From 3ee5db6e57fb1db988623925b584717f9a16e8b5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Krist=C3=B3f=20T=C3=B3th?= <kristof.toth@avatao.com>
Date: Fri, 11 May 2018 17:46:15 +0200
Subject: [PATCH] Make webservice run as user and use tfwconnector pip package

---
 solvable/Dockerfile                 |  6 ++++--
 solvable/src/webservice/user_ops.py | 11 +++++++++++
 solvable/supervisor/webservice.conf |  1 +
 3 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/solvable/Dockerfile b/solvable/Dockerfile
index 14928d6..10f08d2 100644
--- a/solvable/Dockerfile
+++ b/solvable/Dockerfile
@@ -3,7 +3,8 @@ FROM eu.gcr.io/avatao-challengestore/tutorial-framework
 # Install webservice dependencies
 RUN pip3 install Flask==1.0        \
                  SQLAlchemy==1.2.7 \
-                 passlib==1.7.1
+                 passlib==1.7.1    \
+                 git+https://github.com/avatao-content/tfwconnector.git#subdirectory=python3
 
 # Define variables to use later
 ENV TFW_SERVER_DIR="/srv/.tfw"                      \
@@ -21,7 +22,8 @@ ADD solvable/src/webservice/frontend-deps.tar ${TFW_WEBSERVICE_DIR}/static
 # Create IDE directory, symlink server source and give proper permissions to AVATAO_USER
 RUN mkdir -p ${TFW_IDE_WD}                                               &&\
     ln -s ${TFW_WEBSERVICE_DIR}/user_ops.py ${TFW_IDE_WD}                &&\
-    chown -R ${AVATAO_USER}: ${TFW_IDE_WD} && chmod -R 755 ${TFW_IDE_WD}
+    chown -R ${AVATAO_USER}: "${TFW_IDE_WD}" "${TFW_WEBSERVICE_DIR}"     &&\
+    chmod -R 755 "${TFW_IDE_WD}" "${TFW_WEBSERVICE_DIR}"
 
 # Hide TFW related code from user
 RUN chown -R root:root ${TFW_SERVER_DIR} && chmod -R 700 ${TFW_SERVER_DIR}
diff --git a/solvable/src/webservice/user_ops.py b/solvable/src/webservice/user_ops.py
index aac75cf..ac59294 100644
--- a/solvable/src/webservice/user_ops.py
+++ b/solvable/src/webservice/user_ops.py
@@ -1,3 +1,7 @@
+from functools import partial
+
+from tfwconnector import MessageSender
+
 from crypto import PasswordHasher
 from model import User
 from errors import InvalidCredentialsError, UserExistsError
@@ -8,6 +12,8 @@ class UserOps:
         self.username = username
         self.password = password
         self.db_session = db_session
+        self.message_sender = MessageSender()
+        self.log = partial(self.message_sender.send, 'Authenticator')
 
     def authenticate(self):
         """
@@ -20,8 +26,11 @@ class UserOps:
         user = self.db_session.query(User).filter(User.username == self.username).first()
 
         if not user or not PasswordHasher.verify(self.password, user.passwordhash):
+            self.log(f'Invalid credentials for user "{self.username}"!')
             raise InvalidCredentialsError
 
+        self.log(f'User "{self.username}" logged in!')
+
     def register(self):
         """
         Attempts to register a user.
@@ -37,3 +46,5 @@ class UserOps:
                     passwordhash=PasswordHasher.hash(self.password))
         self.db_session.add(user)
         self.db_session.commit()
+
+        self.log(f'User "{self.username}" registered!')
diff --git a/solvable/supervisor/webservice.conf b/solvable/supervisor/webservice.conf
index a7fe6f4..69051cd 100644
--- a/solvable/supervisor/webservice.conf
+++ b/solvable/supervisor/webservice.conf
@@ -1,4 +1,5 @@
 [program:webservice]
+user=%(ENV_AVATAO_USER)s
 directory=%(ENV_TFW_WEBSERVICE_DIR)s
 environment=BASEURL="/webservice"
 command=python3 server.py