From 14ba91b3f80629f6281022ed4b0eee3891526003 Mon Sep 17 00:00:00 2001 From: ivis-kondo Date: Thu, 20 Feb 2025 19:03:43 +0900 Subject: [PATCH 01/43] add orthros idp --- .../static/js/weko_accounts/embedded_ds.js | 8 +++- .../static/js/weko_accounts/embedded_ds_2.js | 8 +++- nginx/Dockerfile | 1 + nginx/Dockerfile.ams | 1 + nginx/Dockerfile.arm64 | 1 + nginx/orthros-idp-metadata.xml | 39 +++++++++++++++++++ nginx/shibboleth2.xml | 3 +- 7 files changed, 58 insertions(+), 3 deletions(-) create mode 100644 nginx/orthros-idp-metadata.xml diff --git a/modules/weko-accounts/weko_accounts/static/js/weko_accounts/embedded_ds.js b/modules/weko-accounts/weko_accounts/static/js/weko_accounts/embedded_ds.js index b4666e18fd..11385b0575 100644 --- a/modules/weko-accounts/weko_accounts/static/js/weko_accounts/embedded_ds.js +++ b/modules/weko-accounts/weko_accounts/static/js/weko_accounts/embedded_ds.js @@ -25,7 +25,13 @@ var wayf_hide_idps; var wayf_unhide_idps; var wayf_show_remember_checkbox; var wayf_force_remember_for_session; -var wayf_additional_idps; +var wayf_additional_idps = [ + { + "entityID": "https://core.orthros.gakunin.nii.ac.jp/idp", + "name": "Orthros", + "search": ["https://core.orthros.gakunin.nii.ac.jp/idp", "Orthros"] + }, +]; var wayf_discofeed_url; var wayf_sp_cookie_path; var wayf_list_height; diff --git a/modules/weko-accounts/weko_accounts/static/js/weko_accounts/embedded_ds_2.js b/modules/weko-accounts/weko_accounts/static/js/weko_accounts/embedded_ds_2.js index 21527e2721..93a0dcefdd 100644 --- a/modules/weko-accounts/weko_accounts/static/js/weko_accounts/embedded_ds_2.js +++ b/modules/weko-accounts/weko_accounts/static/js/weko_accounts/embedded_ds_2.js @@ -25,7 +25,13 @@ var wayf_hide_idps; var wayf_unhide_idps; var wayf_show_remember_checkbox = false; var wayf_force_remember_for_session; -var wayf_additional_idps; +var wayf_additional_idps = [ + { + "entityID": "https://core.orthros.gakunin.nii.ac.jp/idp", + "name": "Orthros", + "search": ["https://core.orthros.gakunin.nii.ac.jp/idp", "Orthros"] + }, +]; var wayf_discofeed_url; var wayf_sp_cookie_path; var wayf_list_height; diff --git a/nginx/Dockerfile b/nginx/Dockerfile index fc3ff8faa3..67635422b9 100644 --- a/nginx/Dockerfile +++ b/nginx/Dockerfile @@ -66,6 +66,7 @@ ADD nginx.conf /etc/nginx/nginx.conf ADD ./keys/server.crt /etc/nginx/server.crt ADD ./keys/server.key /etc/nginx/server.key ADD ./idp-metadata.xml /etc/shibboleth/idp-metadata.xml +ADD ./orthros-idp-metadata.xml /etc/shibboleth/orthros-idp-metadata.xml ADD ./htpasswd /etc/nginx/.htpasswd ADD ./htdigest /etc/nginx/.htdigest ADD redirect_list.map /etc/nginx/redirect_list.map diff --git a/nginx/Dockerfile.ams b/nginx/Dockerfile.ams index 43313c1820..7e7e78e016 100644 --- a/nginx/Dockerfile.ams +++ b/nginx/Dockerfile.ams @@ -66,6 +66,7 @@ ADD nginx.conf /etc/nginx/nginx.conf ADD ./keys/server.crt /etc/nginx/server.crt ADD ./keys/server.key /etc/nginx/server.key ADD ./idp-metadata.xml /etc/shibboleth/idp-metadata.xml +ADD ./orthros-idp-metadata.xml /etc/shibboleth/orthros-idp-metadata.xml ADD ./htpasswd /etc/nginx/.htpasswd ADD ./htdigest /etc/nginx/.htdigest ADD redirect_list.map /etc/nginx/redirect_list.map diff --git a/nginx/Dockerfile.arm64 b/nginx/Dockerfile.arm64 index f8962f3b5e..931e274b21 100644 --- a/nginx/Dockerfile.arm64 +++ b/nginx/Dockerfile.arm64 @@ -72,6 +72,7 @@ ADD nginx.conf /etc/nginx/nginx.conf ADD ./keys/server.crt /etc/nginx/server.crt ADD ./keys/server.key /etc/nginx/server.key ADD ./idp-metadata.xml /etc/shibboleth/idp-metadata.xml +ADD ./orthros-idp-metadata.xml /etc/shibboleth/orthros-idp-metadata.xml ADD ./htpasswd /etc/nginx/.htpasswd ADD ./htdigest /etc/nginx/.htdigest ADD redirect_list.map /etc/nginx/redirect_list.map diff --git a/nginx/orthros-idp-metadata.xml b/nginx/orthros-idp-metadata.xml new file mode 100644 index 0000000000..8b1191ad43 --- /dev/null +++ b/nginx/orthros-idp-metadata.xml @@ -0,0 +1,39 @@ + + + + + openidp.nii.ac.jp + + Orthros + Orthros + Orthrosは、学認に参加していない機関に所属するユーザにもアカウントを発行し、連携するサービスを利用できるようにするIdPです。 + https://ui.orthros.gakunin.nii.ac.jp/static/user/img/Orthros_LOGO_02_color.svg + https://meatwiki.nii.ac.jp/confluence/pages/viewpage.action?pageId=118168818 + https://ui.orthros.gakunin.nii.ac.jp/ja/pages/privacy-policy + https://ui.orthros.gakunin.nii.ac.jp/en/pages/privacy-policy + category:location:others category:organizationType:others + + + + + + MIIC9zCCAd8CFExC+m7Rpuo7wwPVKMeVnE8n/fZ4MA0GCSqGSIb3DQEBCwUAMDgxCzAJBgNVBAMMAkpQMQ4wDAYDVQQIDAVUb2t5bzEZMBcGA1UEAwwQT3J0aHJvcy1JZFAtQ2VydDAeFw0yMzAzMjMwNTExMTZaFw0yODAzMjEwNTExMTZaMDgxCzAJBgNVBAMMAkpQMQ4wDAYDVQQIDAVUb2t5bzEZMBcGA1UEAwwQT3J0aHJvcy1JZFAtQ2VydDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALAobQleYbpuJBB31HMkMCO4NOjfY4fDKkEpkBu+genfmJrKlTMda/ekT/eF3K73uYg5OUV1zcDXOnsM+J8RcqcLsRQAo21+3Q/95MF9B4gcFYcwDpDPVdqrwj5YvCUUfp2H45jrSRsICYYffUVsgwcSK7oUQf900imHWpKt7VimUmAgAukioQSyvV4+4RffAOUMZ6QQrhXUHcGD+uvYyiBZdx0Dr4ez7w/C632TKjzKQz6vMXHfnhIwyebcjAD3XwPj+1HfUUvdXBoLdUsMwvsNXbG1HIb6si7M+2hjf9cDhasFf/TOs0+tbWkN40aHzt7swW9z+iOmfix+eDqG04cCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAZhbQ3bVz7tUJ7B1POiQNklJw73bB5AWVnHDneO1Cx0vLt/6DDmmAO5HqKKUPfJeQVlABR3AGA5Ge0eEHAG/0oCjfeq2IU/ZD2lhmmZApn3TUPZB125aUQ/0uPpLVFOmAz7VMqiYVOTxkJ5GPGQ12xlkXQ4hDmkxh9Kf9LpuGj9gDiLomQOr79lduurwpZPuNjI6KyLtUhtSbWFiAznwA3KarF69HyAP0OFMUt3uTKyyH9Nu8HlHMgBOqMXaaVb39KZg2lEKltx/QBPbAp35d5QRnaLblRQgyseKmhXw+M/BM+xKAfF5q9W5NLLjm9fU19e3FlbzrLk0M0Cq5eNa8qA== + + + + urn:oasis:names:tc:SAML:2.0:nameid-format:persistent + + + + + National Institute of Informatics + 国立情報学研究所 + Orthros + Orthros + https://www.nii.ac.jp/ + + + Orthros Office + mailto:orthros-office@nii.ac.jp + + diff --git a/nginx/shibboleth2.xml b/nginx/shibboleth2.xml index fb10f05c27..27bf33a9f3 100644 --- a/nginx/shibboleth2.xml +++ b/nginx/shibboleth2.xml @@ -85,7 +85,8 @@ --> - + +
{%- else %} +
{%- endif %} -
-
- -
-
+
+ +
+ +
+ {{_("Gakunin IdP")}} +
+
+ {{_("Outside Orthros")}} +
+
+ {{_("Extra IdP")}} +
+
+ + +
+ +
+ {{_("shib_eppn")}} +
+
+ {{_("shib_role_authority_name")}} +
+
+ {{_("shib_mail")}} +
+
+ {{_("shib_user_name")}} +
+
+ + +
+ +
+ + +
+ +
+ + +
+
+
+ + +
+ +
-{%- endblock body %} + + +{%- endblock body %} \ No newline at end of file From e34d99f093afd07d49ca639980d43bb863fcdc06 Mon Sep 17 00:00:00 2001 From: ayumi-nishida Date: Wed, 26 Feb 2025 13:55:52 +0900 Subject: [PATCH 08/43] =?UTF-8?q?=E4=B8=8D=E8=A6=81=E3=81=AA=E8=A8=98?= =?UTF-8?q?=E8=BF=B0=E3=82=92=E5=89=8A=E9=99=A4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../weko_accounts/setting/shibuser.html | 38 ------------------- 1 file changed, 38 deletions(-) diff --git a/modules/weko-accounts/weko_accounts/templates/weko_accounts/setting/shibuser.html b/modules/weko-accounts/weko_accounts/templates/weko_accounts/setting/shibuser.html index 0244f766ed..4ac723719e 100644 --- a/modules/weko-accounts/weko_accounts/templates/weko_accounts/setting/shibuser.html +++ b/modules/weko-accounts/weko_accounts/templates/weko_accounts/setting/shibuser.html @@ -129,42 +129,4 @@ - {%- endblock body %} \ No newline at end of file From d0444ecafe64427d3caa29f3443dd7fed7e30d38 Mon Sep 17 00:00:00 2001 From: ayumi-nishida Date: Wed, 26 Feb 2025 14:02:33 +0900 Subject: [PATCH 09/43] =?UTF-8?q?=E3=83=80=E3=83=96=E3=83=AB=E3=82=AF?= =?UTF-8?q?=E3=82=A9=E3=83=BC=E3=83=86=E3=80=81=E3=82=B7=E3=83=B3=E3=82=B0?= =?UTF-8?q?=E3=83=AB=E3=82=AF=E3=82=A9=E3=83=BC=E3=83=86=E3=81=AE=E6=B7=B7?= =?UTF-8?q?=E5=9C=A8=E3=82=92=E6=95=B4=E7=90=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/weko-accounts/weko_accounts/config.py | 38 +++++++++---------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/modules/weko-accounts/weko_accounts/config.py b/modules/weko-accounts/weko_accounts/config.py index 0fc8322149..84ad81b029 100644 --- a/modules/weko-accounts/weko_accounts/config.py +++ b/modules/weko-accounts/weko_accounts/config.py @@ -63,11 +63,11 @@ WEKO_ACCOUNTS_SSO_ATTRIBUTE_MAP = { 'SHIB_ATTR_EPPN': (False, 'shib_eppn'), - # "SHIB_ATTR_LOGIN_ID": (False, 'shib_uid'), - # "SHIB_ATTR_HANDLE": (False, 'shib_handle'), + # 'SHIB_ATTR_LOGIN_ID': (False, 'shib_uid'), + # 'SHIB_ATTR_HANDLE': (False, 'shib_handle'), 'SHIB_ATTR_ROLE_AUTHORITY_NAME': (False, 'shib_role_authority_name'), - # "SHIB_ATTR_PAGE_NAME": (False, 'shib_page_name'), - # "SHIB_ATTR_ACTIVE_FLAG": (False, 'shib_active_flag'), + # 'SHIB_ATTR_PAGE_NAME': (False, 'shib_page_name'), + # 'SHIB_ATTR_ACTIVE_FLAG': (False, 'shib_active_flag'), 'SHIB_ATTR_SITE_USER_WITHIN_IP_RANGE_FLAG': (False, 'shib_ip_range_flag'), 'SHIB_ATTR_MAIL': (False, 'shib_mail'), 'SHIB_ATTR_USER_NAME': (False, 'shib_user_name'), @@ -113,26 +113,26 @@ """Default role.""" WEKO_ACCOUNTS_GAKUNIN_ROLE = { - "defaultRole": "Contributor", - "organizationName": [] + 'defaultRole': 'Contributor', + 'organizationName': [] } """Gakunin Default role.""" WEKO_ACCOUNTS_ORTHROS_INSIDE_ROLE = { - "defaultRole": 'Repository Administrator', - "organizationName": [] + 'defaultRole': 'Repository Administrator', + 'organizationName': [] } """Orthros (Inside) Default role.""" WEKO_ACCOUNTS_ORTHROS_OUTSIDE_ROLE = { - "defaultRole": 'Community Administrator', - "organizationName": [] + 'defaultRole': 'Community Administrator', + 'organizationName': [] } """Orthros (Outsite) Default role.""" WEKO_ACCOUNTS_EXTRA_ROLE = { - "defaultRole": 'None', # ロール無 - "organizationName": [] + 'defaultRole': 'None', # ロール無 + 'organizationName': [] } """Extra Default role.""" @@ -156,17 +156,17 @@ WEKO_ACCOUNTS_SHIB_ALLOW_USERNAME_INST_EPPN = True """Allow using SHIB_ATTR_USER_NAME instead of SHIB_ATTR_EPPN.""" -WEKO_ACCOUNTS_LOGIN_LABEL = "Log in to account" +WEKO_ACCOUNTS_LOGIN_LABEL = 'Log in to account' """The login label""" -WEKO_ACCOUNTS_REGISTER_LABEL = "Sign up for a %(sitename)s account!" +WEKO_ACCOUNTS_REGISTER_LABEL = 'Sign up for a %(sitename)s account!' """The register label""" WEKO_ACCOUNTS_REAL_IP = None # X-Real-IP > X-Forwarded-For[0] > remote_addr -# WEKO_ACCOUNTS_REAL_IP = "remote_add" # remote_addr -# WEKO_ACCOUNTS_REAL_IP = "x_real_ip" # X-Real-IP > remote_addr -# WEKO_ACCOUNTS_REAL_IP = "x_forwarded_for" # X-Forwarded-For[first] > remote_addr -# WEKO_ACCOUNTS_REAL_IP = "x_forwarded_for_rev" # X-Forwarded-For[last] > remote_addr +# WEKO_ACCOUNTS_REAL_IP = 'remote_add' # remote_addr +# WEKO_ACCOUNTS_REAL_IP = 'x_real_ip' # X-Real-IP > remote_addr +# WEKO_ACCOUNTS_REAL_IP = 'x_forwarded_for' # X-Forwarded-For[first] > remote_addr +# WEKO_ACCOUNTS_REAL_IP = 'x_forwarded_for_rev' # X-Forwarded-For[last] > remote_addr WEKO_ACCOUNTS_REST_ENDPOINTS = { 'login': { @@ -181,5 +181,5 @@ WEKO_ACCOUNTS_API_LIMIT_RATE_DEFAULT = ['100 per minute'] -WEKO_API_LIMIT_RATE_DEFAULT = ["100 per minute"] +WEKO_API_LIMIT_RATE_DEFAULT = ['100 per minute'] """Default rate limit per endpoint for one user in the WEKO API.""" From fc1649f56c3de7b904d10bd4f3f4d7294b7166d6 Mon Sep 17 00:00:00 2001 From: ayumi-nishida Date: Wed, 26 Feb 2025 15:21:06 +0900 Subject: [PATCH 10/43] =?UTF-8?q?=E8=A8=AD=E5=AE=9A=E8=A8=80=E8=AA=9E?= =?UTF-8?q?=E3=81=AE=E5=88=A4=E5=AE=9A=E6=96=B9=E6=B3=95=E3=82=92=E4=BF=AE?= =?UTF-8?q?=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../static/js/weko_accounts/shibuser.js | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/weko-accounts/weko_accounts/static/js/weko_accounts/shibuser.js b/modules/weko-accounts/weko_accounts/static/js/weko_accounts/shibuser.js index 65e3c8e107..73b4397549 100644 --- a/modules/weko-accounts/weko_accounts/static/js/weko_accounts/shibuser.js +++ b/modules/weko-accounts/weko_accounts/static/js/weko_accounts/shibuser.js @@ -1,16 +1,16 @@ +const setLanguage = $("#shib_form").data("value"); + $(document).ready(function () { // 各設定欄を生成 - const setLanguage = $("#shib_form").data("value"); - createDefaultRoleSettingArea(setLanguage); - createAttrMapSettingArea(null); - createBlockUserSettingArea(null); + createDefaultRoleSettingArea(); + createAttrMapSettingArea(); + createBlockUserSettingArea(); }); /** * 既定のロール設定欄を生成 - * @param {string} setLanguage 言語設定 ja|en */ -function createDefaultRoleSettingArea(setLanguage) { +function createDefaultRoleSettingArea() { const defaultRoleList = $("#default-role-list").data("value"); const roleElements = [ From f22c23b23e3b73123a711f39ed167e63dc338f03 Mon Sep 17 00:00:00 2001 From: ayumi-nishida Date: Wed, 26 Feb 2025 15:56:27 +0900 Subject: [PATCH 11/43] =?UTF-8?q?=E4=BF=AE=E6=AD=A3=E6=BC=8F=E3=82=8C?= =?UTF-8?q?=E3=82=92=E3=83=97=E3=83=83=E3=82=B7=E3=83=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../weko_accounts/static/js/weko_accounts/shibuser.js | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/modules/weko-accounts/weko_accounts/static/js/weko_accounts/shibuser.js b/modules/weko-accounts/weko_accounts/static/js/weko_accounts/shibuser.js index 73b4397549..12e3fcb6b4 100644 --- a/modules/weko-accounts/weko_accounts/static/js/weko_accounts/shibuser.js +++ b/modules/weko-accounts/weko_accounts/static/js/weko_accounts/shibuser.js @@ -27,8 +27,7 @@ function createDefaultRoleSettingArea() { roleElement.index, "role-lists", roleValue, - defaultRoleList, - setLanguage + defaultRoleList ) ); }); @@ -80,10 +79,9 @@ function createBlockUserSettingArea() { * @param {string} kinds リストの種類 * @param {string} value 選択中の値 * @param {Array} defaultList 選択肢作成に使用するデフォルトリスト - * @param {string} setLanguage 言語設定 ja|en * @returns */ -function createSelectList(id, kinds, value, defaultList, setLanguage = null) { +function createSelectList(id, kinds, value, defaultList) { const select = $(" -
- diff --git a/modules/weko-accounts/weko_accounts/translations/en/LC_MESSAGES/messages.mo b/modules/weko-accounts/weko_accounts/translations/en/LC_MESSAGES/messages.mo index c81557842ffe486e5a33b0fc948967251175ba97..ffad941d18fc2f0766c70dfe7000dec687fe70fa 100644 GIT binary patch delta 326 zcmXwzze)o^5Qis!)UyylG!}}P)B)ciDT8eqySvSf=qA1Rue| zA|wQ?(%a_S3mN$Mb_RYk`x^a4#p0~~F4QqxLkcG_hfqtnfEC=pKb%9O0=SKvxQjzR z!S}ep5&p%`um+`%Ya%WDvU4FHJWd&W<8bH)U*Qc7i=w(n6%Q~w%8wr50|@g&*cXxV z=)NZ+(y=z5sT*ZUl3U|PI(6nrx;7s?nDnyj)Mn1>EOt75Ok;1-+t0(#!tBepfD delta 215 zcmaFH(aTYPPl#nI0}yZku?!H$05LZZ&jDf(I03|>KztI2MS%D|5Q_ov7a*1gVs1u= zK5ZZ!1>}1GX^>fqfpjepuK{8OAYY4_fk6>Sdjn~HAe{@Of#$j~)B+jOK!M3X8f3tF wAk74%xmXw&fO^4z4M+lo!QvnRRv-pSGq3|O$TEhBccnIqG3GE$Uc!6`0PesP1^@s6 diff --git a/modules/weko-accounts/weko_accounts/translations/en/LC_MESSAGES/messages.po b/modules/weko-accounts/weko_accounts/translations/en/LC_MESSAGES/messages.po index ae76b3cb01..7609a67347 100644 --- a/modules/weko-accounts/weko_accounts/translations/en/LC_MESSAGES/messages.po +++ b/modules/weko-accounts/weko_accounts/translations/en/LC_MESSAGES/messages.po @@ -23,10 +23,14 @@ msgstr "" msgid "language" msgstr "en" -#: weko_accounts/admin.py:56 +#: weko_accounts/admin.py: msgid "Shibboleth flag was updated." msgstr "Updated Shibboleth settings" +#: weko_accounts/admin.py: +msgid "Blocked user list was updated." +msgstr "Updated User Login Block settings" + #: weko_accounts/admin.py:69 msgid "Setting" msgstr "" diff --git a/modules/weko-accounts/weko_accounts/translations/ja/LC_MESSAGES/messages.mo b/modules/weko-accounts/weko_accounts/translations/ja/LC_MESSAGES/messages.mo index b4012049633cd557d454a58984d4f90a5b34c408..c52c1e0b1b91d9d74f5e610f2ba701b49c34baa8 100644 GIT binary patch delta 873 zcmYk)O-PhM9LMo-cWbpbUn;j3T^~~~kp^L%?1h5p(8WVZQ3rGPP%bF#ZgyMtc}`&j z?a~HCge2j`G}a_SI&`XIbc={!HVL{U64F8G`B7lHf9et;9iVlGxlQ>p2uxCgmJuq`ah35uvBZmzy{iHQR6;T z&6zKJY^S4wefS4kup?3(a16K79zZR84qNdOc3=v%;C*bwDdaJ)sWi_bM)4CW(9fui zesldfWB&1Rm5#bC#_Ysvs2^|PZp>mm-ory!z&m8=4Qjz7%&rLsP#L;{2XPGd;Uu2M z=~}yj3Tz$QSl=`;yE=NY8_!@bCQ&IX;$eJ-n)o9swUwGHsMK#@4BHvx;qjW6Q5%^+ zWpWY~XaRHTnBhY^p2Hq|hYIKij^HY4f+2p=!lS4O?xL>A1H3>+9wNBo)Od!u3@ND1 zrHh8g%WyB1VY0MX)9D0XtcYga4X2yI0NK@{$ab)v%4 z?a;w0N7_a^@2=wC(DnG))Y!;qGT~*@$=hD)W;)|d45z*9cw#t{O!Sop!#$Bx!Alz~ zS$|P=Fl+sJ>rdODY=e@TL16v4Uo*2mUp=vYVfpF8a%tY?AKUzUS3fUjqHE#*U#N2Q delta 763 zcmYk)KP&@b7{~EfuhkYUs#?{dkB9@ECQ#Q}_QHEU~}2V-Vs-&iDJ^H1;r`#Q>I2 z*{R?L+1W;I_)TRh<&*1T15r4hkE|VonNBO{^piJ4&PBHx7js|dDMbS zsFYS+>p0AOALDq2DZF-lLLDH$V#;6w72v2lpF(A%h_x{W3k($DDpqg{wZJoK<1f?# zLEh45k;Hj2kw$P9Q;FEugy|~N|EBDzWU4>aH3M`Vfb(XYnlW}-KUbY-gs$4E@saS= toO|L0CH1c<9Gy-1Av&iZDO7k0U11N=bu6by4WCtRZd$gt`RISMegNQTHUt0w diff --git a/modules/weko-accounts/weko_accounts/translations/ja/LC_MESSAGES/messages.po b/modules/weko-accounts/weko_accounts/translations/ja/LC_MESSAGES/messages.po index a3afdba978..a76da678c7 100644 --- a/modules/weko-accounts/weko_accounts/translations/ja/LC_MESSAGES/messages.po +++ b/modules/weko-accounts/weko_accounts/translations/ja/LC_MESSAGES/messages.po @@ -23,10 +23,14 @@ msgstr "" msgid "language" msgstr "ja" -#: weko_accounts/admin.py:56 +#: weko_accounts/admin.py: msgid "Shibboleth flag was updated." msgstr "Shibboleth設定を更新しました" +#: weko_accounts/admin.py: +msgid "Blocked user list was updated." +msgstr "ユーザーログインブロック設定を更新しました" + #: weko_accounts/admin.py:69 msgid "Setting" msgstr "設定" diff --git a/modules/weko-accounts/weko_accounts/views.py b/modules/weko-accounts/weko_accounts/views.py index 6fc2b85f59..51ca88450a 100644 --- a/modules/weko-accounts/weko_accounts/views.py +++ b/modules/weko-accounts/weko_accounts/views.py @@ -26,6 +26,7 @@ import json import sys +import re from urllib.parse import quote_plus import redis @@ -41,6 +42,7 @@ from weko_redis.redis import RedisConnection from werkzeug.local import LocalProxy from invenio_db import db +from weko_admin.models import AdminSettings, db from .api import ShibUser from .utils import generate_random_str, parse_attributes @@ -297,6 +299,24 @@ def shib_sp_login(): flash(_("Missing SHIB_ATTRs!"), category='error') return _redirect_method() + # Check if shib_eppn is not included in the blocked user list + if AdminSettings.query.filter_by(name='blocked_user_settings').first(): + block_user_settings = AdminSettings.get('blocked_user_settings') + block_user_list = block_user_settings.__dict__.get('blocked_ePPNs', []) + shib_eppn = shib_attr.get('shib_eppn') + + # Convert wildcards to regular expressions + def _wildcard_to_regex(pattern): + regex_pattern = pattern.replace("*", ".