v0.5.2

* configs(db): adds SQLALCHEMY configs
configs: adds fixture user

.editorconfig

@@ -32,8 +32,8 @@ indent_size = 4
 [*.{css,html,js,json,yml}]
 indent_size = 2
 
-# Matches the exact files either package.json or .travis.yml
-[{package.json,.travis.yml}]
+# Matches the exact files either package.json or .github/workflows/*.yml
+[{package.json,.github/workflows/*.yml}]
 indent_size = 2
 
 # Dockerfile

.github/workflows/pypi-publish.yml

@@ -0,0 +1,26 @@
+on:
+  push:
+    tags:
+      - v*
+
+jobs:
+  build-n-publish:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Python 3.7
+        uses: actions/setup-python@v2
+        with:
+          python-version: 3.7
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install setuptools wheel
+      - name: Build package
+        run: |
+          python setup.py compile_catalog sdist bdist_wheel
+      - name: pypi-publish
+        uses: pypa/gh-action-pypi-publish@v1.3.1
+        with:
+          user: __token__
+          password: ${{ secrets.pypi_password }}

.github/workflows/tests.yml

@@ -0,0 +1,54 @@
+name: CI
+
+on:
+  push:
+    branches: master
+  pull_request:
+    branches: master
+  schedule:
+    # * is a special character in YAML so you have to quote this string
+    - cron:  '0 3 * * 6'
+  workflow_dispatch:
+    inputs:
+      reason:
+        description: 'Reason'
+        required: false
+        default: 'Manual trigger'
+
+jobs:
+  Tests:
+    runs-on: ubuntu-20.04
+    strategy:
+      matrix:
+          python-version: [3.6, 3.7, 3.8]
+          requirements-level: [min, pypi]
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v2
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Generate dependencies
+        run: |
+          python -m pip install --upgrade pip setuptools py wheel requirements-builder
+          requirements-builder -e all --level=${{ matrix.requirements-level }} setup.py > .${{ matrix.requirements-level }}-${{ matrix.python-version }}-requirements.txt
+
+      - name: Cache pip
+        uses: actions/cache@v2
+        with:
+          path: ~/.cache/pip
+          key: ${{ runner.os }}-pip-${{ hashFiles('.${{ matrix.requirements-level }}-${{ matrix.python-version }}-requirements.txt') }}
+
+      - name: Install dependencies
+        run: |
+          pip install -r .${{matrix.requirements-level}}-${{ matrix.python-version }}-requirements.txt
+          pip install .[all]
+          pip freeze
+
+      - name: Run tests
+        run: |
+          ./run-tests.sh

.travis.yml

@@ -1,64 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-# Copyright (C) 2020 Mojib Wali.
-#
-# invenio-config-tugraz is free software; you can redistribute it and/or
-# modify it under the terms of the MIT License; see LICENSE file for more
-# details.
-
-notifications:
-  email: false
-
-sudo: false
-
-language: python
-
-matrix:
-  fast_finish: true
-  allow_failures:
-    # To allow failures, you need to specify the full environment
-    - env: REQUIREMENTS=devel
-
-cache:
-  - pip
-
-env:
-  - REQUIREMENTS=lowest
-  - REQUIREMENTS=release DEPLOY=true
-  - REQUIREMENTS=devel
-
-python:
-  - "3.6"
-  - "3.7"
-
-before_install:
-  - "nvm install 6; nvm use 6"
-  - "travis_retry pip install --upgrade pip setuptools py"
-  - "travis_retry pip install twine wheel coveralls requirements-builder"
-  - "requirements-builder -e all --level=min setup.py > .travis-lowest-requirements.txt"
-  - "requirements-builder -e all --level=pypi setup.py > .travis-release-requirements.txt"
-  - "requirements-builder -e all --level=dev --req requirements-devel.txt setup.py > .travis-devel-requirements.txt"
-
-install:
-  - "travis_retry pip install -r .travis-${REQUIREMENTS}-requirements.txt"
-  - "travis_retry pip install -e .[all]"
-
-script:
-  - "./run-tests.sh"
-
-after_success:
-  - coveralls
-
-deploy:
-  skip_cleanup: true
-  skip_existing: true
-  provider: pypi
-  username: __token__
-  password:
-    secure: FV4q3fCEOwqurKkIp84YUf6FnnHGTey9rD/G0go641z7TGiVNw6703kUoJpPuklNNPjZwsfvawxzoNTSRHTMWyli2FeMIsZKTIEUs3QNOIpn8rM2owLFL3M6OH+tD8bdNezK61FLFx1eXjNjAn6W1sm5JMC6T0Visq/knMvBKOIyYOFxnNHgyCWZ52nMb0zRlxpkkPyxWF/6oVUKYhX5WAgmnIQaSyYHee0Ds7Xi3qn3isUnizGDvJwXcErIb+ME7a/GioUP4k/hHO+4WG+8+pgR1IgIyM6IyZ5xujzZGOmjuy5x0uQTJBzzFXvzUTOrxcpNUx9qxcYyyCFC93BCtGM84T2xhpMgAQss3qQjzgKxSe04t+s47XIuLUmxF2F2QhbaKOIAkASNCHMRy2Y1lXZb6xufydlv1q6u5poR7k/uxbDe6JcaotvspKc0qfb/PTbL077QjKfOpHnbdkpJNHUVioholWyJRnsk0H+OWQpQDs2Bh/Fl5B90AxVTYfYKw2reamrjgeVdc3EG7b8raLzGJ6+BTX/NpcfWyDcuG4Yhcn2RRG61+vuD6P16tGsvjWQ34A+T1KfySCpFFoVoSa8W5ZO6tXagiSo7Tl4LPiVm7GtFIcIxDnXqNsbD9VhJfppwCuM6qzfgPA360v9BEAtQPrpM72ogRS5K6yidYv4=
-  distributions: sdist bdist_wheel
-  on:
-    tags: true
-    python: "3.6"
-    repo: mb-wali/invenio-config-tugraz
-    condition: $DEPLOY = true

CONTRIBUTING.rst

@@ -10,7 +10,7 @@ Types of Contributions
 Report Bugs
 ~~~~~~~~~~~
 
-Report bugs at https://github.com/mb-wali/invenio-config-tugraz/issues.
+Report bugs at https://github.com/tu-graz-library/invenio-config-tugraz/issues.
 
 If you are reporting a bug, please include:
 
@@ -41,7 +41,7 @@ Submit Feedback
 ~~~~~~~~~~~~~~~
 
 The best way to send feedback is to file an issue at
-https://github.com/mb-wali/invenio-config-tugraz/issues.
+https://github.com/tu-graz-library/invenio-config-tugraz/issues.
 
 If you are proposing a feature:
 
@@ -113,6 +113,6 @@ Before you submit a pull request, check that it meets these guidelines:
 1. The pull request should include tests and must not decrease test coverage.
 2. If the pull request adds functionality, the docs should be updated. Put
    your new functionality into a function with a docstring.
-3. The pull request should work for Python 2.7, 3.5 and 3.6. Check
-   https://travis-ci.org/https://github.com/https://github.com/mb-/pull_requests
+3. The pull request should work for Python 3.6 and 3.7. Check
+   https://github.com/github/tu-graz-library/invenio-config-tugraz//actions?query=event%3Apull_request
    and make sure that the tests pass for all supported Python versions.

MANIFEST.in

@@ -42,3 +42,7 @@ recursive-include invenio_config_tugraz *.crt
 recursive-include invenio_config_tugraz *.json
 recursive-include invenio_config_tugraz *.key
 recursive-include invenio_config_tugraz *.xml
+recursive-include invenio_config_tugraz *.gitkeep
+
+# added by check-manifest
+recursive-include invenio_config_tugraz *.csv

README.rst

@@ -9,8 +9,8 @@
  invenio-config-tugraz
 =======================
 
-.. image:: https://travis-ci.com/mb-wali/invenio-config-tugraz.svg
-        :target: https://travis-ci.com/github/mb-wali/invenio-config-tugraz
+.. image:: https://github.com/tu-graz-library/invenio-config-tugraz/workflows/CI/badge.svg
+        :target: https://github.com/tu-graz-library/invenio-config-tugraz/actions
 
 .. image:: https://img.shields.io/pypi/dm/invenio-config-tugraz.svg
         :target: https://pypi.python.org/pypi/invenio-config-tugraz
@@ -27,6 +27,9 @@
 .. image:: https://img.shields.io/coveralls/mb-wali/invenio-config-tugraz.svg
         :target: https://coveralls.io/r/mb-wali/invenio-config-tugraz
 
+.. image:: https://img.shields.io/badge/code%20style-black-000000.svg
+        :target: https://github.com/psf/black
+
 invenio module that adds tugraz configs.
 
 Override configs from diffrent invenio modules to meet TU Graz requirement:

docs/conf.py

@@ -10,7 +10,7 @@
 
 import os
 
-import sphinx.environment
+# import sphinx.environment
 
 # -- General configuration ------------------------------------------------
 
@@ -18,37 +18,37 @@ import sphinx.environment
 # needs_sphinx = '1.0'
 
 # Do not warn on external images.
-suppress_warnings = ['image.nonlocal_uri']
+suppress_warnings = ["image.nonlocal_uri"]
 
 # Add any Sphinx extension module names here, as strings. They can be
 # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
 # ones.
 extensions = [
-    'sphinx.ext.autodoc',
-    'sphinx.ext.coverage',
-    'sphinx.ext.doctest',
-    'sphinx.ext.intersphinx',
-    'sphinx.ext.viewcode',
+    "sphinx.ext.autodoc",
+    "sphinx.ext.coverage",
+    "sphinx.ext.doctest",
+    "sphinx.ext.intersphinx",
+    "sphinx.ext.viewcode",
 ]
 
 # Add any paths that contain templates here, relative to this directory.
-templates_path = ['_templates']
+templates_path = ["_templates"]
 
 # The suffix(es) of source filenames.
 # You can specify multiple suffix as a list of string:
 # source_suffix = ['.rst', '.md']
-source_suffix = '.rst'
+source_suffix = ".rst"
 
 # The encoding of source files.
 # source_encoding = 'utf-8-sig'
 
 # The master toctree document.
-master_doc = 'index'
+master_doc = "index"
 
 # General information about the project.
-project = u'invenio-config-tugraz'
-copyright = u'2020, Mojib Wali'
-author = u'Mojib Wali'
+project = u"invenio-config-tugraz"
+copyright = u"2020, Mojib Wali"
+author = u"Mojib Wali"
 
 # The version info for the project you're documenting, acts as replacement for
 # |version| and |release|, also used in various other places throughout the
@@ -58,11 +58,14 @@ author = u'Mojib Wali'
 
 # Get the version string. Cannot be done with import!
 g = {}
-with open(os.path.join(os.path.dirname(__file__), '..',
-                       'invenio_config_tugraz', 'version.py'),
-          'rt') as fp:
+with open(
+    os.path.join(
+        os.path.dirname(__file__), "..", "invenio_config_tugraz", "version.py"
+    ),
+    "rt",
+) as fp:
     exec(fp.read(), g)
-    version = g['__version__']
+    version = g["__version__"]
 
