mirror of
https://github.com/YunoHost-Apps/django-for-runners_ynh.git
synced 2024-09-03 18:26:16 +02:00
commit
a9508ef90e
18 changed files with 400 additions and 133 deletions
20
.editorconfig
Normal file
20
.editorconfig
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
# see http://editorconfig.org
|
||||||
|
root = true
|
||||||
|
|
||||||
|
[*]
|
||||||
|
indent_style = space
|
||||||
|
indent_size = 4
|
||||||
|
end_of_line = lf
|
||||||
|
charset = utf-8
|
||||||
|
trim_trailing_whitespace = true
|
||||||
|
insert_final_newline = true
|
||||||
|
|
||||||
|
[*.py]
|
||||||
|
line_length = 119
|
||||||
|
|
||||||
|
[{Makefile,**.mk}]
|
||||||
|
indent_style = tab
|
||||||
|
insert_final_newline = false
|
||||||
|
|
||||||
|
[*.yml]
|
||||||
|
indent_style = tab
|
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -1,6 +1,8 @@
|
||||||
.*
|
.*
|
||||||
!.github
|
!.github
|
||||||
|
!.editorconfig
|
||||||
!.gitignore
|
!.gitignore
|
||||||
__pycache__
|
__pycache__
|
||||||
secret.txt
|
secret.txt
|
||||||
/local_test/
|
/local_test/
|
||||||
|
/poetry.lock
|
||||||
|
|
36
Makefile
Normal file
36
Makefile
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
SHELL := /bin/bash
|
||||||
|
|
||||||
|
all: help
|
||||||
|
|
||||||
|
help:
|
||||||
|
@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z0-9 -]+:.*?## / {printf "\033[36m%-22s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)
|
||||||
|
|
||||||
|
check-poetry:
|
||||||
|
@if [[ "$(shell poetry --version 2>/dev/null)" == *"Poetry"* ]] ; \
|
||||||
|
then \
|
||||||
|
echo "Poetry found, ok." ; \
|
||||||
|
else \
|
||||||
|
echo 'Please install poetry first, with e.g.:' ; \
|
||||||
|
echo 'make install-poetry' ; \
|
||||||
|
exit 1 ; \
|
||||||
|
fi
|
||||||
|
|
||||||
|
install-poetry: ## install or update poetry
|
||||||
|
pip3 install -U poetry
|
||||||
|
|
||||||
|
install: check-poetry ## install project via poetry
|
||||||
|
poetry install
|
||||||
|
|
||||||
|
update: install-poetry ## update the sources and installation
|
||||||
|
poetry update
|
||||||
|
|
||||||
|
local-test: check-poetry ## Run local_test.py to run the project locally
|
||||||
|
poetry run ./local_test.py
|
||||||
|
|
||||||
|
local-diff-settings: ## Run "manage.py diffsettings" with local test
|
||||||
|
poetry run python3 local_test/opt_yunohost/manage.py diffsettings
|
||||||
|
|
||||||
|
|
||||||
|
##############################################################################
|
||||||
|
|
||||||
|
.PHONY: help check-poetry install-poetry install update local-test
|
33
README.md
33
README.md
|
@ -31,9 +31,16 @@ You can edit the file `$final_path/local_settings.py` to enable or disable featu
|
||||||
|
|
||||||
# Miscellaneous
|
# Miscellaneous
|
||||||
|
|
||||||
## LDAP connection
|
|
||||||
|
|
||||||
Supported by https://github.com/django-auth-ldap/django-auth-ldap
|
## SSO authentication
|
||||||
|
|
||||||
|
[SSOwat](https://github.com/YunoHost/SSOwat) is fully supported:
|
||||||
|
|
||||||
|
* First user (`$YNH_APP_ARG_ADMIN`) will be created as Django's super user
|
||||||
|
* All new users will be created as normal users
|
||||||
|
* Login via SSO is fully supported
|
||||||
|
* User Email, First / Last name will be updated from SSO data
|
||||||
|
|
||||||
|
|
||||||
## Links
|
## Links
|
||||||
|
|
||||||
|
@ -111,20 +118,20 @@ For quicker developing of Django-For-Runners in the context of YunoHost app,
|
||||||
it's possible to run the Django developer server with the settings
|
it's possible to run the Django developer server with the settings
|
||||||
and urls made for YunoHost installation.
|
and urls made for YunoHost installation.
|
||||||
|
|
||||||
For this, just run `local_test.py` in a Django-For-Runners virtualenv.
|
|
||||||
|
|
||||||
e.g.:
|
e.g.:
|
||||||
```bash
|
```bash
|
||||||
~$ git clone https://github.com/jedie/Django-For-Runners.git
|
|
||||||
~$ git clone https://github.com/YunoHost-Apps/django-for-runners_ynh.git
|
~$ git clone https://github.com/YunoHost-Apps/django-for-runners_ynh.git
|
||||||
~$ cd Django-For-Runners/
|
~$ cd django-for-runners_ynh/
|
||||||
~/Django-For-Runners$ make install
|
~/django-for-runners_ynh$ make
|
||||||
~/Django-For-Runners$ poetry shell
|
install-poetry install or update poetry
|
||||||
(django-for-runners-yd_5sxYx-py3.8) ~/Django-For-Runners$ cd ../django-for-runners_ynh/
|
install install project via poetry
|
||||||
(django-for-runners-yd_5sxYx-py3.8) ~/django-for-runners_ynh$ ./local_test.py
|
update update the sources and installation
|
||||||
...