*") + return re.compile(f"^{regex_pattern}$") + + blocked = any(_wildcard_to_regex(pattarn).match(shib_eppn) for pattarn in block_user_list) + + if blocked: + flash(_("Failed to login."), category='error') + return _redirect_method() + + # Redis connection redis_connection = RedisConnection() datastore = redis_connection.connection(db=current_app.config['CACHE_REDIS_DB'], kv = True) ttl_sec = int(current_app.config[ @@ -312,6 +332,7 @@ def shib_sp_login(): rst = shib_user.get_relation_info() next_url = 'weko_accounts.shib_auto_login' + if not rst: # Relation is not existed, cache shibboleth info to redis. next_url = 'weko_accounts.shib_login' From 0467212f2cd46959a9e3149e0b99e75c61b6ead9 Mon Sep 17 00:00:00 2001 From: ivis-kondo Date: Wed, 26 Feb 2025 17:45:57 +0900 Subject: [PATCH 14/43] add auto user provisioning test case --- modules/weko-accounts/tests/conftest.py | 2 + modules/weko-accounts/tests/test_views.py | 115 +++++++++++++++++++++- 2 files changed, 112 insertions(+), 5 deletions(-) diff --git a/modules/weko-accounts/tests/conftest.py b/modules/weko-accounts/tests/conftest.py index 5169f7a154..cac4c844d8 100644 --- a/modules/weko-accounts/tests/conftest.py +++ b/modules/weko-accounts/tests/conftest.py @@ -46,6 +46,7 @@ from weko_index_tree.models import Index from weko_records_ui import WekoRecordsUI from weko_redis.redis import RedisConnection +from weko_search_ui import WekoSearchUI from weko_user_profiles import WekoUserProfiles from weko_accounts import WekoAccounts, WekoAccountsREST @@ -95,6 +96,7 @@ def base_app(instance_path): WekoUserProfiles(app_) app_.register_blueprint(blueprint) WekoAccountsREST(app_) + WekoSearchUI(app_) return app_ diff --git a/modules/weko-accounts/tests/test_views.py b/modules/weko-accounts/tests/test_views.py index c0616b3d75..e1ee262248 100644 --- a/modules/weko-accounts/tests/test_views.py +++ b/modules/weko-accounts/tests/test_views.py @@ -9,8 +9,10 @@ from weko_accounts.views import ( _has_admin_access, init_menu, - _redirect_method + _redirect_method, + find_user_by_email ) +from weko_accounts.models import ShibbolethUser def set_session(client,data): with client.session_transaction() as session: for k, v in data.items(): @@ -214,6 +216,75 @@ def test_confirm_user(client,redis_connect,mocker): res = client.post(url,data=form) assert res.status_code == 400 +#def confirm_user_without_page(): +# .tox/c1/bin/pytest --cov=weko_accounts tests/test_views.py::test_confirm_user_without_page -vv -s --cov-branch --cov-report=term --basetemp=/code/modules/weko-workflow/.tox/c1/tmp +def test_confirm_user_without_page(client,redis_connect,mocker): + mocker.patch("weko_accounts.views.RedisConnection.connection",return_value=redis_connect) + mocker.patch("weko_accounts.views.ShibUser.shib_user_login") + url = url_for("weko_accounts.confirm_user_without_page") + + # not exist shib_session_id + set_session(client,{"shib_session_id":None}) + mock_flash = mocker.patch("weko_accounts.views.flash") + client.get(url) + mock_flash.assert_called_with("shib_session_id",category="error") + + # not exist cache_key + set_session(client,{"shib_session_id":"2222"}) + mock_flash = mocker.patch("weko_accounts.views.flash") + client.get(url) + mock_flash.assert_called_with("cache_key",category="error") + + set_session(client,{"shib_session_id":"1111"}) + # not exist cache_value + redis_connect.put("Shib-Session-1111",bytes("","utf-8")) + mock_flash = mocker.patch("weko_accounts.views.flash") + client.get(url) + mock_flash.assert_called_with("cache_val",category="error") + assert redis_connect.redis.exists("Shib-Session-1111") is False + + redis_connect.put("Shib-Session-1111",bytes('{"shib_eppn":"test_eppn"}',"utf-8")) + with patch("weko_accounts.views.ShibUser.check_weko_user",return_value=True): + # shib_user.bind_relation_info is false + with patch("weko_accounts.views.ShibUser.bind_relation_info",return_value=False): + redis_connect.put("Shib-Session-1111",bytes('{"shib_eppn":"test_eppn"}',"utf-8")) + mock_flash = mocker.patch("weko_accounts.views.flash") + client.get(url) + mock_flash.assert_called_with("FAILED bind_relation_info!",category="error") + with patch("weko_accounts.views.ShibUser.bind_relation_info",return_value=True): + # ShibUser.check_in is error + with patch("weko_accounts.views.ShibUser.check_in",return_value="test_error"): + mock_flash = mocker.patch("weko_accounts.views.flash") + client.get(url) + mock_flash.assert_called_with("test_error",category="error") + assert redis_connect.redis.exists("Shib-Session-1111") is False + with patch("weko_accounts.views.ShibUser.check_in",return_value=None): + # ShibUser.shib_user is None,not exist next in session + redis_connect.put("Shib-Session-1111",bytes('{"shib_eppn":"test_eppn"}',"utf-8")) + mock_redirect = mocker.patch("weko_accounts.views.redirect",return_value=make_response()) + client.get(url) + mock_redirect.assert_called_with("/") + assert redis_connect.redis.exists("Shib-Session-1111") is False + + # exist ShibUser.shib_user + set_session(client,{"shib_session_id":"1111","next":"/next_page"}) + redis_connect.put("Shib-Session-1111",bytes('{"shib_eppn":"test_eppn"}',"utf-8")) + + shibuser = ShibUser({}) + shibuser.shib_user = "test_user" + with patch("weko_accounts.views.ShibUser",return_value=shibuser): + mock_redirect = mocker.patch("weko_accounts.views.redirect",return_value=make_response()) + mock_flash = mocker.patch("weko_accounts.views.flash") + client.get(url) + mock_redirect.assert_called_with("/next_page") + assert redis_connect.redis.exists("Shib-Session-1111") is False + + # raise BaseException + with patch("weko_accounts.views._redirect_method",side_effect=BaseException("test_error")): + res = client.get(url) + assert res.status_code == 400 + + #def shib_login(): # .tox/c1/bin/pytest --cov=weko_accounts tests/test_views.py::test_shib_login -vv -s --cov-branch --cov-report=term --basetemp=/code/modules/weko-workflow/.tox/c1/tmp def test_shib_login(client,redis_connect,users,mocker): @@ -291,13 +362,35 @@ def test_shib_sp_login(client, redis_connect,mocker): with patch("weko_accounts.views.ShibUser.get_relation_info",return_value=None): res = client.post(url,data=form) assert res.status_code == 200 - #assert res.url == "/weko/shib/login?SHIB_ATTR_SESSION_ID=1111&_method=GET" + assert res.data.decode() == "/weko/shib/login?SHIB_ATTR_SESSION_ID=1111&next=%2F" # shib_user.get_relation_info is not None with patch("weko_accounts.views.ShibUser.get_relation_info",return_value="chib_user"): res = client.post(url,data=form) assert res.status_code == 200 - #assert res == "/weko/auto/login?SHIB_ATTR_SESSION_ID=1111&_method=GET" - + assert res.data.decode() == "/weko/auto/login?SHIB_ATTR_SESSION_ID=1111&next=%2F" + + current_app.config.update( + WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED=True, + WEKO_ACCOUNTS_SKIP_CONFIRMATION_PAGE=True + ) + # shib_user.get_relation_info is None + with patch("weko_accounts.views.ShibUser.get_relation_info",return_value=None): + with patch("weko_accounts.views.find_user_by_email",return_value="shib_user"): + res = client.post(url,data=form) + assert res.status_code == 200 + assert res.data.decode() == "/weko/confim/user/skip?SHIB_ATTR_SESSION_ID=1111&next=%2F" + + with patch("weko_accounts.views.find_user_by_email",return_value=None): + res = client.post(url,data=form) + assert res.status_code == 200 + assert res.data.decode() == "/weko/auto/login?SHIB_ATTR_SESSION_ID=1111&next=%2F" + + # shib_user.get_relation_info is not None + with patch("weko_accounts.views.ShibUser.get_relation_info",return_value="shib_user"): + res = client.post(url,data=form) + assert res.status_code == 200 + assert res.data.decode() == "/weko/auto/login?SHIB_ATTR_SESSION_ID=1111&next=%2F" + # raise BaseException with patch("weko_accounts.views.flash",side_effect=BaseException("test_error")): mock_redirect_ = mocker.patch("weko_accounts.views._redirect_method",return_value=make_response()) @@ -333,4 +426,16 @@ def test_shib_stub_login(client,mocker): def test_shib_logout(client, mocker): mocker.patch("weko_accounts.views.ShibUser.shib_user_logout") res = client.get(url_for("weko_accounts.shib_logout")) - assert res.data == bytes("logout success","utf-8") \ No newline at end of file + assert res.data == bytes("logout success","utf-8") + +# def find_user_by_email(shib_attributes): +# .tox/c1/bin/pytest --cov=weko_accounts tests/test_views.py::test_find_user_by_email -vv -s --cov-branch --cov-report=term --cov-report=html --basetemp=/code/modules/weko-workflow/.tox/c1/tmp +def test_find_user_by_email(app, users): + + with app.test_request_context(): + user = find_user_by_email({"shib_mail": users[0].get("email")}) + assert user.email == users[0].get("email") + assert user.id == users[0].get("id") + + user = find_user_by_email({"shib_mail": "invalid.email@nii.ac.jp"}) + assert user is None \ No newline at end of file From 82f943006a6628529af5d7f3050339df8160cfa4 Mon Sep 17 00:00:00 2001 From: ayumi-nishida Date: Thu, 27 Feb 2025 10:21:01 +0900 Subject: [PATCH 15/43] =?UTF-8?q?=E7=99=BB=E9=8C=B2=E6=B8=88=E3=81=BF?= =?UTF-8?q?=E3=83=A6=E3=83=BC=E3=82=B6=E3=83=BC=E3=82=92=E3=83=AD=E3=82=B0?= =?UTF-8?q?=E3=82=A4=E3=83=B3=E3=83=96=E3=83=AD=E3=83=83=E3=82=AF=E8=BF=BD?= =?UTF-8?q?=E5=8A=A0=E6=99=82=E3=81=AE=E5=87=A6=E7=90=86=E8=BF=BD=E5=8A=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/weko-accounts/weko_accounts/admin.py | 6 ++- .../static/js/weko_accounts/shibuser.js | 37 +++++++++++++++++++ .../weko_accounts/setting/shibuser.html | 2 +- 3 files changed, 43 insertions(+), 2 deletions(-) diff --git a/modules/weko-accounts/weko_accounts/admin.py b/modules/weko-accounts/weko_accounts/admin.py index 5f3bf66844..ef342c1f39 100644 --- a/modules/weko-accounts/weko_accounts/admin.py +++ b/modules/weko-accounts/weko_accounts/admin.py @@ -29,6 +29,7 @@ from werkzeug.local import LocalProxy from weko_admin.models import AdminSettings, db +from weko_accounts.models import ShibbolethUser, db _app = LocalProxy(lambda: current_app.extensions['weko-admin'].app) @@ -57,6 +58,9 @@ def index(self): block_user_settings = AdminSettings.get('blocked_user_settings') block_user_list = block_user_settings.__dict__['blocked_ePPNs'] + shib_eppns = db.session.query(ShibbolethUser.shib_eppn).all() + enable_login_user_list = [shib_eppn[0] for shib_eppn in shib_eppns] + # デフォルトロール roles = { 'gakunin_role': current_app.config.get('WEKO_ACCOUNTS_GAKUNIN_ROLE', {}).get('defaultRole', '0'), @@ -97,7 +101,7 @@ def index(self): return self.render( current_app.config['WEKO_ACCOUNTS_SET_SHIB_TEMPLATE'], - shib_flg=shib_flg, set_language=set_language, role_list=role_list, attr_list=attr_list, block_user_list=block_user_list, **roles, **attributes ) + shib_flg=shib_flg, set_language=set_language, role_list=role_list, attr_list=attr_list, block_user_list=block_user_list, enable_login_user_list=enable_login_user_list, **roles, **attributes ) except BaseException: current_app.logger.error( 'Unexpected error: {}'.format(sys.exc_info())) diff --git a/modules/weko-accounts/weko_accounts/static/js/weko_accounts/shibuser.js b/modules/weko-accounts/weko_accounts/static/js/weko_accounts/shibuser.js index 8de5b5444e..170efa96ed 100644 --- a/modules/weko-accounts/weko_accounts/static/js/weko_accounts/shibuser.js +++ b/modules/weko-accounts/weko_accounts/static/js/weko_accounts/shibuser.js @@ -129,6 +129,17 @@ function updateBlockUserList() { function addBlockUser() { const select = $("#block-user-lists"); const newBlockePPN = $("#block_eppn").val(); + const enableLoginUserValue = $("#block-user-setting").data("value"); + const enableLoginUserList = + enableLoginUserValue === "[]" + ? [] + : (() => { + try { + return JSON.parse(enableLoginUserValue.replace(/'/g, '"')); + } catch (e) { + return []; + } + })(); if (newBlockePPN) { const optionValues = select @@ -143,7 +154,33 @@ function addBlockUser() { : "This ePPN is already registered."; alert(message); return; + } else if (enableLoginUserList.length > 0) { + if (newBlockePPN.includes("*")) { + const regex = new RegExp("^" + newBlockePPN.replace("*", ".*") + "$"); + const isMatch = enableLoginUserList.some((eppn) => regex.test(eppn)); + if (isMatch) { + const matches = enableLoginUserList.filter((eppn) => + regex.test(eppn) + ); + const message = + setLanguage === "ja" + ? "以下の登録済みユーザーのログインをブロックします\nユーザーのePPN:" + + matches + : "Block login for the following registered users\nUser's ePPN:" + + matches; + alert(message); + } + } else if (enableLoginUserList.includes(newBlockePPN)) { + const message = + setLanguage === "ja" + ? "以下の登録済みユーザーのログインをブロックします\nユーザーのePPN:" + + newBlockePPN + : "Block login for the following registered users\nUser's ePPN:" + + newBlockePPN; + alert(message); + } } + const option = $("
-
+
From d8446736330c523b56543d01d57e14d71bace10b Mon Sep 17 00:00:00 2001 From: ayumi-nishida Date: Thu, 27 Feb 2025 13:54:55 +0900 Subject: [PATCH 16/43] =?UTF-8?q?=E3=83=AD=E3=82=B0=E3=82=A4=E3=83=B3?= =?UTF-8?q?=E6=99=82=E3=81=AEePPN=E5=88=A4=E5=AE=9A=E3=82=92=E4=BF=AE?= =?UTF-8?q?=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/weko-accounts/weko_accounts/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/weko-accounts/weko_accounts/views.py b/modules/weko-accounts/weko_accounts/views.py index 51ca88450a..92ceec6e8d 100644 --- a/modules/weko-accounts/weko_accounts/views.py +++ b/modules/weko-accounts/weko_accounts/views.py @@ -310,7 +310,7 @@ def _wildcard_to_regex(pattern): regex_pattern = pattern.replace("*", ".*") return re.compile(f"^{regex_pattern}$") - blocked = any(_wildcard_to_regex(pattarn).match(shib_eppn) for pattarn in block_user_list) + blocked = any(_wildcard_to_regex(pattern).match(shib_eppn) or pattern == shib_eppn for pattern in block_user_list) if blocked: flash(_("Failed to login."), category='error') From c1ec10cb7b9c51dffb2c94457e0ac9e8f76f1b2a Mon Sep 17 00:00:00 2001 From: ayumi-nishida Date: Fri, 28 Feb 2025 16:18:48 +0900 Subject: [PATCH 17/43] =?UTF-8?q?=E7=AE=A1=E7=90=86=E7=94=BB=E9=9D=A2?= =?UTF-8?q?=E3=81=AE=E3=83=87=E3=83=95=E3=82=A9=E3=83=AB=E3=83=88=E3=83=AD?= =?UTF-8?q?=E3=83=BC=E3=83=AB=E8=BF=BD=E5=8A=A0=E6=A9=9F=E8=83=BD=E3=82=92?= =?UTF-8?q?=E8=BF=BD=E5=8A=A0=EF=BC=8F=E8=A8=AD=E5=AE=9A=E3=83=95=E3=82=A1?= =?UTF-8?q?=E3=82=A4=E3=83=AB=E3=81=AE=E5=80=A4=E3=81=8C=E5=AE=89=E5=AE=9A?= =?UTF-8?q?=E3=81=97=E3=81=AA=E3=81=84=E4=B8=8D=E5=85=B7=E5=90=88=E6=AE=8B?= =?UTF-8?q?=E3=82=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/weko-accounts/weko_accounts/admin.py | 12 +++++++++--- .../weko_accounts/setting/shibuser.html | 2 +- .../translations/en/LC_MESSAGES/messages.mo | Bin 1037 -> 1121 bytes .../translations/en/LC_MESSAGES/messages.po | 14 +++++++++++++- .../translations/ja/LC_MESSAGES/messages.mo | Bin 2923 -> 3239 bytes .../translations/ja/LC_MESSAGES/messages.po | 14 +++++++++++++- 6 files changed, 36 insertions(+), 6 deletions(-) diff --git a/modules/weko-accounts/weko_accounts/admin.py b/modules/weko-accounts/weko_accounts/admin.py index e5ec1ecd77..94bf7d1211 100644 --- a/modules/weko-accounts/weko_accounts/admin.py +++ b/modules/weko-accounts/weko_accounts/admin.py @@ -32,7 +32,6 @@ _app = LocalProxy(lambda: current_app.extensions['weko-admin'].app) - class ShibSettingView(BaseView): """ShibSettingView.""" @@ -60,7 +59,7 @@ def index(self): # デフォルトロール roles = { 'gakunin_role': current_app.config.get('WEKO_ACCOUNTS_GAKUNIN_ROLE', {}).get('defaultRole', '0'), - 'orthros_role': current_app.config.get('WEKO_ACCOUNTS_ORTHROS_OUTSIDE_ROLE', {}).get('defaultRole', '0'), + 'orthros_outside_role': current_app.config.get('WEKO_ACCOUNTS_ORTHROS_OUTSIDE_ROLE', {}).get('defaultRole', '0'), 'extra_role': current_app.config.get('WEKO_ACCOUNTS_EXTRA_ROLE', {}).get('defaultRole', '0') } @@ -76,13 +75,20 @@ def index(self): # Process forms form = request.form.get('submit', None) new_shib_flg = request.form.get('shibbolethRadios', '0') + new_roles = {key: request.form.get(f'role-lists{i}', '0') for i, key in enumerate(roles)} if form == 'shib_form': if shib_flg != new_shib_flg: shib_flg = new_shib_flg _app.config['WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED'] = (shib_flg == '1') flash(_('Shibboleth flag was updated.'), category='success') - + + for key in roles: + if roles[key] != new_roles[key]: + roles[key] = new_roles[key] + _app.config[f'WEKO_ACCOUNTS_{key.upper()}']['defaultRole'] = new_roles[key] + flash(_(f'{key.replace("_", " ").title()} was updated.'), category='success') + return self.render( current_app.config['WEKO_ACCOUNTS_SET_SHIB_TEMPLATE'], shib_flg=shib_flg, set_language=set_language, role_list=role_list, attr_list=attr_list, block_user_list=block_user_list, **roles, **attributes ) diff --git a/modules/weko-accounts/weko_accounts/templates/weko_accounts/setting/shibuser.html b/modules/weko-accounts/weko_accounts/templates/weko_accounts/setting/shibuser.html index 4ac723719e..af1d86ad32 100644 --- a/modules/weko-accounts/weko_accounts/templates/weko_accounts/setting/shibuser.html +++ b/modules/weko-accounts/weko_accounts/templates/weko_accounts/setting/shibuser.html @@ -75,7 +75,7 @@
{{_("Gakunin IdP")}}
-
+
{{_("Outside Orthros")}}
