Future-proof for django 4.0

Minor changes to make the code compatible with django 4.0

Note that we can't actually upgrade to django 4.0 because that requires
python 3.8, and www.eleves only has python 3.7, so we need to upgrade
www.eleves first.

.credentials/SECRET_KEY

@@ -1 +0,0 @@
-insecure-secret_key

.envrc

@@ -1 +0,0 @@
-use nix

.gitignore

@@ -3,4 +3,3 @@ venv
 .*.swp
 *.pyc
 *.sqlite3
-.direnv

WikiENS/.gitignore

@@ -0,0 +1 @@
+settings.py

WikiENS/settings/.gitignore

@@ -0,0 +1 @@
+secret.py

WikiENS/settings/common.py

@@ -1,55 +1,45 @@
-"""
-Django settings for the wiki_ens project
-"""
+import os
 
-from pathlib import Path
+from django.urls import reverse_lazy
 
 from django.contrib.messages import constants as messages
-from django.urls import reverse_lazy
-from django.utils.translation import gettext_lazy as _
-from loadcredential import Credentials
 
-credentials = Credentials(env_prefix="WIKIENS_")
-
-# Build paths inside the project like this: BASE_DIR / 'subdir'.
-BASE_DIR = Path(__file__).resolve().parent.parent
-
-# WARNING: keep the secret key used in production secret!
-SECRET_KEY = credentials["SECRET_KEY"]
-
-# WARNING: don't run with debug turned on in production!
-DEBUG = credentials.get_json("DEBUG", False)
-
-ALLOWED_HOSTS = credentials.get_json("ALLOWED_HOSTS", [])
-
-ADMINS = credentials.get_json("ADMINS", [])
-
-SITE_ID = 1
-
-
-###
-# Logging configuration
-
-LOGGING = credentials.get_json(
-    "LOGGING",
-    {
-        "version": 1,
-        "disable_existing_loggers": False,
-        "handlers": {
-            "console": {
-                "class": "logging.StreamHandler",
-            },
-        },
-        "root": {
-            "handlers": ["console"],
-            "level": credentials.get("LOG_LEVEL", "WARNING"),
-        },
-    },
+try:
+    from . import secret
+except ImportError:
+    import pathlib
+    dir_path = pathlib.Path(__file__).parent.resolve().as_posix()
+    raise ImportError(
+        "The secret.py file is missing.\n"
+        "For a development environment, simply copy secret_example.py:\n"
+        f" $ cp {dir_path}/{{secret_example,secret}}.py"
     )
 
 
-###
-# List the installed applications
+def import_secret(name):
+    """
+    Shorthand for importing a value from the secret module and raising an
+    informative exception if a secret is missing.
+    """
+    try:
+        return getattr(secret, name)
+    except AttributeError:
+        raise RuntimeError("Secret missing: {}".format(name))
+
+
+SECRET_KEY = import_secret("SECRET_KEY")
+ADMINS = import_secret("ADMINS")
+MANAGERS = ADMINS
+EMAIL_HOST = import_secret("EMAIL_HOST")
+
+DBNAME = import_secret("DBNAME")
+DBUSER = import_secret("DBUSER")
+DBPASSWD = import_secret("DBPASSWD")
+
+SERVER_EMAIL = "wiki@www.eleves.ens.fr"
+
+BASE_DIR = os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
+
 
 INSTALLED_APPS = [
     "django.contrib.admin",
@@ -79,10 +69,6 @@ INSTALLED_APPS = [
     "allauth_ens.providers.clipper",
 ]
 
-
-###
-# List the installed middlewares
-
 MIDDLEWARE = [
     "django.middleware.security.SecurityMiddleware",
     "django.contrib.sessions.middleware.SessionMiddleware",
@@ -91,21 +77,9 @@ MIDDLEWARE = [
     "django.contrib.auth.middleware.AuthenticationMiddleware",
     "django.contrib.messages.middleware.MessageMiddleware",
     "django.middleware.clickjacking.XFrameOptionsMiddleware",
-    "allauth.account.middleware.AccountMiddleware",
 ]
 
-
-###
-# The main url configuration
-
-ROOT_URLCONF = "app.urls"
-
-
-###
-# Template configuration:
-#   - Django Templating Language is used
-#   - Application directories can be used
-
+ROOT_URLCONF = "WikiENS.urls"
 
 TEMPLATES = [
     {
@@ -119,72 +93,66 @@ TEMPLATES = [
                 "django.contrib.auth.context_processors.auth",
                 "django.contrib.messages.context_processors.messages",
                 "sekizai.context_processors.sekizai",
-            ],
-        },
+            ]
         },
+    }
 ]
 
