Merge branch 'master' into rights

# Conflicts:
#	note_kfet/settings/base.py

note_kfet/fixtures/initial.json

@@ -0,0 +1,19 @@
+[
+    {
+        "model": "sites.site",
+        "pk": 1,
+        "fields": {
+            "domain": "localhost",
+            "name": "La Note Kfet \ud83c\udf7b"
+        }
+    },
+    {
+        "model": "cas_server.servicepattern",
+        "pk": 1,
+        "fields": {
+            "pos": 1,
+            "pattern": ".*",
+            "name": "REPLACEME"
+        }
+    }
+]

note_kfet/middlewares.py

@@ -0,0 +1,38 @@
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from django.http import HttpResponseRedirect
+
+from urllib.parse import urlencode, parse_qs, urlsplit, urlunsplit
+
+
+class TurbolinksMiddleware(object):
+    """
+    Send the `Turbolinks-Location` header in response to a visit that was redirected,
+    and Turbolinks will replace the browser's topmost history entry.
+    """
+
+    def __init__(self, get_response):
+        self.get_response = get_response
+
+    def __call__(self, request):
+        response = self.get_response(request)
+
+        is_turbolinks = request.META.get('HTTP_TURBOLINKS_REFERRER')
+        is_response_redirect = response.has_header('Location')
+
+        if is_turbolinks:
+            if is_response_redirect:
+                location = response['Location']
+                prev_location = request.session.pop('_turbolinks_redirect_to', None)
+                if prev_location is not None:
+                    # relative subsequent redirect
+                    if location.startswith('.'):
+                        location = prev_location.split('?')[0] + location
+                request.session['_turbolinks_redirect_to'] = location
+            else:
+                if request.session.get('_turbolinks_redirect_to'):
+                    location = request.session.pop('_turbolinks_redirect_to')
+                    response['Turbolinks-Location'] = location
+        return response
+

note_kfet/settings/__init__.py

@@ -0,0 +1,46 @@
+import os
+import re
+
+from .base import *
+
+def read_env():
+    """Pulled from Honcho code with minor updates, reads local default
+    environment variables from a .env file located in the project root
+    directory.
+    """
+    try:
+        with open('.env') as f:
+            content = f.read()
+    except IOError:
+        content = ''
+    for line in content.splitlines():
+        m1 = re.match(r'\A([A-Za-z_0-9]+)=(.*)\Z', line)
+        if m1:
+            key, val = m1.group(1), m1.group(2)
+            m2 = re.match(r"\A'(.*)'\Z", val)
+            if m2:
+                val = m2.group(1)
+            m3 = re.match(r'\A"(.*)"\Z', val)
+            if m3:
+                val = re.sub(r'\\(.)', r'\1', m3.group(1))
+            os.environ.setdefault(key, val)
+
+read_env()
+
+app_stage = os.environ.get('DJANGO_APP_STAGE', 'dev')
+if app_stage == 'prod':
+    from .production import *
+    DATABASES["default"]["PASSWORD"] = os.environ.get('DJANGO_DB_PASSWORD','CHANGE_ME_IN_ENV_SETTINGS')
+    SECRET_KEY = os.environ.get('DJANGO_SECRET_KEY','CHANGE_ME_IN_ENV_SETTINGS')
+    ALLOWED_HOSTS.append(os.environ.get('ALLOWED_HOSTS','localhost'))
+else:
+    from .development import *
+
+try:
+    from .secrets import *
+except ImportError:
+    pass
+
+# env variables set at the of in /env/bin/activate
+# don't forget to unset in deactivate !
+

note_kfet/settings/base.py

@@ -1,5 +1,4 @@
-# -*- mode: python; coding: utf-8 -*-
-# Copyright (C) 2018-2019 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 import os
@@ -8,8 +7,8 @@ import sys
 from django.utils.translation import gettext_lazy as _
 
