v0.5.5

* babel: adds a wildcard to extract txt files.
* refactor txt file

.github/workflows/tests.yml

@@ -20,9 +20,42 @@ jobs:
     runs-on: ubuntu-20.04
     strategy:
       matrix:
-          python-version: [3.6, 3.7, 3.8]
+          python-version: [3.6, 3.7, 3.8, 3.9]
           requirements-level: [min, pypi]
+          db-service: [postgresql12]
+          search-service: [elasticsearch7]
+          exclude:
+          - python-version: 3.6
+            requirements-level: pypi
 
+          - python-version: 3.7
+            requirements-level: min
+
+          - python-version: 3.8
+            requirements-level: min
+
+          - python-version: 3.9
+            requirements-level: min
+
+          - db-service: postgresql12
+            requirements-level: min
+
+          - search-service: elasticsearch7
+            requirements-level: min
+
+          include:
+
+          - db-service: postgresql12
+            DB_EXTRAS: "postgresql"
+
+
+          - search-service: elasticsearch7
+            SEARCH_EXTRAS: "elasticsearch7"
+
+    env:
+      DB: ${{ matrix.db-service }}
+      SEARCH: ${{ matrix.search-service }}
+      EXTRAS: all,${{ matrix.DB_EXTRAS }},${{ matrix.SEARCH_EXTRAS }}
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -35,8 +68,7 @@ jobs:
       - name: Generate dependencies
         run: |
           python -m pip install --upgrade pip setuptools py wheel requirements-builder
-          requirements-builder -e all --level=${{ matrix.requirements-level }} setup.py > .${{ matrix.requirements-level }}-${{ matrix.python-version }}-requirements.txt
+          requirements-builder -e "$EXTRAS" --level=${{ matrix.requirements-level }} setup.py > .${{ matrix.requirements-level }}-${{ matrix.python-version }}-requirements.txt
-
       - name: Cache pip
         uses: actions/cache@v2
         with:
@@ -46,9 +78,10 @@ jobs:
       - name: Install dependencies
         run: |
           pip install -r .${{ matrix.requirements-level }}-${{ matrix.python-version }}-requirements.txt
-          pip install .[all]
+          pip install ".[$EXTRAS]"
           pip freeze
-
+          docker --version
+          docker-compose --version
       - name: Run tests
         run: |
           ./run-tests.sh

MANIFEST.in

@@ -34,12 +34,18 @@ recursive-include docs *.py
 recursive-include docs *.rst
 recursive-include docs *.txt
 recursive-include docs Makefile
-recursive-include invenio_config_tugraz *.html
 recursive-include tests *.py
 
+
 # added by check_manifest.py
 recursive-include invenio_config_tugraz *.crt
 recursive-include invenio_config_tugraz *.json
 recursive-include invenio_config_tugraz *.key
 recursive-include invenio_config_tugraz *.xml
 recursive-include invenio_config_tugraz *.gitkeep
+recursive-include invenio_config_tugraz *.txt
+recursive-include invenio_config_tugraz *.html
+
+
+# added by check-manifest
+recursive-include invenio_config_tugraz *.csv

README.rst

@@ -1,5 +1,5 @@
 ..
-    Copyright (C) 2020 Mojib Wali.
+    Copyright (C) 2020-2021 Graz University of Technology.
 
     invenio-config-tugraz is free software; you can redistribute it and/or
     modify it under the terms of the MIT License; see LICENSE file for more
@@ -15,10 +15,10 @@
 .. image:: https://img.shields.io/pypi/dm/invenio-config-tugraz.svg
         :target: https://pypi.python.org/pypi/invenio-config-tugraz
 
-.. image:: https://img.shields.io/github/tag/mb-wali/invenio-config-tugraz.svg
+.. image:: https://img.shields.io/github/tag/tu-graz-library/invenio-config-tugraz.svg
         :target: https://github.com/mb-wali/invenio-config-tugraz/releases
 
-.. image:: https://img.shields.io/github/license/mb-wali/invenio-config-tugraz.svg
+.. image:: https://img.shields.io/github/license/tu-graz-library/invenio-config-tugraz.svg
         :target: https://github.com/mb-wali/invenio-config-tugraz/blob/master/LICENSE
 
 .. image:: https://readthedocs.org/projects/invenio-config-tugraz/badge/?version=latest

babel.ini

@@ -13,7 +13,7 @@ encoding = utf-8
 
 # Extraction from Jinja2 templates
 
-[jinja2: **/templates/**.html]
+[jinja2: **/templates/**.*]
 encoding = utf-8
 extensions = jinja2.ext.autoescape, jinja2.ext.with_
 

invenio_config_tugraz/base_permissions.py

@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
 #
-# Copyright (C) 2020 Mojib Wali.
+# Copyright (C) 2020-2021 Graz University of Technology.
 #
 # invenio-config-tugraz is free software; you can redistribute it and/or
 # modify it under the terms of the MIT License; see LICENSE file for more
@@ -46,43 +46,43 @@ Using Custom Generator for a policy:
     RECORDS_PERMISSIONS_RECORD_POLICY = TUGRAZPermissionPolicy
 
 
-Permissions for Invenio (RDM) Records.
+Permissions for Invenio records.
 """
 
-from invenio_records_permissions.generators import (
+# from invenio_records_permissions.generators import (
-    Admin,
+#     Admin,
-    AnyUser,
+#     AnyUser,
-    AnyUserIfPublic,
+#     AnyUserIfPublic,
-    RecordOwners,
+#     RecordOwners,
-)
+# )
-from invenio_records_permissions.policies.base import BasePermissionPolicy
+# from invenio_records_permissions.policies.base import BasePermissionPolicy
 
-from .generators import RecordIp
+# from .generators import RecordIp
 
 
-class TUGRAZPermissionPolicy(BasePermissionPolicy):
+# class TUGRAZPermissionPolicy(BasePermissionPolicy):
-    """Access control configuration for records.
+#     """Access control configuration for records.
 
-    This overrides the /api/records endpoint.
+#     This overrides the /api/records endpoint.
 
-    """
+#     """
 
-    # Read access to API given to everyone.
+#     # Read access to API given to everyone.
-    can_search = [AnyUser(), RecordIp()]
+#     can_search = [AnyUser(), RecordIp()]
 
-    # Read access given to everyone if public record/files and owners always.
+#     # Read access given to everyone if public record/files and owners always.
-    can_read = [AnyUserIfPublic(), RecordOwners(), RecordIp()]
+#     can_read = [AnyUserIfPublic(), RecordOwners(), RecordIp()]
 
-    # Create action given to no one (Not even superusers) bc Deposits should
+#     # Create action given to no one (Not even superusers) bc Deposits should
-    # be used.
+#     # be used.
-    can_create = [AnyUser()]
+#     can_create = [AnyUser()]
 
-    # Update access given to record owners.
+#     # Update access given to record owners.
-    can_update = [RecordOwners()]
+#     can_update = [RecordOwners()]
 
-    # Delete access given to admins only.
+#     # Delete access given to admins only.
-    can_delete = [Admin()]
+#     can_delete = [Admin()]
 
-    # Associated files permissions (which are really bucket permissions)
+#     # Associated files permissions (which are really bucket permissions)
-    can_read_files = [AnyUserIfPublic(), RecordOwners()]
+#     can_read_files = [AnyUserIfPublic(), RecordOwners()]
-    can_update_files = [RecordOwners()]
+#     can_update_files = [RecordOwners()]

invenio_config_tugraz/config.py

@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
 #
-# Copyright (C) 2020 Mojib Wali.
+# Copyright (C) 2020-2021 Graz University of Technology.
 #
 # invenio-config-tugraz is free software; you can redistribute it and/or
 # modify it under the terms of the MIT License; see LICENSE file for more
@@ -8,9 +8,11 @@
 
 """invenio module that adds tugraz configs."""
 