+WSGI_APPLICATION = "WikiENS.wsgi.application"
 
-###
-# Database configuration
-#   -> https://docs.djangoproject.com/en/4.2/ref/settings/#databases
+SITE_ID = 1
+
+
+# Database
+# https://docs.djangoproject.com/en/1.11/ref/settings/#databases
+
+DATABASES = {
+    "default": {
+        "ENGINE": "django.db.backends.postgresql",
+        "NAME": DBNAME,
+        "USER": DBUSER,
+        "PASSWORD": DBPASSWD,
+        "HOST": "",
+    }
+}
 
 DEFAULT_AUTO_FIELD = "django.db.models.AutoField"
 
-DATABASES = credentials.get_json(
-    "DATABASES",
+# Password validation
+# https://docs.djangoproject.com/en/1.11/ref/settings/#auth-password-validators
+
+AUTH_PASSWORD_VALIDATORS = [
     {
-        "default": {
-            "ENGINE": "django.db.backends.sqlite3",
-            "NAME": BASE_DIR / "db.sqlite3",
-        }
-    },
+        "NAME": (
+            # XXX. Cette chaîne est très longue… Je la coupe en deux sinon
+            # black ne me fiche pas la paix (mais c'est vraiment nul)
+            "django.contrib.auth.password_validation."
+            "UserAttributeSimilarityValidator"
         )
-
-CACHES = credentials.get_json(
-    "CACHES",
-    default={
-        "default": {
-            "BACKEND": "django.core.cache.backends.locmem.LocMemCache",
     },
-    },
-)
-
-
-###
-# WSGI application configuration
-
-WSGI_APPLICATION = "app.wsgi.application"
-
-
-###
-# Staticfiles configuration
-
-STATIC_ROOT = credentials["STATIC_ROOT"]
-STATIC_URL = "/static/"
-
-MEDIA_ROOT = credentials.get("MEDIA_ROOT", BASE_DIR / "media")
-MEDIA_URL = "/media/"
-
-
-###
-# Internationalization configuration
-#   -> https://docs.djangoproject.com/en/4.2/topics/i18n/
-
-LANGUAGE_CODE = "fr-fr"
-TIME_ZONE = "Europe/Paris"
-
-USE_I18N = True
-USE_L10N = True
-USE_TZ = True
-
-LANGUAGES = [
-    ("fr", _("Français")),
+    {"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator"},
+    {"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator"},
+    {"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator"},
 ]
 
 
-###
-# Authentication configuration
+# Internationalization
+# https://docs.djangoproject.com/en/1.11/topics/i18n/
+
+LANGUAGE_CODE = "fr-fr"
+
+TIME_ZONE = "Europe/Paris"
+
+USE_I18N = True
+
+USE_L10N = True
+
+USE_TZ = True
+
+
+# Authentication
+# https://docs.djangoproject.com/en/1.11/ref/settings/#auth
+# https://django-allauth.readthedocs.io/en/latest/index.html
 
 AUTHENTICATION_BACKENDS = [
     "allauth.account.auth_backends.AuthenticationBackend",
@@ -211,25 +179,19 @@ ACCOUNT_USER_DISPLAY = _user_display
 
 SOCIALACCOUNT_PROVIDERS = {
     "clipper": {
-        "APP": {
         "MESSAGE_SUGGEST_LOGOUT_ON_LOGOUT": True,
         "MESSAGE_SUGGEST_LOGOUT_ON_LOGOUT_LEVEL": messages.INFO,
     },
 }
-}
 
-AUTH_PASSWORD_VALIDATORS = [
-    {"NAME": f"django.contrib.auth.password_validation.{v}"}
-    for v in [
-        "UserAttributeSimilarityValidator",
-        "MinimumLengthValidator",
-        "CommonPasswordValidator",
-        "NumericPasswordValidator",
-    ]
-]
 
-###
-# Wiki configuration
+# Static / media contents
+
+STATIC_URL = "/_static/"
+MEDIA_URL = "/_media/"
+
+
+# WIKI SETTINGS
 
 WIKI_ATTACHMENTS_EXTENSIONS = [
     "pdf",
@@ -251,6 +213,12 @@ WIKI_ATTACHMENTS_EXTENSIONS = [
 WIKI_REVISIONS_PER_HOUR = 180
 WIKI_REVISIONS_PER_MINUTES = 180
 
