hcoop/portal.git
11 months agoremove lib32 gunk master
Clinton Ebadi [Sat, 1 Dec 2018 20:45:39 +0000 (15:45 -0500)]
remove lib32 gunk

no longer needed on stretch; libpq5:i386 can be installed alongside
libpq5:amd64 and everything seems to run fine without this.

11 months agoportal: update server to run create-user on to gibran
Clinton Ebadi [Sat, 1 Dec 2018 20:44:49 +0000 (15:44 -0500)]
portal: update server to run create-user on to gibran

11 months agostripe: send mail using mail-ipv4.hcoop.net
Clinton Ebadi [Fri, 30 Nov 2018 03:30:32 +0000 (22:30 -0500)]
stripe: send mail using mail-ipv4.hcoop.net

Digital Ocean is obnoxious and we can't send anything to
mail.hcoop.net on-site due to outgoing SMTP being blocked over IPv6.

17 months agostripe: allow cards without cvc to pass verification
Clinton Ebadi [Mon, 4 Jun 2018 00:19:07 +0000 (20:19 -0400)]
stripe: allow cards without cvc to pass verification

We really only care about failure, no cvc should be just as good as
passed.

18 months agohide message about portal location
Clinton Ebadi [Sun, 22 Apr 2018 19:51:30 +0000 (15:51 -0400)]
hide message about portal location

we moved over three years ago, not really news anymore

18 months agoFinally excise remaining references to Google Checkout
Clinton Ebadi [Sun, 22 Apr 2018 19:02:11 +0000 (15:02 -0400)]
Finally excise remaining references to Google Checkout

Resolves https://bugzilla.hcoop.net/show_bug.cgi?id=1203

18 months agousers: filter retired by default, remove dead code
Clinton Ebadi [Sun, 22 Apr 2018 18:04:16 +0000 (14:04 -0400)]
users: filter retired by default, remove dead code

grandfather users / who hasn't migrated code was just for migration
to peer1, in 2007.

18 months agoapt: new process for package install on puppet nodes
Clinton Ebadi [Sun, 22 Apr 2018 17:21:12 +0000 (13:21 -0400)]
apt: new process for package install on puppet nodes

19 months agoportal: blacklist spam domain
Clinton Ebadi [Tue, 10 Apr 2018 22:26:17 +0000 (18:26 -0400)]
portal: blacklist spam domain

19 months agojoin: support for blocking spam domains
Clinton Ebadi [Tue, 3 Apr 2018 00:28:39 +0000 (20:28 -0400)]
join: support for blocking spam domains

deny applications from list of domains by marking the email address
invalid. prevents trivial attack.

20 months agomoney: temporarily hide "co-op balance" due to inaccuracy
hcoop [Sun, 4 Mar 2018 20:30:51 +0000 (15:30 -0500)]
money: temporarily hide "co-op balance" due to inaccuracy

Will be manually updated until books are reconciled

2 years agopassgen: ensure sufficient character classes
clinton_admin [Sun, 27 Aug 2017 19:13:34 +0000 (15:13 -0400)]
passgen: ensure sufficient character classes

Force numeric, cap, and small letters in generated passwords

4 years agoSwitch back to Stripe live key
Clinton Ebadi [Fri, 29 May 2015 03:49:59 +0000 (23:49 -0400)]
Switch back to Stripe live key

4 years agocron: fix typo on default crontab
Clinton Ebadi [Sun, 24 May 2015 23:01:02 +0000 (19:01 -0400)]
cron: fix typo on default crontab

4 years agoClarify copyright/licensing (GPLv3+)
Clinton Ebadi [Sun, 24 May 2015 22:48:06 +0000 (18:48 -0400)]
Clarify copyright/licensing (GPLv3+)

Need to go back through commit history and add copyright headers, but
the basic information is now there.

From: Adam Chlipala <adam@chlipala.net>
Subject: Re: Portal source license?
To: Clinton Ebadi <clinton@unknownlamer.org>
Date: Tue, 25 Feb 2014 08:35:37 -0500 (1 year, 12 weeks, 4 days ago)

I'm happy with any of the licenses you mention, at your preference.

