From a5fb162aaf412870e86390ca49dd059673308695 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20P=C3=A9pin?= <martin.pepin@ens.fr>
Date: Mon, 10 Apr 2017 22:18:00 +0100
Subject: [PATCH 1/3] New organisation of settings files

We reproduce what has been done here:
https://github.com/dissemin/dissemin

The following files can be found under `cof/settings/`
- `common.py`: the settings that are shared by all the environments we
  have + the secrets (see below).
- `dev.py`: the settings used by the vagrant VM for local development.
- `prod.py`: the production settings (for both www.cof.ens.fr and
  dev.cof.ens.fr)

There is also a notion of "secrets". Some settings like the `SECRET_KEY`
or the database's credentials are loaded from an untracked files called
`secret.py` in the same directory. This secrets are loaded by the common
settings file.
---
 cof/settings/.gitignore                     |  1 +
 cof/{settings_dev.py => settings/common.py} | 93 +++++++--------------
 cof/settings/dev.py                         | 52 ++++++++++++
 cof/settings/prod.py                        | 26 ++++++
 cof/settings/secret_example.py              |  4 +
 5 files changed, 113 insertions(+), 63 deletions(-)
 create mode 100644 cof/settings/.gitignore
 rename cof/{settings_dev.py => settings/common.py} (63%)
 create mode 100644 cof/settings/dev.py
 create mode 100644 cof/settings/prod.py
 create mode 100644 cof/settings/secret_example.py

diff --git a/cof/settings/.gitignore b/cof/settings/.gitignore
new file mode 100644
index 00000000..21425062
--- /dev/null
+++ b/cof/settings/.gitignore
@@ -0,0 +1 @@
+secret.py
diff --git a/cof/settings_dev.py b/cof/settings/common.py
similarity index 63%
rename from cof/settings_dev.py
rename to cof/settings/common.py
index b04165c8..4a6f9a12 100644
--- a/cof/settings_dev.py
+++ b/cof/settings/common.py
@@ -1,32 +1,40 @@
 # -*- coding: utf-8 -*-
 """
-Django settings for cof project.
+Django common settings for cof project.
 
-For more information on this file, see
-https://docs.djangoproject.com/en/1.8/topics/settings/
-
-For the full list of settings and their values, see
-https://docs.djangoproject.com/en/1.8/ref/settings/
+Everything which is supposed to be identical between the production server and
+the local development serveur should be here.
 """
 
-# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 import os
 
-BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
+# Database credentials
+try:
+    from .secret import DBNAME, DBUSER, DBPASSWD
+except ImportError:
+    # On the local development VM, theses credentials are in the environment
+    DBNAME = os.environ["DBNAME"]
+    DBUSER = os.environ["DBUSER"]
+    DBPASSWD = os.environ["DBPASSWD"]
+except KeyError:
+    raise RuntimeError("Secrets missing")
 
-EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
+# Other secrets
+try:
+    from .secret import (
+        SECRET_KEY, RECAPTCHA_PUBLIC_KEY, RECAPTCHA_PRIVATE_KEY, ADMINS
+    )
+except ImportError:
+    raise RuntimeError("Secrets missing")
 
-# Quick-start development settings - unsuitable for production
-# See https://docs.djangoproject.com/en/1.8/howto/deployment/checklist/
 
-# SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = 'q()(zn4m63i%5cp4)f+ww4-28_w+ly3q9=6imw2ciu&_(5_4ah'
+BASE_DIR = os.path.dirname(
+    os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
+)
 
-# SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = True
 
 # Application definition
-INSTALLED_APPS = (
+INSTALLED_APPS = [
     'gestioncof',
     'django.contrib.auth',
     'django.contrib.contenttypes',
@@ -41,17 +49,15 @@ INSTALLED_APPS = (
     'autocomplete_light',
     'captcha',
     'django_cas_ng',
-    'debug_toolbar',
     'bootstrapform',
     'kfet',
     'channels',
     'widget_tweaks',
     'custommail',
     'djconfig',
-)
+]
 
-MIDDLEWARE_CLASSES = (
-    'debug_toolbar.middleware.DebugToolbarMiddleware',
+MIDDLEWARE_CLASSES = [
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.common.CommonMiddleware',
     'django.middleware.csrf.CsrfViewMiddleware',
@@ -62,7 +68,7 @@ MIDDLEWARE_CLASSES = (
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
     'django.middleware.security.SecurityMiddleware',
     'djconfig.middleware.DjConfigMiddleware',
-)
+]
 
