GithubHelp home page GithubHelp logo

grnet / access-ca-portal Goto Github PK

View Code? Open in Web Editor NEW
0.0 0.0 6.0 335 KB

Ruby on Rails application to support the users' authenticated registration and x509 personal and hosts' certificate issuance

License: GNU General Public License v3.0

Ruby 72.70% JavaScript 0.53% CoffeeScript 1.52% CSS 2.71% HTML 22.54%

access-ca-portal's People

Contributors

arossiko avatar kkoumantaros avatar nicolasliampotis avatar stevelaskaridis avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

stevelaskaridis nicolasliampotis arossiko kevangel79

access-ca-portal's Issues

Add user registration form

Provide users with a form in order to register the following information:

  1. Mandatory: (organisation-asserted via RA or IdP)
    • First/Last Name both in Latin and their native language
    • E-mail address (verify via e-mail if not provided by IdP)
    • Organization (offer drop-down menu with predefined values)
  2. Mandatory: (user-asserted)
    • Work telephone (validate - rules TBD)
    • Scientific Field (offer drop-down menu with predefined values)
    • Property (offer drop-down menu with predefined values)
  3. Optional: (user-asserted)
    • Department
    • Additional E-mail address(es) (verify via e-mail)

See also #13

i18n

Enable easy localisation for the portal with initial support for Greek and English.

Localisable elements should be separated from the source code so that localised alternatives can be loaded or selected based on the user's preferences as needed. Localisable elements include:

  • Any web page content
  • Any kind of messages (Notification, Warning, Errors etc)
  • E-mail notifications
  • Registration Forms

Verify new user account

"Access" should verify user-asserted e-mail addresses (i.e. any e-mail address not provided by the user's IdP).

To verify their newly added e-mail address, a user will have to click the link sent in the verification email after registering their information. The user should be able to get the original activation link through a new mail if needed.

The verification link should expire after 7 days, while the non-verified e-mail address should be removed from the user database.

Federated access through eduGAIN

Allow users to login using their institutional accounts and have their basic information populated automatically through the attributes received by their IdPs. The following will be required:

Optional locale in Rails 4.2

Description

There seems to be a bug where Rails recognizes following URL params as locale params and fails to route.
For the time being, I am keeping it as compulsory to have a locale specified in the URL (except for the root URL)

External Link

CI for devel branch

When changes are pushed to the devel branch, Jenkins CI will:

  • Checkout the devel branch
  • Execute unit tests
  • Deploy app to test VM
  • Report status to GitHub

“Access” should request specific user attributes from the IdPs

The attributes required by “Access” and their mappings should be configurable. Two attribute categories:

  1. Mandatory SAML Attributes
  2. Optional SAML Attributes

All SAML attributes should be mapped to the internal “Access” attributes of the user.
For users that we receive all the Mandatory SAML Attributes from their institutional IdP, we will bypass the RA approval process as their information is already validated by their institution. If some or all of the Optional SAML Attributes are missing, then the user will be presented with a form to fill-out. Still not RA validation will be necessary.

If some or all the Mandatory SAML Attributes that we require are not available then the user will need to register their details using the manual process. In the registration form we should prefill all the information that we might know from the received attributes. In this case the request will have to be approved by an RA.

Role-based authorisation

Support one or more roles per user to control access to restricted areas of the portal.

Role assignments should be configurable without code modifications. Example roles include:

  • anonymous
  • registered
  • RA admin
  • CA admin
  • support

Segmentation fault when using therubyracer

Description

When using therubyracer and libv8 as JSExec engine, the web application throws segmentation fault.
Even after changing the versions to '0.12.2' and '3.16.14.7', the problem persists. (see here and here).

Proposed fix

  • Change the execution engine to nodejs and after therubyracer v.1.0.0 we could change it back if fixed.
    • this is actually reverting commit b704652

Notify upon CSR submission

"Access" should sent mail notifications with submitted CSR to:

  • CA & user if personal information confirmed by RA
  • RA & user if personal information not confirmed

Application is not runnning as access user?

Description

The owner of the application - the user who runs the access web application under apache - is supposed to be defined by the {{ application_user }} ansible variable. Does it with the current config?

devel branch build fails upon bundle install 

Installing pg 0.18.3 with native extensions

Gem::Ext::BuildError: ERROR: Failed to build gem native extension.

