title
| title |
|---|
| FSFE Community Database |
FSFE Community Database
Build status
| Staging |
|
| Production |
|
The FSFE Community Database is a combined tool for donation management, administration of accounts for FSFE's services, and opt-in based distribution of information emails.
FSFE Community Database Backend
All relevant data for these purposes is stored in a PostgreSQL database on the one hand and FSFE's LDAP server on the other hand. Access to that data is encapsulated by the FSFE Community Database Backend, which provides both a set of commandline tools for manual administration tasks, and a protected RESTful(ish) network API to be used by other components.
The FSFE Community Database Backend essentially consists of three parts:
-
An Object-Relational Mapper (ORM) which turns database records into Python objects and adds all the methods necessary to perform the tasks the FSFE Community Database is built for. This layer is the core of the whole structure. It is built with SQLAlchemy and resides in
fsfe_cd_back/data. -
A resource server with a REST-like API to allow data access for the other components of fsfe-cd. All its access to the actual data goes through the ORM. The resource server is implemented with Flask and can be found in
fsfe_cd_back/server. -
A set of command line tools for manual administration tasks, most of which are only a thin wrapper around methods implemented in the ORM. They are collected in the
bindirectory.
FSFE Community Database Authentication Server
The FSFE Community Database Authentication Server is an OpenID Connect Provider running on https://id.fsfe.org which authenticates a user against the LDAP server and then issues an access token which provides access to the authenticated user's (and only the authenticated user's) data though fsfe-cd-back's API.
Currently, this is an incomplete implementation of the OpenID Connect standard, providing only those functions required by fsfe-cd-back and fsfe-cd-front.
Implementation is based on pyoidc with a thin Flask wrapper for the URL routing.
Authentication is possible with two distinct methods:
-
Authentication with username and password. Instead of the username, an email address can be given, in which case the corresponding username will be looked up via fsfe-cd-back. Username and password will be verified by a direct query to the LDAP server.
-
If only username or email address is given, but no password, then the user receives an email with a login token encapsulated in a link which will allow a one-time login. This method is not only helpful for resetting a forgotten password, it also allows users to log in who have not set a username.
FSFE Community Database Frontend
Finally, the FSFE Community Database Frontend is a web application through which the people stored in the database can manage their own data at https://my.fsfe.org. It sends users to fsfe-cd-auth to log in and then uses the user-bound access token returned from there to access the user's data through fsfe-cd-back.
fsfe-cd-front is a web application built with Flask. It provides a number of endpoints (called "views" in Flask) of the following categories:
-
Endpoints for interaction with the actual user: registering as a new user (
register.pyanddonate.py), paying online (payonline.py), logging in and out (login.py), and viewing as well as updating the personal settings (settings.py). -
Endpoints for handling predefined commands which can be executed by simply following a prepared link (
command.py). -
Endpoints for the automatic registration of incoming payments through PayPal or Stripe (
register_payment.py)