Merge pull request #332 from NREL/local-admin-account

Local admin accounts

CMakeLists.txt

@@ -92,6 +92,7 @@ if(ENABLE_TEST_DEPENDENCIES)
   include(${CMAKE_SOURCE_DIR}/build/cmake/test/lua-deps.cmake)
   include(${CMAKE_SOURCE_DIR}/build/cmake/test/mailhog.cmake)
   include(${CMAKE_SOURCE_DIR}/build/cmake/test/mongo-orchestration.cmake)
+  include(${CMAKE_SOURCE_DIR}/build/cmake/test/openldap.cmake)
   include(${CMAKE_SOURCE_DIR}/build/cmake/test/phantomjs.cmake)
   include(${CMAKE_SOURCE_DIR}/build/cmake/test/shellcheck.cmake)
   include(${CMAKE_SOURCE_DIR}/build/cmake/test/unbound.cmake)

Gemfile

@@ -5,6 +5,9 @@ gem "rake", "~> 12.0.0"
 # Tests
 gem "minitest", "~> 5.10.1"
 
+# CLI helper for running tests
+gem "minitest-sprint", "~> 1.2.0"
+
 # More test outputs
 gem "minitest-reporters", "~> 1.1.14"
 
@@ -41,9 +44,6 @@ gem "database_cleaner", "~> 1.5.3"
 # Programmatically generate Rails session cookies.
 gem "rails_compatible_cookies_utils", "~> 0.1.0"
 
-# Localization tests
-gem "i18n", "~> 0.8.0"
-
 # URL parsing/generation
 gem "addressable", "~> 2.5.0"
 
@@ -77,6 +77,9 @@ gem "concurrent-ruby", "~> 1.0.4"
 # Time zone randomization for tests.
 gem "zonebie", "~> 0.6.1"
 
+# Encrypting admin passwords.
+gem "bcrypt", "~> 3.1.11"
+
 # Color output
 gem "rainbow", "~> 2.2.1"
 

Gemfile.lock

@@ -26,6 +26,7 @@ GEM
       descendants_tracker (~> 0.0.4)
       ice_nine (~> 0.11.0)
       thread_safe (~> 0.3, >= 0.3.1)
+    bcrypt (3.1.11)
     bson (4.2.1)
     builder (3.2.3)
     capybara (2.12.0)
@@ -95,6 +96,8 @@ GEM
       builder
       minitest (>= 5.0)
       ruby-progressbar
+    minitest-sprint (1.2.0)
+      path_expander (~> 1.0)
     mongo (2.4.1)
       bson (>= 4.2.1, < 5.0.0)
     mongoid (6.1.0)
@@ -107,6 +110,7 @@ GEM
     oj (2.18.1)
     parser (2.3.3.1)
       ast (~> 2.2)
+    path_expander (1.0.1)
     poltergeist (1.13.0)
       capybara (~> 2.1)
       cliver (~> 0.3.1)
@@ -151,6 +155,7 @@ DEPENDENCIES
   activesupport (~> 5.0.1)
   addressable (~> 2.5.0)
   awesome_print (~> 1.7.0)
+  bcrypt (~> 3.1.11)
   capybara (~> 2.12.0)
   capybara-screenshot (~> 1.0.14)
   childprocess (~> 0.6.1)
@@ -160,13 +165,13 @@ DEPENDENCIES
   elasticsearch-persistence (~> 0.1.9)
   factory_girl (~> 4.8.0)
   faker (~> 1.7.2)
-  i18n (~> 0.8.0)
   lazyhash (~> 0.1.1)
   minitest (~> 5.10.1)
   minitest-capybara (~> 0.8.2)!
   minitest-ci (~> 3.1.0)
   minitest-hooks (~> 1.4.0)
   minitest-reporters (~> 1.1.14)
+  minitest-sprint (~> 1.2.0)
   mongoid (~> 6.1.0)
   multi_json (~> 1.12.1)
   nokogiri (~> 1.7.0)

