Split settings between local and prod

annuaire/settings.py

@@ -1,165 +0,0 @@
-"""
-Django settings for annuaire project.
-
-Generated by 'django-admin startproject' using Django 2.2b1.
-
-For more information on this file, see
-https://docs.djangoproject.com/en/dev/topics/settings/
-
-For the full list of settings and their values, see
-https://docs.djangoproject.com/en/dev/ref/settings/
-"""
-
-import os
-from django.urls import reverse_lazy
-
-# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
-BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
-
-
-# Quick-start development settings - unsuitable for production
-# See https://docs.djangoproject.com/en/dev/howto/deployment/checklist/
-
-# SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = "84=n(@@wl(04oc$(-+3surgrlf&uq3=m)=(hpg$immi1h69s)p"
-
-# À bouger dans un ficher secret quand il sera créé ?
-LDAP = {
-    "SPI": {
-        "PROTOCOL": "ldaps",
-        "URL": "ldap.spi.ens.fr",
-        "PORT": 636,
-    },
-    "CRI": {
-        "PROTOCOL": "ldap",
-        "URL": "annuaire.ens.fr",
-        "PORT": 389,
-    },
-}
-
-ANNUAIRE = {
-    "PROTOCOL": "http",
-    "URL": "annuaireweb.ens.fr",
-    "PORT": 80,
-}
-
-# SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = True
-
-ALLOWED_HOSTS = []
-
-# Application definition
-
-INSTALLED_APPS = [
-    "django.contrib.admin",
-    "django.contrib.auth",
-    "django.contrib.contenttypes",
-    "django.contrib.sessions",
-    "django.contrib.messages",
-    "django.contrib.staticfiles",
-    "authens",
-    "fiches",
-]
-
-MIDDLEWARE = [
-    "django.middleware.security.SecurityMiddleware",
-    "django.contrib.sessions.middleware.SessionMiddleware",
-    "django.middleware.locale.LocaleMiddleware",
-    "django.middleware.common.CommonMiddleware",
-    "django.middleware.csrf.CsrfViewMiddleware",
-    "django.contrib.auth.middleware.AuthenticationMiddleware",
-    "django.contrib.messages.middleware.MessageMiddleware",
-    "django.middleware.clickjacking.XFrameOptionsMiddleware",
-]
-
-ROOT_URLCONF = "annuaire.urls"
-
-TEMPLATES = [
-    {
-        "BACKEND": "django.template.backends.django.DjangoTemplates",
-        "DIRS": [],
-        "APP_DIRS": True,
-        "OPTIONS": {
-            "context_processors": [
-                "django.template.context_processors.debug",
-                "django.template.context_processors.request",
-                "django.contrib.auth.context_processors.auth",
-                "django.contrib.messages.context_processors.messages",
-            ],
-        },
-    },
-]
-
-AUTHENTICATION_BACKENDS = (
-    "django.contrib.auth.backends.ModelBackend",
-    "fiches.backends.BackendFiches",
-)
-
-WSGI_APPLICATION = "annuaire.wsgi.application"
-
-
-# Database
-# https://docs.djangoproject.com/en/dev/ref/settings/#databases
-
-DATABASES = {
-    "default": {
-        "ENGINE": "django.db.backends.sqlite3",
-        "NAME": os.path.join(BASE_DIR, "db.sqlite3"),
-    }
-}
-
-
-# Password validation
-# https://docs.djangoproject.com/en/dev/ref/settings/#auth-password-validators
-
-AUTH_PASSWORD_VALIDATORS = [
-    {
-        "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
-    },
-    {
-        "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
-    },
-    {
-        "NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",
-    },
-    {
-        "NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",
-    },
-]
-
-
-# Internationalization
-# https://docs.djangoproject.com/en/dev/topics/i18n/
-
-LANGUAGE_CODE = "fr-fr"
-
-LANGUAGES = [
-    ("fr", "Français"),
-    ("en", "English"),
-]
-
-LOCALE_PATHS = [os.path.join(BASE_DIR, "locale")]
-
-TIME_ZONE = "UTC"
-
-USE_I18N = True
-
-USE_L10N = False
-
-USE_TZ = True
-
-
-# Static files (CSS, JavaScript, Images)
-# https://docs.djangoproject.com/en/dev/howto/static-files/
-
-STATIC_URL = "/static/"
-
-MEDIA_ROOT = os.path.join(BASE_DIR, "media")
-
-MEDIA_URL = "/media/"
-
-LOGIN_URL = reverse_lazy("authens:login")
-LOGOUT_REDIRECT_URL = reverse_lazy("home")
-AUTHENS_USE_OLDCAS = False
-
-EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend"

