Merge branch 'main' into develop

UPC · Oct 4, 2024 · a9526b9 · a9526b9
2 parents d36784e + d3a9ad9
commit a9526b9
Show file tree

Hide file tree

Showing 24 changed files with 1,119 additions and 111 deletions.
diff --git a/lib/Ravada.pm b/lib/Ravada.pm
@@ -3,7 +3,7 @@ package Ravada;
 use warnings;
 use strict;
 
-our $VERSION = '2.3.0';
+our $VERSION = '2.3.1-beta3';
 
 use utf8;
 
@@ -182,6 +182,11 @@ sub _set_first_time_run($self) {
     }
 }
 
+sub _clean_tls($self) {
+    my $sth = $CONNECTOR->dbh->prepare("UPDATE vms set tls=NULL");
+    $sth->execute();
+}
+
 sub _install($self) {
     my $pid = Proc::PID::File->new(name => $self->pid_name);
     $pid->file({dir => "/run/user/$>"}) if $>;
@@ -2688,6 +2693,25 @@ sub _sql_insert_defaults($self){
                 ,name => "media-src"
                 ,value => ''
             }
+            ,{
+                id_parent => $id_frontend
+                ,name => 'auto_create_users'
+                ,value => 1
+            }
+            ,{
+                id_parent => $id_frontend
+                ,name => 'openid'
+            }
+            ,{
+                id_parent => "/frontend/openid"
+                ,name => "enabled"
+                ,value => 0
+            }
+            ,{
+                id_parent => "/frontend/openid"
+                ,name => "logout_url"
+                ,value => ''
+            }
             ,{
                 id_parent => $id_backend
                 ,name => 'start_limit'
@@ -6448,7 +6472,9 @@ sub _cmd_cleanup($self, $request) {
         )) {
             $self->_clean_requests($cmd, $request,'done');
     }
+
 }
+
 sub _verify_connection($self, $domain) {
     for ( 1 .. 60 ) {
         my $status = $domain->client_status(1);
@@ -6878,6 +6904,42 @@ sub _cmd_post_login($self, $request) {
     my $user = Ravada::Auth::SQL->new(name => $request->args('user'));
     $user->unshown_messages();
     $self->_post_login_locale($request);
+    $self->_check_tls_date($user) if $user->is_admin;
+}
+
+sub _check_tls_date($self, $user) {
+    return if !$user->is_admin;
+    my $sth = $CONNECTOR->dbh->prepare("SELECT name,tls FROM vms");
+    $sth->execute();
+    while (my ($name,$tls) = $sth->fetchrow ) {
+        next if !$tls;
+        my $tls_h = {};
+        eval {
+            $tls_h = decode_json($tls);
+        };
+        warn "Warning: error decoding tls for $name '$tls' $@" if $@;
+        next if !keys %$tls_h;
+        my $not_after = $tls_h->{notAfter};
+        next if !$not_after;
+        my $date;
+        eval { $date = DateTime::Format::DateParse->parse_datetime($not_after) };
+
+        if($date) {
+            my $duration = $date-DateTime->now;
+            my ($years, $months, $days) = $duration->in_units('years','months','days');
+            if ($years<1 && $months<1) {
+                if ($years<0 || $months<0 || $days<=0 ) {
+                    $not_after =~ s/(.*) \d+:\d+:\d+(.*)/$1$2/;
+                    $user->send_message("Critical: TLS certificate for $name expired on $not_after");
+                }elsif ($days<7) {
+                    $user->send_message("Critical: TLS certificate for $name has only $days days left. $not_after");
+                } elsif ($days<30) {
+                    $user->send_message("Warning: TLS certificate for $name has only $days days left. $not_after");
+                }
+            }
+        }
+
+    }
 }
 
 sub _post_login_locale($self, $request) {

diff --git a/lib/Ravada/Auth/Group.pm b/lib/Ravada/Auth/Group.pm
@@ -121,6 +121,15 @@ sub remove_member($self, $name) {
     $sth->execute($id_user);
 }
 
+sub remove_other_members($self, $members) {
+    my %members = map { $_ => 1 } @$members;
+
+    for my $name ($self->members ) {
+        $self->remove_member($name) if !$members{$name};
+    }
+
+}
+
 sub _remove_all_members($self) {
     my $sth = $$CON->dbh->prepare("DELETE FROM users_group "
         ." WHERE id_group=?"