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
-BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
-PROJECT_DIR = os.path.dirname(os.path.realpath(__file__))
+BASE_DIR = os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
+PROJECT_DIR = os.path.dirname(os.path.dirname(os.path.realpath(__file__)))
 APPS_DIR = os.path.realpath(os.path.join(BASE_DIR, "apps"))
 sys.path.append(APPS_DIR)
 
@@ -51,13 +50,25 @@ INSTALLED_APPS = [
     'django.contrib.sites',
     'django.contrib.messages',
     'django.contrib.staticfiles',
+    # API
+    'rest_framework',
+    'rest_framework.authtoken',
+    # Autocomplete
+    'dal',
+    'dal_select2',
+    # CAS
+    'cas_server',
+    'cas',
 
     # Note apps
     'activity',
     'member',
     'note',
-    'permission'
+    'permission',
+    'api',
+    'logs',
 ]
+LOGIN_REDIRECT_URL = '/note/transfer/'
 
 MIDDLEWARE = [
     'django.middleware.security.SecurityMiddleware',
@@ -70,6 +81,8 @@ MIDDLEWARE = [
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
     'django.middleware.locale.LocaleMiddleware',
     'django.contrib.sites.middleware.CurrentSiteMiddleware',
+    'note_kfet.middlewares.TurbolinksMiddleware',
+    'cas.middleware.CASMiddleware',
 ]
 
 ROOT_URLCONF = 'note_kfet.urls'
@@ -86,6 +99,7 @@ TEMPLATES = [
                 'django.contrib.auth.context_processors.auth',
                 'django.contrib.messages.context_processors.messages',
                 'django.template.context_processors.request',
+              #  'django.template.context_processors.media',
             ],
         },
     },
@@ -93,16 +107,6 @@ TEMPLATES = [
 
 WSGI_APPLICATION = 'note_kfet.wsgi.application'
 
-# Database
-# https://docs.djangoproject.com/en/2.2/ref/settings/#databases
-
-DATABASES = {
-    'default': {
-        'ENGINE': 'django.db.backends.sqlite3',
-        'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
-    }
-}
-
 # Password validation
 # https://docs.djangoproject.com/en/2.2/ref/settings/#auth-password-validators
 
@@ -121,13 +125,32 @@ AUTH_PASSWORD_VALIDATORS = [
     },
 ]
 
+# Use our custom hasher in order to import NK15 passwords
+PASSWORD_HASHERS = [
+    'django.contrib.auth.hashers.PBKDF2PasswordHasher',
+    'member.hashers.CustomNK15Hasher',
+]
+
 # Django Guardian object permissions
 
 AUTHENTICATION_BACKENDS = (
     'django.contrib.auth.backends.ModelBackend',  # this is default
     'guardian.backends.ObjectPermissionBackend',
+    'cas.backends.CASBackend',
 )
 
+REST_FRAMEWORK = {
+    # Use Django's standard `django.contrib.auth` permissions,
+    # or allow read-only access for unauthenticated users.
+    'DEFAULT_PERMISSION_CLASSES': [
+        # TODO Maybe replace it with our custom permissions system
+        'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly'
+    ],
+    'DEFAULT_AUTHENTICATION_CLASSES': [
+        'rest_framework.authentication.TokenAuthentication',
+    ]
+}
+
 ANONYMOUS_USER_NAME = None  # Disable guardian anonymous user
 
 GUARDIAN_GET_CONTENT_TYPE = 'polymorphic.contrib.guardian.get_polymorphic_base_content_type'
@@ -138,6 +161,7 @@ GUARDIAN_GET_CONTENT_TYPE = 'polymorphic.contrib.guardian.get_polymorphic_base_c
 LANGUAGE_CODE = 'en'
 
 LANGUAGES = [
+    ('de', _('German')),
     ('en', _('English')),
     ('fr', _('French')),
 ]
@@ -152,6 +176,8 @@ USE_TZ = True
 
 LOCALE_PATHS = [os.path.join(BASE_DIR, "locale")]
 