annuaire/settings/.gitignore

@@ -0,0 +1 @@
+secret.py

annuaire/settings/common.py

@@ -0,0 +1,130 @@
+"""
+Settings communs entre setups de dev et de production.
+"""
+
+import os
+import sys
+
+# ---
+# Secrets
+# ---
+
+try:
+    from . import secret
+except ImportError:
+    raise ImportError(
+        "The secret.py file is missing.\n"
+        "For a development environment, simply copy secret_example.py"
+    )
+
+
+def import_secret(name):
+    """
+    Shorthand for importing a value from the secret module and raising an
+    informative exception if a secret is missing.
+    """
+    try:
+        return getattr(secret, name)
+    except AttributeError:
+        raise RuntimeError("Secret missing: {}".format(name))
+
+
+SECRET_KEY = import_secret("SECRET_KEY")
+ADMINS = import_secret("ADMINS")
+SERVER_EMAIL = import_secret("SERVER_EMAIL")
+EMAIL_HOST = import_secret("EMAIL_HOST")
+
+
+# ---
+# Défauts Django
+# ---
+
+DEBUG = False  # False by default feels safer
+TESTING = len(sys.argv) > 1 and sys.argv[1] == "test"
+BASE_DIR = os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
+
+INSTALLED_APPS = [
+    "django.contrib.admin",
+    "django.contrib.auth",
+    "django.contrib.contenttypes",
+    "django.contrib.sessions",
+    "django.contrib.messages",
+    "django.contrib.staticfiles",
+    "django_cas_ng",
+    "fiches",
+]
+
+MIDDLEWARE = [
+    "django.middleware.security.SecurityMiddleware",
+    "django.contrib.sessions.middleware.SessionMiddleware",
+    "django.middleware.common.CommonMiddleware",
+    "django.middleware.csrf.CsrfViewMiddleware",
+    "django.contrib.auth.middleware.AuthenticationMiddleware",
+    "django.contrib.messages.middleware.MessageMiddleware",
+    "django.middleware.clickjacking.XFrameOptionsMiddleware",
+]
+
+ROOT_URLCONF = "annuaire.urls"
+
+TEMPLATES = [
+    {
+        "BACKEND": "django.template.backends.django.DjangoTemplates",
+        "DIRS": [],
+        "APP_DIRS": True,
+        "OPTIONS": {
+            "context_processors": [
+                "django.template.context_processors.debug",
+                "django.template.context_processors.request",
+                "django.contrib.auth.context_processors.auth",
+                "django.contrib.messages.context_processors.messages",
+            ],
+        },
+    },
+]
+
+AUTHENTICATION_BACKENDS = (
+    "django.contrib.auth.backends.ModelBackend",
+    "django_cas_ng.backends.CASBackend",
+)
+
+WSGI_APPLICATION = "annuaire.wsgi.application"
+
+# Internationalization
+# https://docs.djangoproject.com/en/dev/topics/i18n/
+
+LANGUAGE_CODE = "fr-fr"
+TIME_ZONE = "UTC"
+USE_I18N = True
+USE_L10N = True
+USE_TZ = True
+
+# ---
+# Settings CAS
+# ---
+
+CAS_SERVER_URL = "https://cas.eleves.ens.fr/"
+CAS_VERSION = "2"
+
+# ---
+# LDAP et annuaire ENS
+# ---
+
+# Est-ce vraiment nécessaire de les garder secrets ?
+LDAP = {
+    "SPI": {
+        "PROTOCOL": "ldaps",
+        "URL": "ldap.spi.ens.fr",
+        "PORT": 636,
+    },
+    "CRI": {
+        "PROTOCOL": "ldap",
+        "URL": "annuaire.ens.fr",
+        "PORT": 389,
+    },
+}
+
+ANNUAIRE = {
+    "PROTOCOL": "http",
+    "URL": "annuaireweb.ens.fr",
+    "PORT": 80,
+}

