Add support for Moodle/LTI and email/password-based authentication

.github/workflows/deploy-oauth-moodle.yml

@@ -0,0 +1,73 @@
+# Note: remove this file (squash-removing the underlying commit) before merging
+name: Push oauth-moodle to DockerHub
+on:
+  push:
+    branches:
+      - oauth-moodle
+      - oauth-moodle-dev
+jobs:
+  push_server:
+    name: Push learn-ocaml image to Docker Hub
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v2
+      - name: Get branch name
+        run: branch="${{ github.ref }}"; echo "::set-output name=branch::${branch#refs/heads/}"
+        id: branch
+      - name: Push to Docker Hub
+        uses: docker/build-push-action@v1
+        with:
+          always_pull: true
+          add_git_labels: true
+          labels: "org.opencontainers.image.version=${{ steps.branch.outputs.branch }}"
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+          # repository: ocamlsf/learn-ocaml
+          repository: pfitaxel/learn-ocaml
+          tags: ${{ steps.branch.outputs.branch }}
+  push_client:
+    name: Push learn-ocaml-client image to Docker Hub
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v2
+      - name: Get branch name
+        run: branch="${{ github.ref }}"; echo "::set-output name=branch::${branch#refs/heads/}"
+        id: branch
+      - name: Push to Docker Hub
+        uses: docker/build-push-action@v1
+        with:
+          always_pull: true
+          add_git_labels: true
+          labels: "org.opencontainers.image.version=${{ steps.branch.outputs.branch }}"
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+          # repository: ocamlsf/learn-ocaml-client
+          repository: pfitaxel/learn-ocaml-client
+          target: client
+          tags: ${{ steps.branch.outputs.branch }}
+  push_emacs_client:
+    name: Push emacs-learn-ocaml-client image to Docker Hub
+    needs: push_client
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v2
+      - name: Get branch name
+        run: branch="${{ github.ref }}"; echo "::set-output name=branch::${branch#refs/heads/}"
+        id: branch
+      - name: Push to Docker Hub
+        # https://github.com/docker/build-push-action/tree/releases/v1#readme
+        uses: docker/build-push-action@v1
+        with:
+          path: ci/docker-emacs-learn-ocaml-client
+          build_args: "base=pfitaxel/learn-ocaml-client,version=${{ steps.branch.outputs.branch }}"
+          always_pull: true
+          add_git_labels: true
+          labels: "org.opencontainers.image.version=${{ steps.branch.outputs.branch }}"
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+          # repository: ocamlsf/learn-ocaml
+          repository: pfitaxel/emacs-learn-ocaml-client
+          tags: ${{ steps.branch.outputs.branch }}

.gitignore

@@ -10,6 +10,7 @@ src/ppx-metaquot/ast_lifter.ml
 
 learnocaml-server.byte
 learn-ocaml.install
+learn-ocaml-client.install
 
 src/grader/embedded_cmis.ml
 src/grader/embedded_grading_cmis.ml

Dockerfile

@@ -53,7 +53,7 @@ LABEL org.opencontainers.image.vendor="The OCaml Software Foundation"
 FROM alpine:3.13 as program
 
 RUN apk update \
-  && apk add ncurses-libs libev dumb-init git openssl \
+  && apk add ncurses-libs libev gmp dumb-init msmtp git openssl \
   && addgroup learn-ocaml \
   && adduser learn-ocaml -DG learn-ocaml
 