    /usr/local/rvm/rubies/ruby-2.2.3/bin/ruby -r ./siteconf20151106-1-e610ci.rb extconf.rb
checking for pg_config... no
No pg_config... trying anyway. If building fails, please try again with
 --with-pg-config=/path/to/pg_config
checking for libpq-fe.h... no
Can't find the 'libpq-fe.h header
*** extconf.rb failed ***

Full build log: https://jenkins.admin.grnet.gr/view/access-ca-portal/job/access-ca-portal_devel/1/console

SQLite3::ReadOnlyException: attempt to write a readonly database

When I add a new person through the people page I get the following exception:

SQLite3::ReadOnlyException: attempt to write a readonly database: INSERT INTO "people" ("first_name_latin", "last_name_latin", "email", "position_id", "scientific_field_id", "organization_id", "phone_number", "created_at", "updated_at", "verification_token") VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)

Full trace follows:

sqlite3 (1.3.11) lib/sqlite3/statement.rb:108:in `step'
sqlite3 (1.3.11) lib/sqlite3/statement.rb:108:in `block in each'
sqlite3 (1.3.11) lib/sqlite3/statement.rb:107:in `loop'
sqlite3 (1.3.11) lib/sqlite3/statement.rb:107:in `each'
activerecord (4.2.4) lib/active_record/connection_adapters/sqlite3_adapter.rb:314:in `to_a'
activerecord (4.2.4) lib/active_record/connection_adapters/sqlite3_adapter.rb:314:in `block in exec_query'
activerecord (4.2.4) lib/active_record/connection_adapters/abstract_adapter.rb:473:in `block in log'
activesupport (4.2.4) lib/active_support/notifications/instrumenter.rb:20:in `instrument'
activerecord (4.2.4) lib/active_record/connection_adapters/abstract_adapter.rb:467:in `log'
activerecord (4.2.4) lib/active_record/connection_adapters/sqlite3_adapter.rb:293:in `exec_query'
activerecord (4.2.4) lib/active_record/connection_adapters/abstract/database_statements.rb:76:in `exec_insert'
activerecord (4.2.4) lib/active_record/connection_adapters/abstract/database_statements.rb:108:in `insert'
activerecord (4.2.4) lib/active_record/connection_adapters/abstract/query_cache.rb:14:in `insert'
activerecord (4.2.4) lib/active_record/relation.rb:64:in `insert'
globalize (5.0.1) lib/patches/active_record/persistence.rb:19:in `_create_record'
activerecord (4.2.4) lib/active_record/counter_cache.rb:139:in `_create_record'
activerecord (4.2.4) lib/active_record/locking/optimistic.rb:75:in `_create_record'
activerecord (4.2.4) lib/active_record/attribute_methods/dirty.rb:132:in `_create_record'
activerecord (4.2.4) lib/active_record/callbacks.rb:306:in `block in _create_record'
activesupport (4.2.4) lib/active_support/callbacks.rb:117:in `call'
activesupport (4.2.4) lib/active_support/callbacks.rb:117:in `call'
activesupport (4.2.4) lib/active_support/callbacks.rb:555:in `block (2 levels) in compile'
activesupport (4.2.4) lib/active_support/callbacks.rb:505:in `call'
activesupport (4.2.4) lib/active_support/callbacks.rb:505:in `call'
activesupport (4.2.4) lib/active_support/callbacks.rb:92:in `__run_callbacks__'
activesupport (4.2.4) lib/active_support/callbacks.rb:778:in `_run_create_callbacks'
activerecord (4.2.4) lib/active_record/callbacks.rb:306:in `_create_record'
activerecord (4.2.4) lib/active_record/timestamp.rb:57:in `_create_record'
activerecord (4.2.4) lib/active_record/persistence.rb:504:in `create_or_update'
activerecord (4.2.4) lib/active_record/callbacks.rb:302:in `block in create_or_update'
activesupport (4.2.4) lib/active_support/callbacks.rb:117:in `call'
activesupport (4.2.4) lib/active_support/callbacks.rb:117:in `call'
activesupport (4.2.4) lib/active_support/callbacks.rb:555:in `block (2 levels) in compile'
activesupport (4.2.4) lib/active_support/callbacks.rb:505:in `call'
activesupport (4.2.4) lib/active_support/callbacks.rb:505:in `call'
activesupport (4.2.4) lib/active_support/callbacks.rb:92:in `__run_callbacks__'
