Merge remote-tracking branch 'origin/master' into activity

# Conflicts:
#	note_kfet/urls.py
#	templates/base.html

note_kfet/fixtures/cas.json

@@ -0,0 +1,11 @@
+[
+    {
+        "model": "cas_server.servicepattern",
+        "pk": 1,
+        "fields": {
+            "pos": 1,
+            "pattern": ".*",
+            "name": "REPLACEME"
+        }
+    }
+]

note_kfet/fixtures/initial.json

@@ -7,4 +7,4 @@
             "name": "La Note Kfet \ud83c\udf7b"
         }
     }
-]
+]

note_kfet/middlewares.py

@@ -1,9 +1,65 @@
 # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
-from django.http import HttpResponseRedirect
+from django.conf import settings
+from django.contrib.auth.models import AnonymousUser, User
 
-from urllib.parse import urlencode, parse_qs, urlsplit, urlunsplit
+from threading import local
+
+from django.contrib.sessions.backends.db import SessionStore
+
+USER_ATTR_NAME = getattr(settings, 'LOCAL_USER_ATTR_NAME', '_current_user')
+SESSION_ATTR_NAME = getattr(settings, 'LOCAL_SESSION_ATTR_NAME', '_current_session')
+IP_ATTR_NAME = getattr(settings, 'LOCAL_IP_ATTR_NAME', '_current_ip')
+
+_thread_locals = local()
+
+
+def _set_current_user_and_ip(user=None, session=None, ip=None):
+    setattr(_thread_locals, USER_ATTR_NAME, user)
+    setattr(_thread_locals, SESSION_ATTR_NAME, session)
+    setattr(_thread_locals, IP_ATTR_NAME, ip)
+
+
+def get_current_user() -> User:
+    return getattr(_thread_locals, USER_ATTR_NAME, None)
+
+
+def get_current_session() -> SessionStore:
+    return getattr(_thread_locals, SESSION_ATTR_NAME, None)
+
+
+def get_current_ip() -> str:
+    return getattr(_thread_locals, IP_ATTR_NAME, None)
+
+
+def get_current_authenticated_user():
+    current_user = get_current_user()
+    if isinstance(current_user, AnonymousUser):
+        return None
+    return current_user
+
+
+class SessionMiddleware(object):
+    """
+    This middleware get the current user with his or her IP address on each request.
+    """
+
+    def __init__(self, get_response):
+        self.get_response = get_response
+
+    def __call__(self, request):
+        user = request.user
+        if 'HTTP_X_FORWARDED_FOR' in request.META:
+            ip = request.META.get('HTTP_X_FORWARDED_FOR')
+        else:
+            ip = request.META.get('REMOTE_ADDR')
+
+        _set_current_user_and_ip(user, request.session, ip)
+        response = self.get_response(request)
+        _set_current_user_and_ip(None, None, None)
+
+        return response
 
 
 class TurbolinksMiddleware(object):
@@ -35,4 +91,3 @@ class TurbolinksMiddleware(object):
                     location = request.session.pop('_turbolinks_redirect_to')
                     response['Turbolinks-Location'] = location
         return response
-

note_kfet/settings/__init__.py

@@ -1,8 +1,12 @@
-import os
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from django.utils.translation import gettext_lazy as _
 import re
 
 from .base import *
 
+
 def read_env():
     """Pulled from Honcho code with minor updates, reads local default
     environment variables from a .env file located in the project root
@@ -25,22 +29,55 @@ def read_env():
                 val = re.sub(r'\\(.)', r'\1', m3.group(1))
             os.environ.setdefault(key, val)
 
+
 read_env()
 
 app_stage = os.environ.get('DJANGO_APP_STAGE', 'dev')
 if app_stage == 'prod':
     from .production import *
-    DATABASES["default"]["PASSWORD"] = os.environ.get('DJANGO_DB_PASSWORD','CHANGE_ME_IN_ENV_SETTINGS')
-    SECRET_KEY = os.environ.get('DJANGO_SECRET_KEY','CHANGE_ME_IN_ENV_SETTINGS')
-    ALLOWED_HOSTS.append(os.environ.get('ALLOWED_HOSTS','localhost'))
 else:
     from .development import *
 
 try:
+    #in secrets.py defines everything you want
     from .secrets import *
+    INSTALLED_APPS += OPTIONAL_APPS
+
 except ImportError:
     pass
 
