YunoHost-Apps/django_example_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/django_example_ynh.git synced 2024-09-03 18:26:21 +02:00
Code Issues Activity Actions 2

Merge pull request #2 from YunoHost-Apps/testing

Browse source 
master <- testing
This commit is contained in:
Jens Diemer 2020-12-28 20:16:19 +01:00 committed by GitHub
commit 28f2badcfc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
43 changed files with 721 additions and 394 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/pytest.yml vendored
View file

@ -30,7 +30,7 @@ jobs:
- name: 'Run tests with Python v${{ matrix.python-version }}'
run: |
poetry run pytest
make pytest
- name: 'Upload coverage report'
run: bash <(curl -s https://codecov.io/bash)

2
.gitignore vendored
View file

@ -3,8 +3,10 @@
!.editorconfig
!.flake8
!.gitignore
coverage.xml
__pycache__
secret.txt
/htmlcov/
/local_test/
/dist/
/poetry.lock

8
Makefile
View file

@ -41,14 +41,14 @@ tox-listenvs: check-poetry ## List all tox test environments
tox: check-poetry ## Run pytest via tox with all environments
poetry run tox
pytest: check-poetry ## Run pytest
poetry run pytest
pytest: install ## Run pytest
poetry run python3 ./run_pytest.py
publish: ## Release new version to PyPi
poetry run publish
local-test: check-poetry ## Run local_test.py to run the project locally
poetry run ./local_test.py
local-test: install ## Run local_test.py to run the project locally
poetry run python3 ./local_test.py
local-diff-settings: ## Run "manage.py diffsettings" with local test
poetry run python3 local_test/opt_yunohost/manage.py diffsettings

14
README.md
View file

@ -24,6 +24,16 @@ Glue code to package django projects as yunohost apps.
* User Email, First / Last name will be updated from SSO data
## history
* [compare v0.1.0...master](https://github.com/YunoHost-Apps/django_ynh/compare/v0.1.0...master) **dev**
* tbc
* [v0.1.0 - 28.12.2020](https://github.com/YunoHost-Apps/django_ynh/compare/f578f14...v0.1.0)
* first working state
* [23.12.2020](https://github.com/YunoHost-Apps/django_ynh/commit/f578f144a3a6d11d7044597c37d550d29c247773)
* init the project
## Links
* Report a bug about this package: https://github.com/YunoHost-Apps/django_ynh
@ -86,13 +96,13 @@ drwxr-xr-x 3 root root 3 Dec 8 08:36 ..
-rw-r--r-- 1 django_ynh django_ynh 171 Dec 8 08:39 secret.txt
drwxr-xr-x 6 django_ynh django_ynh 6 Dec 8 08:37 venv
-rw-r--r-- 1 django_ynh django_ynh 115 Dec 8 08:39 wsgi.py
-rw-r--r-- 1 django_ynh django_ynh 4737 Dec 8 08:39 django_ynh.settings.py
-rw-r--r-- 1 django_ynh django_ynh 4737 Dec 8 08:39 django_ynh_demo_settings.py
root@yunohost:~# cd /opt/yunohost/django_ynh/
root@yunohost:/opt/yunohost/django_ynh# source venv/bin/activate
(venv) root@yunohost:/opt/yunohost/django_ynh# ./manage.py check
django_ynh v0.8.2 (Django v2.2.17)
DJANGO_SETTINGS_MODULE='django_ynh.settings'
DJANGO_SETTINGS_MODULE='django_ynh_demo_settings'
PROJECT_PATH:/opt/yunohost/django_ynh/venv/lib/python3.7/site-packages
BASE_PATH:/opt/yunohost/django_ynh
System check identified no issues (0 silenced).

2
conf/django_ynh.service
View file

@ -1,5 +1,5 @@
[Unit]
Description=django_ynh application server
Description=django_ynh DEMO application server
After=redis.service postgresql.service
[Service]

72
conf/ynh_settings.py → conf/django_ynh_demo_settings.py
View file

@ -1,18 +1,24 @@
################################################################################
################################################################################
"""
**************************************************************************
Please do not modify this file, it will be reset at the next update.
You can edit the file __FINAL_HOME_PATH__/local_settings.py and add/modify
the settings you need.
# Please do not modify this file, it will be reset at the next update.
# You can edit the file __FINAL_HOME_PATH__/local_settings.py and add/modify the settings you need.
# The parameters you add in local_settings.py will overwrite these,
# but you can use the options and documentation in this file to find out what can be done.
################################################################################
################################################################################
The parameters you add in local_settings.py will overwrite these,
but you can use the options and documentation in this file to find out
what can be done.
**************************************************************************
Django Settings here depends on YunoHost app settings.
"""
from pathlib import Path as __Path
from django_ynh.base_settings import * # noqa
from django_ynh.secret_key import get_or_create_secret as __get_or_create_secret
DEBUG = True # This is only the DEMO app ;) But should never be on in production!
DEBUG = False
# -----------------------------------------------------------------------------
@ -28,35 +34,17 @@ assert LOG_FILE.is_file(), f'File not exists: {LOG_FILE}'
PATH_URL = '__PATH_URL__' # $YNH_APP_ARG_PATH
PATH_URL = PATH_URL.strip('/')
# -----------------------------------------------------------------------------
ROOT_URLCONF = 'django_ynh.urls' # /opt/yunohost/django_ynh/urls.py
# -----------------------------------------------------------------------------
# Keep ModelBackend around for per-user permissions and superuser
AUTHENTICATION_BACKENDS = (
'axes.backends.AxesBackend', # AxesBackend should be the first backend!
# Authenticate via SSO and nginx 'HTTP_REMOTE_USER' header:
'django_ynh.sso_auth.auth_backend.SSOwatUserBackend',
# Fallback to normal Django model backend:
'django.contrib.auth.backends.ModelBackend',
)
LOGIN_REDIRECT_URL = None
LOGIN_URL = '/yunohost/sso/'
LOGOUT_REDIRECT_URL = '/yunohost/sso/'
# /yunohost/sso/?action=logout
# -----------------------------------------------------------------------------
ADMINS = (
('__ADMIN__', '__ADMINMAIL__'),
)
ROOT_URLCONF = 'django_ynh_demo_urls'
YNH_SETUP_USER = 'setup_user.setup_demo_user'
SECRET_KEY = __get_or_create_secret(FINAL_HOME_PATH / 'secret.txt') # /opt/yunohost/$app/secret.txt
ADMINS = (('__ADMIN__', '__ADMINMAIL__'),)
MANAGERS = ADMINS
@ -92,6 +80,7 @@ DEFAULT_FROM_EMAIL = '__ADMINMAIL__'
# List of URLs your site is supposed to serve
ALLOWED_HOSTS = ['__DOMAIN__']
# _____________________________________________________________________________
# Configuration for caching
CACHES = {
@ -108,6 +97,7 @@ CACHES = {
},
}
# _____________________________________________________________________________
# Static files (CSS, JavaScript, Images)
@ -122,18 +112,10 @@ else:
STATIC_ROOT = str(FINAL_WWW_PATH / 'static')
MEDIA_ROOT = str(FINAL_WWW_PATH / 'media')
# _____________________________________________________________________________
# django-ckeditor
CKEDITOR_BASEPATH = STATIC_URL + 'ckeditor/ckeditor/'
# _____________________________________________________________________________
# Django-dbbackup
DBBACKUP_STORAGE_OPTIONS['location'] = str(FINAL_HOME_PATH / 'backups')
# -----------------------------------------------------------------------------
LOGGING = {
'version': 1,
'disable_existing_loggers': True,
@ -162,7 +144,7 @@ LOGGING = {
'django': {'handlers': ['log_file', 'mail_admins'], 'level': 'INFO', 'propagate': False},
'axes': {'handlers': ['log_file', 'mail_admins'], 'level': 'WARNING', 'propagate': False},
'django_tools': {'handlers': ['log_file', 'mail_admins'], 'level': 'INFO', 'propagate': False},
'inventory': {'handlers': ['log_file', 'mail_admins'], 'level': 'INFO', 'propagate': False},
'django_ynh': {'handlers': ['log_file', 'mail_admins'], 'level': 'INFO', 'propagate': False},
},
}