build/cmake/core-web-app.cmake

@@ -15,6 +15,7 @@ add_custom_command(
 
 file(GLOB_RECURSE web_asset_files
   ${CMAKE_SOURCE_DIR}/src/api-umbrella/web-app/app/assets/*.css
+  ${CMAKE_SOURCE_DIR}/src/api-umbrella/web-app/app/assets/*.scss
   ${CMAKE_SOURCE_DIR}/src/api-umbrella/web-app/app/assets/*.erb
   ${CMAKE_SOURCE_DIR}/src/api-umbrella/web-app/app/assets/*.js
 )
@@ -24,7 +25,7 @@ add_custom_command(
     ${STAMP_DIR}/core-web-app-bundle
     ${web_asset_files}
     ${CMAKE_SOURCE_DIR}/src/api-umbrella/web-app/config/initializers/assets.rb
-  COMMAND env PATH=${STAGE_EMBEDDED_DIR}/bin:$ENV{PATH} BUNDLE_GEMFILE=${CMAKE_SOURCE_DIR}/src/api-umbrella/web-app/Gemfile BUNDLE_APP_CONFIG=${WORK_DIR}/src/web-app/.bundle RAILS_TMP_PATH=/tmp/web-app-build RAILS_PUBLIC_PATH=${CORE_BUILD_DIR}/tmp/web-app-build RAILS_ASSETS_PRECOMPILE=true bundle exec rake -f ${CMAKE_SOURCE_DIR}/src/api-umbrella/web-app/Rakefile assets:clobber assets:precompile
+  COMMAND env PATH=${STAGE_EMBEDDED_DIR}/bin:$ENV{PATH} BUNDLE_GEMFILE=${CMAKE_SOURCE_DIR}/src/api-umbrella/web-app/Gemfile BUNDLE_APP_CONFIG=${WORK_DIR}/src/web-app/.bundle RAILS_TMP_PATH=/tmp/web-app-build RAILS_PUBLIC_PATH=${CORE_BUILD_DIR}/tmp/web-app-build RAILS_ENV=production RAILS_SECRET_TOKEN=temp RAILS_ASSETS_PRECOMPILE=true bundle exec rake -f ${CMAKE_SOURCE_DIR}/src/api-umbrella/web-app/Rakefile assets:clobber assets:precompile
   COMMAND touch ${STAMP_DIR}/core-web-app-precompile
 )
 

build/cmake/core.cmake

@@ -20,6 +20,7 @@ file(GLOB_RECURSE core_files
   ${CMAKE_SOURCE_DIR}/bin/*
   ${CMAKE_SOURCE_DIR}/config/*
   ${CMAKE_SOURCE_DIR}/templates/*
+  ${CMAKE_SOURCE_DIR}/src/api-umbrella/web-app/Gemfile*
 )
 add_custom_command(
   OUTPUT ${STAMP_DIR}/core-build-release-dir

build/cmake/test/openldap.cmake

@@ -0,0 +1,8 @@
+# OpenLDAP: For testing LDAP admin auth.
+ExternalProject_Add(
+  openldap
+  URL ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-${OPENLDAP_VERSION}.tgz
+  URL_HASH SHA1=${OPENLDAP_HASH}
+  CONFIGURE_COMMAND <SOURCE_DIR>/configure --prefix=${TEST_INSTALL_PREFIX} --disable-backends --enable-mdb
+  BUILD_COMMAND make depend && make
+)

build/cmake/versions.cmake

@@ -80,6 +80,8 @@ set(NGX_TXID_VERSION f1c197cb9c42e364a87fbb28d5508e486592ca42)
 set(NGX_TXID_HASH 408ee86eb6e42e27a51514f711c41d6b)
 set(NODEJS_VERSION 6.9.5)
 set(NODEJS_HASH 4831ba1a9f678f91dd7e2516eaa781341651b91ac908121db902f5355f0211d8)
+set(OPENLDAP_VERSION 2.4.44)
+set(OPENLDAP_HASH 016a738d050a68d388602a74b5e991035cdba149)
 set(OPENRESTY_VERSION 1.11.2.2)
 set(OPENRESTY_HASH f4b9aa960e57ca692c4d3da731b7e38b)
 set(OPENSSL_VERSION 1.0.2k)

build/package/verify/spec/localhost/service_spec.rb

@@ -317,7 +317,7 @@ def install_package(version)
 
   it "admin login page loads" do
     response = RestClient::Request.execute(:method => :get, :url => "https://localhost/admin/login", :verify_ssl => false)
-    expect(response).to include("Admin Login")
+    expect(response).to include("Admin Sign In")
   end
 
   it "gatekeeper blocks key-less requests" do

config/default.yml

@@ -75,19 +75,22 @@ web:
   host: 127.0.0.1
   port: 14012
   rails_secret_token:
-  devise_secret_key:
   puma:
     workers: 2
     min_threads: 2
     max_threads: 24
   admin:
     initial_superusers: []
+    username_is_email: true
+    password_length_min: 14
+    password_length_max: 72
+    email_regex: "\\A[^@\\s]+@[^@\\s]+\\z"
+    password_regex:
     auth_strategies:
       enabled:
-        - github
-        - google
+        - local
       cas:
-        options:
+        options: {}
       facebook:
         client_id:
         client_secret:
@@ -98,7 +101,9 @@ web:
         client_id:
         client_secret:
       ldap:
-        options:
+        options: {}
+  mailer:
+    smtp_settings:
 static_site:
   host: 127.0.0.1
   port: 14013

