chore: improve settings, rename old ldap settings

2024-01-19 23:23:23 +01:00 · 2024-01-19 23:23:23 +01:00 · 55ed01cb40
commit 55ed01cb40
parent 9f299c854c
6 changed files with 41 additions and 40 deletions
--- a/config/settings.yml
+++ b/config/settings.yml
@ -24,9 +24,9 @@ mail-from:
  email:        "_env:MAILFROM_EMAIL:uniworx@localhost"
 mail-object-domain: "_env:MAILOBJECT_DOMAIN:localhost"
 mail-use-replyto-instead-sender: "_env:MAIL_USES_REPLYTO:true"
-mail-reroute-to: 
- name:         "_env:MAIL_REROUTE_TO_NAME:"
- email:        "_env:MAIL_REROUTE_TO_EMAIL:"
+mail-reroute-to:
+  name:         "_env:MAIL_REROUTE_TO_NAME:"
+  email:        "_env:MAIL_REROUTE_TO_EMAIL:"
 #mail-verp:
 #  separator:    "_env:VERP_SEPARATOR:+"
 #  prefix:       "_env:VERP_PREFIX:bounce"
@ -45,7 +45,7 @@ legal-external:
    imprint:          "https://www.fraport.com/de/tools/impressum.html"
    data-protection:  "https://www.fraport.com/de/konzern/datenschutz.html"
    terms-of-use:     "https://www.fraport.com/de/tools/disclaimer.html"
-    payments:         "https://www.fraport.com/de/geschaeftsfelder/service/geschaeftspartner/richtlinien-und-zahlungsbedingungen.html"  
+    payments:         "https://www.fraport.com/de/geschaeftsfelder/service/geschaeftspartner/richtlinien-und-zahlungsbedingungen.html"

 job-workers:        "_env:JOB_WORKERS:10"
 job-flush-interval: "_env:JOB_FLUSH:30"
@ -133,28 +133,27 @@ auto-db-migrate: '_env:AUTO_DB_MIGRATE:true'
 user-database:
  - protocol: "oauth2"
    config:
-      client-id: "_env:OAUTH2CLIENTID:"
-      client-secret: "_env:OAUTH2CLIENTSECRET:"
-      tenant-id: "_env:OAUTH2TENANTID:"
-      scopes: "_env:OAUTH2SCOPES:[]"
+      client-id:      "_env:OAUTH2CLIENTID:"
+      client-secret:  "_env:OAUTH2CLIENTSECRET:"
+      tenant-id:      "_env:OAUTH2TENANTID:"
  - protocol: "ldap"
    config:
-      host:    "_env:LDAPHOST:"
-      tls:     "_env:LDAPTLS:"
-      port:    "_env:LDAPPORT:389"
-      user:    "_env:LDAPUSER:"
-      pass:    "_env:LDAPPASS:"
-      baseDN:  "_env:LDAPBASE:"
-      scope:   "_env:LDAPSCOPE:WholeSubtree"
-      timeout: "_env:LDAPTIMEOUT:5"
+      host:           "_env:LDAPHOST:"
+      tls:            "_env:LDAPTLS:"
+      port:           "_env:LDAPPORT:389"
+      user:           "_env:LDAPUSER:"
+      pass:           "_env:LDAPPASS:"
+      baseDN:         "_env:LDAPBASE:"
+      scope:          "_env:LDAPSCOPE:WholeSubtree"
+      timeout:        "_env:LDAPTIMEOUT:5"
      search-timeout: "_env:LDAPSEARCHTIME:5"
      pool:
-        stripes: "_env:LDAPSTRIPES:1"
-        timeout: "_env:LDAPTIMEOUT:20"
-        limit:   "_env:LDAPLIMIT:10"
+        stripes:      "_env:LDAPSTRIPES:1"
+        timeout:      "_env:LDAPTIMEOUT:20"
+        limit:        "_env:LDAPLIMIT:10"

 userdb-retest-failover: 60
-userdb-sync-within: "_env:USERDB_SYNC_WITHIN:1209600"   # 14 Tage in Sekunden
+userdb-sync-within:   "_env:USERDB_SYNC_WITHIN:1209600" # 14 Tage in Sekunden
 userdb-sync-interval: "_env:USERDB_SYNC_INTERVAL:3600"  # jede Stunde