On 02/21/2014 02:05 PM, Clinton Ebadi wrote:
> Greetings,
>
> I was dusting off the portal install and moving it over to navajos when
> I noticed that it does not have *any* licensing information
> attached. Luckily, no one but you, me, and bpt have touched it so fixing
> that should be easy.
>
> Do you have any opposition to licensing it AGPLv3+ or GPLv3+? Since it's
> a web service, I'd prefer AGPLv3+ (it doesn't appear to depend on
> anything that would make it burdensom to license it that way, and it's
> trivial to add a link in the footer to the git repo to satisfy the
> AGPLv3's source requirement), but since you wrote most of it... If you
> have some objection to the version 3 GNU licenses, GPLv2+ like domtool
> et al is fine by me as well.

4 years agoinclude portal crontab
Clinton Ebadi [Sun, 24 May 2015 22:46:51 +0000 (18:46 -0400)]
include portal crontab

4 years agocontact: fix build
Clinton Ebadi [Sun, 24 May 2015 22:36:00 +0000 (18:36 -0400)]
contact: fix build

Emergency contact directory has never been used, but it is being
generated again.

4 years agorelease portal3 into production oldportal/master
Clinton Ebadi [Sun, 24 May 2015 21:25:00 +0000 (17:25 -0400)]
release portal3 into production

4 years agoFix references to /home/hcoop portal3 oldportal/portal3
Clinton Ebadi [Sun, 24 May 2015 21:22:19 +0000 (17:22 -0400)]
Fix references to /home/hcoop

4 years agomoney: make boot and freeze worthy lists easier to use
Clinton Ebadi [Sun, 8 Feb 2015 19:03:02 +0000 (14:03 -0500)]
money: make boot and freeze worthy lists easier to use

Right align money and add transaction history link

4 years agomoney: hide equalize balances
Clinton Ebadi [Sun, 8 Feb 2015 02:13:03 +0000 (21:13 -0500)]
money: hide equalize balances

If it did work it is way too dangerous to leave out in the open for
accidental clicking -- it destructively modifies all balances to be
equal. Not even sure what it is there for.

4 years agouse table.data css class in a few more places to make lists more readable
Clinton Ebadi [Sun, 8 Feb 2015 02:02:19 +0000 (21:02 -0500)]
use table.data css class in a few more places to make lists more readable

4 years agosec: use jquery ui tabs for machines in security preferences
Clinton Ebadi [Sun, 8 Feb 2015 01:32:26 +0000 (20:32 -0500)]
sec: use jquery ui tabs for machines in security preferences

This will degrade gracefully and operate without javascript. The
previous interface of having to switch by submitting a form was
unpleasant.

Note that it makes little sense to have cron permissions on webservers
you can't login to, and we're down to just firewall and cron prefs
here. The page should probably be converted to just firewall rules,
and cron prefs handled in a separate support page (and both new pages
moved to Support).

4 years agosec: split normal user view into its own template
Clinton Ebadi [Sat, 7 Feb 2015 21:03:05 +0000 (16:03 -0500)]
sec: split normal user view into its own template

4 years agofix stray tag
Clinton Ebadi [Sat, 7 Feb 2015 21:02:23 +0000 (16:02 -0500)]
fix stray tag

4 years agosec: nuke ftp request support
Clinton Ebadi [Sat, 7 Feb 2015 19:49:07 +0000 (14:49 -0500)]
sec: nuke ftp request support

We haven't supported ftp for ages and there's no reason to in the
future (it was effectively unused, because sftp).

4 years agosec: note the set of common services in firewall request text
Clinton Ebadi [Sat, 7 Feb 2015 19:46:08 +0000 (14:46 -0500)]
sec: note the set of common services in firewall request text

4 years agoPrepend machine name to firewall requests so that they are valid
Clinton Ebadi [Sat, 7 Feb 2015 19:32:25 +0000 (14:32 -0500)]
Prepend machine name to firewall requests so that they are valid

The firewall rules are a lie or something like that.

5 years agovmail: use domtool-portal to update vmail passwords
Clinton Ebadi [Tue, 7 Oct 2014 04:10:56 +0000 (00:10 -0400)]
vmail: use domtool-portal to update vmail passwords

This disentangles the portal from having to run on the same machine as
the IMAP server.

