~samer_m


#88 make sessionExpiry depend on user 1 year, 6 months ago

Comment by ~samer_m on ~eduvpn/server

the reason we used the already existing permissionList is that it is coming from the same source and provide similar functionality. and as you mentioned it opens for more flags to be added.

we applied the expiry on the connection for some reasons 1- existing vpn deployment will have to do maintenance to delete existing OAuth authorizations for users that the configure with expiry. this would put some load on admin when configuring users is taking place on batches. having on connection level puts configuration on immediate effect upon connection as existing connection is removed the first thing. 2- the main purpose is to limit the user from connection. in some scenarios the user needs to get back to admin to extend his/her expiry. he/she does not have to reauthorize clients then. 3- there is a maintenance script for deleting disabled users. that can take care of non-extended expiry when it lapse.

#88 make sessionExpiry depend on user 1 year, 6 months ago

Comment by ~samer_m on ~eduvpn/server

i have included similar functionality in https://github.com/eduvpn/vpn-user-portal/pull/206 the feature is connectionExpiresAt and it affects connection expiry. authorization is kept as global settings 'sessionExpiry'

in the pull, UserInfo Class was modified to allow for more fields to be added in future like 'sessionExpiry'

#86 put secrets stored in /var/lib/vpn-user-portal in DB 1 year, 6 months ago

Comment by ~samer_m on ~eduvpn/server

moving config to the database will make it robust. as start to be able to view all configs (specially with multi-portal in mind). having portal, profile, nodes config in database, implies having their respective keys along. CA as master key, if stored in database, it think it would require level of security, in-terms of storage-API between all portals and DB instead of direct DB access. portal will have to use portal{x}.key.

#86 put secrets stored in /var/lib/vpn-user-portal in DB 1 year, 6 months ago

Comment by ~samer_m on ~eduvpn/server

one way to handle vpn-ca, is to generate passphrase in environment variable to encrypt the files being generated . once the generation process is completed, the pass phrase can be used to decrypt the files during the db insert.

#53 fix query to create aggregate stats for MariaDB/MySQL 2 years ago

Comment by ~samer_m on ~eduvpn/server

the field l.datetime is varchar, so the date format you insert into wont matter. it will matter when execute DATE(l.date_time) . while DATE() exists in sqllte and mysql, in PSQL i think it is to_date() or cast().

#53 fix query to create aggregate stats for MariaDB/MySQL 2 years ago

Comment by ~samer_m on ~eduvpn/server

It works with PostgreSQL. I am not sure about sqlite.

I through the same so I traced where it was inserted in the first place into the DB.

I found that the following line to be source (storage.php, line 1140, statsAdd())

$stmt->bindValue(':date_time', $dateTime->format(DateTimeImmutable::ATOM), PDO::PARAM_STR);

Perhaps you can try to change DateTimeImmutable::ATOM to 'Y-m-d H:i:sā€™ This will make the sql statement works

#53 fix query to create aggregate stats for MariaDB/MySQL 2 years ago

Comment by ~samer_m on ~eduvpn/server

the field l.date_time is varchr, and the format of the datetime as it comes from php insert. you might try to use DATE_FORMAT(STR_TO_DATE(l.date_time,'%Y-%m-%dT%H:%i:%s.000Z'),'%Y-%m-%d') instead of DATE(l.date_time)