From 91fe7ad185ca512399e08883045430aa33c9a6f9 Mon Sep 17 00:00:00 2001 From: Mustafa Baser Date: Fri, 16 Sep 2022 20:22:50 +0300 Subject: [PATCH 1/6] feat: jans-linux-setup option reset-rdbm-db --- jans-linux-setup/jans_setup/setup_app/installers/rdbm.py | 9 +++++++++ .../jans_setup/setup_app/utils/arg_parser.py | 1 + .../jans_setup/setup_app/utils/properties_utils.py | 4 ---- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/jans-linux-setup/jans_setup/setup_app/installers/rdbm.py b/jans-linux-setup/jans_setup/setup_app/installers/rdbm.py index 7acdcd2d8ff..68de5f99bf7 100644 --- a/jans-linux-setup/jans_setup/setup_app/installers/rdbm.py +++ b/jans-linux-setup/jans_setup/setup_app/installers/rdbm.py @@ -31,6 +31,8 @@ def __init__(self): def install(self): self.qchar = '`' if Config.rdbm_type in ('mysql', 'spanner') else '"' self.local_install() + if Config.rdbm_install_type == InstallTypes.REMOTE and base.argsp.reset_rdbm_db: + self.reset_rdbm_db() jans_schema_files = [] self.jans_attributes = [] for jans_schema_fn in ('jans_schema.json', 'custom_schema.json'): @@ -45,6 +47,13 @@ def install(self): self.create_indexes() self.rdbmProperties() + def reset_rdbm_db(self): + self.logIt("Resetting DB {}".format(Config.rdbm_db)) + self.dbUtils.metadata.reflect(self.dbUtils.engine) + self.dbUtils.metadata.drop_all(self.dbUtils.engine) + self.dbUtils.session.commit() + self.dbUtils.metadata.clear() + def local_install(self): if not Config.rdbm_password: Config.rdbm_password = self.getPW() diff --git a/jans-linux-setup/jans_setup/setup_app/utils/arg_parser.py b/jans-linux-setup/jans_setup/setup_app/utils/arg_parser.py index bd58cdf231b..797cb2b5c63 100644 --- a/jans-linux-setup/jans_setup/setup_app/utils/arg_parser.py +++ b/jans-linux-setup/jans_setup/setup_app/utils/arg_parser.py @@ -37,6 +37,7 @@ parser.add_argument('-rdbm-port', help="RDBM port") parser.add_argument('-rdbm-db', help="RDBM database") parser.add_argument('-rdbm-host', help="RDBM host") +parser.add_argument('--reset-rdbm-db', help="Deletes all tables on target database. Warning! You will lose all data on target database.", action='store_true') parser.add_argument('--shell', help="Drop into interactive shell before starting installation", action='store_true') parser.add_argument('--dump-config-on-error', help="Dump configuration on error", action='store_true') diff --git a/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py b/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py index ad7fc06a810..70c83140a82 100644 --- a/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py +++ b/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py @@ -769,10 +769,6 @@ def prompt_for_backend(self): else: Config.rdbm_port = 5432 Config.rdbm_type = 'pgsql' - if not Config.rdbm_host: - - if not Config.rdbm_password: - Config.rdbm_password = self.getPW(special='.*=+-()[]{}') elif backend_type_str in (BackendStrings.REMOTE_MYSQL, BackendStrings.REMOTE_PGSQL): Config.opendj_install = InstallTypes.NONE From b257c138aaff34c6cfcf73ea1dfb9107ae653391 Mon Sep 17 00:00:00 2001 From: Mustafa Baser Date: Fri, 16 Sep 2022 20:38:13 +0300 Subject: [PATCH 2/6] fix: jans-linux-setup code smell --- .../jans_setup/setup_app/utils/properties_utils.py | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py b/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py index 70c83140a82..cfdf3349e90 100644 --- a/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py +++ b/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py @@ -11,6 +11,7 @@ import psycopg2 import inspect import ldap3 +import tempfile from setup_app import paths from setup_app.messages import msg @@ -459,12 +460,13 @@ def check_oxd_server(self, oxd_url, error_out=True, log_error=True): def check_oxd_ssl_cert(self, oxd_hostname, oxd_port): oxd_cert = ssl.get_server_certificate((oxd_hostname, oxd_port)) - oxd_crt_fn = '/tmp/oxd_{}.crt'.format(str(uuid.uuid4())) - self.writeFile(oxd_crt_fn, oxd_cert) - ssl_subjects = self.get_ssl_subject(oxd_crt_fn) - - if ssl_subjects.get('commonName') != oxd_hostname: - return ssl_subjects + with tempfile.TemporaryDirectory() as tmpdirname: + oxd_crt_fn = os.path.join(tmpdirname, 'oxd.crt') + self.writeFile(oxd_crt_fn, oxd_cert) + ssl_subjects = self.get_ssl_subject(oxd_crt_fn) + + if ssl_subjects.get('commonName') != oxd_hostname: + return ssl_subjects def promptForBackendMappings(self): From f626ea23a2a4b3ad115f58f018de0763555843a3 Mon Sep 17 00:00:00 2001 From: Mustafa Baser Date: Fri, 16 Sep 2022 20:52:17 +0300 Subject: [PATCH 3/6] fix: jans-linux-setup vulnerability --- .../jans_setup/setup_app/utils/properties_utils.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py b/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py index cfdf3349e90..4ca8348fdf4 100644 --- a/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py +++ b/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py @@ -437,11 +437,16 @@ def check_remote_ldap(self, ldap_host, ldap_binddn, ldap_password): def check_oxd_server(self, oxd_url, error_out=True, log_error=True): oxd_url = os.path.join(oxd_url, 'health-check') + + ctx = ssl.create_default_context() + ctx.check_hostname = True + ctx.verify_mode = ssl.CERT_NONE + try: result = urllib.request.urlopen( oxd_url, - timeout = 2, - context=ssl._create_unverified_context() + timeout=2, + context=ctx ) if result.code == 200: oxd_status = json.loads(result.read().decode()) From d8e78e883fcbe1815c1c23a4769fa0ddc1b96c01 Mon Sep 17 00:00:00 2001 From: Mustafa Baser Date: Fri, 16 Sep 2022 21:00:21 +0300 Subject: [PATCH 4/6] fix: jans-linux-setup code smells --- .../setup_app/utils/properties_utils.py | 31 +++++++++---------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py b/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py index 4ca8348fdf4..97324397369 100644 --- a/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py +++ b/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py @@ -70,7 +70,7 @@ def getPrompt(self, prompt, defaultValue=None, itype=None, indent=0): except KeyboardInterrupt: sys.exit() - except: + except Exception: return None def check_properties(self): @@ -86,9 +86,9 @@ def check_properties(self): while not Config.orgName: Config.orgName = input('Organization Name: ').strip() while not Config.countryCode: - testCode = input('2 Character Country Code: ').strip() - if len(testCode) == 2: - Config.countryCode = testCode + test_code = input('2 Character Country Code: ').strip() + if len(test_code) == 2: + Config.countryCode = test_code else: print('Country code should only be two characters. Try again\n') while not Config.city: @@ -99,7 +99,7 @@ def check_properties(self): tld = None try: tld = ".".join(self.hostname.split(".")[-2:]) - except: + except Exception: tld = Config.hostname Config.admin_email = "support@%s" % tld @@ -181,7 +181,6 @@ def load_properties(self, prop_file, no_update=[]): no_update += ['noPrompt', 'jre_version', 'node_version', 'jetty_version', 'jython_version', 'jreDestinationPath'] - cb_install = False map_db = [] if prop_file.endswith('.enc'): @@ -193,7 +192,7 @@ def load_properties(self, prop_file, no_update=[]): try: p = base.read_properties_file(prop_file) - except: + except Exception: self.logIt("Error loading properties", True) if p.get('ldap_type') == 'openldap': @@ -220,14 +219,14 @@ def load_properties(self, prop_file, no_update=[]): mapping_locations = json.loads(p[prop]) setattr(Config, prop, mapping_locations) for l in mapping_locations: - if not mapping_locations[l] in map_db: + if mapping_locations[l] not in map_db: map_db.append(mapping_locations[l]) if