 # The full version, including alpha/beta/rc tags.
 release = version
@@ -100,7 +103,7 @@ exclude_patterns = []
 # show_authors = False
 
 # The name of the Pygments (syntax highlighting) style to use.
-pygments_style = 'sphinx'
+pygments_style = "sphinx"
 
 # A list of ignored prefixes for module index sorting.
 # modindex_common_prefix = []
@@ -113,19 +116,19 @@ todo_include_todos = False
 
 
 # -- Options for HTML output ----------------------------------------------
-html_theme = 'alabaster'
+html_theme = "alabaster"
 
 html_theme_options = {
-    'description': 'invenio module that adds tugraz configs.',
-    'github_user': 'inveniosoftware',
-    'github_repo': 'invenio-config-tugraz',
-    'github_button': False,
-    'github_banner': True,
-    'show_powered_by': False,
-    'extra_nav_links': {
-        'invenio-config-tugraz@GitHub': 'https://github.com/mb-wali/invenio-config-tugraz',
-        'invenio-config-tugraz@PyPI': 'https://pypi.python.org/pypi/invenio-config-tugraz/',
-    }
+    "description": "invenio module that adds tugraz configs.",
+    "github_user": "TU Graz",
+    "github_repo": "invenio-config-tugraz",
+    "github_button": False,
+    "github_banner": True,
+    "show_powered_by": False,
+    "extra_nav_links": {
+        "invenio-config-tugraz@GitHub": "https://github.com/tu-graz-library/invenio-config-tugraz",
+        "invenio-config-tugraz@PyPI": "https://pypi.python.org/pypi/invenio-config-tugraz/",
+    },
 }
 
 # The theme to use for HTML and HTML Help pages.  See the documentation for
@@ -175,12 +178,12 @@ html_theme_options = {
 
 # Custom sidebar templates, maps document names to template names.
 html_sidebars = {
-    '**': [
-        'about.html',
-        'navigation.html',
-        'relations.html',
-        'searchbox.html',
-        'donate.html',
+    "**": [
+        "about.html",
+        "navigation.html",
+        "relations.html",
+        "searchbox.html",
+        "donate.html",
     ]
 }
 
@@ -229,20 +232,17 @@ html_sidebars = {
 # html_search_scorer = 'scorer.js'
 
 # Output file base name for HTML help builder.
-htmlhelp_basename = 'invenio-config-tugraz_namedoc'
+htmlhelp_basename = "invenio-config-tugraz_namedoc"
 
 # -- Options for LaTeX output ---------------------------------------------
 
 latex_elements = {
     # The paper size ('letterpaper' or 'a4paper').
     # 'papersize': 'letterpaper',
-
     # The font size ('10pt', '11pt' or '12pt').
     # 'pointsize': '10pt',
-
     # Additional stuff for the LaTeX preamble.
     # 'preamble': '',
-
     # Latex figure (float) alignment
     # 'figure_align': 'htbp',
 }
@@ -251,8 +251,13 @@ latex_elements = {
 # (source start file, target name, title,
 #  author, documentclass [howto, manual, or own class]).
 latex_documents = [
-    (master_doc, 'invenio-config-tugraz.tex', u'invenio-config-tugraz Documentation',
-     u'Mojib Wali', 'manual'),
+    (
+        master_doc,
+        "invenio-config-tugraz.tex",
+        u"invenio-config-tugraz Documentation",
+        u"Mojib Wali",
+        "manual",
+    ),
 ]
 
 # The name of an image file (relative to this directory) to place at the top of
@@ -281,8 +286,13 @@ latex_documents = [
 # One entry per manual page. List of tuples
 # (source start file, name, description, authors, manual section).
 man_pages = [
-    (master_doc, 'invenio-config-tugraz', u'invenio-config-tugraz Documentation',
-     [author], 1)
+    (
+        master_doc,
+        "invenio-config-tugraz",
+        u"invenio-config-tugraz Documentation",
+        [author],
+        1,
+    )
 ]
 
 # If true, show URL addresses after external links.
@@ -295,9 +305,15 @@ man_pages = [
 # (source start file, target name, title, author,
 #  dir menu entry, description, category)
 texinfo_documents = [
-    (master_doc, 'invenio-config-tugraz', u'invenio-config-tugraz Documentation',
-     author, 'invenio-config-tugraz', 'invenio module that adds tugraz configs.',
-     'Miscellaneous'),
+    (
+        master_doc,
+        "invenio-config-tugraz",
+        u"invenio-config-tugraz Documentation",
+        author,
+        "invenio-config-tugraz",
+        "invenio module that adds tugraz configs.",
+        "Miscellaneous",
+    ),
 ]
 
 # Documents to append as an appendix to all manuals.
@@ -315,10 +331,10 @@ texinfo_documents = [
 
 # Example configuration for intersphinx: refer to the Python standard library.
 intersphinx_mapping = {
-    'python': ('https://docs.python.org/', None),
+    "python": ("https://docs.python.org/", None),
     # TODO: Configure external documentation references, eg:
     # 'Flask-Admin': ('https://flask-admin.readthedocs.io/en/latest/', None),
 }
 
 # Autodoc configuraton.
-autoclass_content = 'both'
+autoclass_content = "both"

invenio_config_tugraz/__init__.py

@@ -8,7 +8,8 @@
 
 """invenio module that adds tugraz configs."""
 
-from .ext import invenioconfigtugraz
+from .ext import InvenioConfigTugraz
+from .generators import RecordIp
 from .version import __version__
 
-__all__ = ('__version__', 'invenioconfigtugraz')
+__all__ = ("__version__", "InvenioConfigTugraz", "RecordIp")

invenio_config_tugraz/base_permissions.py

@@ -0,0 +1,88 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright (C) 2020 Graz University of Technology.
+#
+# invenio-config-tugraz is free software; you can redistribute it and/or
+# modify it under the terms of the MIT License; see LICENSE file for more
+# details.
+
+"""
+Records permission policies.
+
+Default policies for records:
+
+.. code-block:: python
+
+    # Read access given to everyone.
+    can_search = [AnyUser()]
+    # Create action given to no one (Not even superusers) bc Deposits should
+    # be used.
+    can_create = [Disable()]
+    # Read access given to everyone if public record/files and owners always.
+    can_read = [AnyUserIfPublic(), RecordOwners()]
+    # Update access given to record owners.
+    can_update = [RecordOwners()]
+    # Delete access given to admins only.
+    can_delete = [Admin()]
+    # Associated files permissions (which are really bucket permissions)
+    can_read_files = [AnyUserIfPublic(), RecordOwners()]
+    can_update_files = [RecordOwners()]
+
+How to override default policies for records.
+
+Using Custom Generator for a policy:
+
+.. code-block:: python
+
+    from invenio_rdm_records.permissions import RDMRecordPermissionPolicy
+    from invenio_config_tugraz.generators import RecordIp
+
+    class TUGRAZPermissionPolicy(RDMRecordPermissionPolicy):
+
+    # Delete access given to RecordIp only.
+
+    can_delete = [RecordIp()]
+
+    RECORDS_PERMISSIONS_RECORD_POLICY = TUGRAZPermissionPolicy
+
+
+Permissions for Invenio records.
+"""
+
+from invenio_records_permissions.generators import (
+    Admin,
+    AnyUser,
+    AnyUserIfPublic,
+    RecordOwners,
+)
+from invenio_records_permissions.policies.base import BasePermissionPolicy
+
+from .generators import RecordIp
+
+
+class TUGRAZPermissionPolicy(BasePermissionPolicy):
+    """Access control configuration for records.
+
+    This overrides the /api/records endpoint.
+
+    """
+
+    # Read access to API given to everyone.
+    can_search = [AnyUser(), RecordIp()]
+
+    # Read access given to everyone if public record/files and owners always.
+    can_read = [AnyUserIfPublic(), RecordOwners(), RecordIp()]
+
+    # Create action given to no one (Not even superusers) bc Deposits should
+    # be used.
+    can_create = [AnyUser()]
+
+    # Update access given to record owners.
+    can_update = [RecordOwners()]
+
+    # Delete access given to admins only.
+    can_delete = [Admin()]
+
+    # Associated files permissions (which are really bucket permissions)
+    can_read_files = [AnyUserIfPublic(), RecordOwners()]
+    can_update_files = [RecordOwners()]

invenio_config_tugraz/config.py

@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
 #
-# Copyright (C) 2020 Mojib Wali.
+# Copyright (C) 2020 Graz University of Technology.
 #
 # invenio-config-tugraz is free software; you can redistribute it and/or
 # modify it under the terms of the MIT License; see LICENSE file for more
@@ -8,55 +8,76 @@
 
 """invenio module that adds tugraz configs."""
 
+from os.path import abspath, dirname, join
+
 from flask_babelex import gettext as _
 
-INVENIO_CONFIG_TUGRAZ_SHIBBOLETH = True
+INVENIO_CONFIG_TUGRAZ_SHIBBOLETH = False
 """Set True if SAML is configured"""
 
+INVENIO_CONFIG_TUGRAZ_SINGLE_IP = []
+"""Allows access to users whose IP address is listed.
+
+INVENIO_CONFIG_TUGRAZ_SINGLE_IP =
+    ["127.0.0.1", "127.0.0.2"]
+"""
+
+INVENIO_CONFIG_TUGRAZ_IP_RANGES = []
+"""Allows access to users whose range of IP address is listed.
+
+INVENIO_CONFIG_TUGRAZ_IP_RANGES =
+[["127.0.0.2", "127.0.0.99"], ["127.0.1.3", "127.0.1.5"]]
+"""
+
 # Invenio-App
 # ===========
 # See https://invenio-app.readthedocs.io/en/latest/configuration.html
 
-APP_ALLOWED_HOSTS = ['0.0.0.0',
-                     'localhost',
-                     '127.0.0.1',
-                     'invenio-dev01.tugraz.at',
-                     'invenio-test.tugraz.at'
+APP_ALLOWED_HOSTS = [
+    "0.0.0.0",
+    "localhost",
+    "127.0.0.1",
+    "invenio-dev01.tugraz.at",
+    "invenio-test.tugraz.at",
+    "repository.tugraz.at",
 ]
 """Allowed Hosts"""
 
 APP_DEFAULT_SECURE_HEADERS = {
-    'content_security_policy': {
-        'default-src': [
+    "content_security_policy": {
+        "default-src": [
             "'self'",
-            'fonts.googleapis.com',
-            '*.gstatic.com',
-            'data:',
+            "fonts.googleapis.com",
+            "*.gstatic.com",
+            "data:",
             "'unsafe-inline'",
             "'unsafe-eval'",
             "blob:",
+            "ub-support.tugraz.at",  # zammad contact form
+            "api.datacite.org/dois",  # datacite
+            "api.test.datacite.org/dois",  # datacite test
         ],
     },
-    'content_security_policy_report_only': False,
-    'content_security_policy_report_uri': None,
-    'force_file_save': False,
-    'force_https': True,
-    'force_https_permanent': False,
-    'frame_options': 'sameorigin',
-    'frame_options_allow_from': None,
-    'session_cookie_http_only': True,
-    'session_cookie_secure': True,
-    'strict_transport_security': True,
-    'strict_transport_security_include_subdomains': True,
-    'strict_transport_security_max_age': 31556926,  # One year in seconds
-    'strict_transport_security_preload': False,
+    "content_security_policy_report_only": False,
+    "content_security_policy_report_uri": None,
+    "force_file_save": False,
+    "force_https": True,
+    "force_https_permanent": False,
+    "frame_options": "sameorigin",
+    "frame_options_allow_from": None,
+    "session_cookie_http_only": True,
+    "session_cookie_secure": True,
+    "strict_transport_security": True,
+    "strict_transport_security_include_subdomains": True,
+    "strict_transport_security_max_age": 31556926,  # One year in seconds
+    "strict_transport_security_preload": False,
 }
 
 # Invenio-Mail
 # ===========
 # See https://invenio-mail.readthedocs.io/en/latest/configuration.html
 
-MAIL_SERVER = '129.27.11.182'
+MAIL_SERVER = "localhost"
 """Domain ip where mail server is running."""
 