5 years agocert: remove obsolete suggestion you need a dedicated IP for TLS
Clinton Ebadi [Sat, 4 Oct 2014 23:02:23 +0000 (19:02 -0400)]
cert: remove obsolete suggestion you need a dedicated IP for TLS

5 years agoRun domtool as hcoop.daemon instead of hcoop
Clinton Ebadi [Sat, 4 Oct 2014 23:00:23 +0000 (19:00 -0400)]
Run domtool as hcoop.daemon instead of hcoop

Previous releases inadvertently took advantage of a weakness in
domtool's afs acls to access the hcoop key when interacting with
domtool. Now that it has been fixed, a dummy domtool user
`hcoop.daemon' with no permissions exists so that it can authenticate
to domtool and perform the simple queries required by the portal.

We still have to set DOMTOOL_USER internally because suexec scrubs the
environment and using mod_env to set it does not work.

5 years agojoin: update welcome message to mention Paypal pre-auth
Clinton Ebadi [Sat, 4 Oct 2014 21:21:29 +0000 (17:21 -0400)]
join: update welcome message to mention Paypal pre-auth

5 years agoUse correct wiki url in firewall ports request help
Clinton Ebadi [Sat, 4 Oct 2014 21:21:04 +0000 (17:21 -0400)]
Use correct wiki url in firewall ports request help

5 years agojoin: Remove old filesystem initial password storage cruft
Clinton Ebadi [Sat, 4 Oct 2014 21:18:21 +0000 (17:18 -0400)]
join: Remove old filesystem initial password storage cruft

5 years agoStripe: Append amount to checkout widget description
Clinton Ebadi [Tue, 15 Apr 2014 21:02:47 +0000 (17:02 -0400)]
Stripe: Append amount to checkout widget description

5 years agoMake including cents portion in money inputs optional
Clinton Ebadi [Tue, 15 Apr 2014 20:42:20 +0000 (16:42 -0400)]
Make including cents portion in money inputs optional

5 years agoUse hidden element to store stripe amount in cents
Clinton Ebadi [Tue, 15 Apr 2014 20:37:52 +0000 (16:37 -0400)]
Use hidden element to store stripe amount in cents
Prevents browser from briefly showing incorrect amount

5 years agoFix html structure in money normal member view
Clinton Ebadi [Tue, 15 Apr 2014 02:01:38 +0000 (22:01 -0400)]
Fix html structure in money normal member view

5 years agoImprove cert request
Clinton Ebadi [Fri, 11 Apr 2014 17:56:07 +0000 (13:56 -0400)]
Improve cert request

* List user's certificates and ca intermediate certificates
* Note manual step needed to get intermediate cert permissions
* Add subdomain, to make it easier (for the admins) to add multiple
  certs per domain

5 years agoGeneralize querying domtool permissions
Clinton Ebadi [Fri, 11 Apr 2014 17:54:26 +0000 (13:54 -0400)]
Generalize querying domtool permissions

5 years agoAsk applicants for payment authorization after email confirmation
Clinton Ebadi [Sun, 30 Mar 2014 03:30:38 +0000 (23:30 -0400)]
Ask applicants for payment authorization after email confirmation
Suggest $10, authorization expires after 30 days if we do
nothing. This should smooth out the join process a bit.

5 years agoRemove Google Checkout address from preferences
Clinton Ebadi [Sat, 29 Mar 2014 10:04:41 +0000 (06:04 -0400)]
Remove Google Checkout address from preferences

5 years agoSplit stripe payment/admin scripts
Clinton Ebadi [Sat, 29 Mar 2014 09:57:49 +0000 (05:57 -0400)]
Split stripe payment/admin scripts
Use an ugly hack of a module for common code. We are restricting
access to stripe-admin.cgi using apache and a group file. The portal
should generate the group file.