|
local-test Run local_test.py to run the project locally
|
||||||
Django version 2.2.17, using settings 'ynh_django-for-runners_settings'
|
local-diff-settings Run "manage.py diffsettings" with local test
|
||||||
Starting development server at http://127.0.0.1:8000/
|
|
||||||
|
~/django-for-runners_ynh$ make install-poetry
|
||||||
|
~/django-for-runners_ynh$ make install
|
||||||
|
~/django-for-runners_ynh$ make local-test
|
||||||
```
|
```
|
||||||
|
|
||||||
Notes:
|
Notes:
|
||||||
|
|
|
@ -24,12 +24,15 @@ def main():
|
||||||
|
|
||||||
from django.contrib.auth import get_user_model
|
from django.contrib.auth import get_user_model
|
||||||
User = get_user_model()
|
User = get_user_model()
|
||||||
super_user = User.objects.filter(username=username).first()
|
user = User.objects.filter(username=username).first()
|
||||||
if super_user:
|
if user:
|
||||||
print('Update existing super user and set his password.', file=sys.stderr)
|
print('Update existing user and set his password.', file=sys.stderr)
|
||||||
super_user.set_password(password)
|
user.is_active = True
|
||||||
super_user.email=email
|
user.is_staff = True
|
||||||
super_user.save()
|
user.is_superuser = True
|
||||||
|
user.set_password(password)
|
||||||
|
user.email = email
|
||||||
|
user.save()
|
||||||
else:
|
else:
|
||||||
print('Create new super user', file=sys.stderr)
|
print('Create new super user', file=sys.stderr)
|
||||||
User.objects.create_superuser(
|
User.objects.create_superuser(
|
||||||
|
|
|
@ -12,7 +12,7 @@ location __PATH__/static/ {
|
||||||
# expires 30d;
|
# expires 30d;
|
||||||
#}
|
#}
|
||||||
|
|
||||||
location __PATH__/ {
|
location / {
|
||||||
# https://github.com/benoitc/gunicorn/blob/master/examples/nginx.conf
|
# https://github.com/benoitc/gunicorn/blob/master/examples/nginx.conf
|
||||||
|
|
||||||
# this is needed if you have file import via upload enabled
|
# this is needed if you have file import via upload enabled
|
||||||
|
@ -31,7 +31,4 @@ location __PATH__/ {
|
||||||
proxy_redirect off;
|
proxy_redirect off;
|
||||||
|
|
||||||
proxy_pass http://127.0.0.1:__PORT__/;
|
proxy_pass http://127.0.0.1:__PORT__/;
|
||||||
|
|
||||||
# Include SSOWAT user panel.
|
|
||||||
#include conf.d/yunohost_panel.conf.inc;
|
|
||||||
}
|
}
|
||||||
|
|
185
conf/ynh_authenticate.py
Normal file
185
conf/ynh_authenticate.py
Normal file
|
@ -0,0 +1,185 @@
|
||||||
|
"""
|
||||||
|
* remote user authentication backend
|
||||||
|
* remote user middleware
|
||||||
|
|
||||||
|
Note: SSOwat/nginx add authentication headers:
|
||||||
|
|
||||||
|
'HTTP_AUTHORIZATION': 'Basic XXXXXXXXXXXXXXXX='
|
||||||
|
'HTTP_AUTH_USER': 'username'
|
||||||
|
'HTTP_REMOTE_USER': 'username'
|
||||||
|
|
||||||
|
Basic auth contains "{username}:{plaintext-password}"
|
||||||
|
|
||||||
|
and we get SSOwat cookies like:
|
||||||
|
|
||||||
|
'HTTP_COOKIE': 'SSOwAuthUser=username; '
|
||||||
|
'SSOwAuthHash=593876aa66...99e69f88af1e; '
|
||||||
|
'SSOwAuthExpire=1609227697.998; '
|
||||||
|
|
||||||
|
* Login a user via HTTP_REMOTE_USER header, but check also username in:
|
||||||
|
* SSOwAuthUser
|
||||||
|
* HTTP_AUTH_USER
|
||||||
|
* HTTP_AUTHORIZATION (Basic auth)
|
||||||
|
* Create new users
|
||||||
|
* Update Email, First / Last name for existing users
|
||||||
|
"""
|
||||||
|
import base64
|
||||||
|
import logging
|
||||||
|
|
||||||
|
from axes.exceptions import AxesBackendPermissionDenied
|
||||||
|
from django.contrib.auth.backends import RemoteUserBackend as OriginRemoteUserBackend
|
||||||
|
from django.contrib.auth.middleware import RemoteUserMiddleware as OriginRemoteUserMiddleware
|
||||||
|
from django.core.exceptions import ValidationError
|
||||||
|
from inventory.permissions import get_or_create_normal_user_group
|
||||||
|
|
||||||
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
|
def update_user_profile(request):
|
||||||
|
"""
|
||||||
|
Update existing user information:
|
||||||
|
* Email
|
||||||
|
* First / Last name
|
||||||
|
"""
|
||||||
|
user = request.user
|
||||||
|
assert user.is_authenticated
|
||||||
|
|
||||||
|
update_fields = []
|
||||||
|
|
||||||
|
if not user.password:
|
||||||
|
# Empty password is not valid, so we can't save the model, because of full_clean() call
|
||||||
|
logger.info('Set unusable password for user: %s', user)
|
||||||
|
user.set_unusable_password()
|
||||||
|
update_fields.append('password')
|
||||||
|
|
||||||
|
email = request.META.get('HTTP_EMAIL')
|
||||||
|
if email and user.email != email:
|
||||||
|
logger.info('Update email: %r -> %r', user.email, email)
|
||||||
|
user.email = email
|
||||||
|
update_fields.append('email')
|
||||||
|
|
||||||
|
raw_username = request.META.get('HTTP_NAME')
|
||||||
|
if raw_username:
|
||||||
|
if ' ' in raw_username:
|
||||||
|
first_name, last_name = raw_username.split(' ', 1)
|
||||||
|
else:
|
||||||
|
first_name = ''
|
||||||
|
last_name = raw_username
|
||||||
|
|
||||||
|
if user.first_name != first_name:
|
||||||
|
logger.info('Update first name: %r -> %r', user.first_name, first_name)
|
||||||
|
user.first_name = first_name
|
||||||
|
update_fields.append('first_name')
|
||||||
|
|
||||||
|
if user.last_name != last_name:
|
||||||
|
logger.info('Update last name: %r -> %r', user.last_name, last_name)
|
||||||
|
user.last_name = last_name
|
||||||
|
update_fields.append('last_name')
|
||||||
|
|
||||||
|
if update_fields:
|
||||||
|
try:
|
||||||
|
user.full_clean()
|
||||||
|
except ValidationError:
|
||||||
|
logger.exception('Can not update user: %s', user)
|
||||||
|
else:
|
||||||
|
user.save(update_fields=update_fields)
|
||||||
|
|
||||||
|
|
||||||
|
class RemoteUserMiddleware(OriginRemoteUserMiddleware):
|
||||||
|
"""
|
||||||
|
Middleware to login a user HTTP_REMOTE_USER header.