6
conf/urls.py → conf/django_ynh_demo_urls.py
View file

@ -3,17 +3,15 @@ from django.conf.urls import static
from django.contrib import admin
from django.urls import path
from django_ynh.views.debug import request_media_debug_view
from django_ynh.views import request_media_debug_view
# settings.PATH_URL is the $YNH_APP_ARG_PATH
# Prefix all urls with "PATH_URL":
urlpatterns = [
path(f'{settings.PATH_URL}/', admin.site.urls),
path(f'{settings.PATH_URL}/debug/', request_media_debug_view),
]
if settings.SERVE_FILES:
urlpatterns += static.static(settings.STATIC_URL, document_root=settings.STATIC_ROOT)
if settings.DEBUG:
urlpatterns.append(path(f'{settings.PATH_URL}/debug/', request_media_debug_view))

2
conf/manage.py
View file

@ -5,7 +5,7 @@ import sys
def main():
os.environ['DJANGO_SETTINGS_MODULE'] = 'django_ynh.settings'
os.environ['DJANGO_SETTINGS_MODULE'] = 'django_ynh_demo_settings'
from django.core.management import execute_from_command_line
execute_from_command_line(sys.argv)

8
conf/setup_user.py Normal file
View file

@ -0,0 +1,8 @@
def setup_demo_user(user):
"""
The django_ynh DEMO use the Django admin. So we need a "staff" user ;)
"""
user.is_staff = True
user.save()
return user

2
conf/wsgi.py
View file

@ -4,7 +4,7 @@
import os
os.environ['DJANGO_SETTINGS_MODULE'] = 'django_ynh.settings'
os.environ['DJANGO_SETTINGS_MODULE'] = 'django_ynh_demo_settings'
from django.core.wsgi import get_wsgi_application

2
django_ynh/__init__.py
View file

@ -1 +1 @@
__version__ = '0.1.0alpha0'
__version__ = '0.1.0'

78
django_ynh_tests/test_project/settings.py → django_ynh/base_settings.py
View file

@ -1,16 +1,16 @@
from pathlib import Path
"""
Base settings for a Django project installed in Yunohost.
All values should not depent on YunoHost app settings.
"""
BASE_DIR = Path(__file__).parent.parent
# -----------------------------------------------------------------------------
# settings that should be set in project settings:
ROOT_URLCONF = None
SECRET_KEY = None
SECRET_KEY = 'Only a test project!'
DEBUG = True
ALLOWED_HOSTS = []
# -----------------------------------------------------------------------------
INSTALLED_APPS = [
'django.contrib.admin',
@ -19,21 +19,29 @@ INSTALLED_APPS = [
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'django_ynh', # <<<<
'axes', # https://github.com/jazzband/django-axes
]
# -----------------------------------------------------------------------------
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django_ynh.sso_auth.auth_middleware.SSOwatRemoteUserMiddleware', # <<<<
#
# login a user via HTTP_REMOTE_USER header from SSOwat:
'django_ynh.sso_auth.auth_middleware.SSOwatRemoteUserMiddleware',
#
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
#
# AxesMiddleware should be the last middleware:
'axes.middleware.AxesMiddleware',
]
ROOT_URLCONF = 'django_ynh_tests.test_project.urls'
# -----------------------------------------------------------------------------
TEMPLATES = [
{
@ -51,38 +59,26 @@ TEMPLATES = [
},
]
WSGI_APPLICATION = 'django_ynh_tests.test_project.wsgi.application'
# -----------------------------------------------------------------------------
# Keep ModelBackend around for per-user permissions and superuser
AUTHENTICATION_BACKENDS = (
'axes.backends.AxesBackend', # AxesBackend should be the first backend!
#
# Authenticate via SSO and nginx 'HTTP_REMOTE_USER' header:
'django_ynh.sso_auth.auth_backend.SSOwatUserBackend',
#
# Fallback to normal Django model backend:
'django.contrib.auth.backends.ModelBackend',
)
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.sqlite3',
'NAME': BASE_DIR / 'db.sqlite3',
}
}
LOGIN_REDIRECT_URL = None
LOGIN_URL = '/yunohost/sso/'
LOGOUT_REDIRECT_URL = '/yunohost/sso/'
# /yunohost/sso/?action=logout
AUTH_PASSWORD_VALIDATORS = [] # Just a test project, so no restrictions
LANGUAGE_CODE = 'en-us'
TIME_ZONE = 'UTC'
USE_I18N = True
USE_L10N = True
USE_TZ = True
LOCALE_PATHS = (BASE_DIR.parent / 'django_ynh' / 'locale',)
STATIC_URL = '/static/'
STATIC_ROOT = BASE_DIR / 'static'
MEDIA_URL = '/media/'
MEDIA_ROOT = BASE_DIR / 'media'
INTERNAL_IPS = [
'127.0.0.1',
]
# _____________________________________________________________________________
# Setting below, should be overwritten!
LOGGING = {
'version': 1,