diff --git a/lib/Ravada/Auth/OpenID.pm b/lib/Ravada/Auth/OpenID.pm
@@ -0,0 +1,82 @@
+package Ravada::Auth::OpenID;
+
+use strict;
+use warnings;
+
+use Data::Dumper;
+
+use Ravada::Front;
+
+=head1 NAME
+
+Ravada::Auth::OpenID - OpenID library for Ravada
+
+=cut
+
+use Moose;
+
+no warnings "experimental::signatures";
+use feature qw(signatures state);
+
+use Ravada::Auth::SQL;
+
+with 'Ravada::Auth::User';
+
+our $CONFIG = \$Ravada::CONFIG;
+our $ERR;
+
+sub BUILD {
+    my $self = shift;
+    die sprintf('ERROR: Login failed %s', $self->name)
+        if !$self->login();
+    return $self;
+}
+
+sub add_user($name, $password, $storage='rfc2307', $algorithm=undef) { }
+
+sub remove_user { }
+
+sub search_user { }
+
+sub _check_user_profile($self) {
+    my $user_sql = Ravada::Auth::SQL->new(name => $self->name);
+    if ( $user_sql->id ) {
+        if ($user_sql->external_auth ne 'openid') {
+            $user_sql->external_auth('openid');
+        }
+        return $user_sql;
+    }
+
+    return if ! Ravada::Front::setting(undef,'/frontend/auto_create_users');
+
+    Ravada::Auth::SQL::add_user(name => $self->name, is_external => 1, is_temporary => 0
+        , external_auth => 'openid');
+
+    return $user_sql;
+}
+
+sub is_admin { }
+
+sub is_external { }
+
+sub login_external($name, $header) {
+
+    for my $field (qw(OIDC_CLAIM_exp OIDC_access_token_expires)) {
+        if ( exists $header->{$field} && defined $header->{$field} && $header->{$field} < time() ) {
+            warn localtime($header->{$field})." $field expired \n";
+            return 0;
+        }
+    }
+
+    my $self = Ravada::Auth::OpenID->new(name => $name);
+    return if !$self->_check_user_profile();
+    return $self;
+}
+
+sub login($self) {
+    my $user_sql = Ravada::Auth::SQL->new(name => $self->name);
+    return 1 if $user_sql->external_auth && $user_sql->external_auth eq 'openid';
+    return 1;
+}
+
+1;
diff --git a/lib/Ravada/Auth/SSO.pm b/lib/Ravada/Auth/SSO.pm
@@ -54,6 +54,8 @@ sub _check_user_profile {
         return;
     }
 
+    return if ! Ravada::Front::setting(undef,'/frontend/auto_create_users');
+
     Ravada::Auth::SQL::add_user(name => $self->name, is_external => 1, is_temporary => 0
         , external_auth => 'sso');
 }

diff --git a/lib/Ravada/Front.pm b/lib/Ravada/Front.pm
@@ -1912,6 +1912,108 @@ sub upload_users($self, $users, $type, $create=0) {
     return ($found, $count, \@error);
 }
 
