Compare commits

..

19 commits

Author SHA1 Message Date
redfast00
73671bd8f1
Merge pull request #213 from ZeusWPI/feat/docker
Dockerize the application
2023-06-28 22:09:06 +02:00
Maxim De Clercq
45b4913657
Add menus provided by Zeus WPI by default 2023-06-25 17:18:50 +02:00
Maxim De Clercq
7b78e7d8ff
Add .dockerignore 2023-06-25 17:18:39 +02:00
Maxim De Clercq
a29d3a33be
Use correct app when running with waitress 2023-06-25 17:18:31 +02:00
Maxim De Clercq
7fad75fc08
Dockerize the application 2023-06-25 17:18:20 +02:00
redfast00
5a82354b78
Merge pull request #214 from ZeusWPI/microsoft-auth-wip
Microsoft auth
2023-06-25 16:49:13 +02:00
Maxim De Clercq
fbb69c843a
Merge branch 'master' into microsoft-auth-wip 2023-06-25 16:18:32 +02:00
redfast00
30626e457a
Merge pull request #217 from ZeusWPI/no-double-space
Remove double space requirement
2023-06-13 23:31:56 +02:00
redfast00
0aea3f6d34
Remove double space requirement 2023-06-13 21:39:19 +02:00
Maxim De Clercq
8b1b3f482a
Add migration for Microsoft Auth 2023-04-20 02:10:59 +02:00
Maxim De Clercq
2d6aea10fb
Change Microsoft account type to ugentbe.onmicrosoft.com 2023-04-19 23:17:51 +02:00
Maxim De Clercq
6e79fc50ed
Merge pull request #186 from ZeusWPI/feature/microsoft-auth
Add working microsoft login flow
2023-04-19 22:55:32 +02:00
Maxim De Clercq
ba29ecbc73
Check for user with matching Microsoft UUID first 2023-04-19 22:38:30 +02:00
Maxim De Clercq
1ffcdc3ec1
Do not store UGent username since it is not exposed through Graph API 2023-04-19 22:03:40 +02:00
Maxim De Clercq
6bb11e49a3
Add support for when cwd is outside the project
E.g. Pycharm runs `/.../haldis/venv/bin/python /.../haldis/app/app.py` when no working directory is set.
2023-04-19 21:18:53 +02:00
Maxim De Clercq
aab522eef9
Merge branch 'master' into feature/microsoft-auth
# Conflicts:
#	app/app.py
#	app/create_database.py
#	app/models/user.py
#	requirements.in
#	requirements.txt
2023-04-19 20:55:35 +02:00
mcbloch
841c3d5fb8 add flag to disable microsoft login 2022-04-20 01:34:19 +02:00
mcbloch
da88d807d1 disable printing of user info 2022-04-20 01:28:48 +02:00
mcbloch
cc0c271a22 Add working microsoft login flow 2022-04-20 01:27:52 +02:00
20 changed files with 288 additions and 52 deletions

10
.dockerignore Normal file
View file

@ -0,0 +1,10 @@
# Ignore everything
*
# Include source, config and scripts
!app
!etc
!*.md
!*.sh
!*.txt
!LICENSE

26
Dockerfile Normal file
View file

@ -0,0 +1,26 @@
# syntax=docker/dockerfile:1
FROM python:3.9.2-slim AS development
WORKDIR /src
RUN pip install pymysql
ADD https://git.zeus.gent/haldis/menus/-/archive/master/menus-master.tar /tmp
RUN mkdir menus && \
tar --directory=menus --extract --strip-components=1 --file=/tmp/menus-master.tar
COPY requirements.txt .
RUN pip install -r requirements.txt
COPY . .
WORKDIR /src/app
CMD python app.py db upgrade && \
python app.py runserver -h 0.0.0.0 -p 8000
FROM development AS production
RUN pip install waitress
CMD python app.py db upgrade && \
python waitress_wsgi.py

