Merge branch 'master' into prod

.credentials/SECRET_KEY

@@ -1 +0,0 @@
-insecure-secret_key

.envrc

@@ -1 +0,0 @@
-use nix

.gitignore

@@ -3,4 +3,3 @@ venv
 .*.swp
 *.pyc
 *.sqlite3
-.direnv

WikiENS/.gitignore

@@ -0,0 +1 @@
+settings.py

WikiENS/settings/.gitignore

@@ -0,0 +1 @@
+secret.py

WikiENS/settings/common.py

@@ -1,34 +1,42 @@
-"""
-Django settings for the wiki_ens project
-"""
+import os
 
-from pathlib import Path
+from django.urls import reverse_lazy
 
 from django.contrib.messages import constants as messages
-from django.urls import reverse_lazy
-from django.utils.translation import gettext_lazy as _
-from loadcredential import Credentials
 
-credentials = Credentials(env_prefix="WIKIENS_")
-
-# Build paths inside the project like this: BASE_DIR / 'subdir'.
-BASE_DIR = Path(__file__).resolve().parent.parent
-
-# WARNING: keep the secret key used in production secret!
-SECRET_KEY = credentials["SECRET_KEY"]
-
-# WARNING: don't run with debug turned on in production!
-DEBUG = credentials.get_json("DEBUG", False)
-
-ALLOWED_HOSTS = credentials.get_json("ALLOWED_HOSTS", [])
-
-ADMINS = credentials.get_json("ADMINS", [])
-
-SITE_ID = 1
+try:
+    from . import secret
+except ImportError:
+    raise ImportError(
+        "The secret.py file is missing.\n"
+        "For a development environment, simply copy secret_example.py"
+    )
 
 
-###
-# List the installed applications
+def import_secret(name):
+    """
+    Shorthand for importing a value from the secret module and raising an
+    informative exception if a secret is missing.
+    """
+    try:
+        return getattr(secret, name)
+    except AttributeError:
+        raise RuntimeError("Secret missing: {}".format(name))
+
+
+SECRET_KEY = import_secret("SECRET_KEY")
+ADMINS = import_secret("ADMINS")
+MANAGERS = ADMINS
+EMAIL_HOST = import_secret("EMAIL_HOST")
+
+DBNAME = import_secret("DBNAME")
+DBUSER = import_secret("DBUSER")
+DBPASSWD = import_secret("DBPASSWD")
+
+SERVER_EMAIL = "wiki@www.eleves.ens.fr"
+
+BASE_DIR = os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
+
 
 INSTALLED_APPS = [
     "django.contrib.admin",
@@ -58,10 +66,6 @@ INSTALLED_APPS = [
     "allauth_ens.providers.clipper",
 ]
 
-
-###
-# List the installed middlewares
-
 MIDDLEWARE = [
     "django.middleware.security.SecurityMiddleware",
     "django.contrib.sessions.middleware.SessionMiddleware",
@@ -70,21 +74,9 @@ MIDDLEWARE = [
     "django.contrib.auth.middleware.AuthenticationMiddleware",
     "django.contrib.messages.middleware.MessageMiddleware",
     "django.middleware.clickjacking.XFrameOptionsMiddleware",
-    "allauth.account.middleware.AccountMiddleware",
 ]
 
-
-###
-# The main url configuration
-
-ROOT_URLCONF = "app.urls"
-
-
-###
-# Template configuration:
-#   - Django Templating Language is used
-#   - Application directories can be used
-
+ROOT_URLCONF = "WikiENS.urls"
 
 TEMPLATES = [
     {
@@ -98,72 +90,65 @@ TEMPLATES = [
                 "django.contrib.auth.context_processors.auth",
                 "django.contrib.messages.context_processors.messages",
                 "sekizai.context_processors.sekizai",
-            ],
+            ]
         },
+    }
+]
+
+WSGI_APPLICATION = "WikiENS.wsgi.application"
+
+SITE_ID = 1
+
+
+# Database
+# https://docs.djangoproject.com/en/1.11/ref/settings/#databases
+
+DATABASES = {
+    "default": {
+        "ENGINE": "django.db.backends.postgresql",
+        "NAME": DBNAME,
+        "USER": DBUSER,
+        "PASSWORD": DBPASSWD,
+        "HOST": "",
+    }
+}
+
+
+# Password validation
+# https://docs.djangoproject.com/en/1.11/ref/settings/#auth-password-validators
+
+AUTH_PASSWORD_VALIDATORS = [
+    {
+        "NAME": (
+            # XXX. Cette chaîne est très longue… Je la coupe en deux sinon
+            # black ne me fiche pas la paix (mais c'est vraiment nul)
+            "django.contrib.auth.password_validation."
+            "UserAttributeSimilarityValidator"
+        )
     },
+    {"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator"},
+    {"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator"},
+    {"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator"},
 ]
 
