🚑️ (src/db_redis): fix empty request check

README.md

@@ -25,15 +25,13 @@ VAULT_CLIENT_SECRET=
 VAULT_API_BASE_URL=
 VAULT_CONF_URL=
 SECRET_KEY=
-ADMIN_USERS=
 ```
 
 > [!NOTE]
 > - `VAULT_API_BASE_URL` should be similar to `<ip>/v1/`.
 > - `VAULT_CONF_URL` should be similar to `<ip>/v1/identity/oidc/provider/<provider>/.well-known/openid-configuration`. The `<provider>` string should be `default`.
 > - **DON'T FORGET THE PROTOCOL (`http://` or `https://`) BEFORE THE `<ip>` STRING !!**
 > - `SECRET_KEY` should be invented (not provided by Voult).
-> - `ADMIN_USERS` must be a list of users id. Something like this `ADMIN_USERS='["[email protected]", "[email protected]", "[email protected]"]'`.
 > - Replace email with usernames or whatever you want. Be careful with `'` and `"`, these must be used exactly as in the example.
 
 One example of a configuration is shown below:
@@ -44,7 +42,6 @@ VAULT_CLIENT_SECRET=hvo_secret_TcKGRPh3sjC1WE4PrS2GV3XYpY2AkL0FEgYWRNQUPw7rLTYSS
 VAULT_API_BASE_URL=http://localhost:8200/v1/
 VAULT_CONF_URL=http://127.0.0.1:8200/v1/identity/oidc/provider/default/.well-known/openid-configuration
 SECRET_KEY=!secret
-ADMIN_USERS='["[email protected]", "[email protected]", "[email protected]"]'
 ```
 
 ## Run

src/app.py

@@ -1,4 +1,4 @@
 from logging.config import dictConfig
 from authlib.integrations.flask_client import OAuth
 from flask import Flask
 from .db_redis import DBManager
@@ -39,14 +39,16 @@
 app.logger.debug("Loading configs from envs")
 app.config.from_object('src.config')
 
 app.logger.debug(f"Setting secret key: {app.config['SECRET_KEY']}")
 app.secret_key = app.config['SECRET_KEY']
 
 app.logger.debug("Setting REDIS ip and password: %s %s", app.config['REDIS_IP'], app.config['REDIS_PASSWORD'])
 app.redis_ip = app.config['REDIS_IP']
 app.redis_password = app.config['REDIS_PASSWORD']
 
-app.logger.debug(f"ADMIN USERS: {app.config['ADMIN_USERS']}")
+app.logger.debug("Setting LDAPSYNC ip and port: %s %s", app.config['LDAPSYNC_IP'], app.config['LDAPSYNC_PORT'])
+app.ldapsync_ip = app.config['LDAPSYNC_IP']
+app.ldapsync_port = app.config['LDAPSYNC_PORT']
 
 app.logger.debug("SERVER NAME: %s", app.config['SERVER_NAME'])
 
@@ -65,4 +67,4 @@
     }
 )
 
 app.logger.debug("OAUTH CONFIGS: %s", oauth._registry)

src/config.py

@@ -9,6 +9,7 @@
 VAULT_CONF_URL = os.getenv('VAULT_CONF_URL')
 SERVER_NAME = os.getenv('WEB_PUBLIC_URL')
 SECRET_KEY = os.getenv('SECRET_KEY')
-ADMIN_USERS = json.loads(os.getenv('ADMIN_USERS'))
 REDIS_IP = os.getenv('REDIS_IP')
 REDIS_PASSWORD = os.getenv('REDIS_PASSWORD')
+LDAPSYNC_IP = os.getenv('LDAPSYNC_IP')
+LDAPSYNC_PORT = os.getenv('LDAPSYNC_PORT')

src/db_redis.py

@@ -1,13 +1,16 @@
 from datetime import datetime
 import redis
+import requests
 
 
 class DBManager():
 
     def __init__(self, app):
         self.logger = app.logger
         self.REDIS_IP = app.redis_ip
         self.REDIS_PASSWORD = app.redis_password
+        self.LDAPSYNC_IP = app.ldapsync_ip
+        self.LDAPSYNC_PORT = app.ldapsync_port
 
         self.connection = redis.Redis(
             host=self.REDIS_IP,
@@ -18,6 +21,7 @@
 
