Remove IP auth

dapplion · dapplion · commit e575edd5e3ed · 2021-01-21T15:44:09.000+01:00
diff --git a/build/src/src/api/routes.ts b/build/src/src/api/routes.ts
@@ -49,12 +49,6 @@ export interface Routes {
    */
   resetDevice: (kwargs: { id: string }) => Promise<void>;
 
-  /**
-   * Gives/removes admin rights to the provided device id.
-   * @param id Device id name
-   */
-  toggleAdmin: (kwargs: { id: string }) => Promise<void>;
-
   /**
    * Returns a list of the existing devices, with the admin property
    */
@@ -69,7 +63,6 @@ export const routesData: { [P in keyof Routes]: {} } = {
   getStatus: {},
   removeDevice: {},
   resetDevice: {},
-  toggleAdmin: {},
   listDevices: {}
 };
 
diff --git a/build/src/src/calls/getMasterAdminCred.ts b/build/src/src/calls/getMasterAdminCred.ts
@@ -1,5 +1,4 @@
 import { addDevice } from "./addDevice";
-import { toggleAdmin } from "./toggleAdmin";
 import { MAIN_ADMIN_NAME } from "../params";
 import { logs } from "../logs";
 import { getDeviceCredentials } from "./getDeviceCredentials";
@@ -19,7 +18,6 @@ export async function getMasterAdminCred(): Promise<VpnDeviceCredentials> {
       logs.info(`User ${MAIN_ADMIN_NAME} already exists`);
     } else {
       await addDevice({ id: MAIN_ADMIN_NAME });
-      await toggleAdmin({ id: MAIN_ADMIN_NAME });
     }
   } catch (e) {
     if (!e.message.includes("exist"))
diff --git a/build/src/src/calls/index.ts b/build/src/src/calls/index.ts
@@ -7,4 +7,3 @@ export * from "./getVersionData";
 export * from "./listDevices";
 export * from "./removeDevice";
 export * from "./resetDevice";
-export * from "./toggleAdmin";
diff --git a/build/src/src/calls/listDevices.ts b/build/src/src/calls/listDevices.ts
@@ -1,23 +1,13 @@
-import { getUserList, getCCD } from "../openvpn";
-import { VpnDevice, OpenVpnCCDItem } from "../types";
+import { getUserList } from "../openvpn";
+import { VpnDevice } from "../types";
 
 /**
  * Returns a list of the existing devices, with the admin property
  */
 export async function listDevices(): Promise<VpnDevice[]> {
   const userList = await getUserList();
-  const ccd = getCCD();
-
-  const ccdById = ccd.reduce(
-    (byId, device) => {
-      return { ...byId, [device.cn]: device };
-    },
-    {} as { [id: string]: OpenVpnCCDItem }
-  );
 
   return userList.map(user => ({
-    id: user,
-    admin: Boolean(ccdById[user]),
-    ip: (ccdById[user] || {}).ip || ""
+    id: user
   }));
 }
diff --git a/build/src/src/calls/removeDevice.ts b/build/src/src/calls/removeDevice.ts
@@ -1,4 +1,4 @@
-import { getUserList, getCCD, removeClient } from "../openvpn";
+import { getUserList, removeClient } from "../openvpn";
 import { MAIN_ADMIN_NAME } from "../params";
 
 /**
@@ -7,10 +7,6 @@ import { MAIN_ADMIN_NAME } from "../params";
  */
 export async function removeDevice({ id }: { id: string }): Promise<void> {
   const deviceArray = await getUserList();
-  const ccdArray = getCCD();
-
-  if (ccdArray.find(c => c.cn === id))
-    throw Error("You cannot remove an admin user");
 
   if (id === MAIN_ADMIN_NAME) {
     throw Error("Cannot remove the main admin user");
diff --git a/build/src/src/calls/toggleAdmin.ts b/build/src/src/calls/toggleAdmin.ts
diff --git a/build/src/src/openvpn/admin.ts b/build/src/src/openvpn/admin.ts
diff --git a/build/src/src/openvpn/getCCD.ts b/build/src/src/openvpn/getCCD.ts
diff --git a/build/src/src/openvpn/index.ts b/build/src/src/openvpn/index.ts
@@ -1,6 +1,4 @@
-export * from "./admin";
 export * from "./buildClient";
-export * from "./getCCD";
 export * from "./getClient";
 export * from "./getUserList";
 export * from "./openvpnBinary";
diff --git a/build/src/src/params.ts b/build/src/src/params.ts
@@ -6,7 +6,6 @@ export const dappmanagerApiUrlGlobalEnvs = `${dappmanagerApiUrl}/global-envs`;
 
 // OpenVPN parameters
 export const USER_LIMIT = 500;
-export const CCD_MASK = "255.255.252.0";
 export const MAIN_ADMIN_NAME = "dappnode_admin";
 export const MASTER_ADMIN_IP = "172.33.10.1";
 export const ADMIN_IP_RANGE = ["172.33.10.2", "172.33.11.250"];
@@ -17,7 +16,6 @@ export const OPENVPN = "/etc/openvpn";
 export const OPENVPN_CCD_DIR = path.join(OPENVPN, "ccd");
 export const PKI_PATH = path.join(OPENVPN, "/pki/reqs");
 export const PROXY_ARP_PATH = "/proc/sys/net/ipv4/conf/eth0/proxy_arp";
-export const CCD_PATH = "/etc/openvpn/ccd";
 export const OPENVPN_CRED_DIR = "/usr/www/openvpn/cred";
 
