Develop (#37)

* Support for authentication using external proxy (#33) * add options for HTTP header authentication to config * add template for handling error 401: Unauthorized * support external authentication Expects authentication to be done using an external tool (such as Apache), that fills the users UUID to a HTTP header and acts as a proxy. * version 0.7.3, simple auth mode available, docs for auth created * version 0.7.3, simple auth mode available, docs for auth created * typo in link * Bugfix/autoescape (#35) * rename all j2 files back to html * add Markup to dashboard to render tables from macros * bugfix - V4 table cols, DOCS update --------- Co-authored-by: Jakub Man <[email protected]>
CESNET · Jan 25, 2024 · 673ae7a · 673ae7a
1 parent 432110d
commit 673ae7a
Show file tree

Hide file tree

Showing 36 changed files with 124 additions and 95 deletions.
diff --git a/config.example.py b/config.example.py
@@ -8,10 +8,12 @@ class Config():
     # Flask testing
     TESTING = False
     # SSO auth enabled
-    SSO_AUTH = False
+
+    SSO_AUTH = True
     # Authentication is done outside the app, use HTTP header to get the user uuid.
     # If SSO_AUTH is set to True, this option is ignored and SSO auth is used.
-    HEADER_AUTH = True
+    HEADER_AUTH = False
+
     # Name of HTTP header containing the UUID of authenticated user.
     # Only used when HEADER_AUTH is set to True
     AUTH_HEADER_NAME = 'X-Authenticated-User'

diff --git a/docs/AUTH.md b/docs/AUTH.md
@@ -10,16 +10,34 @@ Since version 0.7.3, the application supports three different forms of user auth
 ### SSO
 To use SSO, you need to set up Apache + Shiboleth in the usual way. Then set `SSO_AUTH = True` in the application configuration file **config.py**
 
+In general the whole app should be protected by Shiboleth. However, there certain endpoints should be excluded from Shiboleth for the interaction with BGP. See configuration example bellow. The endpoints which are not protected by Shibboleth are protected by app itself. Either by @localhost_only decorator or by API key. 
+
 Shibboleth configuration example:
 
-#### shibboleth config:
+#### shibboleth config (shib.conf):
+
 ```
 <Location />
   AuthType shibboleth
   ShibRequestSetting requireSession 1
   require shib-session
 </Location>
 
+
+<LocationMatch /api/>
+  Satisfy Any
+  allow from All
+</LocationMatch>
+
+<LocationMatch /rules/announce_all>
+  Satisfy Any
+  allow from All
+</LocationMatch>
+
+<LocationMatch /rules/withdraw_expired>
+  Satisfy Any
+  allow from All
+</LocationMatch> 
 ```
 
 

diff --git a/docs/INSTALL.md b/docs/INSTALL.md
@@ -125,18 +125,18 @@ Supervisord is used to run and manage application.
 
 #### Final steps - as deploy user
 
-Copy config.example.py to config.py and fill out the DB credetials. 
+1. Copy config.example.py to config.py and fill out the DB credetials. 
 
-Create and populate database tables.
+2. Create and populate database tables.
 ```
 cd ~/www
 source venv/bin/activate
 python db-init.py
 ```
 DB-init script inserts default roles, actions, rule states and two organizations (TUL and Cesnet). But no users.
 
-So before start, use your favorite mysql admin tool and insert some users into database. 
-The uuid of user should be set the eppn value provided by Shibboleth. 
+3. Before start, **use your favorite mysql admin tool and insert some users into database**. 
+The **uuid** of user should be set the **eppn** value provided by Shibboleth. 
 
 You can use following MYSQL commands to insert the user, give him role 'admin' and add him to the the organization 'Cesnet'.
 

diff --git a/flowapp/__init__.py b/flowapp/__init__.py
@@ -87,13 +87,14 @@ def logout():
     def ext_login():
         header_name = app.config.get("AUTH_HEADER_NAME", 'X-Authenticated-User')
         if header_name not in request.headers:
-            return render_template("errors/401.j2")
+            return render_template("errors/401.html")
+
         uuid = request.headers.get(header_name)
         if uuid:
             try:
                 _register_user_to_session(uuid)
             except AttributeError:
-                return render_template("errors/401.j2")
+                return render_template("errors/401.html")
         return redirect("/")
 
     @app.route("/")
@@ -136,12 +137,12 @@ def shutdown_session(exception=None):
     # HTTP error handling
     @app.errorhandler(404)
     def not_found(error):
-        return render_template("errors/404.j2"), 404
+        return render_template("errors/404.html"), 404
 
     @app.errorhandler(500)
     def internal_error(exception):
         app.logger.error(exception)
-        return render_template("errors/500.j2"), 500
+        return render_template("errors/500.html"), 500
 