25
django_ynh/create_superuser.py
View file

@ -1,18 +1,34 @@
#!/usr/bin/env python3
"""
Can be called e.g.:
poetry run create_superuser --ds="foo.settings" --username="bar" \
--email="foo@bar.tld" --password="no-password"
or, e.g.:
python3 -m django_ynh.create_superuser --ds="foo.settings" --username="bar" \
--email="foo@bar.tld" \
--password="no-password"
"""
import argparse
import os
import sys
def main():
os.environ['DJANGO_SETTINGS_MODULE'] = 'django_ynh.settings'
parser = argparse.ArgumentParser(description='Create or update Django super user.')
parser.add_argument('--ds', help='The "DJANGO_SETTINGS_MODULE" string')
parser.add_argument('--username')
parser.add_argument('--email')
parser.add_argument('--password')
args = parser.parse_args()
os.environ['DJANGO_SETTINGS_MODULE'] = args.ds
username = args.username
email = args.email or ''
password = args.password
@ -26,7 +42,8 @@ def main():
User = get_user_model()
user = User.objects.filter(username=username).first()
if user:
print('Update existing user and set his password.', file=sys.stderr)
print(f'Update existing user "{user}" and set his password.', file=sys.stderr)
print(repr(password))
user.is_active = True
user.is_staff = True
user.is_superuser = True
@ -34,7 +51,7 @@ def main():
user.email = email
user.save()
else:
print('Create new super user', file=sys.stderr)
print(f'Create new super user "{username}"', file=sys.stderr)
User.objects.create_superuser(username=username, email=email, password=password)

168
django_ynh/local_test.py Executable file
View file

@ -0,0 +1,168 @@
"""
Create a YunoHost package local test
"""
import argparse
import os
import shlex
import subprocess
import sys
from pathlib import Path
from django_ynh.path_utils import assert_is_dir, assert_is_file
from django_ynh.test_utils import generate_basic_auth
def verbose_check_call(command, verbose=True, **kwargs):
""" 'verbose' version of subprocess.check_call() """
if verbose:
print('_' * 100)
msg = f'Call: {command!r}'
verbose_kwargs = ', '.join(f'{k}={v!r}' for k, v in sorted(kwargs.items()))
if verbose_kwargs:
msg += f' (kwargs: {verbose_kwargs})'
print(f'{msg}\n', flush=True)
env = os.environ.copy()
env['PYTHONUNBUFFERED'] = '1'
popenargs = shlex.split(command)
subprocess.check_call(popenargs, universal_newlines=True, env=env, **kwargs)
def call_manage_py(final_home_path, args):
verbose_check_call(
command=f'{sys.executable} manage.py {args}',
cwd=final_home_path,
)
def copy_patch(src_file, replaces, final_home_path):
dst_file = final_home_path / src_file.name
print(f'{src_file} -> {dst_file}')
with src_file.open('r') as f:
content = f.read()
if replaces:
for old, new in replaces.items():
if old in content:
print(f' * Replace "{old}" -> "{new}"')
content = content.replace(old, new)
with dst_file.open('w') as f:
f.write(content)
def create_local_test(django_settings_path, destination, runserver=False):
assert_is_file(django_settings_path)
django_settings_name = django_settings_path.stem
conf_path = django_settings_path.parent
assert isinstance(destination, Path)
destination = destination.resolve()
if not destination.is_dir():
destination.mkdir(parents=False)
assert_is_dir(destination)
final_home_path = destination / 'opt_yunohost'
final_www_path = destination / 'var_www'
log_file = destination / 'var_log_django_ynh.log'
REPLACES = {
'__FINAL_HOME_PATH__': str(final_home_path),
'__FINAL_WWW_PATH__': str(final_www_path),
'__LOG_FILE__': str(destination / 'var_log_django_ynh.log'),
'__PATH_URL__': 'app_path',
'__DOMAIN__': '127.0.0.1',
'django.db.backends.postgresql': 'django.db.backends.sqlite3',
"'NAME': '__APP__',": f"'NAME': '{destination / 'test_db.sqlite'}',",
'django_redis.cache.RedisCache': 'django.core.cache.backends.dummy.DummyCache',
# Just use the default logging setup from django_ynh project:
'LOGGING = {': 'HACKED_DEACTIVATED_LOGGING = {',
}
for p in (final_home_path, final_www_path):
if p.is_dir():
print(f'Already exists: "{p}", ok.')
else:
p.mkdir(parents=True, exist_ok=True)
log_file.touch(exist_ok=True)
for src_file in conf_path.glob('*.py'):
copy_patch(src_file=src_file, replaces=REPLACES, final_home_path=final_home_path)
with Path(final_home_path / 'local_settings.py').open('w') as f:
f.write('# Only for local test run\n')
f.write('SERVE_FILES = True # used in src/inventory_project/urls.py\n')
f.write('AUTH_PASSWORD_VALIDATORS = [] # accept all passwords\n')
# call "local_test/manage.py" via subprocess:
call_manage_py(final_home_path, 'check --deploy')
if runserver:
call_manage_py(final_home_path, 'migrate --no-input')
call_manage_py(final_home_path, 'collectstatic --no-input')
verbose_check_call(
command=(
f'{sys.executable} -m django_ynh.create_superuser'
f' --ds="{django_settings_name}" --username="test" --password="test123"'
),
cwd=final_home_path,
)
os.environ['DJANGO_SETTINGS_MODULE'] = django_settings_name
# All environment variables are passed to Django's "runnserver" ;)
# "Simulate" SSOwat authentication, by set "http headers"
# Still missing is the 'SSOwAuthUser' cookie,
# but this is ignored, if settings.DEBUG=True ;)
os.environ['HTTP_AUTH_USER'] = 'test'
os.environ['HTTP_REMOTE_USER'] = 'test'
os.environ['HTTP_AUTHORIZATION'] = generate_basic_auth(username='test', password='test123')
try:
call_manage_py(final_home_path, 'runserver --nostatic')
except KeyboardInterrupt:
print('\nBye ;)')
return final_home_path
def cli():
parser = argparse.ArgumentParser(description='Generate a YunoHost package local test')
parser.add_argument(
'--django_settings_path',
action='store',
metavar='path',
help='Path to YunoHost package settings.py file (in "conf" directory)',
)
parser.add_argument(
'--destination',
action='store',
metavar='path',
help='Destination directory for the local test files',
)
parser.add_argument(
'--runserver',
action='store',
type=bool,
default=False,
help='Start Django "runserver" after local test file creation?',
)
args = parser.parse_args()
create_local_test(
django_settings_path=Path(args.django_settings_path),
destination=Path(args.destination),
runserver=args.runserver,
)
if __name__ == '__main__':
cli()