+from os.path import abspath, dirname, join
+
 from flask_babelex import gettext as _
 
-INVENIO_CONFIG_TUGRAZ_SHIBBOLETH = True
+INVENIO_CONFIG_TUGRAZ_SHIBBOLETH = False
 """Set True if SAML is configured"""
 
 INVENIO_CONFIG_TUGRAZ_SINGLE_IP = []
@@ -37,6 +39,7 @@ APP_ALLOWED_HOSTS = [
     "127.0.0.1",
     "invenio-dev01.tugraz.at",
     "invenio-test.tugraz.at",
+    "repository.tugraz.at",
 ]
 """Allowed Hosts"""
 
@@ -50,6 +53,9 @@ APP_DEFAULT_SECURE_HEADERS = {
             "'unsafe-inline'",
             "'unsafe-eval'",
             "blob:",
+            "ub-support.tugraz.at",  # zammad contact form
+            "api.datacite.org/dois",  # datacite
+            "api.test.datacite.org/dois",  # datacite test
         ],
     },
     "content_security_policy_report_only": False,
@@ -78,7 +84,7 @@ SECURITY_EMAIL_SENDER = "info@invenio-test.tugraz.at"
 """Email address used as sender of account registration emails."""
 """Domain name should match the domain used in web server."""
 
-SECURITY_EMAIL_SUBJECT_REGISTER = _("Welcome to RDM!")
+SECURITY_EMAIL_SUBJECT_REGISTER = _("Welcome to TU Graz Repository!")
 """Email subject for account registration emails."""
 
 MAIL_SUPPRESS_SEND = True
@@ -153,7 +159,7 @@ SECURITY_CHANGEABLE = False
 SECURITY_RECOVERABLE = False
 """Allow password recovery by users."""
 
-SECURITY_REGISTERABLE = True
+SECURITY_REGISTERABLE = False
 """"Allow users to register.
 
 With this variable set to "False" users will not be
@@ -166,6 +172,15 @@ SECURITY_CONFIRMABLE = False
 Instead user will get a welcome email.
 """
 
+# Flask-Security
+# =============
+# See https://pythonhosted.org/Flask-Security/configuration.html
+SECURITY_EMAIL_PLAINTEXT = True
+"""Render email content as plaintext."""
+
+SECURITY_EMAIL_HTML = False
+"""Render email content as HTML."""
+
 
 ACCOUNTS = True
 """Tells if the templates should use the accounts module.
@@ -192,9 +207,107 @@ RECAPTCHA_PRIVATE_KEY = None
 # =======
 # See:
 # https://invenio-records-permissions.readthedocs.io/en/latest/configuration.html
-#
+# Uncomment these to enable overriding RDM permissions
-# Uncomment these to enable overriden
+# from .rdm_permissions import TUGRAZRDMRecordServiceConfig
-# RECORDS_PERMISSIONS_RECORD_POLICY = (
+# RDM_RECORDS_BIBLIOGRAPHIC_SERVICE_CONFIG = TUGRAZRDMRecordServiceConfig
-#    'invenio_config_tugraz.permissions.TUGRAZPermissionPolicy'
-# )
 """Access control configuration for records."""
+
+# invenio-rdm-records
+# =======
+# See:
+# https://invenio-rdm-records.readthedocs.io/en/latest/configuration.html
+#
+RDM_RECORDS_USER_FIXTURE_PASSWORDS = {"info@tugraz.at": None}
+"""Overrides for the user fixtures' passwords.
+The password set for a user fixture in this dictionary overrides the
+password set in the ``users.yaml`` file. This can be used to set custom
+passwords for the fixture users (of course, this has to be configured
+before the fixtures are installed, e.g. by setting up the services).
+If ``None`` or an empty string is configured in this dictionary, then the
+password from ``users.yaml`` will be used. If that is also absent, a password
+will be generated randomly.
+"""
+
+# Custom Access Right
+# RDM_RECORDS_CUSTOM_VOCABULARIES = {
+#     'access_right': {
+#         'path': join(
+#             dirname(abspath(__file__)),
+#             'restrictions', 'access_right', 'access_right_limit.csv'
+#         )
+#     }
+# }
+
+# Invenio-app-rdm
+# =========================
+# See https://github.com/inveniosoftware/invenio-app-rdm/blob/master/invenio_app_rdm/config.py
+APP_RDM_DEPOSIT_FORM_DEFAULTS = {}
+"""Default values for new records in the deposit UI.
+
+The keys denote the dot-separated path, where in the record's metadata
+the values should be set (see invenio-records.dictutils).
+If the value is callable, its return value will be used for the field
+(e.g. lambda/function for dynamic calculation of values).
+"""
+
+SQLALCHEMY_ECHO = False
+"""Enable to see all SQL queries."""
+
+SQLALCHEMY_ENGINE_OPTIONS = {
+    "pool_pre_ping": False,
+    "pool_recycle": 3600,
+    # set a more agressive timeout to ensure http requests don't wait for long
+    "pool_timeout": 10,
+}
+"""SQLAlchemy engine options.
+
+This is used to configure for instance the database connection pool.
+Specifically for connection pooling the following options below are relevant.
+Note, that the connection pool settings have to be aligned with:
+
+1. your database server's max allowed connections settings, and
+2. your application deployment (number of processes/threads)
+
+**Disconnect handling**
+
+Note, it's possible that a connection you get from the connection pool is no
+longer open. This happens if e.g. the database server was restarted or the
+server has a timeout that closes the connection. In these case you'll see an
+error similar to::
+
+    psycopg2.OperationalError: server closed the connection unexpectedly
+        This probably means the server terminated abnormally
+        before or while processing the request.
+
+The errors can be avoided by using the ``pool_pre_ping`` option, which will
+ensure the connection is open first by issuing a ``SELECT 1``. The pre-ping
+feature however, comes with a performance penalty, and thus it may be better
+to first try adjusting the ``pool_recyle`` to ensure connections are closed and
+reopened regularly.
+
+... code-block:: python
+
+    SQLALCHEMY_ENGINE_OPTIONS = dict(
+        # enable the connection pool “pre-ping” feature that tests connections
+        # for liveness upon each checkout.
+        pool_pre_ping=True,
+
+        # the number of connections to allow in connection pool “overflow”,
+        # that is connections that can be opened above and beyond the
+        # pool_size setting
+        max_overflow=10,
+
+        # the number of connections to keep open inside the connection
+        pool_size=5,
+
+        # recycle connections after the given number of seconds has passed.
+        pool_recycle=3600,
+
+        # number of seconds to wait before giving up on getting a connection
+        # from the pool
+        pool_timeout=30,
+
+    )
+
+See https://docs.sqlalchemy.org/en/latest/core/engines.html.
+"""

invenio_config_tugraz/ext.py

@@ -7,6 +7,7 @@
 # details.
 
 """invenio module that adds tugraz configs."""
+from flask import Blueprint
 
 from . import config
 

invenio_config_tugraz/generators.py

@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
 #
-# Copyright (C) 2020 Mojib Wali.
+# Copyright (C) 2020-2021 Graz University of Technology.
 #
 # invenio-config-tugraz is free software; you can redistribute it and/or
 # modify it under the terms of the MIT License; see LICENSE file for more
@@ -153,27 +153,32 @@ The succinct encoding of the permissions for your instance gives you
 
 from elasticsearch_dsl.query import Q
 from flask import current_app, request
+from invenio_access.permissions import any_user, superuser_access
 from invenio_records_permissions.generators import Generator
 
 
 class RecordIp(Generator):
     """Allowed any user with accessing with the IP."""
 