|
||||||
|
Use Django Axes if something is wrong.
|
||||||
|
Update exising user informations.
|
||||||
|
"""
|
||||||
|
header = 'HTTP_REMOTE_USER'
|
||||||
|
force_logout_if_no_header = True
|
||||||
|
|
||||||
|
def process_request(self, request):
|
||||||
|
# Keep the information if the user is already logged in
|
||||||
|
was_authenticated = request.user.is_authenticated
|
||||||
|
|
||||||
|
super().process_request(request) # login remote user
|
||||||
|
|
||||||
|
if not request.user.is_authenticated:
|
||||||
|
# Not logged in -> nothing to verify here
|
||||||
|
return
|
||||||
|
|
||||||
|
# Check SSOwat cookie informations:
|
||||||
|
try:
|
||||||
|
username = request.COOKIES['SSOwAuthUser']
|
||||||
|
except KeyError:
|
||||||
|
logger.error('SSOwAuthUser cookie missing!')
|
||||||
|
|
||||||
|
# emits a signal indicating user login failed, which is processed by
|
||||||
|
# axes.signals.log_user_login_failed which logs and flags the failed request.
|
||||||
|
raise AxesBackendPermissionDenied('Cookie missing')
|
||||||
|
|
||||||
|
logger.info('SSOwat username from cookies: %r', username)
|
||||||
|
if username != request.user.username:
|
||||||
|
raise AxesBackendPermissionDenied('Wrong username')
|
||||||
|
|
||||||
|
# Compare with HTTP_AUTH_USER
|
||||||
|
try:
|
||||||
|
username = request.META['HTTP_AUTH_USER']
|
||||||
|
except KeyError:
|
||||||
|
logger.error('HTTP_AUTH_USER missing!')
|
||||||
|
raise AxesBackendPermissionDenied('No HTTP_AUTH_USER')
|
||||||
|
|
||||||
|
if username != request.user.username:
|
||||||
|
raise AxesBackendPermissionDenied('Wrong HTTP_AUTH_USER username')
|
||||||
|
|
||||||
|
# Also check 'HTTP_AUTHORIZATION', but only the username ;)
|
||||||
|
try:
|
||||||
|
auth = request.META['HTTP_AUTHORIZATION']
|
||||||
|
except KeyError:
|
||||||
|
logger.error('HTTP_AUTHORIZATION missing!')
|
||||||
|
raise AxesBackendPermissionDenied('No HTTP_AUTHORIZATION')
|
||||||
|
|
||||||
|
scheme, creds = auth.split(' ', 1)
|
||||||
|
if scheme.lower() != 'basic':
|
||||||
|
logger.error('HTTP_AUTHORIZATION with %r not supported', scheme)
|
||||||
|
raise AxesBackendPermissionDenied('HTTP_AUTHORIZATION scheme not supported')
|
||||||
|
|
||||||
|
creds = str(base64.b64decode(creds), encoding='utf-8')
|
||||||
|
username = creds.split(':', 1)[0]
|
||||||
|
if username != request.user.username:
|
||||||
|
raise AxesBackendPermissionDenied('Wrong HTTP_AUTHORIZATION username')
|
||||||
|
|
||||||
|
if not was_authenticated:
|
||||||
|
# First request, after login -> update user informations
|
||||||
|
logger.info('Remote used was logged in')
|
||||||
|
update_user_profile(request)
|
||||||
|
|
||||||
|
|
||||||
|
class RemoteUserBackend(OriginRemoteUserBackend):
|
||||||
|
"""
|
||||||
|
Authentication backend via SSO/nginx header
|
||||||
|
"""
|
||||||
|
create_unknown_user = True
|
||||||
|
|
||||||
|
def authenticate(self, request, remote_user):
|
||||||
|
logger.info('Remote user authenticate: %r', remote_user)
|
||||||
|
return super().authenticate(request, remote_user)
|
||||||
|
|
||||||
|
def configure_user(self, request, user):
|
||||||
|
"""
|
||||||
|
Configure a user after creation and return the updated user.