diff --git a/modules/weko-accounts/weko_accounts/translations/en/LC_MESSAGES/messages.mo b/modules/weko-accounts/weko_accounts/translations/en/LC_MESSAGES/messages.mo index c81557842ffe486e5a33b0fc948967251175ba97..1e5a399673c8d03dd6f60b5a44a81965ca9b1830 100644 GIT binary patch delta 299 zcmeC>c*s$IPl#nI0}yZmu?!HW05LBRuK{8ZcmTwrK>QGhMS%D_5Q_mZ4KztI2MS%D|5Q_ov7a*1gVs1u= zK5ZZ!1>}1GX^>fqfpjepuK{8OAYY4_fk6>Sdjn~HAe{@Of#$j~)B+jOK!M3X8f3tF wAk74%xmXw&fO^4z4M+lo!QvnRRv-pSGq3|O$TEhBchfefGG;JMe$HG40PtoMlK=n! diff --git a/modules/weko-accounts/weko_accounts/translations/en/LC_MESSAGES/messages.po b/modules/weko-accounts/weko_accounts/translations/en/LC_MESSAGES/messages.po index ae76b3cb01..95399f9ad9 100644 --- a/modules/weko-accounts/weko_accounts/translations/en/LC_MESSAGES/messages.po +++ b/modules/weko-accounts/weko_accounts/translations/en/LC_MESSAGES/messages.po @@ -23,10 +23,22 @@ msgstr "" msgid "language" msgstr "en" -#: weko_accounts/admin.py:56 +#: weko_accounts/admin.py: msgid "Shibboleth flag was updated." msgstr "Updated Shibboleth settings" +#: weko_accounts/admin.py: +msgid "Gakunin Role was updated." +msgstr "" + +#: weko_accounts/admin.py: +msgid "Orthros Outside Role was updated." +msgstr "Orthros Role was updated." + +#: weko_accounts/admin.py: +msgid "Extra Role was updated." +msgstr "" + #: weko_accounts/admin.py:69 msgid "Setting" msgstr "" diff --git a/modules/weko-accounts/weko_accounts/translations/ja/LC_MESSAGES/messages.mo b/modules/weko-accounts/weko_accounts/translations/ja/LC_MESSAGES/messages.mo index b4012049633cd557d454a58984d4f90a5b34c408..ea7611af15bd499c01e211dd9d2226b4e56dad09 100644 GIT binary patch delta 1093 zcma*lOKeP09LMovW|(PFTG|?qx_u?mq(c`((h#BzT@eeZN-7gGqKqk>87wfF&Y~-t zbfTg{tvoYBG7<}obRkXbSam@xT&*U=f)EP{-{0-^NLcirIrBN^-g{pEbKY0o3Z`FI z_%0cuk+Pc7HqV%i81wK)Z1Wnk9Jga7?!$77;Zi)0r8tQCZUh(MeYZV^CA42)HNHgk z`#fvf_?aH9M!*pbJPMhqx!d_ zuF(P9MTWW&oY2wLGrx0|np7Y1-pPbID;U?TacZ+?tX*<%oO9L!bYHZ?T8e@V8BXJO zXfcYF6djF4A^U&Djz4vsjc(?z(Ag?<1lqOkf_6#PopkC_DavwRJlCt+&m{Z8*52M& z)H)qbSg8|{a55SR<%YcLgFC~=Qt_Vnf8LIJi&kIqNMCQl+MP-!dLq$(KPsN|g}oax z*X&H;?c-q!>}=l7j@j9JGq>|og%P`dX!`2I>EQ=<=CYl6;{1>1p8LC7rt&vu?q2AK U?3r_~=D^2wbN#sJFNt`50y}NLE&u=k delta 802 zcmY+?y)Q#i7{~F$E!tA`Ql;KnltHvMiIk)aNGxIzO~uf`Ow`&$gjg7E3`~f`#GtWC zECw5YfR#if5{ZzI`2Ma-IC1Xh9KAiyd7h`ok;ic1uFkV#7@f>kW?zXh{Ww(0gYkwT ze8&c?wv4I8IM(0*`f(if-ZWO>g1cWvANx(z`?l*5RvJ?<=PZ(ZaEW#JjQWD*F{T^? zsDL31V-H4g7!`01gSdqJnN=P-X9Fv64|TyqRDvh&|F1Dad~?epzz2!4?-x^8&wdQO zm_b!1hbvTP9To7C+v&gnQB;{;Y{4`(Vb(Q|y3iKt{R4M@fpOxS8x{$CMP(i*YA+^H z2hO5Ons;5rcJ|xYh^H9CE7yBe0$vVN1zS-U>~i;msEVYq(9L3!g>JZrIb1^>@PG>Z zfjYp)xAe1!;sllGL~ssMi->EgnQGJDq3Wq+>Ob8z%}gagz6Gaetep|zsf;?9>a7Mp zlHWn){|%M-XXt{;Ru$vEPK#ow3o98V(#BMxPTSCo*rV32{bD8Ul;^A%EStCNeQ(xI L`ksn2{;AS0y`MUB diff --git a/modules/weko-accounts/weko_accounts/translations/ja/LC_MESSAGES/messages.po b/modules/weko-accounts/weko_accounts/translations/ja/LC_MESSAGES/messages.po index a3afdba978..2f81a45f13 100644 --- a/modules/weko-accounts/weko_accounts/translations/ja/LC_MESSAGES/messages.po +++ b/modules/weko-accounts/weko_accounts/translations/ja/LC_MESSAGES/messages.po @@ -23,10 +23,22 @@ msgstr "" msgid "language" msgstr "ja" -#: weko_accounts/admin.py:56 +#: weko_accounts/admin.py: msgid "Shibboleth flag was updated." msgstr "Shibboleth設定を更新しました" +#: weko_accounts/admin.py: +msgid "Gakunin Role was updated." +msgstr "学認IdP のロール設定を更新しました" + +#: weko_accounts/admin.py: +msgid "Orthros Outside Role was updated." +msgstr "機関外のOrthros のロール設定を更新しました" + +#: weko_accounts/admin.py: +msgid "Extra Role was updated." +msgstr "その他 のロール設定を更新しました" + #: weko_accounts/admin.py:69 msgid "Setting" msgstr "設定" From c0df8748cb9c56d23657740d5525d477ab4e17ab Mon Sep 17 00:00:00 2001 From: ayumi-nishida Date: Fri, 28 Feb 2025 17:01:51 +0900 Subject: [PATCH 18/43] =?UTF-8?q?=E5=B1=9E=E6=80=A7=E3=83=9E=E3=83=83?= =?UTF-8?q?=E3=83=94=E3=83=B3=E3=82=B0=E5=A4=89=E6=9B=B4=E6=A9=9F=E8=83=BD?= =?UTF-8?q?=E3=82=92=E8=BF=BD=E5=8A=A0=EF=BC=8F=E8=A8=AD=E5=AE=9A=E3=83=95?= =?UTF-8?q?=E3=82=A1=E3=82=A4=E3=83=AB=E3=81=AE=E5=80=A4=E3=81=8C=E5=AE=89?= =?UTF-8?q?=E5=AE=9A=E3=81=97=E3=81=AA=E3=81=84=E4=B8=8D=E5=85=B7=E5=90=88?= =?UTF-8?q?=E6=AE=8B=E3=82=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/weko-accounts/weko_accounts/admin.py | 15 +++++++++++---- .../weko_accounts/setting/shibuser.html | 8 ++++---- .../translations/en/LC_MESSAGES/messages.mo | Bin 1037 -> 1485 bytes .../translations/en/LC_MESSAGES/messages.po | 18 +++++++++++++++++- .../translations/ja/LC_MESSAGES/messages.mo | Bin 2923 -> 3455 bytes .../translations/ja/LC_MESSAGES/messages.po | 18 +++++++++++++++++- 6 files changed, 49 insertions(+), 10 deletions(-) diff --git a/modules/weko-accounts/weko_accounts/admin.py b/modules/weko-accounts/weko_accounts/admin.py index e5ec1ecd77..6dbada1871 100644 --- a/modules/weko-accounts/weko_accounts/admin.py +++ b/modules/weko-accounts/weko_accounts/admin.py @@ -66,22 +66,29 @@ def index(self): # 属性マッピング attributes = { - 'weko_eppn_value': current_app.config.get('WEKO_ACCOUNTS_ATTRIBUTE_MAP', {}).get('shib_eppn', '0'), - 'weko_role_authority_name_value': current_app.config.get('WEKO_ACCOUNTS_ATTRIBUTE_MAP', {}).get('shib_role_authority_name', '0'), - 'weko_mail_value': current_app.config.get('WEKO_ACCOUNTS_ATTRIBUTE_MAP', {}).get('shib_mail', '0'), - 'weko_user_name_value': current_app.config.get('WEKO_ACCOUNTS_ATTRIBUTE_MAP', {}).get('shib_user_name', '0') + 'shib_eppn_value': current_app.config.get('WEKO_ACCOUNTS_ATTRIBUTE_MAP', {}).get('shib_eppn', '0'), + 'shib_role_authority_name_value': current_app.config.get('WEKO_ACCOUNTS_ATTRIBUTE_MAP', {}).get('shib_role_authority_name', '0'), + 'shib_mail_value': current_app.config.get('WEKO_ACCOUNTS_ATTRIBUTE_MAP', {}).get('shib_mail', '0'), + 'shib_user_name_value': current_app.config.get('WEKO_ACCOUNTS_ATTRIBUTE_MAP', {}).get('shib_user_name', '0') } if request.method == 'POST': # Process forms form = request.form.get('submit', None) new_shib_flg = request.form.get('shibbolethRadios', '0') + new_attributes = {key: request.form.get(f'attr-lists{i}', '0') for i, key in enumerate(attributes)} if form == 'shib_form': if shib_flg != new_shib_flg: shib_flg = new_shib_flg _app.config['WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED'] = (shib_flg == '1') flash(_('Shibboleth flag was updated.'), category='success') + + for key in attributes: + if attributes[key] != new_attributes[key]: + attributes[key] = new_attributes[key] + current_app.config['WEKO_ACCOUNTS_ATTRIBUTE_MAP'][key.replace('_value', '')] = new_attributes[key] + flash(_(f'{key.replace("_", " ").title()} mapping was updated.'), category='success') return self.render( current_app.config['WEKO_ACCOUNTS_SET_SHIB_TEMPLATE'], diff --git a/modules/weko-accounts/weko_accounts/templates/weko_accounts/setting/shibuser.html b/modules/weko-accounts/weko_accounts/templates/weko_accounts/setting/shibuser.html index 4ac723719e..3e6f6a550a 100644 --- a/modules/weko-accounts/weko_accounts/templates/weko_accounts/setting/shibuser.html +++ b/modules/weko-accounts/weko_accounts/templates/weko_accounts/setting/shibuser.html @@ -86,16 +86,16 @@
-
+
{{_("shib_eppn")}}
-
+
{{_("shib_role_authority_name")}}
-
+
{{_("shib_mail")}}
-
+
{{_("shib_user_name")}}
diff --git a/modules/weko-accounts/weko_accounts/translations/en/LC_MESSAGES/messages.mo b/modules/weko-accounts/weko_accounts/translations/en/LC_MESSAGES/messages.mo index c81557842ffe486e5a33b0fc948967251175ba97..dfecd605da2d72fded9e7ed0eac4ac98e11b4e01 100644 GIT binary patch delta 658 zcma*jze>YU6vy$CwraJ4DC(l%6}uQg2M2M}K@j{iSafi^wZR0EG_(mKS~560Xz>YL z9NgRmSD|kp?!JZJOEZeeg&&{XaL&Caxvvgt>Gw?KNm!F)k=&AL@{m1gnFWq&R%>V!Z delta 212 zcmX@h-OEvbPl#nI0}yZku?!H$05LZZ&jDf(I03|>KztI2MS%D|5Q_ov7a*1gVs1u= zK5ZZ!1>}1GX^>fqfpjepuK{8OAYY4_fk6>Sdjn~HAe{@Of#y0f)B+jOK!M3X8f3tF uAk74%xmXw&fO^4z4M+lo!QvnRRv-pSGq3|O$7D&yyv_PdDNK`tS*rl3dJ_5o diff --git a/modules/weko-accounts/weko_accounts/translations/en/LC_MESSAGES/messages.po b/modules/weko-accounts/weko_accounts/translations/en/LC_MESSAGES/messages.po index ae76b3cb01..833781e06c 100644 --- a/modules/weko-accounts/weko_accounts/translations/en/LC_MESSAGES/messages.po +++ b/modules/weko-accounts/weko_accounts/translations/en/LC_MESSAGES/messages.po @@ -23,10 +23,26 @@ msgstr "" msgid "language" msgstr "en" -#: weko_accounts/admin.py:56 +#: weko_accounts/admin.py: msgid "Shibboleth flag was updated." msgstr "Updated Shibboleth settings" +#: weko_accounts/admin.py: +msgid "Shib Eppn Value mapping was updated." +msgstr "Shibboleth Eppn Value mapping was updated." + +#: weko_accounts/admin.py: +msgid "Shib Role Authority Name Value mapping was updated." +msgstr "Shibboleth Role Authority Name Value mapping was updated." + +#: weko_accounts/admin.py: +msgid "Shib Mail Value mapping was updated." +msgstr "Shibboleth Mail Value mapping was updated." + +#: weko_accounts/admin.py: +msgid "Shib User Name Value mapping was updated." +msgstr "Shibboleth User Name Value mapping was updated." + #: weko_accounts/admin.py:69 msgid "Setting" msgstr "" diff --git a/modules/weko-accounts/weko_accounts/translations/ja/LC_MESSAGES/messages.mo b/modules/weko-accounts/weko_accounts/translations/ja/LC_MESSAGES/messages.mo index b4012049633cd557d454a58984d4f90a5b34c408..cb1d020338569dcc3fd8fb92b03b64a9f17e1516 100644 GIT binary patch delta 1314 zcma*lUr19?9KiA8TBYUEELWQ5EtinsUZfy;$iTvfvcCpdFm8Iw!8XUX+aHjwI*NKR zsH`Y(td}BCjOCkHPd!L4_1HrZ7gyke)I$$p)c3dU#D`=%?A*^e?EL%v&YAcAskJ^; zxknYHiCRZJQliuz9B}cW9ABl>W;}t_co8?^09N7%uEP|{xEENCubuuoETjJgW&FJ3 zBCc1;QXaQbe*UPzD(pa+a1Pg?fwEx;y?7lPa1>?3DXhR*oN zTB%n0?YNu$)m0i2!BdnBjH67P#cuq79&F(>GHyR^!oygK-MABb@G{xEiE^OdEF$Z9 z7$li%#%r2wCmunWkaqerC?|i9E%*~9Gd@1e=to)bEK15v$6?$~{|;`! z3Doed<5!dbN{Pneu&R!RoUjq4zYh;!o8usM(tm^PSi!~7RHtzl22cXHfj#&LWrIbO zgH`g8_3KfdRV#LoslDaoA9F?SQlgdA$suH5EwzR!i%F49B{C@*Rno{i%55%>tC1>i zL$WAWLZFJIR`MWYezj2D%`3-RzTB*$0#M&_jD@CihLLBIbt)bEWxKF$=^pRuQCjB8&Kz?XGmg_v9*kEE;~PdW z=rX1Y)7Xg<*oO0{_X^mKtM+~qeeCy8@7HXP(Qiz}T(HRT!4-z^8TAF1+n5#%paO<5 zildmo8C1X(?7$7=&s2HnoLy|iI_iQARDx&r|8KBJd~?Slzz12+_lr~5&3+EOSVUE) zgj-Z+2Nm#x+v&gnQB;`>_G2DRgpYaMp!Je&<)qIgxjbC9#MhcQ3v?= zmVOoqT%Zyu1nV%hh`1)mRGa<|RZlHb|LLxYF_i%MR;-?}wniUMWi-T8Z#DRl{0=Jr xZ>Y>aLl;!Gsu=gRT9iaxSji}n0j3hQ+J Date: Tue, 4 Mar 2025 17:39:17 +0900 Subject: [PATCH 19/43] =?UTF-8?q?=E3=83=87=E3=83=95=E3=82=A9=E3=83=AB?= =?UTF-8?q?=E3=83=88=E3=83=AD=E3=83=BC=E3=83=AB=E3=82=92=E3=83=87=E3=83=BC?= =?UTF-8?q?=E3=82=BF=E3=83=99=E3=83=BC=E3=82=B9=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/weko-accounts/weko_accounts/admin.py | 41 ++++++++++--------- modules/weko-accounts/weko_accounts/config.py | 2 +- modules/weko-accounts/weko_accounts/ext.py | 40 ++++++++++++++++++ scripts/populate-instance.sh | 8 ++++ 4 files changed, 71 insertions(+), 20 deletions(-) diff --git a/modules/weko-accounts/weko_accounts/admin.py b/modules/weko-accounts/weko_accounts/admin.py index 94bf7d1211..0fd434b806 100644 --- a/modules/weko-accounts/weko_accounts/admin.py +++ b/modules/weko-accounts/weko_accounts/admin.py @@ -39,28 +39,17 @@ class ShibSettingView(BaseView): def index(self): """Index.""" try: - shib_flg = '0' if not current_app.config['WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED'] else '1' + shib_flg = '0' if not AdminSettings.get('shib_login_enable').__dict__['shib_flg'] else '1' role_list = current_app.config['WEKO_ACCOUNTS_ROLE_LIST'] attr_list = current_app.config['WEKO_ACCOUNTS_ATTRIBUTE_LIST'] set_language = _('language') - # 'blocked_user_settings' が存在しない場合、新しいレコードを追加 - if AdminSettings.query.filter_by(name='blocked_user_settings').first() is None: - new_setting = AdminSettings( - id=6, - name="blocked_user_settings", - settings={"blocked_ePPNs": []} - ) - db.session.add(new_setting) - db.session.commit() - block_user_settings = AdminSettings.get('blocked_user_settings') - block_user_list = block_user_settings.__dict__['blocked_ePPNs'] - # デフォルトロール + default_roles = AdminSettings.get('default_role_settings') roles = { - 'gakunin_role': current_app.config.get('WEKO_ACCOUNTS_GAKUNIN_ROLE', {}).get('defaultRole', '0'), - 'orthros_outside_role': current_app.config.get('WEKO_ACCOUNTS_ORTHROS_OUTSIDE_ROLE', {}).get('defaultRole', '0'), - 'extra_role': current_app.config.get('WEKO_ACCOUNTS_EXTRA_ROLE', {}).get('defaultRole', '0') + 'gakunin_role': default_roles.__dict__['gakunin_role'], + 'orthros_outside_role': default_roles.__dict__['orthros_outside_role'], + 'extra_role': default_roles.__dict__['extra_role'] } # 属性マッピング @@ -71,6 +60,11 @@ def index(self): 'weko_user_name_value': current_app.config.get('WEKO_ACCOUNTS_ATTRIBUTE_MAP', {}).get('shib_user_name', '0') } + # ブロックユーザー + block_user_settings = AdminSettings.get('blocked_user_settings') + block_user_list = block_user_settings.__dict__['blocked_ePPNs'] + + if request.method == 'POST': # Process forms form = request.form.get('submit', None) @@ -80,23 +74,32 @@ def index(self): if form == 'shib_form': if shib_flg != new_shib_flg: shib_flg = new_shib_flg - _app.config['WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED'] = (shib_flg == '1') + AdminSettings.update('shib_login_enable', {"shib_flg": (shib_flg == '1')}) + flash(_('Shibboleth flag was updated.'), category='success') for key in roles: if roles[key] != new_roles[key]: roles[key] = new_roles[key] - _app.config[f'WEKO_ACCOUNTS_{key.upper()}']['defaultRole'] = new_roles[key] flash(_(f'{key.replace("_", " ").title()} was updated.'), category='success') + AdminSettings.update('default_role_settings', roles) + + self.get_latest_current_app() return self.render( current_app.config['WEKO_ACCOUNTS_SET_SHIB_TEMPLATE'], shib_flg=shib_flg, set_language=set_language, role_list=role_list, attr_list=attr_list, block_user_list=block_user_list, **roles, **attributes ) + except BaseException: current_app.logger.error( 'Unexpected error: {}'.format(sys.exc_info())) return abort(400) - + + def get_latest_current_app(self): + _app.config['WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED'] = AdminSettings.get('shib_login_enable').__dict__['shib_flg'] + _app.config['WEKO_ACCOUNTS_GAKUNIN_ROLE']['defaultRole'] = AdminSettings.get('default_role_settings').__dict__['gakunin_role'] + _app.config['WEKO_ACCOUNTS_ORTHROS_OUTSIDE_ROLE']['defaultRole'] = AdminSettings.get('default_role_settings').__dict__['orthros_outside_role'] + _app.config['WEKO_ACCOUNTS_EXTRA_ROLE']['defaultRole'] = AdminSettings.get('default_role_settings').__dict__['extra_role'] shib_adminview = { 'view_class': ShibSettingView, diff --git a/modules/weko-accounts/weko_accounts/config.py b/modules/weko-accounts/weko_accounts/config.py index 84ad81b029..d6012aa19f 100644 --- a/modules/weko-accounts/weko_accounts/config.py +++ b/modules/weko-accounts/weko_accounts/config.py @@ -128,7 +128,7 @@ 'defaultRole': 'Community Administrator', 'organizationName': [] } -"""Orthros (Outsite) Default role.""" +"""Orthros (Outside) Default role.""" WEKO_ACCOUNTS_EXTRA_ROLE = { 'defaultRole': 'None', # ロール無 diff --git a/modules/weko-accounts/weko_accounts/ext.py b/modules/weko-accounts/weko_accounts/ext.py index 088ae11ae6..72e36aae6f 100644 --- a/modules/weko-accounts/weko_accounts/ext.py +++ b/modules/weko-accounts/weko_accounts/ext.py @@ -22,6 +22,7 @@ from flask_babelex import gettext as _ from flask_login import user_logged_in, user_logged_out +from weko_admin.models import AdminSettings, db from . import config @@ -63,6 +64,9 @@ def init_config(self, app): :param app: The flask application. """ + # Create Shibboleth Admin database table + self.create_shib_admin_data_base_table(app) + # Use theme's base template if theme is installed if 'BASE_TEMPLATE' in app.config: app.config.setdefault( @@ -117,6 +121,42 @@ def init_limiter(self, app): from .utils import limiter limiter.init_app(app) + def create_shib_admin_data_base_table(self, app): + """ + Create Shibboleth Admin database table. + + :param app: The flask application. + """ + with app.app_context(): + if AdminSettings.query.filter_by(name='blocked_user_settings').first() is None: + new_setting = AdminSettings( + id=6, + name="blocked_user_settings", + settings={"blocked_ePPNs": []} + ) + db.session.add(new_setting) + db.session.commit() + + if AdminSettings.query.filter_by(name='shib_login_enable').first() is None: + new_setting = AdminSettings( + id=7, + name="shib_login_enable", + settings={"shib_flg": app.config['WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED']} + ) + db.session.add(new_setting) + db.session.commit() + + if AdminSettings.query.filter_by(name='default_role_settings').first() is None: + new_setting = AdminSettings( + id=8, + name="default_role_settings", + settings={ + "gakunin_role": app.config['WEKO_ACCOUNTS_GAKUNIN_ROLE']['defaultRole'], + "orthros_outside_role": app.config['WEKO_ACCOUNTS_ORTHROS_OUTSIDE_ROLE']['defaultRole'], + "extra_role": app.config['WEKO_ACCOUNTS_EXTRA_ROLE']['defaultRole']} + ) + db.session.add(new_setting) + db.session.commit() class WekoAccountsREST(object): """Weko accounts Rest Obj.""" diff --git a/scripts/populate-instance.sh b/scripts/populate-instance.sh index a1ebafd7d5..917f9a775d 100755 --- a/scripts/populate-instance.sh +++ b/scripts/populate-instance.sh @@ -439,6 +439,14 @@ ${INVENIO_WEB_INSTANCE} admin_settings create_settings \ ${INVENIO_WEB_INSTANCE} admin_settings create_settings \ 6 "blocked_user_settings" \ "{'blocked_ePPNs': []}" +${INVENIO_WEB_INSTANCE} admin_settings create_settings \ + 7 "shib_login_enable" \ + "{'shib_flg': current_app.config['WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED']}" +${INVENIO_WEB_INSTANCE} admin_settings create_settings \ + 8 "default_role_settings" \ + "{'gakunin_role': current_app.config['WEKO_ACCOUNTS_GAKUNIN_ROLE']['defaultRole'], + 'orthros_outside_role': current_app.config['WEKO_ACCOUNTS_ORTHROS_OUTSIDE_ROLE']['defaultRole'], + 'extra_role': current_app.config['WEKO_ACCOUNTS_EXTRA_ROLE']['defaultRole']}" # create-admin-settings-end # create-default-authors-prefix-settings-begin From cff5ec981ae9625832b50b2ed7cb9b5868fb629f Mon Sep 17 00:00:00 2001 From: ayumi-nishida Date: Wed, 5 Mar 2025 10:11:47 +0900 Subject: [PATCH 20/43] =?UTF-8?q?=E5=B1=9E=E6=80=A7=E3=83=9E=E3=83=83?= =?UTF-8?q?=E3=83=94=E3=83=B3=E3=82=B0=E3=82=92DB=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/weko-accounts/weko_accounts/admin.py | 37 ++++++----- .../weko_accounts/setting/shibuser.html | 8 +-- modules/weko-accounts/weko_accounts/views.py | 62 +++++++++++++++++++ 3 files changed, 84 insertions(+), 23 deletions(-) diff --git a/modules/weko-accounts/weko_accounts/admin.py b/modules/weko-accounts/weko_accounts/admin.py index 6dbada1871..9297c7d81b 100644 --- a/modules/weko-accounts/weko_accounts/admin.py +++ b/modules/weko-accounts/weko_accounts/admin.py @@ -40,23 +40,12 @@ class ShibSettingView(BaseView): def index(self): """Index.""" try: - shib_flg = '0' if not current_app.config['WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED'] else '1' + + shib_flg = '0' if not AdminSettings.get('shib_login_enable').