fraport/fradrive
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore(avs): add AuthNoLogin authentication mode

Browse Source
This commit is contained in:
Steffen Jost 2022-09-26 14:31:14 +02:00
parent b4a25df963
commit ebd557ff0a
8 changed files with 53 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
messages/uniworx/categories/user/de-de-formal.msg
View File

@ -41,6 +41,7 @@ AuthLDAPInvalidLookup: Bestehender Nutzer/Bestehende Nutzerin konnte nicht einde
AuthLDAPAlreadyConfigured: Nutzer:in meldet sich bereits per Fraport AG Kennung in FRADrive an AuthLDAPAlreadyConfigured: Nutzer:in meldet sich bereits per Fraport AG Kennung in FRADrive an
AuthLDAPConfigured: Nutzer:in meldet sich nun per Fraport AG Kennung in FRADrive an AuthLDAPConfigured: Nutzer:in meldet sich nun per Fraport AG Kennung in FRADrive an
AuthLDAP !ident-ok: Fraport AG Kennung AuthLDAP !ident-ok: Fraport AG Kennung
AuthNoLogin: Kein Login erlaubt.
PasswordResetQueued: Link zum Passwort-Zurücksetzen versandt PasswordResetQueued: Link zum Passwort-Zurücksetzen versandt
UserAssimilateUser: Benutzer:in UserAssimilateUser: Benutzer:in
AssimilateUserNotFound: E-Mail Adresse konnte keinem Benutzer/keiner Benutzerin zugeordnet werden AssimilateUserNotFound: E-Mail Adresse konnte keinem Benutzer/keiner Benutzerin zugeordnet werden
@ -84,4 +85,5 @@ AllUsersLdapSync: Alle LDAP-Synchronisieren
UserHijack: Sitzung übernehmen UserHijack: Sitzung übernehmen
AuthKindLDAP: Fraport AG Kennung AuthKindLDAP: Fraport AG Kennung
AuthKindPWHash: FRADrive Kennung AuthKindPWHash: FRADrive Kennung
AuthKindNoLogin: Kein Login möglich
Name !ident-ok: Name Name !ident-ok: Name

2
messages/uniworx/categories/user/en-eu.msg
View File

@ -41,6 +41,7 @@ AuthLDAPInvalidLookup: Existing user could not be uniquely matched with a LDAP e
AuthLDAPAlreadyConfigured: User already logs in using their Fraport AG account AuthLDAPAlreadyConfigured: User already logs in using their Fraport AG account
AuthLDAPConfigured: User now logs in using their Fraport AG account AuthLDAPConfigured: User now logs in using their Fraport AG account
AuthLDAP: Fraport AG account AuthLDAP: Fraport AG account
AuthNoLogin: No login allowed.
PasswordResetQueued: Sent link to reset password PasswordResetQueued: Sent link to reset password
UserAssimilateUser: User UserAssimilateUser: User
AssimilateUserNotFound: Email could not be resolved to an user AssimilateUserNotFound: Email could not be resolved to an user
@ -84,4 +85,5 @@ AllUsersLdapSync: Synchronise all with LDAP
UserHijack: Hijack session UserHijack: Hijack session
AuthKindLDAP: Fraport AG account AuthKindLDAP: Fraport AG account
AuthKindPWHash: FRADrive account AuthKindPWHash: FRADrive account
AuthKindNoLogin: No login
Name: Name Name: Name

2
src/Foundation/Yesod/Auth.hs
View File

@ -205,7 +205,7 @@ decodeUser now UserDefaultConf{..} upsertMode ldapData = do
userAuthentication userAuthentication
| is _UpsertCampusUserLoginOther upsertMode | is _UpsertCampusUserLoginOther upsertMode
= AuthPWHash (error "Non-LDAP logins should only work for users that are already known") = AuthNoLogin -- AuthPWHash (error "Non-LDAP logins should only work for users that are already known")
| otherwise = AuthLDAP | otherwise = AuthLDAP
userLastAuthentication = guardOn isLogin now userLastAuthentication = guardOn isLogin now
isLogin = has (_UpsertCampusUserLoginLdap <> _UpsertCampusUserLoginOther . united) upsertMode isLogin = has (_UpsertCampusUserLoginLdap <> _UpsertCampusUserLoginOther . united) upsertMode

17
src/Handler/Users/Add.hs
View File

@ -1,8 +1,7 @@
module Handler.Users.Add module Handler.Users.Add
( AuthenticationKind(..) ( getAdminUserAddR, postAdminUserAddR
, classifyAuth, mkAuthMode -- , AdminUserForm(..), adminUserForm -- no longer needed elsewhere
, AdminUserForm(..), adminUserForm -- , AuthenticationKind(..), classifyAuth, mkAuthMode -- no longer needed elsewhere
, getAdminUserAddR, postAdminUserAddR
) where ) where
@ -31,20 +30,24 @@ data AdminUserForm = AdminUserForm
, aufAuth :: AuthenticationKind , aufAuth :: AuthenticationKind
} }
data AuthenticationKind = AuthKindLDAP | AuthKindPWHash data AuthenticationKind = AuthKindLDAP | AuthKindPWHash | AuthKindNoLogin
deriving (Eq, Ord, Read, Show, Enum, Bounded, Generic, Typeable) deriving (Eq, Ord, Read, Show, Enum, Bounded, Generic, Typeable)
instance Universe AuthenticationKind instance Universe AuthenticationKind
instance Finite AuthenticationKind instance Finite AuthenticationKind
embedRenderMessage ''UniWorX ''AuthenticationKind id embedRenderMessage ''UniWorX ''AuthenticationKind id
nullaryPathPiece ''AuthenticationKind $ camelToPathPiece' 2 nullaryPathPiece ''AuthenticationKind $ camelToPathPiece' 2
{-
classifyAuth :: AuthenticationMode -> AuthenticationKind classifyAuth :: AuthenticationMode -> AuthenticationKind
classifyAuth AuthLDAP = AuthKindLDAP classifyAuth AuthLDAP = AuthKindLDAP
classifyAuth AuthPWHash{} = AuthKindPWHash classifyAuth AuthPWHash{} = AuthKindPWHash
classifyAuth AuthNoLogin = AuthKindNoLogin
-}
mkAuthMode :: AuthenticationKind -> AuthenticationMode mkAuthMode :: AuthenticationKind -> AuthenticationMode
mkAuthMode AuthKindLDAP = AuthLDAP mkAuthMode AuthKindLDAP = AuthLDAP
mkAuthMode AuthKindPWHash = AuthPWHash "" mkAuthMode AuthKindPWHash = AuthPWHash ""
mkAuthMode AuthKindNoLogin = AuthNoLogin
adminUserForm :: Maybe AdminUserForm -> Form AdminUserForm adminUserForm :: Maybe AdminUserForm -> Form AdminUserForm
adminUserForm template = renderAForm FormStandard adminUserForm template = renderAForm FormStandard

