As far as I can see, Keycloak ignores it entirely. I can login in as SSO
user A, then disconnect from the SSO directly and reconnect as user B,
but when I disconnect user A from AUR, Keycloak disconnects B even
though AUR passed it an ID token for A.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
This column holds a user ID issed by the single sign-on provider. For
Keycloak, it is an UUID. For more flexibility, we will be using a
standardly-sized VARCHAR field.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
The install method in Python’s gettext API aliases the translator’s
gettext method to an application-global _(). We don’t use that anywhere,
and it’s clear from aurweb’s Translator interface that we want to
translate a piece of text without affecting any global namespace.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Developers can go to /sso/login to get redirected to the SSO. On
successful login, the ID token is displayed.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
conf/config.dev’s purpose is to provide a lighter configuration template
for developers, and split development-specific options off the default
configuration file.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
aurweb.spawn used to launch only PHP’s built-in server. Now it spawns a
dummy FastAPI application too. Since both stacks spawn their own HTTP
server, aurweb.spawn also spawns nginx as a reverse proxy to mount them
under the same base URL, defined by aur_location in the configuration.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
This program makes it easier for developers to spawn the PHP server
since it fetches automatically what it needs from the configuration
file, rather than having the user explicitly pass arguments to the php
executable.
When the setup gets more complicated as we introduce Python,
aurweb.spawn will keep providing the same interface, while under the
hood it is planned to support running multiple sub-processes.
Its Python interface provides an way for the test suite to spawn the
test server when it needs to perform HTTP requests to the test server.
The current implementation is somewhat weak as it doesn’t detect when a
child process dies, but this is not supposed to happen often, and it is
only meant for aurweb developers.
In the long term, aurweb.spawn will eventually become obsolete, and
replaced by Docker or Flask’s tools.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
This is the common convention for TAP, and makes harnesses like prove
automatically detect them. Plus, test suites don’t have to be shell
scripts anymore.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
This way the database will get stamped, and Git will create the
`versions` directory without which Alembic won’t work.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
The new schema was generated with sqlacodegen and then manually adjusted
to fit schema/aur-schema.sql faithfully, both in the organisation of the
code and in the SQL generated by SQLAlchemy.
Initializing the database now requires the new tool aurweb.initdb.
References to aur-schema.sql have been updated and the old schema
dropped.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Do not add an opening <tbody> tag for every row. Instead, wrap all rows
in <tbody></tbody>.
While at it, also simplify the code used to color the rows.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
The try_login() function documents it returns an array containing an
'error' key, and our only caller *only* consults the 'error' key. Then
the function returns null instead of an array, if the login succeeded!
I question why we bother returning the new SID if we never use it,
surely we could either return the error or return default null. But, for
now, I'm just going to fix it to return what it's actually supposed to,
without changing the API.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
If a db query returned NULL instead of an array, then accessing $row[0]
now throws a warning. The undocumented behavior of evaluating to NULL
is maintained, and we want to return NULL anyway, so add a check for the
value and fall back on the default function return type.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Add more options to configure the smtplib implementation for sending
notification emails.
The port can be changed using the new smtp-port option.
Encryption can be configured using smtp-use-ssl and smtp-use-starttls.
Keep in mind that you usually also need to change the port when enabling
either of these options.
Authentication can be configured using smtp-user and smtp-password.
Authentication is disabled if either of these values is empty.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Support mail delivery without a local MTA. Instead, an SMTP server can
now be configured using the smtp-server option in the [notifications]
section. In order to use this option, the value of the sendmail option
must be empty.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
