Compare revisions

build:apt:

  extends: .build

  script:

    - cp CHANGELOG debian/changelog

  - ./debian/create_changelog.py uffd > debian/changelog

  - export PYBUILD_INSTALL_ARGS="--install-lib=/usr/share/uffd/ --install-scripts=/usr/share/uffd/"

    - gbp dch --no-git-author --ignore-branch --debian-tag=v%\(version\)s

  - dpkg-buildpackage -us -uc

    - mkdir build

    - mv ../*.deb build/

  - mv ../*.deb ./

  - dpkg-deb -I *.deb

  - dpkg-deb -c *.deb

  artifacts:

    paths:

      - build/*.deb

      - debian/changelog

    - ./*.deb

db_migrations_updated:

  stage: test

    reports:

      codequality: codeclimate.json

linter:bullseye:

  image: registry.git.cccv.de/uffd/docker-images/bullseye

  stage: test

  dependencies:

  - build:pip

test:package:apt:changelog:

  stage: test

  rules:

  - if: '$CI_COMMIT_TAG =~ /v[0-9]+[.][0-9]+[.][0-9]+.*/'

  script:

  - head -n 1 debian/changelog | grep -qv UNRELEASED || { echo 'CHANGELOG not up-to-date!'; exit 1; }

  dependencies:

  - build:apt

test:package:apt:buster:

  image: registry.git.cccv.de/uffd/docker-images/buster

  stage: test

  script:

  - apt -y install ./build/*.deb

  - apt -y install ./*.deb

  - service uwsgi start uffd || ( service uwsgi status uffd ; sleep 15; cat /var/log/uwsgi/app/uffd.log; )

  - echo "server { listen 127.0.0.1:5000 default_server;  include /etc/uffd/nginx.include.conf; }" > /etc/nginx/sites-enabled/uffd.ini

  - service nginx start || ( service nginx status; nginx -t; exit 1; )

  image: registry.git.cccv.de/uffd/docker-images/bullseye

  stage: test

  script:

  - apt -y install ./build/*.deb

  - apt -y install ./*.deb

  - service uwsgi start uffd || ( service uwsgi status uffd ; sleep 15; cat /var/log/uwsgi/app/uffd.log; )

  - echo "server { listen 127.0.0.1:5000 default_server;  include /etc/uffd/nginx.include.conf; }" > /etc/nginx/sites-enabled/uffd.ini

  - service nginx start || ( service nginx status; nginx -t; exit 1; )

publish:apt:

  extends: .publish

  script:

  - export DEBPATH="$(echo build/*.deb)"

  - export DEBPATH="$(echo *.deb)"

  - echo Upload deb file, add it to repo and clean up upload

  - curl --user "${APTLY_API_USER}:${APTLY_API_PW}" -X POST -F file=@"$DEBPATH" "${APT_API_URL}/api/files/${APT_REPO}-ci-upload-${CI_JOB_ID}"

  - curl --user "${APTLY_API_USER}:${APTLY_API_PW}" -X POST "${APT_API_URL}/api/repos/${APT_REPO}/file/${APT_REPO}-ci-upload-${CI_JOB_ID}"

uffd (1.1.1) unstable; urgency=medium

  [ Julian Rother ]

  * Fix regression: OAuth2 authorize endpoint rejects empty scope parameter

  * Fix regression: OAuth2 token endpoint does not support Basic-Auth

  * Verify 2FA recovery codes and TOTP codes in constant-time

 -- root <root@runner-f9u6bnzu-project-27-concurrent-0>  Mon, 13 Sep 2021 20:18:30 +0000

uffd (1.1.0) unstable; urgency=medium

  [ Julian Rother ]

  * Switched tests from tmpfile to in-memory databases

  * Catch LDAPSASLPrepError on login

  * Restrict password alphabet to SASLprep-safe ASCII subset

  * Replace flask_oauthlib with plain oauthlib

  * Fix for 45d4598 (Replace flask_oauthlib with plain oauthlib)

  * Don't display login page if user is already logged in

  * Display per-client-customizable message on login page

  * Dedicated error page for permission errors

  * Fix HTML element id construction in role view

  * Removed TestUserViewsOLUserAsUser test cases

  * Make sure that users can only confirm their own verification tokens

  * Refactor permission checking and differenciate login and selfservice access

  * Refactor base template and add narrow base template

  * Handle if user referenced in session does not exist

  * Support for python3-fido2 v0.9.x (Debian Bullseye)