-    # TODO: Implement
+    def needs(self, record=None, **kwargs):
-    def needs(self, **kwargs):
+        """Enabling Needs, Set of Needs granting permission."""
-        """Enabling Needs, Set of Needs granting permission.
+        if record is None:
+            return []
 
-        If ANY of the Needs are matched, permission is granted.
+        # check if singleip is in the records restriction
+        is_single_ip = record.get("access", {}).get("access_right") == "singleip"
 
-        .. note::
+        # check if the user ip is on list
+        visible = self.check_permission()
 
-            ``_load_permissions()`` method from `Permission
+        if not is_single_ip:
-            <https://invenio-access.readthedocs.io/en/latest/api.html
+            # if record does not have singleip - return any_user
-            #invenio_access.permissions.Permission>`_ adds by default the
+            return [any_user]
-            ``superuser_access`` Need (if tied to a User or Role) for us.
+            # if record has singleip, then check the ip of user - if ip user is on list - return any_user
-            It also expands ActionNeeds into the Users/Roles that
+        elif visible:
-            provide them.
+            return [any_user]
-        """
+        else:
+            # non of the above - return empty
             return []
 
     def excludes(self, **kwargs):
@@ -196,19 +201,23 @@ class RecordIp(Generator):
         """
         return []
 
-    def query_filter(self, **kwargs):
+    def query_filter(self, *args, **kwargs):
-        """Elasticsearch filters, List of ElasticSearch query filters.
+        """Filters for singleip records."""
+        # check if the user ip is on list
+        visible = self.check_permission()
 
-        These filters consist of additive queries mapping to what the current
+        if not visible:
-        user should be able to retrieve via search.
+            # If user ip is not on the list, and If the record contains 'singleip' will not be seen
-        """
+            return ~Q("match", **{"access.access_right": "singleip"})
+
+        # Lists all records
         return Q("match_all")
 
     def check_permission(self):
         """Check for User IP address in config variable."""
         # Get user IP
-        user_ip = request.remote_addr  # pragma: no cover
+        user_ip = request.remote_addr
         # Checks if the user IP is among single IPs
-        if user_ip in current_app.config["INVENIO_CONFIG_TUGRAZ_SINGLE_IP"]:  # pragma: no cover
+        if user_ip in current_app.config["INVENIO_CONFIG_TUGRAZ_SINGLE_IP"]:
-            return True  # pragma: no cover
+            return True
-        return False  # pragma: no cover
+        return False

invenio_config_tugraz/rdm_permissions.py

@@ -0,0 +1,86 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright (C) 2020-2021 Graz University of Technology.
+#
+# invenio-config-tugraz is free software; you can redistribute it and/or
+# modify it under the terms of the MIT License; see LICENSE file for more
+# details.
+
+"""
+Records permission policies.
+
+Default policies for records:
+
+.. code-block:: python
+
+    # Read access given to everyone.
+    can_search = [AnyUser()]
+    # Create action given to no one (Not even superusers) bc Deposits should
+    # be used.
+    can_create = [Disable()]
+    # Read access given to everyone if public record/files and owners always.
+    can_read = [AnyUserIfPublic(), RecordOwners()]
+    # Update access given to record owners.
+    can_update = [RecordOwners()]
+    # Delete access given to admins only.
+    can_delete = [Admin()]
+    # Associated files permissions (which are really bucket permissions)
+    can_read_files = [AnyUserIfPublic(), RecordOwners()]
+    can_update_files = [RecordOwners()]
+
+How to override default policies for rdm-records.
+
+Using Custom Generator for a policy:
+
+.. code-block:: python
+
+    from invenio_rdm_records.services import (
+    BibliographicRecordServiceConfig,
+    RDMRecordPermissionPolicy,
+    )
+
+    from invenio_config_tugraz.generators import RecordIp
+
+    class TUGRAZPermissionPolicy(RDMRecordPermissionPolicy):
+
+    # Create access given to SuperUser only.
+
+    can_create = [SuperUser()]
+
+    RDM_RECORDS_BIBLIOGRAPHIC_SERVICE_CONFIG  = TUGRAZBibliographicRecordServiceConfig
+
+
+Permissions for Invenio (RDM) Records.
+"""
+
+from invenio_rdm_records.services import RDMRecordPermissionPolicy
+from invenio_rdm_records.services.config import RDMRecordServiceConfig
+from invenio_rdm_records.services.generators import IfDraft, IfRestricted, RecordOwners
+from invenio_records_permissions.generators import (
+    Admin,
+    AnyUser,
+    AuthenticatedUser,
+    Disable,
+    SuperUser,
+    SystemProcess,
+)
+
+
+class TUGRAZPermissionPolicy(RDMRecordPermissionPolicy):
+    """Access control configuration for rdm records.
+
+    This overrides the origin:
+    https://github.com/inveniosoftware/invenio-rdm-records/blob/master/invenio_rdm_records/services/permissions.py.
+    Access control configuration for records.
+    Note that even if the array is empty, the invenio_access Permission class
+    always adds the ``superuser-access``, so admins will always be allowed.
+    - Create action given to everyone for now.
+    - Read access given to everyone if public record and given to owners
+      always. (inherited)
+    - Update access given to record owners. (inherited)
+    - Delete access given to admins only. (inherited)
+    """
+
+
+class TUGRAZRDMRecordServiceConfig(RDMRecordServiceConfig):
+    """Overriding BibliographicRecordServiceConfig."""

invenio_config_tugraz/restrictions/access_right/access_right.csv

@@ -0,0 +1,6 @@
+access_right,access_right_name,icon,notes
+open, Open Access, lock open
+embargoed, Embargoed, ban
+restricted, Restricted, key
+closed, Private, lock
+singleip, Single Ip, lock

invenio_config_tugraz/restrictions/access_right/access_right_limit.csv

@@ -0,0 +1,2 @@
+access_right,access_right_name,icon,notes
+open, Open Access, lock open

invenio_config_tugraz/saml/idp/cert/sp.crt

@@ -1 +0,0 @@
-MIICjjCCAfegAwIBAgIBADANBgkqhkiG9w0BAQ0FADBkMQswCQYDVQQGEwJhdDENMAsGA1UECAwER3JhejEPMA0GA1UECgwGVFVHUkFaMRAwDgYDVQQDDAdpbnZlbmlvMSMwIQYJKoZIhvcNAQkBFhRtb2ppYi53YWxpQHR1Z3Jhei5hdDAeFw0yMDAxMTAyMDIwMTlaFw0yMTAxMDkyMDIwMTlaMGQxCzAJBgNVBAYTAmF0MQ0wCwYDVQQIDARHcmF6MQ8wDQYDVQQKDAZUVUdSQVoxEDAOBgNVBAMMB2ludmVuaW8xIzAhBgkqhkiG9w0BCQEWFG1vamliLndhbGlAdHVncmF6LmF0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5ZrPhRhyDyLTe93rpgqN9MMfnCsg+2QBW4EOuQnMXJzF1dqrFEsexot1FRW83IjqbY+680PmGABQtxUpS4Kinr/pLYbPhQ2WPQRad7mtOn/dD40VVwfG0GfcLrnKe5F4QLfNjervjl8jH/AKPCYwwfSeuw1LNoRjy1uDwkp9cRQIDAQABo1AwTjAdBgNVHQ4EFgQUPv2+wS1RuagCOed7w1FzouBmpP4wHwYDVR0jBBgwFoAUPv2+wS1RuagCOed7w1FzouBmpP4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOBgQA4qvU7gbgE/MoljUW68qMPs8z8Q2Ngttp6F1KOMNO9rgrYWAJh4u6BMt11mlBgBlLLJzG67wXpBr0l78IcOXun4w955te0VRp7aZ0b1uOPt0aUoDOXuBAhZURLZfbsogpWiE6bdB8N0nHTwk2WG2PPIC5Z99UdDivcP5ZeSPAkUw==

