librit / passhport Goto Github PK

The scripts are used to install the soft on an easy way:

• Check the distribution version
• Check existing installation
• Check authorized key file
• Initialize the database
• Create first user

I miss some files. I guess you forgot to add them. Can you add them ASAP if you have them please.
$ ./passhport-admin
Traceback (most recent call last):
File "./passhport-admin", line 66, in
import manage_targetgroup.prompt_functions as targetgroup_prompt
ImportError: No module named manage_targetgroup.prompt_functions

./passhport-admin usergroup show

Formatting text with '%' operator is deprecated, we shall use the str.format() method and therefore rewrite all portions of code that use the operator.

See links below for more information:

• https://www.python.org/dev/peps/pep-3101/
• http://stackoverflow.com/questions/5082452/python-string-formatting-vs-format

Create an automated installation package. (Debian/Red hat)

Authorizedkeyr 1/2 are wrong.

The passhport-admin doesn't works with python 3. It should be corrected.

We want to have less duplicated code for this.

A installation documentation must be written with all packages to install and some initial commands to test the application.
All of this information has to be a on a single github wiki page.

There is too much:
# 2.7 compatibility
try: input = raw_input
except NameError: pass

We need to put that on a module and import it once for all.

If a target don't have any comment/servertype/autocommand we still want to have an output as:

targetname: tname
...
comment:

it's possible to have multiple users with the same email (for example if it's empty).

./passhport-admin usergroup show
Usergroupname:

And let an empty field: I obtain a 404 web page instead of a simple text message.

If we try to add a user to a target, the server raise a bug.

Finish the code for all the module management as for users:

Targets,
UserGroups,
TargetGroups.

The best way in python is to use the method ''.join() instead of the + operator (see https://www.python.org/dev/peps/pep-0008/#programming-recommendations and http://stackoverflow.com/questions/2133571/most-pythonic-way-to-concatenate-strings)

In the module user, the URL for editing a user is:

http://127.0.0.1:5000/user/edit

but in the module target, the URL is:

http://127.0.0.1:5000/target/edit/

with a trailing slash. It’s a bit problematic because when we use the URL for editing target without the trailing slash, flask raises:

FormDataRoutingRedirect: A request was sent to this URL (http://127.0.0.1:5000/target/edit)
but a redirect was issued automatically by the routing system to "http://127.0.0.1:5000/target/edit/".
The URL was defined with a trailing slash so Flask will automatically redirect to the URL
with the trailing slash if it was accessed without one.
Make sure to directly send your POST-request to this URL since we can't make browsers
or HTTP clients redirect with form data reliably or without user interaction.

Note: this exception is only raised in debug mode

in the installation script we must decide which version on python we are testing adn tell the user.

The message raiser when you try to edit a user who don't exist is wrong.
To test:
passhport-admin user edit [email protected] [email protected] comment sshkey

To validate, you have to go in the directory "tests" of passhport-admin and to run the script "passhport_cli_tests_user.sh"

Use case:
I add a new user from the client,
The server add the user to the database,
The server add an entry on the authorized_keys file

on passhport-admin.
output as for the script "tests/passhport_cli_tests_user.sh"

Create / modify a script who initialize the database regarding the parameters of the script or a config file... Can be done in shell or python.

Even If I've said it was a good way to do it, the code become too complex on argument parsing with a lot of if and elif.
We need to find a new way to do it. TIdeas I have:

1. Read the docopt doc / ask community about this problem.
2. Create a simple If / elif on the first level of command and then call function for subcommands.
3. Looking for a docopt replacement.

Add an API call on the client side to manage all directly on the server. Using python module "Request" sounds the best.
Use case:
I launch the administration client.
I create a user
The client call the API to create the user
The server create the user and return an error/success code.
The client indicate the result on screen.

The use case has to be declined to all the actions possible between client and server on ALL modules (users, targets, targets groups, user groups...)

Add an API call on the client side to manage user directly on the server. Using python module "Request" sounds the best.
Use case:
I launch the administration client.
I create a user
The client call the API to create the user
The server create the user and return an error/success code.
The client indicate the result on screen.

The use case has to be declined to all the actions possible between client and server on the USER module

When the db_create.py hasn't been launched, the error message is too complexe. We have to raise a message like:
Error: Database connexion failed. (hint: go check the file "passhportd/config.py" to find the app.db

Before deleting anything user should be asked for confirmation.
We also need to add a "-f" flag to allow deletions without any confirmation

It's a MUST HAVE feature.

Do we need to jump a line after docstring on each function/method?
def meth()
"""Doc"""

dostuff()

should maybe become

def meth()
"""Doc"""
dostuff()

for more visibility when we have a lot of methods with only 1 line.

Check the format of they key entered by managers

When I delete a user, his public key has to be deleted too from the authorized key.

for user creation only email and sshkey are mandatory. When we create a user by cli "passhport-admin create username..." today the comment is mandatory. Same for targets.

It would be good to check if the email submitted when creating a user is valid. Using regex is a bad idea (see http://www.bortzmeyer.org/arreter-d-interdire-des-adresses-legales.html), but sending an verification email may be uncomfortable, although it seems to be the best solution.

Raphux LOVES systemd. So it's for him.

We have to install them during the installation script, and to test them on debian 7 and 8 at least. The scripts only launch the passhportd service.

The passhport client has to call server API to interrogate user management. This client is used to manage target and users and needs a curl-like interface to interract with server REST API.

On passhport-admin it's possible to create a user with an empty sshkey.

Tried with the letter é.

The software si designed for adminsys. For all of them, a function named "tar_prompt" will be related to the tool named "tar". Be more explicit don't cost us much.

The project needs to have a solid unit tests initialisation.

A 404 is for an url not found. In our case, it's the data which is not found: use a 417.

Describe what a Target is, a user is, a group is.
Explain what is possible to do and why.
Finally describe relations between objects.

Use case:

The client ask server to add a target
The server try to connect to the server to copy the public key
=> A password is asked

How ask the same to the client to allow the public key to be add to the target

The script is written in bash (or sh) and launch the passhport client wiht all options possible.

1. Create a new database test (on a temporary directory... we don't want erase the actual database)
2. Every test is run one by one.
3. All the returns are tested and the result is done at the end of the script (ie: "12/22 tests passsed") and the failed tests are raising an error during the process.
4. The database is moved/erased. We restore the normal behavior.

To test if a variable containing a string contains an empty string, we should use:

    if var_string:
        # non empty
    else:
        # empty

See https://www.python.org/dev/peps/pep-0008/#programming-recommendations for more information.

Limit all lines to a maximum of 79 characters.

For flowing long blocks of text with fewer structural restrictions (docstrings or comments), the line length should be limited to 72 characters.

Use case:
Create a user
Delete this user
Delete again this user => no error is raised.

The Server should return an error indicating that no deletion has been done cause the user don't exist.

tests_requests.py should be removed now we have code ready.
test_curl.txt should be transformed into a documentation file/wiki page about the API.

Of course we still need an easy and fast way to test the behavior without any unittest. So we have to create a shell script which execute standard actions.