entrouvert
/
hobo
16
0
Fork 0
Code Issues Pull Requests 15 Releases Activity

multitenant: give up 'unsecure' file mechanism (#63119)

This commit is contained in:
Emmanuel Cazenave 2022-03-23 16:47:35 +01:00
parent 5c1de7d4ad
commit e0f7576d84
6 changed files with 53 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
hobo/multitenant/models.py
View File

@ -42,18 +42,10 @@ class Tenant(TenantMixin):
if service.get('this'):
return service
def is_secure(self):
if os.path.exists(os.path.join(self.get_directory(), 'unsecure')):
return False
return True
def get_base_url(self):
if os.path.exists(os.path.join(self.get_directory(), 'base_url')):
return open(os.path.join(self.get_directory(), 'base_url')).read().strip().strip('/')
if self.is_secure():
return 'https://%s' % self.domain_url
else:
return 'http://%s' % self.domain_url
return 'https://%s' % self.domain_url
def build_absolute_uri(self, location):
return urljoin(self.get_base_url(), location)

4
tests_authentic/conftest.py
View File

@ -26,8 +26,6 @@ def tenant_factory(transactional_db, tenant_base, settings):
def factory(name):
tenant_dir = os.path.join(tenant_base, name)
os.mkdir(tenant_dir)
with open(os.path.join(tenant_dir, 'unsecure'), 'w') as fd:
fd.write('1')
with open(os.path.join(tenant_dir, 'settings.json'), 'w') as fd:
json.dump({'HOBO_TEST_VARIABLE': name}, fd)
with open(os.path.join(tenant_dir, 'hobo.json'), 'w') as fd:
@ -44,7 +42,7 @@ def tenant_factory(transactional_db, tenant_base, settings):
'title': 'Test',
'this': True,
'secret_key': '12345',
'base_url': 'http://%s' % name,
'base_url': 'https://%s' % name,
'variables': {
'other_variable': 'bar',
},

