Merge pull request #648 from wireapp/release/20190228

Makefile

@@ -136,12 +136,12 @@ docker-services:
 	$(MAKE) -C services/nginz docker
 
 DOCKER_DEV_NETWORK := --net=host
-DOCKER_DEV_VOLUMES := -v `pwd`:/src/wire-server
+DOCKER_DEV_VOLUMES := -v `pwd`:/wire-server
 DOCKER_DEV_IMAGE   := quay.io/wire/alpine-builder:$(DOCKER_TAG)
 .PHONY: run-docker-builder
 run-docker-builder:
 	@echo "if this does not work, consider 'docker pull', 'docker tag', or 'make -C build-alpine builder'."
-	docker run -it $(DOCKER_DEV_NETWORK) $(DOCKER_DEV_VOLUMES) --rm $(DOCKER_DEV_IMAGE) /bin/bash
+	docker run --workdir /wire-server -it $(DOCKER_DEV_NETWORK) $(DOCKER_DEV_VOLUMES) --rm $(DOCKER_DEV_IMAGE) /bin/bash
 
 #################################
 ## dependencies

README.md

@@ -69,7 +69,7 @@ The following diagram gives a high-level outline of the (deployment) architectur
 of the components that make up a Wire Server as well as the main internal and
 external dependencies between components.
 
-![wire-arch](doc/arch/wire-arch-2.png)
+![wire-arch](docs/developer/architecture/wire-arch-2.png)
 
 Communication between internal components is currently not guarded by
 dedicated authentication or encryption and is assumed to be confined to a
@@ -88,7 +88,7 @@ This requires a range of dependencies that depend on your platform/OS, such as:
 - Haskell & Rust compiler and package managers
 - Some package dependencies (libsodium, openssl, protobuf, icu, geoip, snappy, [cryptobox-c](https://github.com/wireapp/cryptobox-c), ...) that depend on your platform/OS
 
-See [doc/Dependencies.md](doc/Dependencies.md) for details.
+See [docs/developer/dependencies.md](docs/developer/dependencies.md) for details.
 
 Once all dependencies are set up, the following should succeed:
 

build/alpine/Dockerfile.builder

@@ -3,7 +3,7 @@
 ARG prebuilder=quay.io/wire/alpine-prebuilder
 
 FROM ${prebuilder}
-WORKDIR /src/wire-server
+WORKDIR /
 
 # Download stack indices and compile/cache dependencies to speed up subsequent
 # container creation.
@@ -16,23 +16,13 @@ WORKDIR /src/wire-server
 # to avoid a Haddock segfault. See https://github.com/haskell/haddock/issues/928
 
 RUN apk add --no-cache git ncurses && \
-    mkdir -p /src && cd /src && \
     git clone -b develop https://github.com/wireapp/wire-server.git && \
-    cd wire-server && \
+    cd /wire-server && \
     stack update && \
-    echo "allow-different-user: true"                                       >> /root/.stack/config.yaml && \
-    echo                                                                    >> /root/.stack/config.yaml && \
-    echo '# NB: do not touch following line!'                               >> /root/.stack/config.yaml && \
-    echo '# this image is used both for building docker images with the'    >> /root/.stack/config.yaml && \
-    echo '# integration tests (so they can be run on the ci) and for'       >> /root/.stack/config.yaml && \
-    echo '# interactive integration testing (with the working copy of the'  >> /root/.stack/config.yaml && \
-    echo '# host system mounted into the docker container).  in the latter' >> /root/.stack/config.yaml && \
-    echo '# use case, we want the docker container to write to its own'     >> /root/.stack/config.yaml && \
-    echo '# stack-work directory and not pollute the one on the host.'      >> /root/.stack/config.yaml && \
-    echo 'work-dir: .stack-docker'                                          >> /root/.stack/config.yaml && \
-    stack --work-dir .stack-docker-profile build --haddock --dependencies-only --profile haskell-src-exts && \
-    stack --work-dir .stack-docker         build --haddock --dependencies-only           haskell-src-exts && \
-    stack --work-dir .stack-docker-profile build --haddock --no-haddock-hyperlink-source --profile haskell-src-exts && \
-    stack --work-dir .stack-docker         build --haddock --no-haddock-hyperlink-source           haskell-src-exts && \
-    stack --work-dir .stack-docker-profile build --pedantic --haddock --test --no-run-tests --bench --no-run-benchmarks --dependencies-only --profile && \
-    stack --work-dir .stack-docker         build --pedantic --haddock --test --no-run-tests --bench --no-run-benchmarks --dependencies-only
+    echo "allow-different-user: true" >> /root/.stack/config.yaml && \
+    stack build --haddock --dependencies-only --profile haskell-src-exts && \
+    stack build --haddock --no-haddock-hyperlink-source --profile haskell-src-exts && \
+    stack build --pedantic --haddock --test --no-run-tests --bench --no-run-benchmarks --dependencies-only --profile && \
+    cd / && \
+    # we run the build only to cache the built source in /root/.stack, we can remove the source code itself
+    rm -rf /wire-server

