testing

.github/workflows/lint.yml

@@ -29,7 +29,7 @@ jobs:
       - name: Set up PHP
         uses: shivammathur/setup-php@v2
         with:
-          php-version: "7.4"
+          php-version: "8.3"
           coverage: none
           tools: phpcs
 

.gitignore

@@ -16,3 +16,8 @@ composer.lock
 deployment/*
 !deployment/**/README.md
 !deployment/deploy.sh
+
+# these files are generated by a python script
+tools/docker-dev/identity/bootstrap.ldif
+tools/docker-dev/web/htpasswd
+tools/docker-dev/sql/bootstrap-users.sql

CONTRIBUTING.md

@@ -8,7 +8,26 @@ When submitting pull requests, the pull request should be made to the version yo
 
 ## Conventions
 
-This code base is currently using PHP version 7.4. All files are required to be linted with PSR-12 standard. This repository will automatically check PRs for linting compliance.
+This code base is currently using PHP version 8.3. All files are required to be linted with PSR-12 standard. This repository will automatically check PRs for linting compliance.
+
+### handling HTTP headers
+
+* the web page header `LOC_HEADER` should be included before handling HTTP headers
+* all expected headers should be fetched using `UnitySite::array_get_or_bad_request`
+* all headers which are expected to be one of a set of hard coded values should use a switch case where the default case is `UnitySite::bad_request("invalid <header-name>")`
+
+### admin access control
+
+All pages under `admin/` should check `$USER->isAdmin()` and do `UnitySite::forbidden($USER, $SQL)` if not admin. This should be redundant since the web server should also be doing this on `admin/` as a whole.
+
+### error messages
+
+Use `UnitySite::alert` to make a popup. Be sure to break out of whatever logic branch you're in.
+
+### die()
+
+Don't use `die()`. Throw an exception.
+
 
 ## Development Environment
 
@@ -29,26 +48,12 @@ While the environment is running, the following is accessible:
 
 ### Test Users
 
-The test environment ships with a number of users that can be used for testing. When accessing locked down portions of the portal, you will be asked for a username and password. The password is always `password`.
-
 The following users are available for testing:
 
-* `[email protected]` - admin user who is a member of pi_user1_domain_edu
-* `[email protected]` - admin user
-* `[email protected]` - user who is the owner of pi_user1_domain_edu
-* `[email protected]` - user who is the owner of pi_user2_domain_edu
-* `[email protected]` - user who is a member of pi_user1_domain_edu
-* `[email protected]` - user
-* `[email protected]` - user who is a member of pi_user2_domain_edu
-* `[email protected]` - user who is a member of pi_user2_domain_edu
-* `[email protected]` - user who has no LDAP object
-* `[email protected]` - user who has no LDAP object
-* `[email protected]` - user who has no LDAP object
-* `[email protected]` - user who is the owner of pi_user1_domain2_edu
-* `[email protected]` - user
-* `[email protected]` - user who has no LDAP object
-* `[email protected]` - user who has no LDAP object
+* `[email protected]` - portal administrator, also has PI group `pi_web_admin_unityhpc_test`
+
+The test environment ships with a randomly generated (with hard coded seed) set of organizations, PI groups, and user accounts. See `tools/docker-dev/generate-user-bootstrap-files-.py`. Use PHPLDAPAdmin to view them. The UIDs are of the form `user0001_org01_test`, `user0002_org02_test`, ... . The lowest user numbers are deliberatly left out, so that you can test the creation of new users. To log in as a user, you can clear your cookies and do HTTP basic auth with their `mail` attribute and password "password", or you can log in as `web_admin` and switch to their account from the user management page.
 
 ### Changes to Dev Environment
 
-Should the default schema of the web portal change, the `ldap/bootstrap.ldif` and `sql/bootstrap.sql` must be updated for the LDAP server and the MySQL server, respectively.
+Should the default schema of the web portal change, `tools/generate_htpasswd_bootstrap-ldif.py` and `sql/bootstrap.sql` must be updated for the LDAP server and the MySQL server, respectively.

README.md

@@ -22,17 +22,18 @@ Unity Web Portal is a PHP application built in top of MariaDB and LDAP which act
     1. Composer (`apt install composer` on Ubuntu)
     1. PHP Extensions
         1. `php-ldap`
-        2. `php-curl`
-        3. `php-redis`
-        4. `php-cli`
-        5. `php-mysql`
-        6. `php-pdo`
-2. Composer packages
+        1. `php-curl`
+        1. `php-redis`
+        1. `php-cli`
+        1. `php-mysql`
+        1. `php-pdo`
+1. Composer packages
     1. `cd` to this repository
-    2. Install packages `composer update`
-3. Setup config file `config/config.ini` according to your site deployment
-4. Setup branding file `config/branding/config.ini` according to your site deployment
-5. Point your web server's document root to `webroot` in this repo
+    1. Install packages `sudo composer update --no-plugins --no-scripts`
+1. Deployment:
+    1. configure the files in `deployment/` according to their respective `README.md` files
+1. make sure redis cache is populated: `cd workers && php ./update-ldap-cache.php`
+1. Point your web server's document root to `webroot` in this repo
 
 The scope of this project ends at being responsible for the LDAP user database. We recommend production deployments to set up scripts which detect changes in LDAP and then perform further actions. For example, a script can be used to create Slurm scheduler accounting roles based on the LDAP information created by this website.
 
@@ -46,7 +47,7 @@ The update process is similar to the installation process:
 
 1. Clone the release and follow installation instructions 1 and 2 from above.
 2. Copy the following folders from the old installation to the new one:
-    1. `config`
+    1. `deployment`
     2. `webroot/assets/footer_logos`
 
 We recommend a deployment where each version of the portal is its own clone, then just change a symlink to point to the new version. This way a rollback is much easier.

composer.json

@@ -1,8 +1,10 @@
 {
     "require": {
-        "psr/log": "1.1.4",
-        "phpseclib/phpseclib": "3.0.16",
-        "phpmailer/phpmailer": "6.6.4",
-        "hakasapl/phpopenldaper": "1.0.5"
+        "psr/log": ">=3.0.2",
+        "phpseclib/phpseclib": ">=3.0.43",
+        "phpmailer/phpmailer": ">=6.9.3",
+        "hakasapl/phpopenldaper": ">=1.0.5",
+        "mockery/mockery": ">=1.6.12",
+        "phpunit/phpunit": "<12.1"
     }
 }

defaults/config.ini.default

@@ -21,7 +21,7 @@ user_ou = "ou=users,dc=unityhpc,dc=test"  ; User organizational unit
 group_ou = "ou=groups,dc=unityhpc,dc=test"  ; Group organizational unit
 pigroup_ou = "ou=pi_groups,dc=unityhpc,dc=test"  ; PI Group organizational unit
 orggroup_ou = "ou=org_groups,dc=unityhpc,dc=test"  ; ORG group organizational unit
-admin_group = "cn=sudo,dc=unityhpc,dc=test"  ; admin dn (members of this group are admins on the web portal)
+admin_group = "cn=web_admins,dc=unityhpc,dc=test"  ; admin dn (members of this group are admins on the web portal)
 def_user_shell = "/bin/bash"  ; Default shell for new users
 
 [sql]