     @app.context_processor
     def utility_processor():

diff --git a/flowapp/instance_config.py b/flowapp/instance_config.py
@@ -99,23 +99,23 @@ class InstanceConfig:
     DASHBOARD = {
         "ipv4": {
             "name": "IPv4",
-            "macro_file": "macros.j2",
+            "macro_file": "macros.html",
             "macro_tbody": "build_ip_tbody",
             "macro_thead": "build_rules_thead",
             "table_colspan": 10,
-            "table_columns": RULES_COLUMNS_V6,
+            "table_columns": RULES_COLUMNS_V4,
         },
         "ipv6": {
             "name": "IPv6",
-            "macro_file": "macros.j2",
+            "macro_file": "macros.html",
             "macro_tbody": "build_ip_tbody",
             "macro_thead": "build_rules_thead",
             "table_colspan": 10,
             "table_columns": RULES_COLUMNS_V6,
         },
         "rtbh": {
             "name": "RTBH",
-            "macro_file": "macros.j2",
+            "macro_file": "macros.html",
             "macro_tbody": "build_rtbh_tbody",
             "macro_thead": "build_rules_thead",
             "table_colspan": 5,

diff --git a/flowapp/templates/errors/401.html b/flowapp/templates/errors/401.html
@@ -0,0 +1,7 @@
+{% extends 'layouts/default.html' %}
+{% block content %}
+  <h1>Could not log you in.</h1>
+  <p class="form-text">401: Unauthorized</p>
+  <p>Please log out and try logging in again.</p>
+  <p><a href="{{url_for('logout')}}">Log out</a></p>
+{% endblock %}
diff --git a/flowapp/templates/errors/404.j2 → flowapp/templates/errors/404.html b/flowapp/templates/errors/404.j2 → flowapp/templates/errors/404.html
@@ -1,4 +1,4 @@
-{% extends 'layouts/default.j2' %}
+{% extends 'layouts/default.html' %}
 {% block content %}
   <h1>Sorry ...</h1>
   <p>There's nothing here!</p>

diff --git a/flowapp/templates/errors/500.j2 → flowapp/templates/errors/500.html b/flowapp/templates/errors/500.j2 → flowapp/templates/errors/500.html
@@ -1,4 +1,4 @@
-{% extends 'layouts/default.j2' %}
+{% extends 'layouts/default.html' %}
 {% block content %}
   <h1>Error ...</h1>
   <p>Sorry ;-)</p>

diff --git a/flowapp/templates/forms/api_key.j2 → flowapp/templates/forms/api_key.html b/flowapp/templates/forms/api_key.j2 → flowapp/templates/forms/api_key.html
@@ -1,5 +1,5 @@
-{% extends 'layouts/default.j2' %}
-{% from 'forms/macros.j2' import render_field %}
+{% extends 'layouts/default.html' %}
+{% from 'forms/macros.html' import render_field %}
 {% block title %}Add New Machine with ApiKey{% endblock %}
 {% block content %}
   <h2>Add new ApiKey for your machine</h2>

diff --git a/flowapp/templates/forms/ipv4_rule.j2 → flowapp/templates/forms/ipv4_rule.html b/flowapp/templates/forms/ipv4_rule.j2 → flowapp/templates/forms/ipv4_rule.html
@@ -1,5 +1,5 @@
-{% extends 'layouts/default.j2' %}
-{% from 'forms/macros.j2' import render_field %}
+{% extends 'layouts/default.html' %}
+{% from 'forms/macros.html' import render_field %}
 {% block title %}Add IPv4 rule{% endblock %}
 {% block content %}
   <h2>{{ title or 'New'}} IPv4 rule</h2>

diff --git a/flowapp/templates/forms/ipv6_rule.j2 → flowapp/templates/forms/ipv6_rule.html b/flowapp/templates/forms/ipv6_rule.j2 → flowapp/templates/forms/ipv6_rule.html
@@ -1,5 +1,5 @@
-{% extends 'layouts/default.j2' %}
-{% from 'forms/macros.j2' import render_field %}
+{% extends 'layouts/default.html' %}
+{% from 'forms/macros.html' import render_field %}
 {% block title %}Add IPv6 rule{% endblock %}
 {% block content %}
   <h2>{{ title or 'New'}} IPv6 rule</h2>