View file

@ -15,15 +15,17 @@ from flask_bootstrap import Bootstrap, StaticCDN
from flask_debugtoolbar import DebugToolbarExtension
from flask_login import LoginManager
from flask_migrate import Migrate, MigrateCommand
from flask_oauthlib.client import OAuth, OAuthException
from flask_script import Manager, Server
from login import init_login
from markupsafe import Markup
from admin import init_admin
from auth.login import init_login
from auth.zeus import init_oauth
from config import Configuration
from models import db
from models.anonymous_user import AnonymouseUser
from sentry_sdk.integrations.flask import FlaskIntegration
from utils import euro_string, price_range_string, ignore_none
from zeus import init_oauth
def register_plugins(app: Flask) -> Manager:
@ -100,18 +102,22 @@ def add_routes(application: Flask) -> None:
# import views # TODO convert to blueprint
# import views.stats # TODO convert to blueprint
from login import auth_bp
from auth.login import auth_bp
from auth.microsoft import auth_microsoft_bp
from auth.zeus import auth_zeus_bp
from views.debug import debug_bp
from views.general import general_bp
from views.order import order_bp
from views.stats import stats_blueprint
from zeus import oauth_bp
application.register_blueprint(general_bp, url_prefix="/")
application.register_blueprint(order_bp, url_prefix="/order")
application.register_blueprint(stats_blueprint, url_prefix="/stats")
application.register_blueprint(auth_bp, url_prefix="/")
application.register_blueprint(oauth_bp, url_prefix="/")
if Configuration.ENABLE_MICROSOFT_AUTH:
application.register_blueprint(auth_microsoft_bp,
url_prefix="/users/auth/microsoft_graph_auth") # "/auth/microsoft")
application.register_blueprint(auth_zeus_bp, url_prefix="/auth/zeus")
if application.debug:
application.register_blueprint(debug_bp, url_prefix="/debug")
@ -175,6 +181,10 @@ def create_app():
add_routes(app)
add_template_filters(app)
@app.context_processor
def inject_config():
return dict(configuration=Configuration)
return app, app_manager

View file

@ -1,31 +1,25 @@
"Script for everything related to logging in and out"
"""Script for everything related to logging in and out"""
from flask import Blueprint, abort, redirect, session, url_for
from flask_login import current_user, logout_user
from models import User
from werkzeug.wrappers import Response
from zeus import zeus_login
auth_bp = Blueprint("auth_bp", __name__)
def init_login(app) -> None:
"Initialize the login"
"""Initialize the login"""
# pylint: disable=W0612
@app.login_manager.user_loader
def load_user(userid) -> User:
"Load the user"
"""Load the user"""
return User.query.filter_by(id=userid).first()
@auth_bp.route("/login")
def login():
"Function to handle a user trying to log in"
return zeus_login()
@auth_bp.route("/logout")
def logout() -> Response:
"Function to handle a user trying to log out"
"""Function to handle a user trying to log out"""
if "zeus_token" in session:
session.pop("zeus_token", None)
logout_user()
@ -33,6 +27,6 @@ def logout() -> Response:
def before_request() -> None:
"Function for what has to be done before a request"
"""Function for what has to be done before a request"""
if current_user.is_anonymous() or not current_user.is_allowed():
abort(401)

77
app/auth/microsoft.py Normal file
View file

@ -0,0 +1,77 @@
import typing
from flask import Blueprint, url_for, request, redirect, flash, Response
from flask_login import login_user
from microsoftgraph.client import Client
from config import Configuration
from models import User, db
auth_microsoft_bp = Blueprint("auth_microsoft_bp", __name__)
client = Client(Configuration.MICROSOFT_AUTH_ID,
Configuration.MICROSOFT_AUTH_SECRET,
account_type="ugentbe.onmicrosoft.com")
def microsoft_login():
"""Log in using Microsoft"""
scope = ["openid", "profile", "User.Read", "User.Read.All"]
url = client.authorization_url(url_for("auth_microsoft_bp.authorized", _external=True), scope, state=None)
return redirect(url)
@auth_microsoft_bp.route("/login")
def login():
"""Function to handle a user trying to log in"""
return microsoft_login()
@auth_microsoft_bp.route("callback") # "/authorized")
def authorized() -> typing.Any:
# type is 'typing.Union[str, Response]', but this errors due to
# https://github.com/python/mypy/issues/7187
"""Check authorized status"""
oauth_code = request.args['code']
resp = client.exchange_code(url_for("auth_microsoft_bp.authorized", _external=True), oauth_code)
client.set_token(resp.data)
resp = client.users.get_me()
microsoft_uuid = resp.data['id']
username = resp.data['userPrincipalName']
# Fail if fields are not populated
if not microsoft_uuid or not username:
flash("You're not allowed to enter, please contact a system administrator")
return redirect(url_for("general_bp.home"))
# Find existing user by Microsoft UUID (userPrincipalName can change)
user = User.query.filter_by(microsoft_uuid=microsoft_uuid).first()
if user:
return login_and_redirect_user(user)
# Find existing user by username (pre-existing account)
user = User.query.filter_by(username=username).first()
if user:
return login_and_redirect_user(user)
# No user found, create a new one
user = create_user(username, microsoft_uuid=microsoft_uuid)
return login_and_redirect_user(user)
def login_and_redirect_user(user) -> Response:
"""Log in the user and then redirect them"""
login_user(user)
return redirect(url_for("general_bp.home"))
def create_user(username, *, microsoft_uuid) -> User:
"""Create a temporary user if it is needed"""
user = User()
user.configure(username, False, 1, microsoft_uuid=microsoft_uuid)
db.session.add(user)
db.session.commit()
return user