-# env variables set at the of in /env/bin/activate
-# don't forget to unset in deactivate !
+if "cas" in INSTALLED_APPS:
+    MIDDLEWARE += ['cas.middleware.CASMiddleware']
+    # CAS Settings
+    CAS_SERVER_URL = "https://" + os.getenv("NOTE_URL", "note.example.com") + "/cas/"
+    CAS_AUTO_CREATE_USER = False
+    CAS_LOGO_URL = "/static/img/Saperlistpopette.png"
+    CAS_FAVICON_URL = "/static/favicon/favicon-32x32.png"
+    CAS_SHOW_SERVICE_MESSAGES = True
+    CAS_SHOW_POWERED = False
+    CAS_REDIRECT_TO_LOGIN_AFTER_LOGOUT = False
+    CAS_PROVIDE_URL_TO_LOGOUT = True
+    CAS_INFO_MESSAGES = {
+        "cas_explained": {
+            "message": _(
+                u"The Central Authentication Service grants you access to most of our websites by "
+                u"authenticating only once, so you don't need to type your credentials again unless "
+                u"your session expires or you logout."
+            ),
+           "discardable": True,
+            "type": "info",  # one of info, success, info, warning, danger
+       },
+    }
 
+    CAS_INFO_MESSAGES_ORDER = [
+        'cas_explained',
+    ]
+    AUTHENTICATION_BACKENDS += ('cas.backends.CASBackend',)
+
+
+if "logs" in INSTALLED_APPS:
+    MIDDLEWARE += ('note_kfet.middlewares.SessionMiddleware',)
+
+if "debug_toolbar" in INSTALLED_APPS:
+    MIDDLEWARE.insert(1, "debug_toolbar.middleware.DebugToolbarMiddleware")
+    INTERNAL_IPS = ['127.0.0.1']

note_kfet/settings/base.py

@@ -37,7 +37,6 @@ INSTALLED_APPS = [
 
     # External apps
     'polymorphic',
-    'reversion',
     'crispy_forms',
     'django_tables2',
     # Django contrib
@@ -60,7 +59,10 @@ INSTALLED_APPS = [
     'activity',
     'member',
     'note',
+    'treasury',
+    'permission',
     'api',
+    'logs',
 ]
 LOGIN_REDIRECT_URL = '/note/transfer/'
 
@@ -92,6 +94,7 @@ TEMPLATES = [
                 'django.contrib.auth.context_processors.auth',
                 'django.contrib.messages.context_processors.messages',
                 'django.template.context_processors.request',
+                #  'django.template.context_processors.media',
             ],
         },
     },
@@ -123,29 +126,23 @@ PASSWORD_HASHERS = [
     'member.hashers.CustomNK15Hasher',
 ]
 
-# Django Guardian object permissions
-
 AUTHENTICATION_BACKENDS = (
-    'django.contrib.auth.backends.ModelBackend',  # this is default
-    'guardian.backends.ObjectPermissionBackend',
+    'permission.backends.PermissionBackend',  # Custom role-based permission system
 )
 
 REST_FRAMEWORK = {
-    # Use Django's standard `django.contrib.auth` permissions,
-    # or allow read-only access for unauthenticated users.
     'DEFAULT_PERMISSION_CLASSES': [
-        # TODO Maybe replace it with our custom permissions system
-        'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly'
+        # Control API access with our role-based permission system
+        'permission.permissions.StrongDjangoObjectPermissions',
     ],
     'DEFAULT_AUTHENTICATION_CLASSES': [
+        'rest_framework.authentication.SessionAuthentication',
         'rest_framework.authentication.TokenAuthentication',
-    ]
+    ],
+    'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination',
+    'PAGE_SIZE': 20,
 }
 
-ANONYMOUS_USER_NAME = None  # Disable guardian anonymous user
-
-GUARDIAN_GET_CONTENT_TYPE = 'polymorphic.contrib.guardian.get_polymorphic_base_content_type'
-
 # Internationalization
 # https://docs.djangoproject.com/en/2.2/topics/i18n/
 