config/test.yml

@@ -35,16 +35,9 @@ api_server:
   port: 13010
 web:
   port: 13012
+  rails_secret_token: aeec385fb48a0594b6bb0b18f62473190f1d01b0b6113766af525be2ae1a317a03ab0ee1b3ee6aca3fb1572dc87684e033dcec21acd90d0ca0f111ca1785d0e9
   admin:
-    initial_superusers:
-      - [email protected]
     auth_strategies:
-      enabled:
-        - facebook
-        - github
-        - google
-        - ldap
-        - max.gov
       facebook:
         client_id: test_fake
         client_secret: test_fake
@@ -105,8 +98,11 @@ unbound:
   port: 13100
   control_port: 13101
 mailhog:
-  smtp_bind_addr: "127.0.0.1:13102"
-  api_bind_addr: "127.0.0.1:13103"
-  ui_bind_addr: "127.0.0.1:13103"
+  bind_addr: "127.0.0.1"
+  smtp_port: 13102
+  api_port: 13103
+  ui_port: 13103
+openldap:
+  port: 13104
 apiSettings:
   require_https: optional

deploy/config/deploy.rb

@@ -51,7 +51,6 @@
   # web app is started. But for rake task purposes (like asset precompilation
   # where these don't matter), just set some dummy values during deploy.
   "RAILS_SECRET_TOKEN" => "TEMP",
-  "DEVISE_SECRET_KEY" => "TEMP",
 })
 
 # Default value for keep_releases is 5

scripts/rake/outdated_packages.rb

@@ -138,6 +138,9 @@ class OutdatedPackages
       :git => "https://github.com/nodejs/node.git",
       :constraint => "~> 6.9.1",
     },
+    "openldap" => {
+      :git => "https://github.com/openldap/openldap.git",
+    },
     "openresty" => {
       :git => "https://github.com/openresty/openresty.git",
     },
@@ -218,6 +221,9 @@ def tag_to_semver(name, tag)
       tag.gsub!(/^go/, "")
     when "json_c"
       tag.gsub!(/-\d{8}$/, "")
+    when "openldap"
+      tag.gsub!(/^rel_eng_/, "")
+      tag.gsub!(/_/, ".")
     when "openssl", "ruby"
       tag.gsub!(/_/, ".")
     end

src/api-umbrella/admin-ui/.eslintrc.js

@@ -26,7 +26,6 @@ module.exports = {
   globals: {
     '$': true,
     'CommonValidations': true,
-    'I18n': true,
     'JsDiff': true,
     'PNotify': true,
     '_': true,

src/api-umbrella/admin-ui/app/components/admins/index-table.js

@@ -1,4 +1,5 @@
 import Ember from 'ember';
+import I18n from 'npm:i18n-js';
 import DataTablesHelpers from 'api-umbrella-admin-ui/utils/data-tables-helpers';
 
 export default Ember.Component.extend({
@@ -14,31 +15,17 @@ export default Ember.Component.extend({
         {
           data: 'username',
           name: 'Username',
-          title: 'Username',
+          title: I18n.t('mongoid.attributes.admin.username'),
           defaultContent: '-',
-          render: _.bind(function(email, type, data) {
-            if(type === 'display' && email && email !== '-') {
+          render: _.bind(function(username, type, data) {
+            if(type === 'display' && username && username !== '-') {
               let link = '#/admins/' + data.id + '/edit';
-              return '<a href="' + link + '">' + _.escape(email) + '</a>';
+              return '<a href="' + link + '">' + _.escape(username) + '</a>';
             }
 