View file

@ -4,24 +4,30 @@ import typing
from flask import (Blueprint, current_app, flash, redirect, request, session,
url_for)
from flask_login import login_user
from flask_oauthlib.client import OAuth, OAuthException
from flask_oauthlib.client import OAuth, OAuthException, OAuthRemoteApp
from models import User, db
from werkzeug.wrappers import Response
oauth_bp = Blueprint("oauth_bp", __name__)
auth_zeus_bp = Blueprint("auth_zeus_bp", __name__)
def zeus_login():
"Log in using ZeusWPI"
"""Log in using ZeusWPI"""
return current_app.zeus.authorize(
callback=url_for("oauth_bp.authorized", _external=True))
callback=url_for("auth_zeus_bp.authorized", _external=True))
@oauth_bp.route("/login/zeus/authorized")
@auth_zeus_bp.route("/login")
def login():
"""Function to handle a user trying to log in"""
return zeus_login()
@auth_zeus_bp.route("/authorized")
def authorized() -> typing.Any:
# type is 'typing.Union[str, Response]', but this errors due to
# https://github.com/python/mypy/issues/7187
"Check authorized status"
"""Check authorized status"""
resp = current_app.zeus.authorized_response()
if resp is None:
# pylint: disable=C0301
@ -45,8 +51,8 @@ def authorized() -> typing.Any:
return redirect(url_for("general_bp.home"))
def init_oauth(app):
"Initialize the OAuth for ZeusWPI"
def init_oauth(app) -> OAuthRemoteApp:
"""Initialize the OAuth for ZeusWPI"""
oauth = OAuth(app)
zeus = oauth.remote_app(
@ -69,13 +75,13 @@ def init_oauth(app):
def login_and_redirect_user(user) -> Response:
"Log in the user and then redirect them"
"""Log in the user and then redirect them"""
login_user(user)
return redirect(url_for("general_bp.home"))
def create_user(username) -> User:
"Create a temporary user if it is needed"
"""Create a temporary user if it is needed"""
user = User()
user.configure(username, False, 1, associations=["zeus"])
db.session.add(user)

View file

@ -1,11 +1,16 @@
"An example for a Haldis config"
# config
"""An example for a Haldis config"""
# import os
class Configuration:
"Haldis configuration object"
# pylint: disable=too-few-public-methods
SQLALCHEMY_DATABASE_URI = "sqlite:///haldis.db"
# MARIADB_HOST = os.environ.get("MARIADB_HOST")
# MARIADB_DB = os.environ.get("MARIADB_DATABASE")
# MARIADB_USER = os.environ.get("MARIADB_USER")
# MARIADB_PASS = os.environ.get("MARIADB_PASSWORD")
# SQLALCHEMY_DATABASE_URI = f"mysql+pymysql://{MARIADB_USER}:{MARIADB_PASS}@{MARIADB_HOST}/{MARIADB_DB}"
SQLALCHEMY_TRACK_MODIFICATIONS = False
DEBUG = True
HALDIS_ADMINS = []
@ -15,3 +20,7 @@ class Configuration:
SENTRY_DSN = None
ZEUS_KEY = "tomtest"
ZEUS_SECRET = "blargh"
ENABLE_MICROSOFT_AUTH = False
MICROSOFT_AUTH_ID = ""
MICROSOFT_AUTH_SECRET = ""