16
tests_authentic/test_provisionning.py
View File

@ -157,7 +157,7 @@ def test_provision_user(transactional_db, tenant, caplog):
arg = arg[0][0]
assert isinstance(arg, dict)
assert set(arg.keys()) == set(['issuer', 'audience', '@type', 'objects', 'full'])
assert arg['issuer'] == 'http://%s/idp/saml2/metadata' % tenant.domain_url
assert arg['issuer'] == 'https://%s/idp/saml2/metadata' % tenant.domain_url
assert arg['audience'] == ['http://provider.com']
assert arg['@type'] == 'provision'
assert arg['full'] is False
@ -198,7 +198,7 @@ def test_provision_user(transactional_db, tenant, caplog):
arg = arg[0][0]
assert isinstance(arg, dict)
assert set(arg.keys()) == set(['issuer', 'audience', '@type', 'objects', 'full'])
assert arg['issuer'] == 'http://%s/idp/saml2/metadata' % tenant.domain_url
assert arg['issuer'] == 'https://%s/idp/saml2/metadata' % tenant.domain_url
assert arg['audience'] == ['http://provider.com']
assert arg['@type'] == 'provision'
assert arg['full'] is False
@ -264,7 +264,7 @@ def test_provision_user(transactional_db, tenant, caplog):
arg = arg[0][0]
assert isinstance(arg, dict)
assert set(arg.keys()) == set(['issuer', 'audience', '@type', 'objects', 'full'])
assert arg['issuer'] == 'http://%s/idp/saml2/metadata' % tenant.domain_url
assert arg['issuer'] == 'https://%s/idp/saml2/metadata' % tenant.domain_url
assert arg['audience'] == ['http://provider.com']
assert arg['@type'] == 'provision'
assert arg['full'] is False
@ -302,7 +302,7 @@ def test_provision_user(transactional_db, tenant, caplog):
arg = arg[0][0]
assert isinstance(arg, dict)
assert set(arg.keys()) == set(['issuer', 'audience', '@type', 'objects', 'full'])
assert arg['issuer'] == 'http://%s/idp/saml2/metadata' % tenant.domain_url
assert arg['issuer'] == 'https://%s/idp/saml2/metadata' % tenant.domain_url
assert arg['audience'] == ['http://provider.com']
assert arg['@type'] == 'provision'
assert arg['full'] is False
@ -340,7 +340,7 @@ def test_provision_user(transactional_db, tenant, caplog):
arg = arg[0][0]
assert isinstance(arg, dict)
assert set(arg.keys()) == set(['issuer', 'audience', '@type', 'objects', 'full'])
assert arg['issuer'] == 'http://%s/idp/saml2/metadata' % tenant.domain_url
assert arg['issuer'] == 'https://%s/idp/saml2/metadata' % tenant.domain_url
assert arg['audience'] == ['http://provider.com']
assert arg['@type'] == 'provision'
assert arg['full'] is False
@ -374,7 +374,7 @@ def test_provision_user(transactional_db, tenant, caplog):
arg = arg[0][0]
assert isinstance(arg, dict)
assert set(arg.keys()) == set(['issuer', 'audience', '@type', 'objects', 'full'])
assert arg['issuer'] == 'http://%s/idp/saml2/metadata' % tenant.domain_url
assert arg['issuer'] == 'https://%s/idp/saml2/metadata' % tenant.domain_url
assert arg['audience'] == ['http://provider.com']
assert arg['@type'] == 'provision'
assert arg['full'] is False
@ -412,7 +412,7 @@ def test_provision_user(transactional_db, tenant, caplog):
arg = arg[0][0]
assert isinstance(arg, dict)
assert set(arg.keys()) == set(['issuer', 'audience', '@type', 'objects', 'full'])
assert arg['issuer'] == 'http://%s/idp/saml2/metadata' % tenant.domain_url
assert arg['issuer'] == 'https://%s/idp/saml2/metadata' % tenant.domain_url
assert arg['audience'] == ['http://provider.com']
assert arg['@type'] == 'provision'
assert arg['full'] is False
@ -455,7 +455,7 @@ def test_provision_user(transactional_db, tenant, caplog):
arg = arg[0][0]
assert isinstance(arg, dict)
assert set(arg.keys()) == set(['issuer', 'audience', '@type', 'objects', 'full'])
assert arg['issuer'] == 'http://%s/idp/saml2/metadata' % tenant.domain_url
assert arg['issuer'] == 'https://%s/idp/saml2/metadata' % tenant.domain_url
assert set(arg['audience']) == set(['http://provider.com', 'http://provider2.com'])
assert arg['@type'] == 'deprovision'
assert arg['full'] is False

2
tests_multipublik/conftest.py
View File

@ -17,8 +17,6 @@ def tenants(transactional_db, request, settings):
def make_tenant(name):
tenant_dir = os.path.join(base, name)
os.mkdir(tenant_dir)
with open(os.path.join(tenant_dir, 'unsecure'), 'w') as fd:
fd.write('1')
t = Tenant(domain_url=name, schema_name=name.replace('-', '_').replace('.', '_'))
t.create_schema()
return t