|
||||||
|
Setup a normal, non-superuser
|
||||||
|
"""
|
||||||
|
logger.warning('Configure user %s', user)
|
||||||
|
|
||||||
|
user.set_unusable_password() # Always login via SSO
|
||||||
|
user.is_staff = True
|
||||||
|
user.is_superuser = False
|
||||||
|
user.save()
|
||||||
|
|
||||||
|
pyinventory_user_group = get_or_create_normal_user_group()[0]
|
||||||
|
user.groups.set([pyinventory_user_group])
|
||||||
|
|
||||||
|
update_user_profile(request)
|
||||||
|
|
||||||
|
return user
|
||||||
|
|
||||||
|
def user_can_authenticate(self, user):
|
||||||
|
logger.warning('Remote user login: %s', user)
|
||||||
|
return True
|
|
@ -11,8 +11,6 @@
|
||||||
|
|
||||||
from pathlib import Path as __Path
|
from pathlib import Path as __Path
|
||||||
|
|
||||||
import ldap
|
|
||||||
from django_auth_ldap.config import LDAPSearch
|
|
||||||
from for_runners_project.settings.base import * # noqa
|
from for_runners_project.settings.base import * # noqa
|
||||||
|
|
||||||
DEBUG = False
|
DEBUG = False
|
||||||
|
@ -36,44 +34,30 @@ PATH_URL = PATH_URL.strip('/')
|
||||||
ROOT_URLCONF = 'ynh_urls' # /opt/yunohost/django-for-runners/ynh_urls.py
|
ROOT_URLCONF = 'ynh_urls' # /opt/yunohost/django-for-runners/ynh_urls.py
|
||||||
|
|
||||||
# -----------------------------------------------------------------------------
|
# -----------------------------------------------------------------------------
|
||||||
# https://github.com/django-auth-ldap/django-auth-ldap
|
|
||||||
|
|
||||||
LDAP_SERVER_URI = 'ldap://localhost:389'
|
|
||||||
LDAP_START_TLS = True
|
|
||||||
|
|
||||||
# enable anonymous searches
|
|
||||||
# https://django-auth-ldap.readthedocs.io/en/latest/authentication.html?highlight=anonymous#search-bind
|
|
||||||
LDAP_BIND_DN = ''
|
|
||||||
LDAP_BIND_PASSWORD = ''
|
|
||||||
|
|
||||||
LDAP_ROOT_DN = 'ou=users,dc=yunohost,dc=org'
|
|
||||||
|
|
||||||
AUTH_LDAP_USER_SEARCH = LDAPSearch(LDAP_ROOT_DN, ldap.SCOPE_SUBTREE, '(uid=%(user)s)')
|
|
||||||
|
|
||||||
# Populate the Django user from the LDAP directory.
|
|
||||||
AUTH_LDAP_USER_ATTR_MAP = {
|
|
||||||
'username': 'uid',
|
|
||||||
'first_name': 'givenName',
|
|
||||||
'last_name': 'sn',
|
|
||||||
'email': 'mail',
|
|
||||||
}
|
|
||||||
|
|
||||||
AUTH_LDAP_ALWAYS_UPDATE_USER = True
|
|
||||||
|
|
||||||
# Don't use LDAP group membership to calculate group permissions
|
|
||||||
AUTH_LDAP_FIND_GROUP_PERMS = False
|
|
||||||
|
|
||||||
# TODO:
|
|
||||||
# AUTH_LDAP_GROUP_TYPE = 'normal user' # Same as: inventory.permissions.NORMAL_USER_GROUP_NAME
|
|
||||||
|
|
||||||
# Cache distinguished names and group memberships for an hour to minimize LDAP traffic
|
|
||||||
AUTH_LDAP_CACHE_TIMEOUT = 3600
|
|
||||||
|
|
||||||
# Keep ModelBackend around for per-user permissions and superuser
|
# Keep ModelBackend around for per-user permissions and superuser
|
||||||
AUTHENTICATION_BACKENDS = (
|
AUTHENTICATION_BACKENDS = (
|
||||||
'django_auth_ldap.backend.LDAPBackend',
|
'axes.backends.AxesBackend', # AxesBackend should be the first backend!
|
||||||
|
|
||||||
|
# Authenticate via SSO and nginx 'HTTP_REMOTE_USER' header:
|
||||||
|
'ynh_authenticate.RemoteUserBackend',
|
||||||
|
|
||||||
|
# Fallback to normal Django model backend:
|
||||||
'django.contrib.auth.backends.ModelBackend',
|
'django.contrib.auth.backends.ModelBackend',
|
||||||
)
|
)
|
||||||
|
LOGIN_REDIRECT_URL = None
|
||||||
|
LOGIN_URL = '/yunohost/sso/'
|
||||||
|
LOGOUT_REDIRECT_URL = '/yunohost/sso/'
|
||||||
|
# /yunohost/sso/?action=logout
|
||||||
|
|
||||||
|
# -----------------------------------------------------------------------------
|
||||||
|
# https://docs.djangoproject.com/en/2.2/howto/auth-remote-user/
|
||||||
|
# Add RemoteUserMiddleware after AuthenticationMiddleware
|
||||||
|
|
||||||
|
MIDDLEWARE.insert(
|
||||||
|
MIDDLEWARE.index('django.contrib.auth.middleware.AuthenticationMiddleware') + 1,
|
||||||
|
'ynh_authenticate.RemoteUserMiddleware',
|
||||||
|
)
|
||||||
|
|
||||||
# -----------------------------------------------------------------------------
|
# -----------------------------------------------------------------------------
|
||||||
|
|
||||||
|
@ -165,7 +149,7 @@ LOGGING = {
|
||||||
'class': 'django.utils.log.AdminEmailHandler',
|
'class': 'django.utils.log.AdminEmailHandler',
|
||||||
'include_html': True,
|
'include_html': True,
|
||||||
},
|
},
|
||||||
'syslog': {
|
'log_file': {
|
||||||
'level': 'DEBUG',
|
'level': 'DEBUG',
|
||||||
'class': 'logging.handlers.WatchedFileHandler',
|
'class': 'logging.handlers.WatchedFileHandler',
|
||||||
'formatter': 'verbose',
|
'formatter': 'verbose',
|
||||||
|
@ -173,18 +157,17 @@ LOGGING = {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
'loggers': {
|
'loggers': {
|
||||||
'': {'handlers': ['syslog', 'mail_admins'], 'level': 'INFO', 'propagate': False},
|
'': {'handlers': ['log_file', 'mail_admins'], 'level': 'INFO', 'propagate': False},
|
||||||
'django': {'handlers': ['syslog', 'mail_admins'], 'level': 'INFO', 'propagate': False},
|
'django': {'handlers': ['log_file', 'mail_admins'], 'level': 'INFO', 'propagate': False},
|
||||||
'axes': {'handlers': ['syslog', 'mail_admins'], 'level': 'WARNING', 'propagate': False},
|
'axes': {'handlers': ['log_file', 'mail_admins'], 'level': 'WARNING', 'propagate': False},
|
||||||
'django_tools': {'handlers': ['syslog', 'mail_admins'], 'level': 'INFO', 'propagate': False},
|
'django_tools': {'handlers': ['log_file', 'mail_admins'], 'level': 'INFO', 'propagate': False},
|
||||||
'django_auth_ldap': {'handlers': ['syslog', 'mail_admins'], 'level': 'DEBUG', 'propagate': False},
