Make webservice run as user and use tfwconnector pip package

2018-05-11 17:46:15 +02:00 · 2018-05-11 17:46:15 +02:00 · 3ee5db6e57
parent ba0f92d2ac
commit 3ee5db6e57
3 changed files with 16 additions and 2 deletions
--- a/solvable/Dockerfile
+++ b/solvable/Dockerfile
@ -3,7 +3,8 @@ FROM eu.gcr.io/avatao-challengestore/tutorial-framework
 # Install webservice dependencies
 RUN pip3 install Flask==1.0        \
                 SQLAlchemy==1.2.7 \
-                 passlib==1.7.1
+                 passlib==1.7.1    \
+                 git+https://github.com/avatao-content/tfwconnector.git#subdirectory=python3

 # Define variables to use later
 ENV TFW_SERVER_DIR="/srv/.tfw"                      \
@ -21,7 +22,8 @@ ADD solvable/src/webservice/frontend-deps.tar ${TFW_WEBSERVICE_DIR}/static
 # Create IDE directory, symlink server source and give proper permissions to AVATAO_USER
 RUN mkdir -p ${TFW_IDE_WD}                                               &&\
    ln -s ${TFW_WEBSERVICE_DIR}/user_ops.py ${TFW_IDE_WD}                &&\
-    chown -R ${AVATAO_USER}: ${TFW_IDE_WD} && chmod -R 755 ${TFW_IDE_WD}
+    chown -R ${AVATAO_USER}: "${TFW_IDE_WD}" "${TFW_WEBSERVICE_DIR}"     &&\
+    chmod -R 755 "${TFW_IDE_WD}" "${TFW_WEBSERVICE_DIR}"

 # Hide TFW related code from user
 RUN chown -R root:root ${TFW_SERVER_DIR} && chmod -R 700 ${TFW_SERVER_DIR}
--- a/solvable/src/webservice/user_ops.py
+++ b/solvable/src/webservice/user_ops.py
@ -1,3 +1,7 @@
+from functools import partial
+
+from tfwconnector import MessageSender
+
 from crypto import PasswordHasher
 from model import User
 from errors import InvalidCredentialsError, UserExistsError
@ -8,6 +12,8 @@ class UserOps:
        self.username = username
        self.password = password
        self.db_session = db_session
+        self.message_sender = MessageSender()
+        self.log = partial(self.message_sender.send, 'Authenticator')

    def authenticate(self):
        """
@ -20,8 +26,11 @@ class UserOps:
        user = self.db_session.query(User).filter(User.username == self.username).first()

        if not user or not PasswordHasher.verify(self.password, user.passwordhash):
+            self.log(f'Invalid credentials for user "{self.username}"!')
            raise InvalidCredentialsError

+        self.log(f'User "{self.username}" logged in!')
+
    def register(self):
        """
        Attempts to register a user.
@ -37,3 +46,5 @@ class UserOps:
                    passwordhash=PasswordHasher.hash(self.password))
        self.db_session.add(user)
        self.db_session.commit()
+
+        self.log(f'User "{self.username}" registered!')
--- a/solvable/supervisor/webservice.conf
+++ b/solvable/supervisor/webservice.conf
@ -1,4 +1,5 @@
 [program:webservice]
+user=%(ENV_AVATAO_USER)s
 directory=%(ENV_TFW_WEBSERVICE_DIR)s
 environment=BASEURL="/webservice"
 command=python3 server.py