         # consts
         self.__idx = 'req'
+        self.__infoidx = 'info'
         self.__keys = {
             'startdate': 'startdate',
             'enddate': 'enddate',
@@ -30,6 +34,10 @@
             'synced': 'synced',
         }
 
+    def __notify_ldapsync(self):
+        self.logger.info('NOTIFY LDAPSYNC')
+        r = requests.get(url=f"http://{self.LDAPSYNC_IP}:{self.LDAPSYNC_PORT}")
+        self.logger.debug("TRIGGERED LDAPSYNC, RESPONSE: %s", r)
 
     def __del__(self):
         self.logger.debug("Closing DB connection")
@@ -57,6 +65,10 @@
         self.logger.debug("SETTING KEY: %s --> %s", key, value)
         self.connection.set(key, value)
 
+    def __add_to_set(self, key: str, values: list):
+        self.logger.debug("ADDING %s TO %s", values, key)
+        self.connection.sadd(key, *values)
+
     def __get_key(self, key: str) -> str:
         value = self.connection.get(key)
         self.logger.debug("GET KEY: %s --> %s", key, value)
@@ -85,7 +97,7 @@
         #     case self.__request_statuses.get('approved'):
         #         return self.__request_statuses['pending']
 
     def add_request(self, user: str):
         self.__valid_user(user)
 
         self.logger.info("NEW REQUEST FOR USER: %s", user)
@@ -107,12 +119,14 @@
             self.__request_statuses['pending'],
         )
 
+        self.__notify_ldapsync()
+
     def delete_request(self, user: str):
         self.__valid_user(user)
 
         # an approved/synced request cannot be removed !!
         request_status = self.__get_key(f'{self.__idx}:{user}:{self.__keys["status"]}')
         if request_status in [self.__request_statuses['approved'], self.__request_statuses['synced']]:
             self.logger.warning("TRYING TO REMOVE AN APPROVED REQUEST ! Ignoring")
             return
 
@@ -124,7 +138,7 @@
         for key in self.connection.scan_iter(q):
             self.__del_key(key)
 
     def update_request_status(self, user: str):
         self.__valid_user(user)
 
         self.logger.info("UPDATING USER REQUEST STATUS: %s", user)
@@ -141,10 +155,13 @@
 
         if new_request_status == self.__request_statuses['approved']:
             self.__set_key(f'{self.__idx}:{user}:{self.__keys["enddate"]}', str(datetime.now()))
+            self.__add_to_set(f'{self.__idx}:{user}:{self.__keys["groups"]}', ["users"])
+            self.__notify_ldapsync()
+
         else:
             self.__del_key(f'{self.__idx}:{user}:{self.__keys["enddate"]}')
 
     def get_request_data(self, user: str) -> dict[str, str]:
         self.logger.info("GETTING REQUEST DATA: %s", user)
 
         self.__valid_user(user)
@@ -158,7 +175,11 @@
             else:
                 request_data[key] = self.__get_key(f'{self.__idx}:{user}:{key}')
 
-            if request_data[key] is not None:
+            # `request_data[key]` could be `None` (because it's a string Key) or
+            # `set()` (because it's a set Key), respectively generated by `__get_key()` and
+            # `__get_skey`. Need to check that req. data is not None and then is not an
+            # empty set.
+            if request_data[key] is not None and request_data[key] != set():
                 request_empty = False
 
         if request_empty:
@@ -170,14 +191,14 @@
                 request_data[key] = datetime.strptime(request_data[key], '%Y-%m-%d %H:%M:%S.%f')
 
             except (ValueError, TypeError,):
                 self.logger.error("Wrong datetime format in %s: %s", f'{user}:{key}', request_data[key])
                 request_data[key] = None
 
                 continue
 
         return request_data
 
     def get_all_request_data(self):
         self.logger.info("GETTING ALL REQUESTS DATA")
 
         users = []
@@ -195,7 +216,33 @@
         for user in users:
             request_data = self.get_request_data(user)
             request_data['user'] = user
+            request_data['infos'] = self.get_user_infos(user)
 
             all_requests_data.append(request_data)
 
         return all_requests_data
+
+    def get_user_infos(self, user: str) -> dict:
+        self.logger.info("GETTING USER %s INFOS", user)
+
+        self.__valid_user(user)
+
+        user_infos = {}
+        infos_empty = True
+        infokeys = self.connection.keys(f'{self.__infoidx}:{user}:*')
+
+        self.logger.debug("USER %s KEYS: %s", user, infokeys)
+
+        for key in infokeys:
+            dictkey = key.split(':')[-1]
+            user_infos[dictkey] = self.__get_key(key)
+
+            if user_infos[dictkey] is not None:
+                infos_empty = False
+
+        self.logger.debug("USER INFOS: %s", user_infos)
+
+        if infos_empty:
+            return {}
+
+        return user_infos

src/routes.py

@@ -1,18 +1,20 @@
 from flask import url_for, session, request, render_template, redirect
 from .app import app, dbms, oauth
 