|
'for_runners': {'handlers': ['log_file', 'mail_admins'], 'level': 'INFO', 'propagate': False},
|
||||||
'inventory': {'handlers': ['syslog', 'mail_admins'], 'level': 'INFO', 'propagate': False},
|
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
# -----------------------------------------------------------------------------
|
# -----------------------------------------------------------------------------
|
||||||
|
|
||||||
try:
|
try:
|
||||||
from .local_settings import * # noqa
|
from local_settings import * # noqa
|
||||||
except ImportError:
|
except ImportError:
|
||||||
pass
|
pass
|
||||||
|
|
|
@ -1,21 +1,23 @@
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.contrib import admin
|
from django.contrib import admin
|
||||||
from django.urls import path
|
from django.urls import path
|
||||||
from django.views.generic import RedirectView
|
|
||||||
|
# def debug_view(request):
|
||||||
|
# """ debug request.META """
|
||||||
|
# if not request.user.is_authenticated:
|
||||||
|
# from django.shortcuts import redirect
|
||||||
|
# return redirect('admin:index')
|
||||||
|
#
|
||||||
|
# import pprint
|
||||||
|
# meta = pprint.pformat(request.META)
|
||||||
|
# html = f'<html><body>request.META: <pre>{meta}</pre></body></html>'
|
||||||
|
# from django.http import HttpResponse
|
||||||
|
# return HttpResponse(html)
|
||||||
|
|
||||||
|
|
||||||
# settings.PATH_URL is the $YNH_APP_ARG_PATH
|
|
||||||
if settings.PATH_URL:
|
|
||||||
admin.autodiscover()
|
admin.autodiscover()
|
||||||
|
|
||||||
urlpatterns = [
|
urlpatterns = [
|
||||||
# TODO:
|
# path(f'{settings.PATH_URL}/debug/', debug_view),
|
||||||
# XXX: Hack - the MEDIA_URL contains the "PATH_URL" already:
|
path(f'{settings.PATH_URL}/', admin.site.urls),
|
||||||
# path(settings.MEDIA_URL.lstrip('/'), include('django_tools.serve_media_app.urls')),
|
|
||||||
|
|
||||||
path(f'{settings.PATH_URL}/admin/', admin.site.urls),
|
|
||||||
path('', RedirectView.as_view(pattern_name='admin:index')),
|
|
||||||
]
|
]
|
||||||
else:
|
|
||||||
# Installed to domain root, without a path prefix?
|
|
||||||
from inventory_project.urls import urlpatterns # noqa
|
|
||||||
|
|
|
@ -130,6 +130,10 @@ def main():
|
||||||
# conf/ynh_urls.py -> local_test/ynh_urls.py
|
# conf/ynh_urls.py -> local_test/ynh_urls.py
|
||||||
copy_patch(src_file=URLS_FILE, replaces=REPLACES)
|
copy_patch(src_file=URLS_FILE, replaces=REPLACES)
|
||||||
|
|
||||||
|
with Path(FINAL_HOME_PATH / 'local_settings.py').open('w') as f:
|
||||||
|
f.write('# Only for local test run\n')
|
||||||
|
f.write('SERVE_FILES=True # used in src/for_runners_project/urls.py\n')
|
||||||
|
|
||||||
# call "local_test/manage.py" via subprocess:
|
# call "local_test/manage.py" via subprocess:
|
||||||
call_manage_py('check --deploy')
|
call_manage_py('check --deploy')
|
||||||
call_manage_py('migrate --no-input')
|
call_manage_py('migrate --no-input')
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
"description": {
|
"description": {
|
||||||
"en": "Store your GPX tracks of your running (or other sports activity)"
|
"en": "Store your GPX tracks of your running (or other sports activity)"
|
||||||
},
|
},
|
||||||
"version": "0.12.0rc2~ynh1",
|
"version": "0.12.0rc2~ynh2",
|
||||||
"url": "https://github.com/jedie/django-for-runners",
|
"url": "https://github.com/jedie/django-for-runners",
|
||||||
"license": "GPL-3.0",
|
"license": "GPL-3.0",
|
||||||
"maintainer": {
|
"maintainer": {
|
||||||
|
|
16
pyproject.toml
Normal file
16
pyproject.toml
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
[tool.poetry]
|
||||||
|
name = "django-for-runners_ynh"
|
||||||
|
version = "0.12.0rc2~ynh2"
|
||||||
|
description = "Test django-for-runners_ynh via local_test.py"
|
||||||
|
authors = ["JensDiemer <git@jensdiemer.de>"]
|
||||||
|
license = "GPL"
|
||||||
|
|
||||||
|
[tool.poetry.dependencies]
|
||||||
|
python = ">=3.7,<4.0.0"
|
||||||
|
django-for-runners = "*"
|
||||||
|
|
||||||
|
[tool.poetry.dev-dependencies]
|
||||||
|
|
||||||
|
[build-system]
|
||||||
|
requires = ["poetry-core>=1.0.0"]
|
||||||
|
build-backend = "poetry.core.masonry.api"
|
|
@ -6,6 +6,7 @@
|
||||||
|
|
||||||
domain=$YNH_APP_ARG_DOMAIN
|
domain=$YNH_APP_ARG_DOMAIN
|
||||||
path_url=$YNH_APP_ARG_PATH
|
path_url=$YNH_APP_ARG_PATH
|
||||||
|
|
||||||
admin=$YNH_APP_ARG_ADMIN
|
admin=$YNH_APP_ARG_ADMIN
|
||||||
is_public=$YNH_APP_ARG_IS_PUBLIC
|
is_public=$YNH_APP_ARG_IS_PUBLIC
|
||||||
app=$YNH_APP_INSTANCE_NAME
|
app=$YNH_APP_INSTANCE_NAME
|
||||||
|
@ -24,14 +25,14 @@ log_file="${log_path}/django-for-runners.log"
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
# dependencies used by the app
|
# dependencies used by the app
|
||||||
pkg_dependencies="build-essential python3-dev python3-pip python3-virtualenv git \
|
pkg_dependencies="build-essential python3-dev python3-pip python3-venv git \
|
||||||
postgresql postgresql-contrib python3-ldap libldap2-dev libsasl2-dev"
|
postgresql postgresql-contrib"
|
||||||
|
|
||||||
# Django-For-Runners's version for PIP and settings file
|
# Django-For-Runners's version for PIP and settings file
|
||||||
for_runners_version="0.12.0rc2"
|
for_runners_version="0.12.0rc2"
|
||||||
|
|
||||||
# Extra python packages:
|
# Extra python packages:
|
||||||
pypi_extras="django-redis django-auth-ldap"
|
pypi_extras="django-redis"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# Redis HELPERS
|
# Redis HELPERS
|
||||||
|
|
|
@ -18,10 +18,12 @@ ynh_print_info --message="Loading installation settings..."