p[prop] == 'True': setattr(Config, prop, True) elif p[prop] == 'False': setattr(Config, prop, False) - except: + except Exception: self.logIt("Error loading property %s" % prop) if prop_file.endswith('-DEC~'): @@ -246,7 +245,7 @@ def load_properties(self, prop_file, no_update=[]): else: Config.opendj_install = InstallTypes.NONE - if map_db and not 'ldap' in map_db: + if map_db and 'ldap' not in map_db: Config.opendj_install = InstallTypes.NONE if 'couchbase' in map_db: @@ -261,12 +260,12 @@ def load_properties(self, prop_file, no_update=[]): if Config.cb_install == InstallTypes.LOCAL: available_backends = self.getBackendTypes() - if not 'couchbase' in available_backends: + if 'couchbase' not in available_backends: print("Couchbase package is not available exiting.") sys.exit(1) - if (not 'cb_password' in properties_list) and Config.cb_install: + if ('cb_password' not in properties_list) and Config.cb_install: Config.cb_password = p.get('ldapPass') if Config.cb_install == InstallTypes.REMOTE: @@ -296,7 +295,7 @@ def save_properties(self, prop_fn=None, obj=None): self.logIt('Saving properties to %s' % prop_fn) - def getString(value): + def get_string(value): if isinstance(value, str): return str(value).strip() elif isinstance(value, bool) or isinstance(value, int) or isinstance(value, float): @@ -319,7 +318,7 @@ def getString(value): if obj_name == 'mapping_locations': p[obj_name] = json.dumps(obj) else: - value = getString(obj) + value = get_string(obj) if value != '': p[obj_name] = value @@ -328,7 +327,7 @@ def getString(value): self.run([paths.cmd_chmod, '600', prop_fn]) - # TODO: uncomment later + # uncomment later return self.run([paths.cmd_openssl, 'enc', '-aes-256-cbc', '-in', prop_fn, '-out', prop_fn+'.enc', '-k', Config.admin_password]) @@ -339,7 +338,7 @@ def getString(value): self.run(['rm', '-f', prop_fn]) - except: + except Exception: self.logIt("Error saving properties", True) def getBackendTypes(self): From 0c3e8b696067620c942797efcc9cdf29fdda69fe Mon Sep 17 00:00:00 2001 From: Mustafa Baser Date: Fri, 16 Sep 2022 21:21:41 +0300 Subject: [PATCH 5/6] fix: jans-linux-setup code smells --- .../setup_app/utils/properties_utils.py | 40 ++++++++----------- 1 file changed, 17 insertions(+), 23 deletions(-) diff --git a/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py b/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py index 97324397369..841495cc0e1 100644 --- a/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py +++ b/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py @@ -386,7 +386,7 @@ def test_cb_servers(self, couchbase_hostname): if not Config.thread_queue: print("{} Successfully connected to Couchbase server{}".format(colors.OKGREEN, colors.ENDC)) return retval - except: + except Exception: pass @@ -521,11 +521,11 @@ def promptForHTTPD(self): if Config.installed_instance and Config.installHttpd: return - promptForHTTPD = self.getPrompt("Install Apache HTTPD Server", + prompt_for_httpd = self.getPrompt("Install Apache HTTPD Server", self.getDefaultOption(Config.installHTTPD) )[0].lower() - Config.installHttpd = True if promptForHTTPD == 'y' else False + Config.installHttpd = prompt_for_httpd == 'y' if Config.installed_instance and Config.installHttpd: Config.addPostSetupService.append('installHttpd') @@ -535,14 +535,11 @@ def promptForScimServer(self): if Config.installed_instance and Config.install_scim_server: return - promptForScimServer = self.getPrompt("Install Scim Server?", + prompt_for_scim_server = self.getPrompt("Install Scim Server?", self.getDefaultOption(Config.install_scim_server) )[0].lower() - if promptForScimServer == 'y': - Config.install_scim_server = True - else: - Config.install_scim_server = False + Config.install_scim_server = prompt_for_scim_server == 'y' if Config.installed_instance