1
src/Model/Types/Security.hs
View File

@ -52,6 +52,7 @@ import Data.Binary.Instances.UnorderedContainers ()
data AuthenticationMode = AuthLDAP data AuthenticationMode = AuthLDAP
| AuthPWHash { authPWHash :: Text } | AuthPWHash { authPWHash :: Text }
| AuthNoLogin
deriving (Eq, Ord, Read, Show, Generic) deriving (Eq, Ord, Read, Show, Generic)
instance Hashable AuthenticationMode instance Hashable AuthenticationMode

2
test/Database/Fill.hs
View File

@ -239,7 +239,7 @@ fillDb = do
} }
tinaTester <- insert $ User tinaTester <- insert $ User
{ userIdent = "tester@campus.lmu.de" { userIdent = "tester@campus.lmu.de"
, userAuthentication = AuthLDAP , userAuthentication = AuthNoLogin
, userLastAuthentication = Nothing , userLastAuthentication = Nothing
, userTokensIssuedAfter = Nothing , userTokensIssuedAfter = Nothing
, userMatrikelnummer = Just "999" , userMatrikelnummer = Just "999"

1
test/Model/TypesSpec.hs
View File

@ -225,6 +225,7 @@ instance Arbitrary AuthenticationMode where
] ]
shrink AuthLDAP = [] shrink AuthLDAP = []
shrink AuthNoLogin = []
shrink (AuthPWHash _) = [AuthLDAP] shrink (AuthPWHash _) = [AuthLDAP]
instance Arbitrary LecturerType where instance Arbitrary LecturerType where

35
test/Utils/TypesSpec.hs
View File

@ -2,6 +2,9 @@ module Utils.TypesSpec where
import TestImport import TestImport
instance Arbitrary SloppyBool where
arbitrary = SloppyBool <$> arbitrary
shrink (SloppyBool x) = SloppyBool <$> shrink x
instance Arbitrary AvsPersonId where instance Arbitrary AvsPersonId where
arbitrary = AvsPersonId <$> arbitrary arbitrary = AvsPersonId <$> arbitrary
@ -11,6 +14,14 @@ instance Arbitrary AvsCardNo where
arbitrary = AvsCardNo <$> arbitrary arbitrary = AvsCardNo <$> arbitrary
shrink (AvsCardNo x) = AvsCardNo <$> shrink x shrink (AvsCardNo x) = AvsCardNo <$> shrink x
instance Arbitrary AvsLicence where
arbitrary = genericArbitrary
shrink = genericShrink
instance Arbitrary AvsObjPersonId where
arbitrary = genericArbitrary
shrink = genericShrink
instance Arbitrary AvsDataCardColor where instance Arbitrary AvsDataCardColor where
arbitrary = genericArbitrary arbitrary = genericArbitrary
shrink = genericShrink shrink = genericShrink
@ -27,6 +38,14 @@ instance Arbitrary AvsDataPerson where
arbitrary = genericArbitrary arbitrary = genericArbitrary
shrink = genericShrink shrink = genericShrink
instance Arbitrary AvsPersonLicence where
arbitrary = genericArbitrary
shrink = genericShrink
instance Arbitrary AvsLicenceResponse where
arbitrary = genericArbitrary
shrink = genericShrink
instance Arbitrary AvsResponsePerson where instance Arbitrary AvsResponsePerson where
arbitrary = genericArbitrary arbitrary = genericArbitrary
shrink = genericShrink shrink = genericShrink
@ -35,6 +54,14 @@ instance Arbitrary AvsResponseStatus where
arbitrary = genericArbitrary arbitrary = genericArbitrary
shrink = genericShrink shrink = genericShrink
instance Arbitrary AvsResponseSetLicences where
arbitrary = genericArbitrary
shrink = genericShrink
instance Arbitrary AvsResponseGetLicences where
arbitrary = genericArbitrary
shrink = genericShrink
instance Arbitrary AvsQueryStatus where instance Arbitrary AvsQueryStatus where
arbitrary = genericArbitrary arbitrary = genericArbitrary
shrink = genericShrink shrink = genericShrink
@ -43,6 +70,14 @@ instance Arbitrary AvsQueryPerson where
arbitrary = genericArbitrary arbitrary = genericArbitrary
shrink = genericShrink shrink = genericShrink
instance Arbitrary AvsQuerySetLicences where
arbitrary = genericArbitrary
shrink = genericShrink
instance Arbitrary AvsQueryGetLicences where
arbitrary = genericArbitrary
shrink = genericShrink
spec :: Spec spec :: Spec
spec = do spec = do