invenio_config_tugraz/saml/idp/cert/sp.key

@@ -1 +0,0 @@
-MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIHxNp8P2PsV8CAggAMBQGCCqGSIb3DQMHBAjOyik6fsEC3gSCAoC4tFsYAl4GexyXESiRKpOQzHQNFtQtwDEevT1IKgsafSNjOMJZLKrnoejNoxEQUPPPXgGEd83Fmp2cSHm+YVksH06zcsA+RKf5ab6t0bsgcyljGzkHEDQtMRPcaXNlVMbU9VEDOX26MgmlU/pd+GGfE99IbEFc6qN1e7qOnmKSw93Q3o05ubO3wEI76JhOioGGXB3pEn8f4XLDwck0thzYD6H2vdF+kyIdM8w1BgyLdeP0aDkfG1V3rLGhE8246rwVUzRSZv6BCNBZFk7YO1d7j0+BDxnbHFS631zdCgMcd/XS8u6acc3IYr/bQLH4a1y0X3Z+8ks8arEgUtXqYx9wMlp5lajlsr9JDIU5OnuZ2XY+4sqDQsTZPjBpxK8oMjvJNNatnTf+18htkTdovpInlP7xpEjp1L7H74iKY25UsAZ9e+gqHZwILnk418mQ1E4JYU6JRUZspJSFfqwn9FL6DnvhzPIhtzwhr3eL4f4RXWxxe2xCzvWg+GaWuMfZdj77SV4pMOi7vb3HlYY6luShVlYKdSaw+jf6XVy4ZMTWT5wcE1mc3tAJqF18Mi8amOetpZhz16ISOKnO0rKrfmxteNPQn2AB8QquGGn050PTW4m8zFXDBiyg2xvcRLAW/8ych3k+pkEZi4tVCkLcHM56J/XUEKMCxiSok+vbzxfVf1D2vYFFS7Lw1nP5RnLKFdn8XdHQ+lu2diod18wYBQP4eoU+XjjP2zjlpULiWHt7PpCERqGg7H2Z2amIL5rTeqQuyXczw1/xG/VBNn9qe3DXFodvoV6OZb3efNT/eJgOyaPLi2FmB7Kpdp4JIdJgLnaBCwNBXkpGSwb732O/cug8

invenio_config_tugraz/saml/idp/idp.json

@@ -1,22 +0,0 @@
-
-    {
-
-        "strict": true,
-        "debug": true,
-                "idp": {
-                    "entityId": "https://sso.tugraz.at/idp/shibboleth",
-                    "singleLogoutService": {
-                        "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
-                        "url": "https://sso.tugraz.at/slo/Logout"
-                    },
-    
-                    "singleSignOnService": {
-                        "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
-                        "url": "https://sso.tugraz.at/idp/profile/SAML2/Redirect/SSO"
-                    },
-    
-                    "x509cert": "MIIDHzCCAgegAwIBAgIUG6ra0BvXswfyErcCDmzw3AV+uI0wDQYJKoZIhvcNAQEFBQAwGDEWMBQGA1UEAxMNc3NvLnR1Z3Jhei5hdDAeFw0xMDAzMjkxNzEzMTZaFw0zMDAzMjkxODEzMTZaMBgxFjAUBgNVBAMTDXNzby50dWdyYXouYXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCEyQxHIM1zxbBnXn60Ksg7B7HcPLPcN7bXLrLPOFXtkZxm0YkHY5Rxignm7wHD7C81U09DFS2eT8qRCcVtVz+kuwdgS54fC/alg9oLxXk4CgKjhtZZ2ECLdTHfUXOA5uOLlpoN1LY6VpIjSYe3UEX3HxfhXx/fPeE8VInGCKnml8Too22G30htB/EU44A2yqrR3LUngJIaq //N0QbeMYitNh02o6xB5+bp6k6noM7DH6S9phe0kCEibaiLaCf7k9LpNnAz9bPtQVth0gdJqoUry/iK1QBTFTEXvvJynFEp0+5Wz/XFmEcFhsaK8OcHd0R9FfpX5Z2fewA2Q0SLKz+bAgMBAAGjYTBfMD4GA1UdEQQ3MDWCDXNzby50dWdyYXouYXSGJGh0dHBzOi8vc3NvLnR1Z3Jhei5hdC9pZHAvc2hpYmJvbGV0aDAdBgNVHQ4EFgQUXd76PcSiXR6wFna5qQi+S0W/9Y0wDQYJKoZIhvcNAQEFBQADggEBACgkQqxBtYY1OcuoAUP/P+ukJW7XyofK89qs2dkGClx7s0hR/1zImWgljgfguLJOSfC/CWE1wfNK9bTi4Fu9809PmOoaCxkNmniFRAyaOiBoUz5XIpJniW7wBo+YBpBlXZXi5PmU2DOsfZxo7fs4se32dHO1WqgJodqkK2Wa4HDiigh42trZ9i3uS73uHSSCeIJYQNj84BMJ+ifgj3Zi/TgLS+IX7Ayy2bkDzIzIRnj7ULQ/MgfacGXQXJPHyp+w+YvydQalPAWc43+5DkNacN34K8cE3XjHq1kx/BgYOtQ7M2Xa1oApLzPoHO4D2kaf6FCgGR8Mx7GVAz0aQVxfB8I="
-    
-                }
-                
-    }

invenio_config_tugraz/saml/idp/idp.xml

@@ -1,26 +0,0 @@
-<?xml version="1.0"?>
-<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://sso.tugraz.at/idp/shibboleth">
-  <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
-    <md:KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:X509Data>
-          <ds:X509Certificate>MIIDHzCCAgegAwIBAgIUG6ra0BvXswfyErcCDmzw3AV+uI0wDQYJKoZIhvcNAQEFBQAwGDEWMBQGA1UEAxMNc3NvLnR1Z3Jhei5hdDAeFw0xMDAzMjkxNzEzMTZaFw0zMDAzMjkxODEzMTZaMBgxFjAUBgNVBAMTDXNzby50dWdyYXouYXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCEyQxHIM1zxbBnXn60Ksg7B7HcPLPcN7bXLrLPOFXtkZxm0YkHY5Rxignm7wHD7C81U09DFS2eT8qRCcVtVz+kuwdgS54fC/alg9oLxXk4CgKjhtZZ2ECLdTHfUXOA5uOLlpoN1LY6VpIjSYe3UEX3HxfhXx/fPeE8VInGCKnml8Too22G30htB/EU44A2yqrR3LUngJIaq//N0QbeMYitNh02o6xB5+bp6k6noM7DH6S9phe0kCEibaiLaCf7k9LpNnAz9bPtQVth0gdJqoUry/iK1QBTFTEXvvJynFEp0+5Wz/XFmEcFhsaK8OcHd0R9FfpX5Z2fewA2Q0SLKz+bAgMBAAGjYTBfMD4GA1UdEQQ3MDWCDXNzby50dWdyYXouYXSGJGh0dHBzOi8vc3NvLnR1Z3Jhei5hdC9pZHAvc2hpYmJvbGV0aDAdBgNVHQ4EFgQUXd76PcSiXR6wFna5qQi+S0W/9Y0wDQYJKoZIhvcNAQEFBQADggEBACgkQqxBtYY1OcuoAUP/P+ukJW7XyofK89qs2dkGClx7s0hR/1zImWgljgfguLJOSfC/CWE1wfNK9bTi4Fu9809PmOoaCxkNmniFRAyaOiBoUz5XIpJniW7wBo+YBpBlXZXi5PmU2DOsfZxo7fs4se32dHO1WqgJodqkK2Wa4HDiigh42trZ9i3uS73uHSSCeIJYQNj84BMJ+ifgj3Zi/TgLS+IX7Ayy2bkDzIzIRnj7ULQ/MgfacGXQXJPHyp+w+YvydQalPAWc43+5DkNacN34K8cE3XjHq1kx/BgYOtQ7M2Xa1oApLzPoHO4D2kaf6FCgGR8Mx7GVAz0aQVxfB8I=</ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </md:KeyDescriptor>
-    <md:KeyDescriptor use="encryption">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:X509Data>
-          <ds:X509Certificate>MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIHxNp8P2PsV8CAggAMBQGCCqGSIb3DQMHBAjOyik6fsEC3gSCAoC4tFsYAl4GexyXESiRKpOQzHQNFtQtwDEevT1IKgsafSNjOMJZLKrnoejNoxEQUPPPXgGEd83Fmp2cSHm+YVksH06zcsA+RKf5ab6t0bsgcyljGzkHEDQtMRPcaXNlVMbU9VEDOX26MgmlU/pd+GGfE99IbEFc6qN1e7qOnmKSw93Q3o05ubO3wEI76JhOioGGXB3pEn8f4XLDwck0thzYD6H2vdF+kyIdM8w1BgyLdeP0aDkfG1V3rLGhE8246rwVUzRSZv6BCNBZFk7YO1d7j0+BDxnbHFS631zdCgMcd/XS8u6acc3IYr/bQLH4a1y0X3Z+8ks8arEgUtXqYx9wMlp5lajlsr9JDIU5OnuZ2XY+4sqDQsTZPjBpxK8oMjvJNNatnTf+18htkTdovpInlP7xpEjp1L7H74iKY25UsAZ9e+gqHZwILnk418mQ1E4JYU6JRUZspJSFfqwn9FL6DnvhzPIhtzwhr3eL4f4RXWxxe2xCzvWg+GaWuMfZdj77SV4pMOi7vb3HlYY6luShVlYKdSaw+jf6XVy4ZMTWT5wcE1mc3tAJqF18Mi8amOetpZhz16ISOKnO0rKrfmxteNPQn2AB8QquGGn050PTW4m8zFXDBiyg2xvcRLAW/8ych3k+pkEZi4tVCkLcHM56J/XUEKMCxiSok+vbzxfVf1D2vYFFS7Lw1nP5RnLKFdn8XdHQ+lu2diod18wYBQP4eoU+XjjP2zjlpULiWHt7PpCERqGg7H2Z2amIL5rTeqQuyXczw1/xG/VBNn9qe3DXFodvoV6OZb3efNT/eJgOyaPLi2FmB7Kpdp4JIdJgLnaBCwNBXkpGSwb732O/cug8</ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </md:KeyDescriptor>
-    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://sso.tugraz.at/slo/Logout"/>
-    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
-    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://sso.tugraz.at/idp/profile/SAML2/Redirect/SSO"/>
-  </md:IDPSSODescriptor>
-  <md:ContactPerson contactType="technical">
-    <md:GivenName>Administrator</md:GivenName>
-    <md:EmailAddress>admin@example.org</md:EmailAddress>
-  </md:ContactPerson>
-</md:EntityDescriptor>

