grnet / access-ca-portal Goto Github PK
View Code? Open in Web Editor NEWRuby on Rails application to support the users' authenticated registration and x509 personal and hosts' certificate issuance
License: GNU General Public License v3.0
Ruby on Rails application to support the users' authenticated registration and x509 personal and hosts' certificate issuance
License: GNU General Public License v3.0
Provide users with a form in order to register the following information:
See also #13
Add Debian support to Ansible Playbook
Use.gitignore
template from GitHub and adjust accordingly.
Enable easy localisation for the portal with initial support for Greek and English.
Localisable elements should be separated from the source code so that localised alternatives can be loaded or selected based on the user's preferences as needed. Localisable elements include:
"Access" should verify user-asserted e-mail addresses (i.e. any e-mail address not provided by the user's IdP).
To verify their newly added e-mail address, a user will have to click the link sent in the verification email after registering their information. The user should be able to get the original activation link through a new mail if needed.
The verification link should expire after 7 days, while the non-verified e-mail address should be removed from the user database.
There seems to be a bug where Rails recognizes following URL params as locale params and fails to route.
For the time being, I am keeping it as compulsory to have a locale specified in the URL (except for the root URL)
RA operators should be able to either accept (after verifying they have checked CSR owner ID) or reject pending requests.
CA operators should be able to manage list of RAs.
RA information includes:
Support sending emails asynchronously through job queue system
When changes are pushed to the devel branch, Jenkins CI will:
The attributes required by “Access” and their mappings should be configurable. Two attribute categories:
All SAML attributes should be mapped to the internal “Access” attributes of the user.
For users that we receive all the Mandatory SAML Attributes from their institutional IdP, we will bypass the RA approval process as their information is already validated by their institution. If some or all of the Optional SAML Attributes are missing, then the user will be presented with a form to fill-out. Still not RA validation will be necessary.
If some or all the Mandatory SAML Attributes that we require are not available then the user will need to register their details using the manual process. In the registration form we should prefill all the information that we might know from the received attributes. In this case the request will have to be approved by an RA.
Support one or more roles per user to control access to restricted areas of the portal.
Role assignments should be configurable without code modifications. Example roles include:
Setup development environment on ~okeanos with the following resources:
RA managers should be able to manage RA operator list, i.e. add/remove RA operators
"Access" should sent mail notifications with submitted CSR to:
Add CentOS support to Ansible Playbook
The owner of the application - the user who runs the access web application under apache - is supposed to be defined by the {{ application_user }}
ansible variable. Does it with the current config?
Users should be given a 7-day period to accept the terms of use of their certificate, otherwise "Access" should automatically revoke it.
Statuses:
Installing pg 0.18.3 with native extensions
Gem::Ext::BuildError: ERROR: Failed to build gem native extension.
/usr/local/rvm/rubies/ruby-2.2.3/bin/ruby -r ./siteconf20151106-1-e610ci.rb extconf.rb
checking for pg_config... no
No pg_config... trying anyway. If building fails, please try again with
--with-pg-config=/path/to/pg_config
checking for libpq-fe.h... no
Can't find the 'libpq-fe.h header
*** extconf.rb failed ***
Full build log: https://jenkins.admin.grnet.gr/view/access-ca-portal/job/access-ca-portal_devel/1/console
If rake tests fail, access coverage
directories are not chowned from root to Jenkins user. So next time the Jenkins job gets executed, it fails because it cannot remove the directories owned by root.