82
tests_multipublik/test_multipublik.py
View File

@ -33,11 +33,11 @@ def assert_hobo1_service_in_hobo1(hobo_json):
if service['slug'] == 'hobo':
assert service['service-id'] == 'hobo'
assert service['title'] == 'Hobo'
assert service['backoffice-menu-url'] == 'http://tenant1.example.net/menu.json'
assert service['base_url'] == 'http://tenant1.example.net/'
assert service['provisionning-url'] == 'http://tenant1.example.net/__provision__/'
assert service['saml-sp-metadata-url'] == 'http://tenant1.example.net/accounts/mellon/metadata/'
assert service['secret_key'] == 'fe4a8768479f0b82d3f465f65609fd7c43b4fc8f'
assert service['backoffice-menu-url'] == 'https://tenant1.example.net/menu.json'
assert service['base_url'] == 'https://tenant1.example.net/'
assert service['provisionning-url'] == 'https://tenant1.example.net/__provision__/'
assert service['saml-sp-metadata-url'] == 'https://tenant1.example.net/accounts/mellon/metadata/'
assert service['secret_key'] == '7e5e1778ee87fbbcfc9f10f0978bdd9e1b74d300'
assert 'id' not in service
return
assert False, "Can't find hobo1 service"
@ -49,10 +49,10 @@ def assert_hobo1_service_in_hobo2(hobo_json):
assert service['service-id'] == 'hobo'
assert service['title'] == 'Hobo'
assert 'backoffice-menu-url' not in service
assert service['base_url'] == 'http://tenant1.example.net/'
assert service['provisionning-url'] == 'http://tenant1.example.net/__provision__/'
assert service['saml-sp-metadata-url'] == 'http://tenant1.example.net/accounts/mellon/metadata/'
assert service['secret_key'] == 'fe4a8768479f0b82d3f465f65609fd7c43b4fc8f'
assert service['base_url'] == 'https://tenant1.example.net/'
assert service['provisionning-url'] == 'https://tenant1.example.net/__provision__/'
assert service['saml-sp-metadata-url'] == 'https://tenant1.example.net/accounts/mellon/metadata/'
assert service['secret_key'] == '7e5e1778ee87fbbcfc9f10f0978bdd9e1b74d300'
assert 'id' in service
assert service['secondary'] is True
assert service['template_name'] == ''
@ -67,10 +67,10 @@ def assert_hobo1_service_in_hobo3(hobo_json):
assert service['service-id'] == 'hobo'
assert service['title'] == 'Hobo'
assert 'backoffice-menu-url' not in service
assert service['base_url'] == 'http://tenant1.example.net/'
assert service['provisionning-url'] == 'http://tenant1.example.net/__provision__/'
assert service['saml-sp-metadata-url'] == 'http://tenant1.example.net/accounts/mellon/metadata/'
assert service['secret_key'] == 'fe4a8768479f0b82d3f465f65609fd7c43b4fc8f'
assert service['base_url'] == 'https://tenant1.example.net/'
assert service['provisionning-url'] == 'https://tenant1.example.net/__provision__/'
assert service['saml-sp-metadata-url'] == 'https://tenant1.example.net/accounts/mellon/metadata/'
assert service['secret_key'] == '7e5e1778ee87fbbcfc9f10f0978bdd9e1b74d300'
assert 'id' in service
assert service['secondary'] is True
assert service['template_name'] == ''
@ -86,9 +86,9 @@ def assert_hobo2_service_in_hobo1(hobo_json):
assert service['title'] == 'Coll2'
assert 'backoffice-menu-url' not in service
assert 'base-url' not in service
assert service['base_url'] == 'http://hobo2.example.net/'
assert service['provisionning-url'] == 'http://hobo2.example.net/__provision__/'
assert service['saml-sp-metadata-url'] == 'http://hobo2.example.net/accounts/mellon/metadata/'
assert service['base_url'] == 'https://hobo2.example.net/'
assert service['provisionning-url'] == 'https://hobo2.example.net/__provision__/'
assert service['saml-sp-metadata-url'] == 'https://hobo2.example.net/accounts/mellon/metadata/'
assert service['secondary'] is False
assert service['template_name'] == ''
assert service['variables'] == {}
@ -120,9 +120,9 @@ def assert_hobo2_service_in_hobo3(hobo_json):
assert service['title'] == 'Coll2'
assert 'backoffice-menu-url' not in service
assert 'base-url' not in service
assert service['base_url'] == 'http://hobo2.example.net/'