__dict__['shib_flg'] else '1' role_list = current_app.config['WEKO_ACCOUNTS_ROLE_LIST'] attr_list = current_app.config['WEKO_ACCOUNTS_ATTRIBUTE_LIST'] set_language = _('language') - # 'blocked_user_settings' が存在しない場合、新しいレコードを追加 - if AdminSettings.query.filter_by(name='blocked_user_settings').first() is None: - new_setting = AdminSettings( - id=6, - name="blocked_user_settings", - settings={"blocked_ePPNs": []} - ) - db.session.add(new_setting) - db.session.commit() - block_user_settings = AdminSettings.get('blocked_user_settings') - block_user_list = block_user_settings.__dict__['blocked_ePPNs'] - # デフォルトロール roles = { 'gakunin_role': current_app.config.get('WEKO_ACCOUNTS_GAKUNIN_ROLE', {}).get('defaultRole', '0'), @@ -65,13 +54,17 @@ def index(self): } # 属性マッピング + attribute_mappings = AdminSettings.get('attribute_mapping') attributes = { - 'shib_eppn_value': current_app.config.get('WEKO_ACCOUNTS_ATTRIBUTE_MAP', {}).get('shib_eppn', '0'), - 'shib_role_authority_name_value': current_app.config.get('WEKO_ACCOUNTS_ATTRIBUTE_MAP', {}).get('shib_role_authority_name', '0'), - 'shib_mail_value': current_app.config.get('WEKO_ACCOUNTS_ATTRIBUTE_MAP', {}).get('shib_mail', '0'), - 'shib_user_name_value': current_app.config.get('WEKO_ACCOUNTS_ATTRIBUTE_MAP', {}).get('shib_user_name', '0') + 'shib_eppn': attribute_mappings.__dict__['shib_eppn'], + 'shib_role_authority_name': attribute_mappings.__dict__['shib_role_authority_name'], + 'shib_mail': attribute_mappings.__dict__['shib_mail'], + 'shib_user_name': attribute_mappings.__dict__['shib_user_name'] } + block_user_settings = AdminSettings.get('blocked_user_settings') + block_user_list = block_user_settings.__dict__['blocked_ePPNs'] + if request.method == 'POST': # Process forms form = request.form.get('submit', None) @@ -81,14 +74,16 @@ def index(self): if form == 'shib_form': if shib_flg != new_shib_flg: shib_flg = new_shib_flg - _app.config['WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED'] = (shib_flg == '1') + AdminSettings.update('shib_login_enable', {"shib_flg": (shib_flg == '1')}) flash(_('Shibboleth flag was updated.'), category='success') for key in attributes: if attributes[key] != new_attributes[key]: attributes[key] = new_attributes[key] - current_app.config['WEKO_ACCOUNTS_ATTRIBUTE_MAP'][key.replace('_value', '')] = new_attributes[key] flash(_(f'{key.replace("_", " ").title()} mapping was updated.'), category='success') + AdminSettings.update('attribute_mapping', attributes) + + self.get_latest_current_app() return self.render( current_app.config['WEKO_ACCOUNTS_SET_SHIB_TEMPLATE'], @@ -97,6 +92,10 @@ def index(self): current_app.logger.error( 'Unexpected error: {}'.format(sys.exc_info())) return abort(400) + + def get_latest_current_app(self): + _app.config['WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED'] = AdminSettings.get('shib_login_enable').__dict__['shib_flg'] + _app.config['WEKO_ACCOUNTS_ATTRIBUTE_MAP'] = AdminSettings.get('attribute_mapping').__dict__ shib_adminview = { diff --git a/modules/weko-accounts/weko_accounts/templates/weko_accounts/setting/shibuser.html b/modules/weko-accounts/weko_accounts/templates/weko_accounts/setting/shibuser.html index 3e6f6a550a..57cb17f6c9 100644 --- a/modules/weko-accounts/weko_accounts/templates/weko_accounts/setting/shibuser.html +++ b/modules/weko-accounts/weko_accounts/templates/weko_accounts/setting/shibuser.html @@ -86,16 +86,16 @@
-
+
{{_("shib_eppn")}}
-
+
{{_("shib_role_authority_name")}}
-
+
{{_("shib_mail")}}
-
+
{{_("shib_user_name")}}
diff --git a/modules/weko-accounts/weko_accounts/views.py b/modules/weko-accounts/weko_accounts/views.py index 6fc2b85f59..e58116c654 100644 --- a/modules/weko-accounts/weko_accounts/views.py +++ b/modules/weko-accounts/weko_accounts/views.py @@ -41,6 +41,7 @@ from weko_redis.redis import RedisConnection from werkzeug.local import LocalProxy from invenio_db import db +from weko_admin.models import AdminSettings, db from .api import ShibUser from .utils import generate_random_str, parse_attributes @@ -73,6 +74,67 @@ def init_menu(): _('%(icon)s Administration', icon=''), visible_when=_has_admin_access, order=100) + + _adjust_shib_admin_DB() + +def _adjust_shib_admin_DB(): + """ + Create or Update Shibboleth Admin database table. + """ + with _app.app_context(): + if AdminSettings.query.filter_by(name='blocked_user_settings').first() is None: + new_setting = AdminSettings( + id=6, + name="blocked_user_settings", + settings={"blocked_ePPNs": []} + ) + db.session.add(new_setting) + db.session.commit() + + if AdminSettings.query.filter_by(name='shib_login_enable').first() is None: + new_setting = AdminSettings( + id=7, + name="shib_login_enable", + settings={"shib_flg": _app.config['WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED']} + ) + db.session.add(new_setting) + db.session.commit() + else: + setting = AdminSettings.query.filter_by(name='shib_login_enable').first() + setting.settings = {"shib_flg": _app.config['WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED']} + db.session.commit() + + if AdminSettings.query.filter_by(name='default_role_settings').first() is None: + new_setting = AdminSettings( + id=8, + name="default_role_settings", + settings={ + "gakunin_role": _app.config['WEKO_ACCOUNTS_GAKUNIN_ROLE']['defaultRole'], + "orthros_outside_role": _app.config['WEKO_ACCOUNTS_ORTHROS_OUTSIDE_ROLE']['defaultRole'], + "extra_role": _app.config['WEKO_ACCOUNTS_EXTRA_ROLE']['defaultRole']} + ) + db.session.add(new_setting) + db.session.commit() + else: + setting = AdminSettings.query.filter_by(name='default_role_settings').first() + setting.settings = { + "gakunin_role": _app.config['WEKO_ACCOUNTS_GAKUNIN_ROLE']['defaultRole'], + "orthros_outside_role": _app.config['WEKO_ACCOUNTS_ORTHROS_OUTSIDE_ROLE']['defaultRole'], + "extra_role": _app.config['WEKO_ACCOUNTS_EXTRA_ROLE']['defaultRole']} + db.session.commit() + + if AdminSettings.query.filter_by(name='attribute_mapping').first() is None: + new_setting = AdminSettings( + id=9, + name="attribute_mapping", + settings=_app.config['WEKO_ACCOUNTS_ATTRIBUTE_MAP'] + ) + db.session.add(new_setting) + db.session.commit() + else: + setting = AdminSettings.query.filter_by(name='attribute_mapping').first() + setting.settings = _app.config['WEKO_ACCOUNTS_ATTRIBUTE_MAP'] + db.session.commit() def _redirect_method(has_next=False): From a1c9ebfa9a5350d48d356f30f963cffe1222d340 Mon Sep 17 00:00:00 2001 From: ayumi-nishida Date: Wed, 5 Mar 2025 10:16:35 +0900 Subject: [PATCH 21/43] =?UTF-8?q?DB=E3=82=92=E4=BD=9C=E6=88=90=E6=9B=B4?= =?UTF-8?q?=E6=96=B0=E5=87=A6=E7=90=86=E3=82=92=E4=BF=AE=E6=AD=A3=E3=80=81?= =?UTF-8?q?=E3=83=89=E3=83=83=E3=82=AB=E3=83=BC=E8=B5=B7=E5=8B=95=E6=99=82?= =?UTF-8?q?=E3=81=ABDB=E3=81=A8=E8=A8=AD=E5=AE=9A=E3=83=95=E3=82=A1?= =?UTF-8?q?=E3=82=A4=E3=83=AB=E3=82=92=E6=95=B4=E5=90=88=E3=81=95=E3=81=9B?= =?UTF-8?q?=E3=82=8B=E3=82=88=E3=81=86=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/weko-accounts/weko_accounts/admin.py | 8 +-- modules/weko-accounts/weko_accounts/ext.py | 39 ------------ modules/weko-accounts/weko_accounts/views.py | 62 ++++++++++++++++++++ 3 files changed, 66 insertions(+), 43 deletions(-) diff --git a/modules/weko-accounts/weko_accounts/admin.py b/modules/weko-accounts/weko_accounts/admin.py index 0fd434b806..dcb107b229 100644 --- a/modules/weko-accounts/weko_accounts/admin.py +++ b/modules/weko-accounts/weko_accounts/admin.py @@ -54,10 +54,10 @@ def index(self): # 属性マッピング attributes = { - 'weko_eppn_value': current_app.config.get('WEKO_ACCOUNTS_ATTRIBUTE_MAP', {}).get('shib_eppn', '0'), - 'weko_role_authority_name_value': current_app.config.get('WEKO_ACCOUNTS_ATTRIBUTE_MAP', {}).get('shib_role_authority_name', '0'), - 'weko_mail_value': current_app.config.get('WEKO_ACCOUNTS_ATTRIBUTE_MAP', {}).get('shib_mail', '0'), - 'weko_user_name_value': current_app.config.get('WEKO_ACCOUNTS_ATTRIBUTE_MAP', {}).get('shib_user_name', '0') + 'weko_eppn': current_app.config.get('WEKO_ACCOUNTS_ATTRIBUTE_MAP', {}).get('shib_eppn', '0'), + 'weko_role_authority_name': current_app.config.get('WEKO_ACCOUNTS_ATTRIBUTE_MAP', {}).get('shib_role_authority_name', '0'), + 'weko_mail': current_app.config.get('WEKO_ACCOUNTS_ATTRIBUTE_MAP', {}).get('shib_mail', '0'), + 'weko_user_name': current_app.config.get('WEKO_ACCOUNTS_ATTRIBUTE_MAP', {}).get('shib_user_name', '0') } # ブロックユーザー diff --git a/modules/weko-accounts/weko_accounts/ext.py b/modules/weko-accounts/weko_accounts/ext.py index 72e36aae6f..5327a4f4a0 100644 --- a/modules/weko-accounts/weko_accounts/ext.py +++ b/modules/weko-accounts/weko_accounts/ext.py @@ -64,9 +64,6 @@ def init_config(self, app): :param app: The flask application. """ - # Create Shibboleth Admin database table - self.create_shib_admin_data_base_table(app) - # Use theme's base template if theme is installed if 'BASE_TEMPLATE' in app.config: app.config.setdefault( @@ -121,42 +118,6 @@ def init_limiter(self, app): from .utils import limiter limiter.init_app(app) - def create_shib_admin_data_base_table(self, app): - """ - Create Shibboleth Admin database table. - - :param app: The flask application. - """ - with app.app_context(): - if AdminSettings.query.filter_by(name='blocked_user_settings').first() is None: - new_setting = AdminSettings( - id=6, - name="blocked_user_settings", - settings={"blocked_ePPNs": []} - ) - db.session.add(new_setting) - db.session.commit() - - if AdminSettings.query.filter_by(name='shib_login_enable').first() is None: - new_setting = AdminSettings( - id=7, - name="shib_login_enable", - settings={"shib_flg": app.config['WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED']} - ) - db.session.add(new_setting) - db.session.commit() - - if AdminSettings.query.filter_by(name='default_role_settings').first() is None: - new_setting = AdminSettings( - id=8, - name="default_role_settings", - settings={ - "gakunin_role": app.config['WEKO_ACCOUNTS_GAKUNIN_ROLE']['defaultRole'], - "orthros_outside_role": app.config['WEKO_ACCOUNTS_ORTHROS_OUTSIDE_ROLE']['defaultRole'], - "extra_role": app.config['WEKO_ACCOUNTS_EXTRA_ROLE']['defaultRole']} - ) - db.session.add(new_setting) - db.session.commit() class WekoAccountsREST(object): """Weko accounts Rest Obj.""" diff --git a/modules/weko-accounts/weko_accounts/views.py b/modules/weko-accounts/weko_accounts/views.py index 6fc2b85f59..e58116c654 100644 --- a/modules/weko-accounts/weko_accounts/views.py +++ b/modules/weko-accounts/weko_accounts/views.py @@ -41,6 +41,7 @@ from weko_redis.redis import RedisConnection from werkzeug.local import LocalProxy from invenio_db import db +from weko_admin.models import AdminSettings, db from .api import ShibUser from .utils import generate_random_str, parse_attributes @@ -73,6 +74,67 @@ def init_menu(): _('%(icon)s Administration', icon=''), visible_when=_has_admin_access, order=100) + + _adjust_shib_admin_DB() + +def _adjust_shib_admin_DB(): + """ + Create or Update Shibboleth Admin database table. + """ + with _app.app_context(): + if AdminSettings.query.filter_by(name='blocked_user_settings').first() is None: + new_setting = AdminSettings( + id=6, + name="blocked_user_settings", + settings={"blocked_ePPNs": []} + ) + db.session.add(new_setting) + db.session.commit() + + if AdminSettings.query.filter_by(name='shib_login_enable').first() is None: + new_setting = AdminSettings( + id=7, + name="shib_login_enable", + settings={"shib_flg": _app.config['WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED']} + ) + db.session.add(new_setting) + db.session.commit() + else: + setting = AdminSettings.query.filter_by(name='shib_login_enable').first() + setting.settings = {"shib_flg": _app.config['WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED']} + db.session.commit() + + if AdminSettings.query.filter_by(name='default_role_settings').first() is None: + new_setting = AdminSettings( + id=8, + name="default_role_settings", + settings={ + "gakunin_role": _app.config['WEKO_ACCOUNTS_GAKUNIN_ROLE']['defaultRole'], + "orthros_outside_role": _app.config['WEKO_ACCOUNTS_ORTHROS_OUTSIDE_ROLE']['defaultRole'], + "extra_role": _app.config['WEKO_ACCOUNTS_EXTRA_ROLE']['defaultRole']} + ) + db.session.add(new_setting) + db.session.commit() + else: + setting = AdminSettings.query.filter_by(name='default_role_settings').first() + setting.settings = { + "gakunin_role": _app.config['WEKO_ACCOUNTS_GAKUNIN_ROLE']['defaultRole'], + "orthros_outside_role": _app.config['WEKO_ACCOUNTS_ORTHROS_OUTSIDE_ROLE']['defaultRole'], + "extra_role": _app.config['WEKO_ACCOUNTS_EXTRA_ROLE']['defaultRole']} + db.session.commit() + + if AdminSettings.query.filter_by(name='attribute_mapping').first() is None: + new_setting = AdminSettings( + id=9, + name="attribute_mapping", + settings=_app.config['WEKO_ACCOUNTS_ATTRIBUTE_MAP'] + ) + db.session.add(new_setting) + db.session.commit() + else: + setting = AdminSettings.query.filter_by(name='attribute_mapping').first() + setting.settings = _app.config['WEKO_ACCOUNTS_ATTRIBUTE_MAP'] + db.session.commit() def _redirect_method(has_next=False): From d0247ad17b657c5dd7ac88cc92c13ba4c7fce3ec Mon Sep 17 00:00:00 2001 From: ayumi-nishida Date: Wed, 5 Mar 2025 11:08:54 +0900 Subject: [PATCH 22/43] =?UTF-8?q?Shibboleth=E7=AE=A1=E7=90=86=E7=94=BB?= =?UTF-8?q?=E9=9D=A2=E7=94=9F=E6=88=90=E3=81=AE=E6=B5=81=E3=82=8C=E3=82=92?= =?UTF-8?q?=E6=95=B4=E7=90=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/weko-accounts/weko_accounts/admin.py | 10 ++++++---- .../templates/weko_accounts/setting/shibuser.html | 8 ++++---- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/modules/weko-accounts/weko_accounts/admin.py b/modules/weko-accounts/weko_accounts/admin.py index dcb107b229..bb73eaa6b2 100644 --- a/modules/weko-accounts/weko_accounts/admin.py +++ b/modules/weko-accounts/weko_accounts/admin.py @@ -53,11 +53,12 @@ def index(self): } # 属性マッピング + attribute_mappings = AdminSettings.get('attribute_mapping') attributes = { - 'weko_eppn': current_app.config.get('WEKO_ACCOUNTS_ATTRIBUTE_MAP', {}).get('shib_eppn', '0'), - 'weko_role_authority_name': current_app.config.get('WEKO_ACCOUNTS_ATTRIBUTE_MAP', {}).get('shib_role_authority_name', '0'), - 'weko_mail': current_app.config.get('WEKO_ACCOUNTS_ATTRIBUTE_MAP', {}).get('shib_mail', '0'), - 'weko_user_name': current_app.config.get('WEKO_ACCOUNTS_ATTRIBUTE_MAP', {}).get('shib_user_name', '0') + 'shib_eppn': attribute_mappings.__dict__['shib_eppn'], + 'shib_role_authority_name': attribute_mappings.__dict__['shib_role_authority_name'], + 'shib_mail': attribute_mappings.__dict__['shib_mail'], + 'shib_user_name': attribute_mappings.__dict__['shib_user_name'] } # ブロックユーザー @@ -100,6 +101,7 @@ def get_latest_current_app(self): _app.config['WEKO_ACCOUNTS_GAKUNIN_ROLE']['defaultRole'] = AdminSettings.get('default_role_settings').__dict__['gakunin_role'] _app.config['WEKO_ACCOUNTS_ORTHROS_OUTSIDE_ROLE']['defaultRole'] = AdminSettings.get('default_role_settings').__dict__['orthros_outside_role'] _app.config['WEKO_ACCOUNTS_EXTRA_ROLE']['defaultRole'] = AdminSettings.get('default_role_settings').__dict__['extra_role'] + _app.config['WEKO_ACCOUNTS_ATTRIBUTE_MAP'] = AdminSettings.get('attribute_mapping').__dict__ shib_adminview = { 'view_class': ShibSettingView, diff --git a/modules/weko-accounts/weko_accounts/templates/weko_accounts/setting/shibuser.html b/modules/weko-accounts/weko_accounts/templates/weko_accounts/setting/shibuser.html index af1d86ad32..fc268eda2e 100644 --- a/modules/weko-accounts/weko_accounts/templates/weko_accounts/setting/shibuser.html +++ b/modules/weko-accounts/weko_accounts/templates/weko_accounts/setting/shibuser.html @@ -86,16 +86,16 @@
-
+
{{_("shib_eppn")}}
-
+
{{_("shib_role_authority_name")}}
-
+
{{_("shib_mail")}}
-
+
{{_("shib_user_name")}}