 SECURITY_EMAIL_SENDER = "info@invenio-test.tugraz.at"
@@ -66,8 +87,11 @@ SECURITY_EMAIL_SENDER = "info@invenio-test.tugraz.at"
 SECURITY_EMAIL_SUBJECT_REGISTER = _("Welcome to RDM!")
 """Email subject for account registration emails."""
 
-MAIL_SUPPRESS_SEND = False
-"""Enable email sending by default."""
+MAIL_SUPPRESS_SEND = True
+"""Enable email sending by default.
+
+Set this to False when sending actual emails.
+"""
 
 # CORS - Cross-origin resource sharing
 # ===========
@@ -85,38 +109,44 @@ MAIL_SUPPRESS_SEND = False
 # ]
 # REST_ENABLE_CORS = True
 
-
-# Invenio-shibboleth
+# Invenio-userprofiles
 # ===========
-# See https://invenio-shibboleth.readthedocs.io/en/latest/configuration.html
+# See https://invenio-userprofiles.readthedocs.io/en/latest/configuration.html
 
-USERPROFILES_EXTEND_SECURITY_FORMS = True
+USERPROFILES_EXTEND_SECURITY_FORMS = False
 """Set True in order to register user_profile.
 
 This also forces user to add username and fullname
 when register.
 """
 
-SSO_SAML_IDPS = {}
-"""Configuration of IDPS. Actually values can be find in to invenio.cfg file"""
+USERPROFILES_EMAIL_ENABLED = False
+"""Exclude the user email in the profile form."""
 
-SSO_SAML_DEFAULT_BLUEPRINT_PREFIX = '/shibboleth'
+# Invenio-shibboleth
+# ===========
+# See https://invenio-shibboleth.readthedocs.io/en/latest/configuration.html
+
+SSO_SAML_IDPS = {}
+"""Configuration of IDPS. Actual values can be find in to invenio.cfg file"""
+
+SSO_SAML_DEFAULT_BLUEPRINT_PREFIX = "/shibboleth"
 """Base URL for the extensions endpoint."""
 
-SSO_SAML_DEFAULT_METADATA_ROUTE = '/metadata/<idp>'
+SSO_SAML_DEFAULT_METADATA_ROUTE = "/metadata/<idp>"
 """URL route for the metadata request."""
 """This is also SP entityID https://domain/shibboleth/metadata/<idp>"""
 
-SSO_SAML_DEFAULT_SSO_ROUTE = '/login/<idp>'
+SSO_SAML_DEFAULT_SSO_ROUTE = "/login/<idp>"
 """URL route for the SP login."""
 
-SSO_SAML_DEFAULT_ACS_ROUTE = '/authorized/<idp>'
+SSO_SAML_DEFAULT_ACS_ROUTE = "/authorized/<idp>"
 """URL route to handle the IdP login request."""
 
-SSO_SAML_DEFAULT_SLO_ROUTE = '/slo/<idp>'
+SSO_SAML_DEFAULT_SLO_ROUTE = "/slo/<idp>"
 """URL route for the SP logout."""
 
-SSO_SAML_DEFAULT_SLS_ROUTE = '/sls/<idp>'
+SSO_SAML_DEFAULT_SLS_ROUTE = "/sls/<idp>"
 """URL route to handle the IdP logout request."""
 
 # Invenio-accounts
@@ -129,7 +159,7 @@ SECURITY_CHANGEABLE = False
 SECURITY_RECOVERABLE = False
 """Allow password recovery by users."""
 
-SECURITY_REGISTERABLE = True
+SECURITY_REGISTERABLE = False
 """"Allow users to register.
 
 With this variable set to "False" users will not be
@@ -137,4 +167,147 @@ able to register, or to navigate to /sigup page.
 """
 
 SECURITY_CONFIRMABLE = False
-"""Allow user to confirm their email address."""
+"""Allow user to confirm their email address.
+
+Instead user will get a welcome email.
+"""
+
+
+ACCOUNTS = True
+"""Tells if the templates should use the accounts module.
+
+If False, you won't be able to login via the web UI.
+
+Instead if you have a overriden template somewhere in your config.py:
+like this:
+SECURITY_LOGIN_USER_TEMPLATE = 'invenio_theme_tugraz/accounts/login.html'
+then you can remove this condition from header_login.htm:
+{%- if config.ACCOUNTS %}
+to render your overriden login.html
+"""
+
+# Accounts
+# ========
+# Actual values can be find in to invenio.cfg file
+#: Recaptcha public key (change to enable).
+RECAPTCHA_PUBLIC_KEY = None
+#: Recaptcha private key (change to enable).
+RECAPTCHA_PRIVATE_KEY = None
+
+# invenio-records-permissions
+# =======
+# See:
+# https://invenio-records-permissions.readthedocs.io/en/latest/configuration.html
+#
+# Uncomment these to enable overriding Base permissions - (NOT RECOMMANDED)
+# RECORDS_PERMISSIONS_RECORD_POLICY = (
+#    'invenio_config_tugraz.base_permissions.TUGRAZPermissionPolicy'
+# )
+#
+# Uncomment these to enable overriding RDM permissions
+# RDM_RECORDS_BIBLIOGRAPHIC_SERVICE_CONFIG = (
+#     'invenio_config_tugraz.rdm_permissions.TUGRAZBibliographicRecordServiceConfig'
+# )
+"""Access control configuration for records."""
+
+# invenio-rdm-records
+# =======
+# See:
+# https://invenio-rdm-records.readthedocs.io/en/latest/configuration.html
+#
+RDM_RECORDS_USER_FIXTURE_PASSWORDS = {
+    "info@tugraz.at": None
+}
+"""Overrides for the user fixtures' passwords.
+The password set for a user fixture in this dictionary overrides the
+password set in the ``users.yaml`` file. This can be used to set custom
+passwords for the fixture users (of course, this has to be configured
+before the fixtures are installed, e.g. by setting up the services).
+If ``None`` or an empty string is configured in this dictionary, then the
+password from ``users.yaml`` will be used. If that is also absent, a password
+will be generated randomly.
+"""
+
+# Custom Access Right
+# RDM_RECORDS_CUSTOM_VOCABULARIES = {
+#     'access_right': {
+#         'path': join(
+#             dirname(abspath(__file__)),
+#             'restrictions', 'access_right', 'access_right_limit.csv'
+#         )
+#     }
+# }
+
+# Invenio-app-rdm
+# =========================
+# See https://github.com/inveniosoftware/invenio-app-rdm/blob/master/invenio_app_rdm/config.py
+APP_RDM_DEPOSIT_FORM_DEFAULTS = {}
+"""Default values for new records in the deposit UI.
+
+The keys denote the dot-separated path, where in the record's metadata
+the values should be set (see invenio-records.dictutils).
+If the value is callable, its return value will be used for the field
+(e.g. lambda/function for dynamic calculation of values).
+"""
+
+SQLALCHEMY_ECHO = False
+"""Enable to see all SQL queries."""
+
+SQLALCHEMY_ENGINE_OPTIONS = {
+    "pool_pre_ping": False,
+    "pool_recycle": 3600,
+    # set a more agressive timeout to ensure http requests don't wait for long
+    "pool_timeout": 10,
+}
+"""SQLAlchemy engine options.
+
+This is used to configure for instance the database connection pool.
+Specifically for connection pooling the following options below are relevant.
+Note, that the connection pool settings have to be aligned with:
+
+1. your database server's max allowed connections settings, and
+2. your application deployment (number of processes/threads)
+
+**Disconnect handling**
+
+Note, it's possible that a connection you get from the connection pool is no
+longer open. This happens if e.g. the database server was restarted or the
+server has a timeout that closes the connection. In these case you'll see an
+error similar to::
+
+    psycopg2.OperationalError: server closed the connection unexpectedly
+        This probably means the server terminated abnormally
+        before or while processing the request.
+
+The errors can be avoided by using the ``pool_pre_ping`` option, which will
+ensure the connection is open first by issuing a ``SELECT 1``. The pre-ping
+feature however, comes with a performance penalty, and thus it may be better
+to first try adjusting the ``pool_recyle`` to ensure connections are closed and
+reopened regularly.
+
+... code-block:: python
+
+    SQLALCHEMY_ENGINE_OPTIONS = dict(
+        # enable the connection pool “pre-ping” feature that tests connections
+        # for liveness upon each checkout.
+        pool_pre_ping=True,
+
+        # the number of connections to allow in connection pool “overflow”,
+        # that is connections that can be opened above and beyond the
+        # pool_size setting
+        max_overflow=10,
+
+        # the number of connections to keep open inside the connection
+        pool_size=5,
+
+        # recycle connections after the given number of seconds has passed.
+        pool_recycle=3600,
+
+        # number of seconds to wait before giving up on getting a connection
+        # from the pool
+        pool_timeout=30,
+
+    )
+
+See https://docs.sqlalchemy.org/en/latest/core/engines.html.
+"""

invenio_config_tugraz/ext.py

@@ -8,12 +8,10 @@
 
 """invenio module that adds tugraz configs."""
 