5 years agoInitial Stripe payment rejection support * Store rejected transactions * Command...
Clinton Ebadi [Sat, 29 Mar 2014 08:32:41 +0000 (04:32 -0400)]
Initial Stripe payment rejection support * Store rejected transactions * Command needs to be in a separate cgi only accessible by members of   the money group

5 years agoDisplay node name before firewall rules
Clinton Ebadi [Sat, 29 Mar 2014 02:23:58 +0000 (22:23 -0400)]
Display node name before firewall rules

5 years agostripe: Use context managers for error handling in cgi
Clinton Ebadi [Thu, 27 Mar 2014 23:21:14 +0000 (19:21 -0400)]
stripe: Use context managers for error handling in cgi

5 years agoUse new payment-tile for a few interface elements
Clinton Ebadi [Tue, 25 Mar 2014 05:41:02 +0000 (01:41 -0400)]
Use new payment-tile for a few interface elements

5 years agoA bundle of minor improvements
Clinton Ebadi [Tue, 25 Mar 2014 05:37:16 +0000 (01:37 -0400)]
A bundle of minor improvements
* Use html5 form validation to improve the error experience
* Default IP address requests to bog
* List domains the member controls on the domain request page
* Pre-fill cert path with $HOME/certificates on cert request page
* Hide certificate signing request page since we're not really doing
  that anymore

5 years agoJoin: usernames must be between two and twelve characters
Clinton Ebadi [Tue, 25 Mar 2014 05:29:49 +0000 (01:29 -0400)]
Join: usernames must be between two and twelve characters
One character usernames would be cool, except for the whole
/afs/hcoop/net/user/a/ab thing

5 years agoOnly display active nodes for support requests
Clinton Ebadi [Tue, 25 Mar 2014 04:46:24 +0000 (00:46 -0400)]
Only display active nodes for support requests
We need to keep old nodes around for historical data to remaining
consistent, but there's no need to clog up the interface with them.

5 years agoTrim leading/trailing spaces from name in Real Name search
Clinton Ebadi [Tue, 25 Mar 2014 04:45:31 +0000 (00:45 -0400)]
Trim leading/trailing spaces from name in Real Name search
Paypal has an &nbsp; before names, making the process of finding by
name more obnoxious than it need be

5 years agoShow current disk use and quota in MiB
Clinton Ebadi [Sat, 22 Mar 2014 21:31:37 +0000 (17:31 -0400)]
Show current disk use and quota in MiB

5 years agoImprove long table display
Clinton Ebadi [Sat, 22 Mar 2014 21:26:58 +0000 (17:26 -0400)]
Improve long table display
* Alternate row colors with css
* Right align money and kilobytes columns

5 years agoUse new warning class instead of element style
Clinton Ebadi [Sat, 22 Mar 2014 21:22:52 +0000 (17:22 -0400)]
Use new warning class instead of element style

5 years agoUse HTML5 field validation in join form
Clinton Ebadi [Sat, 22 Mar 2014 21:21:36 +0000 (17:21 -0400)]
Use HTML5 field validation in join form

5 years agoMinor html fixes
Clinton Ebadi [Sat, 22 Mar 2014 07:50:41 +0000 (03:50 -0400)]
Minor html fixes

5 years agoInitial support for Stripe (And Improve Paypal)
Clinton Ebadi [Sat, 22 Mar 2014 07:49:54 +0000 (03:49 -0400)]
Initial support for Stripe (And Improve Paypal)
* payment.mlt embeds Stripe checkout widget
* stripe-payment.cgi charges the transaction setup by the widget and
  notifies the treasurer
* Charged but unapplied payments are stored in a transaction log
* Payments are applied semi-automatically, with processed payments
  stored in another log
* Paypal amounts can be entered on the payment page directly

5 years agoRemove more Google Checkout code
Clinton Ebadi [Sat, 22 Mar 2014 07:42:51 +0000 (03:42 -0400)]
Remove more Google Checkout code

5 years agoClose main div before body
Clinton Ebadi [Sat, 22 Mar 2014 07:41:40 +0000 (03:41 -0400)]
Close main div before body

5 years agoAdd [X]HTML5 DTD to header
Clinton Ebadi [Thu, 20 Mar 2014 18:49:45 +0000 (14:49 -0400)]
Add [X]HTML5 DTD to header

5 years agoMake initial password harder to miss
Clinton Ebadi [Wed, 19 Mar 2014 14:22:21 +0000 (10:22 -0400)]
Make initial password harder to miss
A lot of new members have lost their passwords, put it in a big red
box to make it impossible to miss.