Tests for the following models:
When I add a new person through the people
page I get the following exception:
SQLite3::ReadOnlyException: attempt to write a readonly database: INSERT INTO "people" ("first_name_latin", "last_name_latin", "email", "position_id", "scientific_field_id", "organization_id", "phone_number", "created_at", "updated_at", "verification_token") VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
Full trace follows:
sqlite3 (1.3.11) lib/sqlite3/statement.rb:108:in `step'
sqlite3 (1.3.11) lib/sqlite3/statement.rb:108:in `block in each'
sqlite3 (1.3.11) lib/sqlite3/statement.rb:107:in `loop'
sqlite3 (1.3.11) lib/sqlite3/statement.rb:107:in `each'
activerecord (4.2.4) lib/active_record/connection_adapters/sqlite3_adapter.rb:314:in `to_a'
activerecord (4.2.4) lib/active_record/connection_adapters/sqlite3_adapter.rb:314:in `block in exec_query'
activerecord (4.2.4) lib/active_record/connection_adapters/abstract_adapter.rb:473:in `block in log'
activesupport (4.2.4) lib/active_support/notifications/instrumenter.rb:20:in `instrument'
activerecord (4.2.4) lib/active_record/connection_adapters/abstract_adapter.rb:467:in `log'
activerecord (4.2.4) lib/active_record/connection_adapters/sqlite3_adapter.rb:293:in `exec_query'
activerecord (4.2.4) lib/active_record/connection_adapters/abstract/database_statements.rb:76:in `exec_insert'
activerecord (4.2.4) lib/active_record/connection_adapters/abstract/database_statements.rb:108:in `insert'
activerecord (4.2.4) lib/active_record/connection_adapters/abstract/query_cache.rb:14:in `insert'
activerecord (4.2.4) lib/active_record/relation.rb:64:in `insert'
globalize (5.0.1) lib/patches/active_record/persistence.rb:19:in `_create_record'
activerecord (4.2.4) lib/active_record/counter_cache.rb:139:in `_create_record'
activerecord (4.2.4) lib/active_record/locking/optimistic.rb:75:in `_create_record'
activerecord (4.2.4) lib/active_record/attribute_methods/dirty.rb:132:in `_create_record'
activerecord (4.2.4) lib/active_record/callbacks.rb:306:in `block in _create_record'
activesupport (4.2.4) lib/active_support/callbacks.rb:117:in `call'
activesupport (4.2.4) lib/active_support/callbacks.rb:117:in `call'
activesupport (4.2.4) lib/active_support/callbacks.rb:555:in `block (2 levels) in compile'
activesupport (4.2.4) lib/active_support/callbacks.rb:505:in `call'
activesupport (4.2.4) lib/active_support/callbacks.rb:505:in `call'
activesupport (4.2.4) lib/active_support/callbacks.rb:92:in `__run_callbacks__'
activesupport (4.2.4) lib/active_support/callbacks.rb:778:in `_run_create_callbacks'
activerecord (4.2.4) lib/active_record/callbacks.rb:306:in `_create_record'
activerecord (4.2.4) lib/active_record/timestamp.rb:57:in `_create_record'
activerecord (4.2.4) lib/active_record/persistence.rb:504:in `create_or_update'
activerecord (4.2.4) lib/active_record/callbacks.rb:302:in `block in create_or_update'
activesupport (4.2.4) lib/active_support/callbacks.rb:117:in `call'
activesupport (4.2.4) lib/active_support/callbacks.rb:117:in `call'
activesupport (4.2.4) lib/active_support/callbacks.rb:555:in `block (2 levels) in compile'
activesupport (4.2.4) lib/active_support/callbacks.rb:505:in `call'
activesupport (4.2.4) lib/active_support/callbacks.rb:505:in `call'
activesupport (4.2.4) lib/active_support/callbacks.rb:92:in `__run_callbacks__'
activesupport (4.2.4) lib/active_support/callbacks.rb:778:in `_run_save_callbacks'
activerecord (4.2.4) lib/active_record/callbacks.rb:302:in `create_or_update'
activerecord (4.2.4) lib/active_record/persistence.rb:120:in `save'
activerecord (4.2.4) lib/active_record/validations.rb:37:in `save'
activerecord (4.2.4) lib/active_record/attribute_methods/dirty.rb:21:in `save'
activerecord (4.2.4) lib/active_record/transactions.rb:286:in `block (2 levels) in save'
activerecord (4.2.4) lib/active_record/transactions.rb:351:in `block in with_transaction_returning_status'
activerecord (4.2.4) lib/active_record/connection_adapters/abstract/database_statements.rb:213:in `block in transaction'
activerecord (4.2.4) lib/active_record/connection_adapters/abstract/transaction.rb:184:in `within_new_transaction'
activerecord (4.2.4) lib/active_record/connection_adapters/abstract/database_statements.rb:213:in `transaction'
activerecord (4.2.4) lib/active_record/transactions.rb:220:in `transaction'
activerecord (4.2.4) lib/active_record/transactions.rb:348:in `with_transaction_returning_status'
activerecord (4.2.4) lib/active_record/transactions.rb:286:in `block in save'
activerecord (4.2.4) lib/active_record/transactions.rb:301:in `rollback_active_record_state!'