-from flask_babelex import gettext as _
-
 from . import config
 
 
-class invenioconfigtugraz(object):
+class InvenioConfigTugraz(object):
     """invenio-config-tugraz extension."""
 
     def __init__(self, app=None):
@@ -24,10 +22,10 @@ class invenioconfigtugraz(object):
     def init_app(self, app):
         """Flask application initialization."""
         self.init_config(app)
-        app.extensions['invenio-config-tugraz'] = self
+        app.extensions["invenio-config-tugraz"] = self
 
     def init_config(self, app):
         """Initialize configuration."""
         for k in dir(config):
-            if k.startswith('INVENIO_CONFIG_TUGRAZ_'):
+            if k.startswith("INVENIO_CONFIG_TUGRAZ_"):
                 app.config.setdefault(k, getattr(config, k))

invenio_config_tugraz/generators.py

@@ -0,0 +1,240 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright (C) 2020 Mojib Wali.
+#
+# invenio-config-tugraz is free software; you can redistribute it and/or
+# modify it under the terms of the MIT License; see LICENSE file for more
+# details.
+
+r"""Permission generators and policies for Invenio records.
+
+Invenio-records-permissions provides a means to fully customize access control
+for Invenio records. It does so by defining and providing three layers of
+permission constructs that build on each other:
+Generators and Policies. You can extend or override them for maximum
+control. Thankfully we provide default ones that cover most cases.
+
+Invenio-records-permissions conveniently structures (and relies on)
+functionalities from
+`invenio-access <https://invenio-access.readthedocs.io>`_ and
+`flask-principal <https://pythonhosted.org/Flask-Principal>`_ .
+
+
+Generators
+----------
+
+Generators are the lowest level of abstraction provided by
+invenio-records-permissions. A
+:py:class:`~invenio_records_permissions.generators.Generator` represents
+identities via
+`Needs <https://invenio-access.readthedocs.io/en/latest/api.html#needs>`_ that
+are allowed or disallowed to act on a kind of object. A Generator does not
+specify the action, but it does specify who is allowed and the kind of object
+of concern (typically records). Generators *generate* required and forbidden
+Needs at the object-of-concern level and *generate* query filters
+at the search-for-objects-of-concern level.
+
+A Generator object defines 3 methods in addition to its constructor:
+
+- ``needs(self, **kwargs)``: returns Needs, one of which a provider is
+                             required to have to be allowed
+- ``excludes(self, **kwargs)``: returns a list of Needs disallowing any
+                                provider of a single one
+- ``query_filter(self, **kwargs)``: returns a query filter to enable retrieval
+                                    of records
+
+The ``needs`` and ``excludes`` methods specify access conditions from
+the point-of-view of the object-of-concern; whereas, the ``query_filter``
+method specifies those from the actor's point-of-view in search scenarios.
+
+A simple example of a Generator is the provided
+:py:class:`~invenio_records_permissions.generators.RecordOwners` Generator:
+
+.. code-block:: python
+
+    from flask_principal import UserNeed
+
+
+    class RecordOwners(Generator):
+        '''Allows record owners.'''
+
+        def needs(self, record=None, **kwargs):
+            '''Enabling Needs.'''
+            return [UserNeed(owner) for owner in record.get('owners', [])]
+
+        def query_filter(self, record=None, **kwargs):
+            '''Filters for current identity as owner.'''
+            # NOTE: implementation subject to change until permissions metadata
+            #       settled
+            provides = g.identity.provides
+            for need in provides:
+                if need.method == 'id':
+                    return Q('term', owners=need.value)
+            return []
+
+``RecordOwners`` allows any identity providing a `UserNeed
+<https://pythonhosted.org/Flask-Principal/#flask_principal.UserNeed>`_
+of value found in the ``owners`` metadata of a record. The
+``query_filter(self, **kwargs)``
+method outputs a query that returns all owned records of the current user.
+Not included in the above, because it doesn't apply to ``RecordOwners``, is
+the ``excludes(self, **kwargs)`` method.
+
+.. Note::
+
+    Exclusion has priority over inclusion. If a Need is returned by both
+    ``needs`` and ``excludes``, providers of that Need will be **excluded**.
+
+If implementation of Generators seems daunting, fear not! A collection of
+them has already been implemented in
+:py:mod:`~invenio_records_permissions.generators`
+and they cover most cases you may have.
+
+To fully understand how they work, we have to show where Generators are used.
+That is in the Policies.
+
+
+Policies
+--------
+
+Classes inheriting from
+:py:class:`~invenio_records_permissions.policies.base.BasePermissionPolicy` are
+referred to as Policies. They list **what actions** can be done **by whom**
+over an implied category of objects (typically records). A Policy is
+instantiated on a per action basis and is a descendant of `Permission
+<https://invenio-access.readthedocs.io/en/latest/api.html
+#invenio_access.permissions.Permission>`_ in
+`invenio-access <https://invenio-access.readthedocs.io>`_ .
+Generators are used to provide the "by whom" part and the implied category of
+object.
+
+Here is an example of a custom record Policy:
+
+.. code-block:: python
+
+    from invenio_records_permissions.generators import AnyUser, RecordOwners, \
+        SuperUser
+    from invenio_records_permissions.policies.base import BasePermissionPolicy
+
+    class ExampleRecordPermissionPolicy(BasePermissionPolicy):
+        can_create = [AnyUser()]
+        can_search = [AnyUser()]
+        can_read = [AnyUser()]
+        can_update = [RecordOwners()]
+        can_foo_bar = [SuperUser()]
+
+The actions are class variables of the form: ``can_<action>`` and the
+corresponding (dis-)allowed identities are a list of Generator instances.
+One can define any action as long as it follows that pattern and
+is verified at the moment it is undertaken.
+
+In the example above, any user can create, list and read records, but only
+a record's owner can edit it and only super users can perform the "foo_bar"
+action.
+
+We recommend you extend the provided
+:py:class:`invenio_records_permissions.policies.records.RecordPermissionPolicy`
+to customize record permissions for your instance.
+This way you benefit from sane defaults.
+
+After you have defined your own Policy, set it in your configuration:
+
+.. code-block:: python
+
+    RECORDS_PERMISSIONS_RECORD_POLICY = (
+        'module.to.ExampleRecordPermissionPolicy'
+    )
+
+The succinct encoding of the permissions for your instance gives you
+    - one central location where your permissions are defined
+    - exact control
+    - great flexibility by defining your own actions, generators and policies
+"""
+
+from elasticsearch_dsl.query import Q
+from flask import current_app, request
+from invenio_access.permissions import any_user, authenticated_user, superuser_access
+from invenio_records_permissions.generators import Generator
+
+
+class RecordIp(Generator):
+    """Allowed any user with accessing with the IP."""
+
+    def needs(self, record=None, **kwargs):
+        """Enabling Needs, Set of Needs granting permission."""
+        if record is None:
+            return []
+
+        # check if singleip is in the records restriction
+        is_single_ip = record.get("access", {}).get("access_right") == "singleip"
+
+        # check if the user ip is on list
+        visible = self.check_permission()
+
+        if not is_single_ip:
+            # if record does not have singleip - return any_user
+            return [any_user]
+            # if record has singleip, then check the ip of user - if ip user is on list - return any_user
+        elif visible:
+            return [any_user]
+        else:
+            # non of the above - return empty
+            return []
+
+    def excludes(self, **kwargs):
+        """Preventing Needs, Set of Needs denying permission.
+
+        If ANY of the Needs are matched, permission is revoked.
+
+        .. note::
+
+            ``_load_permissions()`` method from `Permission
+            <https://invenio-access.readthedocs.io/en/latest/api.html
+            #invenio_access.permissions.Permission>`_ adds by default the
+            ``superuser_access`` Need (if tied to a User or Role) for us.
+
+            It also expands ActionNeeds into the Users/Roles that
+            provide them.
+
+        If the same Need is returned by `needs` and `excludes`, then that
+        Need provider is disallowed.
+        """
+        return []
+
+    def query_filter(self, *args, **kwargs):
+        """Filters for singleip records."""
+        # check if the user ip is on list
+        visible = self.check_permission()
+
+        if not visible:
+            # If user ip is not on the list, and If the record contains 'singleip' will not be seen
+            return ~Q("match", **{"access.access_right": "singleip"})
+
+        # Lists all records
+        return Q("match_all")
+
+    def check_permission(self):
+        """Check for User IP address in config variable."""
+        # Get user IP
+        user_ip = request.remote_addr
+        # Checks if the user IP is among single IPs
+        if user_ip in current_app.config["INVENIO_CONFIG_TUGRAZ_SINGLE_IP"]:
+            return True
+        return False
+
+
+class AuthenticatedUser(Generator):
+    """Allows authenticated users."""
+
+    def __init__(self):
+        """Constructor."""
+        super(AuthenticatedUser, self).__init__()
+
+    def needs(self, **kwargs):
+        """Enabling Needs."""
+        return [authenticated_user]
+
+    def query_filter(self, **kwargs):
+        """Filters for current identity as super user."""
+        # TODO: Implement with new permissions metadata
+        return []

invenio_config_tugraz/rdm_permissions.py

@@ -0,0 +1,111 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright (C) 2020 Graz University of Technology.
+#
+# invenio-config-tugraz is free software; you can redistribute it and/or
+# modify it under the terms of the MIT License; see LICENSE file for more
+# details.
+
+"""
+Records permission policies.
+
+Default policies for records:
+
+.. code-block:: python
+
+    # Read access given to everyone.
+    can_search = [AnyUser()]
+    # Create action given to no one (Not even superusers) bc Deposits should
+    # be used.
+    can_create = [Disable()]
+    # Read access given to everyone if public record/files and owners always.
+    can_read = [AnyUserIfPublic(), RecordOwners()]
+    # Update access given to record owners.
+    can_update = [RecordOwners()]
+    # Delete access given to admins only.
+    can_delete = [Admin()]
+    # Associated files permissions (which are really bucket permissions)
+    can_read_files = [AnyUserIfPublic(), RecordOwners()]
+    can_update_files = [RecordOwners()]
+
+How to override default policies for rdm-records.
+
+Using Custom Generator for a policy:
+
+.. code-block:: python
+
+    from invenio_rdm_records.services import (
+    BibliographicRecordServiceConfig,
+    RDMRecordPermissionPolicy,
+    )
+
+    from invenio_config_tugraz.generators import RecordIp
+
+    class TUGRAZPermissionPolicy(RDMRecordPermissionPolicy):
+
+    # Create access given to SuperUser only.
+
+    can_create = [SuperUser()]
+
+    RDM_RECORDS_BIBLIOGRAPHIC_SERVICE_CONFIG  = TUGRAZBibliographicRecordServiceConfig
+
+
+Permissions for Invenio (RDM) Records.
+"""
+
+from invenio_rdm_records.services import (
+    BibliographicRecordServiceConfig,
+    RDMRecordPermissionPolicy,
+)
+from invenio_records_permissions.generators import (
+    Admin,
+    AnyUser,
+    RecordOwners,
+    SuperUser,
+)
+
+from .generators import AuthenticatedUser, RecordIp
+
+
+class TUGRAZPermissionPolicy(RDMRecordPermissionPolicy):
+    """Access control configuration for rdm records.
+
+    This overrides the origin:
+    https://github.com/inveniosoftware/invenio-rdm-records/blob/master/invenio_rdm_records/services/permissions.py.
+
+    """
+
+    # Read access given to:
+    # TODO:
+    # AnyUserIfPublic : grant access if record is public
+    # RecordIp: grant access for single_ip
+    # RecordOwners: owner of records, enable once the deposit is allowed only for loged-in users.
+    # CURRENT:
+    # RecordIp: grant access for single_ip
+    can_read = [RecordIp()]  # RecordOwners()
+
+    # Search access given to:
+    # AnyUser : grant access anyUser
+    # RecordIp: grant access for single_ip
+    can_search = [AnyUser(), RecordIp()]
+
+    # Update access given to record owners.
+    can_update = [RecordOwners()]
+
+    # Delete access given to admins only.
+    can_delete = [Admin()]
+
+    # Create action given to AuthenticatedUser
+    # UI - if user is loged in
+    # API - if user has Access token (Bearer API-TOKEN)
+    can_create = [AuthenticatedUser()]
+
+    # Associated files permissions (which are really bucket permissions)
+    # can_read_files = [AnyUserIfPublic(), RecordOwners()]
+    # can_update_files = [RecordOwners()]
+
+
+class TUGRAZBibliographicRecordServiceConfig(BibliographicRecordServiceConfig):
+    """Overriding BibliographicRecordServiceConfig."""
+
+    permission_policy_cls = TUGRAZPermissionPolicy