+FIXTURE_DIRS = [os.path.join(BASE_DIR, "note_kfet/fixtures")]
+
 # Static files (CSS, JavaScript, Images)
 # https://docs.djangoproject.com/en/2.2/howto/static-files/
 
@@ -159,10 +185,10 @@ LOCALE_PATHS = [os.path.join(BASE_DIR, "locale")]
 # Don't put anything in this directory yourself; store your static files
 # in apps' "static/" subdirectories and in STATICFILES_DIRS.
 # Example: "/var/www/example.com/static/"
-STATIC_ROOT = os.path.realpath(__file__)
-STATICFILES_DIRS = [
-    os.path.join(BASE_DIR, 'static')]
-
+STATIC_ROOT = os.path.join(BASE_DIR,"static/")
+# STATICFILES_DIRS = [
+#    os.path.join(BASE_DIR, 'static')]
+STATICFILES_DIRS = []
 CRISPY_TEMPLATE_PACK = 'bootstrap4'
 DJANGO_TABLES2_TEMPLATE = 'django_tables2/bootstrap4.html'
 # URL prefix for static files.
@@ -171,7 +197,15 @@ STATIC_URL = '/static/'
 
 ALIAS_VALIDATOR_REGEX = r''
 
-try:
-    from .settings_local import *
-except ImportError:
-    pass
+MEDIA_ROOT=os.path.join(BASE_DIR,"media")
+MEDIA_URL='/media/'
+
+# Profile Picture Settings
+PIC_WIDTH = 200
+PIC_RATIO = 1
+
+# CAS Settings
+CAS_AUTO_CREATE_USER = False
+CAS_LOGO_URL = "/static/img/Saperlistpopette.png"
+CAS_FAVICON_URL = "/static/favicon/favicon-32x32.png"
+

note_kfet/settings/development.py

@@ -0,0 +1,54 @@
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+########################
+# Development Settings #
+########################
+# For local dev on your machine:
+#  - Enabled by default
+#  - use sqlite as a db engine , Debug is True.
+#  - standalone mail server
+#  - and more ...
+
+
+# Database
+# https://docs.djangoproject.com/en/2.2/ref/settings/#databases
+from . import *
+import os
+
+DATABASES = {
+    'default': {
+        'ENGINE': 'django.db.backends.sqlite3',
+        'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
+    }
+}
+
+# Break it, fix it!
+DEBUG = True
+
+# Mandatory !
+ALLOWED_HOSTS = ['*']
+
+# Emails
+EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
+# EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
+# EMAIL_USE_SSL = False
+# EMAIL_HOST = 'smtp.example.org'
+# EMAIL_PORT = 25
+# EMAIL_HOST_USER = 'change_me'
+# EMAIL_HOST_PASSWORD = 'change_me'
+
+SERVER_EMAIL = 'no-reply@example.org'
+
+# Security settings
+SECURE_CONTENT_TYPE_NOSNIFF = False
+SECURE_BROWSER_XSS_FILTER = False
+SESSION_COOKIE_SECURE = False
+CSRF_COOKIE_SECURE = False
+CSRF_COOKIE_HTTPONLY = False
+X_FRAME_OPTIONS = 'DENY'
+SESSION_COOKIE_AGE = 60 * 60 * 3
+
+# CAS Client settings
+# Can be modified in secrets.py
+CAS_SERVER_URL = "https://note.comby.xyz/cas/"