 
 @app.route('/', methods=['GET', 'POST', 'DELETE'])
 def homepage():
     user = session.get('user')
 
     app.logger.debug(f"/ User value: {user}")
 
     if user:
         _username = user['metadata']['name']
-        _groups = dbms.get_request_data(_username)['groups']
+        _groups = dbms.get_request_data(_username).get('groups', [])
+        _infos = dbms.get_user_infos(_username)
         user['username'] = _username
         user['groups'] = _groups
+        user['infos'] = _infos
         user['uninuvolaurl'] = 'https://compute.uninuvola.unipg.it/hub/oauth_login?next='
 
         # ADMIN ROLE
@@ -22,12 +24,12 @@
 
             if request.method == 'POST':
                 user_to_update = request.form['id']
                 app.logger.debug(f"UPDATING USER {user_to_update} REQUEST")
 
                 dbms.update_request_status(user_to_update)
 
             user['request_data'] = dbms.get_all_request_data()
             app.logger.debug(f"ADMIN REQUEST DATA: {user['request_data']}")
 
             return render_template('users/admin.html', user=user)
 
@@ -43,7 +45,7 @@
                 print(request.method)
 
         user['request_data'] = dbms.get_request_data(_username)
         app.logger.debug(f"USER REQUEST DATA: {user['request_data']}")
 
         return render_template('users/user.html', user=user)
 
@@ -51,7 +53,7 @@
 
 
 @app.route('/login')
 def login():
     app.logger.debug('Redirecting to Vault')
     redirect_uri = url_for('auth', _external=True, _scheme='https')
 
@@ -61,17 +63,17 @@
 
 
 @app.route('/auth')
 def auth():
     try:
         token = oauth.vault.authorize_access_token()
 
     except Exception as e: # TODO: choose better Exception
         app.logger.error("Error while autorizing access token, %s", e)
 
         return redirect(url_for('homepage'))
 
     app.logger.debug('Success user auth')
     app.logger.debug(f'Token: {token}')
 
     session['user'] = token['userinfo']
     session['token'] = token
@@ -79,10 +81,10 @@
     return redirect(url_for('homepage'))
 
 @app.route('/logout')
 def logout():
     token = session.get('token')
 
     app.logger.debug(f'Logging out {token}')
 
     oauth.vault.post('auth/token/revoke-self', token=token)
 
@@ -93,5 +95,5 @@
     return redirect('/')
 
 @app.route('/info')
 def info():
     return render_template('info.html')

src/templates/users/admin.html

@@ -4,7 +4,7 @@
 {% endblock%}
 
 {% block body %}
-  <h3>Welcome {{user['username']}}</h3>
+  <h3>Welcome {{user['infos'].get('name', user['username'])}}</h3>
 
   <div class="position-absolute top-50 start-50 translate-middle">
     <a href="{{ user['uninuvolaurl'] }}"><button type="button" class="btn btn-primary btn-lg">
@@ -19,6 +19,7 @@ <h3 class="mt-5">Request status</h3>
     <thead>
       <tr>
         <th>Date</th>
+        <th>Name</th>
         <th>User</th>
         <th>State</th>
         <th>Accepted Date</th>
@@ -29,6 +30,7 @@ <h3 class="mt-5">Request status</h3>
       {% for req in user['request_data'] %}
       <tr>
         <td>{{req['startdate']}}</td>
+        <td>{{req['infos'].get('name', '-')}}</td>
         <td>{{req['user']}}</td>
         <td>{{req['status']}}</td>
         <td>{{ req['enddate'] if req['enddate'] else '-'}}</td>

src/templates/users/user.html

@@ -20,7 +20,7 @@
 {% endblock %}
 
 {% block body %}
-  <h3>Welcome {{user['username']}}</h3>
+  <h3>Welcome {{user['infos'].get('name', user['username'])}}</h3>
 
   {% if user['request_data']|length == 0 %}
   <h3 class="mt-5">Request status</h3>