View file

@ -1,7 +1,6 @@
# Import this class to load the standard HLDS definitions
import subprocess
from os import path
from pathlib import Path
from typing import List
from .models import Location
@ -12,10 +11,14 @@ __all__ = ["location_definitions", "location_definition_version"]
# pylint: disable=invalid-name
# TODO Use proper way to get resources, see https://stackoverflow.com/a/10935674
DATA_DIR = path.join(path.dirname(__file__), "..", "..", "menus")
ROOT_DIR = Path(__file__).parent.parent.parent
DATA_DIR = ROOT_DIR / "menus"
location_definitions: List[Location] = parse_all_directory(DATA_DIR)
location_definitions: List[Location] = parse_all_directory(str(DATA_DIR))
location_definitions.sort(key=lambda l: l.name)
proc = subprocess.run(["git", "rev-parse", "HEAD"], stdout=subprocess.PIPE, check=True)
location_definition_version = proc.stdout.decode().strip()
try:
proc = subprocess.run(["git", "rev-parse", "HEAD"], stdout=subprocess.PIPE, cwd=str(ROOT_DIR), check=True)
location_definition_version = proc.stdout.decode().strip()
except FileNotFoundError:
location_definition_version = ""

View file

@ -29,9 +29,9 @@ location = >location_header items:{ block } ;
attributes =
name:/[^\n#]*?(?= +-- | | *\n| *#)/
name:/[^\n#]*?(?= +-- | | €| *\n| *#)/
[ s '--' ~ s description:/[^\n#]*?(?= | *\n| *#)/ ]
[ / {2,}/ ~
[ / +/ ~
[ {[ s ] ('{' tags+:identifier '}')} / +|$/ ]
[ price:price ]
]

View file

@ -43,7 +43,7 @@ def upgrade():
sa.Column("starttime", sa.DateTime(), nullable=True),
sa.Column("stoptime", sa.DateTime(), nullable=True),
sa.Column("public", sa.Boolean(), nullable=True),
sa.ForeignKeyConstraint(["location_id"], ["location.id"]),
sa.ForeignKeyConstraint(["location_id"], ["location.id"], name="order_ibfk_1"),
sa.PrimaryKeyConstraint("id"),
)
op.create_table(
@ -65,7 +65,7 @@ def upgrade():
sa.Column("extra", sa.String(length=254), nullable=True),
sa.Column("name", sa.String(length=120), nullable=True),
sa.ForeignKeyConstraint(["order_id"], ["order.id"]),
sa.ForeignKeyConstraint(["product_id"], ["product.id"]),
sa.ForeignKeyConstraint(["product_id"], ["product.id"], name="order_item_ibfk_3"),
sa.ForeignKeyConstraint(["user_id"], ["user.id"]),
sa.PrimaryKeyConstraint("id"),
)

View file

@ -0,0 +1,26 @@
"""empty message
Revision ID: 89b2c980b663
Revises: 9eac0f3d7b1e
Create Date: 2023-04-20 02:01:54.558602
"""
# revision identifiers, used by Alembic.
revision = '89b2c980b663'
down_revision = '9eac0f3d7b1e'
from alembic import op
import sqlalchemy as sa
def upgrade():
# ### commands auto generated by Alembic - please adjust! ###
op.add_column('user', sa.Column('microsoft_uuid', sa.VARCHAR(length=120), nullable=True))
# ### end Alembic commands ###
def downgrade():
# ### commands auto generated by Alembic - please adjust! ###
op.drop_column('user', 'microsoft_uuid')
# ### end Alembic commands ###

View file

@ -112,14 +112,12 @@ def upgrade():
)
)
# Historical product data migrated, drop obsolete column and table
op.execute(text("ALTER TABLE order_item DROP FOREIGN KEY order_item_ibfk_3"))
op.drop_constraint("order_item_ibfk_3", "order_item", type_="foreignkey")
op.drop_column("order_item", "product_id")
op.drop_table("product")
# ----------------------------------------------------------------------------------------------
# Migrate historical location data to orders
op.execute(text("ALTER TABLE `order` DROP FOREIGN KEY order_ibfk_2"))
op.alter_column(
"order",
"location_id",
@ -157,6 +155,7 @@ def upgrade():
for query in chain(new_location_id, [location_name_from_location]):
op.execute(query)
# Historical location data migrated, drop obsolete column and table
op.drop_constraint("order_ibfk_1", "order", type_="foreignkey")
op.drop_column("order", "legacy_location_id")
op.drop_table("location")