25
django_ynh/path_utils.py Normal file
View file

@ -0,0 +1,25 @@
from pathlib import Path
def assert_is_dir(dir_path):
assert isinstance(dir_path, Path)
assert dir_path.is_dir, f'Directory does not exists: {dir_path}'
def assert_is_file(file_path):
assert isinstance(file_path, Path)
assert file_path.is_file, f'File not found: {file_path}'
def is_relative_to(p, other):
"""
Path.is_relative_to() is new in Python 3.9
"""
p = Path(p)
other = Path(other)
try:
p.relative_to(other)
except ValueError:
return False
else:
return True

38
django_ynh/pytest_helper.py Normal file
View file

@ -0,0 +1,38 @@
import os
import sys
from pathlib import Path
from django_ynh.local_test import create_local_test
from django_ynh.path_utils import assert_is_dir, assert_is_file
def run_pytest(django_settings_path, destination):
"""
1. Generate "local test installation"
2. Run pytest against generated sources
"""
assert_is_file(django_settings_path)
conf_path = django_settings_path.parent
base_path = conf_path.parent
test_path = Path(base_path / 'tests')
assert_is_dir(test_path)
final_home_path = create_local_test(
django_settings_path=django_settings_path,
destination=destination,
runserver=False,
)
django_settings_name = django_settings_path.stem
os.environ['DJANGO_SETTINGS_MODULE'] = django_settings_name
print(f'DJANGO_SETTINGS_MODULE={django_settings_name}')
sys.path.insert(0, str(final_home_path))
import pytest
# collect only project tests:
sys.argv = [__file__, str(test_path)]
raise SystemExit(pytest.console_main())

23
django_ynh/secret_key.py Normal file
View file

@ -0,0 +1,23 @@
"""
Helper to create a random string for settings.SECRET_KEY
SECURITY WARNING: keep the secret key used in production secret!
"""
import logging
from pathlib import Path
from secrets import token_urlsafe
logger = logging.getLogger(__name__)
def get_or_create_secret(secret_file):
assert isinstance(secret_file, Path)
assert secret_file.parent.is_dir, f'Directory does not exists: {secret_file.parent}'
if not secret_file.is_file():
logger.info('Generate %s', secret_file)
secret_file.open('w').write(token_urlsafe(128))
with secret_file.open('r') as f:
return f.read()

18
django_ynh/sso_auth/auth_backend.py
View file

@ -27,7 +27,7 @@ import logging
from django.contrib.auth.backends import RemoteUserBackend
from django_ynh.sso_auth.user_profile import update_user_profile
from django_ynh.sso_auth.user_profile import call_setup_user, update_user_profile
logger = logging.getLogger(__name__)
@ -46,24 +46,16 @@ class SSOwatUserBackend(RemoteUserBackend):
def configure_user(self, request, user):
"""
Configure a user after creation and return the updated user.
Setup a normal, non-superuser
Configure a new user after creation and return the updated user.
"""
logger.warning('Configure user %s', user)
user.set_unusable_password() # Always login via SSO
user.is_staff = True
user.is_superuser = False
user.save()
# TODO: Add user in "normal" user group:
# django_ynh_user_group = get_or_create_normal_user_group()[0]
# user.groups.set([django_ynh_user_group])
update_user_profile(request)
user = update_user_profile(request, user)
user = call_setup_user(user=user)
return user
def user_can_authenticate(self, user):
logger.warning('Remote user login: %s', user)
assert not user.is_anonymous
return True