From 21d9fef9704bd675e58a852a72ca643d3ecc75dc Mon Sep 17 00:00:00 2001 From: ayumi-nishida Date: Wed, 5 Mar 2025 11:11:48 +0900 Subject: [PATCH 23/43] =?UTF-8?q?Shibboleth=E7=AE=A1=E7=90=86=E7=94=BB?= =?UTF-8?q?=E9=9D=A2=E3=81=AE=E7=94=9F=E6=88=90=E3=81=AE=E6=B5=81=E3=82=8C?= =?UTF-8?q?=E3=82=92=E6=95=B4=E7=90=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/weko-accounts/weko_accounts/admin.py | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/modules/weko-accounts/weko_accounts/admin.py b/modules/weko-accounts/weko_accounts/admin.py index 9297c7d81b..08dbc18844 100644 --- a/modules/weko-accounts/weko_accounts/admin.py +++ b/modules/weko-accounts/weko_accounts/admin.py @@ -40,17 +40,17 @@ class ShibSettingView(BaseView): def index(self): """Index.""" try: - shib_flg = '0' if not AdminSettings.get('shib_login_enable').__dict__['shib_flg'] else '1' role_list = current_app.config['WEKO_ACCOUNTS_ROLE_LIST'] attr_list = current_app.config['WEKO_ACCOUNTS_ATTRIBUTE_LIST'] set_language = _('language') # デフォルトロール + default_roles = AdminSettings.get('default_role_settings') roles = { - 'gakunin_role': current_app.config.get('WEKO_ACCOUNTS_GAKUNIN_ROLE', {}).get('defaultRole', '0'), - 'orthros_role': current_app.config.get('WEKO_ACCOUNTS_ORTHROS_OUTSIDE_ROLE', {}).get('defaultRole', '0'), - 'extra_role': current_app.config.get('WEKO_ACCOUNTS_EXTRA_ROLE', {}).get('defaultRole', '0') + 'gakunin_role': default_roles.__dict__['gakunin_role'], + 'orthros_outside_role': default_roles.__dict__['orthros_outside_role'], + 'extra_role': default_roles.__dict__['extra_role'] } # 属性マッピング @@ -62,6 +62,7 @@ def index(self): 'shib_user_name': attribute_mappings.__dict__['shib_user_name'] } + # ブロックユーザー block_user_settings = AdminSettings.get('blocked_user_settings') block_user_list = block_user_settings.__dict__['blocked_ePPNs'] @@ -94,8 +95,11 @@ def index(self): return abort(400) def get_latest_current_app(self): - _app.config['WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED'] = AdminSettings.get('shib_login_enable').__dict__['shib_flg'] - _app.config['WEKO_ACCOUNTS_ATTRIBUTE_MAP'] = AdminSettings.get('attribute_mapping').__dict__ + _app.config['WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED'] = AdminSettings.get('shib_login_enable').__dict__['shib_flg'] + _app.config['WEKO_ACCOUNTS_GAKUNIN_ROLE']['defaultRole'] = AdminSettings.get('default_role_settings').__dict__['gakunin_role'] + _app.config['WEKO_ACCOUNTS_ORTHROS_OUTSIDE_ROLE']['defaultRole'] = AdminSettings.get('default_role_settings').__dict__['orthros_outside_role'] + _app.config['WEKO_ACCOUNTS_EXTRA_ROLE']['defaultRole'] = AdminSettings.get('default_role_settings').__dict__['extra_role'] + _app.config['WEKO_ACCOUNTS_ATTRIBUTE_MAP'] = AdminSettings.get('attribute_mapping').__dict__ shib_adminview = { From b592052fa8dc9ef5db695109c1cf14032a5b051e Mon Sep 17 00:00:00 2001 From: ayumi-nishida Date: Wed, 5 Mar 2025 13:18:16 +0900 Subject: [PATCH 24/43] =?UTF-8?q?.sh=E3=81=A7=E3=81=AEDB=E7=94=9F=E6=88=90?= =?UTF-8?q?=E5=87=A6=E7=90=86=E3=82=92=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- scripts/populate-instance.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/scripts/populate-instance.sh b/scripts/populate-instance.sh index 917f9a775d..4a6d96ebf5 100755 --- a/scripts/populate-instance.sh +++ b/scripts/populate-instance.sh @@ -441,12 +441,13 @@ ${INVENIO_WEB_INSTANCE} admin_settings create_settings \ "{'blocked_ePPNs': []}" ${INVENIO_WEB_INSTANCE} admin_settings create_settings \ 7 "shib_login_enable" \ - "{'shib_flg': current_app.config['WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED']}" + "{'shib_flg': False}" ${INVENIO_WEB_INSTANCE} admin_settings create_settings \ 8 "default_role_settings" \ - "{'gakunin_role': current_app.config['WEKO_ACCOUNTS_GAKUNIN_ROLE']['defaultRole'], - 'orthros_outside_role': current_app.config['WEKO_ACCOUNTS_ORTHROS_OUTSIDE_ROLE']['defaultRole'], - 'extra_role': current_app.config['WEKO_ACCOUNTS_EXTRA_ROLE']['defaultRole']}" + "{'gakunin_role': '', 'orthros_outside_role': '', 'extra_role': ''}" +${INVENIO_WEB_INSTANCE} admin_settings create_settings \ + 9 "attribute_mapping" \ + "{'shib_eppn': '', 'shib_role_authority_name': '', 'shib_mail': '', 'shib_user_name': ''}" # create-admin-settings-end # create-default-authors-prefix-settings-begin From 469278b42c407bb3e00184cb116d8e04d58ca006 Mon Sep 17 00:00:00 2001 From: ayumi-nishida Date: Wed, 5 Mar 2025 15:36:59 +0900 Subject: [PATCH 25/43] =?UTF-8?q?invenio=E3=82=B3=E3=83=9E=E3=83=B3?= =?UTF-8?q?=E3=83=89=E3=82=92=E5=AE=9F=E8=A3=85?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/weko-admin/weko_admin/cli.py | 37 ++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/modules/weko-admin/weko_admin/cli.py b/modules/weko-admin/weko_admin/cli.py index 6e635b9fb0..0721174e71 100644 --- a/modules/weko-admin/weko_admin/cli.py +++ b/modules/weko-admin/weko_admin/cli.py @@ -281,3 +281,40 @@ def insert_facet_search_to_db(name_en, name_jp, mapping, aggregations, active, u click.secho('insert facet search') except Exception as e: click.secho(str(e)) + +@click.group() +def shib_admin_setting(): + """Shibboleth Admin Settings commands.""" + "invenio update-attribute-mapping --shib_eppn 'eppn_value' --shib_mail 'mail_value'" + +@shib_admin_setting.command('update-attribute-mapping') +@click.option('--shib_eppn', type=str, default=None) +@click.option('--shib_role_authority_name', type=str, default=None) +@click.option('--shib_mail', type=str, default=None) +@click.option('--shib_user_name', type=str, default=None) +@with_appcontext +def update_attribute_mapping(shib_eppn, shib_role_authority_name, shib_mail, shib_user_name): + """Update Attribute Mapping between Shibboleth and WEKO3.""" + attribute_mappings = AdminSettings.get('attribute_mapping') + attributes = { + 'shib_eppn': attribute_mappings.__dict__.get('shib_eppn'), + 'shib_role_authority_name': attribute_mappings.__dict__.get('shib_role_authority_name'), + 'shib_mail': attribute_mappings.__dict__.get('shib_mail'), + 'shib_user_name': attribute_mappings.__dict__.get('shib_user_name') + } + + try: + if shib_eppn is not None: + attributes['shib_eppn'] = shib_eppn + if shib_role_authority_name is not None: + attributes['shib_role_authority_name'] = shib_role_authority_name + if shib_mail is not None: + attributes['shib_mail'] = shib_mail + if shib_user_name is not None: + attributes['shib_user_name'] = shib_user_name + + AdminSettings.update('attribute_mapping', attributes) + click.secho("Mapping and update were successful.") + + except Exception as e: + click.secho(str(e)) From b3781efc3826c21bc571becac19a9abc33231273 Mon Sep 17 00:00:00 2001 From: ayumi-nishida Date: Wed, 5 Mar 2025 16:23:43 +0900 Subject: [PATCH 26/43] =?UTF-8?q?AdminSettings.get=E3=82=92Dict=E5=9E=8B?= =?UTF-8?q?=E3=81=A7=E8=BF=94=E3=81=99=E3=82=88=E3=81=86=E3=81=AB=E5=87=A6?= =?UTF-8?q?=E7=90=86=E4=BF=AE=E6=AD=A3=EF=BC=8F=E3=83=86=E3=83=BC=E3=83=96?= =?UTF-8?q?=E3=83=AB=E3=81=AB=E3=83=87=E3=83=BC=E3=82=BF=E3=81=8C=E3=81=AA?= =?UTF-8?q?=E3=81=84=E5=A0=B4=E5=90=88=E3=81=AB=E5=88=9D=E6=9C=9F=E5=80=A4?= =?UTF-8?q?=E3=82=92=E8=A8=AD=E5=AE=9A=E3=81=99=E3=82=8B=E3=82=88=E3=81=86?= =?UTF-8?q?=E3=81=AB=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/weko-accounts/weko_accounts/admin.py | 40 +++++++++++--------- 1 file changed, 23 insertions(+), 17 deletions(-) diff --git a/modules/weko-accounts/weko_accounts/admin.py b/modules/weko-accounts/weko_accounts/admin.py index bb73eaa6b2..2b5b15ed6e 100644 --- a/modules/weko-accounts/weko_accounts/admin.py +++ b/modules/weko-accounts/weko_accounts/admin.py @@ -39,31 +39,35 @@ class ShibSettingView(BaseView): def index(self): """Index.""" try: - shib_flg = '0' if not AdminSettings.get('shib_login_enable').__dict__['shib_flg'] else '1' + # Shibbolethログイン可否 + shib_login_enable = AdminSettings.get('shib_login_enable', dict_to_object=False) + shib_flg = '0' if not shib_login_enable.get('shib_flg', current_app.config['WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED']) else '1' + role_list = current_app.config['WEKO_ACCOUNTS_ROLE_LIST'] attr_list = current_app.config['WEKO_ACCOUNTS_ATTRIBUTE_LIST'] set_language = _('language') # デフォルトロール - default_roles = AdminSettings.get('default_role_settings') + default_roles = AdminSettings.get('default_role_settings', dict_to_object=False) roles = { - 'gakunin_role': default_roles.__dict__['gakunin_role'], - 'orthros_outside_role': default_roles.__dict__['orthros_outside_role'], - 'extra_role': default_roles.__dict__['extra_role'] + 'gakunin_role': default_roles.get('gakunin_role', current_app.config['WEKO_ACCOUNTS_GAKUNIN_ROLE']['defaultRole']), + 'orthros_outside_role': default_roles.get('orthros_outside_role', current_app.config['WEKO_ACCOUNTS_ORTHROS_OUTSIDE_ROLE']['defaultRole']), + 'extra_role': default_roles.get('extra_role', current_app.config['WEKO_ACCOUNTS_EXTRA_ROLE']['defaultRole']) } + # 属性マッピング - attribute_mappings = AdminSettings.get('attribute_mapping') + attribute_mappings = AdminSettings.get('attribute_mapping', dict_to_object=False) attributes = { - 'shib_eppn': attribute_mappings.__dict__['shib_eppn'], - 'shib_role_authority_name': attribute_mappings.__dict__['shib_role_authority_name'], - 'shib_mail': attribute_mappings.__dict__['shib_mail'], - 'shib_user_name': attribute_mappings.__dict__['shib_user_name'] + 'shib_eppn': attribute_mappings.get('shib_eppn', current_app.config['WEKO_ACCOUNTS_ATTRIBUTE_MAP']['shib_eppn']), + 'shib_role_authority_name': attribute_mappings.get('shib_role_authority_name', current_app.config['WEKO_ACCOUNTS_ATTRIBUTE_MAP']['shib_role_authority_name']), + 'shib_mail': attribute_mappings.get('shib_mail', current_app.config['WEKO_ACCOUNTS_ATTRIBUTE_MAP']['shib_mail']), + 'shib_user_name': attribute_mappings.get('shib_user_name', current_app.config['WEKO_ACCOUNTS_ATTRIBUTE_MAP']['shib_user_name']) } # ブロックユーザー - block_user_settings = AdminSettings.get('blocked_user_settings') - block_user_list = block_user_settings.__dict__['blocked_ePPNs'] + block_user_settings = AdminSettings.get('blocked_user_settings', dict_to_object=False) + block_user_list = block_user_settings.get('blocked_ePPNs', []) if request.method == 'POST': @@ -97,11 +101,13 @@ def index(self): return abort(400) def get_latest_current_app(self): - _app.config['WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED'] = AdminSettings.get('shib_login_enable').__dict__['shib_flg'] - _app.config['WEKO_ACCOUNTS_GAKUNIN_ROLE']['defaultRole'] = AdminSettings.get('default_role_settings').__dict__['gakunin_role'] - _app.config['WEKO_ACCOUNTS_ORTHROS_OUTSIDE_ROLE']['defaultRole'] = AdminSettings.get('default_role_settings').__dict__['orthros_outside_role'] - _app.config['WEKO_ACCOUNTS_EXTRA_ROLE']['defaultRole'] = AdminSettings.get('default_role_settings').__dict__['extra_role'] - _app.config['WEKO_ACCOUNTS_ATTRIBUTE_MAP'] = AdminSettings.get('attribute_mapping').__dict__ + _app.config['WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED'] = AdminSettings.get('shib_login_enable', dict_to_object=False)['shib_flg'] + + default_roles = AdminSettings.get('default_role_settings', dict_to_object=False) + _app.config['WEKO_ACCOUNTS_GAKUNIN_ROLE']['defaultRole'] = default_roles['gakunin_role'] + _app.config['WEKO_ACCOUNTS_ORTHROS_OUTSIDE_ROLE']['defaultRole'] = default_roles['orthros_outside_role'] + _app.config['WEKO_ACCOUNTS_EXTRA_ROLE']['defaultRole'] = default_roles['extra_role'] + _app.config['WEKO_ACCOUNTS_ATTRIBUTE_MAP'] = AdminSettings.get('attribute_mapping', dict_to_object=False) shib_adminview = { 'view_class': ShibSettingView, From cf3d2909fc2a355f9b49e7e5e204c9e1389b48ce Mon Sep 17 00:00:00 2001 From: ayumi-nishida Date: Wed, 5 Mar 2025 16:31:28 +0900 Subject: [PATCH 27/43] =?UTF-8?q?AdminSettings.get=E3=82=92dict=E5=9E=8B?= =?UTF-8?q?=E3=81=A7=E8=BF=94=E3=81=99=E3=82=88=E3=81=86=E3=81=AB=E4=BF=AE?= =?UTF-8?q?=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/weko-accounts/weko_accounts/admin.py | 39 +++++++++++--------- 1 file changed, 22 insertions(+), 17 deletions(-) diff --git a/modules/weko-accounts/weko_accounts/admin.py b/modules/weko-accounts/weko_accounts/admin.py index 08dbc18844..abb95c0a51 100644 --- a/modules/weko-accounts/weko_accounts/admin.py +++ b/modules/weko-accounts/weko_accounts/admin.py @@ -40,31 +40,34 @@ class ShibSettingView(BaseView): def index(self): """Index.""" try: - shib_flg = '0' if not AdminSettings.get('shib_login_enable').__dict__['shib_flg'] else '1' + # Shibbolethログイン可否 + shib_login_enable = AdminSettings.get('shib_login_enable', dict_to_object=False) + shib_flg = '0' if not shib_login_enable.get('shib_flg', current_app.config['WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED']) else '1' + role_list = current_app.config['WEKO_ACCOUNTS_ROLE_LIST'] attr_list = current_app.config['WEKO_ACCOUNTS_ATTRIBUTE_LIST'] set_language = _('language') # デフォルトロール - default_roles = AdminSettings.get('default_role_settings') + default_roles = AdminSettings.get('default_role_settings', dict_to_object=False) roles = { - 'gakunin_role': default_roles.__dict__['gakunin_role'], - 'orthros_outside_role': default_roles.__dict__['orthros_outside_role'], - 'extra_role': default_roles.__dict__['extra_role'] + 'gakunin_role': default_roles.get('gakunin_role', current_app.config['WEKO_ACCOUNTS_GAKUNIN_ROLE']['defaultRole']), + 'orthros_outside_role': default_roles.get('orthros_outside_role', current_app.config['WEKO_ACCOUNTS_ORTHROS_OUTSIDE_ROLE']['defaultRole']), + 'extra_role': default_roles.get('extra_role', current_app.config['WEKO_ACCOUNTS_EXTRA_ROLE']['defaultRole']) } # 属性マッピング - attribute_mappings = AdminSettings.get('attribute_mapping') + attribute_mappings = AdminSettings.get('attribute_mapping', dict_to_object=False) attributes = { - 'shib_eppn': attribute_mappings.__dict__['shib_eppn'], - 'shib_role_authority_name': attribute_mappings.__dict__['shib_role_authority_name'], - 'shib_mail': attribute_mappings.__dict__['shib_mail'], - 'shib_user_name': attribute_mappings.__dict__['shib_user_name'] + 'shib_eppn': attribute_mappings.get('shib_eppn', current_app.config['WEKO_ACCOUNTS_ATTRIBUTE_MAP']['shib_eppn']), + 'shib_role_authority_name': attribute_mappings.get('shib_role_authority_name', current_app.config['WEKO_ACCOUNTS_ATTRIBUTE_MAP']['shib_role_authority_name']), + 'shib_mail': attribute_mappings.get('shib_mail', current_app.config['WEKO_ACCOUNTS_ATTRIBUTE_MAP']['shib_mail']), + 'shib_user_name': attribute_mappings.get('shib_user_name', current_app.config['WEKO_ACCOUNTS_ATTRIBUTE_MAP']['shib_user_name']) } # ブロックユーザー - block_user_settings = AdminSettings.get('blocked_user_settings') - block_user_list = block_user_settings.__dict__['blocked_ePPNs'] + block_user_settings = AdminSettings.get('blocked_user_settings', dict_to_object=False) + block_user_list = block_user_settings.get('blocked_ePPNs', []) if request.method == 'POST': # Process forms @@ -95,11 +98,13 @@ def index(self): return abort(400) def get_latest_current_app(self): - _app.config['WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED'] = AdminSettings.get('shib_login_enable').__dict__['shib_flg'] - _app.config['WEKO_ACCOUNTS_GAKUNIN_ROLE']['defaultRole'] = AdminSettings.get('default_role_settings').__dict__['gakunin_role'] - _app.config['WEKO_ACCOUNTS_ORTHROS_OUTSIDE_ROLE']['defaultRole'] = AdminSettings.get('default_role_settings').__dict__['orthros_outside_role'] - _app.config['WEKO_ACCOUNTS_EXTRA_ROLE']['defaultRole'] = AdminSettings.get('default_role_settings').__dict__['extra_role'] - _app.config['WEKO_ACCOUNTS_ATTRIBUTE_MAP'] = AdminSettings.get('attribute_mapping').__dict__ + _app.config['WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED'] = AdminSettings.get('shib_login_enable', dict_to_object=False)['shib_flg'] + + default_roles = AdminSettings.get('default_role_settings', dict_to_object=False) + _app.config['WEKO_ACCOUNTS_GAKUNIN_ROLE']['defaultRole'] = default_roles['gakunin_role'] + _app.config['WEKO_ACCOUNTS_ORTHROS_OUTSIDE_ROLE']['defaultRole'] = default_roles['orthros_outside_role'] + _app.config['WEKO_ACCOUNTS_EXTRA_ROLE']['defaultRole'] = default_roles['extra_role'] + _app.config['WEKO_ACCOUNTS_ATTRIBUTE_MAP'] = AdminSettings.get('attribute_mapping', dict_to_object=False) shib_adminview = { From 7bacfaa5f642ac8a0b0a6d378adfc1d8d169d3e3 Mon Sep 17 00:00:00 2001 From: ayumi-nishida Date: Wed, 5 Mar 2025 16:39:41 +0900 Subject: [PATCH 28/43] =?UTF-8?q?=E8=AA=A4=E5=AD=97=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../weko_accounts/templates/weko_accounts/setting/shibuser.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/weko-accounts/weko_accounts/templates/weko_accounts/setting/shibuser.html b/modules/weko-accounts/weko_accounts/templates/weko_accounts/setting/shibuser.html index 57cb17f6c9..fc268eda2e 100644 --- a/modules/weko-accounts/weko_accounts/templates/weko_accounts/setting/shibuser.html +++ b/modules/weko-accounts/weko_accounts/templates/weko_accounts/setting/shibuser.html @@ -75,7 +75,7 @@
{{_("Gakunin IdP")}}
-
+
{{_("Outside Orthros")}}
From 6f53a1147de2c6ab5681076e9b47c7ad1a191e5f Mon Sep 17 00:00:00 2001 From: ayumi-nishida Date: Fri, 7 Mar 2025 14:42:03 +0900 Subject: [PATCH 29/43] =?UTF-8?q?invenio=E3=82=B3=E3=83=9E=E3=83=B3?= =?UTF-8?q?=E3=83=89=E3=81=AB=E3=82=88=E3=82=8B=E6=93=8D=E4=BD=9C=E3=82=92?= =?UTF-8?q?=E5=AE=9F=E8=A3=85=EF=BC=8Fpytest=E3=81=8C=E3=81=BE=E3=81=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/weko-admin/setup.py | 3 +- modules/weko-admin/tests/test_cli.py | 31 ++++++++++++- modules/weko-admin/weko_admin/cli.py | 69 +++++++++++++--------------- scripts/populate-instance.sh | 20 ++++++++ 4 files changed, 84 insertions(+), 39 deletions(-) diff --git a/modules/weko-admin/setup.py b/modules/weko-admin/setup.py index 947567e56c..7715332b1f 100644 --- a/modules/weko-admin/setup.py +++ b/modules/weko-admin/setup.py @@ -105,7 +105,8 @@ 'admin_settings = weko_admin.cli:admin_settings', 'authors_prefix = weko_admin.cli:authors_prefix', 'authors_affiliation = weko_admin.cli:authors_affiliation', - 'facet_search_setting = weko_admin.cli:facet_search_setting' + 'facet_search_setting = weko_admin.cli:facet_search_setting', + 'shib_admin_setting = weko_admin.cli:shib_admin_setting' ], 'invenio_celery.tasks': [ 'weko_admin = weko_admin.tasks', diff --git a/modules/weko-admin/tests/test_cli.py b/modules/weko-admin/tests/test_cli.py index 14eac9edaf..49708da991 100644 --- a/modules/weko-admin/tests/test_cli.py +++ b/modules/weko-admin/tests/test_cli.py @@ -17,7 +17,8 @@ create_settings, create_default_settings, create_default_affiliation_settings, - insert_facet_search_to_db + insert_facet_search_to_db, + update_attribute_mapping ) from weko_admin.models import AdminLangSettings,ApiCertificate,StatisticUnit,\ StatisticTarget,BillingPermission,AdminSettings,FacetSearchSetting @@ -226,4 +227,32 @@ def test_insert_facet_search_to_db(db, script_info): with patch("weko_admin.cli.FacetSearchSetting.create",side_effect=Exception("test_error")): result = runner.invoke(insert_facet_search_to_db,["Data Language","データの言語","language","[]","True","SelectBox","1","True","OR"],obj=script_info) assert result.exit_code == 0 + assert result.output == "test_error\n" + +#def admin_settings(): +#def update_attribute_mapping(shib_eppn, shib_role_authority_name, shib_mail, shib_user_name): +# .tox/c1/bin/pytest --cov=weko_admin tests/test_cli.py::test_update_attribute_mapping -vv -s --cov-branch --cov-report=term --basetemp=/code/modules/weko-admin/.tox/c1/tmp +def test_update_attribute_mapping(db, shib_eppn_value=None, shib_role_authority_name_value=None, shib_mail_value=None, shib_user_name_value=None): + runner = CliRunner() + result = runner.invoke( + update_attribute_mapping, + shib_eppn_value, + shib_role_authority_name_value, + shib_mail_value, + shib_user_name_value + ) + + assert result.exit_code == 0 + assert result.output.strip() == "Mapping and update were successful." + assert AdminSettings.query.filter_by(id=9).one_or_none().name== "attribute_mapping" + + with patch("weko_admin.cli.AdminSettings.update",side_effect=Exception("test_error")): + result = runner.invoke( + update_attribute_mapping, + shib_eppn_value, + shib_role_authority_name_value, + shib_mail_value, + shib_user_name_value + ) + assert result.exit_code == 0 assert result.output == "test_error\n" \ No newline at end of file diff --git a/modules/weko-admin/weko_admin/cli.py b/modules/weko-admin/weko_admin/cli.py index 0721174e71..35d9df0d55 100644 --- a/modules/weko-admin/weko_admin/cli.py +++ b/modules/weko-admin/weko_admin/cli.py @@ -208,6 +208,38 @@ def create_settings(id, name, settings): except Exception as ex: click.secho(str(ex)) +# invenio admin_settings mapping_update --shib_eppn eppn_value --shib_mail mail_value +@admin_settings.command('mapping_update') +@click.option('--shib_eppn', type=str, default=None) +@click.option('--shib_role_authority_name', type=str, default=None) +@click.option('--shib_mail', type=str, default=None) +@click.option('--shib_user_name', type=str, default=None) +@with_appcontext +def update_attribute_mapping(shib_eppn, shib_role_authority_name, shib_mail, shib_user_name): + """Update Attribute Mapping between Shibboleth and WEKO3.""" + attribute_mappings = AdminSettings.get('attribute_mapping', dict_to_object=False) + attributes = { + 'shib_eppn': attribute_mappings.get('shib_eppn'), + 'shib_role_authority_name': attribute_mappings.get('shib_role_authority_name'), + 'shib_mail': attribute_mappings.get('shib_mail'), + 'shib_user_name': attribute_mappings.get('shib_user_name') + } + + try: + if shib_eppn is not None: + attributes['shib_eppn'] = shib_eppn + if shib_role_authority_name is not None: + attributes['shib_role_authority_name'] = shib_role_authority_name + if shib_mail is not None: + attributes['shib_mail'] = shib_mail + if shib_user_name is not None: + attributes['shib_user_name'] = shib_user_name + + AdminSettings.update('attribute_mapping', attributes) + click.secho("Mapping and update were successful.") + + except Exception as e: + click.secho(str(e)) @click.group() def authors_prefix(): @@ -281,40 +313,3 @@ def insert_facet_search_to_db(name_en, name_jp, mapping, aggregations, active, u click.secho('insert facet search') except Exception as e: click.secho(str(e)) - -@click.group() -def shib_admin_setting(): - """Shibboleth Admin Settings commands.""" - "invenio update-attribute-mapping --shib_eppn 'eppn_value' --shib_mail 'mail_value'" - -@shib_admin_setting.command('update-attribute-mapping') -@click.option('--shib_eppn', type=str, default=None) -@click.option('--shib_role_authority_name', type=str, default=None) -@click.option('--shib_mail', type=str, default=None) -@click.option('--shib_user_name', type=str, default=None) -@with_appcontext -def update_attribute_mapping(shib_eppn, shib_role_authority_name, shib_mail, shib_user_name): - """Update Attribute Mapping between Shibboleth and WEKO3.""" - attribute_mappings = AdminSettings.get('attribute_mapping') - attributes = { - 'shib_eppn': attribute_mappings.__dict__.get('shib_eppn'), - 'shib_role_authority_name': attribute_mappings.__dict__.get('shib_role_authority_name'), - 'shib_mail': attribute_mappings.__dict__.get('shib_mail'), - 'shib_user_name': attribute_mappings.__dict__.get('shib_user_name') - } - - try: - if shib_eppn is not None: - attributes['shib_eppn'] = shib_eppn - if shib_role_authority_name is not None: - attributes['shib_role_authority_name'] = shib_role_authority_name - if shib_mail is not None: - attributes['shib_mail'] = shib_mail - if shib_user_name is not None: - attributes['shib_user_name'] = shib_user_name - - AdminSettings.update('attribute_mapping', attributes) - click.secho("Mapping and update were successful.") - - except Exception as e: - click.secho(str(e)) diff --git a/scripts/populate-instance.sh b/scripts/populate-instance.sh index a1ebafd7d5..296981c154 100755 --- a/scripts/populate-instance.sh +++ b/scripts/populate-instance.sh @@ -439,6 +439,15 @@ ${INVENIO_WEB_INSTANCE} admin_settings create_settings \ ${INVENIO_WEB_INSTANCE} admin_settings create_settings \ 6 "blocked_user_settings" \ "{'blocked_ePPNs': []}" +${INVENIO_WEB_INSTANCE} admin_settings create_settings \ + 7 "shib_login_enable" \ + "{'shib_flg': False}" +${INVENIO_WEB_INSTANCE} admin_settings create_settings \ + 8 "default_role_settings" \ + "{'gakunin_role': '', 'orthros_outside_role': '', 'extra_role': ''}" +${INVENIO_WEB_INSTANCE} admin_settings create_settings \ + 9 "attribute_mapping" \ + "{'shib_eppn': '', 'shib_role_authority_name': '', 'shib_mail': '', 'shib_user_name': ''}" # create-admin-settings-end # create-default-authors-prefix-settings-begin @@ -495,3 +504,14 @@ ${INVENIO_WEB_INSTANCE} facet_search_setting create \ ${INVENIO_WEB_INSTANCE} facet_search_setting create \ "Data Type" "デ一タタイプ" "description.value" "[{'agg_value': 'Other', 'agg_mapping': 'description.descriptionType'}]" True SelectBox 7 True # create-facet-search-setting-end + +# update-shib-admin-setting-begin +${INVENIO_WEB_INSTANCE} shib_admin_setting update \ + "shib_eppn" "eduPersonPrincipalName" +${INVENIO_WEB_INSTANCE} shib_admin_setting update \ + "shib_mail" "mail" +${INVENIO_WEB_INSTANCE} shib_admin_setting update \ + "shib_user_name" "displayName" +${INVENIO_WEB_INSTANCE} shib_admin_setting update \ + "shib_role_authority_name" "eduPersonAffiliation" +# update-shib-admin-setting-end From 1a23617384307d4d7223baba4e554f63e0d1f3a8 Mon Sep 17 00:00:00 2001 From: ayumi-nishida Date: Fri, 7 Mar 2025 16:23:47 +0900 Subject: [PATCH 30/43] =?UTF-8?q?=E4=B8=8D=E8=A6=81=E3=81=AA=E5=87=A6?= =?UTF-8?q?=E7=90=86=E3=82=92=E5=89=8A=E9=99=A4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/weko-admin/setup.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/weko-admin/setup.py b/modules/weko-admin/setup.py index 7715332b1f..947567e56c 100644 --- a/modules/weko-admin/setup.py +++ b/modules/weko-admin/setup.py @@ -105,8 +105,7 @@ 'admin_settings = weko_admin.cli:admin_settings', 'authors_prefix = weko_admin.cli:authors_prefix', 'authors_affiliation = weko_admin.cli:authors_affiliation', - 'facet_search_setting = weko_admin.cli:facet_search_setting', - 'shib_admin_setting = weko_admin.cli:shib_admin_setting' + 'facet_search_setting = weko_admin.cli:facet_search_setting' ], 'invenio_celery.tasks': [ 'weko_admin = weko_admin.tasks', From cb193fe5a9c068e37edf0da0c1255df084b54f6f Mon Sep 17 00:00:00 2001 From: ayumi-nishida Date: Tue, 11 Mar 2025 15:49:19 +0900 Subject: [PATCH 31/43] =?UTF-8?q?=E5=B1=9E=E6=80=A7=E3=83=9E=E3=83=83?= =?UTF-8?q?=E3=83=94=E3=83=B3=E3=82=B0invenio=E3=82=B3=E3=83=9E=E3=83=B3?= =?UTF-8?q?=E3=83=89=E7=94=A8=E3=81=AEpytest=E5=AE=9F=E8=A3=85?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/weko-admin/tests/test_cli.py | 43 +++++++++++++++++----------- modules/weko-admin/weko_admin/cli.py | 13 +++++---- 2 files changed, 34 insertions(+), 22 deletions(-) diff --git a/modules/weko-admin/tests/test_cli.py b/modules/weko-admin/tests/test_cli.py index 49708da991..6121dd0ee8 100644 --- a/modules/weko-admin/tests/test_cli.py +++ b/modules/weko-admin/tests/test_cli.py @@ -232,27 +232,36 @@ def test_insert_facet_search_to_db(db, script_info): #def admin_settings(): #def update_attribute_mapping(shib_eppn, shib_role_authority_name, shib_mail, shib_user_name): # .tox/c1/bin/pytest --cov=weko_admin tests/test_cli.py::test_update_attribute_mapping -vv -s --cov-branch --cov-report=term --basetemp=/code/modules/weko-admin/.tox/c1/tmp -def test_update_attribute_mapping(db, shib_eppn_value=None, shib_role_authority_name_value=None, shib_mail_value=None, shib_user_name_value=None): +def test_update_attribute_mapping(db, script_info): runner = CliRunner() - result = runner.invoke( - update_attribute_mapping, - shib_eppn_value, - shib_role_authority_name_value, - shib_mail_value, - shib_user_name_value - ) - + + try: + db.session.add(AdminSettings( + id=9, + name="attribute_mapping", + settings='{"shib_eppn": "eduPersonPrincipalName", "shib_mail": "mail", "shib_user_name": "displayName", "shib_role_authority_name": "eduPersonAffiliation"}' + )) + db.session.commit() + except Exception as e: + db.session.rollback() + raise + finally: + db.session.remove() + + # テスト用引数をオプション形式で定義 + args = [ + '--shib_eppn', 'o', + '--shib_role_authority_name', None, + '--shib_mail', 'o', + '--shib_user_name', None + ] + + result = runner.invoke(update_attribute_mapping, args=args, obj=script_info) + assert result.exit_code == 0 assert result.output.strip() == "Mapping and update were successful." - assert AdminSettings.query.filter_by(id=9).one_or_none().name== "attribute_mapping" with patch("weko_admin.cli.AdminSettings.update",side_effect=Exception("test_error")): - result = runner.invoke( - update_attribute_mapping, - shib_eppn_value, - shib_role_authority_name_value, - shib_mail_value, - shib_user_name_value - ) + result = runner.invoke(update_attribute_mapping, args=args, obj=script_info) assert result.exit_code == 0 assert result.output == "test_error\n" \ No newline at end of file diff --git a/modules/weko-admin/weko_admin/cli.py b/modules/weko-admin/weko_admin/cli.py index 35d9df0d55..9b90cc4a89 100644 --- a/modules/weko-admin/weko_admin/cli.py +++ b/modules/weko-admin/weko_admin/cli.py @@ -22,6 +22,7 @@ import ast import click +import json from flask.cli import with_appcontext from weko_authors.models import AuthorsPrefixSettings, AuthorsAffiliationSettings @@ -208,7 +209,6 @@ def create_settings(id, name, settings): except Exception as ex: click.secho(str(ex)) -# invenio admin_settings mapping_update --shib_eppn eppn_value --shib_mail mail_value @admin_settings.command('mapping_update') @click.option('--shib_eppn', type=str, default=None) @click.option('--shib_role_authority_name', type=str, default=None) @@ -218,11 +218,14 @@ def create_settings(id, name, settings): def update_attribute_mapping(shib_eppn, shib_role_authority_name, shib_mail, shib_user_name): """Update Attribute Mapping between Shibboleth and WEKO3.""" attribute_mappings = AdminSettings.get('attribute_mapping', dict_to_object=False) + if isinstance(attribute_mappings, str): + attribute_mappings = json.loads(attribute_mappings) + attributes = { - 'shib_eppn': attribute_mappings.get('shib_eppn'), - 'shib_role_authority_name': attribute_mappings.get('shib_role_authority_name'), - 'shib_mail': attribute_mappings.get('shib_mail'), - 'shib_user_name': attribute_mappings.get('shib_user_name') + 'shib_eppn': attribute_mappings.get('shib_eppn', ''), + 'shib_role_authority_name': attribute_mappings.get('shib_role_authority_name', ''), + 'shib_mail': attribute_mappings.get('shib_mail', ''), + 'shib_user_name': attribute_mappings.get('shib_user_name', '') } try: From 8693e69dfac42fab49387e0690368758b6cbeb5f Mon Sep 17 00:00:00 2001 From: ayumi-nishida Date: Wed, 12 Mar 2025 10:14:22 +0900 Subject: [PATCH 32/43] =?UTF-8?q?=E8=A8=80=E8=AA=9E=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../translations/en/LC_MESSAGES/messages.mo | Bin 1485 -> 1437 bytes .../translations/en/LC_MESSAGES/messages.po | 16 ++++++++-------- .../translations/ja/LC_MESSAGES/messages.mo | Bin 3455 -> 3431 bytes .../translations/ja/LC_MESSAGES/messages.po | 8 ++++---- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/modules/weko-accounts/weko_accounts/translations/en/LC_MESSAGES/messages.mo b/modules/weko-accounts/weko_accounts/translations/en/LC_MESSAGES/messages.mo index dfecd605da2d72fded9e7ed0eac4ac98e11b4e01..a3895600a6f9fb0279548bd13aadb49a06e0e5d9 100644 GIT binary patch delta 294 zcmYk$yG{a85XSL2%O1HbN>H}|j9CJW1($>eu%VU4Y(uxj79`k+6-p>9X)r@&LPC56 zpMZjrf+w+|q4U3if|Gpt&E(9vY`vv7?@sSU3^jHG6#E5xG;ok^3c0n3Wvy$oaaUNj{S& zDUzJaYSDb?l`YxeDH;s*(w22+d{tAB&%fACR^L@?QdJeITvO%HYQ!4P*qf zLM+G!(m*pAP6274`3&4Z3{=a&3B+7L3<5kr3~~evumc&)Kn&8yHd&CdhBYiPr!;l) zdKM{e1>eNX90fRk@=-=ngsgx7Em5@8_m{U09zV~yTp!PQp6~Q)`n=o9n%P&-Or{*OS)9irZsP!+;W%Dk z2ybx{?{N_0eZBXJI7(f?eq6>$T*Ic%>=1{kU)V(Zy@#x2aTYP&&R`jnSo5r7jJk>X z!Kqibu|$1`YWNw$80BjQ6R7=`Fp720J=CB_IEI(umRX*~4G-i4YJxYUSqn108jPUo z0xn|Na|bu5ud#+7$j25UW>dI=8sGpMc!Ju$i)!pM$wGhNQ28-~s~lClH a&#gM?;QH3?zFTpsZo?^&sZQH@3jF|Q;W3K< delta 608 zcmZwEy-Nad7{Kwzm&?1#lwQS`)HET%79og;93)z*C4wXfaSB{7YPtw&wBVK+Yp=yU zni|?{YY+Sn8ltH0lV_6$&wYN+@6N~H^ISLn6Tf*tvR6p diff --git a/modules/weko-accounts/weko_accounts/translations/ja/LC_MESSAGES/messages.po b/modules/weko-accounts/weko_accounts/translations/ja/LC_MESSAGES/messages.po index d579f883ec..48d64d6cd1 100644 --- a/modules/weko-accounts/weko_accounts/translations/ja/LC_MESSAGES/messages.po +++ b/modules/weko-accounts/weko_accounts/translations/ja/LC_MESSAGES/messages.po @@ -28,19 +28,19 @@ msgid "Shibboleth flag was updated." msgstr "Shibboleth設定を更新しました" #: weko_accounts/admin.py: -msgid "Shib Eppn Value mapping was updated." +msgid "Shib Eppn mapping was updated." msgstr "属性マッピング設定(shib_eppn)を更新しました" #: weko_accounts/admin.py: -msgid "Shib Role Authority Name Value mapping was updated." +msgid "Shib Role Authority Name mapping was updated." msgstr "属性マッピング設定(shib_role_authority_name)を更新しました" #: weko_accounts/admin.py: -msgid "Shib Mail Value mapping was updated." +msgid "Shib Mail mapping was updated." msgstr "属性マッピング設定(shib_mail)を更新しました" #: weko_accounts/admin.py: -msgid "Shib User Name Value mapping was updated." +msgid "Shib User Name mapping was updated." msgstr "属性マッピング設定(shib_user_name)を更新しました" #: weko_accounts/admin.py:69 From 3933d3173ffe6d76c82875dcafe1cd2ed029d1e3 Mon Sep 17 00:00:00 2001 From: ayumi-nishida Date: Thu, 13 Mar 2025 09:53:12 +0900 Subject: [PATCH 33/43] =?UTF-8?q?=E3=83=86=E3=82=B9=E3=83=88=E3=82=B3?= =?UTF-8?q?=E3=83=BC=E3=83=89=E5=AE=9F=E8=A3=85=E3=80=82=E5=90=88=E3=82=8F?= =?UTF-8?q?=E3=81=9B=E3=81=A6=E4=B8=8D=E5=85=B7=E5=90=88=E8=A7=A3=E6=B6=88?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/weko-accounts/tests/test_views.py | 47 +++++++++++++++++++- modules/weko-accounts/weko_accounts/views.py | 6 ++- 2 files changed, 49 insertions(+), 4 deletions(-) diff --git a/modules/weko-accounts/tests/test_views.py b/modules/weko-accounts/tests/test_views.py index c0616b3d75..edbcababdf 100644 --- a/modules/weko-accounts/tests/test_views.py +++ b/modules/weko-accounts/tests/test_views.py @@ -11,6 +11,8 @@ init_menu, _redirect_method ) +from weko_admin.models import AdminSettings + def set_session(client,data): with client.session_transaction() as session: for k, v in data.items(): @@ -259,7 +261,7 @@ def test_shib_login(client,redis_connect,users,mocker): assert res.status_code == 400 #def shib_sp_login(): # .tox/c1/bin/pytest --cov=weko_accounts tests/test_views.py::test_shib_sp_login -vv -s --cov-branch --cov-report=term --basetemp=/code/modules/weko-workflow/.tox/c1/tmp -def test_shib_sp_login(client, redis_connect,mocker): +def test_shib_sp_login(client, redis_connect,mocker, db): mocker.patch("weko_accounts.views.RedisConnection.connection",return_value=redis_connect) url = url_for("weko_accounts.shib_sp_login") @@ -282,11 +284,49 @@ def test_shib_sp_login(client, redis_connect,mocker): mock_flash = mocker.patch("weko_accounts.views.flash") client.post(url,data=form) mock_flash.assert_called_with("Missing SHIB_ATTRs!",category="error") - + + # Check if shib_eppn is not included in the blocked user list + try: + db.session.add(AdminSettings( + id=6, + name="blocked_user_settings", + settings='{"blocked_ePPNs": ["ePPN1", "ePPN2", "ePPN3", "ePPN5", "ePPP*"]}' + )) + db.session.commit() + except Exception as e: + db.session.rollback() + raise + finally: + db.session.remove() + + # Match with blocked user + mock_flash = mocker.patch("weko_accounts.views.flash") + form = { + "SHIB_ATTR_SESSION_ID":"1111", + "SHIB_ATTR_EPPN":"ePPN3" + } + client.post(url,data=form) + mock_flash.assert_called_with("Failed to login.",category="error") + mock_redirect_ = mocker.patch("weko_accounts.views._redirect_method",return_value=make_response()) + + # Match found with a blocked user from the wildcard + mock_flash = mocker.patch("weko_accounts.views.flash") + form = { + "SHIB_ATTR_SESSION_ID":"1111", + "SHIB_ATTR_EPPN":"ePPP3" + } + client.post(url,data=form) + mock_flash.assert_called_with("Failed to login.",category="error") + mock_redirect_ = mocker.patch("weko_accounts.views._redirect_method",return_value=make_response()) + + # Not a blocked user form = { "SHIB_ATTR_SESSION_ID":"1111", "SHIB_ATTR_EPPN":"test_eppn" } + res = client.post(url,data=form) + assert res.status_code == 200 + # shib_user.get_relation_info is None with patch("weko_accounts.views.ShibUser.get_relation_info",return_value=None): res = client.post(url,data=form) @@ -303,6 +343,9 @@ def test_shib_sp_login(client, redis_connect,mocker): mock_redirect_ = mocker.patch("weko_accounts.views._redirect_method",return_value=make_response()) res = client.post(url,data={}) mock_redirect_.assert_called_once() + + + #def shib_stub_login(): # .tox/c1/bin/pytest --cov=weko_accounts tests/test_views.py::test_shib_stub_login -vv -s --cov-branch --cov-report=term --basetemp=/code/modules/weko-workflow/.tox/c1/tmp def test_shib_stub_login(client,mocker): diff --git a/modules/weko-accounts/weko_accounts/views.py b/modules/weko-accounts/weko_accounts/views.py index 92ceec6e8d..c398dc6bb2 100644 --- a/modules/weko-accounts/weko_accounts/views.py +++ b/modules/weko-accounts/weko_accounts/views.py @@ -301,8 +301,10 @@ def shib_sp_login(): # Check if shib_eppn is not included in the blocked user list if AdminSettings.query.filter_by(name='blocked_user_settings').first(): - block_user_settings = AdminSettings.get('blocked_user_settings') - block_user_list = block_user_settings.__dict__.get('blocked_ePPNs', []) + block_user_settings = AdminSettings.get('blocked_user_settings', dict_to_object=False) + if isinstance(block_user_settings, str): + block_user_settings = json.loads(block_user_settings) + block_user_list = block_user_settings.get('blocked_ePPNs', []) shib_eppn = shib_attr.get('shib_eppn') # Convert wildcards to regular expressions From b11e41273728d37bd0798e69326039651ad98909 Mon Sep 17 00:00:00 2001 From: ayumi-nishida Date: Fri, 14 Mar 2025 10:55:40 +0900 Subject: [PATCH 34/43] =?UTF-8?q?Redis=E6=83=85=E5=A0=B1=E3=82=92=E5=89=8A?