note_kfet/settings/production.py

@@ -0,0 +1,52 @@
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+########################
+# Production  Settings #
+########################
+# For local dev on your machine:
+#  - Enabled by setting env variable DJANGO_APP_STAGE = 'prod'
+#  - use Postgresql as db engine
+#  - Debug should be false.
+#  - should have a dedicated mail server
+#  - and more ...
+
+DATABASES = {
+    'default': {
+        'ENGINE': 'django.db.backends.postgresql_psycopg2',
+        'NAME': 'note_db',
+        'USER': 'note',
+        'PASSWORD': 'update_in_env_variable',
+        'HOST': '127.0.0.1',
+        'PORT': '',
+    }
+}
+
+# Break it, fix it!
+DEBUG = True
+
+# Mandatory !
+ALLOWED_HOSTS = ['127.0.0.1','note.comby.xyz']
+
+# Emails
+EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
+# EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
+# EMAIL_USE_SSL = False
+# EMAIL_HOST = 'smtp.example.org'
+# EMAIL_PORT = 25
+# EMAIL_HOST_USER = 'change_me'
+# EMAIL_HOST_PASSWORD = 'change_me'
+
+SERVER_EMAIL = 'no-reply@example.org'
+
+# Security settings
+SECURE_CONTENT_TYPE_NOSNIFF = False
+SECURE_BROWSER_XSS_FILTER = False
+SESSION_COOKIE_SECURE = False
+CSRF_COOKIE_SECURE = False
+CSRF_COOKIE_HTTPONLY = False
+X_FRAME_OPTIONS = 'DENY'
+SESSION_COOKIE_AGE = 60 * 60 * 3
+
+# CAS Client settings
+CAS_SERVER_URL = "https://note.crans.org/cas/"

note_kfet/settings_local.example.py

@@ -1,22 +0,0 @@
-# Obligatoire, liste des host autorisés
-ALLOWED_HOSTS = ['127.0.0.1']
-
-# Emails
-EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
-# EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
-# EMAIL_USE_SSL = False
-# EMAIL_HOST = 'smtp.example.org'
-# EMAIL_PORT = 25
-# EMAIL_HOST_USER = 'change_me'
-# EMAIL_HOST_PASSWORD = 'change_me'
-
-SERVER_EMAIL = 'no-reply@example.org'
-
-# Security settings
-SECURE_CONTENT_TYPE_NOSNIFF = False
-SECURE_BROWSER_XSS_FILTER = False
-SESSION_COOKIE_SECURE = False
-CSRF_COOKIE_SECURE = False
-CSRF_COOKIE_HTTPONLY = False
-X_FRAME_OPTIONS = 'DENY'
-SESSION_COOKIE_AGE = 60 * 60 * 3

note_kfet/urls.py

@@ -1,10 +1,13 @@
-# -*- mode: python; coding: utf-8 -*-
-# Copyright (C) 2018-2019 by BDE ENS Paris-Saclay
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from django.contrib import admin
 from django.urls import path, include
 from django.views.generic import RedirectView
+from django.conf.urls.static import static
+from django.conf import settings
+
+from cas import views as cas_views
 
 urlpatterns = [
     # Dev so redirect to something random
@@ -13,10 +16,25 @@ urlpatterns = [
     # Include project routers
     path('note/', include('note.urls')),
 
+    # Include CAS Client routers
+    path('accounts/login/', cas_views.login, name='login'),
+    path('accounts/logout/', cas_views.logout, name='logout'),
+
     # Include Django Contrib and Core routers
     path('i18n/', include('django.conf.urls.i18n')),
     path('accounts/', include('member.urls')),
     path('accounts/', include('django.contrib.auth.urls')),
     path('admin/doc/', include('django.contrib.admindocs.urls')),
     path('admin/', admin.site.urls),
+
+    # Include CAS Server routers
+    path('cas/', include('cas_server.urls', namespace="cas_server")),
+
+    # Include Django REST API
+    path('api/', include('api.urls')),
+
+    path('logs/', include('logs.urls')),
 ]
+
+urlpatterns += static(settings.MEDIA_URL,document_root=settings.MEDIA_ROOT)
+urlpatterns += static(settings.STATIC_URL,document_root=settings.STATIC_ROOT)

note_kfet/wsgi.py

@@ -1,4 +1,3 @@
-# -*- mode: python; coding: utf-8 -*-
 # Copyright (C) 2016-2019 by BDE
 # SPDX-License-Identifier: GPL-3.0-or-later