Easier deployment instructions.

Author: bjonnh

.dockerignore

@@ -0,0 +1,2 @@
+.idea
+venv

.gitignore

@@ -1,2 +1,3 @@
 **/__pycache__
-venv
+venv
+/.idea/

Dockerfile

@@ -0,0 +1,10 @@
+FROM python:3.9
+
+WORKDIR /usr/src/app
+
+COPY requirements.txt ./
+RUN pip install --no-cache-dir -r requirements.txt
+
+COPY . .
+
+CMD [ "python", "./run.py" ]

README.md

@@ -1,5 +1,26 @@
 # Requirements
-Python >=3.6
+Python >=3.6 (works with 3.9)
+
+## Deployment on a docker host
+
+Look at the [docker-compose.yml](docker-compose.yml) file, it starts an example LDAP server with data already loaded.
+
+To run it just do:
+````
+docker-compose up --build 
+````
+
+The service is accessible at: [http://127.0.0.1:8080](http://127.0.0.1:8080)
+
+Users are admin (password admin) and user (password user).
+
+The email functionality is emulated with [maildev](https://github.com/maildev/maildev) that is accessible on port 1080:
+[http://127.0.0.1:1080](http://127.0.0.1:1080).
+
+Sometimes the openldap server crashes for an unknown reason (it gets SIGKILLED somehow) and you have to restart it. As
+I am not using a dockerized LDAP server using this image in production, I didn't dig deeper into that.
+
+## Deployment on bare-metal
 
 Everything in requirements.txt
 

app/auth/email/__init__.py

@@ -4,28 +4,31 @@
 from flask import url_for
 
 
+def validate_environment():
+    return ('EMAIL_SERVER' in os.environ) & ('EMAIL_LOGIN' in os.environ) & ('EMAIL_PASSWORD' in os.environ) & (
+            'EMAIL_FROM_NAME' in os.environ)
+
+
 def send_email(email, code):
-    server = smtplib.SMTP(os.environ['EMAIL_SERVER'], 587)
-    server.starttls()
+    server = smtplib.SMTP(os.environ['EMAIL_SERVER'], os.environ['EMAIL_PORT'])
+    if os.environ['EMAIL_TLS'] != "False":  # We have to be REALLY explicit
+        server.starttls()
 
     server.login(os.environ['EMAIL_LOGIN'], os.environ['EMAIL_PASSWORD'])
 
-    msg = """From: {} <{}>
-To: <{}>
-Subject: Password Reset for {}
+    msg = f"""From: {os.environ['EMAIL_NAME']} <{os.environ['EMAIL_FROM']}>
+To: <{email}>
+Subject: Password Reset for {os.environ['SITE_NAME']}
 
 
 Hello!
     
-Here is the reset code for your account on GFPAuth.
+Here is the reset code for your account on {os.environ['SITE_NAME']}.
     
-Please go to {}{}?authcode={}
+Please go to {os.environ['SITE_URL']}{url_for('password.reset')}?authcode={code}
     
-Thanks.""".format(os.environ['EMAIL_FROM_NAME'], os.environ['EMAIL_FROM_MAIL'],
-                  os.environ['SITE_NAME'],
-                  email,
-                  os.environ['SITE_URL'],
-                  url_for('password.reset'),
-                  code)
-
-    server.sendmail(os.environ['EMAIL_FROM_MAIL'], email, msg)
+Thanks."""
+
+    print(f"Sending a password reset for email: {email}")
+    server.sendmail(os.environ['EMAIL_FROM'], email, msg)
+    server.close()

create_venv.sh

@@ -0,0 +1,44 @@
+services:
+  ldap:
+    build: tests/openldap_container/
+    environment:
+      - DEBUG_LEVEL=1
+      - DOMAIN=test.nprod.net
+      - ORGANIZATION="Test Instance LDAP"
+      - PASSWORD=1234567890
+    volumes:
+      - ./tests/openldap_container/data:/var/restore
+    restart: always
+  mailserver:
+    image: maildev/maildev:2.0.0-beta3
+    environment:
+      - MAILDEV_INCOMING_USER=emailuser
+      - MAILDEV_INCOMING_PASS=emailpassword
+    ports:
+      - 1080:1080
+  service:
+    build: .
+    environment:
+      - LDAP_HOST=ldap
+      - LDAP_PORT=389
+      - SECRET_KEY=foo
+      - WTF_CSRF_SECRET_KEY=bar
+      - MANAGER_USER=admin
+      - MANAGER_PW=1234567890
+      - MANAGER_PATH=dc=test,dc=nprod,dc=net
+      - DC=dc=test,dc=nprod,dc=net
+      - OU=ou=Users,dc=test,dc=nprod,dc=net
+      - EMAIL_SERVER=mailserver
+      - EMAIL_LOGIN=emailuser
+      - EMAIL_PASSWORD=emailpassword
+      - EMAIL_PORT=1025
+      - EMAIL_NAME=LDAP Test instance
+      - EMAIL_FROM=test@test.com
+      - EMAIL_TLS=False
+      - SITE_NAME=LDAP Test instance
+      - SITE_URL=http://127.0.0.1:8080
+      - DEBUG=True
+      - PORT=8080
+      - HOST=0.0.0.0
+    ports:
+      - 8080:8080

docker-compose.yml

@@ -1,13 +1,19 @@
 import os
 
-if 'WTF_CSRF_SECRET_KEY' not in os.environ:
-    raise ArgumentError("Please set a SECRET string into the WTF_CSRF_SECRET_KEY environment variable")
-if 'SECRET_KEY' not in os.environ:
-    raise ArgumentError("Please set another SECRET string into SECRET_KEY environment variable")
-if 'DC' not in os.environ:
-    raise ArgumentError("Please set the DC into DC environment variable")
-if 'OU' not in os.environ:
-    raise ArgumentError("Please set the OU into OU environment variable")
+environment_errors = {
+    "WTF_CSRF_SECRET_KEY": "Please set a SECRET string into the WTF_CSRF_SECRET_KEY environment variable",
+    "SECRET_KEY": "Please set a SECRET string different from the CSRF one into SECRET_KEY environment variable",
+    "DC": "Please set the DC into DC environment variable such as: dc=test,dc=nprod,dc=net",
+    "OU": "Please set the OU group of users into OU environment variable such as: ou=Users,dc=test,dc=nprod,dc=net"
+}
+
+for key, error in environment_errors.items():
+    if key not in os.environ:
+        raise Exception(error)
+
 from app import app
 
-app.run(debug=os.environ['DEBUG'] == "True", port=8086, host='0.0.0.0')
+port = os.getenv("PORT", 8080)
+host = os.getenv("HOST", "0.0.0.0")
+
+app.run(debug=os.environ['DEBUG'] == "True", port=port, host=host)

prepare_venv.sh

@@ -0,0 +1,2 @@
+FROM mwaeckerlin/openldap
+COPY test_data.ldif /var/restore/

run.py

@@ -0,0 +1 @@
+