assert service['provisionning-url'] == 'http://hobo2.example.net/__provision__/'
assert service['saml-sp-metadata-url'] == 'http://hobo2.example.net/accounts/mellon/metadata/'
assert service['base_url'] == 'https://hobo2.example.net/'
assert service['provisionning-url'] == 'https://hobo2.example.net/__provision__/'
assert service['saml-sp-metadata-url'] == 'https://hobo2.example.net/accounts/mellon/metadata/'
assert service['secondary'] is True
assert service['template_name'] == ''
assert service['variables'] == {}
@ -139,9 +139,9 @@ def assert_hobo3_service_in_hobo1(hobo_json):
assert service['title'] == 'Coll3'
assert 'backoffice-menu-url' not in service
assert 'base-url' not in service
assert service['base_url'] == 'http://hobo3.example.net/'
assert service['provisionning-url'] == 'http://hobo3.example.net/__provision__/'
assert service['saml-sp-metadata-url'] == 'http://hobo3.example.net/accounts/mellon/metadata/'
assert service['base_url'] == 'https://hobo3.example.net/'
assert service['provisionning-url'] == 'https://hobo3.example.net/__provision__/'
assert service['saml-sp-metadata-url'] == 'https://hobo3.example.net/accounts/mellon/metadata/'
assert service['secondary'] is False
assert service['template_name'] == ''
assert service['variables'] == {}
@ -158,9 +158,9 @@ def assert_hobo3_service_in_hobo2(hobo_json):
assert service['title'] == 'Coll3'
assert 'backoffice-menu-url' not in service
assert 'base-url' not in service
assert service['base_url'] == 'http://hobo3.example.net/'
assert service['provisionning-url'] == 'http://hobo3.example.net/__provision__/'
assert service['saml-sp-metadata-url'] == 'http://hobo3.example.net/accounts/mellon/metadata/'
assert service['base_url'] == 'https://hobo3.example.net/'
assert service['provisionning-url'] == 'https://hobo3.example.net/__provision__/'
assert service['saml-sp-metadata-url'] == 'https://hobo3.example.net/accounts/mellon/metadata/'
assert service['secondary'] is True
assert service['template_name'] == ''
assert service['variables'] == {}
@ -187,20 +187,20 @@ def assert_hobo3_service_in_hobo3(hobo_json):
def test_multipublik(tenants, mocker):
hobo1 = tenants[0]
hobo1.base_url = 'http://tenant1.example.net/'
hobo1.base_url = 'https://tenant1.example.net/'
with tenant_context(hobo1):
hobo_json = get_hobo_json()
assert count_hobo_services(hobo_json) == 1
assert_hobo1_service_in_hobo1(hobo_json)
hobo2 = Hobo(title='Coll2', slug='hobo-coll2', base_url='http://hobo2.example.net')
hobo2 = Hobo(title='Coll2', slug='hobo-coll2', base_url='https://hobo2.example.net')
hobo2.save()
hobo_json = get_hobo_json()
assert count_hobo_services(hobo_json) == 2
assert_hobo1_service_in_hobo1(hobo_json)
assert_hobo2_service_in_hobo1(hobo_json)
hobo3 = Hobo(title='Coll3', slug='hobo-coll3', base_url='http://hobo3.example.net')
hobo3 = Hobo(title='Coll3', slug='hobo-coll3', base_url='https://hobo3.example.net')
hobo3.save()
hobo_json = get_hobo_json()
assert count_hobo_services(hobo_json) == 3
@ -208,7 +208,7 @@ def test_multipublik(tenants, mocker):
assert_hobo2_service_in_hobo1(hobo_json)
assert_hobo3_service_in_hobo1(hobo_json)
combo = Combo(title='Portail', slug='portal', base_url='http://combo1.example.net')
combo = Combo(title='Portail', slug='portal', base_url='https://combo1.example.net')
combo.save()
assert count_hobo_services(hobo_json) == 3
assert_hobo1_service_in_hobo1(hobo_json)
@ -230,20 +230,20 @@ def test_multipublik(tenants, mocker):
assert Combo.objects.count() == 1
combo = Combo.objects.first()
assert combo.slug == '_interco_portal'
assert combo.base_url == 'http://combo1.example.net/'
assert combo.base_url == 'https://combo1.example.net/'
assert combo.secondary is True
assert Hobo.objects.count() == 3
# interco hobo
hobo = Hobo.objects.get(slug='_interco_hobo')
assert hobo.title == 'Hobo'
assert hobo.base_url == 'http://tenant1.example.net/'
