fraport/fradrive-old
fraport/fradrive-old
Archived
3
1
Fork 0
Code Issues 65 Pull Requests 5 Actions Packages Projects Releases 197 Wiki Activity

chore(ldap): change fild complete

Browse Source
This commit is contained in:
Steffen Jost 2021-12-10 16:25:35 +01:00
parent ec32a24af7
commit facfece7b5
8 changed files with 44 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
messages/uniworx/categories/user/de-de-formal.msg
View File

@ -8,6 +8,10 @@ AdminUserIdent: Identifikation
AdminUserAuth: Authentifizierung AdminUserAuth: Authentifizierung
AdminUserMatriculation: Matrikelnummer AdminUserMatriculation: Matrikelnummer
AdminUserSex: Geschlecht AdminUserSex: Geschlecht
AdminUserTelephone: Telefonnummer
AdminUserMobile: Mobiltelefonmummer
AdminUserFPersonalNumber: Personalnummer (nur Fraport AG)
AdminUserFDepartment: Abteilung
AdminUserAssimilate: Benutzer assimilieren AdminUserAssimilate: Benutzer assimilieren
UserAdded: Benutzer erfolgreich angelegt UserAdded: Benutzer erfolgreich angelegt
UserCollision: Benutzer konnte wegen Eindeutigkeit nicht angelegt werden UserCollision: Benutzer konnte wegen Eindeutigkeit nicht angelegt werden

4
messages/uniworx/categories/user/en-eu.msg
View File

@ -8,6 +8,10 @@ AdminUserIdent: Identification
AdminUserAuth: Authentication AdminUserAuth: Authentication
AdminUserMatriculation: Matriculation AdminUserMatriculation: Matriculation
AdminUserSex: Sex AdminUserSex: Sex
AdminUserTelephone: Phone
AdminUserMobile: Mobile
AdminUserFPersonalNumber: Personalnumber (Fraport AG only)
AdminUserFDepartment: Department
AdminUserAssimilate: Assimilate user AdminUserAssimilate: Assimilate user
UserAdded: Successfully added user UserAdded: Successfully added user
UserCollision: Could not create user due to uniqueness constraint UserCollision: Could not create user due to uniqueness constraint

1
routes
View File

@ -54,7 +54,6 @@
!/users/functionary-invite AdminFunctionaryInviteR GET POST !/users/functionary-invite AdminFunctionaryInviteR GET POST
!/users/add AdminUserAddR GET POST !/users/add AdminUserAddR GET POST
/admin AdminR GET /admin AdminR GET
/admin/features AdminFeaturesR GET POST
/admin/test AdminTestR GET POST /admin/test AdminTestR GET POST
/admin/errMsg AdminErrMsgR GET POST /admin/errMsg AdminErrMsgR GET POST
/admin/tokens AdminTokensR GET POST /admin/tokens AdminTokensR GET POST

3
src/Auth/LDAP.hs
View File

@ -10,6 +10,7 @@ module Auth.LDAP
, ldapPrimaryKey , ldapPrimaryKey
, ldapUserPrincipalName, ldapUserEmail, ldapUserDisplayName , ldapUserPrincipalName, ldapUserEmail, ldapUserDisplayName
, ldapUserFirstName, ldapUserSurname , ldapUserFirstName, ldapUserSurname
, ldapAffiliation
, ldapUserMobile, ldapUserTelephone , ldapUserMobile, ldapUserTelephone
, ldapUserFraportPersonalnummer, ldapUserFraportAbteilung , ldapUserFraportPersonalnummer, ldapUserFraportAbteilung
) where ) where
@ -71,7 +72,7 @@ userSearchSettings LdapConf{..} = mconcat
, Ldap.derefAliases Ldap.DerefAlways , Ldap.derefAliases Ldap.DerefAlways
] ]
ldapPrimaryKey, ldapUserPrincipalName, ldapUserDisplayName, ldapUserFirstName, ldapUserSurname, ldapUserMobile, ldapUserTelephone, ldapUserFraportPersonalnummer, ldapUserFraportAbteilung :: Ldap.Attr ldapPrimaryKey, ldapUserPrincipalName, ldapUserDisplayName, ldapUserFirstName, ldapUserSurname, ldapAffiliation, ldapUserMobile, ldapUserTelephone, ldapUserFraportPersonalnummer, ldapUserFraportAbteilung :: Ldap.Attr
ldapPrimaryKey = Ldap.Attr "cn" -- should always be identical to "sAMAccountName" ldapPrimaryKey = Ldap.Attr "cn" -- should always be identical to "sAMAccountName"
ldapUserPrincipalName = Ldap.Attr "userPrincipalName" ldapUserPrincipalName = Ldap.Attr "userPrincipalName"
ldapUserDisplayName = Ldap.Attr "displayName" ldapUserDisplayName = Ldap.Attr "displayName"