|
||||||
|
|
||||||
app=$YNH_APP_INSTANCE_NAME
|
app=$YNH_APP_INSTANCE_NAME
|
||||||
|
|
||||||
|
public_path=$(ynh_app_setting_get --app="$app" --key=public_path)
|
||||||
final_path=$(ynh_app_setting_get --app="$app" --key=final_path)
|
final_path=$(ynh_app_setting_get --app="$app" --key=final_path)
|
||||||
domain=$(ynh_app_setting_get --app="$app" --key=domain)
|
|
||||||
db_name=$(ynh_app_setting_get --app="$app" --key=db_name)
|
db_name=$(ynh_app_setting_get --app="$app" --key=db_name)
|
||||||
|
|
||||||
|
domain=$(ynh_app_setting_get --app="$app" --key=domain)
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# DECLARE DATA AND CONF FILES TO BACKUP
|
# DECLARE DATA AND CONF FILES TO BACKUP
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -32,6 +34,7 @@ ynh_print_info --message="Declaring files to be backed up..."
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
ynh_backup --src_path="$final_path"
|
ynh_backup --src_path="$final_path"
|
||||||
|
ynh_backup --src_path="$public_path"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# BACKUP THE NGINX CONFIGURATION
|
# BACKUP THE NGINX CONFIGURATION
|
||||||
|
|
|
@ -24,8 +24,6 @@ new_path=$YNH_APP_NEW_PATH
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Loading installation settings..."
|
ynh_script_progression --message="Loading installation settings..."
|
||||||
|
|
||||||
domain=$(ynh_app_setting_get --app="$app" --key=domain)
|
|
||||||
path_url=$(ynh_app_setting_get --app="$app" --key=path)
|
|
||||||
admin=$(ynh_app_setting_get --app="$app" --key=admin)
|
admin=$(ynh_app_setting_get --app="$app" --key=admin)
|
||||||
is_public=$(ynh_app_setting_get --app="$app" --key=is_public)
|
is_public=$(ynh_app_setting_get --app="$app" --key=is_public)
|
||||||
public_path=$(ynh_app_setting_get --app="$app" --key=public_path)
|
public_path=$(ynh_app_setting_get --app="$app" --key=public_path)
|
||||||
|
@ -97,7 +95,7 @@ then
|
||||||
domain="$old_domain"
|
domain="$old_domain"
|
||||||
path_url="$new_path"
|
path_url="$new_path"
|
||||||
# Create a dedicated nginx config
|
# Create a dedicated nginx config
|
||||||
ynh_add_nginx_config
|
ynh_add_nginx_config "public_path" "port"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Change the domain for nginx
|
# Change the domain for nginx
|
||||||
|
@ -127,13 +125,15 @@ ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_fil
|
||||||
ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$settings"
|
ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$settings"
|
||||||
ynh_replace_string --match_string="__ADMIN__" --replace_string="$admin" --target_file="$settings"
|
ynh_replace_string --match_string="__ADMIN__" --replace_string="$admin" --target_file="$settings"
|
||||||
ynh_replace_string --match_string="__ADMINMAIL__" --replace_string="$admin_mail" --target_file="$settings"
|
ynh_replace_string --match_string="__ADMINMAIL__" --replace_string="$admin_mail" --target_file="$settings"
|
||||||
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$settings"
|
|
||||||
ynh_replace_string --match_string="__FINAL_HOME_PATH__" --replace_string="$final_path" --target_file="$settings"
|
ynh_replace_string --match_string="__FINAL_HOME_PATH__" --replace_string="$final_path" --target_file="$settings"
|
||||||
ynh_replace_string --match_string="__FINAL_WWW_PATH__" --replace_string="$public_path" --target_file="$settings"
|
ynh_replace_string --match_string="__FINAL_WWW_PATH__" --replace_string="$public_path" --target_file="$settings"
|
||||||
ynh_replace_string --match_string="__PATH_URL__" --replace_string="$path_url" --target_file="$settings"
|
|
||||||
ynh_replace_string --match_string="__LOG_FILE__" --replace_string="$log_file" --target_file="$settings"
|
ynh_replace_string --match_string="__LOG_FILE__" --replace_string="$log_file" --target_file="$settings"
|
||||||
ynh_replace_string --match_string="__REDIS_DB__" --replace_string="$redis_db" --target_file="$settings"
|
ynh_replace_string --match_string="__REDIS_DB__" --replace_string="$redis_db" --target_file="$settings"
|
||||||
|
|
||||||
|
# Difference to install/upgrade scripts: Use $new_domain and $new_path here:
|
||||||
|
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$new_domain" --target_file="$settings"
|
||||||
|
ynh_replace_string --match_string="__PATH_URL__" --replace_string="$new_path" --target_file="$settings"
|
||||||
|
|
||||||
# Recalculate and store the config file checksum into the app settings
|
# Recalculate and store the config file checksum into the app settings
|
||||||
ynh_store_file_checksum --file="$settings"
|
ynh_store_file_checksum --file="$settings"
|
||||||
|
|
||||||
|
|
|
@ -39,14 +39,15 @@ touch "${log_file}"
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Storing installation settings..."