  * Support for python3-werkzeug v1.0.x (Debian Bullseye)

  * Properly rollback db transaction in db_flush (tests)

  * Fix debian package dependency on python3-oauthlib

  * Verify OAuth2 codes/tokens in constant-time

  * Verify invite link secrets in constant-time

  * Verify selfservice link secrets in constant-time

  * Verify signup link secrets in constant-time

  * Verify api keys in constant-time

  * Explain OAuth2 code/token customization hack

  * Add CI tests for Bullseye and fix remaining compatability issues

  * Publish Debian packages to packages.cccv.de

  [ C-Tim ]

  * fix(uffd-admin): Fix bug with util-linux fallback path

  * fix(migrations): Calculate correct path for migrations instead of assuming cwd

  [ Julian Rother ]

  * CI check for CHANGELOG on release

  * Refactor migrations to support MySQL/MariaDB

  * Add Debian repo signing key and install instructions

  * Auto-generate SECRET_KEY in Debian package, minor improvement of uffd-admin

 -- root <root@runner-f9u6bnzu-project-27-concurrent-0>  Mon, 13 Sep 2021 12:07:04 +0000

uffd (1.0.0) unstable; urgency=medium

  [ nd ]

  * enable more pylint checks

  * disable all checks for ldapalchemy and enable duplicate code check

  * disable cuplicate-code check in pylint again

  [ Julian Rother ]

  * Fixed typo in German translation (#91)

  * Made shell context more usable and cleaned up imports in __init__.py

  [ nd ]

  * refactor selfservice mail sending

  [ Julian Rother ]

  * Disabled unhelpful deprecation warnings for pytest

  * Fixed minor html validity error in qr code generation

  * Moved token generation to common module and introduced token_urlfriendly

  * Implemented ordering for navbar items

  * Added api endpoint for mail aliases

  [ Sistason ]

  * Updated translations readme, made some editorial translation changes and fixed some typos

  [ Julian Rother ]

  * Made devicelogin button text easier to understand, closes #91

  * Fixed layout bug in selfservice introduced by 7b94843b

  * Changed developing status to "production/stable"

 -- root <root@runner-f9u6bnzu-project-27-concurrent-0>  Fri, 13 Aug 2021 14:35:19 +0000

uffd (0.3.0) unstable; urgency=medium

  [ nd ]

  * update link to rocketchat in README

  * add uffd-admin command, cleanup cronjob and needed /run folder

  * move package build dependencies to docker image

  * enable uwsgi app by default and add maintainer script to restart uwsgi

  * move python dependencies from requirements.txt to setup.py

  * update changelog for 0.3.0 release

  * add more warnings against using pip install for production setups

  * add comment why we ignore the package dependencies extracted by pybild

  * removed not needed sleep from tests

  [ Julian ]

  * ensure uffd-admin works with arguments containing whitespace

 -- root <root@runner-f9u6bnzu-project-27-concurrent-0>  Sun, 01 Aug 2021 13:27:31 +0000

uffd (0.2.0) unstable; urgency=medium

  [ CCCV ]

  * Working debian packages

 -- root <root@runner-f9u6bnzu-project-26-concurrent-1>  Sat, 31 Jul 2021 19:05:30 +0000

uffd (0.1.2) unstable; urgency=medium

  * Initial release.

 -- Andreas Valder <nd@cccv.de>  Fri, 30 Jul 2021 23:02:31 +0200

#!/usr/bin/python3

import sys

import re

import textwrap

import datetime

import email.utils

import git

package_name = 'UNKNOWN'

alias_names = {

	'julian': 'Julian Rother',

	'Julian': 'Julian Rother',

}

ignore_commit_regexes = [

	'^fixup!',

]

def print_release(tag=None, commits=tuple(), last_tag=None):

	release_version = '0.0.0'

	release_author = git.objects.util.Actor('None', 'undefined@example.com')

	release_date = 0

	release_status = 'UNRELEASED'

	message = ''

	if tag:

		release_status = 'unstable'

		release_version = tag.name[1:] # strip leading "v"

		if isinstance(tag.object, git.TagObject):

			release_author = tag.object.tagger

			release_date = tag.object.tagged_date

			message = tag.object.message.split('-----BEGIN PGP SIGNATURE-----')[0].strip()

		else:

			release_author = tag.object.committer

			release_date = tag.object.committed_date

	elif commits:

		release_author = commits[0].committer

		release_date = commits[0].committed_date

		date = datetime.datetime.fromtimestamp(release_date).strftime('%Y%m%dT%H%M%S')

		last_version = '0.0.0'

		if last_tag:

			last_version = last_tag.name[1:] # strip leading "v"

		release_version = f'{last_version}+git{date}-{commits[0].hexsha[:8]}'

	print(f'{package_name} ({release_version}) {release_status}; urgency=medium')

	print()

	if message:

		print(textwrap.indent(message, '  '))

		print()

	commit_authors = [] # list of (key, author), sorted by first commit date

	commit_author_emails = {} # author email -> key

	commit_author_names = {} # author name -> key

	commit_author_commits = {} # key -> list of commits

	for commit in commits:

		if any(filter(lambda pattern: re.match(pattern, commit.summary), ignore_commit_regexes)):

			continue

		if len(commit.parents) > 1:

			continue # Ignore merge commits

		author_name = alias_names.get(commit.author.name, commit.author.name)

		key = commit_author_emails.get(commit.author.email)

		if key is None:

			key = commit_author_names.get(author_name)

		if key is None:

			key = commit.author.email

			commit_authors.append((key, author_name))

		commit_author_emails[commit.author.email] = key

		commit_author_names[author_name] = key

		commit_author_commits[key] = commit_author_commits.get(key, []) + [commit]

	commit_authors.sort(key=lambda args: len(commit_author_commits[args[0]]))

	for key, author_name in commit_authors:

		print(f'  [ {author_name} ]')

		for commit in commit_author_commits[key]:

			lines = '\n'.join(textwrap.wrap(commit.summary, 90))

			lines = '  * ' + textwrap.indent(lines, '    ').strip()

			print(lines)

		print()

	print(f' -- {alias_names.get(release_author.name, release_author.name)} <{release_author.email}>  {email.utils.formatdate(release_date)}')

if __name__ == '__main__':

	repo = git.Repo('.')

	package_name = sys.argv[1]

	version_commits = {}

	for tag in repo.tags:

		if not re.fullmatch('v[0-9]+[.][0-9]+[.][0-9]+.*', tag.name):

			continue

		if isinstance(tag.object, git.TagObject):

			commit_hexsha = tag.object.object.hexsha

		else:

			commit_hexsha = tag.object.hexsha

		version_commits[commit_hexsha] = tag

	tag = None

	commits = []

	for commit in repo.iter_commits('HEAD'):

		if commit.hexsha in version_commits:

			prev_tag = version_commits[commit.hexsha]

			if commits:

				print_release(tag, commits, last_tag=prev_tag)

				print()

			tag = prev_tag

			commits = []

		commits.append(commit)

	print_release(tag, commits)

uwsgi.ini /etc/uffd/

nginx.include.conf /etc/uffd/

debian/uffd.cfg			/etc/uffd/

debian/contrib/uffd.cfg /etc/uffd/

debian/contrib/uffd-admin /usr/bin/

		self.assertNotIn('testrole1'.encode(), r.data)

		self.assertIn('testrole2'.encode(), r.data)

	# Regression test for #130

	def test_index_deleted_dn(self):

		valid_until = datetime.datetime.now() + datetime.timedelta(seconds=60)

		db.session.add(Invite(valid_until=valid_until, single_use=True, used=True, signups=[InviteSignup(user_dn='uid=doesnotexist,ou=users,dc=example,dc=com')]))

		db.session.commit()

		self.login_as('admin')

		r = self.client.get(path=url_for('invite.index'), follow_redirects=True)

		dump('invite_index_deleted_dn', r)

		self.assertEqual(r.status_code, 200)

	def test_new(self):

		self.login_as('admin')

		role = Role(name='testrole1')

						{% else %}

						<ul>

							{% for signup in invite.signups if signup.completed %}

								{% if signup.user %}

								<li>{{_('Registration of user <a href="%(user_url)s">%(user_name)s</a>', user_url=url_for('user.show', uid=signup.user.uid)|e, user_name=signup.user.loginname|e)|safe}}</li>

								{% else %}

								<li>{{_('Registration of a user (no longer available)')}}</li>

								{% endif %}

							{% endfor %}

							{% for grant in invite.grants if grant.user %}

							<li>{{_('Roles granted to <a href="%(user_url)s">%(user_name)s</a>', user_url=url_for('user.show', uid=grant.user.uid)|e, user_name=grant.user.loginname|e)|safe}}</li>