ci/docker-emacs-learn-ocaml-client/.dockerignore

@@ -0,0 +1,2 @@
+*
+!.emacs

ci/docker-emacs-learn-ocaml-client/.emacs

@@ -0,0 +1,105 @@
+;;; .emacs --- Emacs conf file -*- coding: utf-8 -*-
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+;; Config de package.el, MELPA et use-package
+
+(require 'package)
+(add-to-list 'package-archives '("melpa" . "https://melpa.org/packages/") t)
+(package-initialize)
+
+(unless (package-installed-p 'use-package)
+  (package-refresh-contents)
+  (package-install 'use-package))
+(eval-when-compile
+  (require 'use-package))
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+;; Config de Tuareg, Merlin et Company
+
+(use-package tuareg
+  :ensure t
+  :defer t
+  :init
+  (setq tuareg-opam-insinuate t))
+
+;; Merlin would require OPAM
+; (use-package merlin
+;   :ensure t
+;   :hook
+;   ((tuareg-mode caml-mode) . merlin-mode)
+;   :config
+;   (setq merlin-command 'opam))
+; 
+; (use-package merlin-eldoc
+;   :ensure t
+;   :hook
+;   ((tuareg-mode caml-mode) . merlin-eldoc-setup)
+;   :bind (:map merlin-mode-map
+;               ("C-c <C-left>" . merlin-eldoc-jump-to-prev-occurrence)
+;               ("C-c <C-right>" . merlin-eldoc-jump-to-next-occurrence)))
+; 
+; (use-package company
+;   :ensure t
+;   :hook
+;   ((tuareg-mode caml-mode) . company-mode)
+;   :config
+;   (bind-key "<backtab>" 'company-complete))
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+;; Config de Magit
+
+; (use-package magit
+;   :ensure t
+;   :defer t
+;   :config
+;   (setq magit-diff-refine-hunk 'all)
+;   :bind (("C-x g" . magit-status)
+;          ("C-x M-g" . magit-dispatch-popup)))
+; 
+; (use-package magit-gitflow
+;   :ensure t
+;   :after magit
+;   :config (add-hook 'magit-mode-hook 'turn-on-magit-gitflow))
+; 
+; ;; Protect against accident pushes to upstream
+; (defadvice magit-push-current-to-upstream
+;     (around my-protect-accidental-magit-push-current-to-upstream)
+;   "Protect against accidental push to upstream.
+; 
+; Causes `magit-git-push' to ask the user for confirmation first."
+;   (let ((my-magit-ask-before-push t))
+;     ad-do-it))
+; 
+; (defadvice magit-git-push (around my-protect-accidental-magit-git-push)
+;   "Maybe ask the user for confirmation before pushing.
+; 
+; Advice to `magit-push-current-to-upstream' triggers this query."
+;   (if (bound-and-true-p my-magit-ask-before-push)
+;       ;; Arglist is (BRANCH TARGET ARGS)
+;       (if (yes-or-no-p (format "Push %s branch upstream to %s? "
+;                                (ad-get-arg 0) (ad-get-arg 1)))
+;           ad-do-it
+;         (error "Push to upstream aborted by user"))
+;     ad-do-it))
+; 
+; (ad-activate 'magit-push-current-to-upstream)
+; (ad-activate 'magit-git-push)
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+;; Config générale
+
+(setq column-number-mode t
+      line-number-mode t
+      require-final-newline t)
+
+;; Marquage des parenthèses
+(load-library "paren")
+(show-paren-mode 1)
+
+;; Raccourcis C-c/C-x/C-v/C-z standards
+;; au lieu de M-w/C-w/C-y/C-_ par défaut dans GNU Emacs
+(cua-mode 1)

ci/docker-emacs-learn-ocaml-client/Dockerfile

@@ -0,0 +1,29 @@
+ARG base=ocamlsf/learn-ocaml-client
+ARG version=master
+FROM ${base}:${version}
+
+WORKDIR /home/learn-ocaml
+
+USER root
+
+RUN apk add --no-cache \
+  curl \
+  emacs-nox \
+  && mkdir -p -v bin \
+  && chown -v learn-ocaml:learn-ocaml bin
+
+ENV PATH /home/learn-ocaml/bin:${PATH}
+
+ENV LANG C.UTF-8
+# ENV LC_ALL C.UTF-8
+# ENV LANGUAGE en_US:en
+
+COPY --chown=learn-ocaml:learn-ocaml .emacs .emacs
+
+USER learn-ocaml
+
+# Do some automatic Emacs installation/byte-compilation:
+RUN emacs --version && emacs --batch -l ${HOME}/.emacs
+
+ENTRYPOINT []
+CMD ["/bin/sh"]

