librit / passhport Goto Github PK
View Code? Open in Web Editor NEWOpenSSH proxy gateway
Home Page: https://www.passhport.org
License: GNU Affero General Public License v3.0
OpenSSH proxy gateway
Home Page: https://www.passhport.org
License: GNU Affero General Public License v3.0
The scripts are used to install the soft on an easy way:
I miss some files. I guess you forgot to add them. Can you add them ASAP if you have them please.
$ ./passhport-admin
Traceback (most recent call last):
File "./passhport-admin", line 66, in
import manage_targetgroup.prompt_functions as targetgroup_prompt
ImportError: No module named manage_targetgroup.prompt_functions
./passhport-admin usergroup show
Formatting text with '%'
operator is deprecated, we shall use the str.format()
method and therefore rewrite all portions of code that use the operator.
See links below for more information:
Create an automated installation package. (Debian/Red hat)
Authorizedkeyr 1/2 are wrong.
The passhport-admin doesn't works with python 3. It should be corrected.
We want to have less duplicated code for this.
A installation documentation must be written with all packages to install and some initial commands to test the application.
All of this information has to be a on a single github wiki page.
There is too much:
# 2.7 compatibility
try: input = raw_input
except NameError: pass
We need to put that on a module and import it once for all.
If a target don't have any comment/servertype/autocommand we still want to have an output as:
targetname: tname
...
comment:
it's possible to have multiple users with the same email (for example if it's empty).
./passhport-admin usergroup show
Usergroupname:
And let an empty field: I obtain a 404 web page instead of a simple text message.
If we try to add a user to a target, the server raise a bug.
Finish the code for all the module management as for users:
Targets,
UserGroups,
TargetGroups.
The best way in python is to use the method ''.join()
instead of the +
operator (see https://www.python.org/dev/peps/pep-0008/#programming-recommendations and http://stackoverflow.com/questions/2133571/most-pythonic-way-to-concatenate-strings)
In the module user, the URL for editing a user is:
http://127.0.0.1:5000/user/edit
but in the module target, the URL is:
http://127.0.0.1:5000/target/edit/
with a trailing slash. It’s a bit problematic because when we use the URL for editing target without the trailing slash, flask raises:
FormDataRoutingRedirect: A request was sent to this URL (http://127.0.0.1:5000/target/edit)
but a redirect was issued automatically by the routing system to "http://127.0.0.1:5000/target/edit/".
The URL was defined with a trailing slash so Flask will automatically redirect to the URL
with the trailing slash if it was accessed without one.
Make sure to directly send your POST-request to this URL since we can't make browsers
or HTTP clients redirect with form data reliably or without user interaction.Note: this exception is only raised in debug mode
in the installation script we must decide which version on python we are testing adn tell the user.
The message raiser when you try to edit a user who don't exist is wrong.
To test:
passhport-admin user edit [email protected] [email protected] comment sshkey
To validate, you have to go in the directory "tests" of passhport-admin and to run the script "passhport_cli_tests_user.sh"
Use case:
I add a new user from the client,
The server add the user to the database,
The server add an entry on the authorized_keys file
on passhport-admin.
output as for the script "tests/passhport_cli_tests_user.sh"
Create / modify a script who initialize the database regarding the parameters of the script or a config file... Can be done in shell or python.
Even If I've said it was a good way to do it, the code become too complex on argument parsing with a lot of if and elif.
We need to find a new way to do it. TIdeas I have:
Add an API call on the client side to manage all directly on the server. Using python module "Request" sounds the best.
Use case:
I launch the administration client.
I create a user
The client call the API to create the user
The server create the user and return an error/success code.
The client indicate the result on screen.
The use case has to be declined to all the actions possible between client and server on ALL modules (users, targets, targets groups, user groups...)
Add an API call on the client side to manage user directly on the server. Using python module "Request" sounds the best.
Use case:
I launch the administration client.
I create a user
The client call the API to create the user
The server create the user and return an error/success code.
The client indicate the result on screen.
The use case has to be declined to all the actions possible between client and server on the USER module
When the db_create.py hasn't been launched, the error message is too complexe. We have to raise a message like:
Error: Database connexion failed. (hint: go check the file "passhportd/config.py" to find the app.db
Before deleting anything user should be asked for confirmation.
We also need to add a "-f" flag to allow deletions without any confirmation
It's a MUST HAVE feature.
Do we need to jump a line after docstring on each function/method?
def meth()
"""Doc"""
dostuff()
should maybe become
def meth()
"""Doc"""
dostuff()
for more visibility when we have a lot of methods with only 1 line.
Check the format of they key entered by managers
When I delete a user, his public key has to be deleted too from the authorized key.
for user creation only email and sshkey are mandatory. When we create a user by cli "passhport-admin create username..." today the comment is mandatory. Same for targets.
It would be good to check if the email submitted when creating a user is valid. Using regex is a bad idea (see http://www.bortzmeyer.org/arreter-d-interdire-des-adresses-legales.html), but sending an verification email may be uncomfortable, although it seems to be the best solution.
Raphux LOVES systemd. So it's for him.
We have to install them during the installation script, and to test them on debian 7 and 8 at least. The scripts only launch the passhportd service.
The passhport client has to call server API to interrogate user management. This client is used to manage target and users and needs a curl-like interface to interract with server REST API.
On passhport-admin it's possible to create a user with an empty sshkey.
Tried with the letter é.
The software si designed for adminsys. For all of them, a function named "tar_prompt" will be related to the tool named "tar". Be more explicit don't cost us much.
The project needs to have a solid unit tests initialisation.
A 404 is for an url not found. In our case, it's the data which is not found: use a 417.
Describe what a Target is, a user is, a group is.
Explain what is possible to do and why.
Finally describe relations between objects.
Use case:
The client ask server to add a target
The server try to connect to the server to copy the public key
=> A password is asked
How ask the same to the client to allow the public key to be add to the target
The script is written in bash (or sh) and launch the passhport client wiht all options possible.
To test if a variable containing a string contains an empty string, we should use:
if var_string:
# non empty
else:
# empty
See https://www.python.org/dev/peps/pep-0008/#programming-recommendations for more information.
Limit all lines to a maximum of 79 characters.
For flowing long blocks of text with fewer structural restrictions (docstrings or comments), the line length should be limited to 72 characters.
Use case:
Create a user
Delete this user
Delete again this user => no error is raised.
The Server should return an error indicating that no deletion has been done cause the user don't exist.
tests_requests.py should be removed now we have code ready.
test_curl.txt should be transformed into a documentation file/wiki page about the API.
Of course we still need an easy and fast way to test the behavior without any unittest. So we have to create a shell script which execute standard actions.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.