Merge branch 'main' into patch-9

Author: simonLeary42

.github/workflows/functional.yml

@@ -0,0 +1,27 @@
+name: docker-compose-phpunit-functional
+
+on:
+  pull_request:
+  push:
+    branches: [main]
+
+jobs:
+  docker-compose-phpunit-functional:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        submodules: true
+    - name: setup PHP
+      uses: shivammathur/setup-php@v2
+      with:
+        php-version: "8.3"
+        tools: composer
+    - name: install composer dependencies
+      run: composer update
+    - name: Run docker compose
+      uses: hoverkraft-tech/[email protected]
+      with:
+        compose-file: "./tools/docker-dev/docker-compose.yml"
+    - name: Execute tests in the running services
+      run: docker compose -f ./tools/docker-dev/docker-compose.yml exec -w '/var/www/unity-web-portal' web ./vendor/bin/phpunit --testsuite=functional

.github/workflows/lint.yml

@@ -0,0 +1,22 @@
+name: phpunit
+
+on: [push]
+
+jobs:
+  phpunit:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        submodules: true
+    - name: setup PHP
+      uses: shivammathur/setup-php@v2
+      with:
+        php-version: "8.3"
+        # php extensions also listed in tools/docker-dev/web/Dockerfile and README.md
+        extensions: curl,mysql,ldap,pdo,redis,intl
+        tools: composer:v2
+    - name: Install dependencies
+      run: composer install --prefer-dist --no-progress
+    - name: Run PHPUnit tests
+      run: vendor/bin/phpunit --colors=always --testsuite unit

.github/workflows/phpunit.yml

@@ -0,0 +1,21 @@
+name: pre-commit
+
+on:
+  pull_request:
+  push:
+    branches: [main]
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        submodules: true
+    - uses: actions/setup-python@v3
+    - name: setup PHP
+      uses: shivammathur/setup-php@v2
+      with:
+        php-version: "8.3"
+        tools: composer, phpcs, phpcbf
+    - uses: pre-commit/[email protected]

.github/workflows/pre-commit.yml

@@ -16,3 +16,5 @@ composer.lock
 deployment/*
 !deployment/**/README.md
 !deployment/deploy.sh
+
+.phpunit.result.cache

.gitignore

@@ -0,0 +1,3 @@
+[submodule "hakasapl/phpopenldaper"]
+	path = resources/lib/phpopenldaper
+	url = https://github.com/hakasapl/phpopenldaper.git

.gitmodules

@@ -0,0 +1,56 @@
+# intentionally malformed files
+# pre-commit automatically excludes submodules
+exclude: |
+  (?x)^(
+      test/.*|
+  )$
+
+repos:
+  # auto formatters (no work required) #############################################################
+  # - repo: https://github.com/pre-commit/pre-commit-hooks
+  #   rev: v5.0.0
+  #   hooks:
+  #     - id: trailing-whitespace
+  #     - id: end-of-file-fixer
+  - repo: local
+    hooks:
+      - id: phpcbf
+        name: PHP Code Beautifier and Fixer
+        entry: phpcbf
+        language: system
+        files: \.php$
+        args: [--standard=PSR2, --colors]
+
+  # linters (work required) ########################################################################
+  # - repo: https://github.com/pre-commit/pre-commit-hooks
+  #   rev: v5.0.0
+  #   hooks:
+  #     - id: check-yaml
+  #     - id: check-json
+  #     - id: check-xml
+  #     - id: check-added-large-files
+  #     - id: check-executables-have-shebangs
+  # - repo: https://github.com/gitleaks/gitleaks
+  #   rev: v8.23.1
+  #   hooks:
+  #     - id: gitleaks
+  - repo: local
+    hooks:
+      - id: phpcs
+        name: PHP CodeSniffer
+        entry: phpcs
+        language: system
+        files: \.php$
+        args: [--standard=PSR2, --colors]
+      - id: php-l
+        name: php -l
+        entry: php
+        language: system
+        files: \.php$
+        args: [-l]
+      - id: assert-no-die-exit
+        name: Assert no die()/exit()
+        entry: ./test/assert-no-die-exit.bash
+        language: system
+        files: \.php$
+        exclude: resources/lib/UnitySite\.php$

.pre-commit-config.yaml

@@ -51,4 +51,4 @@ The following users are available for testing:
 
 ### Changes to Dev Environment
 
-Should the default schema of the web portal change, the `ldap/bootstrap.ldif` and `sql/bootstrap.sql` must be updated for the LDAP server and the MySQL server, respectively.
+Should the default schema of the web portal change, the `ldap/bootstrap.ldif` and `sql/bootstrap.sql` must be updated for the LDAP server and the MySQL server, respectively.

