-
Notifications
You must be signed in to change notification settings - Fork 316
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
The flask based privacyidea 2.0 branch
The code was copied in from another repository. So we might have to do some janitor work, till this branch works well.
- Loading branch information
1 parent
2671a8e
commit 852d47f
Showing
440 changed files
with
64,295 additions
and
98,872 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,12 +1,9 @@ | ||
config/token.sqlite | ||
*.pyc | ||
privacyidea.log* | ||
/tests/testdata/data/ | ||
*~ | ||
doc/_build/ | ||
.project | ||
.pydevproject | ||
.settings/ | ||
DEBUILD/ | ||
privacyidea/tests/testdata/private.pem | ||
privacyidea/tests/testdata/public.pem | ||
*.sqlite | ||
*.pyc | ||
dist/ | ||
venv/ | ||
.coverage | ||
cover/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,77 +1,63 @@ | ||
privacyIDEA | ||
=========== | ||
privacyIDEA is an open solution for strong two-factor authentication. | ||
privacyIDEA aims to not bind you to any decision of the authentication protocol or | ||
it does not dictate you where your user information should be stored. | ||
This is achieved by its totally modular architecture. | ||
privacyIDEA is not only open as far as its modular architecture is concerned. | ||
But privacyIDEA is completely licensed under the AGPLv3. | ||
Preface | ||
======= | ||
|
||
privacyIDEA is a fork of LinOTP. | ||
The new 2.0 branch is based on flask and sqlalchemy as the python backend. The web UI is based | ||
on angularJS and bootstrap. | ||
|
||
Code test on travis-ci.org | ||
-------------------------- | ||
Tests are running on travis-ci.org. See the test coverage at coveralls.io. | ||
At the moment the 2.0 branch is not ready for production. You can follow the setup instructions and play around. | ||
You are also welcome to take a look at the hopefully tidy code and contribute. | ||
|
||
[![Build Status][BS img]][Build Status] | ||
[![Coverage Status][CS img]][Coverage Status] | ||
I try to keep up a good test coverage. So run tests! | ||
|
||
[Build Status]: https://travis-ci.org/privacyidea/privacyidea | ||
[Coverage Status]: https://coveralls.io/r/privacyidea/privacyidea | ||
Setup | ||
===== | ||
|
||
[BS img]: https://travis-ci.org/privacyidea/privacyidea.svg?branch=master | ||
[CS img]: https://coveralls.io/repos/privacyidea/privacyidea/badge.png?branch=master | ||
You can setup the system in a virtual environment:: | ||
|
||
Installation | ||
------------ | ||
mkdir privacyidea | ||
cd privacyidea | ||
virtualenv venv | ||
source venv/bin/activate | ||
pip install -r requirements.txt | ||
|
||
For installation instructions you can see the internal documentation, | ||
which is also contained in this git repository at | ||
|
||
https://github.com/privacyidea/privacyidea/blob/master/doc/installation/index.rst | ||
Running it | ||
========== | ||
|
||
You can also browse the documentation on the web site, which contains the | ||
latest released documentation and might not be the bleeding edge | ||
Create the database:: | ||
|
||
https://www.privacyidea.org/doc/current/ | ||
./manage.py createdb | ||
|
||
Token management | ||
---------------- | ||
Create the first administrator:: | ||
|
||
privacyIDEA has a web management interface to login for either as normal users or administrators. | ||
You need to create the first administrator to login. This administrator then can | ||
* create UserIdResolvers | ||
* a realm | ||
* and enroll tokens. | ||
./manage.py <email> <username> | ||
|
||
To create an administrator do this: | ||
Run it:: | ||
|
||
$ privacyidea-create-pwidresolver-user -u admin_name -p secret_password -i 1000 >> etc/privacyidea/admin-users | ||
./manage.py runserver | ||
|
||
You then can login with the user ``admin-name`` and the password ``secret-password``. | ||
All the administrators are stored in the file defined in the privacyIDEA.ini entry "privacyideaSuperuserFile". | ||
Now you can connect to http://localhost:5000 with your browser and login as administrator. | ||
|
||
Authentication | ||
-------------- | ||
You can use the web API to authenticate users. If you enrolled a token for a user, you can authenticate | ||
the user by calling the URL: | ||
Run tests | ||
========= | ||
|
||
http://yourserver:5001/validate/check?user=you&pass=pin123456 | ||
nosetests -v --with-coverage --cover-package=privacyidea --cover-html | ||
|
||
Yubikeys | ||
-------- | ||
privacyIDEA supports Yubikeys. To enroll yubikeys you need to install the admin client "privacyideaadm". | ||
Code structure | ||
============== | ||
|
||
Tests | ||
----- | ||
If you want to see, if everything works fine, you can run the functional tests. | ||
There are roughly 350 sometimes complex tests, running the tests will take about | ||
30 minutes. Do it like this:: | ||
The database models are defined in ``models.py`` and tested in tests/test_db_model.py. | ||
|
||
$ python setup.py build | ||
$ ./test.sh | ||
