Merge branch 'master' of gitlab.binets.fr:br/sigma-backend

057e63c6 · Anatole ROMON · 8aee1562 · 4d8d7b76 · 057e63c6 · 057e63c6
Commit 057e63c6 authored 7 years ago by Anatole ROMON
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -51,7 +51,8 @@ deploy_staging:
  stage: deploy
  script:
    - npm run build
-    - cp -r build/ /opt/sigma-back/build/
+    - mkdir -p /opt/sigma-back-dev
+    - cp -r build/ /opt/sigma-back-dev/build/
  environment:
    name: staging
    url: http://129.104.210.10:3000

--- a/ldap_config.json
+++ b/ldap_config.json
 {
+	"COMMENT1": "Partie utilisée par ldap_auth",
 	"ldap": {
 		"server": "ldap://frankiz.eleves.polytechnique.fr:389",
 		"searchBase": "ou=eleves,dc=frankiz,dc=net",
 		"searchFilter": "(uid={{username}})"
 	},
+	
+	"COMMENT2": "Noms de domaines dans LDAP ; le niv d'après est en uid=, voir Wikipedia",
 	"dn_groups":"ou=groups,dc=frankiz,dc=net",
 	"dn_users": "ou=eleves,dc=frankiz,dc=net",
+	
+	"COMMENT3": "Anonymisation du champ id",
 	"key_id": "uid",
-	"lg": {
-		"filtre": "(uid=${id})",
-		"attributs": "brMemberOf"
-	},
-	"lm": {
-		"filtre": "(uid=${id})",
-		"attributs": "restrictedMemberUid"
-	},
-	"la": {
-		"filtre": "(uid=${id})",
-		"attributs": "memberUid"
-	},
+
+	"COMMENT4": "Anonymisation des attributs retournés par les différentes fonctions listerGroupes (lg), listerMembres (lm), etc...",
+	"lg": { "attributs": "brMemberOf" },
+	"lm": { "attributs": "restrictedMemberUid" },
+	"la": { "attributs": "memberUid" },
 	"rs": {
-		"filtre": "(uid=${id})",
 		"attributs": ["jpegPhoto","givenName", "sn", "brBirthdate", "brPromo","telephoneNumber","mail","brRoom","brIP","brMemberOf"]
 	},
 	"tgty": {
-		"filtre": "(brNS=${ty})",
-		"types": ["binet", "free"]
+		"filtre": "(brNS=${ty})"
 	},
+	
 	"tolm": {
-		"input_names": ["givenName", "lastName", "nickname", "nationality", "promotion", "phone", "adress", "ip", "school", "groups","studies","sport","mail"],
+		"input_names": ["givenName", "lastName", "nickname", "nationality", "promotion", "phone", "adress", "ip", "school", "groups", "studies", "sport", "mail"],
 		"correspondance": {
 			"givenName": "givenName",
 			"lastName": "sn",
@@ -45,36 +42,71 @@
 	"tol": {
 		"attributes": ["jpegPhoto","givenName", "sn", "brBirthdate", "brPromo","telephoneNumber","mail","brRoom","brIP","brMemberOf"]
 	},
-	"cru": {
+
+	"cu": {
+		"COMMENT7": "Le détail des calculs des différents champs est ci-dessous",
 		"single_user_infos": ["uid","givenName","sn","displayName", "brBirthdate", "uidNumber","gidNumber", "homeDirectory", "userPassword","brPromo","brMemberOf","loginShell","email","telephoneNumber","jpegPhoto","brRoom","brNewsReadAccess","brNewsPostAccess","brAlias","brIP","cn","gecos"],
 		"expr_single_values_user": {
-			"uid": "data['hruid'];",
-			"givenName": "data['first_name'];",
-			"sn": "data['last_name'];",
-			"displayName": "data['nickname'];",
-			"brBirthdate": "data['birthdate'];",
-			"uidNumber": "(2*data['uid']+10000).toString();",
-			"gidNumber": "5000.toString();",
-			"homeDirectory": "'/hosting/users/' + data['hruid'];",
-			"userPassword": "data['password'];",
-			"brPromo": "data['promo'];",
-			"loginShell": "if (data['on_platal']==true) {'/bin/bash'; } else { '/sbin/nologin'; }",
-			"email": "data['email'];",
-			"telephoneNumber":"data['phone'];",
-			"jpegPhoto": "data['photo'];",
-			"brRoom": "data['room'];",
-			"brNewsReadAccess": "if (data['read_perm'].length>0) { 'br.*,public.*'; } else { 'br.*,public.*,'+data['read_perm']; }",
-			"brNewsPostAccess": "if (data['write_perm'].length>0) { 'br.*,!br.blague-du-jour,public.*,!br.campagnekes'; } else { 'br.*,!br.blague-du-jour,public.*,!br.campagnekes,'+data['read_perm']; }",
