Merge pull request #57 from hakasapl/main

Release 1.1.0 Preparation

Author: hakasapl

.gitignore

@@ -10,4 +10,7 @@ resources/custom_user_mappings/*.csv
 
 # don't track vendor files from composer
 vendor
-composer.lock
+composer.lock
+
+# don't track site configs
+config/**/*.ini

CHANGELOG.md

@@ -1,8 +1,31 @@
-## 1.0.0-RC2
+# 1.1.0
+
+2023-3-13
+
+* [Feature] Added alternate config email for PI emails (#35)
+* [Feature] Pasted and Uploaded SSH Keys are now validated (#17)
+* [Feature] Added request date for requests on admin/pi pages (#40)
+* [Feature] Added conf options and login selector to user accounts page (#15)
+* [Feature] Added PIGroups in User for view for admins (#29)
+* [Feature] It is now possible to override mail templates
+* [Frontend] Removed borders in between footer logos (#46)
+* [Frontend] Added a new content management field for home page (#45)
+* [Bug] Admin pages are now sorted alphabetically by UID (#52)
+* [Bug] Fixed footer lookup PHP error for sending emails
+* [Bug] Fixed changelog format
+* [Bug] Fixed styling on content management page (#20)
+* [Project] Footers in the project are now generic
+* [Project] Default configs do not reference UMA labels anymore
+
+# 1.0.0-RC2
+
+2022-10-03
+
 * [BugFix] Fixed Unity Branding where Array were not being merged
 * [Project] Bumped phpopenldaper version from composer
 
-## 1.0.0-RC1
+# 1.0.0-RC1
+
 * [Feature] Admins can now access the web portal as a separate user
 * [Feature] Added account details to account settings page
 * [Feature] Added branding configuration
@@ -21,7 +44,8 @@
 * [Project] Project now adheres to PHP PSR-12 standards
 
 
-## 0.6.0-BETA
+# 0.6.0-BETA
+
 * [Feature] Added cluster notices - hakan
 * [Feature] Added development environment features - hakan
 * [Feature] Added universal logging support - hakan
@@ -31,7 +55,8 @@
 * [Bug] Fixed issue which caused PI already exists message to not display correctly - calvin
 * [UI] Added URI branding - hakan
 
-## 0.5.0-BETA
+# 0.5.0-BETA
+
 * [Feature] Added notices for inactive account
 * [Locale] New XML based locale for easier dynamic lang switching
 * [Feature] Added VAST storage and Truenas Core storage integration for automatic storage creation
@@ -41,9 +66,11 @@
 * [Style] General style changes
 * [Feature] Added unityfs service, which is a socket service responsible for provisioning storage on Unity
 
-## 0.4.0HF1-BETA
+# 0.4.0HF1-BETA
+
 * [Bug] Fixed issue where some users account wasn't activating
 
-## 0.4.0-BETA
+# 0.4.0-BETA
+
 * [Feature] Added Multiple PI Support
 * [Backend] Users and PI Groups are treated as different entities

README.md

@@ -22,15 +22,45 @@ Unity Web Portal is a PHP application built in top of MariaDB and LDAP which act
     1. Composer (`apt install composer` on Ubuntu)
     1. PHP Extensions
         1. `php-ldap`
-1. Composer packages
+        2. `php-curl`
+2. Composer packages
     1. `cd` to this repository
-    1. Install packages `composer update`
-1. Setup config file `config/config.ini` according to your site deployment
-1. Point your web server's document root to `webroot` in this repo
+    2. Install packages `composer update`
+3. Setup config file `config/config.ini` according to your site deployment
+4. Setup branding file `config/branding/config.ini` according to your site deployment
+5. Point your web server's document root to `webroot` in this repo
 
 The scope of this project ends at being responsible for the LDAP user database. We recommend production deployments to set up scripts which detect changes in LDAP and then perform further actions. For example, a script can be used to create Slurm scheduler accounting roles based on the LDAP information created by this website.
 