39
django_ynh/sso_auth/auth_middleware.py
View file

@ -2,15 +2,18 @@ import base64
import logging
from axes.exceptions import AxesBackendPermissionDenied
from django.conf import settings
from django.contrib.auth.middleware import RemoteUserMiddleware
from django_ynh.sso_auth.user_profile import call_setup_user, update_user_profile
logger = logging.getLogger(__name__)
class SSOwatRemoteUserMiddleware(RemoteUserMiddleware):
"""
Middleware to login a user HTTP_REMOTE_USER header.
Middleware to login a user via HTTP_REMOTE_USER header.
Use Django Axes if something is wrong.
Update exising user informations.
"""
@ -24,8 +27,10 @@ class SSOwatRemoteUserMiddleware(RemoteUserMiddleware):
super().process_request(request) # login remote user
if not request.user.is_authenticated:
# Not logged in -> nothing to verify here
user = request.user
if not user.is_authenticated:
logger.debug('Not logged in -> nothing to verify here')
return
# Check SSOwat cookie informations:
@ -34,13 +39,17 @@ class SSOwatRemoteUserMiddleware(RemoteUserMiddleware):
except KeyError:
logger.error('SSOwAuthUser cookie missing!')
# emits a signal indicating user login failed, which is processed by
# axes.signals.log_user_login_failed which logs and flags the failed request.
raise AxesBackendPermissionDenied('Cookie missing')
logger.info('SSOwat username from cookies: %r', username)
if username != request.user.username:
raise AxesBackendPermissionDenied('Wrong username')
if settings.DEBUG:
# e.g.: local test can't set a Cookie easily
logger.warning('Ignore error, because settings.DEBUG is on!')
else:
# emits a signal indicating user login failed, which is processed by
# axes.signals.log_user_login_failed which logs and flags the failed request.
raise AxesBackendPermissionDenied('Cookie missing')
else:
logger.info('SSOwat username from cookies: %r', username)
if username != user.username:
raise AxesBackendPermissionDenied('Wrong username')
# Compare with HTTP_AUTH_USER
try:
@ -49,7 +58,7 @@ class SSOwatRemoteUserMiddleware(RemoteUserMiddleware):
logger.error('HTTP_AUTH_USER missing!')
raise AxesBackendPermissionDenied('No HTTP_AUTH_USER')
if username != request.user.username:
if username != user.username:
raise AxesBackendPermissionDenied('Wrong HTTP_AUTH_USER username')
# Also check 'HTTP_AUTHORIZATION', but only the username ;)
@ -66,10 +75,12 @@ class SSOwatRemoteUserMiddleware(RemoteUserMiddleware):
creds = str(base64.b64decode(creds), encoding='utf-8')
username = creds.split(':', 1)[0]
if username != request.user.username:
if username != user.username:
raise AxesBackendPermissionDenied('Wrong HTTP_AUTHORIZATION username')
if not was_authenticated:
# First request, after login -> update user informations
logger.info('Remote used was logged in')
update_user_profile(request)
logger.info('Remote user "%s" was logged in', user)
user = update_user_profile(request, user)
user = call_setup_user(user=user)

54
django_ynh/sso_auth/user_profile.py
View file

@ -1,28 +1,60 @@
import base64
import logging
from functools import lru_cache
from axes.exceptions import AxesBackendPermissionDenied
from django.contrib.auth.backends import RemoteUserBackend as OriginRemoteUserBackend
from django.contrib.auth.middleware import RemoteUserMiddleware as OriginRemoteUserMiddleware
from django.conf import settings
from django.contrib.auth import get_user_model
from django.core.exceptions import ValidationError
from inventory.permissions import get_or_create_normal_user_group
from django.utils.module_loading import import_string
logger = logging.getLogger(__name__)
def update_user_profile(request):
UserModel = get_user_model()
@lru_cache(maxsize=None)
def get_setup_user_func():
setup_user_func = import_string(settings.YNH_SETUP_USER)
assert callable(setup_user_func)
return setup_user_func
def call_setup_user(user):
"""
Hook for the YunoHost package application to setup a Django user.
Call function defined in settings.YNH_SETUP_USER
called via:
* SSOwatUserBackend after a new user was created
* SSOwatRemoteUserMiddleware on login request
"""
old_pk = user.pk
setup_user_func = get_setup_user_func()
logger.debug('Call "%s" for user "%s"', settings.YNH_SETUP_USER, user)
user = setup_user_func(user=user)
assert isinstance(user, UserModel)
assert user.pk == old_pk
return user
def update_user_profile(request, user):
"""
Update existing user information:
* Email
* First / Last name
"""
user = request.user
assert user.is_authenticated
Called via:
* SSOwatUserBackend after a new user was created
* SSOwatRemoteUserMiddleware on login request
"""
update_fields = []
if not user.password:
if user.is_authenticated and not user.has_usable_password():
# Empty password is not valid, so we can't save the model, because of full_clean() call
logger.info('Set unusable password for user: %s', user)
user.set_unusable_password()
@ -59,3 +91,5 @@ def update_user_profile(request):
logger.exception('Can not update user: %s', user)
else:
user.save(update_fields=update_fields)
return user

8
django_ynh/test_utils.py Normal file
View file

@ -0,0 +1,8 @@
import base64
def generate_basic_auth(username, password):
basic_auth = f'{username}:{password}'
basic_auth_creds = bytes(basic_auth, encoding='utf-8')
creds = str(base64.b64encode(basic_auth_creds), encoding='utf-8')
return f'basic {creds}'

14
django_ynh/views.py
View file

@ -1,12 +1,24 @@
import logging
import pprint
from django.http import HttpResponse
from django.conf import settings
from django.contrib.auth import get_user_model
from django.http.response import HttpResponse
from django.shortcuts import redirect
logger = logging.getLogger(__name__)
def request_media_debug_view(request):
""" debug request.META """
assert settings.DEBUG is True, 'Only in DEBUG mode available!'
if not request.user.is_authenticated:
logger.info('Deny debug view: User not logged in!')
UserModel = get_user_model()
logger.info('Existing users are: %s', ', '.join(f'"{user}"' for user in UserModel.objects.all()))
return redirect('admin:index')
meta = pprint.pformat(request.META)

0
django_ynh_tests/test_app/__init__.py
View file

0
django_ynh_tests/test_app/management/__init__.py
View file

0
django_ynh_tests/test_app/management/commands/__init__.py
View file

39
django_ynh_tests/test_app/management/commands/run_testserver.py
View file

@ -1,39 +0,0 @@
import os
from django.contrib.auth import get_user_model
from django.core.management import BaseCommand, call_command
class Command(BaseCommand):
"""
Expand django.contrib.staticfiles runserver
"""
help = "Setup test project and run django developer server"
def verbose_call(self, command, *args, **kwargs):
self.stderr.write("_" * 79)
self.stdout.write(f"Call {command!r} with: {args!r} {kwargs!r}")
call_command(command, *args, **kwargs)
def handle(self, *args, **options):
if "RUN_MAIN" not in os.environ:
# RUN_MAIN added by auto reloader, see: django/utils/autoreload.py
# Create migrations for our test app
# But these migrations should never commit!
# On changes: Just delete the SQLite file and start fresh ;)
self.verbose_call("makemigrations")
self.verbose_call("migrate")
# django.contrib.staticfiles.management.commands.collectstatic.Command
self.verbose_call("collectstatic", interactive=False, link=True)
User = get_user_model()
qs = User.objects.filter(is_active=True, is_superuser=True)
if qs.count() == 0:
self.verbose_call("createsuperuser")
self.verbose_call("runserver", use_threading=False, use_reloader=True, verbosity=2)