 
-###
-# Database configuration
-#   -> https://docs.djangoproject.com/en/4.2/ref/settings/#databases
-
-DEFAULT_AUTO_FIELD = "django.db.models.AutoField"
-
-DATABASES = credentials.get_json(
-    "DATABASES",
-    {
-        "default": {
-            "ENGINE": "django.db.backends.sqlite3",
-            "NAME": BASE_DIR / "db.sqlite3",
-        }
-    },
-)
-
-CACHES = credentials.get_json(
-    "CACHES",
-    default={
-        "default": {
-            "BACKEND": "django.core.cache.backends.locmem.LocMemCache",
-        },
-    },
-)
-
-
-###
-# WSGI application configuration
-
-WSGI_APPLICATION = "app.wsgi.application"
-
-
-###
-# Staticfiles configuration
-
-STATIC_ROOT = credentials["STATIC_ROOT"]
-STATIC_URL = "/static/"
-
-MEDIA_ROOT = credentials.get("MEDIA_ROOT", BASE_DIR / "media")
-MEDIA_URL = "/media/"
-
-
-###
-# Internationalization configuration
-#   -> https://docs.djangoproject.com/en/4.2/topics/i18n/
+# Internationalization
+# https://docs.djangoproject.com/en/1.11/topics/i18n/
 
 LANGUAGE_CODE = "fr-fr"
+
 TIME_ZONE = "Europe/Paris"
 
 USE_I18N = True
+
 USE_L10N = True
+
 USE_TZ = True
 
-LANGUAGES = [
-    ("fr", _("Français")),
-]
 
-
-###
-# Authentication configuration
+# Authentication
+# https://docs.djangoproject.com/en/1.11/ref/settings/#auth
+# https://django-allauth.readthedocs.io/en/latest/index.html
 
 AUTHENTICATION_BACKENDS = [
     "allauth.account.auth_backends.AuthenticationBackend",
@@ -195,18 +180,14 @@ SOCIALACCOUNT_PROVIDERS = {
     },
 }
 
-AUTH_PASSWORD_VALIDATORS = [
-    {"NAME": f"django.contrib.auth.password_validation.{v}"}
-    for v in [
-        "UserAttributeSimilarityValidator",
-        "MinimumLengthValidator",
-        "CommonPasswordValidator",
-        "NumericPasswordValidator",
-    ]
-]
 
-###
-# Wiki configuration
+# Static / media contents
+
+STATIC_URL = "/_static/"
+MEDIA_URL = "/_media/"
+
+
+# WIKI SETTINGS
 
 WIKI_ATTACHMENTS_EXTENSIONS = [
     "pdf",
@@ -228,6 +209,12 @@ WIKI_ATTACHMENTS_EXTENSIONS = [
 WIKI_REVISIONS_PER_HOUR = 180
 WIKI_REVISIONS_PER_MINUTES = 180
 
+# Dark magic - tell django to use X-Forwarded-*
+# This is needed for django-allauth-cas, see
+# https://blog.ubuntu.com/2015/08/18/django-behind-a-proxy-fixing-absolute-urls
+USE_X_FORWARDED_HOST = True
+SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
+
 # Use sign up, login, logout, profile settings views of allauth.
 WIKI_ACCOUNT_HANDLING = False
 
@@ -239,10 +226,3 @@ WIKI_ACCOUNT_SIGNUP_ALLOWED = True
 # will be treated as the others_write boolean field on models.Article.
 WIKI_ANONYMOUS_WRITE = False
 WIKI_ANONYMOUS = False
-
-
-# FIXME: Add correct email settings
-
-# Development settings
-if DEBUG:
-    EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend"

WikiENS/settings/local.py

@@ -0,0 +1,16 @@
+import os
+
+
+from .common import *  # noqa
+from .common import BASE_DIR
+
+
+EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend"
+DEBUG = True
+
+DATABASES = {
+    "default": {
+        "ENGINE": "django.db.backends.sqlite3",
+        "NAME": os.path.join(BASE_DIR, "db.sqlite3"),
+    }
+}

WikiENS/settings/prod.py

@@ -0,0 +1,11 @@
+import os
+
+from .common import *  # noqa
+from .common import BASE_DIR
+
+
+DEBUG = False
+ALLOWED_HOSTS = ["www.eleves.ens.fr", "wiki.eleves.ens.fr"]
+
+STATIC_ROOT = os.path.join(BASE_DIR, "..", "static")
+MEDIA_ROOT = os.path.join(BASE_DIR, "..", "media")