annuaire/settings/local.py

@@ -0,0 +1,62 @@
+"""
+Settings pour le dev local de l'annuaire (hors vagrant).
+"""
+
+import os
+
+from .common import *  # NOQA
+from .common import BASE_DIR, INSTALLED_APPS, MIDDLEWARE, TESTING
+
+# ---
+# Tweaks for debug/local development
+# ---
+
+ALLOWED_HOSTS = []
+
+DEBUG = True
+EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend"
+
+STATIC_URL = "/static/"
+MEDIA_URL = "/media/"
+MEDIA_ROOT = os.path.join(BASE_DIR, "media")
+
+DATABASES = {
+    "default": {
+        "ENGINE": "django.db.backends.sqlite3",
+        "NAME": os.path.join(BASE_DIR, "db.sqlite3"),
+    }
+}
+
+# Use the default cache backend for local development
+CACHES = {"default": {"BACKEND": "django.core.cache.backends.locmem.LocMemCache"}}
+
+# Pas besoin de sécurité en local
+AUTH_PASSWORD_VALIDATORS = []
+PASSWORD_HASHERS = ["django.contrib.auth.hashers.MD5PasswordHasher"]
+
+
+# ---
+# Debug tool bar
+# ---
+
+
+def show_toolbar(request):
+    """
+    On active la debug-toolbar en mode développement local sauf :
+    - dans l'admin où ça ne sert pas à grand chose;
+    - si la variable d'environnement DJANGO_NO_DDT est à 1 → ça permet de la désactiver
+      sans modifier ce fichier en exécutant `export DJANGO_NO_DDT=1` dans le terminal
+      qui lance `./manage.py runserver`.
+
+    Autre side effect de cette fonction : on ne fait pas la vérification de INTERNAL_IPS
+    que ferait la debug-toolbar par défaut, ce qui la fait fonctionner aussi à
+    l'intérieur de Vagrant (comportement non testé depuis un moment…)
+    """
+    env_no_ddt = bool(os.environ.get("DJANGO_NO_DDT", None))
+    return DEBUG and not env_no_ddt and not request.path.startswith("/admin/")
+
+
+if not TESTING:
+    INSTALLED_APPS += ["debug_toolbar"]
+    MIDDLEWARE = ["debug_toolbar.middleware.DebugToolbarMiddleware"] + MIDDLEWARE
+    DEBUG_TOOLBAR_CONFIG = {"SHOW_TOOLBAR_CALLBACK": show_toolbar}

annuaire/settings/prod.py

@@ -0,0 +1,81 @@
+"""
+Settings pour la mise en production de l'annuaire.
+"""
+
+import os
+
+from .common import *  # NOQA
+from .common import (
+    BASE_DIR,
+    import_secret,
+)
+
+# ---
+# Prod-specific secrets
+# ---
+
+REDIS_PASSWD = import_secret("REDIS_PASSWD")
+REDIS_DB = import_secret("REDIS_DB")
+REDIS_HOST = import_secret("REDIS_HOST")
+REDIS_PORT = import_secret("REDIS_PORT")
+
+DBNAME = import_secret("DBNAME")
+DBUSER = import_secret("DBUSER")
+DBPASSWD = import_secret("DBPASSWD")
+
+# ---
+# À modifier possiblement lors de la mise en production
+# ---
+
+ALLOWED_HOSTS = ["annuaire.eleves.ens.fr", "www.annuaire.eleves.ens.fr"]
+
+STATIC_ROOT = os.path.join(
+    os.path.dirname(os.path.dirname(BASE_DIR)), "public", "annuaire", "static"
+)
+
+STATIC_URL = "/static/"
+MEDIA_ROOT = os.path.join(os.path.dirname(BASE_DIR), "media")
+MEDIA_URL = "/media/"
+
+# ---
+# Cache settings
+# ---
+
+CACHES = {
+    "default": {
+        "BACKEND": "redis_cache.RedisCache",
+        "LOCATION": "redis://:{passwd}@{host}:{port}/{db}".format(
+            passwd=REDIS_PASSWD, host=REDIS_HOST, port=REDIS_PORT, db=REDIS_DB
+        ),
+    }
+}
+
+# ---
+# Prod database settings
+# ---
+
+DATABASES = {
+    "default": {
+        "ENGINE": "django.db.backends.postgresql_psycopg2",
+        "NAME": DBNAME,
+        "USER": DBUSER,
+        "PASSWORD": DBPASSWD,
+        "HOST": os.environ.get("DBHOST", "localhost"),
+    }
+}
+
+
+AUTH_PASSWORD_VALIDATORS = [
+    {
+        "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",  # noqa
+    },
+    {
+        "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
+    },
+    {
+        "NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",
+    },
+    {
+        "NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",
+    },
+]

annuaire/settings/secret_example.py

@@ -0,0 +1,15 @@
+SECRET_KEY = "$=kp$3e=xh)*4h8(_g#lprlmve_vs9_xv9hlgse%+uk9nhc==x"
+ADMINS = None
+SERVER_EMAIL = "root@localhost"
+EMAIL_HOST = None
+
+
+# Ne pas modifier si on utilise vagrant !
+DBUSER = "annuaire"
+DBNAME = "annuaire"
+DBPASSWD = "O1LxCADDA6Px5SiKvifjvdp3DSjfbp"
+
+REDIS_PASSWD = "dummy"
+REDIS_PORT = 6379
+REDIS_DB = 0
+REDIS_HOST = "127.0.0.1"

manage.py

@@ -5,7 +5,7 @@ import sys
 
 
 def main():
-    os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'annuaire.settings')
+    os.environ.setdefault("DJANGO_SETTINGS_MODULE", "annuaire.settings.local")
     try:
         from django.core.management import execute_from_command_line
     except ImportError as exc:
@@ -17,5 +17,5 @@ def main():
     execute_from_command_line(sys.argv)
 
 
-if __name__ == '__main__':
+if __name__ == "__main__":
     main()