diff --git a/flowapp/templates/forms/macros.j2 → flowapp/templates/forms/macros.html b/flowapp/templates/forms/macros.j2 → flowapp/templates/forms/macros.html
diff --git a/flowapp/templates/forms/rtbh_rule.j2 → flowapp/templates/forms/rtbh_rule.html b/flowapp/templates/forms/rtbh_rule.j2 → flowapp/templates/forms/rtbh_rule.html
@@ -1,5 +1,5 @@
-{% extends 'layouts/default.j2' %}
-{% from 'forms/macros.j2' import render_field %}
+{% extends 'layouts/default.html' %}
+{% from 'forms/macros.html' import render_field %}
 {% block title %}Add RTBH rule{% endblock %}
 {% block content %}
   <h2>{{ title or 'New'}} RTBH rule</h2>

diff --git a/flowapp/templates/forms/rule.j2 → flowapp/templates/forms/rule.html b/flowapp/templates/forms/rule.j2 → flowapp/templates/forms/rule.html
@@ -1,4 +1,4 @@
-{% extends 'layouts/default.j2' %}
+{% extends 'layouts/default.html' %}
 {% block title %}Add IPv4 rule{% endblock %}
 {% block content %}
   <form action="/addrule" method="post">

diff --git a/flowapp/templates/forms/simple_form.j2 → flowapp/templates/forms/simple_form.html b/flowapp/templates/forms/simple_form.j2 → flowapp/templates/forms/simple_form.html
@@ -1,5 +1,5 @@
-{% extends 'layouts/default.j2' %}
-{% from 'forms/macros.j2' import render_form %}
+{% extends 'layouts/default.html' %}
+{% from 'forms/macros.html' import render_form %}
 
 {% block title %}
 {{ title }}

diff --git a/flowapp/templates/layouts/default.j2 → flowapp/templates/layouts/default.html b/flowapp/templates/layouts/default.j2 → flowapp/templates/layouts/default.html
diff --git a/flowapp/templates/macros.j2 → flowapp/templates/macros.html b/flowapp/templates/macros.j2 → flowapp/templates/macros.html
diff --git a/flowapp/templates/pages/actions.j2 → flowapp/templates/pages/actions.html b/flowapp/templates/pages/actions.j2 → flowapp/templates/pages/actions.html
@@ -1,4 +1,4 @@
-{% extends 'layouts/default.j2' %}
+{% extends 'layouts/default.html' %}
 {% block title %}Flowspec Actions{% endblock %}
 {% block content %}
     <table class="table table-hover">

diff --git a/flowapp/templates/pages/api_key.j2 → flowapp/templates/pages/api_key.html b/flowapp/templates/pages/api_key.j2 → flowapp/templates/pages/api_key.html
@@ -1,4 +1,4 @@
-{% extends 'layouts/default.j2' %}
+{% extends 'layouts/default.html' %}
 {% block title %}ExaFS - ApiKeys{% endblock %}
 {% block content %}
     <h1>Your machines and ApiKeys</h1>

diff --git a/flowapp/templates/pages/as_paths.j2 → flowapp/templates/pages/as_paths.html b/flowapp/templates/pages/as_paths.j2 → flowapp/templates/pages/as_paths.html
@@ -1,4 +1,4 @@
-{% extends 'layouts/default.j2' %}
+{% extends 'layouts/default.html' %}
 {% block title %}AS Paths{% endblock %}
 {% block content %}
     <table class="table table-hover">

diff --git a/flowapp/templates/pages/communities.j2 → flowapp/templates/pages/communities.html b/flowapp/templates/pages/communities.j2 → flowapp/templates/pages/communities.html
@@ -1,4 +1,4 @@
-{% extends 'layouts/default.j2' %}
+{% extends 'layouts/default.html' %}
 {% block title %}Flowspec RTBH communities{% endblock %}
 {% block content %}
     <table class="table table-hover">

diff --git a/flowapp/templates/pages/dashboard_admin.j2 → flowapp/templates/pages/dashboard_admin.html b/flowapp/templates/pages/dashboard_admin.j2 → flowapp/templates/pages/dashboard_admin.html
@@ -1,10 +1,10 @@
-{% extends 'layouts/default.j2' %}
+{% extends 'layouts/default.html' %}
 
 
 {% block title %}Flowspec{% endblock %}
 {% block content %}
 
-    {% include 'pages/submenu_dashboard.j2' %}
+    {% include 'pages/submenu_dashboard.html' %}
     {% if display_rules %}
     <div class="row">
         <form action="{{ url_for('rules.group_operation') }}" method="post">

diff --git a/flowapp/templates/pages/dashboard_search.j2 → ...app/templates/pages/dashboard_search.html b/flowapp/templates/pages/dashboard_search.j2 → ...app/templates/pages/dashboard_search.html
@@ -1,10 +1,10 @@
-{% extends 'layouts/default.j2' %}
-{% from 'macros.j2' import build_ip_tbody, build_rtbh_tbody, build_rules_thead %}
+{% extends 'layouts/default.html' %}
+{% from 'macros.html' import build_ip_tbody, build_rtbh_tbody, build_rules_thead %}
 