View file

@ -5,12 +5,14 @@ from models import db
class User(db.Model):
"Class used for configuring the User model in the database"
"""Class used for configuring the User model in the database"""
id = db.Column(db.Integer, primary_key=True)
username = db.Column(db.String(80), unique=True, nullable=False)
admin = db.Column(db.Boolean)
bias = db.Column(db.Integer)
# Assocation logic
# Microsoft OAUTH info
microsoft_uuid = db.Column(db.String(120), unique=True)
# Association logic
associations = db.Column(db.String(255), nullable=False, server_default="")
# Relations
@ -25,13 +27,14 @@ class User(db.Model):
def association_list(self) -> List[str]:
return self.associations.split(",")
def configure(self, username: str, admin: bool, bias: int, associations: Optional[List[str]] = None) -> None:
def configure(self, username: str, admin: bool, bias: int, *, microsoft_uuid: str = None, associations: Optional[List[str]] = None) -> None:
"""Configure the User"""
if associations is None:
associations = []
self.username = username
self.admin = admin
self.bias = bias
self.microsoft_uuid = microsoft_uuid
self.associations = ",".join(associations)
# pylint: disable=C0111, R0201

View file

@ -63,7 +63,8 @@
<nav class="navbar navbar-default navbar-fixed-top">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar"
aria-expanded="false" aria-controls="navbar">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
@ -81,7 +82,10 @@
</ul>
<ul class="nav navbar-nav navbar-right">
{% if current_user.is_anonymous() %}
<li><a href="{{ url_for('auth_bp.login') }}">Login</a></li>
{% if configuration.ENABLE_MICROSOFT_AUTH %}
<li><a href="{{ url_for('auth_microsoft_bp.login') }}">Login with Microsoft</a></li>
{% endif %}
<li><a href="{{ url_for('auth_zeus_bp.login') }}">Login with Zeus</a></li>
{% else %}
<li><a href="{{ url_for('general_bp.profile') }}">{{ current_user.username }}</a></li>
<li><a href="{{ url_for('auth_bp.logout') }}">Logout</a></li>

16
app/waitress_wsgi.py Normal file
View file

@ -0,0 +1,16 @@
import sentry_sdk
from sentry_sdk.integrations.flask import FlaskIntegration
from waitress import serve
from app import create_app
from config import Configuration
if __name__ == "__main__":
if Configuration.SENTRY_DSN:
sentry_sdk.init(
dsn=Configuration.SENTRY_DSN,
integrations=[FlaskIntegration()]
)
app, app_mgr = create_app()
serve(app, host="0.0.0.0", port=8000)

View file

@ -0,0 +1,17 @@
version: "3.4"
services:
app:
build:
target: "development"
environment:
- MARIADB_DATABASE=haldis
- MARIADB_USER=haldis
- MARIADB_PASSWORD=haldis
volumes: ["$PWD:/src"]
database:
environment:
- MARIADB_DATABASE=haldis
- MARIADB_ROOT_PASSWORD=mariadb
- MARIADB_USER=haldis
- MARIADB_PASSWORD=haldis

31
docker-compose.yml Normal file
View file

@ -0,0 +1,31 @@
version: "3.4"
services:
app:
build:
context: .
target: production
restart: on-failure
depends_on: [database]
ports: ["8000:8000"]
environment:
- MARIADB_HOST=database
- MARIADB_DATABASE
- MARIADB_USER
- MARIADB_PASSWORD
networks: [haldis]
database:
image: mariadb:10.8
hostname: database
restart: on-failure
environment:
- MARIADB_DATABASE
- MARIADB_ROOT_PASSWORD
- MARIADB_USER
- MARIADB_PASSWORD
networks: [haldis]
volumes: [haldis_data:/var/lib/mysql]
networks:
haldis:
volumes:
haldis_data:

View file

@ -12,7 +12,7 @@ E="${normal}"
if [ ! -d "venv" ]; then
PYTHON_VERSION=$(cat .python-version)
echo -e "${B} No venv found, creating a new one with version ${PYTHON_VERSION} ${E}"
python3 -m virtualenv -p $PYTHON_VERSION venv
python3 -m virtualenv -p "$PYTHON_VERSION" venv
fi
source venv/bin/activate

View file

@ -12,4 +12,5 @@ black
pymysql
pyyaml
tatsu<5.6 # >=5.6 needs Python >=3.8
microsoftgraph-python
sentry-sdk[flask]

View file

@ -79,6 +79,8 @@ markupsafe==2.0.1
# jinja2
# mako
# wtforms
microsoftgraph-python==1.1.3
# via -r requirements.in
mypy-extensions==0.4.3
# via black
oauthlib==2.1.0
@ -98,7 +100,9 @@ pyyaml==5.4.1
regex==2021.4.4
# via black
requests==2.25.1
# via requests-oauthlib
# via
# microsoftgraph-python
# requests-oauthlib
requests-oauthlib==1.1.0
# via flask-oauthlib
sentry-sdk[flask]==1.10.1