diff --git a/config/settings.yml b/config/settings.yml index dd2e31924..d2833483b 100644 --- a/config/settings.yml +++ b/config/settings.yml @@ -24,9 +24,9 @@ mail-from: email: "_env:MAILFROM_EMAIL:uniworx@localhost" mail-object-domain: "_env:MAILOBJECT_DOMAIN:localhost" mail-use-replyto-instead-sender: "_env:MAIL_USES_REPLYTO:true" -mail-reroute-to: - name: "_env:MAIL_REROUTE_TO_NAME:" - email: "_env:MAIL_REROUTE_TO_EMAIL:" +mail-reroute-to: + name: "_env:MAIL_REROUTE_TO_NAME:" + email: "_env:MAIL_REROUTE_TO_EMAIL:" #mail-verp: # separator: "_env:VERP_SEPARATOR:+" # prefix: "_env:VERP_PREFIX:bounce" @@ -45,7 +45,7 @@ legal-external: imprint: "https://www.fraport.com/de/tools/impressum.html" data-protection: "https://www.fraport.com/de/konzern/datenschutz.html" terms-of-use: "https://www.fraport.com/de/tools/disclaimer.html" - payments: "https://www.fraport.com/de/geschaeftsfelder/service/geschaeftspartner/richtlinien-und-zahlungsbedingungen.html" + payments: "https://www.fraport.com/de/geschaeftsfelder/service/geschaeftspartner/richtlinien-und-zahlungsbedingungen.html" job-workers: "_env:JOB_WORKERS:10" job-flush-interval: "_env:JOB_FLUSH:30" @@ -133,28 +133,27 @@ auto-db-migrate: '_env:AUTO_DB_MIGRATE:true' user-database: - protocol: "oauth2" config: - client-id: "_env:OAUTH2CLIENTID:" - client-secret: "_env:OAUTH2CLIENTSECRET:" - tenant-id: "_env:OAUTH2TENANTID:" - scopes: "_env:OAUTH2SCOPES:[]" + client-id: "_env:OAUTH2CLIENTID:" + client-secret: "_env:OAUTH2CLIENTSECRET:" + tenant-id: "_env:OAUTH2TENANTID:" - protocol: "ldap" config: - host: "_env:LDAPHOST:" - tls: "_env:LDAPTLS:" - port: "_env:LDAPPORT:389" - user: "_env:LDAPUSER:" - pass: "_env:LDAPPASS:" - baseDN: "_env:LDAPBASE:" - scope: "_env:LDAPSCOPE:WholeSubtree" - timeout: "_env:LDAPTIMEOUT:5" + host: "_env:LDAPHOST:" + tls: "_env:LDAPTLS:" + port: "_env:LDAPPORT:389" + user: "_env:LDAPUSER:" + pass: "_env:LDAPPASS:" + baseDN: "_env:LDAPBASE:" + scope: "_env:LDAPSCOPE:WholeSubtree" + timeout: "_env:LDAPTIMEOUT:5" search-timeout: "_env:LDAPSEARCHTIME:5" pool: - stripes: "_env:LDAPSTRIPES:1" - timeout: "_env:LDAPTIMEOUT:20" - limit: "_env:LDAPLIMIT:10" + stripes: "_env:LDAPSTRIPES:1" + timeout: "_env:LDAPTIMEOUT:20" + limit: "_env:LDAPLIMIT:10" userdb-retest-failover: 60 -userdb-sync-within: "_env:USERDB_SYNC_WITHIN:1209600" # 14 Tage in Sekunden +userdb-sync-within: "_env:USERDB_SYNC_WITHIN:1209600" # 14 Tage in Sekunden userdb-sync-interval: "_env:USERDB_SYNC_INTERVAL:3600" # jede Stunde @@ -175,7 +174,7 @@ avs: lpr: host: "_env:LPRHOST:fravm017173.fra.fraport.de" port: "_env:LPRPORT:515" - queue: "_env:LPRQUEUE:fradrive" + queue: "_env:LPRQUEUE:fradrive" smtp: host: "_env:SMTPHOST:" @@ -198,7 +197,7 @@ widget-memcached: timeout: "_env:WIDGET_MEMCACHED_TIMEOUT:20" base-url: "_env:WIDGET_MEMCACHED_ROOT:" expiration: "_env:WIDGET_MEMCACHED_EXPIRATION:3600" - + session-memcached: host: "_env:SESSION_MEMCACHED_HOST:localhost" port: "_env:SESSION_MEMCACHED_PORT:11211" diff --git a/src/Handler/Admin/Test.hs b/src/Handler/Admin/Test.hs index 1969f8717..d89ca8ea6 100644 --- a/src/Handler/Admin/Test.hs +++ b/src/Handler/Admin/Test.hs @@ -1,4 +1,4 @@ --- SPDX-FileCopyrightText: 2022 Gregor Kleen ,Steffen Jost +-- SPDX-FileCopyrightText: 2022-2024 Sarah Vaupel , Gregor Kleen , Steffen Jost -- -- SPDX-License-Identifier: AGPL-3.0-or-later @@ -321,8 +321,8 @@ postAdminTestR = do
appJobCronInterval
#{tshow appJobCronInterval} -
appSynchroniseLdapUsersWithin -
#{tshow appSynchroniseLdapUsersWithin} +
appUserDbSyncWithin +
#{tshow appUserdbSyncWithin}
appSynchroniseAvsUsersWithin
#{tshow appSynchroniseAvsUsersWithin} |] diff --git a/src/Jobs/Crontab.hs b/src/Jobs/Crontab.hs index 05725f0bf..f1f391f19 100644 --- a/src/Jobs/Crontab.hs +++ b/src/Jobs/Crontab.hs @@ -1,4 +1,4 @@ --- SPDX-FileCopyrightText: 2022-2023 Sarah Vaupel , David Mosbach , Gregor Kleen ,Sarah Vaupel ,Sarah Vaupel ,Steffen Jost +-- SPDX-FileCopyrightText: 2022-2024 Sarah Vaupel , David Mosbach , Gregor Kleen ,Sarah Vaupel ,Sarah Vaupel ,Steffen Jost -- -- SPDX-License-Identifier: AGPL-3.0-or-later @@ -312,10 +312,10 @@ determineCrontab = execWriterT $ do if -- TODO: generalize user sync job to oauth | is _Just appUserDbConf - , Just syncWithin <- appSynchroniseLdapUsersWithin + , Just syncWithin <- appUserdbSyncWithin , Just cInterval <- appJobCronInterval -> do - nextIntervals <- getNextIntervals syncWithin appSynchroniseLdapUsersInterval cInterval + nextIntervals <- getNextIntervals syncWithin appUserdbSyncInterval cInterval forM_ nextIntervals $ \(nextEpoch, nextInterval, nextIntervalTime, numIntervals) -> do tell $ HashMap.singleton @@ -327,8 +327,8 @@ determineCrontab = execWriterT $ do Cron { cronInitial = CronTimestamp $ utcToLocalTimeTZ appTZ $ toTimeOfDay 23 30 0 $ utctDay nextIntervalTime , cronRepeat = CronRepeatNever - , cronRateLimit = appSynchroniseLdapUsersInterval - , cronNotAfter = Right . CronTimestamp . utcToLocalTimeTZ appTZ $ addUTCTime appSynchroniseLdapUsersInterval nextIntervalTime + , cronRateLimit = appUserdbSyncInterval + , cronNotAfter = Right . CronTimestamp . utcToLocalTimeTZ appTZ $ addUTCTime appUserdbSyncInterval nextIntervalTime } | otherwise -> return () diff --git a/src/Jobs/Handler/SynchroniseLdap.hs b/src/Jobs/Handler/SynchroniseLdap.hs index 