= =?UTF-8?q?=E9=99=A4=E3=81=99=E3=82=8B=E5=87=A6=E7=90=86=E8=BF=BD=E5=8A=A0?= =?UTF-8?q?=E3=80=81=E3=81=9D=E3=82=8C=E3=81=AB=E5=90=88=E3=82=8F=E3=81=9B?= =?UTF-8?q?=E3=81=A6=E3=83=86=E3=82=B9=E3=83=88=E3=82=B3=E3=83=BC=E3=83=89?= =?UTF-8?q?=E3=82=82=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/weko-accounts/tests/test_views.py | 2 ++ modules/weko-accounts/weko_accounts/views.py | 1 + 2 files changed, 3 insertions(+) diff --git a/modules/weko-accounts/tests/test_views.py b/modules/weko-accounts/tests/test_views.py index e1ee262248..44249938a7 100644 --- a/modules/weko-accounts/tests/test_views.py +++ b/modules/weko-accounts/tests/test_views.py @@ -251,9 +251,11 @@ def test_confirm_user_without_page(client,redis_connect,mocker): mock_flash = mocker.patch("weko_accounts.views.flash") client.get(url) mock_flash.assert_called_with("FAILED bind_relation_info!",category="error") + assert redis_connect.redis.exists("Shib-Session-1111") is False with patch("weko_accounts.views.ShibUser.bind_relation_info",return_value=True): # ShibUser.check_in is error with patch("weko_accounts.views.ShibUser.check_in",return_value="test_error"): + redis_connect.put("Shib-Session-1111",bytes('{"shib_eppn":"test_eppn"}',"utf-8")) mock_flash = mocker.patch("weko_accounts.views.flash") client.get(url) mock_flash.assert_called_with("test_error",category="error") diff --git a/modules/weko-accounts/weko_accounts/views.py b/modules/weko-accounts/weko_accounts/views.py index 809e335e53..cbab5a85dc 100644 --- a/modules/weko-accounts/weko_accounts/views.py +++ b/modules/weko-accounts/weko_accounts/views.py @@ -255,6 +255,7 @@ def confirm_user_without_page(): # bind relation info if not shib_user.bind_relation_info(cache_val.get('shib_mail')): flash('FAILED bind_relation_info!', category='error') + datastore.delete(cache_key) return _redirect_method() # check in From 15b812a15b1d4e6dd1467c798877a8ec03ab6981 Mon Sep 17 00:00:00 2001 From: ayumi-nishida Date: Mon, 24 Mar 2025 09:49:33 +0900 Subject: [PATCH 35/43] =?UTF-8?q?=E5=B1=9E=E6=80=A7=E3=81=AE=E5=A4=89?= =?UTF-8?q?=E6=95=B0=E5=90=8D=E3=82=92=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/weko-accounts/weko_accounts/config.py | 21 +++++++++++-------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/modules/weko-accounts/weko_accounts/config.py b/modules/weko-accounts/weko_accounts/config.py index 84ad81b029..635a980341 100644 --- a/modules/weko-accounts/weko_accounts/config.py +++ b/modules/weko-accounts/weko_accounts/config.py @@ -75,28 +75,31 @@ """IdP attribute map.""" WEKO_ACCOUNTS_ATTRIBUTE_MAP = { - 'shib_eppn': 'eduPersonPrincipalName', + 'shib_eppn': 'eppn', 'shib_role_authority_name': 'eduPersonAffiliation', 'shib_mail': 'mail', - 'shib_user_name': 'displayName' + 'shib_user_name': 'DisplayName' } """IdP attribute map.""" WEKO_ACCOUNTS_ATTRIBUTE_LIST = [ + 'eppn', + 'DisplayName', 'mail', + 'eduPersonOrcid', + 'jasn', + 'jaGivenName', + 'jaDisplayName', + 'jao', + 'jaou', + 'isMemberOf', 'sn', 'o', 'ou', 'givenName', - 'displayName', 'eduPersonAffiliation', - 'eduPersonPrincipalName', - 'eduPersonEntitlement', 'eduPersonScopedAffiliation', - 'eduPersonTargetedID', - 'eduPersonAssurance', - 'eduPersonUniqueId', - 'eduPersonOrcid' + 'eduPersonTargetedID' ] """Attribute List.""" From a245e038df70e9c0b9801727d62a70d538f63981 Mon Sep 17 00:00:00 2001 From: ayumi-nishida Date: Thu, 27 Mar 2025 14:11:16 +0900 Subject: [PATCH 36/43] =?UTF-8?q?test=5Findex,test=5Findex=5Facl=E3=81=8C?= =?UTF-8?q?=E9=80=9A=E3=82=8B=E3=82=88=E3=81=86=E3=81=AB=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/weko-accounts/tests/conftest.py | 2 +- modules/weko-accounts/tests/test_admin.py | 145 +++++++++++++------ modules/weko-accounts/weko_accounts/views.py | 1 + 3 files changed, 105 insertions(+), 43 deletions(-) diff --git a/modules/weko-accounts/tests/conftest.py b/modules/weko-accounts/tests/conftest.py index 5169f7a154..bf0f68c4a2 100644 --- a/modules/weko-accounts/tests/conftest.py +++ b/modules/weko-accounts/tests/conftest.py @@ -182,7 +182,7 @@ def users(app, db): ds.add_role_to_user(generaluser, general_role) ds.add_role_to_user(originalroleuser, originalrole) ds.add_role_to_user(originalroleuser2, originalrole) - ds.add_role_to_user(originalroleuser2, repoadmin_role) + # ds.add_role_to_user(originalroleuser2, repoadmin_role) ds.add_role_to_user(student,studentrole) # Assign access authorization diff --git a/modules/weko-accounts/tests/test_admin.py b/modules/weko-accounts/tests/test_admin.py index 53786a5e5d..755d8a43ec 100644 --- a/modules/weko-accounts/tests/test_admin.py +++ b/modules/weko-accounts/tests/test_admin.py @@ -2,6 +2,10 @@ from mock import patch from flask import current_app,url_for,make_response from invenio_accounts.testutils import login_user_via_session as login +from weko_admin.models import AdminSettings +from invenio_accounts.models import User +from sqlalchemy.orm.session import object_session + class TestShibSettingView: @@ -11,14 +15,14 @@ def test_index_acl_guest(self,client,session_time): assert res.status_code == 302 @pytest.mark.parametrize('user_index, is_can',[ (0,True), - (1,False), + (1,True), (2,False), (3,False), (4,False), (5,False), (6,False), ]) - def test_index_acl(self,client,users,user_index,is_can,mocker): + def test_index_acl(self,client,users,user_index,is_can,mocker, admin_settings): mocker.patch("weko_accounts.admin.ShibSettingView.render",return_value=make_response()) login(client=client,email=users[user_index]["email"]) url = url_for("shibboleth.index",_external=True) @@ -28,43 +32,100 @@ def test_index_acl(self,client,users,user_index,is_can,mocker): else: assert res.status_code == 403 # .tox/c1/bin/pytest --cov=weko_accounts tests/test_admin.py::TestShibSettingView::test_index -vv -s --cov-branch --cov-report=term --basetemp=/code/modules/weko-workflow/.tox/c1/tmp - def test_index(self,client,users,mocker): - login(client=client,email=users[0]["email"]) - url = url_for("shibboleth.index") - sibuser_html = 'weko_accounts/setting/shibuser.html' - mock_render = mocker.patch("weko_accounts.admin.ShibSettingView.render",return_value=make_response()) - current_app.config.update( - WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED=True - ) - # shib_flg = 1 - res = client.post(url,data=dict( - submit="shib_form", - shibbolethRadios="1" - )) - assert current_app.config["WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED"] == True - assert res.status_code==200 - mock_render.assert_called_with(sibuser_html,shib_flg="1") - - mock_render = mocker.patch("weko_accounts.admin.ShibSettingView.render",return_value=make_response()) - current_app.config.update( - WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED=False - ) - # shib_flg = 0 - res = client.post(url,data=dict( - submit="shib_form", - shibbolethRadios="0" - )) - assert res.status_code == 200 - assert current_app.config["WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED"] == False - mock_render.assert_called_with(sibuser_html,shib_flg="0") - - # raise BaseException - with patch("weko_accounts.admin.ShibSettingView.render",side_effect=BaseException): - res = client.post(url) - assert res.status_code == 400 - - # method is GET - mock_render = mocker.patch("weko_accounts.admin.ShibSettingView.render",return_value=make_response()) - res = client.get(url) - assert res.status_code == 200 - mock_render.assert_called_with(sibuser_html,shib_flg="0") \ No newline at end of file + def test_index(self,app,client,users,mocker, admin_settings, db): + with app.app_context(): + user = User.query.filter_by(email=users[0]['email']).first() + login(client=client, user=user) + url = url_for("shibboleth.index") + sibuser_html = 'weko_accounts/setting/shibuser.html' + mock_render = mocker.patch("weko_accounts.admin.ShibSettingView.render",return_value=make_response()) + current_app.config["WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED"] = True + + # new_shib_flg = 1 + if object_session(user) is None: + user = db.session.merge(user) + res = client.post(url,data=dict( + submit="shib_form", + shibbolethRadios="1" + )) + assert admin_settings[1].settings["shib_flg"] is True + assert res.status_code==200 + + # モックに渡す変数を設定 + role_list = current_app.config['WEKO_ACCOUNTS_ROLE_LIST'] + attr_list = current_app.config['WEKO_ACCOUNTS_ATTRIBUTE_LIST'] + block_user_list = admin_settings[0].settings['blocked_ePPNs'] + roles = admin_settings[2].settings + set_language = "en" + shib_flg = "1" + attributes = admin_settings[3].settings + + mock_render.assert_called_with( + sibuser_html, + shib_flg=shib_flg, + set_language=set_language, + role_list=role_list, + attr_list=attr_list, + block_user_list=block_user_list, + **roles, + **attributes + ) + current_app.config["WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED"] = False + + # new_shib_flg = 0 + res = client.post(url,data=dict( + submit="shib_form", + shibbolethRadios="0" + )) + assert res.status_code == 200 + assert admin_settings[1].settings["shib_flg"] is False + shib_flg = "0" + mock_render.assert_called_with( + sibuser_html, + shib_flg=shib_flg, + set_language=set_language, + role_list=role_list, + attr_list=attr_list, + block_user_list=block_user_list, + **roles, + **attributes + ) + + # raise BaseException + with patch("weko_accounts.admin.ShibSettingView.render",side_effect=BaseException): + res = client.post(url) + assert res.status_code == 400 + + # method is GET + mock_render = mocker.patch("weko_accounts.admin.ShibSettingView.render",return_value=make_response()) + res = client.get(url) + assert res.status_code == 200 + mock_render.assert_called_with( + sibuser_html, + shib_flg=shib_flg, + set_language=set_language, + role_list=role_list, + attr_list=attr_list, + block_user_list=block_user_list, + **roles, + **attributes + ) + + + @pytest.fixture + def admin_settings(self, db): + settings = list() + settings.append(AdminSettings(id=6,name="blocked_user_settings",settings={"blocked_ePPNs": []})) + settings.append(AdminSettings(id=7,name="shib_login_enable",settings={"shib_flg": False})) + settings.append(AdminSettings(id=8,name="default_role_settings",settings={ + "gakunin_role": "Contributor", + "orthros_outside_role": "Community Administrator", + "extra_role": "None"})) + settings.append(AdminSettings(id=9,name="attribute_mapping",settings={ + "shib_eppn": "eppn", + "shib_role_authority_name": "eduPersonAffiliation", + "shib_mail": "mail", + "shib_user_name": "DisplayName"})) + db.session.add_all(settings) + db.session.commit() + return settings \ No newline at end of file diff --git a/modules/weko-accounts/weko_accounts/views.py b/modules/weko-accounts/weko_accounts/views.py index e58116c654..d15dc0beaa 100644 --- a/modules/weko-accounts/weko_accounts/views.py +++ b/modules/weko-accounts/weko_accounts/views.py @@ -135,6 +135,7 @@ def _adjust_shib_admin_DB(): setting = AdminSettings.query.filter_by(name='attribute_mapping').first() setting.settings = _app.config['WEKO_ACCOUNTS_ATTRIBUTE_MAP'] db.session.commit() + yield def _redirect_method(has_next=False): From 17ff57ff3858baf838c64736bd1788ce1b3097fd Mon Sep 17 00:00:00 2001 From: ayumi-nishida Date: Thu, 27 Mar 2025 16:40:45 +0900 Subject: [PATCH 37/43] =?UTF-8?q?Shib=5FAdmin=E7=94=BB=E9=9D=A2=E3=81=A7?= =?UTF-8?q?=E3=81=AEtest=E3=81=8C=E9=80=9A=E3=82=8B=E3=82=88=E3=81=86?= =?UTF-8?q?=E3=81=AB=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/weko-accounts/tests/test_admin.py | 117 ++++++++++++++++--- modules/weko-accounts/weko_accounts/admin.py | 23 +++- 2 files changed, 122 insertions(+), 18 deletions(-) diff --git a/modules/weko-accounts/tests/test_admin.py b/modules/weko-accounts/tests/test_admin.py index 755d8a43ec..a0afb5110d 100644 --- a/modules/weko-accounts/tests/test_admin.py +++ b/modules/weko-accounts/tests/test_admin.py @@ -1,4 +1,5 @@ import pytest +import json from mock import patch from flask import current_app,url_for,make_response from invenio_accounts.testutils import login_user_via_session as login @@ -41,16 +42,6 @@ def test_index(self,app,client,users,mocker, admin_settings, db): mock_render = mocker.patch("weko_accounts.admin.ShibSettingView.render",return_value=make_response()) current_app.config["WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED"] = True - # new_shib_flg = 1 - if object_session(user) is None: - user = db.session.merge(user) - res = client.post(url,data=dict( - submit="shib_form", - shibbolethRadios="1" - )) - assert admin_settings[1].settings["shib_flg"] is True - assert res.status_code==200 - # モックに渡す変数を設定 role_list = current_app.config['WEKO_ACCOUNTS_ROLE_LIST'] attr_list = current_app.config['WEKO_ACCOUNTS_ATTRIBUTE_LIST'] @@ -60,6 +51,24 @@ def test_index(self,app,client,users,mocker, admin_settings, db): shib_flg = "1" attributes = admin_settings[3].settings + data = { + "submit": "shib_form", + "shibbolethRadios": "1", + "block-eppn-option-list": json.dumps(block_user_list) + } + + for i, (_, value) in enumerate(roles.items()): + data[f"role-lists{i}"] = value + + for i, (_, value) in enumerate(attributes.items()): + data[f"attr-lists{i}"] = value + + # new_shib_flg = 1 + res = client.post(url, data=data) + + assert admin_settings[1].settings["shib_flg"] is True + assert res.status_code==200 + mock_render.assert_called_with( sibuser_html, shib_flg=shib_flg, @@ -72,11 +81,11 @@ def test_index(self,app,client,users,mocker, admin_settings, db): ) current_app.config["WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED"] = False + data["shibbolethRadios"] = "0" + # new_shib_flg = 0 - res = client.post(url,data=dict( - submit="shib_form", - shibbolethRadios="0" - )) + res = client.post(url, data=data) + assert res.status_code == 200 assert admin_settings[1].settings["shib_flg"] is False shib_flg = "0" @@ -90,6 +99,83 @@ def test_index(self,app,client,users,mocker, admin_settings, db): **roles, **attributes ) + + # デフォルトロールを変更 + mock_render = mocker.patch("weko_accounts.admin.ShibSettingView.render",return_value=make_response()) + roles = { + "gakunin_role": "Repository Administrator", + "orthros_outside_role": "None", + "extra_role": "Contributor"} + + for i, (_, value) in enumerate(roles.items()): + data[f"role-lists{i}"] = value + + res = client.post(url, data=data) + + assert res.status_code == 200 + assert admin_settings[2].settings["gakunin_role"] == "Repository Administrator" + assert admin_settings[2].settings["orthros_outside_role"] == "None" + assert admin_settings[2].settings["extra_role"] == "Contributor" + mock_render.assert_called_with( + sibuser_html, + shib_flg=shib_flg, + set_language=set_language, + role_list=role_list, + attr_list=attr_list, + block_user_list=block_user_list, + **roles, + **attributes + ) + + # 属性を変更 + mock_render = mocker.patch("weko_accounts.admin.ShibSettingView.render",return_value=make_response()) + attributes = { + "shib_eppn": "eduPersonAffiliation", + "shib_role_authority_name": "eppn", + "shib_mail": "DisplayName", + "shib_user_name": "sn"} + + for i, (_, value) in enumerate(attributes.items()): + data[f"attr-lists{i}"] = value + + res = client.post(url, data=data) + + assert res.status_code == 200 + assert admin_settings[3].settings["shib_eppn"] == "eduPersonAffiliation" + assert admin_settings[3].settings["shib_role_authority_name"] == "eppn" + assert admin_settings[3].settings["shib_mail"] == "DisplayName" + assert admin_settings[3].settings["shib_user_name"] == "sn" + mock_render.assert_called_with( + sibuser_html, + shib_flg=shib_flg, + set_language=set_language, + role_list=role_list, + attr_list=attr_list, + block_user_list=block_user_list, + **roles, + **attributes + ) + + # ブロックユーザーを変更 + mock_render = mocker.patch("weko_accounts.admin.ShibSettingView.render",return_value=make_response()) + block_user_list = ['test1','test2','test3'] + data["block-eppn-option-list"] = json.dumps(block_user_list) + + res = client.post(url, data=data) + + assert res.status_code == 200 + assert "test1" in admin_settings[0].settings["blocked_ePPNs"] + + mock_render.assert_called_with( + sibuser_html, + shib_flg=shib_flg, + set_language=set_language, + role_list=role_list, + attr_list=attr_list, + block_user_list=str(block_user_list), + **roles, + **attributes + ) # raise BaseException with patch("weko_accounts.admin.ShibSettingView.render",side_effect=BaseException): @@ -111,7 +197,6 @@ def test_index(self,app,client,users,mocker, admin_settings, db): **attributes ) - @pytest.fixture def admin_settings(self, db): settings = list() @@ -128,4 +213,4 @@ def admin_settings(self, db): "shib_user_name": "DisplayName"})) db.session.add_all(settings) db.session.commit() - return settings \ No newline at end of file + return settings diff --git a/modules/weko-accounts/weko_accounts/admin.py b/modules/weko-accounts/weko_accounts/admin.py index abb95c0a51..0386bb8451 100644 --- a/modules/weko-accounts/weko_accounts/admin.py +++ b/modules/weko-accounts/weko_accounts/admin.py @@ -68,12 +68,14 @@ def index(self): # ブロックユーザー block_user_settings = AdminSettings.get('blocked_user_settings', dict_to_object=False) block_user_list = block_user_settings.get('blocked_ePPNs', []) - + if request.method == 'POST': # Process forms form = request.form.get('submit', None) new_shib_flg = request.form.get('shibbolethRadios', '0') - new_attributes = {key: request.form.get(f'attr-lists{i}', '0') for i, key in enumerate(attributes)} + new_roles = {key: request.form.get(f'role-lists{i}', []) for i, key in enumerate(roles)} + new_attributes = {key: request.form.get(f'attr-lists{i}', []) for i, key in enumerate(attributes)} + new_block_user_list = request.form.get('block-eppn-option-list', "[]") if form == 'shib_form': if shib_flg != new_shib_flg: @@ -81,12 +83,29 @@ def index(self): AdminSettings.update('shib_login_enable', {"shib_flg": (shib_flg == '1')}) flash(_('Shibboleth flag was updated.'), category='success') + for key in roles: + if roles[key] != new_roles[key]: + roles[key] = new_roles[key] + flash(_(f'{key.replace("_", " ").title()} was updated.'), category='success') + AdminSettings.update('default_role_settings', roles) + for key in attributes: if attributes[key] != new_attributes[key]: attributes[key] = new_attributes[key] flash(_(f'{key.replace("_", " ").title()} mapping was updated.'), category='success') AdminSettings.update('attribute_mapping', attributes) + # ブロックユーザーの更新 + if block_user_list != json.loads(new_block_user_list): + new_eppn_list = json.loads(new_block_user_list) + new_eppn_list.sort() + updateSettings = {'blocked_ePPNs': new_eppn_list} + AdminSettings.update('blocked_user_settings', updateSettings) + flash( + _('Blocked user list was updated.'), + category='success') + block_user_list = str(new_eppn_list).replace('"', '\\"') + self.get_latest_current_app() return self.render( From 921f5ebd2e25b400033627ef4b977adfde9e8cd2 Mon Sep 17 00:00:00 2001 From: ayumi-nishida Date: Fri, 28 Mar 2025 11:11:29 +0900 Subject: [PATCH 38/43] =?UTF-8?q?