activesupport (4.2.4) lib/active_support/callbacks.rb:778:in `_run_save_callbacks'
activerecord (4.2.4) lib/active_record/callbacks.rb:302:in `create_or_update'
activerecord (4.2.4) lib/active_record/persistence.rb:120:in `save'
activerecord (4.2.4) lib/active_record/validations.rb:37:in `save'
activerecord (4.2.4) lib/active_record/attribute_methods/dirty.rb:21:in `save'
activerecord (4.2.4) lib/active_record/transactions.rb:286:in `block (2 levels) in save'
activerecord (4.2.4) lib/active_record/transactions.rb:351:in `block in with_transaction_returning_status'
activerecord (4.2.4) lib/active_record/connection_adapters/abstract/database_statements.rb:213:in `block in transaction'
activerecord (4.2.4) lib/active_record/connection_adapters/abstract/transaction.rb:184:in `within_new_transaction'
activerecord (4.2.4) lib/active_record/connection_adapters/abstract/database_statements.rb:213:in `transaction'
activerecord (4.2.4) lib/active_record/transactions.rb:220:in `transaction'
activerecord (4.2.4) lib/active_record/transactions.rb:348:in `with_transaction_returning_status'
activerecord (4.2.4) lib/active_record/transactions.rb:286:in `block in save'
activerecord (4.2.4) lib/active_record/transactions.rb:301:in `rollback_active_record_state!'
activerecord (4.2.4) lib/active_record/transactions.rb:285:in `save'
globalize (5.0.1) lib/globalize/active_record/instance_methods.rb:152:in `block in save'
globalize (5.0.1) lib/globalize.rb:26:in `with_locale'
globalize (5.0.1) lib/globalize/active_record/instance_methods.rb:151:in `save'
app/controllers/people_controller.rb:36:in `block in create'
actionpack (4.2.4) lib/action_controller/metal/mime_responds.rb:212:in `respond_to'
app/controllers/people_controller.rb:35:in `create'
actionpack (4.2.4) lib/action_controller/metal/implicit_render.rb:4:in `send_action'
actionpack (4.2.4) lib/abstract_controller/base.rb:198:in `process_action'
actionpack (4.2.4) lib/action_controller/metal/rendering.rb:10:in `process_action'
actionpack (4.2.4) lib/abstract_controller/callbacks.rb:20:in `block in process_action'
activesupport (4.2.4) lib/active_support/callbacks.rb:117:in `call'
activesupport (4.2.4) lib/active_support/callbacks.rb:117:in `call'
activesupport (4.2.4) lib/active_support/callbacks.rb:555:in `block (2 levels) in compile'
activesupport (4.2.4) lib/active_support/callbacks.rb:505:in `call'
activesupport (4.2.4) lib/active_support/callbacks.rb:505:in `call'
activesupport (4.2.4) lib/active_support/callbacks.rb:92:in `__run_callbacks__'
activesupport (4.2.4) lib/active_support/callbacks.rb:778:in `_run_process_action_callbacks'
activesupport (4.2.4) lib/active_support/callbacks.rb:81:in `run_callbacks'
actionpack (4.2.4) lib/abstract_controller/callbacks.rb:19:in `process_action'
actionpack (4.2.4) lib/action_controller/metal/rescue.rb:29:in `process_action'
actionpack (4.2.4) lib/action_controller/metal/instrumentation.rb:32:in `block in process_action'
activesupport (4.2.4) lib/active_support/notifications.rb:164:in `block in instrument'
activesupport (4.2.4) lib/active_support/notifications/instrumenter.rb:20:in `instrument'
activesupport (4.2.4) lib/active_support/notifications.rb:164:in `instrument'
actionpack (4.2.4) lib/action_controller/metal/instrumentation.rb:30:in `process_action'
actionpack (4.2.4) lib/action_controller/metal/params_wrapper.rb:250:in `process_action'
activerecord (4.2.4) lib/active_record/railties/controller_runtime.rb:18:in `process_action'
actionpack (4.2.4) lib/abstract_controller/base.rb:137:in `process'
actionview (4.2.4) lib/action_view/rendering.rb:30:in `process'
actionpack (4.2.4) lib/action_controller/metal.rb:196:in `dispatch'
actionpack (4.2.4) lib/action_controller/metal/rack_delegation.rb:13:in `dispatch'
actionpack (4.2.4) lib/action_controller/metal.rb:237:in `block in action'
