Software Evaluation: ps1auth

From sshcWiki
Jump to navigation Jump to search
EightInchFloppyDisk.png This article is Out of date.
Please update this article and remove this template!

Pumping Station: One and hef have worked quite a bit on a Django app that can manage members. Maybe we should use it.

Deploying a test VM

hef merged my pull request that fixed the vagrant setup, so just check out the code from https://github.com/hef/ps1auth and follow the readme. Works great.

New Member Signup Flow

Okay, so here's how you'd create a new user.

  • Go to http://localhost:8001
  • Log in with the superuser account you created
  • Click "Member Management" at the top
  • Click the "+Person" button
  • Fill out the fields. Remember the email address you recorded for the new member.
  • Log out
  • Click the Activate button on the Login screen
  • Enter the email address of the new user you added

A this point, an email would have been sent if there was an active email server. Since there isn't, the mail ends up in /vagrant/cache/mail on the VM.

  • Take the activation link in that email, and change "example.org" to "localhost:8001", and load it up in your browser.
  • This loads a screen that lets the user create a new username, and password.

That's about it!

Questions and stuff

  • How do we make new users? I figured out how to add someone, but the User field is greyed out.
    • (thanks to loans): When a user goes to the login screen and clicks Activate, it sends an email. The email looks like this (in the VM, you'll find it in /vagrant/cache/mail):
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Subject: PS1 Account Activation
From: noreply@pumpingstationone.org
To: user@test.com
Date: Tue, 10 Feb 2015 03:55:42 -0000
Message-ID: <20150210035542.1587.78618@archlinux.vagrant.vm>

Your activation link is:
http://example.com/zinc/activate/confirm/d3bf02c9-9f5e-45d9-b163-2ec1aad79144

The user clicks that link, and is prompted to type in a username of their preference and a password.

Stuff we kind of need to figure out on our own

  • This appears to speak LDAP, what happens if we point it at FreeIPA/389-ds instead of Samba4/AD?
    • It appears that ps1auth uses the objectGUID attribute to link users internally to AD accounts, which afaik is an Active Directory extension.
      • FreeIPA has a ipaUniqueID attribute, which should work pretty much exactly the same way.
  • I (cswingler) need to get around to reading up on deploying Django apps so I can deploy this on something that's not Arch.
  • There's a bunch of stuff that should be, uh, I'm not sure if l18n is the correct term for it, but the PS1 brand is hard coded in a few places.

Notes on a FreeIPA compatible fork

Location of repo

https://github.com/sshchicago/ps1auth

This is a fork of hef/ps1auth, with some minor changes to the script to kick it to talking to FreeIPA instead of its local Samba4 server.

Issues

Well, for one, the superuser creation script fails due to not having a 'desc' attribute:

./manage.py createsuperuser
Username: superuser
Password:
Password (again):
Traceback (most recent call last):
  File "./manage.py", line 10, in <module>
    execute_from_command_line(sys.argv)
  File "/home/vagrant/venv/lib/python2.7/site-packages/django/core/management/__init__.py", line 385, in execute_from_command_line
    utility.execute()
  File "/home/vagrant/venv/lib/python2.7/site-packages/django/core/management/__init__.py", line 377, in execute
    self.fetch_command(subcommand).run_from_argv(self.argv)
  File "/home/vagrant/venv/lib/python2.7/site-packages/django/core/management/base.py", line 288, in run_from_argv
    self.execute(*args, **options.__dict__)
  File "/home/vagrant/venv/lib/python2.7/site-packages/django/contrib/auth/management/commands/createsuperuser.py", line 55, in execute
    return super(Command, self).execute(*args, **options)
  File "/home/vagrant/venv/lib/python2.7/site-packages/django/core/management/base.py", line 338, in execute
    output = self.handle(*args, **options)
  File "/home/vagrant/venv/lib/python2.7/site-packages/django/contrib/auth/management/commands/createsuperuser.py", line 160, in handle
    self.UserModel._default_manager.db_manager(database).create_superuser(**user_data)
  File "/vagrant/accounts/models.py", line 65, in create_superuser
    user = self.create_user(object_guid, email=email, password=password)
  File "/vagrant/accounts/models.py", line 32, in create_user
    ldap_connection = get_ldap_connection()
  File "/vagrant/accounts/backends.py", line 13, in get_ldap_connection
    l.simple_bind_s(binddn, password)
  File "/home/vagrant/venv/lib/python2.7/site-packages/ldap/ldapobject.py", line 208, in simple_bind_s
    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
  File "/home/vagrant/venv/lib/python2.7/site-packages/ldap/ldapobject.py", line 469, in result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/home/vagrant/venv/lib/python2.7/site-packages/ldap/ldapobject.py", line 476, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/home/vagrant/venv/lib/python2.7/site-packages/ldap/ldapobject.py", line 99, in _ldap_call
    result = func(*args,**kwargs)
ldap.NO_SUCH_OBJECT: {'desc': 'No such object'}

Off to a good start ;)