 ROOT_URLCONF = 'cof.urls'
 
@@ -73,7 +79,6 @@ TEMPLATES = [
         'APP_DIRS': True,
         'OPTIONS': {
             'context_processors': [
-                'django.template.context_processors.debug',
                 'django.template.context_processors.request',
                 'django.contrib.auth.context_processors.auth',
                 'django.contrib.messages.context_processors.messages',
@@ -89,17 +94,12 @@ TEMPLATES = [
     },
 ]
 
-# WSGI_APPLICATION = 'cof.wsgi.application'
-
-# Database
-# https://docs.djangoproject.com/en/1.8/ref/settings/#databases
-
 DATABASES = {
     'default': {
         'ENGINE': 'django.db.backends.mysql',
-        'NAME': os.environ['DBNAME'],
-        'USER': os.environ['DBUSER'],
-        'PASSWORD': os.environ['DBPASSWD'],
+        'NAME': DBNAME,
+        'USER': DBUSER,
+        'PASSWORD': DBPASSWD,
         'HOST': os.environ.get('DBHOST', 'localhost'),
     }
 }
@@ -119,18 +119,9 @@ USE_L10N = True
 USE_TZ = True
 
 
-# Static files (CSS, JavaScript, Images)
-# https://docs.djangoproject.com/en/1.8/howto/static-files/
-
-STATIC_URL = '/static/'
-STATIC_ROOT = '/var/www/static/'
-
 # Media upload (through ImageField, SiteField)
 # https://docs.djangoproject.com/en/1.9/ref/models/fields/
 
-MEDIA_ROOT = os.path.join(BASE_DIR, 'media/')
-MEDIA_URL = '/media/'
-
 # Various additional settings
 SITE_ID = 1
 
@@ -163,12 +154,6 @@ AUTHENTICATION_BACKENDS = (
     'kfet.backends.GenericTeamBackend',
 )
 
-# LDAP_SERVER_URL = 'ldaps://ldap.spi.ens.fr:636'
-
-# EMAIL_HOST="nef.ens.fr"
-
-RECAPTCHA_PUBLIC_KEY = "DUMMY"
-RECAPTCHA_PRIVATE_KEY = "DUMMY"
 RECAPTCHA_USE_SSL = True
 