 ## Web Server Setup
 External to this codebase, you must configure authentication using your web server. You must retrict the following:
 * `/panel` - users who are signed in
 * `/admin` - admins who are signed in
+
+## Updating
+The update process is similar to the installation process:
+
+1. Clone the release and follow installation instructions 1 and 2 from above.
+2. Copy the following folders from the old installation to the new one:
+    1. `config`
+    2. `webroot/res/footer_logos`
+
+We recommend a deployment where each version of the portal is its own clone, then just change a symlink to point to the new version. This way a rollback is much easier.
+
+Example folder structure, where `->` indicates a symlink:
+```
+unity-web-portal
+    unity-web-portal -> unity-web-portal-1.1.0
+    unity-web-portal-1.0.0-RC1
+    unity-web-portal-1.0.0-RC2
+    unity-web-portal-1.1.0
+```
+
+Below you will find specific instructions for moving between version:
+
+### 1.0.0-RC2 > 1.1.0
+
+1. `config/branding/config.ini.default` has some new fields that will need to be overriden by the site config if needed:
+   1. `pi_approve*` in the `mail` section
+   2. `home` in the `page` section
+   3. The entire `loginshell` section

config/branding/config.ini renamed to config/branding/config.ini.default

@@ -1,3 +1,6 @@
+; Branding Defaults
+; DO NOT EDIT THIS FILE. Instead make a config.ini in the same location as this file
+;
 [site]
 name = "Unity Cluster"  ; Name of the website
 url = "https://127.0.0.1:8000/"  ; URL of the website
@@ -19,8 +22,8 @@ accent_3 = "#a92323"  ; Active element color for element using accent color
 accent_disabled = "#e48181"  ; Disabled element color for element using accent color
 accent_foreground = "#ffffff"  ; Text color when accent color is background
 
-[footer]
-logos[] = "testLongFooter.png"  ; Footer logos (add new lines for each)
+[footer]  ; Footer logos (add new lines for each)
+logos[] = "testLongFooter.png"
 links[] = "https://github.com/"
 title[] = "Test Long Footer"
 logos[] = "testMedFooter.png"
@@ -33,7 +36,7 @@ logos[] = "testMedFooter.png"
 links[] = "https://github.com/"
 title[] = "Test Medium Footer"
 
-[loginshell] ; menu items, Login Shells
+[loginshell]  ; Login shells that show up as options in the account settings page
 shell[] = "/bin/bash"
 shell[] = "/bin/zsh"
 
@@ -46,13 +49,13 @@ labels[] = "Secure Menuitem 1"
 links[] = "https://github.com/"
 
 [mail]  ; mail addresses
-support = "[email protected]"
+support = "[email protected]"  ; Email for user support
 support_name = "Unity Support"
-admin = "[email protected]"
+admin = "[email protected]"  ; Email that goes to admins about site messages
 admin_name = "Unity Admins"
-sender = "[email protected]"
+sender = "[email protected]"  ; The "from" email for all messages sent from the portal
 sender_name = "Unity Sender"
-pi_approve = "[email protected]"
+pi_approve = "[email protected]"  ; Only PI approval messages will go to this email
 pi_approve_name = "Unity PI Approval"
 
 [page]  ; which sql objects to use for the content on these pages

config/branding/overrides/unity.uri.edu.ini renamed to config/branding/overrides/unity.uri.edu.ini.example

@@ -1,6 +1,9 @@
+; Main Site Config
+; DO NOT EDIT THIS FILE. Instead make a config.ini file in the same folder.
+;
 [upstream]
-version = "1.0.0-RC2"  ; Current upstream version of the web portal
-repo = "https://github.com/hakasapl/unity-web-portal"  ; Upstream URL for the web portal
+version = "1.1.0"  ; Current upstream version of the web portal
+repo = "https://github.com/UnityHPC/unity-web-portal"  ; Upstream URL for the web portal
 