invenio_config_tugraz/saml/onelogin/cert/sp.crt

@@ -1 +0,0 @@
-MIICjjCCAfegAwIBAgIBADANBgkqhkiG9w0BAQ0FADBkMQswCQYDVQQGEwJhdDENMAsGA1UECAwER3JhejEPMA0GA1UECgwGVFVHUkFaMRAwDgYDVQQDDAdpbnZlbmlvMSMwIQYJKoZIhvcNAQkBFhRtb2ppYi53YWxpQHR1Z3Jhei5hdDAeFw0yMDAxMTAyMDIwMTlaFw0yMTAxMDkyMDIwMTlaMGQxCzAJBgNVBAYTAmF0MQ0wCwYDVQQIDARHcmF6MQ8wDQYDVQQKDAZUVUdSQVoxEDAOBgNVBAMMB2ludmVuaW8xIzAhBgkqhkiG9w0BCQEWFG1vamliLndhbGlAdHVncmF6LmF0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5ZrPhRhyDyLTe93rpgqN9MMfnCsg+2QBW4EOuQnMXJzF1dqrFEsexot1FRW83IjqbY+680PmGABQtxUpS4Kinr/pLYbPhQ2WPQRad7mtOn/dD40VVwfG0GfcLrnKe5F4QLfNjervjl8jH/AKPCYwwfSeuw1LNoRjy1uDwkp9cRQIDAQABo1AwTjAdBgNVHQ4EFgQUPv2+wS1RuagCOed7w1FzouBmpP4wHwYDVR0jBBgwFoAUPv2+wS1RuagCOed7w1FzouBmpP4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOBgQA4qvU7gbgE/MoljUW68qMPs8z8Q2Ngttp6F1KOMNO9rgrYWAJh4u6BMt11mlBgBlLLJzG67wXpBr0l78IcOXun4w955te0VRp7aZ0b1uOPt0aUoDOXuBAhZURLZfbsogpWiE6bdB8N0nHTwk2WG2PPIC5Z99UdDivcP5ZeSPAkUw==

invenio_config_tugraz/saml/onelogin/cert/sp.key

@@ -1,17 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIHxNp8P2PsV8CAggA
-MBQGCCqGSIb3DQMHBAjOyik6fsEC3gSCAoC4tFsYAl4GexyXESiRKpOQzHQNFtQt
-wDEevT1IKgsafSNjOMJZLKrnoejNoxEQUPPPXgGEd83Fmp2cSHm+YVksH06zcsA+
-RKf5ab6t0bsgcyljGzkHEDQtMRPcaXNlVMbU9VEDOX26MgmlU/pd+GGfE99IbEFc
-6qN1e7qOnmKSw93Q3o05ubO3wEI76JhOioGGXB3pEn8f4XLDwck0thzYD6H2vdF+
-kyIdM8w1BgyLdeP0aDkfG1V3rLGhE8246rwVUzRSZv6BCNBZFk7YO1d7j0+BDxnb
-HFS631zdCgMcd/XS8u6acc3IYr/bQLH4a1y0X3Z+8ks8arEgUtXqYx9wMlp5lajl
-sr9JDIU5OnuZ2XY+4sqDQsTZPjBpxK8oMjvJNNatnTf+18htkTdovpInlP7xpEjp
-1L7H74iKY25UsAZ9e+gqHZwILnk418mQ1E4JYU6JRUZspJSFfqwn9FL6DnvhzPIh
-tzwhr3eL4f4RXWxxe2xCzvWg+GaWuMfZdj77SV4pMOi7vb3HlYY6luShVlYKdSaw
-+jf6XVy4ZMTWT5wcE1mc3tAJqF18Mi8amOetpZhz16ISOKnO0rKrfmxteNPQn2AB
-8QquGGn050PTW4m8zFXDBiyg2xvcRLAW/8ych3k+pkEZi4tVCkLcHM56J/XUEKMC
-xiSok+vbzxfVf1D2vYFFS7Lw1nP5RnLKFdn8XdHQ+lu2diod18wYBQP4eoU+XjjP
-2zjlpULiWHt7PpCERqGg7H2Z2amIL5rTeqQuyXczw1/xG/VBNn9qe3DXFodvoV6O
-Zb3efNT/eJgOyaPLi2FmB7Kpdp4JIdJgLnaBCwNBXkpGSwb732O/cug8
------END RSA PRIVATE KEY-----

invenio_config_tugraz/saml/onelogin/onelogin.json

@@ -1,20 +0,0 @@
-{
-
-    "strict": true,
-    "debug": true,
-			"idp": {
-				"entityId": "https://app.onelogin.com/saml/metadata/01661574-91ed-4735-a3b9-f4ddebb2cbb8",
-				"singleLogoutService": {
-					"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
-					"url": "https://tugraz-dev.onelogin.com/trust/saml2/http-redirect/slo/1070112"
-				},
-
-				"singleSignOnService": {
-					"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
-					"url": "https://tugraz-dev.onelogin.com/trust/saml2/http-post/sso/01661574-91ed-4735-a3b9-f4ddebb2cbb8"
-				},
-
-				"x509cert": "MIID2DCCAsCgAwIBAgIUWRGl84DFd+GbLYt0BmwyI+FCKVIwDQYJKoZIhvcNAQEFBQAwRDEPMA0GA1UECgwGVFVHUkFaMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxGjAYBgNVBAMMEU9uZUxvZ2luIEFjY291bnQgMB4XDTIwMDEyODEwNDI1M1oXDTI1MDEyODEwNDI1M1owRDEPMA0GA1UECgwGVFVHUkFaMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxGjAYBgNVBAMMEU9uZUxvZ2luIEFjY291bnQgMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAve5a++I/VHC22fMk5v8GwCvdIyiziOwGjq0XXyjTg9TyhHJZbfDXa7S0NjK7dK4+d3iaB3MvCpnr+7H2J2Cohracgy2BQz9Z4BqsjDat016zkAPoID9R6osliqocw1jESnyL59OJWftAiA4rFmQs6v/b56vgre8EP6qKbykq6mWvepGyBbfjRsYbFoIDmnW8kJoZtLMDQfTBvEF2veHDt9EbsWP+hyedMYTWCfsbTHhFKNrhRKr3m3k+w6Zsca2zp3A8xiFv0fcl6PglEwEZz2Iwb0ySifaf4ZLDVjSekpCLf29doBJYUeE5TUP8oHfATOcWW+m5D3MXVcMUax+AFwIDAQABo4HBMIG+MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFK4GHoSfnMQKb8RjP2HrGzJ4ICiDMH8GA1UdIwR4MHaAFK4GHoSfnMQKb8RjP2HrGzJ4ICiDoUikRjBEMQ8wDQYDVQQKDAZUVUdSQVoxFTATBgNVBAsMDE9uZUxvZ2luIElkUDEaMBgGA1UEAwwRT25lTG9naW4gQWNjb3VudCCCFFkRpfOAxXfhmy2LdAZsMiPhQilSMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQUFAAOCAQEAUg7UHFju0QA7ubcSLBuvEMUQL9jxtzDi0ndSi8qqtLJSjBalcfll0X/gI+sAMGMd0MW7P3abOVVfGBSlZN01KCPC2WHKRwzyO3sOCatkPrn2SYthQWHD/W7psyFgoDt5lQNijLyZdpvZbRIotxcWpoaTcBzaArd/0MNe1VaGlLK5GeqtbwL+dQD+O3mtSUfF918qeiOHEwI7nfPo7vjUyRT8Ov1loqP5+A0/R1CyL0Dh/tVdIkOHx6EjrIXsb/K6xXPknYZqPApPkZq514ZCEPhAILFU+5R/cQMZMZEacCdKuQ9XMkR8bqnh8xu620SCYiSVPXtVW4bpXKs0nJazBQ=="
-
-			}
-}