1
django_ynh_tests/test_app/models.py
View file

@ -1 +0,0 @@
# no models ;)

0
django_ynh_tests/test_project/__init__.py
View file

18
django_ynh_tests/test_project/manage.py
View file

@ -1,18 +0,0 @@
#!/usr/bin/env python3
import sys
def main():
try:
from django.core.management import execute_from_command_line
except ImportError as exc:
raise ImportError(
"Couldn't import Django. Are you sure it's installed and "
"available on your PYTHONPATH environment variable? Did you "
"forget to activate a virtual environment?"
) from exc
execute_from_command_line(sys.argv)
if __name__ == '__main__':
main()

28
django_ynh_tests/test_project/publish.py
View file

@ -1,28 +0,0 @@
"""
Helper to publish this Project to PyPi
"""
from pathlib import Path
from poetry_publish.publish import poetry_publish
from poetry_publish.utils.subprocess_utils import verbose_check_call
import django_ynh
PACKAGE_ROOT = Path(django_ynh.__file__).parent.parent
def publish():
"""
Publish to PyPi
Call this via:
$ poetry run publish
"""
verbose_check_call('poetry', 'check')
# TODO:
# verbose_check_call('make', 'pytest') # don't publish if tests fail
# verbose_check_call('make', 'fix-code-style') # don't publish if code style wrong
poetry_publish(package_root=PACKAGE_ROOT, version=django_ynh.__version__)

11
django_ynh_tests/test_project/urls.py
View file

@ -1,11 +0,0 @@
import debug_toolbar
from django.contrib import admin
from django.urls import include, path
from django.views.generic import RedirectView
urlpatterns = [
path('admin/', admin.site.urls),
path('', RedirectView.as_view(url='/admin/')),
path('__debug__/', include(debug_toolbar.urls)),
]

9
django_ynh_tests/test_project/wsgi.py
View file

@ -1,9 +0,0 @@
"""
WSGI config
"""
from django.core.wsgi import get_wsgi_application
application = get_wsgi_application()

146
local_test.py Executable file → Normal file
View file

@ -2,154 +2,30 @@
"""
Start django_ynh in YunoHost setup locally.
Note:
You can only run this script, if you are in a activated django_ynh venv!
Run via:
make local-test
see README for details ;)
"""
import os
import shlex
import subprocess
import sys
from pathlib import Path
os.environ['DJANGO_SETTINGS_MODULE'] = 'django_ynh.settings'
try:
import inventory_project # noqa
from django_ynh.local_test import create_local_test
except ImportError as err:
raise ImportError(
'Couldn\'t import django_ynh. Did you '
'forget to activate a virtual environment?'
) from err
raise ImportError('Did you forget to activate a virtual environment?') from err
BASE_PATH = Path(__file__).parent.absolute()
TEST_PATH = BASE_PATH / 'local_test'
CONF_PATH = BASE_PATH / 'conf'
FINAL_HOME_PATH = TEST_PATH / 'opt_yunohost'
FINAL_WWW_PATH = TEST_PATH / 'var_www'
LOG_FILE = TEST_PATH / 'var_log_django_ynh.log'
MANAGE_PY_FILE = CONF_PATH / 'manage.py'
CREATE_SUPERUSER_FILE = CONF_PATH / 'create_superuser.py'
SETTINGS_FILE = CONF_PATH / 'django_ynh.settings.py'
URLS_FILE = CONF_PATH / 'ynh_urls.py'
REPLACES = {
'__FINAL_HOME_PATH__': str(FINAL_HOME_PATH),
'__FINAL_WWW_PATH__': str(FINAL_WWW_PATH),
'__LOG_FILE__': str(TEST_PATH / 'var_log_django_ynh.log'),
'__PATH_URL__': 'app_path',
'__DOMAIN__': '127.0.0.1',
'django.db.backends.postgresql': 'django.db.backends.sqlite3',
"'NAME': '__APP__',": f"'NAME': '{TEST_PATH / 'test_db.sqlite'}',",
'django_redis.cache.RedisCache': 'django.core.cache.backends.dummy.DummyCache',
'DEBUG = False': 'DEBUG = True',
# Just use the default logging setup from django_ynh project:
'LOGGING = {': 'HACKED_DEACTIVATED_LOGGING = {',
}
def verbose_check_call(command, verbose=True, **kwargs):
""" 'verbose' version of subprocess.check_call() """
if verbose:
print('_' * 100)
msg = f'Call: {command!r}'
verbose_kwargs = ', '.join(f'{k}={v!r}' for k, v in sorted(kwargs.items()))
if verbose_kwargs:
msg += f' (kwargs: {verbose_kwargs})'
print(f'{msg}\n', flush=True)
env = os.environ.copy()
env['PYTHONUNBUFFERED'] = '1'
popenargs = shlex.split(command)
subprocess.check_call(
popenargs,
universal_newlines=True,
env=env,
**kwargs
)
def call_manage_py(args):
verbose_check_call(
command=f'{sys.executable} manage.py {args}',
cwd=FINAL_HOME_PATH,
)
def copy_patch(src_file, replaces=None):
dst_file = FINAL_HOME_PATH / src_file.name
print(f'{src_file.relative_to(BASE_PATH)} -> {dst_file.relative_to(BASE_PATH)}')
with src_file.open('r') as f:
content = f.read()
if replaces:
for old, new in replaces.items():
content = content.replace(old, new)
with dst_file.open('w') as f:
f.write(content)
BASE_PATH = Path(__file__).parent
def main():
print('-' * 100)
assert BASE_PATH.is_dir()
assert CONF_PATH.is_dir()
assert SETTINGS_FILE.is_file()
assert URLS_FILE.is_file()
for p in (TEST_PATH, FINAL_HOME_PATH, FINAL_WWW_PATH):
if p.is_dir():
print(f'Already exists: "{p.relative_to(BASE_PATH)}", ok.')
else:
print(f'Create: "{p.relative_to(BASE_PATH)}"')
p.mkdir(parents=True, exist_ok=True)
LOG_FILE.touch(exist_ok=True)
# conf/manage.py -> local_test/manage.py
copy_patch(src_file=MANAGE_PY_FILE)
# conf/create_superuser.py -> local_test/opt_yunohost/create_superuser.py
copy_patch(src_file=CREATE_SUPERUSER_FILE)
# conf/django_ynh.settings.py -> local_test/django_ynh.settings.py
copy_patch(src_file=SETTINGS_FILE, replaces=REPLACES)
# conf/ynh_urls.py -> local_test/ynh_urls.py
copy_patch(src_file=URLS_FILE, replaces=REPLACES)
with Path(FINAL_HOME_PATH / 'local_settings.py').open('w') as f:
f.write('# Only for local test run\n')
f.write('SERVE_FILES=True # used in src/inventory_project/urls.py\n')
# call "local_test/manage.py" via subprocess:
call_manage_py('check --deploy')
call_manage_py('migrate --no-input')
call_manage_py('collectstatic --no-input')
verbose_check_call(
command=f'{sys.executable} create_superuser.py --username="test" --password="test"',
cwd=FINAL_HOME_PATH,
create_local_test(
django_settings_path=BASE_PATH / 'conf' / 'django_ynh_demo_settings.py',
destination=BASE_PATH / 'local_test',
runserver=True,
)
try:
call_manage_py('runserver --nostatic')
except KeyboardInterrupt:
print('\nBye ;)')
if __name__ == '__main__':
main()