-            return email;
+            return username;
           }, this),
         },
-        {
-          data: 'email',
-          name: 'E-mail',
-          title: 'E-mail',
-          defaultContent: '-',
-          render: DataTablesHelpers.renderEscaped,
-        },
-        {
-          data: 'name',
-          name: 'Name',
-          title: 'Name',
-          defaultContent: '-',
-          render: DataTablesHelpers.renderEscaped,
-        },
         {
           data: 'group_names',
           name: 'Groups',
@@ -47,7 +34,7 @@ export default Ember.Component.extend({
           render: DataTablesHelpers.renderListEscaped,
         },
         {
-          data: 'last_sign_in_at',
+          data: 'current_sign_in_at',
           type: 'date',
           name: 'Last Signed In',
           title: 'Last Signed In',

src/api-umbrella/admin-ui/app/components/admins/record-form.js

@@ -18,9 +18,9 @@ export default Ember.Component.extend(Save, {
 
     delete() {
       this.destroyRecord({
-        prompt: 'Are you sure you want to delete the admin "' + _.escape(this.get('model.name')) + '"?',
+        prompt: 'Are you sure you want to delete the admin "' + _.escape(this.get('model.username')) + '"?',
         transitionToRoute: 'admins',
-        message: 'Successfully deleted the admin "' + _.escape(this.get('model.name')) + '"',
+        message: 'Successfully deleted the admin "' + _.escape(this.get('model.username')) + '"',
       });
     },
   },

src/api-umbrella/admin-ui/app/components/api-users/record-form.js

@@ -1,4 +1,5 @@
 import Ember from 'ember';
+import I18n from 'npm:i18n-js';
 import Save from 'api-umbrella-admin-ui/mixins/save';
 
 export default Ember.Component.extend(Save, {

src/api-umbrella/admin-ui/app/components/apis/settings/common-fields.js

@@ -1,4 +1,5 @@
 import Ember from 'ember';
+import I18n from 'npm:i18n-js';
 
 export default Ember.Component.extend({
   requireHttpsOptions: [

src/api-umbrella/admin-ui/app/components/error-messages.js

@@ -1,8 +1,10 @@
 import Ember from 'ember';
+import I18n from 'npm:i18n-js';
 
 export default Ember.Component.extend({
   messages: Ember.computed('model.clientErrors', 'model.serverErrors', function() {
     let errors = [];
+    let modelI18nRoot = 'mongoid.attributes.' + this.get('model.constructor.modelName').replace('-', '_');
 
     let clientErrors = this.get('model.clientErrors');
     if(clientErrors) {
@@ -39,6 +41,7 @@ export default Ember.Component.extend({
             errors.push({
               attribute: serverError.field,
               message: message,
+              fullMessage: serverError.full_message,
             });
           } else {
             errors.push({ message: 'Unexpected error' });
@@ -52,8 +55,15 @@ export default Ember.Component.extend({
     let messages = [];
     _.each(errors, function(error) {
       let message = '';
-      if(error.attribute && error.attribute !== 'base') {
-        message += inflection.titleize(inflection.underscore(error.attribute)) + ': ';
+      if(error.fullMessage) {
+        message += error.fullMessage;
+      } else if(error.attribute && error.attribute !== 'base') {
+        let attributeTitle = I18n.t(modelI18nRoot + '.' + inflection.underscore(error.attribute), { defaultValue: false });
+        if(attributeTitle === false) {
+          attributeTitle = inflection.titleize(inflection.underscore(error.attribute));
+        }
+
+        message += attributeTitle + ': ';
         message += error.message || 'Unexpected error';
       } else {
         if(error.message) {

src/api-umbrella/admin-ui/app/components/form-fields/field-wrapper.js

@@ -42,6 +42,12 @@ export default Ember.Component.extend({
     this.set('canShowErrors', true);
   },
 
+  // If the page is submitted, show any errors on the page (even if the fields
+  // haven't been focused and then unfocused yet).
+  showErrorsOnSubmit: Ember.observer('model.clientErrors', function() {
+    this.set('canShowErrors', true);
+  }),
+
   // Anytime the model changes, reset the error display so errors aren't
   // displayed until the field is unfocused again.
   //

src/api-umbrella/admin-ui/app/components/form-fields/hint.js

@@ -0,0 +1,4 @@
+import Ember from 'ember';
+
+export default Ember.Component.extend({
+});

src/api-umbrella/admin-ui/app/components/form-fields/password-field.js

@@ -0,0 +1,4 @@
+import BaseField from './base-field';
+
+export default BaseField.extend({
+});

src/api-umbrella/admin-ui/app/components/stats/query-form.js

@@ -1,4 +1,5 @@
 import Ember from 'ember';
+import I18n from 'npm:i18n-js';
 
 export default Ember.Component.extend({
   session: Ember.inject.service('session'),

src/api-umbrella/admin-ui/app/helpers/t.js

@@ -1,4 +1,5 @@
 import Ember from 'ember';
+import I18n from 'npm:i18n-js';
 
 export function t(params, options) {
   let key = params[0];