invenio_config_tugraz/restrictions/access_right/access_right.csv

@@ -0,0 +1,6 @@
+access_right,access_right_name,icon,notes
+open, Open Access, lock open
+embargoed, Embargoed, ban
+restricted, Restricted, key
+closed, Private, lock
+singleip, Single Ip, lock

invenio_config_tugraz/restrictions/access_right/access_right_limit.csv

@@ -0,0 +1,2 @@
+access_right,access_right_name,icon,notes
+open, Open Access, lock open

invenio_config_tugraz/saml/idp/cert/sp.crt

@@ -1 +0,0 @@
-MIICjjCCAfegAwIBAgIBADANBgkqhkiG9w0BAQ0FADBkMQswCQYDVQQGEwJhdDENMAsGA1UECAwER3JhejEPMA0GA1UECgwGVFVHUkFaMRAwDgYDVQQDDAdpbnZlbmlvMSMwIQYJKoZIhvcNAQkBFhRtb2ppYi53YWxpQHR1Z3Jhei5hdDAeFw0yMDAxMTAyMDIwMTlaFw0yMTAxMDkyMDIwMTlaMGQxCzAJBgNVBAYTAmF0MQ0wCwYDVQQIDARHcmF6MQ8wDQYDVQQKDAZUVUdSQVoxEDAOBgNVBAMMB2ludmVuaW8xIzAhBgkqhkiG9w0BCQEWFG1vamliLndhbGlAdHVncmF6LmF0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5ZrPhRhyDyLTe93rpgqN9MMfnCsg+2QBW4EOuQnMXJzF1dqrFEsexot1FRW83IjqbY+680PmGABQtxUpS4Kinr/pLYbPhQ2WPQRad7mtOn/dD40VVwfG0GfcLrnKe5F4QLfNjervjl8jH/AKPCYwwfSeuw1LNoRjy1uDwkp9cRQIDAQABo1AwTjAdBgNVHQ4EFgQUPv2+wS1RuagCOed7w1FzouBmpP4wHwYDVR0jBBgwFoAUPv2+wS1RuagCOed7w1FzouBmpP4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOBgQA4qvU7gbgE/MoljUW68qMPs8z8Q2Ngttp6F1KOMNO9rgrYWAJh4u6BMt11mlBgBlLLJzG67wXpBr0l78IcOXun4w955te0VRp7aZ0b1uOPt0aUoDOXuBAhZURLZfbsogpWiE6bdB8N0nHTwk2WG2PPIC5Z99UdDivcP5ZeSPAkUw==

invenio_config_tugraz/saml/idp/cert/sp.key

@@ -1 +0,0 @@
-MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIHxNp8P2PsV8CAggAMBQGCCqGSIb3DQMHBAjOyik6fsEC3gSCAoC4tFsYAl4GexyXESiRKpOQzHQNFtQtwDEevT1IKgsafSNjOMJZLKrnoejNoxEQUPPPXgGEd83Fmp2cSHm+YVksH06zcsA+RKf5ab6t0bsgcyljGzkHEDQtMRPcaXNlVMbU9VEDOX26MgmlU/pd+GGfE99IbEFc6qN1e7qOnmKSw93Q3o05ubO3wEI76JhOioGGXB3pEn8f4XLDwck0thzYD6H2vdF+kyIdM8w1BgyLdeP0aDkfG1V3rLGhE8246rwVUzRSZv6BCNBZFk7YO1d7j0+BDxnbHFS631zdCgMcd/XS8u6acc3IYr/bQLH4a1y0X3Z+8ks8arEgUtXqYx9wMlp5lajlsr9JDIU5OnuZ2XY+4sqDQsTZPjBpxK8oMjvJNNatnTf+18htkTdovpInlP7xpEjp1L7H74iKY25UsAZ9e+gqHZwILnk418mQ1E4JYU6JRUZspJSFfqwn9FL6DnvhzPIhtzwhr3eL4f4RXWxxe2xCzvWg+GaWuMfZdj77SV4pMOi7vb3HlYY6luShVlYKdSaw+jf6XVy4ZMTWT5wcE1mc3tAJqF18Mi8amOetpZhz16ISOKnO0rKrfmxteNPQn2AB8QquGGn050PTW4m8zFXDBiyg2xvcRLAW/8ych3k+pkEZi4tVCkLcHM56J/XUEKMCxiSok+vbzxfVf1D2vYFFS7Lw1nP5RnLKFdn8XdHQ+lu2diod18wYBQP4eoU+XjjP2zjlpULiWHt7PpCERqGg7H2Z2amIL5rTeqQuyXczw1/xG/VBNn9qe3DXFodvoV6OZb3efNT/eJgOyaPLi2FmB7Kpdp4JIdJgLnaBCwNBXkpGSwb732O/cug8

invenio_config_tugraz/saml/idp/idp.json

@@ -1,22 +0,0 @@
-
-    {
-
-        "strict": true,
-        "debug": true,
-                "idp": {
-                    "entityId": "https://sso.tugraz.at/idp/shibboleth",
-                    "singleLogoutService": {
-                        "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
-                        "url": "https://sso.tugraz.at/slo/Logout"
-                    },
-    
-                    "singleSignOnService": {
-                        "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
-                        "url": "https://sso.tugraz.at/idp/profile/SAML2/Redirect/SSO"
-                    },
-    
-                    "x509cert": "MIIDHzCCAgegAwIBAgIUG6ra0BvXswfyErcCDmzw3AV+uI0wDQYJKoZIhvcNAQEFBQAwGDEWMBQGA1UEAxMNc3NvLnR1Z3Jhei5hdDAeFw0xMDAzMjkxNzEzMTZaFw0zMDAzMjkxODEzMTZaMBgxFjAUBgNVBAMTDXNzby50dWdyYXouYXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCEyQxHIM1zxbBnXn60Ksg7B7HcPLPcN7bXLrLPOFXtkZxm0YkHY5Rxignm7wHD7C81U09DFS2eT8qRCcVtVz+kuwdgS54fC/alg9oLxXk4CgKjhtZZ2ECLdTHfUXOA5uOLlpoN1LY6VpIjSYe3UEX3HxfhXx/fPeE8VInGCKnml8Too22G30htB/EU44A2yqrR3LUngJIaq //N0QbeMYitNh02o6xB5+bp6k6noM7DH6S9phe0kCEibaiLaCf7k9LpNnAz9bPtQVth0gdJqoUry/iK1QBTFTEXvvJynFEp0+5Wz/XFmEcFhsaK8OcHd0R9FfpX5Z2fewA2Q0SLKz+bAgMBAAGjYTBfMD4GA1UdEQQ3MDWCDXNzby50dWdyYXouYXSGJGh0dHBzOi8vc3NvLnR1Z3Jhei5hdC9pZHAvc2hpYmJvbGV0aDAdBgNVHQ4EFgQUXd76PcSiXR6wFna5qQi+S0W/9Y0wDQYJKoZIhvcNAQEFBQADggEBACgkQqxBtYY1OcuoAUP/P+ukJW7XyofK89qs2dkGClx7s0hR/1zImWgljgfguLJOSfC/CWE1wfNK9bTi4Fu9809PmOoaCxkNmniFRAyaOiBoUz5XIpJniW7wBo+YBpBlXZXi5PmU2DOsfZxo7fs4se32dHO1WqgJodqkK2Wa4HDiigh42trZ9i3uS73uHSSCeIJYQNj84BMJ+ifgj3Zi/TgLS+IX7Ayy2bkDzIzIRnj7ULQ/MgfacGXQXJPHyp+w+YvydQalPAWc43+5DkNacN34K8cE3XjHq1kx/BgYOtQ7M2Xa1oApLzPoHO4D2kaf6FCgGR8Mx7GVAz0aQVxfB8I="
-    
-                }
-                
-    }

