=True)
self.none_user2 = AuthUtils.create_user('none_user2', disconnect_signals=True)
self.none_user3 = AuthUtils.create_user('none_user3', disconnect_signals=True)
self.no_perm_user = AuthUtils.create_user('no_perm_user', disconnect_signals=True)
self.no_perm_user.set_password('password')
AuthUtils.disconnect_signals()
self.no_perm_group = Group.objects.create(name="No Permission Group")
self.test_group = Group.objects.create(name="Test group")
self.test_group.user_set.add(self.none_user)
self.test_group.user_set.add(self.none_user2)
self.test_group.user_set.add(self.none_user3)
self.permission = Permission.objects.get_by_natural_key(codename='audit_permissions',
app_label='permissions_tool',
model='permissionstool')
self.test_group.permissions.add(self.permission)
self.member.user_permissions.add(self.permission)
AuthUtils.connect_signals()
def test_menu_item(self):
self.client.login(username=self.member.username, password='password')
response = self.client.get(urls.reverse('permissions_overview'))
response_content = response.content
if six.PY3:
response_content = str(response_content, encoding='utf8')
self.assertInHTML('<li><a class="active" href="/en/permissions/overview/"><i class="fa fa-key fa-id-card '
'grayiconecolor"></i> Permissions Audit</a></li>', response_content)
def test_permissions_overview(self):
self.client.login(username=self.member.username, password='password')
response = self.client.get(urls.reverse('permissions_overview'))
self.assertEqual(response.status_code, 200)
self.assertTemplateUsed('permissions_tool/overview.html')
self.assertContains(response, self.permission.codename)
self.assertContains(response, self.permission.content_type.app_label)
self.assertContains(response, self.permission.content_type.model)
tested_context = False
# Test the context
for perm in response.context['permissions']:
if perm['permission'] == self.permission:
tested_context = True
self.assertDictContainsSubset({'users': 1}, perm)
self.assertDictContainsSubset({'groups': 1}, perm)
self.assertDictContainsSubset({'group_users': 3}, perm)
break
self.assertTrue(tested_context)
def test_permissions_overview_perms(self):
# Ensure permission effectively denys access
self.client.login(username=self.no_perm_user.username, password='password')
response = self.client.get(urls.reverse('permissions_overview'))
self.assertEqual(response.status_code, 302)
def test_permissions_audit(self):
self.client.login(username=self.member.username, password='password')
response = self.client.get(urls.reverse('permissions_audit',
kwargs={
'app_label': self.permission.content_type.app_label,
'model': self.permission.content_type.model,
'codename': self.permission.codename,
}))
self.assertTemplateUsed('permissions_tool/audit.html')
self.assertTemplateUsed('permissions_tool/audit_row.html')
self.assertContains(response, self.permission.codename)
self.assertContains(response, self.none_user)
self.assertContains(response, self.none_user3)
self.assertContains(response, self.test_group)
self.assertNotContains(response, self.no_perm_user)
def test_permissions_audit_perms(self):
# Ensure permission effectively denys access
self.client.login(username=self.no_perm_user.username, password='password')
response = self.client.get(urls.reverse('permissions_audit',
kwargs={
'app_label': self.permission.content_type.app_label,
'model': self.permission.content_type.model,
'codename': self.permission.codename,
}))
self.assertEqual(response.status_code, 302)

10
permissions_tool/urls.py Normal file
View File

@@ -0,0 +1,10 @@
from __future__ import unicode_literals
from django.conf.urls import url
from . import views
urlpatterns = [
url(r'^overview/$', views.permissions_overview, name='permissions_overview'),
url(r'^audit/(?P<app_label>[\w\-_]+)/(?P<model>[\w\-_]+)/(?P<codename>[\w\-_]+)/$', views.permissions_audit,
name='permissions_audit'),
]

Some files were not shown because too many files have changed in this diff Show More