+=head2 upload_users_json
+
+Upload a list of users to the database
+
+=head3 Arguments
+
+=over
+
+=item * string with users and passwords in each line
+
+=item * type: it can be SQL, LDAP or SSO
+
+=back
+
+=cut
+
+
+sub upload_users_json($self, $data_json, $type='openid') {
+
+    my ($found, $count, @error);
+    my $data;
+    eval {
+        $data= decode_json($data_json);
+    };
+    if ( $@ ) {
+        push @error,($@);
+        $data={}
+    }
+
+    my $result = {
+        users_found => 0
+        ,users_added => 0
+        ,groups_found => 0
+        ,groups_added => 0
+    };
+    if (exists $data->{groups} &&
+        (!ref($data->{groups}) || ref($data->{groups}) ne 'ARRAY')) {
+        die "Expecting groups as an array , got ".ref($data->{groups});
+    }
+    $data->{groups} = [] if !exists $data->{groups};
+    for my $g0 (@{$data->{groups}}) {
+        $result->{groups_found}++;
+        my $g = $g0;
+        if (!ref($g)) {
+            $g = { name => $g0 };
+        }
+        $found++;
+        my $group = Ravada::Auth::Group->new(name => $g->{name});
+        my $members = delete $g->{members};
+        if (!$group || !$group->id) {
+            unless (defined $members && !scalar(@$members) && $data->{options}->{flush} && $data->{options}->{remove_empty}) {
+                $result->{groups_added}++;
+                Ravada::Auth::Group::add_group(%$g);
+            }
+        } else {
+            push @error,("Group $g->{name} already added");
+        }
+        $self->_add_users($members, $type, $result, \@error, 1);
+        $group->remove_other_members($members) if $data->{options}->{flush};
+
+        for my $m (@$members) {
+            my $user = Ravada::Auth::SQL->new(name => $m);
+            $user->add_to_group($g->{name}) unless $user->is_member($g->{name});
+        }
+        if ( $data->{options}->{remove_empty} && $group->id && !$group->members ) {
+            $group->remove();
+            $result->{groups_removed}++;
+            push @error,("Group ".$group->name." empty removed");
+        }
+    }
+
+    $self->_add_users($data->{users}, $type, $result, \@error)
+    if $data->{users};
+
+    return ($result, \@error);
+}
+
+sub _add_users($self,$users, $type, $result, $error, $ignore_already=0) {
+    for my $u0 (@$users) {
+        $result->{users_found}++;
+        my $u = $u0;
+        $u = dclone($u0) if ref($u0);
+        if (!ref($u)) {
+            $u = { name => $u0 };
+        }
+        if (!exists $u->{is_external}) {
+            if ($type ne 'sql') {
+                $u->{is_external} = 1;
+                $u->{external_auth} = $type ;
+            }
+        }
+        my $user = Ravada::Auth::SQL->new(name => $u->{name});
+        if ($user && $user->id) {
+            push @$error,("User $u->{name} already added")
+                unless $ignore_already;
+            next;
+        }
+        Ravada::Auth::SQL::add_user(%$u);
+        $result->{users_added}++;
+    }
+}
+
 =head2 create_bundle
 
 Creates a new bundle

diff --git a/lib/Ravada/I18N/ca.po b/lib/Ravada/I18N/ca.po
@@ -8,8 +8,8 @@ msgstr ""
 "Project-Id-Version: 0.1.0-alpha\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2017-01-03 10:12+0300\n"
-"PO-Revision-Date: 2024-09-21 06:40+0000\n"
-"Last-Translator: fv3rdugo <[email protected]>\n"
+"PO-Revision-Date: 2024-07-24 12:09+0000\n"
+"Last-Translator: Dani Sanchez <[email protected]>\n"
 "Language-Team: Catalan <https://hosted.weblate.org/projects/ravada/"
 "translation/ca/>\n"
 "Language: ca\n"

diff --git a/lib/Ravada/I18N/id.po b/lib/Ravada/I18N/id.po
@@ -5,8 +5,8 @@ msgstr ""
 "Project-Id-Version: ravada\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2017-01-03 10:12+0300\n"
-"PO-Revision-Date: 2024-09-21 06:40+0000\n"
-"Last-Translator: fv3rdugo <[email protected]>\n"
+"PO-Revision-Date: 2024-02-06 16:45+0000\n"
+"Last-Translator: Dani Sanchez <[email protected]>\n"
 "Language-Team: Indonesian <https://hosted.weblate.org/projects/ravada/"
 "translation/id/>\n"
 "Language: id\n"

diff --git a/lib/Ravada/I18N/it.po b/lib/Ravada/I18N/it.po
@@ -8,8 +8,8 @@ msgstr ""
 "Project-Id-Version: 0.1.0-alpha\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2017-01-03 10:12+0300\n"
-"PO-Revision-Date: 2024-09-21 06:40+0000\n"
-"Last-Translator: fv3rdugo <[email protected]>\n"
+"PO-Revision-Date: 2024-02-06 16:45+0000\n"
+"Last-Translator: Dani Sanchez <[email protected]>\n"
 "Language-Team: Italian <https://hosted.weblate.org/projects/ravada/"
 "translation/it/>\n"
 "Language: it\n"

diff --git a/lib/Ravada/I18N/ru.po b/lib/Ravada/I18N/ru.po
@@ -2,8 +2,8 @@
 # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl)
 msgid ""
 msgstr ""
-"PO-Revision-Date: 2024-09-21 06:40+0000\n"
-"Last-Translator: fv3rdugo <[email protected]>\n"
+"PO-Revision-Date: 2024-07-17 22:09+0000\n"
+"Last-Translator: Elena Mishina <[email protected]>\n"
 "Language-Team: Russian <https://hosted.weblate.org/projects/ravada/"
 "translation/ru/>\n"
 "Language: ru\n"