-			"brAlias": "data['forlifes'].split(' ');",
-			"brIP": "data['ips'].split(',');",
-			"cn": "data['first_name']+' '+data['last_name'].toUpperCase();",
-			"gecos": "btoa(data['first_name']+' '+data['last_name'].toUpperCase());"
+			"uid": "data['hruid']",
+			"givenName": "data['givenName']",
+			"sn": "data['lastName']",
+			"displayName": "data['nickname']",
+			"brBirthdate": "data['birthdate']",
+			"uidNumber": "(2*data['uid']+10000).toString()",
+			"gidNumber": "5000.toString()",
+			"homeDirectory": "'/hosting/users/' + data['hruid']",
+			"userPassword": "data['password']",
+			"brPromo": "data['promo']",
+			"loginShell": "if (data['onPlatal']==1) {'/bin/bash' } else { '/sbin/nologin' }",
+			"email": "data['email']",
+			"telephoneNumber":"data['phone']",
+			"jpegPhoto": "data['photo']",
+			"brRoom": "data['room']",
+			"brNewsReadAccess": "if (data['readPerm'].length>0) { 'br.*,public.*' } else { 'br.*,public.*,'+data['read_perm'] }",
+			"brNewsPostAccess": "if (data['writePerm'].length>0) { 'br.*,!br.blague-du-jour,public.*,!br.campagnekes' } else { 'br.*,!br.blague-du-jour,public.*,!br.campagnekes,'+data['read_perm'] }",
+			"brIP": "data['ips'].split(',')",
+			"cn": "data['givenName']+' '+data['sn'].toUpperCase()",
+			"gecos": "btoa(data['givenName']+' '+data['sn'].toUpperCase())"
 		},
-		"multiple_user_infos": ["objectClass", "brMemberOf"],
+		"multiple_user_infos": ["objectClass","brIP","brAlias"],
 		"expr_multiple_values_user": {
 			"objectClass": "['posixAccount', 'shadowAccount', 'inetOrgPerson', 'brAccount']",
-			"brMemberOf": "data['groups']"
+			"brIP": "data['ips']",
+			"brAlias": "data['forlifes']"
 		}
 	},
+	
+	"cg": {
+		"COMMENT10": "Détail des champs d'un groupe",
+		"single_user_infos": ["name","ns","gid","label"],
+		"expr_single_values_user": {
+			"uid": "btoa(data['name'].toLowerCase())",
+			"brAlias": "data['name']",
+			"brNS": "data['ns']",
+			"uidNumber": "(2*data['gid']+10001).toString()",
+			"gidNumber": "(2*data['gid']+10001).toString()",
+			"userPassword": "",
+			"loginShell": "/sbin/nologin",
+			"cn": "if (data['label']!= '') { data['label'] } else { data['name'] }",
+			"homeDirectory": "'/hosting/groups/'+btoa(data['name'].toLowerCase())",
+			"gecos": "btoa(data['name'].toLowerCase())",
+			"brNewsReadAccess": "!*",
+			"brNewsPostAccess": "!*"
+		},
+		"multiple_user_infos": ["objectClass"],
+		"expr_multiple_values_user": {
+			"objectClass": "[ 'posixGroup','posixAccount','brAccount' ]"
+		}
+	},
+	"am": {
+		"key_gr": "restrictedMemberUid",
+		"key_u": "brMemberOf"
+	},
+	"aa": {
+		"key_gr": "memberUid"
+	},
+	"sm": {
+		"attributs": ["restrictedMemberUid", "brMemberOf"]
+	},
 	"sessionSecret":"change this"
 }
\ No newline at end of file
--- a/src/ldap/ldap_data.js
+++ b/src/ldap/ldap_data.js
--- a/src/server.js
+++ b/src/server.js
@@ -10,6 +10,7 @@ import schema from './graphql/schema';
 import { express as graphqlVoyager } from 'graphql-voyager/middleware';
 import { graphqlExpress, graphiqlExpress } from 'graphql-server-express';
 import flash from 'connect-flash';
+import { ensureLoggedIn } from 'connect-ensure-login';
 import passport from 'passport';
 import LdapStrategy from 'passport-ldapauth';
 import fs from 'fs';
@@ -113,7 +114,7 @@ server.use('/graphql', bodyParser.json(),
    }));

 // GraphiQL est une console interactive pour faire des requêtes au schéma GraphQL
-server.use('/graphiql', graphiqlExpress({endpointURL: '/graphql'}));
+server.use('/graphiql', ensureLoggedIn('/login'), graphiqlExpress({endpointURL: '/graphql'}));

 // GraphQL voyager
 server.use('/voyager', graphqlVoyager({ endpointUrl: '/graphql' }));