invenio_config_tugraz/saml/idp/idp.xml

@@ -1,26 +0,0 @@
-<?xml version="1.0"?>
-<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://sso.tugraz.at/idp/shibboleth">
-  <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
-    <md:KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:X509Data>
-          <ds:X509Certificate>MIIDHzCCAgegAwIBAgIUG6ra0BvXswfyErcCDmzw3AV+uI0wDQYJKoZIhvcNAQEFBQAwGDEWMBQGA1UEAxMNc3NvLnR1Z3Jhei5hdDAeFw0xMDAzMjkxNzEzMTZaFw0zMDAzMjkxODEzMTZaMBgxFjAUBgNVBAMTDXNzby50dWdyYXouYXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCEyQxHIM1zxbBnXn60Ksg7B7HcPLPcN7bXLrLPOFXtkZxm0YkHY5Rxignm7wHD7C81U09DFS2eT8qRCcVtVz+kuwdgS54fC/alg9oLxXk4CgKjhtZZ2ECLdTHfUXOA5uOLlpoN1LY6VpIjSYe3UEX3HxfhXx/fPeE8VInGCKnml8Too22G30htB/EU44A2yqrR3LUngJIaq//N0QbeMYitNh02o6xB5+bp6k6noM7DH6S9phe0kCEibaiLaCf7k9LpNnAz9bPtQVth0gdJqoUry/iK1QBTFTEXvvJynFEp0+5Wz/XFmEcFhsaK8OcHd0R9FfpX5Z2fewA2Q0SLKz+bAgMBAAGjYTBfMD4GA1UdEQQ3MDWCDXNzby50dWdyYXouYXSGJGh0dHBzOi8vc3NvLnR1Z3Jhei5hdC9pZHAvc2hpYmJvbGV0aDAdBgNVHQ4EFgQUXd76PcSiXR6wFna5qQi+S0W/9Y0wDQYJKoZIhvcNAQEFBQADggEBACgkQqxBtYY1OcuoAUP/P+ukJW7XyofK89qs2dkGClx7s0hR/1zImWgljgfguLJOSfC/CWE1wfNK9bTi4Fu9809PmOoaCxkNmniFRAyaOiBoUz5XIpJniW7wBo+YBpBlXZXi5PmU2DOsfZxo7fs4se32dHO1WqgJodqkK2Wa4HDiigh42trZ9i3uS73uHSSCeIJYQNj84BMJ+ifgj3Zi/TgLS+IX7Ayy2bkDzIzIRnj7ULQ/MgfacGXQXJPHyp+w+YvydQalPAWc43+5DkNacN34K8cE3XjHq1kx/BgYOtQ7M2Xa1oApLzPoHO4D2kaf6FCgGR8Mx7GVAz0aQVxfB8I=</ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </md:KeyDescriptor>
-    <md:KeyDescriptor use="encryption">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:X509Data>
-          <ds:X509Certificate>MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIHxNp8P2PsV8CAggAMBQGCCqGSIb3DQMHBAjOyik6fsEC3gSCAoC4tFsYAl4GexyXESiRKpOQzHQNFtQtwDEevT1IKgsafSNjOMJZLKrnoejNoxEQUPPPXgGEd83Fmp2cSHm+YVksH06zcsA+RKf5ab6t0bsgcyljGzkHEDQtMRPcaXNlVMbU9VEDOX26MgmlU/pd+GGfE99IbEFc6qN1e7qOnmKSw93Q3o05ubO3wEI76JhOioGGXB3pEn8f4XLDwck0thzYD6H2vdF+kyIdM8w1BgyLdeP0aDkfG1V3rLGhE8246rwVUzRSZv6BCNBZFk7YO1d7j0+BDxnbHFS631zdCgMcd/XS8u6acc3IYr/bQLH4a1y0X3Z+8ks8arEgUtXqYx9wMlp5lajlsr9JDIU5OnuZ2XY+4sqDQsTZPjBpxK8oMjvJNNatnTf+18htkTdovpInlP7xpEjp1L7H74iKY25UsAZ9e+gqHZwILnk418mQ1E4JYU6JRUZspJSFfqwn9FL6DnvhzPIhtzwhr3eL4f4RXWxxe2xCzvWg+GaWuMfZdj77SV4pMOi7vb3HlYY6luShVlYKdSaw+jf6XVy4ZMTWT5wcE1mc3tAJqF18Mi8amOetpZhz16ISOKnO0rKrfmxteNPQn2AB8QquGGn050PTW4m8zFXDBiyg2xvcRLAW/8ych3k+pkEZi4tVCkLcHM56J/XUEKMCxiSok+vbzxfVf1D2vYFFS7Lw1nP5RnLKFdn8XdHQ+lu2diod18wYBQP4eoU+XjjP2zjlpULiWHt7PpCERqGg7H2Z2amIL5rTeqQuyXczw1/xG/VBNn9qe3DXFodvoV6OZb3efNT/eJgOyaPLi2FmB7Kpdp4JIdJgLnaBCwNBXkpGSwb732O/cug8</ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </md:KeyDescriptor>
-    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://sso.tugraz.at/slo/Logout"/>
-    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
-    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://sso.tugraz.at/idp/profile/SAML2/Redirect/SSO"/>
-  </md:IDPSSODescriptor>
-  <md:ContactPerson contactType="technical">
-    <md:GivenName>Administrator</md:GivenName>
-    <md:EmailAddress>admin@example.org</md:EmailAddress>
-  </md:ContactPerson>
-</md:EntityDescriptor>

invenio_config_tugraz/saml/onelogin/cert/sp.crt

@@ -1 +0,0 @@
-MIICjjCCAfegAwIBAgIBADANBgkqhkiG9w0BAQ0FADBkMQswCQYDVQQGEwJhdDENMAsGA1UECAwER3JhejEPMA0GA1UECgwGVFVHUkFaMRAwDgYDVQQDDAdpbnZlbmlvMSMwIQYJKoZIhvcNAQkBFhRtb2ppYi53YWxpQHR1Z3Jhei5hdDAeFw0yMDAxMTAyMDIwMTlaFw0yMTAxMDkyMDIwMTlaMGQxCzAJBgNVBAYTAmF0MQ0wCwYDVQQIDARHcmF6MQ8wDQYDVQQKDAZUVUdSQVoxEDAOBgNVBAMMB2ludmVuaW8xIzAhBgkqhkiG9w0BCQEWFG1vamliLndhbGlAdHVncmF6LmF0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5ZrPhRhyDyLTe93rpgqN9MMfnCsg+2QBW4EOuQnMXJzF1dqrFEsexot1FRW83IjqbY+680PmGABQtxUpS4Kinr/pLYbPhQ2WPQRad7mtOn/dD40VVwfG0GfcLrnKe5F4QLfNjervjl8jH/AKPCYwwfSeuw1LNoRjy1uDwkp9cRQIDAQABo1AwTjAdBgNVHQ4EFgQUPv2+wS1RuagCOed7w1FzouBmpP4wHwYDVR0jBBgwFoAUPv2+wS1RuagCOed7w1FzouBmpP4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOBgQA4qvU7gbgE/MoljUW68qMPs8z8Q2Ngttp6F1KOMNO9rgrYWAJh4u6BMt11mlBgBlLLJzG67wXpBr0l78IcOXun4w955te0VRp7aZ0b1uOPt0aUoDOXuBAhZURLZfbsogpWiE6bdB8N0nHTwk2WG2PPIC5Z99UdDivcP5ZeSPAkUw==

invenio_config_tugraz/saml/onelogin/cert/sp.key

@@ -1,17 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIHxNp8P2PsV8CAggA
-MBQGCCqGSIb3DQMHBAjOyik6fsEC3gSCAoC4tFsYAl4GexyXESiRKpOQzHQNFtQt
-wDEevT1IKgsafSNjOMJZLKrnoejNoxEQUPPPXgGEd83Fmp2cSHm+YVksH06zcsA+
-RKf5ab6t0bsgcyljGzkHEDQtMRPcaXNlVMbU9VEDOX26MgmlU/pd+GGfE99IbEFc
-6qN1e7qOnmKSw93Q3o05ubO3wEI76JhOioGGXB3pEn8f4XLDwck0thzYD6H2vdF+
-kyIdM8w1BgyLdeP0aDkfG1V3rLGhE8246rwVUzRSZv6BCNBZFk7YO1d7j0+BDxnb
-HFS631zdCgMcd/XS8u6acc3IYr/bQLH4a1y0X3Z+8ks8arEgUtXqYx9wMlp5lajl
-sr9JDIU5OnuZ2XY+4sqDQsTZPjBpxK8oMjvJNNatnTf+18htkTdovpInlP7xpEjp
-1L7H74iKY25UsAZ9e+gqHZwILnk418mQ1E4JYU6JRUZspJSFfqwn9FL6DnvhzPIh
-tzwhr3eL4f4RXWxxe2xCzvWg+GaWuMfZdj77SV4pMOi7vb3HlYY6luShVlYKdSaw
-+jf6XVy4ZMTWT5wcE1mc3tAJqF18Mi8amOetpZhz16ISOKnO0rKrfmxteNPQn2AB
-8QquGGn050PTW4m8zFXDBiyg2xvcRLAW/8ych3k+pkEZi4tVCkLcHM56J/XUEKMC
-xiSok+vbzxfVf1D2vYFFS7Lw1nP5RnLKFdn8XdHQ+lu2diod18wYBQP4eoU+XjjP
-2zjlpULiWHt7PpCERqGg7H2Z2amIL5rTeqQuyXczw1/xG/VBNn9qe3DXFodvoV6O
-Zb3efNT/eJgOyaPLi2FmB7Kpdp4JIdJgLnaBCwNBXkpGSwb732O/cug8
------END RSA PRIVATE KEY-----

invenio_config_tugraz/saml/onelogin/onelogin.json

@@ -1,20 +0,0 @@
-{
-
-    "strict": true,
-    "debug": true,
-			"idp": {
-				"entityId": "https://app.onelogin.com/saml/metadata/01661574-91ed-4735-a3b9-f4ddebb2cbb8",
-				"singleLogoutService": {
-					"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
-					"url": "https://tugraz-dev.onelogin.com/trust/saml2/http-redirect/slo/1070112"
-				},
-
-				"singleSignOnService": {
-					"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
-					"url": "https://tugraz-dev.onelogin.com/trust/saml2/http-post/sso/01661574-91ed-4735-a3b9-f4ddebb2cbb8"
-				},
-
-				"x509cert": "MIID2DCCAsCgAwIBAgIUWRGl84DFd+GbLYt0BmwyI+FCKVIwDQYJKoZIhvcNAQEFBQAwRDEPMA0GA1UECgwGVFVHUkFaMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxGjAYBgNVBAMMEU9uZUxvZ2luIEFjY291bnQgMB4XDTIwMDEyODEwNDI1M1oXDTI1MDEyODEwNDI1M1owRDEPMA0GA1UECgwGVFVHUkFaMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxGjAYBgNVBAMMEU9uZUxvZ2luIEFjY291bnQgMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAve5a++I/VHC22fMk5v8GwCvdIyiziOwGjq0XXyjTg9TyhHJZbfDXa7S0NjK7dK4+d3iaB3MvCpnr+7H2J2Cohracgy2BQz9Z4BqsjDat016zkAPoID9R6osliqocw1jESnyL59OJWftAiA4rFmQs6v/b56vgre8EP6qKbykq6mWvepGyBbfjRsYbFoIDmnW8kJoZtLMDQfTBvEF2veHDt9EbsWP+hyedMYTWCfsbTHhFKNrhRKr3m3k+w6Zsca2zp3A8xiFv0fcl6PglEwEZz2Iwb0ySifaf4ZLDVjSekpCLf29doBJYUeE5TUP8oHfATOcWW+m5D3MXVcMUax+AFwIDAQABo4HBMIG+MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFK4GHoSfnMQKb8RjP2HrGzJ4ICiDMH8GA1UdIwR4MHaAFK4GHoSfnMQKb8RjP2HrGzJ4ICiDoUikRjBEMQ8wDQYDVQQKDAZUVUdSQVoxFTATBgNVBAsMDE9uZUxvZ2luIElkUDEaMBgGA1UEAwwRT25lTG9naW4gQWNjb3VudCCCFFkRpfOAxXfhmy2LdAZsMiPhQilSMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQUFAAOCAQEAUg7UHFju0QA7ubcSLBuvEMUQL9jxtzDi0ndSi8qqtLJSjBalcfll0X/gI+sAMGMd0MW7P3abOVVfGBSlZN01KCPC2WHKRwzyO3sOCatkPrn2SYthQWHD/W7psyFgoDt5lQNijLyZdpvZbRIotxcWpoaTcBzaArd/0MNe1VaGlLK5GeqtbwL+dQD+O3mtSUfF918qeiOHEwI7nfPo7vjUyRT8Ov1loqP5+A0/R1CyL0Dh/tVdIkOHx6EjrIXsb/K6xXPknYZqPApPkZq514ZCEPhAILFU+5R/cQMZMZEacCdKuQ9XMkR8bqnh8xu620SCYiSVPXtVW4bpXKs0nJazBQ=="
-
-			}
-}