@ -175,7 +174,7 @@ avs:
 lpr:
  host:    "_env:LPRHOST:fravm017173.fra.fraport.de"
  port:    "_env:LPRPORT:515"
-  queue:   "_env:LPRQUEUE:fradrive"  
+  queue:   "_env:LPRQUEUE:fradrive"

 smtp:
  host:    "_env:SMTPHOST:"
@ -198,7 +197,7 @@ widget-memcached:
  timeout:    "_env:WIDGET_MEMCACHED_TIMEOUT:20"
  base-url:   "_env:WIDGET_MEMCACHED_ROOT:"
  expiration: "_env:WIDGET_MEMCACHED_EXPIRATION:3600"
-  
+
 session-memcached:
  host:       "_env:SESSION_MEMCACHED_HOST:localhost"
  port:       "_env:SESSION_MEMCACHED_PORT:11211"
--- a/src/Handler/Admin/Test.hs
+++ b/src/Handler/Admin/Test.hs
@ -1,4 +1,4 @@
-- SPDX-FileCopyrightText: 2022 Gregor Kleen <gregor.kleen@ifi.lmu.de>,Steffen Jost <jost@tcs.ifi.lmu.de>
+-- SPDX-FileCopyrightText: 2022-2024 Sarah Vaupel <sarah.vaupel@uniworx.de>, Gregor Kleen <gregor.kleen@ifi.lmu.de>, Steffen Jost <jost@tcs.ifi.lmu.de>
 --
 -- SPDX-License-Identifier: AGPL-3.0-or-later

@ -321,8 +321,8 @@ postAdminTestR = do
        <dl .deflist>
          <dt .deflist__dt>        appJobCronInterval
          <dd .deflist__dd>#{tshow appJobCronInterval}
-          <dt .deflist__dt>        appSynchroniseLdapUsersWithin
-          <dd .deflist__dd>#{tshow appSynchroniseLdapUsersWithin}
+          <dt .deflist__dt>        appUserDbSyncWithin
+          <dd .deflist__dd>#{tshow appUserdbSyncWithin}
          <dt .deflist__dt>        appSynchroniseAvsUsersWithin
          <dd .deflist__dd>#{tshow appSynchroniseAvsUsersWithin}
    |]
--- a/src/Jobs/Crontab.hs
+++ b/src/Jobs/Crontab.hs
@ -1,4 +1,4 @@
-- SPDX-FileCopyrightText: 2022-2023 Sarah Vaupel <sarah.vaupel@uniworx.de>, David Mosbach <david.mosbach@uniworx.de>, Gregor Kleen <gregor.kleen@ifi.lmu.de>,Sarah Vaupel <sarah.vaupel@ifi.lmu.de>,Sarah Vaupel <vaupel.sarah@campus.lmu.de>,Steffen Jost <jost@tcs.ifi.lmu.de>
+-- SPDX-FileCopyrightText: 2022-2024 Sarah Vaupel <sarah.vaupel@uniworx.de>, David Mosbach <david.mosbach@uniworx.de>, Gregor Kleen <gregor.kleen@ifi.lmu.de>,Sarah Vaupel <sarah.vaupel@ifi.lmu.de>,Sarah Vaupel <vaupel.sarah@campus.lmu.de>,Steffen Jost <jost@tcs.ifi.lmu.de>
 --
 -- SPDX-License-Identifier: AGPL-3.0-or-later

@ -312,10 +312,10 @@ determineCrontab = execWriterT $ do
    if
      -- TODO: generalize user sync job to oauth
      | is _Just appUserDbConf
-      , Just syncWithin <- appSynchroniseLdapUsersWithin
+      , Just syncWithin <- appUserdbSyncWithin
      , Just cInterval <- appJobCronInterval
        -> do
-          nextIntervals <- getNextIntervals syncWithin appSynchroniseLdapUsersInterval cInterval
+          nextIntervals <- getNextIntervals syncWithin appUserdbSyncInterval cInterval