=E3=83=86=E3=82=B9=E3=83=88=E3=82=B1?= =?UTF-8?q?=E3=83=BC=E3=82=B9=E3=81=AB=E5=AF=BE=E5=BF=9C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/weko-accounts/tests/test_views.py | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/modules/weko-accounts/tests/test_views.py b/modules/weko-accounts/tests/test_views.py index 44249938a7..5d32f951f5 100644 --- a/modules/weko-accounts/tests/test_views.py +++ b/modules/weko-accounts/tests/test_views.py @@ -268,6 +268,19 @@ def test_confirm_user_without_page(client,redis_connect,mocker): mock_redirect.assert_called_with("/") assert redis_connect.redis.exists("Shib-Session-1111") is False + # exist ShibUser.shib_user + set_session(client,{"shib_session_id":"1111"}) + redis_connect.put("Shib-Session-1111",bytes('{"shib_eppn":"test_eppn"}',"utf-8")) + + shibuser = ShibUser({}) + shibuser.shib_user = "test_user" + with patch("weko_accounts.views.ShibUser",return_value=shibuser): + mock_redirect = mocker.patch("weko_accounts.views.redirect",return_value=make_response()) + mock_flash = mocker.patch("weko_accounts.views.flash") + client.get(url) + mock_redirect.assert_called_with("/") + assert redis_connect.redis.exists("Shib-Session-1111") is False + # exist ShibUser.shib_user set_session(client,{"shib_session_id":"1111","next":"/next_page"}) redis_connect.put("Shib-Session-1111",bytes('{"shib_eppn":"test_eppn"}',"utf-8")) From fd692d79aad5bbddad5a598177b4cd661829defa Mon Sep 17 00:00:00 2001 From: ayumi-nishida Date: Fri, 28 Mar 2025 15:10:13 +0900 Subject: [PATCH 39/43] =?UTF-8?q?DB=E7=94=9F=E6=88=90=E3=81=AE=E6=B5=81?= =?UTF-8?q?=E3=82=8C=E3=82=92=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/weko-accounts/weko_accounts/admin.py | 9 --- modules/weko-accounts/weko_accounts/views.py | 66 ++++++++++++++++++++ 2 files changed, 66 insertions(+), 9 deletions(-) diff --git a/modules/weko-accounts/weko_accounts/admin.py b/modules/weko-accounts/weko_accounts/admin.py index e5ec1ecd77..2630ddc85e 100644 --- a/modules/weko-accounts/weko_accounts/admin.py +++ b/modules/weko-accounts/weko_accounts/admin.py @@ -45,15 +45,6 @@ def index(self): attr_list = current_app.config['WEKO_ACCOUNTS_ATTRIBUTE_LIST'] set_language = _('language') - # 'blocked_user_settings' が存在しない場合、新しいレコードを追加 - if AdminSettings.query.filter_by(name='blocked_user_settings').first() is None: - new_setting = AdminSettings( - id=6, - name="blocked_user_settings", - settings={"blocked_ePPNs": []} - ) - db.session.add(new_setting) - db.session.commit() block_user_settings = AdminSettings.get('blocked_user_settings') block_user_list = block_user_settings.__dict__['blocked_ePPNs'] diff --git a/modules/weko-accounts/weko_accounts/views.py b/modules/weko-accounts/weko_accounts/views.py index 6fc2b85f59..092a320c21 100644 --- a/modules/weko-accounts/weko_accounts/views.py +++ b/modules/weko-accounts/weko_accounts/views.py @@ -41,6 +41,7 @@ from weko_redis.redis import RedisConnection from werkzeug.local import LocalProxy from invenio_db import db +from weko_admin.models import AdminSettings, db from .api import ShibUser from .utils import generate_random_str, parse_attributes @@ -73,6 +74,71 @@ def init_menu(): _('%(icon)s Administration', icon=''), visible_when=_has_admin_access, order=100) + + _adjust_shib_admin_DB() + +def _adjust_shib_admin_DB(): + """ + Create or Update Shibboleth Admin database table. + """ + with _app.app_context(): + if AdminSettings.query.filter_by(name='blocked_user_settings').first() is None: + max_id = db.session.query(db.func.max(AdminSettings.id)).scalar() + new_setting = AdminSettings( + id=max_id + 1, + name="blocked_user_settings", + settings={"blocked_ePPNs": []} + ) + db.session.add(new_setting) + db.session.commit() + + if AdminSettings.query.filter_by(name='shib_login_enable').first() is None: + max_id = db.session.query(db.func.max(AdminSettings.id)).scalar() + new_setting = AdminSettings( + id=max_id + 1, + name="shib_login_enable", + settings={"shib_flg": _app.config['WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED']} + ) + db.session.add(new_setting) + db.session.commit() + else: + setting = AdminSettings.query.filter_by(name='shib_login_enable').first() + setting.settings = {"shib_flg": _app.config['WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED']} + db.session.commit() + + if AdminSettings.query.filter_by(name='default_role_settings').first() is None: + max_id = db.session.query(db.func.max(AdminSettings.id)).scalar() + new_setting = AdminSettings( + id=max_id + 1, + name="default_role_settings", + settings={ + "gakunin_role": _app.config['WEKO_ACCOUNTS_GAKUNIN_ROLE']['defaultRole'], + "orthros_outside_role": _app.config['WEKO_ACCOUNTS_ORTHROS_OUTSIDE_ROLE']['defaultRole'], + "extra_role": _app.config['WEKO_ACCOUNTS_EXTRA_ROLE']['defaultRole']} + ) + db.session.add(new_setting) + db.session.commit() + else: + setting = AdminSettings.query.filter_by(name='default_role_settings').first() + setting.settings = { + "gakunin_role": _app.config['WEKO_ACCOUNTS_GAKUNIN_ROLE']['defaultRole'], + "orthros_outside_role": _app.config['WEKO_ACCOUNTS_ORTHROS_OUTSIDE_ROLE']['defaultRole'], + "extra_role": _app.config['WEKO_ACCOUNTS_EXTRA_ROLE']['defaultRole']} + db.session.commit() + + if AdminSettings.query.filter_by(name='attribute_mapping').first() is None: + max_id = db.session.query(db.func.max(AdminSettings.id)).scalar() + new_setting = AdminSettings( + id=max_id + 1, + name="attribute_mapping", + settings=_app.config['WEKO_ACCOUNTS_ATTRIBUTE_MAP'] + ) + db.session.add(new_setting) + db.session.commit() + else: + setting = AdminSettings.query.filter_by(name='attribute_mapping').first() + setting.settings = _app.config['WEKO_ACCOUNTS_ATTRIBUTE_MAP'] + db.session.commit() def _redirect_method(has_next=False): From 2188e4c89c6e18326294fc24587c47bd0975f96c Mon Sep 17 00:00:00 2001 From: ayumi-nishida Date: Fri, 28 Mar 2025 15:16:03 +0900 Subject: [PATCH 40/43] =?UTF-8?q?DB=E7=94=9F=E6=88=90=E5=91=A8=E3=82=8A?= =?UTF-8?q?=E3=82=92=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/weko-accounts/weko_accounts/admin.py | 9 --- modules/weko-accounts/weko_accounts/views.py | 65 ++++++++++++++++++++ 2 files changed, 65 insertions(+), 9 deletions(-) diff --git a/modules/weko-accounts/weko_accounts/admin.py b/modules/weko-accounts/weko_accounts/admin.py index ef342c1f39..41e5c01833 100644 --- a/modules/weko-accounts/weko_accounts/admin.py +++ b/modules/weko-accounts/weko_accounts/admin.py @@ -46,15 +46,6 @@ def index(self): attr_list = current_app.config['WEKO_ACCOUNTS_ATTRIBUTE_LIST'] set_language = _('language') - # 'blocked_user_settings' が存在しない場合、新しいレコードを追加 - if AdminSettings.query.filter_by(name='blocked_user_settings').first() is None: - new_setting = AdminSettings( - id=6, - name="blocked_user_settings", - settings={"blocked_ePPNs": []} - ) - db.session.add(new_setting) - db.session.commit() block_user_settings = AdminSettings.get('blocked_user_settings') block_user_list = block_user_settings.__dict__['blocked_ePPNs'] diff --git a/modules/weko-accounts/weko_accounts/views.py b/modules/weko-accounts/weko_accounts/views.py index c398dc6bb2..185f700ab7 100644 --- a/modules/weko-accounts/weko_accounts/views.py +++ b/modules/weko-accounts/weko_accounts/views.py @@ -76,6 +76,71 @@ def init_menu(): visible_when=_has_admin_access, order=100) + _adjust_shib_admin_DB() + +def _adjust_shib_admin_DB(): + """ + Create or Update Shibboleth Admin database table. + """ + with _app.app_context(): + if AdminSettings.query.filter_by(name='blocked_user_settings').first() is None: + max_id = db.session.query(db.func.max(AdminSettings.id)).scalar() + new_setting = AdminSettings( + id=max_id + 1, + name="blocked_user_settings", + settings={"blocked_ePPNs": []} + ) + db.session.add(new_setting) + db.session.commit() + + if AdminSettings.query.filter_by(name='shib_login_enable').first() is None: + max_id = db.session.query(db.func.max(AdminSettings.id)).scalar() + new_setting = AdminSettings( + id=max_id + 1, + name="shib_login_enable", + settings={"shib_flg": _app.config['WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED']} + ) + db.session.add(new_setting) + db.session.commit() + else: + setting = AdminSettings.query.filter_by(name='shib_login_enable').first() + setting.settings = {"shib_flg": _app.config['WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED']} + db.session.commit() + + if AdminSettings.query.filter_by(name='default_role_settings').first() is None: + max_id = db.session.query(db.func.max(AdminSettings.id)).scalar() + new_setting = AdminSettings( + id=max_id + 1, + name="default_role_settings", + settings={ + "gakunin_role": _app.config['WEKO_ACCOUNTS_GAKUNIN_ROLE']['defaultRole'], + "orthros_outside_role": _app.config['WEKO_ACCOUNTS_ORTHROS_OUTSIDE_ROLE']['defaultRole'], + "extra_role": _app.config['WEKO_ACCOUNTS_EXTRA_ROLE']['defaultRole']} + ) + db.session.add(new_setting) + db.session.commit() + else: + setting = AdminSettings.query.filter_by(name='default_role_settings').first() + setting.settings = { + "gakunin_role": _app.config['WEKO_ACCOUNTS_GAKUNIN_ROLE']['defaultRole'], + "orthros_outside_role": _app.config['WEKO_ACCOUNTS_ORTHROS_OUTSIDE_ROLE']['defaultRole'], + "extra_role": _app.config['WEKO_ACCOUNTS_EXTRA_ROLE']['defaultRole']} + db.session.commit() + + if AdminSettings.query.filter_by(name='attribute_mapping').first() is None: + max_id = db.session.query(db.func.max(AdminSettings.id)).scalar() + new_setting = AdminSettings( + id=max_id + 1, + name="attribute_mapping", + settings=_app.config['WEKO_ACCOUNTS_ATTRIBUTE_MAP'] + ) + db.session.add(new_setting) + db.session.commit() + else: + setting = AdminSettings.query.filter_by(name='attribute_mapping').first() + setting.settings = _app.config['WEKO_ACCOUNTS_ATTRIBUTE_MAP'] + db.session.commit() + def _redirect_method(has_next=False): """Redirect method for instance login to IdP.""" From 686b1dbce4085cc336c074d2477ae96a42610b16 Mon Sep 17 00:00:00 2001 From: ayumi-nishida Date: Fri, 28 Mar 2025 15:18:06 +0900 Subject: [PATCH 41/43] =?UTF-8?q?DB=E7=94=9F=E6=88=90=E5=91=A8=E3=82=8A?= =?UTF-8?q?=E3=82=92=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/weko-accounts/weko_accounts/views.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/modules/weko-accounts/weko_accounts/views.py b/modules/weko-accounts/weko_accounts/views.py index e58116c654..2837d7c4b4 100644 --- a/modules/weko-accounts/weko_accounts/views.py +++ b/modules/weko-accounts/weko_accounts/views.py @@ -83,8 +83,9 @@ def _adjust_shib_admin_DB(): """ with _app.app_context(): if AdminSettings.query.filter_by(name='blocked_user_settings').first() is None: + max_id = db.session.query(db.func.max(AdminSettings.id)).scalar() new_setting = AdminSettings( - id=6, + id=max_id + 1, name="blocked_user_settings", settings={"blocked_ePPNs": []} ) @@ -92,8 +93,9 @@ def _adjust_shib_admin_DB(): db.session.commit() if AdminSettings.query.filter_by(name='shib_login_enable').first() is None: + max_id = db.session.query(db.func.max(AdminSettings.id)).scalar() new_setting = AdminSettings( - id=7, + id=max_id + 1, name="shib_login_enable", settings={"shib_flg": _app.config['WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED']} ) @@ -105,8 +107,9 @@ def _adjust_shib_admin_DB(): db.session.commit() if AdminSettings.query.filter_by(name='default_role_settings').first() is None: + max_id = db.session.query(db.func.max(AdminSettings.id)).scalar() new_setting = AdminSettings( - id=8, + id=max_id + 1, name="default_role_settings", settings={ "gakunin_role": _app.config['WEKO_ACCOUNTS_GAKUNIN_ROLE']['defaultRole'], @@ -124,8 +127,9 @@ def _adjust_shib_admin_DB(): db.session.commit() if AdminSettings.query.filter_by(name='attribute_mapping').first() is None: + max_id = db.session.query(db.func.max(AdminSettings.id)).scalar() new_setting = AdminSettings( - id=9, + id=max_id + 1, name="attribute_mapping", settings=_app.config['WEKO_ACCOUNTS_ATTRIBUTE_MAP'] ) From caac1ad61d66776fad28ed96625ecd72cbe9fa00 Mon Sep 17 00:00:00 2001 From: ayumi-nishida Date: Fri, 28 Mar 2025 15:19:18 +0900 Subject: [PATCH 42/43] =?UTF-8?q?DB=E7=94=9F=E6=88=90=E5=91=A8=E3=82=8A?= =?UTF-8?q?=E3=82=92=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/weko-accounts/weko_accounts/views.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/modules/weko-accounts/weko_accounts/views.py b/modules/weko-accounts/weko_accounts/views.py index e58116c654..2837d7c4b4 100644 --- a/modules/weko-accounts/weko_accounts/views.py +++ b/modules/weko-accounts/weko_accounts/views.py @@ -83,8 +83,9 @@ def _adjust_shib_admin_DB(): """ with _app.app_context(): if AdminSettings.query.filter_by(name='blocked_user_settings').first() is None: + max_id = db.session.query(db.func.max(AdminSettings.id)).scalar() new_setting = AdminSettings( - id=6, + id=max_id + 1, name="blocked_user_settings", settings={"blocked_ePPNs": []} ) @@ -92,8 +93,9 @@ def _adjust_shib_admin_DB(): db.session.commit() if AdminSettings.query.filter_by(name='shib_login_enable').first() is None: + max_id = db.session.query(db.func.max(AdminSettings.id)).scalar() new_setting = AdminSettings( - id=7, + id=max_id + 1, name="shib_login_enable", settings={"shib_flg": _app.config['WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED']} ) @@ -105,8 +107,9 @@ def _adjust_shib_admin_DB(): db.session.commit() if AdminSettings.query.filter_by(name='default_role_settings').first() is None: + max_id = db.session.query(db.func.max(AdminSettings.id)).scalar() new_setting = AdminSettings( - id=8, + id=max_id + 1, name="default_role_settings", settings={ "gakunin_role": _app.config['WEKO_ACCOUNTS_GAKUNIN_ROLE']['defaultRole'], @@ -124,8 +127,9 @@ def _adjust_shib_admin_DB(): db.session.commit() if AdminSettings.query.filter_by(name='attribute_mapping').first() is None: + max_id = db.session.query(db.func.max(AdminSettings.id)).scalar() new_setting = AdminSettings( - id=9, + id=max_id + 1, name="attribute_mapping", settings=_app.config['WEKO_ACCOUNTS_ATTRIBUTE_MAP'] ) From eecacbe1079d8f36f199b20f6579df69ecec7faa Mon Sep 17 00:00:00 2001 From: ayumi-nishida Date: Fri, 28 Mar 2025 17:23:58 +0900 Subject: [PATCH 43/43] =?UTF-8?q?DB=E7=94=9F=E6=88=90=E5=91=A8=E3=82=8A?= =?UTF-8?q?=E3=82=92=E4=BF=AE=E6=AD=A3=EF=BC=8F=E3=83=86=E3=82=B9=E3=83=88?= =?UTF-8?q?=E7=92=B0=E5=A2=83=E6=99=82=E3=80=81admin=5Fsettings=E3=83=86?= =?UTF-8?q?=E3=83=BC=E3=83=96=E3=83=AB=E3=81=AE=E6=9C=80=E6=96=B0=E5=8C=96?= =?UTF-8?q?=E3=82=92=E3=81=97=E3=81=AA=E3=81=84=E3=82=88=E3=81=86=E3=81=AB?= =?UTF-8?q?=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/weko-accounts/weko_accounts/views.py | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/modules/weko-accounts/weko_accounts/views.py b/modules/weko-accounts/weko_accounts/views.py index d15dc0beaa..3466314b4c 100644 --- a/modules/weko-accounts/weko_accounts/views.py +++ b/modules/weko-accounts/weko_accounts/views.py @@ -62,7 +62,6 @@ def _has_admin_access(): return current_user.is_authenticated and current_admin \ .permission_factory(current_admin.admin.index_view).can() - @blueprint.before_app_first_request def init_menu(): """Initialize menu before first request.""" @@ -75,16 +74,19 @@ def init_menu(): visible_when=_has_admin_access, order=100) - _adjust_shib_admin_DB() - +@blueprint.before_app_first_request def _adjust_shib_admin_DB(): """ Create or Update Shibboleth Admin database table. """ + if current_app.config.get('TESTING', False): # テスト環境では何もしない + return + with _app.app_context(): if AdminSettings.query.filter_by(name='blocked_user_settings').first() is None: + max_id = db.session.query(db.func.max(AdminSettings.id)).scalar() new_setting = AdminSettings( - id=6, + id=max_id + 1, name="blocked_user_settings", settings={"blocked_ePPNs": []} ) @@ -92,8 +94,9 @@ def _adjust_shib_admin_DB(): db.session.commit() if AdminSettings.query.filter_by(name='shib_login_enable').first() is None: + max_id = db.session.query(db.func.max(AdminSettings.id)).scalar() new_setting = AdminSettings( - id=7, + id=max_id + 1, name="shib_login_enable", settings={"shib_flg": _app.config['WEKO_ACCOUNTS_SHIB_LOGIN_ENABLED']} ) @@ -105,8 +108,9 @@ def _adjust_shib_admin_DB(): db.session.commit() if AdminSettings.query.filter_by(name='default_role_settings').first() is None: + max_id = db.session.query(db.func.max(AdminSettings.id)).scalar() new_setting = AdminSettings( - id=8, + id=max_id + 1, name="default_role_settings", settings={ "gakunin_role": _app.config['WEKO_ACCOUNTS_GAKUNIN_ROLE']['defaultRole'], @@ -124,8 +128,9 @@ def _adjust_shib_admin_DB(): db.session.commit() if AdminSettings.query.filter_by(name='attribute_mapping').first() is None: + max_id = db.session.query(db.func.max(AdminSettings.id)).scalar() new_setting = AdminSettings( - id=9, + id=max_id + 1, name="attribute_mapping", settings=_app.config['WEKO_ACCOUNTS_ATTRIBUTE_MAP'] ) @@ -135,7 +140,6 @@ def _adjust_shib_admin_DB(): setting = AdminSettings.query.filter_by(name='attribute_mapping').first() setting.settings = _app.config['WEKO_ACCOUNTS_ATTRIBUTE_MAP'] db.session.commit() - yield def _redirect_method(has_next=False):