invenio_config_tugraz/saml/onelogin/onelogin.xml

@@ -1,26 +0,0 @@
-<?xml version="1.0"?>
-<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://app.onelogin.com/saml/metadata/01661574-91ed-4735-a3b9-f4ddebb2cbb8">
-  <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
-    <md:KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:X509Data>
-          <ds:X509Certificate>MIID2DCCAsCgAwIBAgIUWRGl84DFd+GbLYt0BmwyI+FCKVIwDQYJKoZIhvcNAQEFBQAwRDEPMA0GA1UECgwGVFVHUkFaMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxGjAYBgNVBAMMEU9uZUxvZ2luIEFjY291bnQgMB4XDTIwMDEyODEwNDI1M1oXDTI1MDEyODEwNDI1M1owRDEPMA0GA1UECgwGVFVHUkFaMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxGjAYBgNVBAMMEU9uZUxvZ2luIEFjY291bnQgMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAve5a++I/VHC22fMk5v8GwCvdIyiziOwGjq0XXyjTg9TyhHJZbfDXa7S0NjK7dK4+d3iaB3MvCpnr+7H2J2Cohracgy2BQz9Z4BqsjDat016zkAPoID9R6osliqocw1jESnyL59OJWftAiA4rFmQs6v/b56vgre8EP6qKbykq6mWvepGyBbfjRsYbFoIDmnW8kJoZtLMDQfTBvEF2veHDt9EbsWP+hyedMYTWCfsbTHhFKNrhRKr3m3k+w6Zsca2zp3A8xiFv0fcl6PglEwEZz2Iwb0ySifaf4ZLDVjSekpCLf29doBJYUeE5TUP8oHfATOcWW+m5D3MXVcMUax+AFwIDAQABo4HBMIG+MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFK4GHoSfnMQKb8RjP2HrGzJ4ICiDMH8GA1UdIwR4MHaAFK4GHoSfnMQKb8RjP2HrGzJ4ICiDoUikRjBEMQ8wDQYDVQQKDAZUVUdSQVoxFTATBgNVBAsMDE9uZUxvZ2luIElkUDEaMBgGA1UEAwwRT25lTG9naW4gQWNjb3VudCCCFFkRpfOAxXfhmy2LdAZsMiPhQilSMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQUFAAOCAQEAUg7UHFju0QA7ubcSLBuvEMUQL9jxtzDi0ndSi8qqtLJSjBalcfll0X/gI+sAMGMd0MW7P3abOVVfGBSlZN01KCPC2WHKRwzyO3sOCatkPrn2SYthQWHD/W7psyFgoDt5lQNijLyZdpvZbRIotxcWpoaTcBzaArd/0MNe1VaGlLK5GeqtbwL+dQD+O3mtSUfF918qeiOHEwI7nfPo7vjUyRT8Ov1loqP5+A0/R1CyL0Dh/tVdIkOHx6EjrIXsb/K6xXPknYZqPApPkZq514ZCEPhAILFU+5R/cQMZMZEacCdKuQ9XMkR8bqnh8xu620SCYiSVPXtVW4bpXKs0nJazBQ==</ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </md:KeyDescriptor>
-    <md:KeyDescriptor use="encryption">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:X509Data>
-          <ds:X509Certificate>MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIHxNp8P2PsV8CAggAMBQGCCqGSIb3DQMHBAjOyik6fsEC3gSCAoC4tFsYAl4GexyXESiRKpOQzHQNFtQtwDEevT1IKgsafSNjOMJZLKrnoejNoxEQUPPPXgGEd83Fmp2cSHm+YVksH06zcsA+RKf5ab6t0bsgcyljGzkHEDQtMRPcaXNlVMbU9VEDOX26MgmlU/pd+GGfE99IbEFc6qN1e7qOnmKSw93Q3o05ubO3wEI76JhOioGGXB3pEn8f4XLDwck0thzYD6H2vdF+kyIdM8w1BgyLdeP0aDkfG1V3rLGhE8246rwVUzRSZv6BCNBZFk7YO1d7j0+BDxnbHFS631zdCgMcd/XS8u6acc3IYr/bQLH4a1y0X3Z+8ks8arEgUtXqYx9wMlp5lajlsr9JDIU5OnuZ2XY+4sqDQsTZPjBpxK8oMjvJNNatnTf+18htkTdovpInlP7xpEjp1L7H74iKY25UsAZ9e+gqHZwILnk418mQ1E4JYU6JRUZspJSFfqwn9FL6DnvhzPIhtzwhr3eL4f4RXWxxe2xCzvWg+GaWuMfZdj77SV4pMOi7vb3HlYY6luShVlYKdSaw+jf6XVy4ZMTWT5wcE1mc3tAJqF18Mi8amOetpZhz16ISOKnO0rKrfmxteNPQn2AB8QquGGn050PTW4m8zFXDBiyg2xvcRLAW/8ych3k+pkEZi4tVCkLcHM56J/XUEKMCxiSok+vbzxfVf1D2vYFFS7Lw1nP5RnLKFdn8XdHQ+lu2diod18wYBQP4eoU+XjjP2zjlpULiWHt7PpCERqGg7H2Z2amIL5rTeqQuyXczw1/xG/VBNn9qe3DXFodvoV6OZb3efNT/eJgOyaPLi2FmB7Kpdp4JIdJgLnaBCwNBXkpGSwb732O/cug8</ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </md:KeyDescriptor>
-    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://tugraz-dev.onelogin.com/trust/saml2/http-redirect/slo/1070112"/>
-    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
-    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://tugraz-dev.onelogin.com/trust/saml2/http-post/sso/01661574-91ed-4735-a3b9-f4ddebb2cbb8"/>
-  </md:IDPSSODescriptor>
-  <md:ContactPerson contactType="technical">
-    <md:GivenName>Administrator</md:GivenName>
-    <md:EmailAddress>admin@example.org</md:EmailAddress>
-  </md:ContactPerson>
-</md:EntityDescriptor>

invenio_config_tugraz/translations/de/LC_MESSAGES/messages.po

@@ -0,0 +1,25 @@
+# German translations for invenio-config-tugraz.
+# Copyright (C) 2020 Mojib Wali
+# This file is distributed under the same license as the
+# invenio-config-tugraz project.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2020.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: invenio-config-tugraz 0.1.5\n"
+"Report-Msgid-Bugs-To: mojib.wali@tugraz.at\n"
+"POT-Creation-Date: 2020-10-06 09:28+0200\n"
+"PO-Revision-Date: 2020-10-06 09:28+0200\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language: de\n"
+"Language-Team: de <LL@li.org>\n"
+"Plural-Forms: nplurals=2; plural=(n != 1)\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Generated-By: Babel 2.8.0\n"
+
+#: invenio_config_tugraz/config.py:80
+msgid "Welcome to RDM!"
+msgstr ""
+

invenio_config_tugraz/translations/messages.pot

@@ -0,0 +1,24 @@
+# Translations template for invenio-config-tugraz.
+# Copyright (C) 2020 Mojib Wali
+# This file is distributed under the same license as the
+# invenio-config-tugraz project.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2020.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: invenio-config-tugraz 0.1.5\n"
+"Report-Msgid-Bugs-To: mojib.wali@tugraz.at\n"
+"POT-Creation-Date: 2020-10-06 09:28+0200\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Generated-By: Babel 2.8.0\n"
+
+#: invenio_config_tugraz/config.py:80
+msgid "Welcome to RDM!"
+msgstr ""
+

invenio_config_tugraz/version.py

@@ -12,4 +12,4 @@ This file is imported by ``invenio_config_tugraz.__init__``,
 and parsed by ``setup.py``.
 """
 
-__version__ = '0.1.5'
+__version__ = "0.5.2"

pytest.ini

@@ -7,6 +7,6 @@
 # details.
 
 [pytest]
-pep8ignore = docs/conf.py ALL
-addopts = --pep8 --doctest-glob="*.rst" --doctest-modules --cov=invenio_config_tugraz --cov-report=term-missing
-testpaths = docs tests invenio_config_tugraz
+addopts = --isort --pydocstyle --pycodestyle --doctest-glob="*.rst" --doctest-modules --cov=invenio_config_tugraz --cov-report=term-missing tests invenio_config_tugraz
+testpaths = tests invenio_config_tugraz
+live_server_scope = module

run-tests.sh

@@ -1,14 +1,33 @@
-#!/usr/bin/env sh
+#!/usr/bin/env bash
 # -*- coding: utf-8 -*-
 #
-# Copyright (C) 2020 Mojib Wali.
+# Copyright (C) 2019-2020 CERN.
+# Copyright (C) 2019-2020 Northwestern University.
+# Copyright (C) 2020 Graz University of Technology.
 #
 # invenio-config-tugraz is free software; you can redistribute it and/or
 # modify it under the terms of the MIT License; see LICENSE file for more
 # details.
 
-pydocstyle invenio_config_tugraz tests docs && \
-isort --check-only --diff && \
-check-manifest --ignore ".travis-*" && \
-sphinx-build -qnNW docs docs/_build/html && \
-python setup.py test
+
+# Quit on errors
+set -o errexit
+
+# Quit on unbound symbols
+set -o nounset
+
+# Always bring down docker services
+
+function cleanup() {
+    eval "$(docker-services-cli down --env)"
+}
+trap cleanup EXIT
+
+
+python -m check_manifest --ignore ".*-requirements.txt"
+python -m sphinx.cmd.build -qnNW docs docs/_build/html
+eval "$(docker-services-cli up --db ${DB:-postgresql} --search ${SEARCH:-elasticsearch} --cache ${CACHE:-redis} --env)"
+python -m pytest
+tests_exit_code=$?
+python -m sphinx.cmd.build -qnNW -b doctest docs docs/_build/doctest
+exit "$tests_exit_code"

setup.cfg

@@ -37,3 +37,20 @@ output-dir = invenio_config_tugraz/translations/
 [update_catalog]
 input-file = invenio_config_tugraz/translations/messages.pot
 output-dir = invenio_config_tugraz/translations/
+
+[flake8]
+max-line-length = 88
+extend-ignore = E203
+select = C,E,F,W,B,B950
+ignore = E501
+
+[isort]
+multi_line_output = 3
+include_trailing_comma = True
+force_grid_wrap = 0
+use_parentheses = True
+ensure_newline_before_comments = True
+line_length = 88
+
+[pycodestyle]
+ignore = E203,E501

setup.py

@@ -12,32 +12,37 @@ import os
 
 from setuptools import find_packages, setup
 
-readme = open('README.rst').read()
-history = open('CHANGES.rst').read()
+readme = open("README.rst").read()
+history = open("CHANGES.rst").read()
 
 tests_require = [
-    'pytest-invenio>=1.3.2',
+    "pytest-invenio>=1.4.0",
+    "SQLAlchemy-Utils>=0.33.1,<0.36",
+    "invenio-rdm-records~=0.20.8",
+    "invenio-search[elasticsearch7]>=1.4.0",
+    "psycopg2-binary>=2.8.6",
 ]
 
 extras_require = {
-    'docs': [
-        'Sphinx>=1.5.1',
+    "docs": [
+        "Sphinx>=3",
     ],
-    'tests': tests_require,
+    "tests": tests_require,
 }
 
