FSFE Community Database Backend
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Reinhard Mueller 94e61792d6 Improve some email templates 2 days ago
bin Update emails for activist registration 2 weeks ago
fsfe_cd_back Improve some email templates 2 days ago
test Fix purpose code in test 2 weeks ago
.dockerignore Change deployment to install as root and run as non-root 7 months ago
.drone.yml Add commands to confirm and delete registrations 2 weeks ago
.env Add commands to confirm and delete registrations 2 weeks ago
.gitignore Add code to create a small test database 6 months ago
.procmailrc Added procmailrc, not sure if it 1 year ago
Dockerfile Fix sending cront output as email 5 months ago
LICENSE Add and update license headers 6 months ago
MANIFEST.in Fix installation of templates 6 months ago
Makefile Create local test database for pytest 6 months ago
Pipfile Add python-ldap to dependencies 6 months ago
Pipfile.lock Add python-ldap to dependencies 6 months ago
README.md Update/fix documentation 2 weeks ago
aqbanking.conf Add aqbanking-cli for fsfe-bankpayments 6 months ago
crontab Remove a few now unused files 5 months ago
playbook.yml Add commands to confirm and delete registrations 2 weeks ago
revaliases Fix sending cront output as email 5 months ago
setup.cfg Restructure the code for clearness 6 months ago
setup.py Add and update license headers 6 months ago
ssmtp.conf Fix sending cront output as email 5 months ago

README.md

FSFE Community Database Backend

The backend for the FSFE Community Database, including a Python interface to the data, a resource server for the frontend, and some command line tools used for manual data maintenance

Resource server

There are three types of authentication for accessing the resources on the server:

  • Basic: Only requires a global username and password for the resource server; used for resources available even for users not logged in, like querying the list of available country selections, or creating a new registration.
  • SHA signature: Also requires an SHA-256 hash covering the whole command to be issued; used for commands which are prepared by the backend and executed by staff or volunteers of FSFE by clicking on a pre-crafted URL; typical usages include confirming a volunteerregistration, or confirming the cancellation of a supporter payment subscriptin on ConCardis.
  • OpenId: Requires the actual owner of the data to be logged in via https://id.fsfe.org/; used for querying or updating personal data or the supporter payment subscription on ConCardis.

Countries resource

Path MethodAuthenticationFunction
/api/countries/GET Basic List all countries (used for dropdown list in the frontend)

Persons resource

Path MethodAuthenticationFunction
/api/persons/ POST Basic Create a new person instance (register a new person)
/api/persons/<id> GET OpenId Get data about the person
/api/persons/<id> POST OpenId Update data about the person
/api/persons/<id>/change_subscriptionPOST OpenId Request to change the supporter payment subscription
/api/persons/<id>/end_subscription POST OpenId Request to end the supporter payment subscription
/api/persons/<id>/confirm POST SHA signature Confirm a (volunteer) registration
/api/persons/<id>/delete POST SHA signature Delete a spam registration

Userinfo resource

Path MethodAuthenticationFunction
/api/userinfo/<email>GET Basic Find out the record id for a given email address or username

Command line tools

Scripts to be called manually

fsfe-info Display info about a specific person
fsfe-edit Interactively edit data of a specific person
fsfe-listpayments List payments of a specific person
fsfe-listhistory List data modification history of a specific person
fsfe-bounced Switch to secondary email address
fsfe-rm Remove a person from the db
fsfe-confirm Manually confirm a volunteer registration
fsfe-expire Manually set the status of a supporter to "expired"
fsfe-reactivate Reactivate an LDAP account
fsfe-blacklist Deactivate an LDAP account and stop all communication
fsfe-bankpayments Automatically process the GLS bank account for the past week
fsfe-payment Manually register a payment
fsfe-delpayment Delete a payment
fsfe-subscribe Mark supporter as subscribed to PayPal or ConCardis
fsfe-unsubscribe Mark supporter as not subscribed to PayPal or ConCardis
fsfe-reminder Send an extra payment reminder to a given supporter
fsfe-reminders Send payment reminders to all supporters who should get one
fsfe-merge Merge two accounts
fsfe-resend-user-confirmedResend the email sent on confirmation in case it didn't get through
fsfe-list List all FSFE community members matching a given criterium
fsfe-sendmail Send an email to all confirmed users with flexible selection possibilities
fsfe-bounced-sendmail Resend an email to those users where the primary email address bounced
fsfe-mailmerge Generate a letter to all confirmed users with flexible selection possibilities
fsfe-receipt Generate a single donation receipt and email it to the donor
fsfe-receipts Generate receipts for all donors for a whole year
update-klaproth Helper script to copy everything necessary from a local checkout to klaproth

Scripts called by a cron job

fsfe-report-weekly Send an email with weekly supporter statistics
fsfe-report-reasons Send a weekly email with all reasons people gave to become a supporter in the last week
fsfe-report-monthly Send a monthly statistics email
fsfe-report-monthly-csvSend another monthly statistics email
fsfe-welcome-supportersGenerate supporter welcome letters

Scripts triggered by incoming automation emails

_procmail.sh Shell script run by procmail on klaproth
_fsfe-handlemailPython script run by procmail on klaproth

General helper scripts used by other scripts

_tex2ps.shGenerate a Postscript file from a LaTeX source
_ps2pdf.shConcatenate multiple Postscript files into a single PDF file

Secrets

The following secrets are managed in drone:

ssh_key SSH private key to log into lund.fsfeurope.org Matching public key must be registered at lund.fsfeurope.org:/root/.ssh/authorized_keys
cmd_passphrase Passphrase to verify URL-based commands (no requirement, can be randomly generated)
oidcp_password Password for basic authentication at https://id.fsfe.org Must match the secret with the same name for fsfe-cd-auth
jwt_secret Shared secret for signed JSON Web Tokens used for authentication Must match the secret with the same name for fsfe-cd-auth
postgres_password Password for the PostgreSQL database running on klaproth.fsfeurope.org Must match the password configured on the PostgreSQL server
ldap_password Password for the LDAP server running at ldap.fsfeurope.org Must match the password configured on the LDAP server
concardis_passphrase Passphrase to verify the ConCardis payment notifications Must match the SHA-OUT passphrase defined in the ConCardis backoffice portal
bank_customer Customer id to log into the banking interface with aqbanking-cli Must match the customer id assigned by the bank
bank_user User id to log into the banking interface with aqbanking-cli Must match the user id assigned by the bank