          forM_ nextIntervals $ \(nextEpoch, nextInterval, nextIntervalTime, numIntervals) -> do
            tell $ HashMap.singleton
@ -327,8 +327,8 @@ determineCrontab = execWriterT $ do
              Cron
                { cronInitial   = CronTimestamp $ utcToLocalTimeTZ appTZ $ toTimeOfDay 23 30 0 $ utctDay nextIntervalTime
                , cronRepeat    = CronRepeatNever
-                , cronRateLimit = appSynchroniseLdapUsersInterval
-                , cronNotAfter  = Right . CronTimestamp . utcToLocalTimeTZ appTZ $ addUTCTime appSynchroniseLdapUsersInterval nextIntervalTime
+                , cronRateLimit = appUserdbSyncInterval
+                , cronNotAfter  = Right . CronTimestamp . utcToLocalTimeTZ appTZ $ addUTCTime appUserdbSyncInterval nextIntervalTime
                }
      | otherwise
       -> return ()
--- a/src/Jobs/Handler/SynchroniseLdap.hs
+++ b/src/Jobs/Handler/SynchroniseLdap.hs
@ -1,4 +1,4 @@
-- SPDX-FileCopyrightText: 2022 Gregor Kleen <gregor.kleen@ifi.lmu.de>
+-- SPDX-FileCopyrightText: 2022-2024 Sarah Vaupel <sarah.vaupel@uniworx.de>, Gregor Kleen <gregor.kleen@ifi.lmu.de>
 --
 -- SPDX-License-Identifier: AGPL-3.0-or-later

@ -52,7 +52,7 @@ dispatchJobSynchroniseLdapUser jUser = JobHandlerException $ do
        let upsertIdent = maybe userIdent CI.mk userLdapPrimaryKey 
        $logInfoS "SynchroniseLdap" [st|Synchronising #{upsertIdent}|]

-        reTestAfter <- getsYesod $ view _appLdapReTestFailover
+        reTestAfter <- getsYesod $ view _appUserdbRetestFailover
        ldapAttrs <- MaybeT $ campusUserReTest' ldapPool ((>= reTestAfter) . realToFrac) FailoverUnlimited user
        void . lift $ upsertCampusUser (UpsertCampusUserLdapSync upsertIdent) ldapAttrs
    Nothing ->
--- a/src/Jobs/HealthReport.hs
+++ b/src/Jobs/HealthReport.hs
@ -1,4 +1,4 @@
-- SPDX-FileCopyrightText: 2022 Gregor Kleen <gregor.kleen@ifi.lmu.de>,Steffen Jost <jost@tcs.ifi.lmu.de>
+-- SPDX-FileCopyrightText: 2022-2024 Sarah Vaupel <sarah.vaupel@uniworx.de>, Gregor Kleen <gregor.kleen@ifi.lmu.de>,Steffen Jost <jost@tcs.ifi.lmu.de>
 --
 -- SPDX-License-Identifier: AGPL-3.0-or-later

@ -110,7 +110,7 @@ dispatchHealthCheckHTTPReachable = fmap HealthHTTPReachable . yesodTimeout (^. _
 dispatchHealthCheckLDAPAdmins :: Handler HealthReport
 dispatchHealthCheckLDAPAdmins = fmap HealthLDAPAdmins . yesodTimeout (^. _appHealthCheckLDAPAdminsTimeout) (Just 0) $ do
  ldapPool' <- getsYesod appLdapPool
-  reTestAfter <- getsYesod $ view _appLdapReTestFailover
+  reTestAfter <- getsYesod $ view _appUserdbRetestFailover
  case ldapPool' of
    Just ldapPool -> do
      ldapAdminUsers' <- fmap (map E.unValue) . runDB . E.select . E.from $ \(user `E.InnerJoin` userFunction) -> E.distinctOnOrderBy [E.asc $ user E.^. UserId] $ do
--- a/src/Settings/OAuth2.hs
+++ b/src/Settings/OAuth2.hs
@ -10,11 +10,9 @@ module Settings.OAuth2
 import ClassyPrelude

 import Utils.Lens.TH
-import Utils.PathPiece (camelToPathPiece)

 import Data.Aeson
-import Data.Aeson.TH
-
+import qualified Data.Set as Set


 -- TODO: use better types
@ -27,6 +25,10 @@ data OAuth2Conf = OAuth2Conf

 makeLenses_ ''OAuth2Conf

-deriveFromJSON defaultOptions
-  { fieldLabelModifier = camelToPathPiece . dropPrefix "oauth2"
-  } ''OAuth2Conf
+instance FromJSON OAuth2Conf where
+  parseJSON = withObject "OAuth2Conf" $ \o -> do
+    oauth2ClientId <- o .:? "client-id" .!= ""
+    oauth2ClientSecret <- o .:? "client-secret" .!= ""
+    oauth2TenantId <- o .:? "tenant-id" .!= ""
+    oauth2Scopes <- o .:? "scopes" .!= Set.empty
+    return OAuth2Conf{..}