WikiENS/settings/secret_example.py

@@ -0,0 +1,7 @@
+SECRET_KEY = "_u5q4-^1qgkqg=i5o5ha*xkd@82#l$e+%m)$v+4y#t-5!g-%g2"
+ADMINS = None
+EMAIL_HOST = "localhost"
+
+DBNAME = "wiki"
+DBUSER = "wiki"
+DBPASSWD = "dummy"

WikiENS/urls.py

@@ -0,0 +1,26 @@
+from django.conf.urls import url, include
+from django.contrib import admin
+
+from allauth_ens.views import capture_login, capture_logout
+from wiki.urls import get_pattern as get_wiki_pattern
+from django_nyt.urls import get_pattern as get_nyt_pattern
+
+from .views import HealthCheck
+
+allauth_urls = [
+    # Catch login/logout views of admin site.
+    url(r"^_admin/login/$", capture_login),
+    url(r"^_admin/logout/$", capture_logout),
+    # Allauth urls.
+    url(r"^_profil/", include("allauth.urls")),
+]
+
+urlpatterns = allauth_urls + [
+    url(r"^_admin/", admin.site.urls),
+    url(r"^notifications/", get_nyt_pattern()),
+    url(r"^_groups/", include("wiki_groups.urls")),
+    url(r"^_health/", HealthCheck.as_view()),
+    url(r"", get_wiki_pattern()),
+]
+
+# TODO add MEDIA_ROOT

WikiENS/views.py

@@ -0,0 +1,9 @@
+from django.http import HttpResponse
+from django.views import View
+
+
+class HealthCheck(View):
+    http_method_names = ["get", "head"]
+
+    def get(self, request, *args, **kwargs):
+        return HttpResponse("OK")

WikiENS/wsgi.py

@@ -11,6 +11,6 @@ import os
 
 from django.core.wsgi import get_wsgi_application
 
-os.environ.setdefault("DJANGO_SETTINGS_MODULE", "app.settings")
+os.environ.setdefault("DJANGO_SETTINGS_MODULE", "WikiENS.settings")
 
 application = get_wsgi_application()

app/urls.py

@@ -1,20 +0,0 @@
-from allauth_ens.views import capture_login, capture_logout
-from django.contrib import admin
-from django.urls import include, path
-
-allauth_urls = [
-    # Catch login/logout views of admin site.
-    path("admin/login/", capture_login),
-    path("admin/logout/", capture_logout),
-    # Allauth urls.
-    path("profil/", include("allauth.urls")),
-]
-
-urlpatterns = allauth_urls + [
-    path("_admin/", admin.site.urls),
-    path("notifications/", include("django_nyt.urls")),
-    path("_groups/", include("wiki_groups.urls")),
-    path("", include("wiki.urls")),
-]
-
-# TODO add MEDIA_ROOT

default.nix

@@ -1,45 +0,0 @@
-{
-  sources ? import ./npins,
-  pkgs ? import sources.nixpkgs { },
-}:
-
-let
-  nix-pkgs = import sources.nix-pkgs { inherit pkgs; };
-
-  python3 = pkgs.python3.override {
-    packageOverrides = _: _: {
-      inherit (nix-pkgs) django-allauth-ens django-wiki loadcredential;
-    };
-  };
-in
-
-{
-  devShell = pkgs.mkShell {
-    name = "annuaire.dev";
-
-    packages = [
-      (python3.withPackages (ps: [
-        ps.django
-        ps.django-allauth-ens
-        ps.django-wiki
-        ps.loadcredential
-        ps.tinycss2
-      ]))
-    ];
-
-    env = {
-      DJANGO_SETTINGS_MODULE = "app.settings";
-
-      CREDENTIALS_DIRECTORY = builtins.toString ./.credentials;
-
-      WIKIENS_DEBUG = builtins.toJSON true;
-      WIKIENS_STATIC_ROOT = builtins.toString ./.static;
-    };
-
-    shellHook = ''
-      if [ ! -d .static ]; then
-        mkdir .static
-      fi
-    '';
-  };
-}

manage.py

@@ -3,7 +3,7 @@ import os
 import sys
 
 if __name__ == "__main__":
-    os.environ.setdefault("DJANGO_SETTINGS_MODULE", "app.settings")
+    os.environ.setdefault("DJANGO_SETTINGS_MODULE", "WikiENS.settings.local")
     try:
         from django.core.management import execute_from_command_line
     except ImportError:

