This repo contains the code for the Registration Application (regapp). The application manages the process of adding users to the NERC keycloak instance when registering for NERC services.
regapp's Introduction
regapp's People
regapp's Issues
CILogon Remember Me Checkbox not working
Checkbox that tells cilogon to redirect users to their preferred IdP automatically does not work.
keepidp cookie should get set and does not
TEST
logon to cilogon directly, watch cookie get set correctly in .cilogon.org realm
logon to portal.mghpcc.org cookie does not get set
Suspect dropping POST content in some redirect or multiple posts where set in first but lost in subsequent (i.e. gets set on first pass then unset on second).
Enable Yale University access for CILogon
Hi Jim,
We've had our first PI request from Yale University and would like them enabled for NERC access.
You provided guidance (screenshot on attributes) on ticket 40 which I can pass on to Yale as well. Will add the info to this ticket when we receive it.
Thanks!
Wayne
User registration link for already registered user is not handled properly
This direct server to 500 error
with following debug trace:
KjG5-JxR8af3yBtHD72aFCqKEzEN79uggorYlyQ'}
2022-08-04 12:12:58,014 django.request ERROR Internal Server Error: /registration/
Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/asgiref/sync.py", line 472, in thread_handler
raise exc_info[1]
File "/usr/local/lib/python3.9/site-packages/django/core/handlers/exception.py", line 38, in inner
response = await get_response(request)
File "/usr/local/lib/python3.9/site-packages/django/core/handlers/base.py", line 233, in _get_response_async
response = await wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/local/lib/python3.9/site-packages/asgiref/sync.py", line 435, in __call__
ret = await asyncio.wait_for(future, timeout=None)
File "/usr/local/lib/python3.9/asyncio/tasks.py", line 442, in wait_for
return await fut
File "/usr/local/lib/python3.9/site-packages/asgiref/current_thread_executor.py", line 22, in run
result = self.fn(*self.args, **self.kwargs)
File "/usr/local/lib/python3.9/site-packages/asgiref/sync.py", line 476, in thread_handler
return func(*args, **kwargs)
File "/usr/local/lib/python3.9/site-packages/django/views/decorators/cache.py", line 44, in _wrapped_view_func
response = view_func(request, *args, **kwargs)
File "/code/regapp/apps/regapp/views/registration.py", line 89, in registration
existing_mss_account_info = mss_userinfo_result[0]
KeyError: 0
This should be handled with using this function: https://github.com/nerc-project/regapp/blob/main/apps/regapp/views/registration.py#L101-L108
Disable the username change while registering user account.
- This is creating conflict during batch users upload.
- We can set username default to what OIDC meta data fetch for email address.
Ts&Cs management command exception handling
The command currently fails if users are missing email (will also fail if first, last, username or accepted version are somehow missing).
Defensive code needed here.
Ts&Cs management command disabled users
Management command should ignore disabled users
Research domain not being saved properly
Create account or update and set research domain to "physical sciences"
Go back to manage account and domain is set to "other"
Keycloak deprecation of redirect_uri
Logout is broken because the newest version of keycloak deprecates the redirect_uri parameter.
Need to implement the fancier new oidc spec compliant redirection.
AccountAction constraint violation
Default value for fields in AccountAction model combined with unique constraint means that violations occur if more than one AccountAction is ever in-flight.
Enable University of Toronto acces for CILogon
We are currently collaborating with researchers from BU, Red Hat, and the University of Toronto. Since the feature described in #38 is not yet active, could we enable the University of Toronto.
add github action to run kustomize on all kubernetes manifests
This will verify that kustomize build succeeds before accepting pull requests.
EULA Acceptance status not showing correctly on profile page
After accepting the EULA and revisiting the https://regapp.mss.mghpcc.org/profile/ page, the checkbox appears unchecked. Acceptance status is not being passed correctly to rendering template.
Support full CILogon List
Requires implementing allowlist to support domain filtering on non-institutional (e.g. Microsoft, GitHub) logons.
- when logging in the dropdown list will grow very large
- cookies will auto-select the last dropdown item used
- Extra users filling up our db
- this we do not need to solve yet but eventually we will need to make sure we are cleaning out users based on never logged in or not logged in in a specific time frame
- we will want to update our rules for culling users yearly
- We want to filter who can access Google and Microsoft dropdown because some institutions have both and we want them to be forced to use whichever the IdP is setup with
- This will be resolved in a different issue (to be linked once it is created)
This is blocked by getting the Allow-list setup for Google & Microsoft CILogon users.
Need development keycloak to implement development regapp environment
Github API rate limitting prevents Markdown to HTML conversion in production environment
This was addressed by running markdown conversion locally.
Fix was done to allow maintenance window to close.
Need to add exception handling and logging
Validate VACUUM Is running on database
IIIRC, this normally runs by default (autovacuum option in postgres).
Check to make sure that autovacuum is enabled and does what we expect.
Otherwise setup cron to run a container to periodically vacuum (used to be a crunchy container that did this but that does not seem to be a thing anymore).
Transition from update to manage does not show update
Enable Yale University access for CILogon
Motivation
We are currently collaborating with researchers from Yale University. Since the feature described in #38 is not yet active, could we enable Yale University?
Completion Criteria
Yale University users are able to log in.
Description
- @Milstein Please have a user from Yale visit https://cilogon.org/ and login (presumably using the IdP which they intend to use for NERC). Have them open the accordions labeled "User Attributes" and "Identity Provider Attributes" and take a screenshot of the information presented there and send that along to us.
- @culbert add the info from there to our allowed list.
Completion dates
Desired - 2023-12-08
Required - TBD
HTTP_FORWARDED_FOR header behavior in Django
The HTTP_REAL_IP header is not available in openshift (likely a difference between microk8s and openshift ingress implementation). We have substituted the FORWARDED_FOR header and anticipated seeing the list of intervening RPs (shown when you just dump request.META). When we fetch with get, we only get the first one. This happens to be the one we want but it's not clear a) why this happens and b) whether it will always work (i.e. will it always pick first and will first always be the one we want).
Need to investigate this behavior in openshift/django context and make sure that we always get the correct behavior (i.e. we record the users originating IP in some form, either alone or in a list containing the full proxy chain)
Enable Dartmouth University access for CILogon
Motivation
We are currently collaborating with researchers from Dartmouth University. Since the feature described in #38 is not yet active, could we enable Dartmouth University?
Completion Criteria
Yale University users are able to log in.
Description
Completion dates
Desired - 2023-12-08
Required - TBD
Enable RSpace access for CILogon
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.