5 years agoMerge remote-tracking branch 'origin' into portal3
clinton_admin [Thu, 13 Mar 2014 09:00:27 +0000 (05:00 -0400)]
Merge remote-tracking branch 'origin' into portal3

5 years agoRemove google checkout code from payment page
clinton_admin [Wed, 5 Mar 2014 06:27:45 +0000 (01:27 -0500)]
Remove google checkout code from payment page

5 years agoMention paypal is gone to members and point them at the wiki
clinton_admin [Wed, 5 Mar 2014 06:27:25 +0000 (01:27 -0500)]
Mention paypal is gone to members and point them at the wiki

5 years agoUse sendmail and not exim4 for mail
Clinton Ebadi [Tue, 25 Feb 2014 10:59:30 +0000 (05:59 -0500)]
Use sendmail and not exim4 for mail

5 years agoTrack page header and footer
Clinton Ebadi [Tue, 25 Feb 2014 10:35:05 +0000 (05:35 -0500)]
Track page header and footer

5 years agoUse correct passgen db name
Clinton Ebadi [Tue, 25 Feb 2014 10:24:56 +0000 (05:24 -0500)]
Use correct passgen db name

5 years agoNew static file root configuration knob
Clinton Ebadi [Tue, 25 Feb 2014 10:24:44 +0000 (05:24 -0500)]
New static file root configuration knob

5 years agojoin: update library paths, install to new location
Clinton Ebadi [Tue, 25 Feb 2014 10:24:13 +0000 (05:24 -0500)]
join: update library paths, install to new location

5 years agojoin: intelligent error printing for IO exceptions
Clinton Ebadi [Tue, 25 Feb 2014 10:23:48 +0000 (05:23 -0500)]
join: intelligent error printing for IO exceptions

5 years agojoin: username limit is 12 characters, not 8
Clinton Ebadi [Tue, 25 Feb 2014 10:23:23 +0000 (05:23 -0500)]
join: username limit is 12 characters, not 8

5 years agopassgen: use portal config, build fixes
Clinton Ebadi [Tue, 25 Feb 2014 10:23:06 +0000 (05:23 -0500)]
passgen: use portal config, build fixes

5 years agoBalance reminders: build on modern systems
Clinton Ebadi [Tue, 25 Feb 2014 10:22:01 +0000 (05:22 -0500)]
Balance reminders: build on modern systems

5 years agoMember directory: use portal config, build on 64-bit systems
Clinton Ebadi [Tue, 25 Feb 2014 10:21:36 +0000 (05:21 -0500)]
Member directory: use portal config, build on 64-bit systems

5 years agojoin: use generic sendmail instead of exim4
Clinton Ebadi [Tue, 25 Feb 2014 10:20:51 +0000 (05:20 -0500)]
join: use generic sendmail instead of exim4
sendmail will be linked to whatever mta is available

5 years agoStore static portal files in repo and install with Makefile
Clinton Ebadi [Tue, 25 Feb 2014 10:20:24 +0000 (05:20 -0500)]
Store static portal files in repo and install with Makefile

5 years agojoin: use main portal config
Clinton Ebadi [Tue, 25 Feb 2014 10:19:25 +0000 (05:19 -0500)]
join: use main portal config

5 years agoMake webbw stats location configurable
Clinton Ebadi [Tue, 25 Feb 2014 00:50:23 +0000 (19:50 -0500)]
Make webbw stats location configurable

5 years agoUpdate config for new installation
Clinton Ebadi [Tue, 25 Feb 2014 00:49:39 +0000 (19:49 -0500)]
Update config for new installation
Installation has been fully relocated into afs space

5 years agoRender meaningful message for linking errors
Clinton Ebadi [Tue, 25 Feb 2014 00:48:31 +0000 (19:48 -0500)]
Render meaningful message for linking errors

5 years agoImprove header generation, slightly
Clinton Ebadi [Fri, 21 Feb 2014 19:52:05 +0000 (14:52 -0500)]
Improve header generation, slightly
* Makefiles have a common install prefix now, and run everything from
  that prefix
* The prefix is passed as an argument to each of the header scripts
  for easier relocation
* Main Makefile automatically reinstalls scripts when they change
* Added `clean' target

5 years agoTrack hcoop header generating scripts
Clinton Ebadi [Fri, 21 Feb 2014 19:32:40 +0000 (14:32 -0500)]
Track hcoop header generating scripts

6 years agoMinor update for members directory under new website
Clinton Ebadi [Fri, 15 Nov 2013 07:18:43 +0000 (02:18 -0500)]
Minor update for members directory under new website

6 years agoSearch by real name in money matters
Clinton Ebadi [Fri, 15 Nov 2013 07:18:02 +0000 (02:18 -0500)]
Search by real name in money matters
I hear this will make the life of a treasurer much easier for that
occasional member with out of date payment info.