|
ynh_script_progression --message="Storing installation settings..."
|
||||||
|
|
||||||
ynh_app_setting_set --app="$app" --key=domain --value="$domain"
|
|
||||||
ynh_app_setting_set --app="$app" --key=path --value="$path_url"
|
|
||||||
ynh_app_setting_set --app="$app" --key=admin --value="$admin"
|
ynh_app_setting_set --app="$app" --key=admin --value="$admin"
|
||||||
ynh_app_setting_set --app="$app" --key=is_public --value="$is_public"
|
ynh_app_setting_set --app="$app" --key=is_public --value="$is_public"
|
||||||
ynh_app_setting_set --app="$app" --key=public_path --value="$public_path"
|
ynh_app_setting_set --app="$app" --key=public_path --value="$public_path"
|
||||||
ynh_app_setting_set --app="$app" --key=final_path --value="$final_path"
|
ynh_app_setting_set --app="$app" --key=final_path --value="$final_path"
|
||||||
ynh_app_setting_set --app="$app" --key=log_path --value="$log_file"
|
ynh_app_setting_set --app="$app" --key=log_path --value="$log_file"
|
||||||
|
|
||||||
|
ynh_app_setting_set --app="$app" --key=domain --value="$domain"
|
||||||
|
ynh_app_setting_set --app="$app" --key=path --value="$path_url"
|
||||||
|
|
||||||
# Find a free port
|
# Find a free port
|
||||||
port=$(ynh_find_port --port=8000)
|
port=$(ynh_find_port --port=8000)
|
||||||
# Set port as application setting
|
# Set port as application setting
|
||||||
|
@ -143,13 +144,14 @@ ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_fil
|
||||||
ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$settings"
|
ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$settings"
|
||||||
ynh_replace_string --match_string="__ADMIN__" --replace_string="$admin" --target_file="$settings"
|
ynh_replace_string --match_string="__ADMIN__" --replace_string="$admin" --target_file="$settings"
|
||||||
ynh_replace_string --match_string="__ADMINMAIL__" --replace_string="$admin_mail" --target_file="$settings"
|
ynh_replace_string --match_string="__ADMINMAIL__" --replace_string="$admin_mail" --target_file="$settings"
|
||||||
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$settings"
|
|
||||||
ynh_replace_string --match_string="__FINAL_HOME_PATH__" --replace_string="$final_path" --target_file="$settings"
|
ynh_replace_string --match_string="__FINAL_HOME_PATH__" --replace_string="$final_path" --target_file="$settings"
|
||||||
ynh_replace_string --match_string="__FINAL_WWW_PATH__" --replace_string="$public_path" --target_file="$settings"
|
ynh_replace_string --match_string="__FINAL_WWW_PATH__" --replace_string="$public_path" --target_file="$settings"
|
||||||
ynh_replace_string --match_string="__PATH_URL__" --replace_string="$path_url" --target_file="$settings"
|
|
||||||
ynh_replace_string --match_string="__LOG_FILE__" --replace_string="$log_file" --target_file="$settings"
|
ynh_replace_string --match_string="__LOG_FILE__" --replace_string="$log_file" --target_file="$settings"
|
||||||
ynh_replace_string --match_string="__REDIS_DB__" --replace_string="$redis_db" --target_file="$settings"
|
ynh_replace_string --match_string="__REDIS_DB__" --replace_string="$redis_db" --target_file="$settings"
|
||||||
|
|
||||||
|
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$settings"
|
||||||
|
ynh_replace_string --match_string="__PATH_URL__" --replace_string="$path_url" --target_file="$settings"
|
||||||
|
|
||||||
# Calculate and store the config file checksum into the app settings
|
# Calculate and store the config file checksum into the app settings
|
||||||
ynh_store_file_checksum --file="$settings"
|
ynh_store_file_checksum --file="$settings"
|
||||||
|
|
||||||
|
@ -157,6 +159,7 @@ ynh_app_setting_set --app="$app" --key=redis_db --value="$redis_db"
|
||||||
|
|
||||||
touch "$final_path/local_settings.py"
|
touch "$final_path/local_settings.py"
|
||||||
|
|
||||||
|
cp "../conf/ynh_authenticate.py" "$final_path/ynh_authenticate.py"
|
||||||
cp "../conf/ynh_urls.py" "$final_path/ynh_urls.py"
|
cp "../conf/ynh_urls.py" "$final_path/ynh_urls.py"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
|
@ -20,14 +20,15 @@ ynh_abort_if_errors
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Loading settings..."
|
ynh_script_progression --message="Loading settings..."