invenio_config_tugraz/saml/onelogin/onelogin.xml

@@ -1,26 +0,0 @@
-<?xml version="1.0"?>
-<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://app.onelogin.com/saml/metadata/01661574-91ed-4735-a3b9-f4ddebb2cbb8">
-  <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
-    <md:KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:X509Data>
-          <ds:X509Certificate>MIID2DCCAsCgAwIBAgIUWRGl84DFd+GbLYt0BmwyI+FCKVIwDQYJKoZIhvcNAQEFBQAwRDEPMA0GA1UECgwGVFVHUkFaMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxGjAYBgNVBAMMEU9uZUxvZ2luIEFjY291bnQgMB4XDTIwMDEyODEwNDI1M1oXDTI1MDEyODEwNDI1M1owRDEPMA0GA1UECgwGVFVHUkFaMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxGjAYBgNVBAMMEU9uZUxvZ2luIEFjY291bnQgMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAve5a++I/VHC22fMk5v8GwCvdIyiziOwGjq0XXyjTg9TyhHJZbfDXa7S0NjK7dK4+d3iaB3MvCpnr+7H2J2Cohracgy2BQz9Z4BqsjDat016zkAPoID9R6osliqocw1jESnyL59OJWftAiA4rFmQs6v/b56vgre8EP6qKbykq6mWvepGyBbfjRsYbFoIDmnW8kJoZtLMDQfTBvEF2veHDt9EbsWP+hyedMYTWCfsbTHhFKNrhRKr3m3k+w6Zsca2zp3A8xiFv0fcl6PglEwEZz2Iwb0ySifaf4ZLDVjSekpCLf29doBJYUeE5TUP8oHfATOcWW+m5D3MXVcMUax+AFwIDAQABo4HBMIG+MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFK4GHoSfnMQKb8RjP2HrGzJ4ICiDMH8GA1UdIwR4MHaAFK4GHoSfnMQKb8RjP2HrGzJ4ICiDoUikRjBEMQ8wDQYDVQQKDAZUVUdSQVoxFTATBgNVBAsMDE9uZUxvZ2luIElkUDEaMBgGA1UEAwwRT25lTG9naW4gQWNjb3VudCCCFFkRpfOAxXfhmy2LdAZsMiPhQilSMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQUFAAOCAQEAUg7UHFju0QA7ubcSLBuvEMUQL9jxtzDi0ndSi8qqtLJSjBalcfll0X/gI+sAMGMd0MW7P3abOVVfGBSlZN01KCPC2WHKRwzyO3sOCatkPrn2SYthQWHD/W7psyFgoDt5lQNijLyZdpvZbRIotxcWpoaTcBzaArd/0MNe1VaGlLK5GeqtbwL+dQD+O3mtSUfF918qeiOHEwI7nfPo7vjUyRT8Ov1loqP5+A0/R1CyL0Dh/tVdIkOHx6EjrIXsb/K6xXPknYZqPApPkZq514ZCEPhAILFU+5R/cQMZMZEacCdKuQ9XMkR8bqnh8xu620SCYiSVPXtVW4bpXKs0nJazBQ==</ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </md:KeyDescriptor>
-    <md:KeyDescriptor use="encryption">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:X509Data>
-          <ds:X509Certificate>MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIHxNp8P2PsV8CAggAMBQGCCqGSIb3DQMHBAjOyik6fsEC3gSCAoC4tFsYAl4GexyXESiRKpOQzHQNFtQtwDEevT1IKgsafSNjOMJZLKrnoejNoxEQUPPPXgGEd83Fmp2cSHm+YVksH06zcsA+RKf5ab6t0bsgcyljGzkHEDQtMRPcaXNlVMbU9VEDOX26MgmlU/pd+GGfE99IbEFc6qN1e7qOnmKSw93Q3o05ubO3wEI76JhOioGGXB3pEn8f4XLDwck0thzYD6H2vdF+kyIdM8w1BgyLdeP0aDkfG1V3rLGhE8246rwVUzRSZv6BCNBZFk7YO1d7j0+BDxnbHFS631zdCgMcd/XS8u6acc3IYr/bQLH4a1y0X3Z+8ks8arEgUtXqYx9wMlp5lajlsr9JDIU5OnuZ2XY+4sqDQsTZPjBpxK8oMjvJNNatnTf+18htkTdovpInlP7xpEjp1L7H74iKY25UsAZ9e+gqHZwILnk418mQ1E4JYU6JRUZspJSFfqwn9FL6DnvhzPIhtzwhr3eL4f4RXWxxe2xCzvWg+GaWuMfZdj77SV4pMOi7vb3HlYY6luShVlYKdSaw+jf6XVy4ZMTWT5wcE1mc3tAJqF18Mi8amOetpZhz16ISOKnO0rKrfmxteNPQn2AB8QquGGn050PTW4m8zFXDBiyg2xvcRLAW/8ych3k+pkEZi4tVCkLcHM56J/XUEKMCxiSok+vbzxfVf1D2vYFFS7Lw1nP5RnLKFdn8XdHQ+lu2diod18wYBQP4eoU+XjjP2zjlpULiWHt7PpCERqGg7H2Z2amIL5rTeqQuyXczw1/xG/VBNn9qe3DXFodvoV6OZb3efNT/eJgOyaPLi2FmB7Kpdp4JIdJgLnaBCwNBXkpGSwb732O/cug8</ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </md:KeyDescriptor>
-    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://tugraz-dev.onelogin.com/trust/saml2/http-redirect/slo/1070112"/>
-    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
-    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://tugraz-dev.onelogin.com/trust/saml2/http-post/sso/01661574-91ed-4735-a3b9-f4ddebb2cbb8"/>
-  </md:IDPSSODescriptor>
-  <md:ContactPerson contactType="technical">
-    <md:GivenName>Administrator</md:GivenName>
-    <md:EmailAddress>admin@example.org</md:EmailAddress>
-  </md:ContactPerson>
-</md:EntityDescriptor>

