bugy
diff --git a/‎.gitignore‎
Lines changed: 1 addition & 1 deletion b/‎.gitignore‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.travis.yml‎
Lines changed: 3 additions & 3 deletions b/‎.travis.yml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎README.md‎
Lines changed: 19 additions & 3 deletions b/‎README.md‎
Lines changed: 19 additions & 3 deletions
diff --git a/‎samples/configs/parameterized.json‎
Lines changed: 2 additions & 9 deletions b/‎samples/configs/parameterized.json‎
Lines changed: 2 additions & 9 deletions
diff --git a/‎samples/scripts/callback_test.py‎
Lines changed: 17 additions & 0 deletions b/‎samples/scripts/callback_test.py‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎samples/scripts/parameterized.sh‎
Lines changed: 2 additions & 4 deletions b/‎samples/scripts/parameterized.sh‎
Lines changed: 2 additions & 4 deletions
diff --git a/‎src/alerts/alerts_service.py‎
Lines changed: 0 additions & 34 deletions b/‎src/alerts/alerts_service.py‎
Lines changed: 0 additions & 34 deletions
diff --git a/‎src/alerts/destination_http.py‎
Lines changed: 0 additions & 27 deletions b/‎src/alerts/destination_http.py‎
Lines changed: 0 additions & 27 deletions
diff --git a/‎src/auth/authorization.py‎
Lines changed: 23 additions & 22 deletions b/‎src/auth/authorization.py‎
Lines changed: 23 additions & 22 deletions
diff --git a/‎src/communications/__init__.py‎ b/‎src/communications/__init__.py‎
@@ -67,6 +67,6 @@ conf/conf.json
 logs
 .idea
 temp
-web
+/web
 web-src/node_modules
 web-src/package-lock.json
@@ -12,7 +12,6 @@ addons:
 env:
   global:
   - OWNER=${TRAVIS_REPO_SLUG%/*}
-  - COMMIT=${TRAVIS_COMMIT::8}
   # GITHUB_TOKEN
   - secure: GtWCiMPNz3MDDTvXqaVsgZBvlxYRZuTY6sUEhWTL37zJZHgRLlxTCTD27hHZp2P4B6G6KGV/0iEvMYxqzo6jMrzcEnt7TlGetteqI18dhV1dIQGH6uy8Y/PktkK2g2FuJeGV3FRK4+a21v6zzSuUaFa26k97mPapa4LS83XXj7rc13ll23HhhtObVF/a1n3U0Xwe4FkdoxbKlecJUnNujESxFk4xQl4N1tFv15fldDlFq0XWs26eEp3LU/n7wkMzbg9WEqPvDeaYlvir9VpvcYWpVvf8Uz+wpvW1jnE2R6bK1TDv5BNzQwbf2JtN284yZ8I1nwZtOJkc1RUr5wUFxCD0p8tc30sAlKemI385v2t1ccoBYMwH8LHFIUoSXoolHZBsnZeADqpo3a0d8hVFWv4AcxC27Q6SfMCltl0+ogAoQ7wVfkRT++044p415Ar4raEqIkqTm64FaRNMS0v2y5mS2634PMSGMRnK+NBrWz1yFKxsiuPKypIWygtrJ4pyiL2yPBZupnCluEgqva3q6AmMDlNuSUmcTEnCRGB01U2if6/oSEgISH1VK2lsRSxuoG5dFFuezwv90YENh/7pw0/hgge7EOse6OzDsU3uNRWcTuXF7eEBhjM1wBHWHlaAwV9vfHMZX4sHWP4R4CZhPjVEPRz6HPEg1tFCs2EvkuI=
   # DOCKER_USER
@@ -23,14 +22,15 @@ before_install:
 - sudo apt-get -y install python3-pip python3-setuptools
 install:
 - sudo pip3 install -r requirements.txt
-- sudo pip3 install ldap3
+- sudo pip3 install ldap3 parameterized
+- sudo pip3 install requests --upgrade
 - sudo pip3 install pyasn1 --upgrade
 - cd web-src
 - npm install
 - cd ..
 before_script:
 - cd src
-- python3 -m unittest discover -s tests -p "*.py"
+- python3 -m unittest discover -s tests -p "*.py" -t .
 - cd ../web-src
 - npm run test
 - cd ..
 
@@ -18,11 +18,11 @@ Example of the user interface during script execution:
 - Different script parameter types
 - Alerts
 - Logging and auditing
-- Formatted output support (colors, styles, caret positioning)
+- Formatted output support (colors, styles, cursor positioning, clearing)
 - Download of script output files
 - Admin page (admin.html) with script execution logs
 
-The features can be configured [per-script](https://github.com/bugy/script-server/wiki/Script-config) or for [the server](https://github.com/bugy/script-server/wiki/Server-config)
+The features can be configured [per-script](https://github.com/bugy/script-server/wiki/Script-config) or for [the server](https://github.com/bugy/script-server/wiki/Server-configuration)
 
 ## Requirements
 ### Server-side
@@ -49,6 +49,10 @@ Internet connection is not needed. All the files are loaded from the server.
 