 {% block title %}Flowspec{% endblock %}
 {% block content %}
 
-    {% include 'pages/submenu_dashboard.j2' %}
+    {% include 'pages/submenu_dashboard.html' %}
 
     <div class="row">
         <table class="table table-hover ip-table">

diff --git a/flowapp/templates/pages/dashboard_user.j2 → flowapp/templates/pages/dashboard_user.html b/flowapp/templates/pages/dashboard_user.j2 → flowapp/templates/pages/dashboard_user.html
@@ -1,11 +1,11 @@
-{% extends 'layouts/default.j2' %}
-{% from 'macros.j2' import build_ip_tbody, build_rtbh_tbody, build_rules_thead %}
+{% extends 'layouts/default.html' %}
+{% from 'macros.html' import build_ip_tbody, build_rtbh_tbody, build_rules_thead %}
 
 
 {% block title %}Flowspec{% endblock %}
 {% block content %}
 
-    {% include 'pages/submenu_dashboard.j2' %}
+    {% include 'pages/submenu_dashboard.html' %}
 
 
 

diff --git a/flowapp/templates/pages/dashboard_view.j2 → flowapp/templates/pages/dashboard_view.html b/flowapp/templates/pages/dashboard_view.j2 → flowapp/templates/pages/dashboard_view.html
@@ -1,11 +1,11 @@
-{% extends 'layouts/default.j2' %}
-{% from 'macros.j2' import build_ip_tbody, build_rtbh_tbody, build_rules_thead %}
+{% extends 'layouts/default.html' %}
+{% from 'macros.html' import build_ip_tbody, build_rtbh_tbody, build_rules_thead %}
 
 
 {% block title %}Flowspec{% endblock %}
 {% block content %}
 
-    {% include 'pages/submenu_dashboard_view.j2' %}
+    {% include 'pages/submenu_dashboard_view.html' %}
 
     {% if display_rules %}
     <h2>{{ rstate|capitalize }}  {{ table_title }}</h2>

diff --git a/flowapp/templates/pages/dashboard_whois.j2 → flowapp/templates/pages/dashboard_whois.html b/flowapp/templates/pages/dashboard_whois.j2 → flowapp/templates/pages/dashboard_whois.html
@@ -1,4 +1,4 @@
-{% extends 'layouts/default.j2' %}
+{% extends 'layouts/default.html' %}
 
 {% block title %}Flowspec{% endblock %}
 {% block content %}

diff --git a/flowapp/templates/pages/logout.j2 → flowapp/templates/pages/logout.html b/flowapp/templates/pages/logout.j2 → flowapp/templates/pages/logout.html
@@ -1,4 +1,4 @@
-{% extends 'layouts/default.j2' %}
+{% extends 'layouts/default.html' %}
 {% block title %}Flowspec - logout{% endblock %}
 {% block content %}
     <h1>Good Bye</h1>

diff --git a/flowapp/templates/pages/logs.j2 → flowapp/templates/pages/logs.html b/flowapp/templates/pages/logs.j2 → flowapp/templates/pages/logs.html
@@ -1,4 +1,4 @@
-{% extends 'layouts/default.j2' %}
+{% extends 'layouts/default.html' %}
 {% block title %}Flowspec Users{% endblock %}
 {% block content %}
     <h2>Commands log / latest on top</h2>

diff --git a/flowapp/templates/pages/orgs.j2 → flowapp/templates/pages/orgs.html b/flowapp/templates/pages/orgs.j2 → flowapp/templates/pages/orgs.html
@@ -1,4 +1,4 @@
-{% extends 'layouts/default.j2' %}
+{% extends 'layouts/default.html' %}
 {% block title %}Flowspec Organziations{% endblock %}
 {% block content %}
     <table class="table table-hover">

diff --git a/flowapp/templates/pages/submenu_dashboard.j2 → ...pp/templates/pages/submenu_dashboard.html b/flowapp/templates/pages/submenu_dashboard.j2 → ...pp/templates/pages/submenu_dashboard.html
diff --git a/...templates/pages/submenu_dashboard_view.j2 → ...mplates/pages/submenu_dashboard_view.html b/...templates/pages/submenu_dashboard_view.j2 → ...mplates/pages/submenu_dashboard_view.html
diff --git a/flowapp/templates/pages/users.j2 → flowapp/templates/pages/users.html b/flowapp/templates/pages/users.j2 → flowapp/templates/pages/users.html
@@ -1,4 +1,4 @@
-{% extends 'layouts/default.j2' %}
+{% extends 'layouts/default.html' %}
 {% block title %}Flowspec Users{% endblock %}
 {% block content %}
     <table class="table table-hover">