 [site]
 prefix = ""  ; prefix of website, no ending / should be included

config/config.ini renamed to config/config.ini.default

@@ -0,0 +1,3 @@
+# Mail Overrides
+
+In this location, you can copy any file in the resources/mail folder into here and modify it. **The filename must remain the same**

config/mail_overrides/README

@@ -22,7 +22,7 @@
 //
 // Config INIT
 //
-$CONFIG = UnitySite::getConfig(__DIR__ . "/../config/config.ini");
+$CONFIG = UnitySite::getConfig(__DIR__ . "/../config");
 $BRANDING = UnityBranding::getBranding(__DIR__ . "/../config/branding");
 
 //
@@ -54,6 +54,7 @@
 // Creates SMTP service
 $MAILER = new UnityMailer(
     __DIR__ . "/mail",
+    __DIR__ . "/../config/mail_overrides",
     $CONFIG["smtp"]["host"],
     $CONFIG["smtp"]["port"],
     $CONFIG["smtp"]["security"],

resources/init.php

@@ -7,7 +7,12 @@ class UnityBranding
     public static function getBranding($branding_loc)
     {
         // Loading branding
-        $BRANDING = parse_ini_file($branding_loc . "/config.ini", true);
+        $BRANDING = parse_ini_file($branding_loc . "/config.ini.default", true);
+        $branding_main_override = $branding_loc . "/config.ini";
+        if (file_exists($branding_main_override)) {
+            $override_config_main = parse_ini_file($branding_main_override, true);
+            $BRANDING = array_replace_recursive($BRANDING, $override_config_main);
+        }
 
         $branding_override = $branding_loc . "/overrides/" . $_SERVER['HTTP_HOST'] . ".ini";
         if (file_exists($branding_override)) {

resources/lib/UnityBranding.php

@@ -11,6 +11,7 @@
 class UnityMailer extends PHPMailer
 {
     private $template_dir;  // location of all email templates
+    private $override_template_dir;
 
     private $MSG_LINKREF;
     private $MSG_SENDER_EMAIL;
@@ -24,6 +25,7 @@ class UnityMailer extends PHPMailer
 
     public function __construct(
         $template_dir,
+        $override_template_dir,
         $hostname,
         $port,
         $security,
@@ -83,6 +85,7 @@ public function __construct(
         }
 
         $this->template_dir = $template_dir;
+        $this->override_template_dir = $override_template_dir;
 
         $this->MSG_LINKREF = $msg_linkref;
         $this->MSG_SENDER_EMAIL = $msg_sender_email;
@@ -102,10 +105,24 @@ public function sendMail($recipients, $template = null, $data = null)
             $this->setFrom($this->MSG_SENDER_EMAIL, $this->MSG_SENDER_NAME);
             $this->addReplyTo($this->MSG_SUPPORT_EMAIL, $this->MSG_SUPPORT_NAME);
 
+            // find mail template
+            $template_filename = $template . ".php";
+            if (file_exists($this->override_template_dir . "/" . $template_filename)) {
+                $template_path = $this->override_template_dir . "/" . $template_filename;
+            } else {
+                $template_path = $this->template_dir . "/" . $template_filename;
+            }
+
+            // find footer template
+            if (file_exists($this->override_template_dir . "/footer.php")) {
+                $footer_template_path = $this->override_template_dir . "/footer.php";
+            } else {
+                $footer_template_path = $this->template_dir . "/footer.php";
+            }
 
             ob_start();
-            include $this->template_dir . "/" . $template . ".php";
-            include $this->template_dir . "/footer.php";
+            include $template_path;
+            include $footer_template_path;
             $mes_html = ob_get_clean();
             $this->msgHTML($mes_html);
 

resources/lib/UnityMailer.php

@@ -49,7 +49,15 @@ public static function getGithubKeys($username)
 
     public static function getConfig($conf_path)
     {
-        $arr = parse_ini_file($conf_path, true);
+        // load default conf values
+        $arr = parse_ini_file($conf_path . "/config.ini.default", true);
+
+        if (file_exists($conf_path . "/config.ini")) {
+            // check if there is an override
+            $arr_override = parse_ini_file($conf_path . "/config.ini", true);
+            array_replace_recursive($arr, $arr_override);
+        }
+
         return $arr;
     }
 