 (For detailed steps on linux with virtualenv, please see [Installation guide](https://github.com/bugy/script-server/wiki/Installing-on-virtualenv-(linux)))
 
+##### As a docker container
+Please find pre-built images here: https://hub.docker.com/r/bugy/script-server/tags  
+For the usage please check [this ticket](https://github.com/bugy/script-server/issues/171#issuecomment-461620836)
+
 ### For development
 1. Clone/download the repository
 2. Run 'tools/init.py --dev --no-npm' script
@@ -68,7 +72,7 @@ By default, server will run on http://localhost:5000
 ### Server config
 All the features listed above and some other minor features can be configured in *conf/conf.json* file. 
 It is allowed not to create this file. In this case default values will be used.
-See [server config page](https://github.com/bugy/script-server/wiki/Server-config) for details
+See [server config page](https://github.com/bugy/script-server/wiki/Server-configuration) for details
 
 ### Admin panel
 Admin panel is accessible on admin.html page (e.g. http://localhost:5000/admin.html)
@@ -92,3 +96,15 @@ _Important!_ Command injection protection is fully supported for linux, but _onl
 
 ### XSS and CSRF
 At the moment script server _is_ vulnerable to these attacks.
+
+## Contribution
+If you like the project and think you could help with making it better, there are many ways you can do it:
+- Create new issue for new feature proposal or a bug
+- Implement existing issues (there are quite some of them: frontend/backend, simple/complex, choose whatever you like)
+- Help with improving the documentation
+- Set up a demo server
+- Spread a word about the project to your collegues, friends, blogs or any other channels
+- Any other things you could imagine
+
+Any contribution would be of great help and I will highly appreciate it! 
+If you have any questions, please create a new issue, or concact me via buggygm@gmail.com
@@ -2,7 +2,6 @@
   "name": "Very parameterized",
   "script_path": "scripts/parameterized.sh",
   "description": "This script does nothing except accepting a lot of parameters and printing them",
-  "requires_terminal": false,
   "allowed_users": [
     "*"
   ],
@@ -95,11 +94,6 @@
       "description": "Boolean Two",
       "default": true
     },
-    {
-      "name": "Default Text from variable",
-      "description": "Parameter Eight",
-      "default": "$$USER"
-    },
     {
       "name": "Constant Text",
       "description": "Constant value",
@@ -205,10 +199,9 @@
       "name": "Server file",
       "param": "--server_file",
       "type": "server_file",
-      "file_dir": "/home/$$USER/Documents",
+      "file_dir": "/var/log",
       "file_extensions": [
-        "txt",
-        "jpg"
+        "log"
       ],
       "secure": true
     },
 
@@ -0,0 +1,17 @@
+import os
+import sys
+
+output_file = sys.argv[1]
+
+with open(output_file, 'w') as f:
+    for arg in sys.argv[2:]:
+        f.write(arg + '\n')
+
+    f.write('\n\n')
+
+    fields = ['event_type', 'execution_id', 'pid', 'script_name', 'user', 'exit_code']
+
+    for field in fields:
+        value = os.environ.get(field)
+
+        f.write(field + ': ' + str(value) + '\n')
@@ -37,17 +37,15 @@ printf '%s\n' "${args[@]}"
 echo
 
 if [ ! -z "$recurs_file" ]; then
-    echo "recurs_file=$recurs_file"
-    echo "md5="`md5sum "$recurs_file"`
+    echo "recurs_file="`md5sum "$recurs_file"`
 fi
 
 echo
 
 if [ -z "$my_file" ]; then
     echo '--file_upload is empty'
 else
-    echo '--file_upload content:'
-    cat "$my_file"
+    echo "--file_upload: "`md5sum "$my_file"`
 fi
 
 sleep 5
@@ -1,25 +1,22 @@
 from collections import defaultdict
 
-ANY_USER = 'ANY_USER'
+ANY_USER = '__ANY_USER'
 ADMIN_GROUP = 'admin_users'
 GROUP_PREFIX = '@'
 
 
 class Authorizer:
     def __init__(self, app_allowed_users, admin_users, groups_provider):
-        if ANY_USER in app_allowed_users:
-            self._app_auth_check = AnyUserAuthorizationCheck()
-        else:
-            self._app_auth_check = ListBasedAuthorizationCheck(app_allowed_users)
-
+        self._app_allowed_users = app_allowed_users
         self._admin_users = admin_users
+
         self._groups_provider = groups_provider
 
     def is_allowed_in_app(self, user_id):
-        return self._app_auth_check.is_allowed(user_id)
+        return self.is_allowed(user_id, self._app_allowed_users)
 
     def is_admin(self, user_id):
-        return user_id in self._admin_users
+        return self.is_allowed(user_id, self._admin_users)
 
     def is_allowed(self, user_id, allowed_users):
         if not allowed_users:
@@ -42,20 +39,6 @@ def is_allowed(self, user_id, allowed_users):
         return False
 
 
-class ListBasedAuthorizationCheck:
-    def __init__(self, allowed_users) -> None:
-        self.allowed_users = set(allowed_users)
-
-    def is_allowed(self, user_id):
-        return user_id in self.allowed_users
-
-
-class AnyUserAuthorizationCheck:
-    @staticmethod
-    def is_allowed(user_id):
-        return True
-
-
 class EmptyGroupProvider:
 
     def get_groups(self, user):
@@ -124,6 +107,7 @@ def get_groups(self, user):
 
 def create_group_provider(user_groups, authenticator, admin_users):
     if admin_users:
+        admin_users = _exclude_unknown_groups_from_admin_users(admin_users, user_groups)
         if user_groups is None:
             user_groups = {ADMIN_GROUP: admin_users}
         elif ADMIN_GROUP not in user_groups:
@@ -139,3 +123,20 @@ def create_group_provider(user_groups, authenticator, admin_users):
         return preconfigured_groups_provider
 
     return CombinedGroupProvider(preconfigured_groups_provider, authenticator)
+
+
+# in case groups will be loaded from ldap
+def _exclude_unknown_groups_from_admin_users(admin_users, known_groups):
+    if not admin_users or not known_groups:
+        return admin_users
+
+    result = []
+    for user in admin_users:
+        if user.startswith(GROUP_PREFIX):
+            group = user[1:]
+            if group not in known_groups.keys():
+                continue
+
+        result.append(user)
+
+    return result