build/alpine/Dockerfile.intermediate

@@ -12,16 +12,15 @@ ARG deps=quay.io/wire/alpine-deps
 #--- Builder stage ---
 FROM ${builder} as builder
 
-# ensure no stale files remain if they get deleted from the branch.
-RUN find /src/wire-server/ -maxdepth 1 -mindepth 1 | grep -v .stack- | xargs rm -rf
+WORKDIR /wire-server/
 
-COPY . /src/wire-server/
+COPY . /wire-server/
 
-RUN cd /src/wire-server && make clean install
+RUN make clean install
 
 #--- Minified stage ---
 FROM ${deps}
 
-COPY --from=builder /src/wire-server/dist/ /dist/
+COPY --from=builder /wire-server/dist/ /dist/
 # brig also needs some templates.
-COPY --from=builder /src/wire-server/services/brig/deb/opt/brig/templates/ /dist/templates/
+COPY --from=builder /wire-server/services/brig/deb/opt/brig/templates/ /dist/templates/

deploy/services-demo/conf/brig.demo-docker.yaml

@@ -95,6 +95,7 @@ optSettings:
   setUserCookieThrottle:
     stdDev: 3000      # 50 minutes
     retryAfter: 86400 # 1 day
+  setRichInfoLimit: 5000  # should be in sync with Spar
   setDefaultLocale: en
   setMaxTeamSize: 128
   setMaxConvSize: 128

deploy/services-demo/conf/brig.demo.yaml

@@ -95,6 +95,7 @@ optSettings:
   setUserCookieThrottle:
     stdDev: 3000      # 50 minutes
     retryAfter: 86400 # 1 day
+  setRichInfoLimit: 5000  # should be in sync with Spar
   setDefaultLocale: en
   setMaxTeamSize: 128
   setMaxConvSize: 128

deploy/services-demo/conf/gundeck.demo-docker.yaml

@@ -24,3 +24,6 @@ settings:
   httpPoolSize: 1024
   notificationTTL: 24192200
   bulkPush: false
+
+logLevel: Info
+logNetStrings: false

deploy/services-demo/conf/gundeck.demo.yaml

@@ -24,3 +24,6 @@ settings:
   httpPoolSize: 1024
   notificationTTL: 24192200
   bulkPush: false
+
+logLevel: Info
+logNetStrings: false

deploy/services-demo/conf/spar.demo-docker.yaml

@@ -32,5 +32,6 @@ maxttlAuthreq: 28800 # 8h
 maxttlAuthresp: 28800 # 8h
 
 maxScimTokens: 16
+richInfoLimit: 5000  # should be in sync with Brig
 
 logNetStrings: False # log using netstrings encoding (see http://cr.yp.to/proto/netstrings.txt)

deploy/services-demo/conf/spar.demo.yaml

@@ -32,5 +32,6 @@ maxttlAuthreq: 28800 # 8h
 maxttlAuthresp: 28800 # 8h
 
 maxScimTokens: 16
+richInfoLimit: 5000  # should be in sync with Brig
 
 logNetStrings: False # log using netstrings encoding (see http://cr.yp.to/proto/netstrings.txt)

deploy/services-demo/demo.sh

@@ -142,7 +142,7 @@ copy_nginz_configs
 if [ "$docker_deployment" = "false" ]; then
     run_haskell_service brig ${green}
     run_haskell_service galley ${yellow}
-    run_haskell_service gundeck ${blue} Info
+    run_haskell_service gundeck ${blue}
     run_haskell_service cannon ${orange}
     run_haskell_service cargohold ${purpleish} Info
     run_haskell_service proxy ${redish} Info