invenio_config_tugraz/templates/security/email/welcome.html

@@ -0,0 +1,20 @@
+<p>{{ _('Dear %(email)s!', email=user.email) }}</p>
+
+<p>{{ _('To help you get started, here are some useful links:') }}</p>
+
+<p>
+  <a href="https://{{ config.SITE_HOSTNAME }}{{ url_for('invenio_theme_tugraz.index') }}">{{ _('TU Graz Repository') }}</a> <br>
+  <a href="https://{{ config.SITE_HOSTNAME }}{{ url_for('invenio_theme_tugraz.guide')">{{ _('Reference Guide') }}</a><br>
+  <a href="https://{{ config.SITE_HOSTNAME }}{{ url_for('invenio_theme_tugraz.terms')">{{ _('Terms and Conditions') }}</a> <br>
+</p>
+
+{% if security.confirmable %}
+<p>{{ _('You can confirm your email through the link below:') }}</p>
+
+<p><a href="{{ confirmation_link }}">{{ _('Confirm my account') }}</a></p>
+{% endif %}
+
+<p>
+  {{ _('Best regards') }} <br>
+  {{ _('TU Graz Repository Team') }}
+</p>

invenio_config_tugraz/templates/security/email/welcome.txt

@@ -0,0 +1,21 @@
+{{ _('Dear %(email)s!', email=user.email) }}
+
+{{ _('To help you get started, here are some useful links:') }}
+
+{{ _('Repository')}}
+https://{{ config.SITE_HOSTNAME }}{{ url_for('invenio_theme_tugraz.index') }}
+
+{{ _('Repository Guide')}}
+https://{{ config.SITE_HOSTNAME }}{{ url_for('invenio_theme_tugraz.guide') }}
+
+{{ _('Terms And Conditions') }}
+https://{{ config.SITE_HOSTNAME }}{{ url_for('invenio_theme_tugraz.terms') }}
+
+
+{% if security.confirmable %}
+{{ _('You can confirm your email through the link below:') }}
+{{ confirmation_link }}">
+{% endif %}
+
+{{ _('Best regards') }}
+{{ _('TU Graz Repository Team') }}

invenio_config_tugraz/translations/de/LC_MESSAGES/messages.po

@@ -1,15 +1,15 @@
 # German translations for invenio-config-tugraz.
-# Copyright (C) 2020 Mojib Wali
+# Copyright (C) 2021 Mojib Wali
 # This file is distributed under the same license as the
 # invenio-config-tugraz project.
-# FIRST AUTHOR <EMAIL@ADDRESS>, 2020.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2021.
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: invenio-config-tugraz 0.1.5\n"
+"Project-Id-Version: invenio-config-tugraz 0.5.4\n"
 "Report-Msgid-Bugs-To: mojib.wali@tugraz.at\n"
-"POT-Creation-Date: 2020-10-06 09:28+0200\n"
+"POT-Creation-Date: 2021-04-22 09:24+0200\n"
-"PO-Revision-Date: 2020-10-06 09:28+0200\n"
+"PO-Revision-Date: 2021-04-22 09:12+0200\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language: de\n"
 "Language-Team: de <LL@li.org>\n"
@@ -17,9 +17,42 @@ msgstr ""
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=utf-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"Generated-By: Babel 2.8.0\n"
+"Generated-By: Babel 2.9.0\n"
 
-#: invenio_config_tugraz/config.py:80
+#: invenio_config_tugraz/config.py:87
-msgid "Welcome to RDM!"
+msgid "Welcome to TU Graz Repository!"
+msgstr "Willkommen im TU Graz Repository!"
+
+#: invenio_config_tugraz/templates/security/email/welcome.txt:1
+#, python-format
+msgid "Dear %(email)s!"
+msgstr "Lieber %(email)s!"
+
+#: invenio_config_tugraz/templates/security/email/welcome.txt:3
+msgid "To help you get started, here are some useful links:"
+msgstr "Um Ihnen den Einstieg zu erleichtern, finden Sie hier einige nützliche Links:"
+
+#: invenio_config_tugraz/templates/security/email/welcome.txt:5
+msgid "Repository"
+msgstr ""
+
+#: invenio_config_tugraz/templates/security/email/welcome.txt:8
+msgid "Repository Guide"
+msgstr "Handbuch"
+
+#: invenio_config_tugraz/templates/security/email/welcome.txt:11
+msgid "Terms And Conditions"
+msgstr "Nutzungsbedingungen"
+
+#: invenio_config_tugraz/templates/security/email/welcome.txt:16
+msgid "You can confirm your email through the link below:"
+msgstr "Sie können Ihre E-Mail über den folgenden Link bestätigen:"
+
+#: invenio_config_tugraz/templates/security/email/welcome.txt:20
+msgid "Best regards"
+msgstr "Liebe grüße"
+
+#: invenio_config_tugraz/templates/security/email/welcome.txt:21
+msgid "TU Graz Repository Team"
 msgstr ""
 

invenio_config_tugraz/translations/messages.pot

@@ -1,24 +1,57 @@
 # Translations template for invenio-config-tugraz.
-# Copyright (C) 2020 Mojib Wali
+# Copyright (C) 2021 Mojib Wali
 # This file is distributed under the same license as the
 # invenio-config-tugraz project.
-# FIRST AUTHOR <EMAIL@ADDRESS>, 2020.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2021.
 #
 #, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: invenio-config-tugraz 0.1.5\n"
+"Project-Id-Version: invenio-config-tugraz 0.5.4\n"
 "Report-Msgid-Bugs-To: mojib.wali@tugraz.at\n"
-"POT-Creation-Date: 2020-10-06 09:28+0200\n"
+"POT-Creation-Date: 2021-04-22 09:24+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=utf-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"Generated-By: Babel 2.8.0\n"
+"Generated-By: Babel 2.9.0\n"
 
-#: invenio_config_tugraz/config.py:80
+#: invenio_config_tugraz/config.py:87
-msgid "Welcome to RDM!"
+msgid "Welcome to TU Graz Repository!"
+msgstr ""
+
+#: invenio_config_tugraz/templates/security/email/welcome.txt:1
+#, python-format
+msgid "Dear %(email)s!"
+msgstr ""
+
+#: invenio_config_tugraz/templates/security/email/welcome.txt:3
+msgid "To help you get started, here are some useful links:"
+msgstr ""
+
+#: invenio_config_tugraz/templates/security/email/welcome.txt:5
+msgid "Repository"
+msgstr ""
+
+#: invenio_config_tugraz/templates/security/email/welcome.txt:8
+msgid "Repository Guide"
+msgstr ""
+
+#: invenio_config_tugraz/templates/security/email/welcome.txt:11
+msgid "Terms And Conditions"
+msgstr ""
+
+#: invenio_config_tugraz/templates/security/email/welcome.txt:16
+msgid "You can confirm your email through the link below:"
+msgstr ""
+
+#: invenio_config_tugraz/templates/security/email/welcome.txt:20
+msgid "Best regards"
+msgstr ""
+
+#: invenio_config_tugraz/templates/security/email/welcome.txt:21
+msgid "TU Graz Repository Team"
 msgstr ""
 

invenio_config_tugraz/version.py

@@ -12,4 +12,4 @@ This file is imported by ``invenio_config_tugraz.__init__``,
 and parsed by ``setup.py``.
 """
 
-__version__ = "0.3.0"
+__version__ = "0.5.5"

invenio_config_tugraz/views.py

@@ -0,0 +1,44 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright (C) 2020-2021 Graz University of Technology.
+#
+# invenio-config-tugraz is free software; you can redistribute it and/or
+# modify it under the terms of the MIT License; see LICENSE file for more
+# details.
+
+"""invenio module for TUGRAZ config."""
+
+from os import environ
+from typing import Dict
+
+from elasticsearch_dsl.utils import AttrDict
+from flask import Blueprint, current_app
+
+
+def ui_blueprint(app):
+    """Blueprint for the routes and resources provided by invenio-config-tugraz."""
+    blueprint = Blueprint(
+        "invenio_config_tugraz",
+        __name__,
+        template_folder="templates",
+    )
+
+    @blueprint.before_app_first_request
+    def rank_higher():
+        """Rank this modules blueprint higher than blueprint of security module."""
+        blueprints = current_app._blueprint_order
+        our_index = None
+        security_index = None
+
+        for index, bp in enumerate(blueprints):
+            if bp.name == "security":
+                security_index = index
+            if bp.name == "invenio_config_tugraz":
+                our_index = index
+
+        if (security_index is not None) and (our_index > security_index):
+            temp = blueprints[security_index]
+            blueprints[security_index] = blueprints[our_index]
+            blueprints[our_index] = temp
+
+    return blueprint

run-tests.sh

@@ -1,16 +1,33 @@
-#!/usr/bin/env sh
+#!/usr/bin/env bash
 # -*- coding: utf-8 -*-
 #
-# Copyright (C) 2020 Mojib Wali.
+# Copyright (C) 2019-2020 CERN.
+# Copyright (C) 2019-2020 Northwestern University.
+# Copyright (C) 2020 Graz University of Technology.
 #
 # invenio-config-tugraz is free software; you can redistribute it and/or
 # modify it under the terms of the MIT License; see LICENSE file for more
 # details.
 