+# Dark magic - tell django to use X-Forwarded-*
+# This is needed for django-allauth-cas, see
+# https://blog.ubuntu.com/2015/08/18/django-behind-a-proxy-fixing-absolute-urls
+USE_X_FORWARDED_HOST = True
+SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
+
 # Use sign up, login, logout, profile settings views of allauth.
 WIKI_ACCOUNT_HANDLING = False
 
@@ -262,10 +230,3 @@ WIKI_ACCOUNT_SIGNUP_ALLOWED = True
 # will be treated as the others_write boolean field on models.Article.
 WIKI_ANONYMOUS_WRITE = False
 WIKI_ANONYMOUS = False
-
-
-# FIXME: Add correct email settings
-
-# Development settings
-if DEBUG:
-    EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend"

WikiENS/settings/local.py

@@ -0,0 +1,16 @@
+import os
+
+
+from .common import *  # noqa
+from .common import BASE_DIR
+
+
+EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend"
+DEBUG = True
+
+DATABASES = {
+    "default": {
+        "ENGINE": "django.db.backends.sqlite3",
+        "NAME": os.path.join(BASE_DIR, "db.sqlite3"),
+    }
+}

WikiENS/settings/prod.py

@@ -0,0 +1,11 @@
+import os
+
+from .common import *  # noqa
+from .common import BASE_DIR
+
+
+DEBUG = False
+ALLOWED_HOSTS = ["www.eleves.ens.fr", "wiki.eleves.ens.fr"]
+
+STATIC_ROOT = os.path.join(BASE_DIR, "..", "static")
+MEDIA_ROOT = os.path.join(BASE_DIR, "..", "media")

WikiENS/settings/secret_example.py

@@ -0,0 +1,7 @@
+SECRET_KEY = "_u5q4-^1qgkqg=i5o5ha*xkd@82#l$e+%m)$v+4y#t-5!g-%g2"
+ADMINS = None
+EMAIL_HOST = "localhost"
+
+DBNAME = "wiki"
+DBUSER = "wiki"
+DBPASSWD = "dummy"

WikiENS/urls.py

@@ -0,0 +1,22 @@
+from django.conf.urls import include
+from django.urls import re_path
+from django.contrib import admin
+
+from allauth_ens.views import capture_login, capture_logout
+
+allauth_urls = [
+    # Catch login/logout views of admin site.
+    re_path(r'^_admin/login/$', capture_login),
+    re_path(r'^_admin/logout/$', capture_logout),
+    # Allauth urls.
+    re_path(r'^_profil/', include('allauth.urls')),
+]
+
+urlpatterns = allauth_urls + [
+    re_path(r'^_admin/', admin.site.urls),
+    re_path(r'^notifications/', include('django_nyt.urls')),
+    re_path(r'^_groups/', include("wiki_groups.urls")),
+    re_path(r'', include('wiki.urls')),
+]
+
+# TODO add MEDIA_ROOT

WikiENS/wsgi.py

@@ -11,6 +11,6 @@ import os
 
 from django.core.wsgi import get_wsgi_application
 
-os.environ.setdefault("DJANGO_SETTINGS_MODULE", "app.settings")
+os.environ.setdefault("DJANGO_SETTINGS_MODULE", "WikiENS.settings")
 
 application = get_wsgi_application()

app/urls.py

@@ -1,20 +0,0 @@
-from allauth_ens.views import capture_login, capture_logout
-from django.contrib import admin
-from django.urls import include, path
-
-allauth_urls = [
-    # Catch login/logout views of admin site.
-    path("_admin/login/", capture_login),
-    path("_admin/logout/", capture_logout),
-    # Allauth urls.
-    path("_profil/", include("allauth.urls")),
-]
-
-urlpatterns = allauth_urls + [
-    path("_admin/", admin.site.urls),
-    path("notifications/", include("django_nyt.urls")),
-    path("_groups/", include("wiki_groups.urls")),
-    path("", include("wiki.urls")),
-]
-
-# TODO add MEDIA_ROOT

default.nix

@@ -1,45 +0,0 @@
-{
-  sources ? import ./npins,
-  pkgs ? import sources.nixpkgs { },
-}:
-
-let
-  nix-pkgs = import sources.nix-pkgs { inherit pkgs; };
-
-  python3 = pkgs.python3.override {
-    packageOverrides = _: _: {
-      inherit (nix-pkgs) django-allauth-ens django-wiki loadcredential;
-    };
-  };
-in
-
-{
-  devShell = pkgs.mkShell {
-    name = "annuaire.dev";
-
-    packages = [
-      (python3.withPackages (ps: [
-        ps.django
-        ps.django-allauth-ens
-        ps.django-wiki
-        ps.loadcredential
-        ps.tinycss2
-      ]))
-    ];
-
-    env = {
-      DJANGO_SETTINGS_MODULE = "app.settings";
-
-      CREDENTIALS_DIRECTORY = builtins.toString ./.credentials;
-
-      WIKIENS_DEBUG = builtins.toJSON true;
-      WIKIENS_STATIC_ROOT = builtins.toString ./.static;
-    };
-
-    shellHook = ''
-      if [ ! -d .static ]; then
-        mkdir .static
-      fi
-    '';
-  };
-}