resources/lib/UnitySite.php

@@ -75,7 +75,8 @@ CREATE TABLE `pages` (
 
 INSERT INTO `pages` (`id`, `page`, `content`) VALUES
 (1, 'support', '<h3>Docmentation and FAQ</h3>\r\n<p>You can find our documentation <a href=\"https://esdconfluence.it.umass.edu/confluence/display/UNITY/Unity+Cluster+Documentation+Home\" target=\"_blank\">here</a>. We also have an <a target=\"_blank\" href=\"https://esdconfluence.it.umass.edu/confluence/display/UNITY/Frequently+Asked+Questions\">FAQ</a> page which could help answer quick questions.\r\n\r\n<h3>Office Hours</h3>\r\n<p>We offer office hours every week on <strong>Tuesdays 2-4 PM</strong> in-person at <strong>W.E.B. DuBois Library 786</strong> or remote on <strong><a target=\"_blank\" href=\"https://umass-amherst.zoom.us/j/95663998309\">Zoom</a></strong>. Be sure to check the <a href=\"<?php echo $CONFIG[\"site\"][\"prefix\"]; ?>/index.php\">cluster notes</a> page for up-to-date information on any canceled/delayed office hours.</p>\r\n\r\n<h3>Support Email</h3>\r\n<p>You can create a support ticket by emailing <a target=\"_blank\" href=\"mailto:[email protected]\">[email protected]</a>. We will do our best to reply as fast as possible!</p>'),
-(2, 'policy', '<p>By using resources associated with Unity, you agree to comply with the following conditions of use.  This is an extension of the University of Massachussetts Amherst Information Technology Acceptable Use Policy, which can be found <a target=\"_blank\" href=\"https://www.umass.edu/it/security/acceptable-use-policy\">here</a>.</p>\r\n\r\n<ol>\r\n    <li>You will not use Unity resources for illicit financial gain, such as virtual currency mining, or any unlawful purpose, nor attempt to breach or circumvent any Unity administrative or security controls. You will comply with all applicable laws, working with your home institution and the specific Unity service providers utilized to determine what constraints may be placed on you by any relevant regulations such as export control law or HIPAA.</li>\r\n    <li>You will respect intellectual property rights and observe confidentiality agreements.</li>\r\n    <li>You will protect the access credentials (e.g., passwords, private keys, and/or tokens) issued to you or generated to access Unity resources; these are issued to you for your sole use.</li>\r\n    <li>You will immediately report any known or suspected security breach or loss or misuse of Unity access credentials to <a href=\"mailto:[email protected]\">[email protected]</a>.</li>\r\n    <li>You will have only one Unity User account and will keep your profile information up-to-date.</li>\r\n    <li>Use of resources and services through Unity is at your own risk. There are no guarantees that resources and services will be available, that they will suit every purpose, or that data will never be lost or corrupted. Users are responsible for backing up critical data.</li>\r\n    <li>Logged information, including information provided by you for registration purposes, is used for administrative, operational, accounting, monitoring and security purposes. This information may be disclosed, via secured mechanisms, only for the same purposes and only as far as necessary to other organizations cooperating with Unity .</li>\r\n</ol>\r\n\r\n<p>The Unity team reserves the right to restrict access to any individual/group found to be in breach of the above.</p>');
+(2, 'policy', '<p>By using resources associated with Unity, you agree to comply with the following conditions of use.  This is an extension of the University of Massachussetts Amherst Information Technology Acceptable Use Policy, which can be found <a target=\"_blank\" href=\"https://www.umass.edu/it/security/acceptable-use-policy\">here</a>.</p>\r\n\r\n<ol>\r\n    <li>You will not use Unity resources for illicit financial gain, such as virtual currency mining, or any unlawful purpose, nor attempt to breach or circumvent any Unity administrative or security controls. You will comply with all applicable laws, working with your home institution and the specific Unity service providers utilized to determine what constraints may be placed on you by any relevant regulations such as export control law or HIPAA.</li>\r\n    <li>You will respect intellectual property rights and observe confidentiality agreements.</li>\r\n    <li>You will protect the access credentials (e.g., passwords, private keys, and/or tokens) issued to you or generated to access Unity resources; these are issued to you for your sole use.</li>\r\n    <li>You will immediately report any known or suspected security breach or loss or misuse of Unity access credentials to <a href=\"mailto:[email protected]\">[email protected]</a>.</li>\r\n    <li>You will have only one Unity User account and will keep your profile information up-to-date.</li>\r\n    <li>Use of resources and services through Unity is at your own risk. There are no guarantees that resources and services will be available, that they will suit every purpose, or that data will never be lost or corrupted. Users are responsible for backing up critical data.</li>\r\n    <li>Logged information, including information provided by you for registration purposes, is used for administrative, operational, accounting, monitoring and security purposes. This information may be disclosed, via secured mechanisms, only for the same purposes and only as far as necessary to other organizations cooperating with Unity .</li>\r\n</ol>\r\n\r\n<p>The Unity team reserves the right to restrict access to any individual/group found to be in breach of the above.</p>'),
+(3, 'home', '<p>Home page content</p><p>Other line</p>');
 