 // API params
diff --git a/build/src/src/types.ts b/build/src/src/types.ts
@@ -38,15 +38,8 @@ export interface VersionData {
 
 export interface VpnDevice {
   id: string;
-  admin: boolean;
-  ip: string;
 }
 
 export interface VpnDeviceCredentials {
   url: string;
 }
-
-export interface OpenVpnCCDItem {
-  cn: string;
-  ip: string;
-}
diff --git a/build/src/src/vpncli.ts b/build/src/src/vpncli.ts
@@ -90,15 +90,6 @@ yargs
       console.log(chalk.green(`Removed device ${id}`));
     }
   })
-  .command({
-    command: "toggle <id>",
-    describe: "Give/remove admin rights to device.",
-    builder: idArg,
-    handler: async ({ id }) => {
-      await api.toggleAdmin({ id });
-      console.log(chalk.green(`Toggled admin status of ${id}`));
-    }
-  })
   .command({
     command: "reset <id>",
     describe: "Reset device credentials.",
diff --git a/build/src/test/client.test.int.ts b/build/src/test/client.test.int.ts
@@ -2,14 +2,9 @@ import "mocha";
 import { expect } from "chai";
 import fs from "fs";
 import { shell } from "../src/utils/shell";
-import {
-  addDevice,
-  removeDevice,
-  toggleAdmin,
-  listDevices
-} from "../src/calls";
+import { addDevice, removeDevice, listDevices } from "../src/calls";
 
-// This test need to be run in a special environment with access to 
+// This test need to be run in a special environment with access to
 // the OpenVPN binaries and other features available only in the production
 // container of the VPN.
 describe.skip("Integration test", () => {
@@ -66,59 +61,7 @@ describe.skip("Integration test", () => {
     });
   });
 
-  describe("Call function: toggleAdmin", () => {
-    it("should call toggleAdmin without crashing and return message", async () => {
-      const res = await toggleAdmin({ id: id0 });
-      expect(res).to.have.property(
-        "message",
-        `Given admin credentials to ${id0}`
-      );
-    });
-
-    it("should have changed the user to admin", async () => {
-      const devices = await listDevices();
-
-      const user = devices.find(d => d.id == id0);
-      if (!user) throw Error(`user ${id0} does not exist`);
-
-      const CcdFile = fs.existsSync(`/etc/openvpn/ccd/${user.id}`);
-      expect(CcdFile).to.be.ok;
-    });
-  });
-
-  describe("Cannot remove an admin user", () => {
-    it("should throw an error", async () => {
-      let error = "did not throw";
-      try {
-        await removeDevice({ id: id0 });
-      } catch (e) {
-        error = e.message;
-      }
-      expect(error).to.equal("You cannot remove an admin user");
-    });
-  });
-
-  describe("Undo admin", () => {
-    it("should call toggleAdmin without crashing and return success", async () => {
-      const res = await toggleAdmin({ id: id0 });
-      expect(res).to.have.property(
-        "message",
-        `Removed admin credentials from ${id0}`
-      );
-    });
-
-    it("should have changed the user to NON admin ", async () => {
-      const devices = await listDevices();
-
-      const user = devices.find(d => d.id == id0);
-      if (!user) throw Error(`user ${id0} does not exist`);
-
-      const CcdFile = fs.existsSync(`/etc/openvpn/ccd/${user.id}`);
-      expect(CcdFile).to.not.be.ok;
-    });
-  });
-
-  describe("Add a couple of admins", () => {
+  describe("Add a couple of users", () => {
     it("should called addDevice for first user", async () => {
       const res = await addDevice({ id: id1 });
       expect(res).to.have.property("message", `Added device: ${id1}`);
@@ -128,45 +71,6 @@ describe.skip("Integration test", () => {
       const res = await addDevice({ id: id2 });
       expect(res).to.have.property("message", `Added device: ${id2}`);
     });
-
-    it("should call toggleAdmin to the first user", async () => {
-      const res = await toggleAdmin({ id: id1 });
-      expect(res).to.have.property(
-        "message",
-        `Given admin credentials to ${id1}`
-      );
-    });
-
-    it("should call toggleAdmin to the second user", async () => {
-      const res = await toggleAdmin({ id: id2 });
-      expect(res).to.have.property(
-        "message",
-        `Given admin credentials to ${id2}`
-      );
-    });
-
-    it("should have changed the first user to admin", () => {
-      const CcdFile = fs.existsSync(`/etc/openvpn/ccd/${id1}`);
-      expect(CcdFile).to.be.ok;
-    });
-
-    it("should have changed the second user to admin", () => {
-      const CcdFile = fs.existsSync(`/etc/openvpn/ccd/${id2}`);
-      expect(CcdFile).to.be.ok;
-    });
-
-    it("should call toggleAdmin to the first user", async () => {
-      const res = await toggleAdmin({ id: id1 });
-      expect(res).to.have.property(
-        "message",
-        `Removed admin credentials from ${id1}`
-      );
-    });
-
-    it("should have changed the first user to non admin", () => {
-      const CcdFile = fs.existsSync(`/etc/openvpn/ccd/${id1}`);
-      expect(CcdFile).to.not.be.ok;
-    });
   });
 
   describe("Call function: removeDevice", () => {