docs/reference/user/rich-info.md

@@ -0,0 +1,107 @@
+# Rich info {#RefRichInfo}
+
+_Author: Artyom Kazak_
+
+---
+
+This page describes a part of the user profile called "Rich info". The corresponding feature is called "Rich profiles".
+
+## Summary {#RefRichInfoSummary}
+
+For every team user we can store a list of key-value pairs that are displayed in the user profile. This is similar to "custom profile fields" in Slack and other enterprise messengers.
+
+Different users can have different sets of fields; there is no team-wide schema for fields. All field values are strings. Fields are passed as an ordered list, and the order information is preserved when displaying fields in client apps.
+
+Only team members and partners can see the user's rich info.
+
+## API {#RefRichInfoApi}
+
+### Querying rich info {#RefRichInfoGet}
+
+`GET /users/:user/rich-info`. Sample output:
+
+```json
+{
+    "version": 0,
+    "fields": [
+        {
+            "type": "Department",
+            "value": "Sales & Marketing"
+        },
+        {
+            "type": "Favorite color",
+            "value": "Blue"
+        }
+    ]
+}
+```
+
+If the requesting user is not allowed to see rich info, error code 403 is returned with the `"insufficient-permissions"` error label.
+
+Otherwise, if the rich info is missing, an empty field list is returned:
+
+```json
+{
+    "version": 0,
+    "fields": []
+}
+```
+
+### Setting rich info {#RefRichInfoPut}
+
+**Not implemented yet.** Currently the only way to set rich info is via SCIM.
+
+### Events {#RefRichInfoEvents}
+
+**Not implemented yet.**
+
+When user's rich info changes, the backend sends out an event to all team members:
+
+```json
+{
+    "type": "user.rich-info-update",
+    "user": {
+        "id": "<user ID>"
+    }
+}
+```
+
+Connected users who are not members of user's team will not receive an event (nor can they query user's rich info by other means).
+
+## SCIM support {#RefRichInfoScim}
+
+Rich info can be pushed to Wire by setting the `"richInfo"` field belonging to the `"urn:wire:scim:schemas:profile:1.0"` extension. Both `PUT /scim/v2/Users/:id` and `POST /scim/v2/Users/:id` can contain rich info. Here is an example for `PUT`:
+
+```javascript
+PUT /scim/v2/Users/:id
+
+{
+    ...,
+    "urn:wire:scim:schemas:profile:1.0": {
+        "richInfo": [
+            {
+                "type": "Department",
+                "value": "Sales & Marketing"
+            },
+            {
+                "type": "Favorite color",
+                "value": "Blue"
+            }
+        ]
+    }
+}
+```
+
+Rich info set via SCIM can be queried by doing a `GET /scim/v2/Users` or `GET /scim/v2/Users/:id` query.
+
+### SCIM provisioning agent support {#RefRichInfoScimAgents}
+
+* Okta: unable to push fields in the format we require (checked on 2019-02-21).
+
+* OneLogin: likely able to push fields.
+
+## Limitations {#RefRichInfoLimitations}
+
+* The whole of user-submitted information (field names and values) cannot exceed 5000 characters in length. There are no limitations on the number of fields, or the maximum of individual field names or values.
+
+* Field values can not be empty (`""`). If they are empty, the corresponding field will be removed.

libs/brig-types/package.yaml

@@ -1,4 +1,4 @@
-defaults: 
+defaults:
   local: ../../package-defaults.yaml
 name: brig-types
 version: '1.35.0'
@@ -46,8 +46,8 @@ library:
   - bytestring-conversion >=0.2
   - containers >=0.5
   - currency-codes >=2.0
-  - galley-types >=0.45.7
   - errors >=1.4
+  - galley-types >=0.45.7
   - hashable
   - iproute >=1.5
   - iso3166-country-codes >=0.2
@@ -79,6 +79,7 @@ tests:
     - bytestring
     - containers
     - currency-codes
+    - extra
     - galley-types
     - iproute
     - iso639

libs/brig-types/src/Brig/Types/Swagger.hs

@@ -29,6 +29,8 @@ brigModels =
     , asset
     , userHandleInfo
     , checkHandles
+    , richInfo
+    , richField
 
       -- User Connections / Invitations
     , connection
@@ -181,6 +183,22 @@ asset = defineModel "UserAsset" $ do
     property "size" assetSize $
         description "The asset size / format"
 
+richField :: Model
+richField = defineModel "RichField" $ do
+    description "RichInfo field"
+    property "type" string' $
+        description "Field name"
+    property "value" string' $
+        description "Field value"
+
+richInfo :: Model
+richInfo = defineModel "RichInfo" $ do
+    description "Rich info about the user"
+    property "fields" (array (ref richField)) $
+        description "List of fields"
+    property "version" int32' $
+        description "Format version (the current version is 0)"
+
 userName :: Model
 userName = defineModel "UserName" $ do
     description "User name"