manage.py

@@ -3,7 +3,7 @@ import os
 import sys
 
 if __name__ == "__main__":
-    os.environ.setdefault("DJANGO_SETTINGS_MODULE", "app.settings")
+    os.environ.setdefault("DJANGO_SETTINGS_MODULE", "WikiENS.settings.local")
     try:
         from django.core.management import execute_from_command_line
     except ImportError:

npins/default.nix

@@ -1,80 +0,0 @@
-# Generated by npins. Do not modify; will be overwritten regularly
-let
-  data = builtins.fromJSON (builtins.readFile ./sources.json);
-  version = data.version;
-
-  mkSource =
-    spec:
-    assert spec ? type;
-    let
-      path =
-        if spec.type == "Git" then
-          mkGitSource spec
-        else if spec.type == "GitRelease" then
-          mkGitSource spec
-        else if spec.type == "PyPi" then
-          mkPyPiSource spec
-        else if spec.type == "Channel" then
-          mkChannelSource spec
-        else
-          builtins.throw "Unknown source type ${spec.type}";
-    in
-    spec // { outPath = path; };
-
-  mkGitSource =
-    {
-      repository,
-      revision,
-      url ? null,
-      hash,
-      branch ? null,
-      ...
-    }:
-    assert repository ? type;
-    # At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository
-    # In the latter case, there we will always be an url to the tarball
-    if url != null then
-      (builtins.fetchTarball {
-        inherit url;
-        sha256 = hash; # FIXME: check nix version & use SRI hashes
-      })
-    else
-      assert repository.type == "Git";
-      let
-        urlToName =
-          url: rev:
-          let
-            matched = builtins.match "^.*/([^/]*)(\\.git)?$" repository.url;
-
-            short = builtins.substring 0 7 rev;
-
-            appendShort = if (builtins.match "[a-f0-9]*" rev) != null then "-${short}" else "";
-          in
-          "${if matched == null then "source" else builtins.head matched}${appendShort}";
-        name = urlToName repository.url revision;
-      in
-      builtins.fetchGit {
-        url = repository.url;
-        rev = revision;
-        inherit name;
-        # hash = hash;
-      };
-
-  mkPyPiSource =
-    { url, hash, ... }:
-    builtins.fetchurl {
-      inherit url;
-      sha256 = hash;
-    };
-
-  mkChannelSource =
-    { url, hash, ... }:
-    builtins.fetchTarball {
-      inherit url;
-      sha256 = hash;
-    };
-in
-if version == 3 then
-  builtins.mapAttrs (_: mkSource) data.pins
-else
-  throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`"

npins/sources.json

@@ -1,22 +0,0 @@
-{
-  "pins": {
-    "nix-pkgs": {
-      "type": "Git",
-      "repository": {
-        "type": "Git",
-        "url": "https://git.hubrecht.ovh/hubrecht/nix-pkgs"
-      },
-      "branch": "main",
-      "revision": "6f56463c0034d4162dabb98ee8e70d6c43214ac0",
-      "url": null,
-      "hash": "0dqm2n88f0yl63wacizwpjrcv51arz5z31nhwbjcbyjxrwiwxamq"
-    },
-    "nixpkgs": {
-      "type": "Channel",
-      "name": "nixpkgs-unstable",
-      "url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.11pre694416.ccc0c2126893/nixexprs.tar.xz",
-      "hash": "0cn1z4wzps8nfqxzr6l5mbn81adcqy2cy2ic70z13fhzicmxfsbx"
-    }
-  },
-  "version": 3
-}

requirements.txt

@@ -0,0 +1,3 @@
+Django==3.2.*
+git+https://git.eleves.ens.fr/klub-dev-ens/django-allauth-ens.git@1.1.3
+wiki==0.7.*

requirements_prod.txt

@@ -0,0 +1,3 @@
+-r requirements.txt
+psycopg2
+gunicorn

shell.nix

@@ -1 +0,0 @@
-(import ./. { }).devShell