9
pyproject.toml
View file

@ -1,6 +1,6 @@
[tool.poetry]
name = "django_ynh"
version = "0.1.0alpha0"
version = "0.1.0rc1"
description = "Glue code to package django projects as yunohost apps."
authors = ["JensDiemer <git@jensdiemer.de>"]
license = "GPL"
@ -13,12 +13,14 @@ packages = [
[tool.poetry.dependencies]
python = ">=3.7,<4.0.0"
django = "*"
gunicorn = "*"
django-axes = "*" # https://github.com/jazzband/django-axes
psycopg2-binary = "*"
django-redis = "*"
[tool.poetry.dev-dependencies]
poetry-publish = "*" # https://github.com/jedie/poetry-publish
bx_py_utils = "*"
tox = "*"
pytest = "*"
pytest-randomly = "*"
@ -36,6 +38,7 @@ requires = ["poetry-core>=1.0.0"]
build-backend = "poetry.core.masonry.api"
[tool.poetry.scripts]
create_superuser = "django_ynh.create_superuser:main"
publish = "django_ynh_tests.test_project.publish:publish"
[tool.isort]
@ -56,8 +59,7 @@ lines_after_imports=2
[tool.pytest.ini_options]
# https://docs.pytest.org/en/latest/customize.html#pyproject-toml
minversion = "6.0"
DJANGO_SETTINGS_MODULE="django_ynh_project.settings.tests"
norecursedirs = ".* .git __pycache__ coverage* dist htmlcov volumes"
norecursedirs = ".* .git __pycache__ conf coverage* dist htmlcov volumes"
# sometimes helpfull "addopts" arguments:
# -vv
# --verbose
@ -79,7 +81,6 @@ addopts = """
--failed-first
--last-failed-no-failures all
--new-first
-p no:randomly
"""

25
run_pytest.py Normal file
View file

@ -0,0 +1,25 @@
"""
Run pytest against local test creation
"""
from pathlib import Path
try:
from django_ynh.pytest_helper import run_pytest
except ImportError as err:
raise ImportError('Did you forget to activate a virtual environment?') from err
BASE_PATH = Path(__file__).parent
def main():
run_pytest(
django_settings_path=BASE_PATH / 'conf' / 'django_ynh_demo_settings.py',
destination=BASE_PATH / 'local_test',
)
if __name__ == '__main__':
main()

4
scripts/change_url
View file

@ -116,10 +116,10 @@ fi
ynh_script_progression --message="Modify django_ynh's config file..."
# save old settings file
settings="$final_path/django_ynh.settings.py"
settings="$final_path/settings.py"
ynh_backup_if_checksum_is_different --file="$settings"
cp "../conf/django_ynh.settings.py" "$settings"
cp "../conf/settings.py" "$settings"
ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$settings"
ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$settings"

4
scripts/install
View file

@ -137,8 +137,8 @@ chmod +x "$final_path/manage.py"
cp ../conf/wsgi.py "$final_path/wsgi.py"
settings="$final_path/django_ynh.settings.py"
cp "../conf/django_ynh.settings.py" "$settings"
settings="$final_path/settings.py"
cp "../conf/settings.py" "$settings"
ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$settings"
ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$settings"

4
scripts/upgrade
View file

@ -127,10 +127,10 @@ ynh_backup_if_checksum_is_different --file="$final_path/wsgi.py"
cp ../conf/wsgi.py "$final_path/wsgi.py"
# save old settings file
settings="$final_path/django_ynh.settings.py"
settings="$final_path/settings.py"
ynh_backup_if_checksum_is_different --file="$settings"
cp "../conf/django_ynh.settings.py" "$settings"
cp "../conf/settings.py" "$settings"
ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$settings"
ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$settings"