@@ -176,10 +173,10 @@ FIXTURE_DIRS = [os.path.join(BASE_DIR, "note_kfet/fixtures")]
 # Don't put anything in this directory yourself; store your static files
 # in apps' "static/" subdirectories and in STATICFILES_DIRS.
 # Example: "/var/www/example.com/static/"
-STATIC_ROOT = os.path.realpath(__file__)
-STATICFILES_DIRS = [
-    os.path.join(BASE_DIR, 'static')]
-
+STATIC_ROOT = os.path.join(BASE_DIR, "static/")
+# STATICFILES_DIRS = [
+#    os.path.join(BASE_DIR, 'static')]
+STATICFILES_DIRS = []
 CRISPY_TEMPLATE_PACK = 'bootstrap4'
 DJANGO_TABLES2_TEMPLATE = 'django_tables2/bootstrap4.html'
 # URL prefix for static files.
@@ -188,3 +185,9 @@ STATIC_URL = '/static/'
 
 ALIAS_VALIDATOR_REGEX = r''
 
+MEDIA_ROOT = os.path.join(BASE_DIR, "media")
+MEDIA_URL = '/media/'
+
+# Profile Picture Settings
+PIC_WIDTH = 200
+PIC_RATIO = 1

note_kfet/settings/development.py

@@ -11,17 +11,30 @@
 #  - and more ...
 
 
+import os
+
 # Database
 # https://docs.djangoproject.com/en/2.2/ref/settings/#databases
 from . import *
-import os
 
-DATABASES = {
-    'default': {
-        'ENGINE': 'django.db.backends.sqlite3',
-        'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
+if os.getenv("DJANGO_DEV_STORE_METHOD", "sqllite") == "postgresql":
+    DATABASES = {
+        'default': {
+            'ENGINE': 'django.db.backends.postgresql_psycopg2',
+            'NAME': os.environ.get('DJANGO_DB_NAME', 'note_db'),
+            'USER': os.environ.get('DJANGO_DB_USER', 'note'),
+            'PASSWORD': os.environ.get('DJANGO_DB_PASSWORD', 'CHANGE_ME_IN_ENV_SETTINGS'),
+            'HOST': os.environ.get('DJANGO_DB_HOST', 'localhost'),
+            'PORT': os.environ.get('DJANGO_DB_PORT', ''),  # Use default port
+        }
+    }
+else:
+    DATABASES = {
+        'default': {
+            'ENGINE': 'django.db.backends.sqlite3',
+            'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
+        }
     }
-}
 
 # Break it, fix it!
 DEBUG = True
@@ -38,7 +51,7 @@ EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
 # EMAIL_HOST_USER = 'change_me'
 # EMAIL_HOST_PASSWORD = 'change_me'
 
-SERVER_EMAIL = 'no-reply@example.org'
+SERVER_EMAIL = 'no-reply@' + os.getenv("DOMAIN", "example.com")
 
 # Security settings
 SECURE_CONTENT_TYPE_NOSNIFF = False
@@ -48,3 +61,11 @@ CSRF_COOKIE_SECURE = False
 CSRF_COOKIE_HTTPONLY = False
 X_FRAME_OPTIONS = 'DENY'
 SESSION_COOKIE_AGE = 60 * 60 * 3
+
+# CAS Client settings
+# Can be modified in secrets.py
+CAS_SERVER_URL = "http://localhost:8000/cas/"
+
+STATIC_ROOT = ''  # not needed in development settings
+STATICFILES_DIRS = [
+    os.path.join(BASE_DIR, 'static')]

note_kfet/settings/production.py

@@ -1,6 +1,8 @@
 # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
+import os
+
 ########################
 # Production  Settings #
 ########################
@@ -14,11 +16,11 @@
 DATABASES = {
     'default': {
         'ENGINE': 'django.db.backends.postgresql_psycopg2',
-        'NAME': 'note_db',
-        'USER': 'note',
-        'PASSWORD': 'update_in_env_variable',
-        'HOST': '127.0.0.1',
-        'PORT': '',
+        'NAME': os.environ.get('DJANGO_DB_NAME', 'note_db'),
+        'USER': os.environ.get('DJANGO_DB_USER', 'note'),
+        'PASSWORD': os.environ.get('DJANGO_DB_PASSWORD', 'CHANGE_ME_IN_ENV_SETTINGS'),
+        'HOST': os.environ.get('DJANGO_DB_HOST', 'localhost'),
+        'PORT': os.environ.get('DJANGO_DB_PORT', ''),  # Use default port
     }
 }
 