43
src/Foundation/Yesod/Auth.hs
View File

@ -12,8 +12,7 @@ import Foundation.Types
import Foundation.I18n import Foundation.I18n
import Handler.Utils.Profile import Handler.Utils.Profile
import Handler.Utils.StudyFeatures -- import Handler.Utils.SchoolLdap -- Delete this module?
import Handler.Utils.SchoolLdap
import Handler.Utils.LdapSystemFunctions import Handler.Utils.LdapSystemFunctions
import Handler.Utils.Memcached import Handler.Utils.Memcached
import Foundation.Authorization (AuthorizationCacheKey(..)) import Foundation.Authorization (AuthorizationCacheKey(..))
@ -28,21 +27,21 @@ import qualified Control.Monad.Catch as C (Handler(..))
import qualified Ldap.Client as Ldap import qualified Ldap.Client as Ldap
import qualified Data.Text as Text import qualified Data.Text as Text
import qualified Data.Text.Encoding as Text import qualified Data.Text.Encoding as Text
import qualified Data.ByteString as ByteString -- import qualified Data.ByteString as ByteString
import qualified Data.Set as Set import qualified Data.Set as Set
import qualified Data.Conduit.Combinators as C -- import qualified Data.Conduit.Combinators as C
import qualified Data.List as List ((\\)) -- import qualified Data.List as List ((\\))
import qualified Data.UUID as UUID -- import qualified Data.UUID as UUID
import Data.ByteArray (convert) -- import Data.ByteArray (convert)
import Crypto.Hash (SHAKE128) -- import Crypto.Hash (SHAKE128)
import qualified Data.Binary as Binary -- import qualified Data.Binary as Binary
import qualified Database.Esqueleto.Legacy as E -- import qualified Database.Esqueleto.Legacy as E
import qualified Database.Esqueleto.Utils as E -- import qualified Database.Esqueleto.Utils as E
import Crypto.Hash.Conduit (sinkHash) -- import Crypto.Hash.Conduit (sinkHash)
authenticate :: ( MonadHandler m, HandlerSite m ~ UniWorX authenticate :: ( MonadHandler m, HandlerSite m ~ UniWorX
@ -217,7 +216,7 @@ upsertCampusUser upsertMode ldapData = do
userTelephone <- if userTelephone <- if
| [bs] <- userTelephone' | [bs] <- userTelephone'
, Right userTelephone <- Text.decodeUtf8' bs , Right userTelephone <- Text.decodeUtf8' bs
-> return userTelephone -> return $ Just userTelephone
| otherwise | otherwise
-> return Nothing -> return Nothing
userMobile <- if userMobile <- if
@ -271,13 +270,11 @@ upsertCampusUser upsertMode ldapData = do
, userTitle = Nothing , userTitle = Nothing
, .. , ..
} }
userUpdate = [ UserMatrikelnummer =. userMatrikelnummer userUpdate = [
-- , UserDisplayName =. userDisplayName -- UserDisplayName =. userDisplayName
, UserFirstName =. userFirstName UserFirstName =. userFirstName
, UserSurname =. userSurname , UserSurname =. userSurname
, UserTitle =. userTitle , UserEmail =. userEmail
, UserEmail =. userEmail
, UserSex =. userSex
, UserLastLdapSynchronisation =. Just now , UserLastLdapSynchronisation =. Just now
, UserLdapPrimaryKey =. userLdapPrimaryKey , UserLdapPrimaryKey =. userLdapPrimaryKey
] ++ ] ++
@ -288,7 +285,7 @@ upsertCampusUser upsertMode ldapData = do
user@(Entity userId userRec) <- case oldUsers of user@(Entity userId userRec) <- case oldUsers of
Just [oldUserId] -> updateGetEntity oldUserId userUpdate Just [oldUserId] -> updateGetEntity oldUserId userUpdate
_other -> upsertBy (UniqueAuthentication userIdent) newUser userUpdate _other -> upsertBy (UniqueAuthentication userIdent) newUser userUpdate
unless (validDisplayName userTitle userFirstName userSurname $ userDisplayName userRec) $ unless (validDisplayName Nothing userFirstName userSurname $ userDisplayName userRec) $
update userId [ UserDisplayName =. userDisplayName' ] update userId [ UserDisplayName =. userDisplayName' ]
let let
@ -305,9 +302,7 @@ upsertCampusUser upsertMode ldapData = do
if | preset -> void $ upsert (UserSystemFunction userId func False False) [] if | preset -> void $ upsert (UserSystemFunction userId func False False) []
| otherwise -> deleteWhere [UserSystemFunctionUser ==. userId, UserSystemFunctionFunction ==. func, UserSystemFunctionIsOptOut ==. False, UserSystemFunctionManual ==. False] | otherwise -> deleteWhere [UserSystemFunctionUser ==. userId, UserSystemFunctionFunction ==. func, UserSystemFunctionIsOptOut ==. False, UserSystemFunctionManual ==. False]
return user return user
where
insertMaybe key val = get key >>= maybe (insert_ val) (\_ -> return ())
associateUserSchoolsByTerms :: MonadIO m => UserId -> SqlPersistT m () associateUserSchoolsByTerms :: MonadIO m => UserId -> SqlPersistT m ()
associateUserSchoolsByTerms uid = do associateUserSchoolsByTerms uid = do