activerecord (4.2.4) lib/active_record/transactions.rb:285:in `save'
globalize (5.0.1) lib/globalize/active_record/instance_methods.rb:152:in `block in save'
globalize (5.0.1) lib/globalize.rb:26:in `with_locale'
globalize (5.0.1) lib/globalize/active_record/instance_methods.rb:151:in `save'
app/controllers/people_controller.rb:36:in `block in create'
actionpack (4.2.4) lib/action_controller/metal/mime_responds.rb:212:in `respond_to'
app/controllers/people_controller.rb:35:in `create'
actionpack (4.2.4) lib/action_controller/metal/implicit_render.rb:4:in `send_action'
actionpack (4.2.4) lib/abstract_controller/base.rb:198:in `process_action'
actionpack (4.2.4) lib/action_controller/metal/rendering.rb:10:in `process_action'
actionpack (4.2.4) lib/abstract_controller/callbacks.rb:20:in `block in process_action'
activesupport (4.2.4) lib/active_support/callbacks.rb:117:in `call'
activesupport (4.2.4) lib/active_support/callbacks.rb:117:in `call'
activesupport (4.2.4) lib/active_support/callbacks.rb:555:in `block (2 levels) in compile'
activesupport (4.2.4) lib/active_support/callbacks.rb:505:in `call'
activesupport (4.2.4) lib/active_support/callbacks.rb:505:in `call'
activesupport (4.2.4) lib/active_support/callbacks.rb:92:in `__run_callbacks__'
activesupport (4.2.4) lib/active_support/callbacks.rb:778:in `_run_process_action_callbacks'
activesupport (4.2.4) lib/active_support/callbacks.rb:81:in `run_callbacks'
actionpack (4.2.4) lib/abstract_controller/callbacks.rb:19:in `process_action'
actionpack (4.2.4) lib/action_controller/metal/rescue.rb:29:in `process_action'
actionpack (4.2.4) lib/action_controller/metal/instrumentation.rb:32:in `block in process_action'
activesupport (4.2.4) lib/active_support/notifications.rb:164:in `block in instrument'
activesupport (4.2.4) lib/active_support/notifications/instrumenter.rb:20:in `instrument'
activesupport (4.2.4) lib/active_support/notifications.rb:164:in `instrument'
actionpack (4.2.4) lib/action_controller/metal/instrumentation.rb:30:in `process_action'
actionpack (4.2.4) lib/action_controller/metal/params_wrapper.rb:250:in `process_action'
activerecord (4.2.4) lib/active_record/railties/controller_runtime.rb:18:in `process_action'
actionpack (4.2.4) lib/abstract_controller/base.rb:137:in `process'
actionview (4.2.4) lib/action_view/rendering.rb:30:in `process'
actionpack (4.2.4) lib/action_controller/metal.rb:196:in `dispatch'
actionpack (4.2.4) lib/action_controller/metal/rack_delegation.rb:13:in `dispatch'
actionpack (4.2.4) lib/action_controller/metal.rb:237:in `block in action'
actionpack (4.2.4) lib/action_dispatch/routing/route_set.rb:76:in `call'
actionpack (4.2.4) lib/action_dispatch/routing/route_set.rb:76:in `dispatch'
actionpack (4.2.4) lib/action_dispatch/routing/route_set.rb:45:in `serve'
actionpack (4.2.4) lib/action_dispatch/journey/router.rb:43:in `block in serve'
actionpack (4.2.4) lib/action_dispatch/journey/router.rb:30:in `each'
actionpack (4.2.4) lib/action_dispatch/journey/router.rb:30:in `serve'
actionpack (4.2.4) lib/action_dispatch/routing/route_set.rb:821:in `call'
rack (1.6.4) lib/rack/etag.rb:24:in `call'
rack (1.6.4) lib/rack/conditionalget.rb:38:in `call'