-extras_require['all'] = []
+extras_require["all"] = []
 for reqs in extras_require.values():
-    extras_require['all'].extend(reqs)
+    extras_require["all"].extend(reqs)
 
 setup_requires = [
-    'Babel>=1.3',
-    'pytest-runner>=3.0.0,<5',
+    "Babel>=1.3",
+    "pytest-runner>=3.0.0,<5",
 ]
 
 install_requires = [
-    'Flask-BabelEx>=0.9.4',
-
+    "Flask-BabelEx>=0.9.4",
+    "elasticsearch_dsl>=7.2.1",
+    "sqlalchemy-continuum>=1.3.11",
 ]
 
 packages = find_packages()
@@ -45,33 +50,33 @@ packages = find_packages()
 
 # Get the version string. Cannot be done with import!
 g = {}
-with open(os.path.join('invenio_config_tugraz', 'version.py'), 'rt') as fp:
+with open(os.path.join("invenio_config_tugraz", "version.py"), "rt") as fp:
     exec(fp.read(), g)
-    version = g['__version__']
+    version = g["__version__"]
 
 setup(
-    name='invenio-config-tugraz',
+    name="invenio-config-tugraz",
     version=version,
     description=__doc__,
-    long_description=readme + '\n\n' + history,
-    keywords='invenio, config, Tu Graz',
-    license='MIT',
-    author='Mojib Wali',
-    author_email='mojib.wali@tugraz.at',
-    url='https://github.com/mb-wali/invenio-config-tugraz',
+    long_description=readme + "\n\n" + history,
+    keywords="invenio, config, Tu Graz",
+    license="MIT",
+    author="Mojib Wali",
+    author_email="mb_wali@hotmail.com",
+    url="https://github.com/tu-graz-library/invenio-config-tugraz",
     packages=packages,
     zip_safe=False,
     include_package_data=True,
-    platforms='any',
+    platforms="any",
     entry_points={
-        'invenio_base.apps': [
-            'invenio_config_tugraz = invenio_config_tugraz:invenioconfigtugraz',
+        "invenio_base.apps": [
+            "invenio_config_tugraz = invenio_config_tugraz:InvenioConfigTugraz",
         ],
-        'invenio_i18n.translations': [
-            'messages = invenio_config_tugraz',
+        "invenio_i18n.translations": [
+            "messages = invenio_config_tugraz",
         ],
-        'invenio_config.module': [
-            'invenio_config_tugraz = invenio_config_tugraz.config',
+        "invenio_config.module": [
+            "invenio_config_tugraz = invenio_config_tugraz.config",
         ],
     },
     extras_require=extras_require,
@@ -79,17 +84,17 @@ setup(
     setup_requires=setup_requires,
     tests_require=tests_require,
     classifiers=[
-        'Environment :: Web Environment',
-        'Intended Audience :: Developers',
-        'License :: OSI Approved :: MIT License',
-        'Operating System :: OS Independent',
-        'Programming Language :: Python',
-        'Topic :: Internet :: WWW/HTTP :: Dynamic Content',
-        'Topic :: Software Development :: Libraries :: Python Modules',
-        'Programming Language :: Python :: 3',
-        'Programming Language :: Python :: 3.6',
-        'Programming Language :: Python :: 3.7',
-        'Programming Language :: Python :: 3.8',
-        'Development Status :: 3 - Alpha',
+        "Environment :: Web Environment",
+        "Intended Audience :: Developers",
+        "License :: OSI Approved :: MIT License",
+        "Operating System :: OS Independent",
+        "Programming Language :: Python",
+        "Topic :: Internet :: WWW/HTTP :: Dynamic Content",
+        "Topic :: Software Development :: Libraries :: Python Modules",
+        "Programming Language :: Python :: 3",
+        "Programming Language :: Python :: 3.6",
+        "Programming Language :: Python :: 3.7",
+        "Programming Language :: Python :: 3.8",
+        "Development Status :: 3 - Alpha",
     ],
 )

tests/conftest.py

@@ -12,17 +12,20 @@ See https://pytest-invenio.readthedocs.io/ for documentation on which test
 fixtures are available.
 """
 
+import os
 import shutil
 import tempfile
 
 import pytest
 from flask import Flask
 from flask_babelex import Babel
+from invenio_db import InvenioDB, db
+from sqlalchemy_utils.functions import create_database, database_exists, drop_database
 
-from invenio_config_tugraz import invenioconfigtugraz
+from invenio_config_tugraz import InvenioConfigTugraz
 
 
-@pytest.fixture(scope='module')
+@pytest.fixture(scope="module")
 def celery_config():
     """Override pytest-invenio fixture.
 
@@ -31,13 +34,130 @@ def celery_config():
     return {}
 
 
-@pytest.fixture(scope='module')
-def create_app(instance_path):
-    """Application factory fixture."""
-    def factory(**config):
-        app = Flask('testapp', instance_path=instance_path)
-        app.config.update(**config)
+@pytest.fixture()
+def create_app(request):
+    """Basic Flask application."""
+    instance_path = tempfile.mkdtemp()
+    app = Flask("testapp")
+    DB = os.getenv("SQLALCHEMY_DATABASE_URI", "sqlite://")
+    app.config.update(
+        INVENIO_CONFIG_TUGRAZ_SINGLE_IP=["127.0.0.1", "127.0.0.2"],
+        INVENIO_CONFIG_TUGRAZ_IP_RANGES=[
+            ["127.0.0.2", "127.0.0.99"],
+            ["127.0.1.3", "127.0.1.5"],
+        ],
+        SQLALCHEMY_DATABASE_URI=DB,
+        SQLALCHEMY_TRACK_MODIFICATIONS=False,
+    )
     Babel(app)
-        invenioconfigtugraz(app)
+    InvenioConfigTugraz(app)
+    InvenioDB(app)
+
+    with app.app_context():
+        db_url = str(db.engine.url)
+        if db_url != "sqlite://" and not database_exists(db_url):
+            create_database(db_url)
+        db.create_all()
+
+    def teardown():
+        with app.app_context():
+            db_url = str(db.engine.url)
+            db.session.close()
+            if db_url != "sqlite://":
+                drop_database(db_url)
+            shutil.rmtree(instance_path)
+
+    request.addfinalizer(teardown)
+    app.test_request_context().push()
+
     return app
-    return factory
+
+
+@pytest.fixture(scope='function')
+def open_record():
+    """Open record data as dict coming from the external world."""
+    return {
+        "access": {
+            "metadata": False,
+            "files": False,
+            "owned_by": [1],
+            "access_right": "open"
+        },
+        "metadata": {
+            "publication_date": "2020-06-01",
+            "resource_type": {
+                "type": "image",
+                "subtype": "image-photo"
+            },
+            # Technically not required
+            "creators": [{
+                "name": "Troy Brown",
+                "type": "personal"
+            }, {
+                "name": "Phillip Lester",
+                "type": "personal",
+                "identifiers": {"orcid": "0000-0002-1825-0097"},
+                "affiliations": [{
+                    "name": "Carter-Morris",
+                    "identifiers": {"ror": "03yrm5c26"}
+                }]
+            }, {
+                "name": "Steven Williamson",
+                "type": "personal",
+                "identifiers": {"orcid": "0000-0002-1825-0097"},
+                "affiliations": [{
+                    "name": "Ritter and Sons",
+                    "identifiers": {"ror": "03yrm5c26"}
+                }, {
+                    "name": "Montgomery, Bush and Madden",
+                    "identifiers": {"ror": "03yrm5c26"}
+                }]
+            }],
+            "title": "A Romans story"
+        }
+    }
+
+
+@pytest.fixture(scope='function')
+def singleip_record():
+    """Single Ip record data as dict coming from the external world."""
+    return {
+        "access": {
+            "metadata": False,
+            "files": False,
+            "owned_by": [1],
+            "access_right": "singleip"
+        },
+        "metadata": {
+            "publication_date": "2020-06-01",
+            "resource_type": {
+                "type": "image",
+                "subtype": "image-photo"
+            },
+            # Technically not required
+            "creators": [{
+                "name": "Troy Brown",
+                "type": "personal"
+            }, {
+                "name": "Phillip Lester",
+                "type": "personal",
+                "identifiers": {"orcid": "0000-0002-1825-0097"},
+                "affiliations": [{
+                    "name": "Carter-Morris",
+                    "identifiers": {"ror": "03yrm5c26"}
+                }]
+            }, {
+                "name": "Steven Williamson",
+                "type": "personal",
+                "identifiers": {"orcid": "0000-0002-1825-0097"},
+                "affiliations": [{
+                    "name": "Ritter and Sons",
+                    "identifiers": {"ror": "03yrm5c26"}
+                }, {
+                    "name": "Montgomery, Bush and Madden",
+                    "identifiers": {"ror": "03yrm5c26"}
+                }]
+            }],
+            "title": "A Romans story"
+        }
+    }

tests/test_generators.py

@@ -0,0 +1,38 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright (C) 2020 Mojib Wali.
+#
+# invenio-config-tugraz is free software; you can redistribute it and/or
+# modify it under the terms of the MIT License; see LICENSE file for more
+# details.
+
+"""Test Generators."""
+
+from invenio_access.permissions import any_user, authenticated_user
+
+from invenio_config_tugraz.generators import AuthenticatedUser, RecordIp
+
+
+def test_recordip(create_app, open_record, singleip_record):
+    """Test Generator RecordIp."""
+    generator = RecordIp()
+    open_record = open_record
+    singleiprec = singleip_record
+
+    assert generator.needs(record=None) == []
+    assert generator.needs(record=open_record) == [any_user]
+    assert generator.needs(record=singleiprec) == []
+
+    assert generator.excludes(record=open_record) == []
+    assert generator.excludes(record=open_record) == []
+
+    assert generator.query_filter().to_dict() == {'bool': {'must_not': [{'match': {'access.access_right': 'singleip'}}]}}
+
+
+def test_authenticateduser():
+    """Test Generator AuthenticatedUser."""
+    generator = AuthenticatedUser()
+
+    assert generator.needs() == [authenticated_user]
+    assert generator.excludes() == []
+    assert generator.query_filter() == []

tests/test_invenio_config_tugraz.py

@@ -10,23 +10,24 @@
 
 from flask import Flask
 
-from invenio_config_tugraz import invenioconfigtugraz
+from invenio_config_tugraz import InvenioConfigTugraz
 
 
 def test_version():
     """Test version import."""
     from invenio_config_tugraz import __version__
+
     assert __version__
 
 
 def test_init():
     """Test extension initialization."""
-    app = Flask('testapp')
-    ext = invenioconfigtugraz(app)
-    assert 'invenio-config-tugraz' in app.extensions
+    app = Flask("testapp")
+    ext = InvenioConfigTugraz(app)
+    assert "invenio-config-tugraz" in app.extensions
 
-    app = Flask('testapp')
-    ext = invenioconfigtugraz()
-    assert 'invenio-config-tugraz' not in app.extensions
+    app = Flask("testapp")
+    ext = InvenioConfigTugraz()
+    assert "invenio-config-tugraz" not in app.extensions
     ext.init_app(app)
-    assert 'invenio-config-tugraz' in app.extensions
+    assert "invenio-config-tugraz" in app.extensions