+
+# Quit on errors
+set -o errexit
+
+# Quit on unbound symbols
+set -o nounset
+
+# Always bring down docker services
+
+function cleanup() {
+    eval "$(docker-services-cli down --env)"
+}
+trap cleanup EXIT
+
+
 python -m check_manifest --ignore ".*-requirements.txt"
 python -m sphinx.cmd.build -qnNW docs docs/_build/html
-docker-services-cli --verbose up es postgresql redis
+eval "$(docker-services-cli up --db ${DB:-postgresql} --search ${SEARCH:-elasticsearch} --cache ${CACHE:-redis} --env)"
 python -m pytest
 tests_exit_code=$?
-docker-services-cli down
+python -m sphinx.cmd.build -qnNW -b doctest docs docs/_build/doctest
 exit "$tests_exit_code"

setup.py

@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
 #
-# Copyright (C) 2020 Mojib Wali.
+# Copyright (C) 2020-2021 Graz University of Technology.
 #
 # invenio-config-tugraz is free software; you can redistribute it and/or
 # modify it under the terms of the MIT License; see LICENSE file for more
@@ -17,20 +17,33 @@ history = open("CHANGES.rst").read()
 
 tests_require = [
     "pytest-invenio>=1.4.0",
-    "SQLAlchemy-Utils>=0.33.1,<0.36",
+    "invenio-app>=1.3.0,<2.0.0",
-    "invenio-rdm-records~=0.20.8",
-    "invenio-search[elasticsearch7]>=1.4.0",
 ]
 
+# Should follow invenio-app-rdm
+invenio_search_version = ">=1.4.0,<1.5.0"
+invenio_db_version = ">=1.0.9,<1.1.0"
+
 extras_require = {
+    "elasticsearch7": [f"invenio-search[elasticsearch7]{invenio_search_version}"],
+    "mysql": [f"invenio-db[mysql,versioning]{invenio_db_version}"],
+    "postgresql": [f"invenio-db[postgresql,versioning]{invenio_db_version}"],
+    "sqlite": [f"invenio-db[versioning]{invenio_db_version}"],
     "docs": [
-        "Sphinx>=1.5.1",
+        "Sphinx>=3",
     ],
     "tests": tests_require,
 }
 
 extras_require["all"] = []
-for reqs in extras_require.values():
+for name, reqs in extras_require.items():
+    if name[0] == ":" or name in (
+        "elasticsearch7",
+        "mysql",
+        "postgresql",
+        "sqlite",
+    ):
+        continue
     extras_require["all"].extend(reqs)
 
 setup_requires = [
@@ -40,8 +53,8 @@ setup_requires = [
 
 install_requires = [
     "Flask-BabelEx>=0.9.4",
-    "elasticsearch_dsl>=7.2.1",
+    # keep this in sync with invenioRDM release
-    "sqlalchemy-continuum>=1.3.11",
+    "invenio_rdm_records>=0.28.0,<0.29.0",
 ]
 
 packages = find_packages()
@@ -71,6 +84,9 @@ setup(
         "invenio_base.apps": [
             "invenio_config_tugraz = invenio_config_tugraz:InvenioConfigTugraz",
         ],
+        "invenio_base.blueprints": [
+            "invenio_config_tugraz = invenio_config_tugraz.views:ui_blueprint",
+        ],
         "invenio_i18n.translations": [
             "messages = invenio_config_tugraz",
         ],

tests/conftest.py

@@ -20,6 +20,7 @@ import pytest
 from flask import Flask
 from flask_babelex import Babel
 from invenio_db import InvenioDB, db
+from sqlalchemy_utils.functions import create_database, database_exists, drop_database
 
 from invenio_config_tugraz import InvenioConfigTugraz
 
@@ -70,3 +71,93 @@ def create_app(request):
     app.test_request_context().push()
 
     return app
+
+
+@pytest.fixture(scope='function')
+def open_record():
+    """Open record data as dict coming from the external world."""
+    return {
+        "access": {
+            "metadata": False,
+            "files": False,
+            "owned_by": [1],
+            "access_right": "open"
+        },
+        "metadata": {
+            "publication_date": "2020-06-01",
+            "resource_type": {
+                "type": "image",
+                "subtype": "image-photo"
+            },
+            # Technically not required
+            "creators": [{
+                "name": "Troy Brown",
+                "type": "personal"
+            }, {
+                "name": "Phillip Lester",
+                "type": "personal",
+                "identifiers": {"orcid": "0000-0002-1825-0097"},
+                "affiliations": [{
+                    "name": "Carter-Morris",
+                    "identifiers": {"ror": "03yrm5c26"}
+                }]
+            }, {
+                "name": "Steven Williamson",
+                "type": "personal",
+                "identifiers": {"orcid": "0000-0002-1825-0097"},
+                "affiliations": [{
+                    "name": "Ritter and Sons",
+                    "identifiers": {"ror": "03yrm5c26"}
+                }, {
+                    "name": "Montgomery, Bush and Madden",
+                    "identifiers": {"ror": "03yrm5c26"}
+                }]
+            }],
+            "title": "A Romans story"
+        }
+    }
+
+
+@pytest.fixture(scope='function')
+def singleip_record():
+    """Single Ip record data as dict coming from the external world."""
+    return {
+        "access": {
+            "metadata": False,
+            "files": False,
+            "owned_by": [1],
+            "access_right": "singleip"
+        },
+        "metadata": {
+            "publication_date": "2020-06-01",
+            "resource_type": {
+                "type": "image",
+                "subtype": "image-photo"
+            },
+            # Technically not required
+            "creators": [{
+                "name": "Troy Brown",
+                "type": "personal"
+            }, {
+                "name": "Phillip Lester",
+                "type": "personal",
+                "identifiers": {"orcid": "0000-0002-1825-0097"},
+                "affiliations": [{
+                    "name": "Carter-Morris",
+                    "identifiers": {"ror": "03yrm5c26"}
+                }]
+            }, {
+                "name": "Steven Williamson",
+                "type": "personal",
+                "identifiers": {"orcid": "0000-0002-1825-0097"},
+                "affiliations": [{
+                    "name": "Ritter and Sons",
+                    "identifiers": {"ror": "03yrm5c26"}
+                }, {
+                    "name": "Montgomery, Bush and Madden",
+                    "identifiers": {"ror": "03yrm5c26"}
+                }]
+            }],
+            "title": "A Romans story"
+        }
+    }

tests/test_generators.py

@@ -8,13 +8,22 @@
 
 """Test Generators."""
 
+from invenio_access.permissions import any_user
+
 from invenio_config_tugraz.generators import RecordIp
 
 
-def test_recordip():
+def test_recordip(create_app, open_record, singleip_record):
     """Test Generator RecordIp."""
     generator = RecordIp()
+    open_record = open_record
+    singleiprec = singleip_record
 
-    assert generator.needs() == []
+    assert generator.needs(record=None) == []
-    assert generator.excludes() == []
+    assert generator.needs(record=open_record) == [any_user]
-    assert generator.query_filter().to_dict() == {"match_all": {}}
+    assert generator.needs(record=singleiprec) == []
+
+    assert generator.excludes(record=open_record) == []
+    assert generator.excludes(record=open_record) == []
+
+    assert generator.query_filter().to_dict() == {'bool': {'must_not': [{'match': {'access.access_right': 'singleip'}}]}}