rack (1.6.4) lib/rack/head.rb:13:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/params_parser.rb:27:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/flash.rb:260:in `call'
rack (1.6.4) lib/rack/session/abstract/id.rb:225:in `context'
rack (1.6.4) lib/rack/session/abstract/id.rb:220:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/cookies.rb:560:in `call'
activerecord (4.2.4) lib/active_record/query_cache.rb:36:in `call'
activerecord (4.2.4) lib/active_record/connection_adapters/abstract/connection_pool.rb:653:in `call'
activerecord (4.2.4) lib/active_record/migration.rb:377:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
activesupport (4.2.4) lib/active_support/callbacks.rb:88:in `__run_callbacks__'
activesupport (4.2.4) lib/active_support/callbacks.rb:778:in `_run_call_callbacks'
activesupport (4.2.4) lib/active_support/callbacks.rb:81:in `run_callbacks'
actionpack (4.2.4) lib/action_dispatch/middleware/callbacks.rb:27:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/reloader.rb:73:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/remote_ip.rb:78:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call'
web-console (2.2.1) lib/web_console/middleware.rb:31:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
railties (4.2.4) lib/rails/rack/logger.rb:38:in `call_app'
railties (4.2.4) lib/rails/rack/logger.rb:20:in `block in call'
activesupport (4.2.4) lib/active_support/tagged_logging.rb:68:in `block in tagged'
activesupport (4.2.4) lib/active_support/tagged_logging.rb:26:in `tagged'
activesupport (4.2.4) lib/active_support/tagged_logging.rb:68:in `tagged'
railties (4.2.4) lib/rails/rack/logger.rb:20:in `call'
request_store (1.2.0) lib/request_store/middleware.rb:8:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/request_id.rb:21:in `call'
rack (1.6.4) lib/rack/methodoverride.rb:22:in `call'
rack (1.6.4) lib/rack/runtime.rb:18:in `call'
activesupport (4.2.4) lib/active_support/cache/strategy/local_cache_middleware.rb:28:in `call'
rack (1.6.4) lib/rack/lock.rb:17:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/static.rb:116:in `call'
rack (1.6.4) lib/rack/sendfile.rb:113:in `call'
railties (4.2.4) lib/rails/engine.rb:518:in `call'
railties (4.2.4) lib/rails/application.rb:165:in `call'
passenger (5.0.21) src/ruby_supportlib/phusion_passenger/rack/thread_handler_extension.rb:97:in `process_request'
passenger (5.0.21) src/ruby_supportlib/phusion_passenger/request_handler/thread_handler.rb:160:in `accept_and_process_next_request'
passenger (5.0.21) src/ruby_supportlib/phusion_passenger/request_handler/thread_handler.rb:113:in `main_loop'
passenger (5.0.21) src/ruby_supportlib/phusion_passenger/request_handler.rb:416:in `block (3 levels) in start_threads'
passenger (5.0.21) src/ruby_supportlib/phusion_passenger/utils.rb:113:in `block in create_thread_and_abort_on_exception'
I suggest that the db
directory is owned by the application_user
user and that db-related ansible tasks are run by application_user
too.
The application should be deployed on PostgreSQL rather than SQLite3 in production.
Testing should be also done with a PostgreSQL backend
We could add, later on, support for different database backends.
For every pull request that is opened, Jenkins CI will:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.