docker-compose.yml

@@ -0,0 +1,103 @@
+# Note: this file is dev-specific.
+# To deploy learn-ocaml, see e.g.:
+# https://github.com/pfitaxel/docker-learn-ocaml/blob/master/docker-compose.yml
+
+# Note: regarding the very first run (sudo docker-compose up --build),
+# the setup of the moodle container ("Running Moodle install script")
+# may take a long time (up to 18').
+# Do NOT stop the docker-compose app too early, otherwise the database
+# would be in a broken state, leading to a systematic error at further
+# runs ("learn-ocaml_moodle_1 exited with code 1").
+
+version: '3.7'
+
+services:
+  learnocaml:
+    container_name: backend
+    # image: ocamlsf/learn-ocaml:0.13
+    build: .
+    ports:
+      - '8080:8080'
+    environment:
+      # (ocaml variable) root URL:
+      LEARNOCAML_BASE_URL: "http://localhost:8080"
+      # (ocaml variable) <container_name>.<network_name>:
+      FROM_DOMAIN: "backend.localdomain"
+      # (alpine msmtp variable) hostname of the SMTP server:
+      SMTPSERVER: "maildev"
+      # SMTPSERVER: "postfix"
+      # (ocaml + alpine msmtp variable) Reply-To = Return-Path:
+      EMAIL: "[email protected]"
+    depends_on:
+      - maildev
+      # - postfix
+    volumes:
+      - ./demo-repository:/repository:ro
+      - ./sync:/sync
+    networks:
+      - learnocaml-net
+    restart: unless-stopped
+
+  # Only useful for dev
+  maildev:
+    image: maildev/maildev
+    ports:
+      - "1080:80"
+    networks:
+      - learnocaml-net
+
+# For a prod configuration, see also:
+# https://github.com/pfitaxel/docker-learn-ocaml/blob/master/docker-compose.yml
+
+# BEGIN https://github.com/bitnami/bitnami-docker-moodle/blob/ffa8007ebb0ebc501eeeba62804d10b0efef3673/docker-compose.yml
+
+  mariadb:
+    image: 'docker.io/bitnami/mariadb:10.3-debian-10'
+    environment:
+      - ALLOW_EMPTY_PASSWORD=yes
+      - MARIADB_USER=bn_moodle
+      - MARIADB_DATABASE=bitnami_moodle
+      # - BITNAMI_DEBUG=true
+    volumes:
+      - 'mariadb_data:/bitnami/mariadb'
+    networks:
+      - moodle-net
+  moodle:
+    image: 'docker.io/bitnami/moodle:3-debian-10'
+    ports:
+      - '9090:8080'
+      # - '80:8080'
+      # - '443:8443'
+    environment:
+      - MOODLE_DATABASE_HOST=mariadb
+      - MOODLE_DATABASE_PORT_NUMBER=3306
+      - MOODLE_DATABASE_USER=bn_moodle
+      - MOODLE_DATABASE_NAME=bitnami_moodle
+      - ALLOW_EMPTY_PASSWORD=yes
+      # - BITNAMI_DEBUG=true
+    volumes:
+      - 'moodle_data:/bitnami/moodle'
+      - 'moodledata_data:/bitnami/moodledata'
+    networks:
+      - moodle-net
+    depends_on:
+      - mariadb
+
+volumes:
+  mariadb_data:
+    driver: local
+  moodle_data:
+    driver: local
+  moodledata_data:
+    driver: local
+
+# END https://github.com/bitnami/bitnami-docker-moodle/blob/ffa8007ebb0ebc501eeeba62804d10b0efef3673/docker-compose.yml
+# @ https://github.com/bitnami/bitnami-docker-moodle#readme
+# @ https://github.com/bitnami/bitnami-docker-moodle#configuration
+
+networks:
+  learnocaml-net:
+    driver: bridge
+    name: localdomain
+  moodle-net:
+    driver: bridge

docs/howto-deploy-a-learn-ocaml-instance.md

@@ -68,3 +68,29 @@ make && make opaminstall
 ```
 learn-ocaml serve --port 8080
 ```
+
+## Enabling passwords
+
+By default, authentication is performed with a token instead of a more
+traditionnal email/password pair, but this can now be enabled by
+setting the `use_passwd` option to `true` (by default, it is set to
+`false`).
+
+## Integration with Moodle and other teaching tools
+
+If you enabled passwords, you can also enable LTI, enabling to login
+in Learn-OCaml from Moodle and other teaching tools.
+
+> *Warning*
+>
+> Passwords must be enabled to use the LTI integration.
+
+The option `use_moodle` must be set to `true` in the config file (by
+default, it is set to `false`).  When running `learn-ocaml build`,
+Learn-OCaml generate a private key for LTI authentication if there is
+none yet, and print it to the standard output.
+
+This key can be then inserted as the secret in the LTI-compatible
+application (eg. Moodle).  You can set any value you want as the
+consumer key, but take care to not reuse the value between multiple
+applications.

learn-ocaml-client.opam

@@ -21,13 +21,15 @@ depends: [
   "asak"
   "cohttp" {>= "1.0.0" & < "2.0.0"}
   "cohttp-lwt-unix" {>= "1.0.0" & < "2.0.0"}
+  "cryptokit"
   "ssl" {= "0.5.5"}
   "digestif" {>= "0.7.1"}
   "dune" {= "2.0.1"}
   "ezjsonm"
   "lwt" {>= "4.0.0"}
   "lwt_ssl"
   "ocaml" {= "4.05.0"}
+  "ocamlnet" {> "4.1"}
   "ocamlfind" {build}
   "ocp-indent-nlfork"
   "ocp-ocamlres" {>= "0.4"}
@@ -37,6 +39,7 @@ depends: [
   "ppx_tools"
   "ppx_sexp_conv" {= "v0.9.0"}
   "ppx_fields_conv" {= "v0.9.0"}
+  "safepass"
 ]
 build: [
   ["dune" "build" "@install" "-p" name "-j" jobs]