52572d879..1a83dc555 100644 --- a/src/Jobs/Handler/SynchroniseLdap.hs +++ b/src/Jobs/Handler/SynchroniseLdap.hs @@ -1,4 +1,4 @@ --- SPDX-FileCopyrightText: 2022 Gregor Kleen +-- SPDX-FileCopyrightText: 2022-2024 Sarah Vaupel , Gregor Kleen -- -- SPDX-License-Identifier: AGPL-3.0-or-later @@ -52,7 +52,7 @@ dispatchJobSynchroniseLdapUser jUser = JobHandlerException $ do let upsertIdent = maybe userIdent CI.mk userLdapPrimaryKey $logInfoS "SynchroniseLdap" [st|Synchronising #{upsertIdent}|] - reTestAfter <- getsYesod $ view _appLdapReTestFailover + reTestAfter <- getsYesod $ view _appUserdbRetestFailover ldapAttrs <- MaybeT $ campusUserReTest' ldapPool ((>= reTestAfter) . realToFrac) FailoverUnlimited user void . lift $ upsertCampusUser (UpsertCampusUserLdapSync upsertIdent) ldapAttrs Nothing -> diff --git a/src/Jobs/HealthReport.hs b/src/Jobs/HealthReport.hs index 1f503321b..68ada28f3 100644 --- a/src/Jobs/HealthReport.hs +++ b/src/Jobs/HealthReport.hs @@ -1,4 +1,4 @@ --- SPDX-FileCopyrightText: 2022 Gregor Kleen ,Steffen Jost +-- SPDX-FileCopyrightText: 2022-2024 Sarah Vaupel , Gregor Kleen ,Steffen Jost -- -- SPDX-License-Identifier: AGPL-3.0-or-later @@ -110,7 +110,7 @@ dispatchHealthCheckHTTPReachable = fmap HealthHTTPReachable . yesodTimeout (^. _ dispatchHealthCheckLDAPAdmins :: Handler HealthReport dispatchHealthCheckLDAPAdmins = fmap HealthLDAPAdmins . yesodTimeout (^. _appHealthCheckLDAPAdminsTimeout) (Just 0) $ do ldapPool' <- getsYesod appLdapPool - reTestAfter <- getsYesod $ view _appLdapReTestFailover + reTestAfter <- getsYesod $ view _appUserdbRetestFailover case ldapPool' of Just ldapPool -> do ldapAdminUsers' <- fmap (map E.unValue) . runDB . E.select . E.from $ \(user `E.InnerJoin` userFunction) -> E.distinctOnOrderBy [E.asc $ user E.^. UserId] $ do diff --git a/src/Settings/OAuth2.hs b/src/Settings/OAuth2.hs index 98e1908b4..c1c5fbeba 100644 --- a/src/Settings/OAuth2.hs +++ b/src/Settings/OAuth2.hs @@ -10,11 +10,9 @@ module Settings.OAuth2 import ClassyPrelude import Utils.Lens.TH -import Utils.PathPiece (camelToPathPiece) import Data.Aeson -import Data.Aeson.TH - +import qualified Data.Set as Set -- TODO: use better types @@ -27,6 +25,10 @@ data OAuth2Conf = OAuth2Conf makeLenses_ ''OAuth2Conf -deriveFromJSON defaultOptions - { fieldLabelModifier = camelToPathPiece . dropPrefix "oauth2" - } ''OAuth2Conf +instance FromJSON OAuth2Conf where + parseJSON = withObject "OAuth2Conf" $ \o -> do + oauth2ClientId <- o .:? "client-id" .!= "" + oauth2ClientSecret <- o .:? "client-secret" .!= "" + oauth2TenantId <- o .:? "tenant-id" .!= "" + oauth2Scopes <- o .:? "scopes" .!= Set.empty + return OAuth2Conf{..}