1
src/Handler/Admin.hs
View File

@ -6,7 +6,6 @@ import Import
import Handler.Admin.Test as Handler.Admin import Handler.Admin.Test as Handler.Admin
import Handler.Admin.ErrorMessage as Handler.Admin import Handler.Admin.ErrorMessage as Handler.Admin
import Handler.Admin.StudyFeatures as Handler.Admin
import Handler.Admin.Tokens as Handler.Admin import Handler.Admin.Tokens as Handler.Admin
import Handler.Admin.Crontab as Handler.Admin import Handler.Admin.Crontab as Handler.Admin

16
src/Handler/Users/Add.hs
View File

@ -19,9 +19,13 @@ data AdminUserForm = AdminUserForm
, aufDisplayEmail :: UserEmail , aufDisplayEmail :: UserEmail
, aufMatriculation :: Maybe UserMatriculation , aufMatriculation :: Maybe UserMatriculation
, aufSex :: Maybe Sex , aufSex :: Maybe Sex
, aufMobile :: Maybe Text
, aufTelephone :: Maybe Text
, aufFPersonalNumber :: Maybe Text
, aufFDepartment :: Maybe Text
, aufEmail :: UserEmail , aufEmail :: UserEmail
, aufIdent :: UserIdent , aufIdent :: UserIdent
, aufAuth :: AuthenticationKind , aufAuth :: AuthenticationKind
} }
data AuthenticationKind = AuthKindLDAP | AuthKindPWHash data AuthenticationKind = AuthKindLDAP | AuthKindPWHash
@ -49,6 +53,10 @@ adminUserForm template = renderAForm FormStandard
<*> areq (emailField & cfCI) (fslI MsgAdminUserDisplayEmail) (aufDisplayEmail <$> template) <*> areq (emailField & cfCI) (fslI MsgAdminUserDisplayEmail) (aufDisplayEmail <$> template)
<*> aopt (textField & cfStrip) (fslI MsgAdminUserMatriculation) (aufMatriculation <$> template) <*> aopt (textField & cfStrip) (fslI MsgAdminUserMatriculation) (aufMatriculation <$> template)
<*> aopt (selectField optionsFinite) (fslI MsgAdminUserSex) (aufSex <$> template) <*> aopt (selectField optionsFinite) (fslI MsgAdminUserSex) (aufSex <$> template)
<*> aopt (textField & cfStrip) (fslI MsgAdminUserMobile) (aufMobile <$> template)
<*> aopt (textField & cfStrip) (fslI MsgAdminUserTelephone) (aufTelephone <$> template)
<*> aopt (textField & cfStrip) (fslI MsgAdminUserFPersonalNumber) (aufFPersonalNumber <$> template)
<*> aopt (textField & cfStrip) (fslI MsgAdminUserFDepartment) (aufFDepartment <$> template)
<*> areq (emailField & cfCI) (fslI MsgAdminUserEmail) (aufEmail <$> template) <*> areq (emailField & cfCI) (fslI MsgAdminUserEmail) (aufEmail <$> template)
<*> areq (textField & cfStrip & cfCI) (fslI MsgAdminUserIdent) (aufIdent <$> template) <*> areq (textField & cfStrip & cfCI) (fslI MsgAdminUserIdent) (aufIdent <$> template)
<*> areq (selectField optionsFinite) (fslI MsgAdminUserAuth) (aufAuth <$> template <|> Just AuthKindLDAP) <*> areq (selectField optionsFinite) (fslI MsgAdminUserAuth) (aufAuth <$> template <|> Just AuthKindLDAP)
@ -89,7 +97,11 @@ postAdminUserAddR = do
, userFirstName = aufFirstName , userFirstName = aufFirstName
, userSurname = aufSurname , userSurname = aufSurname
, userTitle = aufTitle , userTitle = aufTitle
, userSex = aufSex , userSex = aufSex
, userMobile = aufMobile
, userTelephone = aufTelephone
, userCompanyPersonalNumber = aufFPersonalNumber
, userCompanyDepartment = aufFDepartment
, userMatrikelnummer = aufMatriculation , userMatrikelnummer = aufMatriculation
, userAuthentication = mkAuthMode aufAuth , userAuthentication = mkAuthMode aufAuth
} }

2
src/Handler/Utils/SchoolLdap.hs
View File

@ -11,7 +11,7 @@ import qualified Data.CaseInsensitive as CI
import qualified Data.Set as Set import qualified Data.Set as Set
{- PROBALY DEPRECATED -}
parseLdapSchools :: Text -> Either ParseError (Set (CI Text)) parseLdapSchools :: Text -> Either ParseError (Set (CI Text))
parseLdapSchools = parse pLdapSchools "" parseLdapSchools = parse pLdapSchools ""