0
django_ynh_tests/__init__.py → tests/__init__.py
View file

130
tests/test_django_ynh.py Normal file
View file

@ -0,0 +1,130 @@
from axes.models import AccessAttempt, AccessLog
from bx_py_utils.test_utils.html_assertion import HtmlAssertionMixin
from django.conf import settings
from django.contrib.auth.models import User
from django.test import override_settings
from django.test.testcases import TestCase
from django.urls.base import reverse
from django_ynh.test_utils import generate_basic_auth
from django_ynh.views import request_media_debug_view
@override_settings(DEBUG=False)
class DjangoYnhTestCase(HtmlAssertionMixin, TestCase):
def setUp(self):
super().setUp()
# Always start a fresh session:
self.client = self.client_class()
def test_settings(self):
assert settings.PATH_URL == 'app_path'
assert str(settings.FINAL_HOME_PATH).endswith('/local_test/opt_yunohost')
assert str(settings.FINAL_WWW_PATH).endswith('/local_test/var_www')
assert str(settings.LOG_FILE).endswith('/local_test/var_log_django_ynh.log')
assert settings.ROOT_URLCONF == 'django_ynh_demo_urls'
def test_urls(self):
assert reverse('admin:index') == '/app_path/'
assert reverse(request_media_debug_view) == '/app_path/debug/'
def test_auth(self):
response = self.client.get('/app_path/')
self.assertRedirects(response, expected_url='/app_path/login/?next=/app_path/')
def test_create_unknown_user(self):
assert User.objects.count() == 0
self.client.cookies['SSOwAuthUser'] = 'test'
response = self.client.get(
path='/app_path/',
HTTP_REMOTE_USER='test',
HTTP_AUTH_USER='test',
HTTP_AUTHORIZATION='basic dGVzdDp0ZXN0MTIz',
)
assert User.objects.count() == 1
user = User.objects.first()
assert user.username == 'test'
assert user.is_active is True
assert user.is_staff is True # Set by: conf.django_ynh_demo_urls.setup_user_handler
assert user.is_superuser is False
self.assert_html_parts(
response, parts=('<title>Site administration | Django site admin</title>', '<strong>test</strong>')
)
def test_wrong_auth_user(self):
assert User.objects.count() == 0
assert AccessLog.objects.count() == 0
self.client.cookies['SSOwAuthUser'] = 'test'
response = self.client.get(
path='/app_path/',
HTTP_REMOTE_USER='test',
HTTP_AUTH_USER='foobar', # <<< wrong user name
HTTP_AUTHORIZATION='basic dGVzdDp0ZXN0MTIz',
)
assert User.objects.count() == 1
user = User.objects.first()
assert user.username == 'test'
assert user.is_active is True
assert user.is_staff is True # Set by: conf.django_ynh_demo_urls.setup_user_handler
assert user.is_superuser is False
assert AccessLog.objects.count() == 1
assert response.status_code == 403 # Forbidden
def test_wrong_cookie(self):
assert User.objects.count() == 0
assert AccessLog.objects.count() == 0
self.client.cookies['SSOwAuthUser'] = 'foobar' # <<< wrong user name
response = self.client.get(
path='/app_path/',
HTTP_REMOTE_USER='test',
HTTP_AUTH_USER='test',
HTTP_AUTHORIZATION='basic dGVzdDp0ZXN0MTIz',
)
assert User.objects.count() == 1
user = User.objects.first()
assert user.username == 'test'
assert user.is_active is True
assert user.is_staff is True # Set by: conf.django_ynh_demo_urls.setup_user_handler
assert user.is_superuser is False
assert AccessLog.objects.count() == 1
assert response.status_code == 403 # Forbidden
def test_wrong_authorization_user(self):
assert User.objects.count() == 0
self.client.cookies['SSOwAuthUser'] = 'test'
response = self.client.get(
path='/app_path/',
HTTP_REMOTE_USER='test',
HTTP_AUTH_USER='test',
HTTP_AUTHORIZATION=generate_basic_auth(username='foobar', password='test123'), # <<< wrong user name
)
assert User.objects.count() == 1
user = User.objects.first()
assert user.username == 'test'
assert user.is_active is True
assert user.is_staff is True # Set by: conf.django_ynh_demo_urls.setup_user_handler
assert user.is_superuser is False
assert AccessLog.objects.count() == 1
assert response.status_code == 403 # Forbidden

15
tests/test_lint.py Normal file
View file

@ -0,0 +1,15 @@
import shutil
import subprocess
from pathlib import Path
import django_ynh
BASE_PATH = Path(django_ynh.__file__).parent.parent
def test_lint():
assert Path(BASE_PATH, 'Makefile').is_file()
make_bin = shutil.which('make')
assert make_bin is not None
subprocess.check_call([make_bin, 'lint'], cwd=BASE_PATH)

54
tests/test_project_setup.py Normal file
View file

@ -0,0 +1,54 @@
import os
import shutil
import subprocess
from pathlib import Path
import django_ynh
PACKAGE_ROOT = Path(django_ynh.__file__).parent.parent
def assert_file_contains_string(file_path, string):
with file_path.open('r') as f:
for line in f:
if string in line:
return
raise AssertionError(f'File {file_path} does not contain {string!r} !')
def test_version(package_root=None, version=None):
if package_root is None:
package_root = PACKAGE_ROOT
if version is None:
version = django_ynh.__version__
if 'dev' not in version and 'rc' not in version:
version_string = f'v{version}'
assert_file_contains_string(file_path=Path(package_root, 'README.md'), string=version_string)
assert_file_contains_string(file_path=Path(package_root, 'pyproject.toml'), string=f'version = "{version}"')
assert_file_contains_string(file_path=Path(package_root, 'manifest.json'), string=f'"version": "{version}~ynh",')
assert_file_contains_string(
file_path=Path(package_root, 'deployment', 'project.env'), string=f'PROJECT_VERSION={version}'
)
def test_poetry_check(package_root=None):
if package_root is None:
package_root = PACKAGE_ROOT
poerty_bin = shutil.which('poetry')
output = subprocess.check_output(
[poerty_bin, 'check'],
universal_newlines=True,
env=os.environ,
stderr=subprocess.STDOUT,
cwd=str(package_root),
)
print(output)
assert output == 'All set!\n'

8
tests/test_utils.py Normal file
View file

@ -0,0 +1,8 @@
from unittest.case import TestCase
from django_ynh.test_utils import generate_basic_auth
class TestUtilsTestCase(TestCase):
def test_generate_basic_auth(self):
assert generate_basic_auth(username='test', password='test123') == 'basic dGVzdDp0ZXN0MTIz'