Based on the database models there are the libraries ``lib/config.py`` which is | ||
responsible for basic configuration in the database table ``config``. | ||
And the library ``lib/resolver.py`` which provides functions for the database | ||
table ``resolver``. This is tested in tests/test_lib_resolver.py. | ||
|
||
Based on the resolver there is the library ``lib/realm.py`` which provides functions | ||
for the database table ``realm``. Several resolvers are combined into a realm. | ||
|
||
Based on the realm there is the library ``lib/user.py`` which provides functions | ||
for users. There is no database table user, since users are dynamically read from | ||
the user sources like SQL, LDAP, SCIM or flat files. | ||
|
||
Questions | ||
--------- | ||
Take a look at http://privacyidea.org and join the google group https://groups.google.com/forum/#!forum/privacyidea. | ||
|
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
import os | ||
basedir = os.path.abspath(os.path.dirname(__file__)) | ||
|
||
|
||
class Config: | ||
SECRET_KEY = os.environ.get('SECRET_KEY') | ||
# SQL_ALCHEMY_DATABASE_URI = "mysql://privacyidea:XmbSrlqy5d4IS08zjz" | ||
# "GG5HTt40Cpf5@localhost/privacyidea" | ||
PI_ENCFILE = "tests/testdata/enckey" | ||
PI_HSM = "default" | ||
|
||
|
||
class DevelopmentConfig(Config): | ||
DEBUG = True | ||
SECRET_KEY = os.environ.get('SECRET_KEY') or 't0p s3cr3t' | ||
SQLALCHEMY_DATABASE_URI = os.environ.get('DEV_DATABASE_URL') or \ | ||
'sqlite:///' + os.path.join(basedir, 'data-dev.sqlite') | ||
|
||
|
||
class TestingConfig(Config): | ||
TESTING = True | ||
# This is used to encrypt the auth token | ||
SECRET_KEY = 'secret' | ||
SQLALCHEMY_DATABASE_URI = os.environ.get('TEST_DATABASE_URL') or \ | ||
'sqlite:///' + os.path.join(basedir, 'data-test.sqlite') | ||
# This is used to encrypt the admin passwords | ||
PI_PEPPER = "" | ||
# This is only for testing encrypted files | ||
PI_ENCFILE_ENC = "tests/testdata/enckey.enc" | ||
|
||
|
||
class ProductionConfig(Config): | ||
SQLALCHEMY_DATABASE_URI = os.environ.get('DATABASE_URL') or \ | ||
'sqlite:///' + os.path.join(basedir, 'data.sqlite') | ||
SECRET_KEY = os.environ.get('SECRET_KEY') or 't0p s3cr3t' | ||
# This is used to encrypt the admin passwords | ||
PI_PEPPER = "Never know..." | ||
|
||
|
||
config = { | ||
'development': DevelopmentConfig, | ||
'testing': TestingConfig, | ||
'production': ProductionConfig, | ||
'default': DevelopmentConfig | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
WSGIPythonHome /home/cornelius/src/flask/venv | ||
<VirtualHost _default_:443> | ||
ServerAdmin webmaster@localhost | ||
# You might want to change this | ||
ServerName localhost | ||
|
||
DocumentRoot /var/www | ||
<Directory /> | ||
# For Apache 2.4 you need to set this: | ||
Require all granted | ||
Options FollowSymLinks | ||
AllowOverride None | ||
</Directory> | ||
<Directory /var/www/> | ||
Options Indexes FollowSymLinks MultiViews | ||
AllowOverride None | ||
# For Apache 2.4 you need to remove the | ||
# following two lines | ||
#Order allow,deny | ||
#allow from all | ||
# For Apache 2.4 you need to set this: | ||
Require all granted | ||
</Directory> | ||
|
||
WSGIScriptAlias / /home/cornelius/src/flask/deploy/privacyideaapp.wsgi | ||
# | ||
# The daemon is running as user 'privacyidea' | ||
# This user should have access to the encKey database encryption file | ||
WSGIDaemonProcess privacyidea processes=1 threads=15 display-name=%{GROUP} user=privacyidea | ||
WSGIProcessGroup privacyidea | ||
WSGIPassAuthorization On | ||
|
||
ErrorLog /var/log/apache2/error.log | ||
|
||
LogLevel warn | ||
# Do not use %q! This will reveal all parameters, including setting PINs and Keys! | ||
# Using SSL_CLINET_S_DN_CN will show you, which administrator did what task | ||
LogFormat "%h %l %u %t %>s \"%m %U %H\" %b \"%{Referer}i\" \"%{User-agent}i\"" privacyIDEA | ||
CustomLog /var/log/apache2/ssl_access.log privacyIDEA | ||
|
||
# SSL Engine Switch: | ||
# Enable/Disable SSL for this virtual host. | ||
SSLEngine on | ||
|
||
# If both key and certificate are stored in the same file, only the | ||
# SSLCertificateFile directive is needed. | ||
SSLCertificateFile /etc/ssl/certs/privacyideaserver.pem | ||
SSLCertificateKeyFile /etc/ssl/private/privacyideaserver.key | ||
|
||
<FilesMatch "\.(cgi|shtml|phtml|php)$"> | ||
SSLOptions +StdEnvVars | ||
</FilesMatch> | ||
<Directory /usr/lib/cgi-bin> | ||
SSLOptions +StdEnvVars | ||
</Directory> | ||
BrowserMatch ".*MSIE.*" \ | ||
nokeepalive ssl-unclean-shutdown \ | ||
downgrade-1.0 force-response-1.0 | ||
|
||
|
||
</VirtualHost> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
# The realm, where users are allowed to login as administrators | ||
SUPERUSER_REALM = super |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
import sys | ||
sys.path.insert(0, '/home/cornelius/src/flask') | ||
sys.stdout = sys.stderr | ||
from privacyidea.app import wsgi_app as application |
Oops, something went wrong.