assert hobo.base_url == 'https://tenant1.example.net/'
assert hobo.secondary is True
# coll3 Hobo
hobo = Hobo.objects.get(slug='_interco_hobo-coll3')
assert hobo.title == 'Coll3'
assert hobo.base_url == 'http://hobo3.example.net/'
assert hobo.base_url == 'https://hobo3.example.net/'
assert hobo.secondary is True
# notify_agents will be called for secondary services: as celery
@ -251,9 +251,9 @@ def test_multipublik(tenants, mocker):
mocker.patch('hobo.agent.hobo.management.commands.hobo_deploy.notify_agents')
hobo2 = TenantMiddleware.get_tenant_by_hostname('hobo2.example.net')
hobo2.base_url = 'http://hobo2.example.net/'
hobo2.base_url = 'https://hobo2.example.net/'
with tenant_context(hobo2):
combo = Combo(title='Portail', slug='portal', base_url='http://combo2.example.net')
combo = Combo(title='Portail', slug='portal', base_url='https://combo2.example.net')
combo.save()
# inform interco about coll2 environment
@ -267,7 +267,7 @@ def test_multipublik(tenants, mocker):
combo = Combo.objects.get(secondary=True)
assert combo.slug == '_hobo-coll2_portal'
assert combo.title == 'Portail'
assert combo.base_url == 'http://combo2.example.net/'
assert combo.base_url == 'https://combo2.example.net/'
# interco environment has changed (secondary Combo coming from coll2)
# inform coll2 about interco environment and check that nothing changes
@ -287,7 +287,7 @@ def test_multipublik(tenants, mocker):
# inform coll3 about interco environment
HoboDeployCommand().handle(hobo3.base_url, get_hobo_json_filename(hobo1))
hobo3 = TenantMiddleware.get_tenant_by_hostname('hobo3.example.net')
hobo3.base_url = 'http://hobo3.example.net/'
hobo3.base_url = 'https://hobo3.example.net/'
with tenant_context(hobo3):
hobo_json = get_hobo_json()
assert count_hobo_services(hobo_json) == 3
@ -299,24 +299,24 @@ def test_multipublik(tenants, mocker):
assert Combo.objects.count() == 1
combo = Combo.objects.first()
assert combo.slug == '_interco_portal'
assert combo.base_url == 'http://combo1.example.net/'
assert combo.base_url == 'https://combo1.example.net/'
assert combo.secondary is True
assert Hobo.objects.count() == 3
# interco hobo
hobo = Hobo.objects.get(slug='_interco_hobo')
assert hobo.title == 'Hobo'
assert hobo.base_url == 'http://tenant1.example.net/'
assert hobo.base_url == 'https://tenant1.example.net/'
assert hobo.secondary is True
# coll2 Hobo
hobo = Hobo.objects.get(slug='_interco_hobo-coll2')
assert hobo.title == 'Coll2'
assert hobo.base_url == 'http://hobo2.example.net/'
assert hobo.base_url == 'https://hobo2.example.net/'
assert hobo.secondary is True
# Add a portal in coll3
combo = Combo(title='Portail', slug='portal', base_url='http://combo3.example.net')
combo = Combo(title='Portail', slug='portal', base_url='https://combo3.example.net')
combo.save()
# inform interco about coll3 environment
@ -328,7 +328,7 @@ def test_multipublik(tenants, mocker):
# coll3 Combo
combo = Combo.objects.get(slug='_hobo-coll3_portal')
assert combo.title == 'Portail'
assert combo.base_url == 'http://combo3.example.net/'
assert combo.base_url == 'https://combo3.example.net/'
assert combo.secondary is True
# inform coll2 about interco environment

6
tests_multitenant/conftest.py
View File

@ -14,8 +14,6 @@ def make_tenant(tmp_path, transactional_db, settings, request):
def make_tenant(name):
tenant_dir = base / name
tenant_dir.mkdir()
with (tenant_dir / 'unsecure').open(mode='w') as fd:
fd.write('1')
with (tenant_dir / 'settings.json').open(mode='w') as fd:
json.dump(
{
@ -46,8 +44,8 @@ def make_tenant(tmp_path, transactional_db, settings, request):
'service-id': 'welco',
'this': True,
'secret_key': '12345',
'base_url': 'http://%s' % name,
'saml-sp-metadata-url': 'http://%s/saml/metadata' % name,
'base_url': 'https://%s' % name,
'saml-sp-metadata-url': 'https://%s/saml/metadata' % name,
'variables': {
'other_variable': 'bar',
'SETTING_OVERRIDE1': True,