trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

helm: fully remove domain, add log_level

This commit is contained in:
Jens Langhammer 2020-05-20 12:16:56 +02:00
parent d1fd616b8d
commit e08c5ff875
5 changed files with 4 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
helm/templates/configmap.yaml
View File

@ -20,4 +20,4 @@ data:
cache_db: 0 cache_db: 0
message_queue_db: 1 message_queue_db: 1
error_reporting: {{ .Values.config.error_reporting }} error_reporting: {{ .Values.config.error_reporting }}
domain: ".{{ index .Values.ingress.hosts 0 }}" log_level: "{{ .Values.config.log_level }}"

5
helm/values.yaml
View File

@ -11,8 +11,9 @@ config:
# secret_key: _k*@6h2u2@q-dku57hhgzb7tnx*ba9wodcb^s9g0j59@=y(@_o # secret_key: _k*@6h2u2@q-dku57hhgzb7tnx*ba9wodcb^s9g0j59@=y(@_o
# Enable error reporting # Enable error reporting
error_reporting: false error_reporting: false
email: # Log level used by web and worker
host: localhost # Can be either debug, info, warning, error
log_level: warning
# This Helm chart ships with built-in Prometheus ServiceMonitors and Rules. # This Helm chart ships with built-in Prometheus ServiceMonitors and Rules.
# This requires the CoreOS Prometheus Operator. # This requires the CoreOS Prometheus Operator.

17
passbook/flows/tests/test_views.py
View File

@ -20,23 +20,6 @@ class TestFlowExecutor(TestCase):
def setUp(self): def setUp(self):
self.client = Client() self.client = Client()
def test_invalid_domain(self):
"""Check that an invalid domain triggers the correct message"""
flow = Flow.objects.create(
name="test-empty",
slug="test-empty",
designation=FlowDesignation.AUTHENTICATION,
)
wrong_domain = CONFIG.y("domain") + "-invalid:8000"
response = self.client.get(
reverse("passbook_flows:flow-executor", kwargs={"flow_slug": flow.slug}),
HTTP_HOST=wrong_domain,
)
self.assertEqual(response.status_code, 400)
self.assertIn("match", response.rendered_content)
self.assertIn(CONFIG.y("domain"), response.rendered_content)
self.assertIn(wrong_domain.split(":")[0], response.rendered_content)
def test_existing_plan_diff_flow(self): def test_existing_plan_diff_flow(self):
"""Check that a plan for a different flow cancels the current plan""" """Check that a plan for a different flow cancels the current plan"""
flow = Flow.objects.create( flow = Flow.objects.create(

21
passbook/flows/views.py
View File

@ -10,7 +10,6 @@ from passbook.core.views.utils import PermissionDeniedView
from passbook.flows.exceptions import EmptyFlowException, FlowNonApplicableException from passbook.flows.exceptions import EmptyFlowException, FlowNonApplicableException
from passbook.flows.models import Flow, FlowDesignation, Stage from passbook.flows.models import Flow, FlowDesignation, Stage
from passbook.flows.planner import FlowPlan, FlowPlanner from passbook.flows.planner import FlowPlan, FlowPlanner
from passbook.lib.config import CONFIG
from passbook.lib.utils.reflection import class_to_path, path_to_class from passbook.lib.utils.reflection import class_to_path, path_to_class
from passbook.lib.utils.urls import redirect_with_qs from passbook.lib.utils.urls import redirect_with_qs
from passbook.lib.views import bad_request_message from passbook.lib.views import bad_request_message
@ -32,33 +31,13 @@ class FlowExecutorView(View):
def setup(self, request: HttpRequest, flow_slug: str): def setup(self, request: HttpRequest, flow_slug: str):
super().setup(request, flow_slug=flow_slug) super().setup(request, flow_slug=flow_slug)
# TODO: Do we always need this?
self.flow = get_object_or_404(Flow, slug=flow_slug) self.flow = get_object_or_404(Flow, slug=flow_slug)
def _check_config_domain(self) -> Optional[HttpResponse]:
"""Checks if current request's domain matches configured Domain, and
adds a warning if not."""
current_domain = self.request.get_host()
if ":" in current_domain:
current_domain, _ = current_domain.split(":")
config_domain = CONFIG.y("domain")
if current_domain != config_domain:
message = (
f"Current domain of '{current_domain}' doesn't "
f"match configured domain of '{config_domain}'."
)
LOGGER.warning(message, flow_slug=self.flow.slug)
return bad_request_message(self.request, message)
return None
def handle_invalid_flow(self, exc: BaseException) -> HttpResponse: def handle_invalid_flow(self, exc: BaseException) -> HttpResponse:
"""When a flow is non-applicable check if user is on the correct domain""" """When a flow is non-applicable check if user is on the correct domain"""
if NEXT_ARG_NAME in self.request.GET: if NEXT_ARG_NAME in self.request.GET:
LOGGER.debug("f(exec): Redirecting to next on fail") LOGGER.debug("f(exec): Redirecting to next on fail")
return redirect(self.request.GET.get(NEXT_ARG_NAME)) return redirect(self.request.GET.get(NEXT_ARG_NAME))
incorrect_domain_message = self._check_config_domain()
if incorrect_domain_message:
return incorrect_domain_message
message = exc.__doc__ if exc.__doc__ else str(exc) message = exc.__doc__ if exc.__doc__ else str(exc)
return bad_request_message(self.request, message) return bad_request_message(self.request, message)

2
passbook/lib/default.yml
View File

@ -17,8 +17,6 @@ log_level: warning
# Error reporting, sends stacktrace to sentry.beryju.org # Error reporting, sends stacktrace to sentry.beryju.org
error_reporting: false error_reporting: false
domain: localhost
passbook: passbook:
footer_links: footer_links:
# Optionally add links to the footer on the login page # Optionally add links to the footer on the login page