actionpack (4.2.4) lib/action_dispatch/routing/route_set.rb:76:in `call'
actionpack (4.2.4) lib/action_dispatch/routing/route_set.rb:76:in `dispatch'
actionpack (4.2.4) lib/action_dispatch/routing/route_set.rb:45:in `serve'
actionpack (4.2.4) lib/action_dispatch/journey/router.rb:43:in `block in serve'
actionpack (4.2.4) lib/action_dispatch/journey/router.rb:30:in `each'
actionpack (4.2.4) lib/action_dispatch/journey/router.rb:30:in `serve'
actionpack (4.2.4) lib/action_dispatch/routing/route_set.rb:821:in `call'
rack (1.6.4) lib/rack/etag.rb:24:in `call'
rack (1.6.4) lib/rack/conditionalget.rb:38:in `call'
rack (1.6.4) lib/rack/head.rb:13:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/params_parser.rb:27:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/flash.rb:260:in `call'
rack (1.6.4) lib/rack/session/abstract/id.rb:225:in `context'
rack (1.6.4) lib/rack/session/abstract/id.rb:220:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/cookies.rb:560:in `call'
activerecord (4.2.4) lib/active_record/query_cache.rb:36:in `call'
activerecord (4.2.4) lib/active_record/connection_adapters/abstract/connection_pool.rb:653:in `call'
activerecord (4.2.4) lib/active_record/migration.rb:377:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
activesupport (4.2.4) lib/active_support/callbacks.rb:88:in `__run_callbacks__'
activesupport (4.2.4) lib/active_support/callbacks.rb:778:in `_run_call_callbacks'
activesupport (4.2.4) lib/active_support/callbacks.rb:81:in `run_callbacks'
actionpack (4.2.4) lib/action_dispatch/middleware/callbacks.rb:27:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/reloader.rb:73:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/remote_ip.rb:78:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call'
web-console (2.2.1) lib/web_console/middleware.rb:31:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
railties (4.2.4) lib/rails/rack/logger.rb:38:in `call_app'
railties (4.2.4) lib/rails/rack/logger.rb:20:in `block in call'
activesupport (4.2.4) lib/active_support/tagged_logging.rb:68:in `block in tagged'
activesupport (4.2.4) lib/active_support/tagged_logging.rb:26:in `tagged'
activesupport (4.2.4) lib/active_support/tagged_logging.rb:68:in `tagged'
railties (4.2.4) lib/rails/rack/logger.rb:20:in `call'
request_store (1.2.0) lib/request_store/middleware.rb:8:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/request_id.rb:21:in `call'
rack (1.6.4) lib/rack/methodoverride.rb:22:in `call'
rack (1.6.4) lib/rack/runtime.rb:18:in `call'
activesupport (4.2.4) lib/active_support/cache/strategy/local_cache_middleware.rb:28:in `call'
rack (1.6.4) lib/rack/lock.rb:17:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/static.rb:116:in `call'
rack (1.6.4) lib/rack/sendfile.rb:113:in `call'
railties (4.2.4) lib/rails/engine.rb:518:in `call'
railties (4.2.4) lib/rails/application.rb:165:in `call'
passenger (5.0.21) src/ruby_supportlib/phusion_passenger/rack/thread_handler_extension.rb:97:in `process_request'
passenger (5.0.21) src/ruby_supportlib/phusion_passenger/request_handler/thread_handler.rb:160:in `accept_and_process_next_request'
passenger (5.0.21) src/ruby_supportlib/phusion_passenger/request_handler/thread_handler.rb:113:in `main_loop'
passenger (5.0.21) src/ruby_supportlib/phusion_passenger/request_handler.rb:416:in `block (3 levels) in start_threads'
passenger (5.0.21) src/ruby_supportlib/phusion_passenger/utils.rb:113:in `block in create_thread_and_abort_on_exception'

I suggest that the db directory is owned by the application_user user and that db-related ansible tasks are run by application_user too.

CI for pull requests

For every pull request that is opened, Jenkins CI will:

  • Checkout pull request
  • Execute unit tests
  • Report status to GitHub

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.