|
||||||
|
|
||||||
domain=$(ynh_app_setting_get --app="$app" --key=domain)
|
|
||||||
path_url=$(ynh_app_setting_get --app="$app" --key=path)
|
|
||||||
public_path=$(ynh_app_setting_get --app="$app" --key=public_path)
|
public_path=$(ynh_app_setting_get --app="$app" --key=public_path)
|
||||||
final_path=$(ynh_app_setting_get --app="$app" --key=final_path)
|
final_path=$(ynh_app_setting_get --app="$app" --key=final_path)
|
||||||
db_name=$(ynh_app_setting_get --app="$app" --key=db_name)
|
db_name=$(ynh_app_setting_get --app="$app" --key=db_name)
|
||||||
db_user=$db_name
|
db_user=$db_name
|
||||||
db_pwd=$(ynh_app_setting_get --app="$app" --key=psqlpwd)
|
db_pwd=$(ynh_app_setting_get --app="$app" --key=psqlpwd)
|
||||||
|
|
||||||
|
domain=$(ynh_app_setting_get --app="$app" --key=domain)
|
||||||
|
path_url=$(ynh_app_setting_get --app="$app" --key=path)
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# CHECK IF THE APP CAN BE RESTORED
|
# CHECK IF THE APP CAN BE RESTORED
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -51,6 +52,7 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Restoring the app main directory..."
|
ynh_script_progression --message="Restoring the app main directory..."
|
||||||
|
|
||||||
|
ynh_restore_file --origin_path="$public_path"
|
||||||
ynh_restore_file --origin_path="$final_path"
|
ynh_restore_file --origin_path="$final_path"
|
||||||
|
|
||||||
touch "$final_path/local_settings.py"
|
touch "$final_path/local_settings.py"
|
||||||
|
|
|
@ -12,14 +12,15 @@ source /usr/share/yunohost/helpers
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Loading installation settings..."
|
ynh_script_progression --message="Loading installation settings..."
|
||||||
|
|
||||||
domain=$(ynh_app_setting_get --app="$app" --key=domain)
|
|
||||||
path_url=$(ynh_app_setting_get --app="$app" --key=path)
|
|
||||||
admin=$(ynh_app_setting_get --app="$app" --key=admin)
|
admin=$(ynh_app_setting_get --app="$app" --key=admin)
|
||||||
is_public=$(ynh_app_setting_get --app="$app" --key=is_public)
|
is_public=$(ynh_app_setting_get --app="$app" --key=is_public)
|
||||||
public_path=$(ynh_app_setting_get --app="$app" --key=public_path)
|
public_path=$(ynh_app_setting_get --app="$app" --key=public_path)
|
||||||
final_path=$(ynh_app_setting_get --app="$app" --key=final_path)
|
final_path=$(ynh_app_setting_get --app="$app" --key=final_path)
|
||||||
log_path=$(ynh_app_setting_get --app="$app" --key=log_path)
|
log_path=$(ynh_app_setting_get --app="$app" --key=log_path)
|
||||||
|
|
||||||
|
domain=$(ynh_app_setting_get --app="$app" --key=domain)
|
||||||
|
path_url=$(ynh_app_setting_get --app="$app" --key=path)
|
||||||
|
|
||||||
port=$(ynh_app_setting_get --app="$app" --key=port)
|
port=$(ynh_app_setting_get --app="$app" --key=port)
|
||||||
db_pwd=$(ynh_app_setting_get --app="$app" --key=psqlpwd)
|
db_pwd=$(ynh_app_setting_get --app="$app" --key=psqlpwd)
|
||||||
admin_mail=$(ynh_user_get_info "$admin" mail)
|
admin_mail=$(ynh_user_get_info "$admin" mail)
|
||||||
|
@ -135,18 +136,20 @@ ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_fil
|
||||||
ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$settings"
|
ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$settings"
|
||||||
ynh_replace_string --match_string="__ADMIN__" --replace_string="$admin" --target_file="$settings"
|
ynh_replace_string --match_string="__ADMIN__" --replace_string="$admin" --target_file="$settings"
|
||||||
ynh_replace_string --match_string="__ADMINMAIL__" --replace_string="$admin_mail" --target_file="$settings"
|
ynh_replace_string --match_string="__ADMINMAIL__" --replace_string="$admin_mail" --target_file="$settings"
|
||||||
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$settings"
|
|
||||||
ynh_replace_string --match_string="__FINAL_HOME_PATH__" --replace_string="$final_path" --target_file="$settings"
|
ynh_replace_string --match_string="__FINAL_HOME_PATH__" --replace_string="$final_path" --target_file="$settings"
|
||||||
ynh_replace_string --match_string="__FINAL_WWW_PATH__" --replace_string="$public_path" --target_file="$settings"
|
ynh_replace_string --match_string="__FINAL_WWW_PATH__" --replace_string="$public_path" --target_file="$settings"
|
||||||
ynh_replace_string --match_string="__PATH_URL__" --replace_string="$path_url" --target_file="$settings"
|
|
||||||
ynh_replace_string --match_string="__LOG_FILE__" --replace_string="$log_file" --target_file="$settings"
|
ynh_replace_string --match_string="__LOG_FILE__" --replace_string="$log_file" --target_file="$settings"
|
||||||
ynh_replace_string --match_string="__REDIS_DB__" --replace_string="$redis_db" --target_file="$settings"
|
ynh_replace_string --match_string="__REDIS_DB__" --replace_string="$redis_db" --target_file="$settings"
|
||||||
|
|
||||||
|
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$settings"
|
||||||
|
ynh_replace_string --match_string="__PATH_URL__" --replace_string="$path_url" --target_file="$settings"
|
||||||
|
|
||||||
# Recalculate and store the config file checksum into the app settings
|
# Recalculate and store the config file checksum into the app settings
|
||||||
ynh_store_file_checksum --file="$settings"
|
ynh_store_file_checksum --file="$settings"
|
||||||
|
|
||||||
touch "$final_path/local_settings.py"
|
touch "$final_path/local_settings.py"
|
||||||
|
|
||||||
|
cp "../conf/ynh_authenticate.py" "$final_path/ynh_authenticate.py"
|
||||||
cp "../conf/ynh_urls.py" "$final_path/ynh_urls.py"
|
cp "../conf/ynh_urls.py" "$final_path/ynh_urls.py"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
Loading…
Reference in a new issue