CONTRIBUTING.md

@@ -21,15 +21,19 @@ Unity Web Portal is a PHP application built in top of MariaDB and LDAP which act
     1. Some HTTP Authentication mechanism (such as Shibboleth SP)
     1. Composer (`apt install composer` on Ubuntu)
     1. PHP Extensions
+        1. `php-cli`
+        1. `php-curl`
+        1. `php-intl`
         1. `php-ldap`
-        2. `php-curl`
-        3. `php-redis`
-        4. `php-cli`
-        5. `php-mysql`
-        6. `php-pdo`
+        1. `php-mbstring`
+        1. `php-mysql`
+        1. `php-pdo`
+        1. `php-redis`
+        1. `php-xml`
 2. Composer packages
     1. `cd` to this repository
-    2. Install packages `composer update`
+    1. Setup git submodules `git submodule update --init --checkout`
+    1. Install packages `composer update`
 3. Setup config file `config/config.ini` according to your site deployment
 4. Setup branding file `config/branding/config.ini` according to your site deployment
 5. Point your web server's document root to `webroot` in this repo

README.md

@@ -1,8 +1,10 @@
 {
     "require": {
         "psr/log": "1.1.4",
-        "phpseclib/phpseclib": "3.0.16",
-        "phpmailer/phpmailer": "6.6.4",
-        "hakasapl/phpopenldaper": "1.0.5"
+        "phpseclib/phpseclib": "3.0.43",
+        "phpmailer/phpmailer": "6.6.4"
+    },
+    "require-dev": {
+        "phpunit/phpunit": "<12.1"
     }
 }

composer.json

@@ -11,17 +11,20 @@ name = "Unity Cluster"  ; Name of the website
 url = "https://127.0.0.1:8000/"  ; URL of the website
 description = "The Unity Web Portal is a lightweight HPC cluster front-end"  ; Description of the website
 logo = "logo.png"  ; path to logo file, in the webroot/assets/branding folder
+terms_of_service_url = "https://github.com" ; this can be external or a portal page created with "content management"
+account_policy_url = "https://github.com" ; this can be external or a portal page created with "content management"
 
 [ldap]
 uri = "ldap://identity"  ; URI of remote LDAP server
 user = "cn=admin,dc=unityhpc,dc=test"  ; Admin bind DN LDAP user
 pass = "password"  ; Admin bind password
 basedn = "dc=unityhpc,dc=test"  ; Base search DN
-user_ou = "ou=users,dc=unityhpc,dc=test"  ; User organizational unit
+user_ou = "ou=users,dc=unityhpc,dc=test"  ; User organizational unit (may contain more than user group)
+user_group = "cn=unityusers,dc=unityhpc,dc=test" ; User group
 group_ou = "ou=groups,dc=unityhpc,dc=test"  ; Group organizational unit
 pigroup_ou = "ou=pi_groups,dc=unityhpc,dc=test"  ; PI Group organizational unit
 orggroup_ou = "ou=org_groups,dc=unityhpc,dc=test"  ; ORG group organizational unit
-admin_group = "cn=sudo,dc=unityhpc,dc=test"  ; admin dn (members of this group are admins on the web portal)
+admin_group = "cn=web_admins,dc=unityhpc,dc=test"  ; admin dn (members of this group are admins on the web portal)
 def_user_shell = "/bin/bash"  ; Default shell for new users
 
 [sql]
@@ -74,6 +77,7 @@ title[] = "Test Medium Footer"
 [loginshell]  ; Login shells that show up as options in the account settings page
 shell[] = "/bin/bash"
 shell[] = "/bin/zsh"
+shell[] = "/bin/tcsh"
 