6 years agoShow the "add your link" dialog BEFORE hosted sites list
Clinton Ebadi [Fri, 18 Jan 2013 09:08:20 +0000 (04:08 -0500)]
Show the "add your link" dialog BEFORE hosted sites list
Basically zero people realized they could add their site because it is
all the way at the end of a very long list.

6 years agoMerge a few cleanups inspired by bpt's redesign
Clinton Ebadi [Fri, 18 Jan 2013 09:07:39 +0000 (04:07 -0500)]
Merge a few cleanups inspired by bpt's redesign
Regroup a few things, remove redundant language to avoid multi-line
list items in the side bar, update dead links, remove stuff like MRTG
that never worked.

6 years agoAllow board members to view roll call
Clinton Ebadi [Thu, 17 Jan 2013 07:57:28 +0000 (02:57 -0500)]
Allow board members to view roll call

6 years agoDon't lose node when editing security request
Clinton Ebadi [Wed, 16 Jan 2013 07:01:06 +0000 (02:01 -0500)]
Don't lose node when editing security request
Looks like a copy and paste problem

6 years agoUse fritz volumes instead of deleuze volumes for disk space stats
Clinton Ebadi [Wed, 16 Jan 2013 07:00:11 +0000 (02:00 -0500)]
Use fritz volumes instead of deleuze volumes for disk space stats
This will break when we have mail and user volumes on different volservers

6 years agoDefault security requests to bog
Clinton Ebadi [Mon, 14 Jan 2013 08:30:22 +0000 (03:30 -0500)]
Default security requests to bog

6 years agoUpdate member directory stuff for new web site
Clinton Ebadi [Mon, 14 Jan 2013 08:30:01 +0000 (03:30 -0500)]
Update member directory stuff for new web site
Half complete, gets the job half done.

6 years agoAdd temporary notice to main portal page notifying members of the migration
Clinton Ebadi [Sun, 6 Jan 2013 22:07:11 +0000 (17:07 -0500)]
Add temporary notice to main portal page notifying members of the migration

6 years agoUpdate `domtool-admin package-exists $node $pkg` for apt requests
Clinton Ebadi [Sun, 6 Jan 2013 22:06:52 +0000 (17:06 -0500)]
Update `domtool-admin package-exists $node $pkg` for apt requests

6 years agoUpdate instructions for firewall rules requesters
Clinton Ebadi [Sun, 6 Jan 2013 22:06:03 +0000 (17:06 -0500)]
Update instructions for firewall rules requesters

6 years agoChange default node for security/apt requests to bog
Clinton Ebadi [Sun, 6 Jan 2013 22:05:47 +0000 (17:05 -0500)]
Change default node for security/apt requests to bog

6 years agoAdd warning to members applying with gmail to whitelist
Clinton Ebadi [Sun, 6 Jan 2013 22:04:53 +0000 (17:04 -0500)]
Add warning to members applying with gmail to whitelist

6 years agoSupport request for ProxiedServer firewall rules
Clinton Ebadi [Sun, 16 Dec 2012 23:45:13 +0000 (18:45 -0500)]
Support request for ProxiedServer firewall rules

8 years agoFetch volume information from fritz instead of deleuze
clinton_admin [Wed, 23 Feb 2011 12:43:48 +0000 (07:43 -0500)]
Fetch volume information from fritz instead of deleuze
* Ideally we'd be parsing the output of `vos examine {user,mail}.$USER

8 years agoUpdate all connection strings to point to the new postgres host
hcoop [Thu, 9 Dec 2010 00:02:10 +0000 (19:02 -0500)]
Update all connection strings to point to the new postgres host

9 years agoSpecify host for database connections
hcoop [Sun, 3 Oct 2010 18:08:49 +0000 (14:08 -0400)]
Specify host for database connections