@@ -26,7 +28,9 @@ DATABASES = {
 DEBUG = True
 
 # Mandatory !
-ALLOWED_HOSTS = ['127.0.0.1','note.comby.xyz']
+ALLOWED_HOSTS = [os.environ.get('NOTE_URL', 'localhost')]
+
+SECRET_KEY = os.environ.get('DJANGO_SECRET_KEY', 'CHANGE_ME_IN_ENV_SETTINGS')
 
 # Emails
 EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
@@ -37,7 +41,7 @@ EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
 # EMAIL_HOST_USER = 'change_me'
 # EMAIL_HOST_PASSWORD = 'change_me'
 
-SERVER_EMAIL = 'no-reply@example.org'
+SERVER_EMAIL = 'no-reply@' + os.getenv("DOMAIN", "example.com")
 
 # Security settings
 SECURE_CONTENT_TYPE_NOSNIFF = False
@@ -47,3 +51,6 @@ CSRF_COOKIE_SECURE = False
 CSRF_COOKIE_HTTPONLY = False
 X_FRAME_OPTIONS = 'DENY'
 SESSION_COOKIE_AGE = 60 * 60 * 3
+
+# CAS Client settings
+CAS_SERVER_URL = "https://" + os.getenv("NOTE_URL", "note.example.com") + "/cas/"

note_kfet/settings/secrets_example.py

@@ -0,0 +1,9 @@
+# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+# CAS
+OPTIONAL_APPS = [
+#    'cas_server',
+#    'cas',
+#    'debug_toolbar'
+]

note_kfet/urls.py

@@ -1,10 +1,14 @@
 # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
+from django.conf import settings
+from django.conf.urls.static import static
 from django.contrib import admin
 from django.urls import path, include
 from django.views.generic import RedirectView
 
+from member.views import CustomLoginView
+
 urlpatterns = [
     # Dev so redirect to something random
     path('', RedirectView.as_view(pattern_name='note:transfer'), name='index'),
@@ -13,13 +17,37 @@ urlpatterns = [
     path('note/', include('note.urls')),
     path('accounts/', include('member.urls')),
     path('activity/', include('activity.urls')),
+    path('treasury/', include('treasury.urls')),
 
     # Include Django Contrib and Core routers
     path('i18n/', include('django.conf.urls.i18n')),
-    path('accounts/', include('django.contrib.auth.urls')),
     path('admin/doc/', include('django.contrib.admindocs.urls')),
     path('admin/', admin.site.urls),
-
-    # Include Django REST API
+    path('accounts/', include('member.urls')),
+    path('accounts/login/', CustomLoginView.as_view()),
+    path('accounts/', include('django.contrib.auth.urls')),
     path('api/', include('api.urls')),
 ]
+
+urlpatterns += static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
+urlpatterns += static(settings.STATIC_URL, document_root=settings.STATIC_ROOT)
+
+
+if "cas_server" in settings.INSTALLED_APPS:
+    urlpatterns += [
+        # Include CAS Server routers
+        path('cas/', include('cas_server.urls', namespace="cas_server")),
+    ]
+if "cas" in settings.INSTALLED_APPS:
+    from cas import views as cas_views
+    urlpatterns += [
+        # Include CAS Client routers
+        path('accounts/login/cas/', cas_views.login, name='cas_login'),
+        path('accounts/logout/cas/', cas_views.logout, name='cas_logout'),
+
+    ]
+if "debug_toolbar" in settings.INSTALLED_APPS:
+    import debug_toolbar
+    urlpatterns = [
+        path('__debug__/', include(debug_toolbar.urls)),
+    ] + urlpatterns