 [menuitems]  ; menu items, add a label and link for each
 labels[] = "Global Menuitem 1"
@@ -100,4 +104,3 @@ url = "https://hooks.slack.com/services/T04BB3N3M26/B050A55CBNX/IGm1YA0VhjczAfs5
 [page]  ; which sql objects to use for the content on these pages
 home = "home"
 support = "support"
-policy = "policy"

defaults/config.ini.default

@@ -0,0 +1,16 @@
+<!-- restrictWarnings="true" -->
+<phpunit
+  bootstrap="test/phpunit-bootstrap.php"
+  failOnWarning="true"
+  failOnDeprecation="true"
+  failOnNotice="true"
+>
+  <testsuites>
+    <testsuite name="unit">
+      <directory>test/unit</directory>
+    </testsuite>
+    <testsuite name="functional">
+      <directory>test/functional</directory>
+    </testsuite>
+  </testsuites>
+</phpunit>

phpunit.xml

@@ -7,6 +7,10 @@
 // Load Composer Libs
 require_once __DIR__ . "/../vendor/autoload.php";
 
+// submodule
+require_once __DIR__ . "/lib/phpopenldaper/src/PHPOpenLDAPer/LDAPEntry.php";
+require_once __DIR__ . "/lib/phpopenldaper/src/PHPOpenLDAPer/LDAPConn.php";
+
 // load libs
 require_once __DIR__ . "/lib/UnityLDAP.php";
 require_once __DIR__ . "/lib/UnityUser.php";
@@ -19,6 +23,7 @@
 require_once __DIR__ . "/lib/UnityConfig.php";
 require_once __DIR__ . "/lib/UnityWebhook.php";
 require_once __DIR__ . "/lib/UnityRedis.php";
+require_once __DIR__ . "/lib/UnityGithub.php";
 
 // run init script
 require __DIR__ . "/init.php";

resources/autoload.php

@@ -4,16 +4,15 @@
  * init.php - Initialization script that is run on every page of Unity
  */
 
-use UnityWebPortal\lib\{
-    UnityConfig,
-    UnityLDAP,
-    UnityMailer,
-    UnitySQL,
-    UnitySSO,
-    UnityUser,
-    UnityRedis,
-    UnityWebhook
-};
+use UnityWebPortal\lib\UnityConfig;
+use UnityWebPortal\lib\UnityLDAP;
+use UnityWebPortal\lib\UnityMailer;
+use UnityWebPortal\lib\UnitySQL;
+use UnityWebPortal\lib\UnitySSO;
+use UnityWebPortal\lib\UnityUser;
+use UnityWebPortal\lib\UnityRedis;
+use UnityWebPortal\lib\UnityWebhook;
+use UnityWebPortal\lib\UnityGithub;
 
 //
 // Initialize Session
@@ -46,6 +45,7 @@
     $CONFIG["ldap"]["pigroup_ou"],
     $CONFIG["ldap"]["orggroup_ou"],
     $CONFIG["ldap"]["admin_group"],
+    $CONFIG["ldap"]["user_group"],
     $CONFIG["ldap"]["def_user_shell"]
 );
 
@@ -86,6 +86,8 @@
     $CONFIG["site"]["url"] . $CONFIG["site"]["prefix"]
 );
 
+$GITHUB = new UnityGithub();
+
 //
 // SSO Init
 //

resources/init.php

@@ -0,0 +1,31 @@
+<?php
+
+namespace UnityWebPortal\lib;
+
+class UnityGithub
+{
+    public function getSshPublicKeys($username)
+    {
+        $url = "https://api.github.com/users/$username/keys";
+        $headers = array(
+        "User-Agent: Unity Cluster User Portal"
+        );
+
+        $curl = curl_init();
+        curl_setopt($curl, CURLOPT_URL, $url);
+        curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
+        curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
+        $keys = json_decode(curl_exec($curl), false);
+        curl_close($curl);
+
+        // normally returns array of objects each with a ->key attribute
+        // if bad URL or no such user, returns status=404 object
+        // if no keys, returns []
+        if ((!is_array($keys)) || (count($keys) == 0)) {
+            return [];
+        }
+        // phpcs:disable
+        return array_map(function($x){return $x->key;}, $keys);
+        // phpcs:enable
+    }
+}