 -- --------------------------------------------------------
 

tools/docker-dev/sql/bootstrap.sql

@@ -30,11 +30,16 @@
         ?>
     </select>
 
+    <br><br>
+
     <textarea name="content" id="editor" form="pageForm"></textarea>
 
+    <br><br>
+
     <input type="submit" value="Edit Page">
 </form>
 
+
 <script>
     ClassicEditor
         .create(document.querySelector('#editor'), {})

webroot/admin/content.php

@@ -115,26 +115,30 @@
 <?php
     $accounts = $LDAP->getAllPIGroups($SQL, $MAILER);
 
-foreach ($accounts as $pi_group) {
-    $pi_user = $pi_group->getOwner();
-
-    echo "<tr class='expandable'>";
-    echo "<td><button class='btnExpand'>&#9654;</button>" . $pi_user->getFirstname() .
-    " " . $pi_user->getLastname() . "</td>";
-    echo "<td>" . $pi_group->getPIUID() . "</td>";
-    echo "<td><a href='mailto:" . $pi_user->getMail() . "'>" . $pi_user->getMail() . "</a></td>";
-    echo "<td>";
-    echo
-    "<form action='' method='POST' 
+    usort($accounts, function ($a, $b) {
+        return strcmp($a->getPIUID(), $b->getPIUID());
+    });
+
+    foreach ($accounts as $pi_group) {
+        $pi_user = $pi_group->getOwner();
+
+        echo "<tr class='expandable'>";
+        echo "<td><button class='btnExpand'>&#9654;</button>" . $pi_user->getFirstname() .
+        " " . $pi_user->getLastname() . "</td>";
+        echo "<td>" . $pi_group->getPIUID() . "</td>";
+        echo "<td><a href='mailto:" . $pi_user->getMail() . "'>" . $pi_user->getMail() . "</a></td>";
+        echo "<td>";
+        echo
+        "<form action='' method='POST' 
     onsubmit='return confirm(\"Are you sure you want to remove " . $pi_group->getPIUID() . "?\")'>
         <input type='hidden' name='form_name' value='remGroup'>
         <input type='hidden' name='pi' value='" . $pi_group->getPIUID() . "'>
         <input type='submit' value='Remove'>
     </form>";
-    echo "</td>";
-    echo "</tr>";
-}
-?>
+        echo "</td>";
+        echo "</tr>";
+    }
+    ?>
 </table>
 
 <script>

webroot/admin/pi-mgmt.php

@@ -38,6 +38,10 @@
     <?php
     $users = $LDAP->getAllUsers($SQL, $MAILER);
 
+    usort($users, function ($a, $b) {
+        return strcmp($a->getUID(), $b->getUID());
+    });
+
     foreach ($users as $user) {
         echo "<tr>";
         echo "<td>" . $user->getFirstname() . " " . $user->getLastname() . "</td>";