and Config.install_scim_server: Config.addPostSetupService.append('install_scim_server') @@ -551,10 +548,10 @@ def promptForFido2Server(self): if Config.installed_instance and Config.installFido2: return - promptForFido2Server = self.getPrompt("Install Fido2 Server?", + prompt_for_fido2_server = self.getPrompt("Install Fido2 Server?", self.getDefaultOption(Config.installFido2) )[0].lower() - Config.installFido2 = True if promptForFido2Server == 'y' else False + Config.installFido2 = prompt_for_fido2_server == 'y' if Config.installed_instance and Config.installFido2: Config.addPostSetupService.append('installFido2') @@ -565,16 +562,16 @@ def promptForOxd(self): if Config.installed_instance and Config.installOxd: return - promptForOxd = self.getPrompt("Install Oxd?", + prompt_for_oxd = self.getPrompt("Install Oxd?", self.getDefaultOption(Config.installOxd) )[0].lower() - Config.installOxd = True if promptForOxd == 'y' else False + Config.installOxd = prompt_for_oxd == 'y' if Config.installOxd: - promptForOxdJansStorage = self.getPrompt(" Use Janssen Storage for Oxd?", + use_jans_storage = self.getPrompt(" Use Janssen Storage for Oxd?", self.getDefaultOption(Config.get('oxd_use_jans_storage')) )[0].lower() - Config.oxd_use_jans_storage = True if promptForOxdJansStorage == 'y' else False + Config.oxd_use_jans_storage = use_jans_storage == 'y' if Config.installed_instance and Config.installOxd: @@ -585,14 +582,11 @@ def promptForEleven(self): if Config.installed_instance and Config.installEleven: return - promptForinstallEleven = self.getPrompt("Install Eleven Server?", + promp_for_eleven = self.getPrompt("Install Eleven Server?", self.getDefaultOption(Config.installEleven) )[0].lower() - - if promptForinstallEleven == 'y': - Config.installEleven = True - else: - Config.installEleven = False + + Config.installEleven = promp_for_eleven == 'y' if Config.installed_instance and Config.installEleven: Config.addPostSetupService.append('installEleven') @@ -602,11 +596,11 @@ def promptForConfigApi(self): if Config.installed_instance and Config.install_config_api: return - promptForConfigApi = self.getPrompt("Install Jans Config API?", + prompt_for_config_api = self.getPrompt("Install Jans Config API?", self.getDefaultOption(Config.install_config_api) )[0].lower() - Config.install_config_api = True if promptForConfigApi == 'y' else False + Config.install_config_api = prompt_for_config_api == 'y' if Config.installed_instance and Config.install_config_api: Config.addPostSetupService.append('install_config_api') @@ -618,7 +612,7 @@ def prompt_for_client_api(self): self.getDefaultOption(Config.install_client_api) )[0].lower() - Config.install_client_api = True if prompt == 'y' else False + Config.install_client_api = prompt == 'y' if Config.installed_instance and Config.install_client_api: Config.addPostSetupService.append('install_client_api') From 72ab85d059f888ddadc1119a0a13c85cb30e5ec2 Mon Sep 17 00:00:00 2001 From: Mustafa Baser Date: Fri, 16 Sep 2022 21:25:50 +0300 Subject: [PATCH 6/6] fix: jans-linux-setup typo --- .../jans_setup/setup_app/utils/properties_utils.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py b/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py index 841495cc0e1..5274ee1c98c 100644 --- a/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py +++ b/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py @@ -538,8 +538,8 @@ def promptForScimServer(self): prompt_for_scim_server = self.getPrompt("Install Scim Server?", self.getDefaultOption(Config.install_scim_server) )[0].lower() - - Config.install_scim_server = prompt_for_scim_server == 'y' + + Config.install_scim_server = prompt_for_scim_server == 'y' if Config.installed_instance and Config.install_scim_server: Config.addPostSetupService.append('install_scim_server')