npins/default.nix

@@ -1,80 +0,0 @@
-# Generated by npins. Do not modify; will be overwritten regularly
-let
-  data = builtins.fromJSON (builtins.readFile ./sources.json);
-  version = data.version;
-
-  mkSource =
-    spec:
-    assert spec ? type;
-    let
-      path =
-        if spec.type == "Git" then
-          mkGitSource spec
-        else if spec.type == "GitRelease" then
-          mkGitSource spec
-        else if spec.type == "PyPi" then
-          mkPyPiSource spec
-        else if spec.type == "Channel" then
-          mkChannelSource spec
-        else
-          builtins.throw "Unknown source type ${spec.type}";
-    in
-    spec // { outPath = path; };
-
-  mkGitSource =
-    {
-      repository,
-      revision,
-      url ? null,
-      hash,
-      branch ? null,
-      ...
-    }:
-    assert repository ? type;
-    # At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository
-    # In the latter case, there we will always be an url to the tarball
-    if url != null then
-      (builtins.fetchTarball {
-        inherit url;
-        sha256 = hash; # FIXME: check nix version & use SRI hashes
-      })
-    else
-      assert repository.type == "Git";
-      let
-        urlToName =
-          url: rev:
-          let
-            matched = builtins.match "^.*/([^/]*)(\\.git)?$" repository.url;
-
-            short = builtins.substring 0 7 rev;
-
-            appendShort = if (builtins.match "[a-f0-9]*" rev) != null then "-${short}" else "";
-          in
-          "${if matched == null then "source" else builtins.head matched}${appendShort}";
-        name = urlToName repository.url revision;
-      in
-      builtins.fetchGit {
-        url = repository.url;
-        rev = revision;
-        inherit name;
-        # hash = hash;
-      };
-
-  mkPyPiSource =
-    { url, hash, ... }:
-    builtins.fetchurl {
-      inherit url;
-      sha256 = hash;
-    };
-
-  mkChannelSource =
-    { url, hash, ... }:
-    builtins.fetchTarball {
-      inherit url;
-      sha256 = hash;
-    };
-in
-if version == 3 then
-  builtins.mapAttrs (_: mkSource) data.pins
-else
-  throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`"

npins/sources.json

@@ -1,22 +0,0 @@
-{
-  "pins": {
-    "nix-pkgs": {
-      "type": "Git",
-      "repository": {
-        "type": "Git",
-        "url": "https://git.hubrecht.ovh/hubrecht/nix-pkgs"
-      },
-      "branch": "main",
-      "revision": "6f56463c0034d4162dabb98ee8e70d6c43214ac0",
-      "url": null,
-      "hash": "0dqm2n88f0yl63wacizwpjrcv51arz5z31nhwbjcbyjxrwiwxamq"
-    },
-    "nixpkgs": {
-      "type": "Channel",
-      "name": "nixpkgs-unstable",
-      "url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.11pre694416.ccc0c2126893/nixexprs.tar.xz",
-      "hash": "0cn1z4wzps8nfqxzr6l5mbn81adcqy2cy2ic70z13fhzicmxfsbx"
-    }
-  },
-  "version": 3
-}

requirements.txt

@@ -0,0 +1,3 @@
+Django==2.2.*
+git+https://git.eleves.ens.fr/klub-dev-ens/django-allauth-ens.git@1.1.3
+wiki==0.7

requirements_prod.txt

@@ -0,0 +1,3 @@
+-r requirements.txt
+psycopg2
+gunicorn

shared/templates/wiki/base.html

@@ -1,5 +1,6 @@
 {% extends "wiki/base_site.html" %}
-{% load i18n static sekizai_tags %}
+{% load i18n staticfiles %}
+{% load sekizai_tags %}
 
 {% block wiki_site_title %} - WikiENS{% endblock %}
 

shell.nix

@@ -1 +0,0 @@
-(import ./. { }).devShell

wiki_groups/__init__.py

@@ -0,0 +1 @@
+default_app_config = "wiki_groups.apps.WikiGroupsConfig"

wiki_groups/templates/wiki_groups/list.html

@@ -1,5 +1,5 @@
 {% extends "wiki/base.html" %}
-{% load static %}
+{% load staticfiles %}
 
 {% block wiki_site_title %}Groupes - WikiENS{% endblock %}
 
@@ -23,7 +23,7 @@
 <h2>Graphe des groupes du wiki</h2>
 <hr>
 
-<div id="svg-graph" class="overflow-auto"></div>
+<div id="svg-graph"></div>
 <hr>
 
 <p>