 # Channels settings
@@ -183,22 +168,4 @@ CHANNEL_LAYERS = {
     }
 }
 
-
-def show_toolbar(request):
-    """
-    On ne veut pas la vérification de INTERNAL_IPS faite par la debug-toolbar
-    car cela interfère avec l'utilisation de Vagrant. En effet, l'adresse de la
-    machine physique n'est pas forcément connue, et peut difficilement être
-    mise dans les INTERNAL_IPS.
-    """
-    if not DEBUG:
-        return False
-    if request.is_ajax():
-        return False
-    return True
-
-DEBUG_TOOLBAR_CONFIG = {
-    'SHOW_TOOLBAR_CALLBACK': show_toolbar,
-}
-
 FORMAT_MODULE_PATH = 'cof.locale'
diff --git a/cof/settings/dev.py b/cof/settings/dev.py
new file mode 100644
index 00000000..8f5c9f29
--- /dev/null
+++ b/cof/settings/dev.py
@@ -0,0 +1,52 @@
+"""
+Django development settings for the cof project.
+The settings that are not listed here are imported from .common
+"""
+
+import os
+
+from .common import *
+
+
+EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
+
+DEBUG = True
+
+TEMPLATES[0]["OPTIONS"]["context_processors"] += [
+    'django.template.context_processors.debug'
+]
+
+
+# ---
+# Apache static/media config
+# ---
+
+STATIC_URL = '/static/'
+STATIC_ROOT = '/var/www/static/'
+
+MEDIA_ROOT = os.path.join(BASE_DIR, 'media/')
+MEDIA_URL = '/media/'
+
+
+# ---
+# Debug tool bar
+# ---
+
+def show_toolbar(request):
+    """
+    On ne veut pas la vérification de INTERNAL_IPS faite par la debug-toolbar
+    car cela interfère avec l'utilisation de Vagrant. En effet, l'adresse de la
+    machine physique n'est pas forcément connue, et peut difficilement être
+    mise dans les INTERNAL_IPS.
+    """
+    if not DEBUG:
+        return False
+    if request.is_ajax():
+        return False
+    return True
+
+INSTALLED_APPS += ["debug_toolbar"]
+MIDDLEWARE_CLASSES += ["debug_toolbar.middleware.DebugToolbarMiddleware"]
+DEBUG_TOOLBAR_CONFIG = {
+    'SHOW_TOOLBAR_CALLBACK': show_toolbar,
+}
diff --git a/cof/settings/prod.py b/cof/settings/prod.py
new file mode 100644
index 00000000..5fae5651
--- /dev/null
+++ b/cof/settings/prod.py
@@ -0,0 +1,26 @@
+"""
+Django development settings for the cof project.
+The settings that are not listed here are imported from .common
+"""
+
+import os
+
+from .common import *
+
+
+DEBUG = False
+
+ALLOWED_HOSTS = [
+    "cof.ens.fr",
+    "www.cof.ens.fr",
+    "dev.cof.ens.fr"
+]
+
+STATIC_ROOT = os.path.join(os.path.dirname(BASE_DIR), "static")
+STATIC_URL = "/gestion/static/"
+MEDIA_ROOT = os.path.join(os.path.dirname(BASE_DIR), "media")
+MEDIA_URL = "/gestion/media/"
+
+LDAP_SERVER_URL = "ldaps://ldap.spi.ens.fr:636"
+
+EMAIL_HOST = "nef.ens.fr"
diff --git a/cof/settings/secret_example.py b/cof/settings/secret_example.py
new file mode 100644
index 00000000..36a8e932
--- /dev/null
+++ b/cof/settings/secret_example.py
@@ -0,0 +1,4 @@
+SECRET_KEY = 'q()(zn4m63i%5cp4)f+ww4-28_w+ly3q9=6imw2ciu&_(5_4ah'
+RECAPTCHA_PUBLIC_KEY = "DUMMY"
+RECAPTCHA_PRIVATE_KEY = "DUMMY"
+ADMINS = None

From 40abe81402649b326a4c8334290ae5177e079f5b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20P=C3=A9pin?= <martin.pepin@ens.fr>
Date: Mon, 10 Apr 2017 22:44:52 +0100
Subject: [PATCH 2/3] Integrate the new settings workflow into vagrant

---
 provisioning/bootstrap.sh    | 7 +++++--
 provisioning/cron.dev        | 2 +-
 provisioning/supervisor.conf | 4 ++--
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/provisioning/bootstrap.sh b/provisioning/bootstrap.sh
index 269e4f25..c8f73ab6 100644
--- a/provisioning/bootstrap.sh
+++ b/provisioning/bootstrap.sh
@@ -36,7 +36,7 @@ chown -R ubuntu:www-data /var/www/static
 # Mise en place du .bash_profile pour tout configurer lors du `vagrant ssh`
 cat >> ~ubuntu/.bashrc <<EOF
 # On utilise la version de développement de GestioCOF
-export DJANGO_SETTINGS_MODULE='cof.settings_dev'
+export DJANGO_SETTINGS_MODULE='cof.settings.dev'
 
 # Identifiants MySQL
 export DBUSER="$DBUSER"
@@ -61,8 +61,11 @@ sudo -H -u ubuntu python3 -m venv ~ubuntu/venv
 sudo -H -u ubuntu ~ubuntu/venv/bin/pip install -U pip
 sudo -H -u ubuntu ~ubuntu/venv/bin/pip install -r requirements.txt -r requirements-devel.txt
 
+# Installation des secrets
+sudo -H -u ubuntu cp cof/settings/secret_example.py cof/settings/secret.py
+
 # Préparation de Django
-sudo -H -u ubuntu DJANGO_SETTINGS_MODULE='cof.settings_dev' DBUSER=$DBUSER DBNAME=$DBNAME DBPASSWD=$DBPASSWD bash provisioning/prepare_django.sh
+sudo -H -u ubuntu DJANGO_SETTINGS_MODULE='cof.settings.dev' DBUSER=$DBUSER DBNAME=$DBNAME DBPASSWD=$DBPASSWD bash provisioning/prepare_django.sh
 
 # Installation du cron pour les mails de rappels
 sudo -H -u ubuntu crontab provisioning/cron.dev
diff --git a/provisioning/cron.dev b/provisioning/cron.dev
index 6cd2ca81..0dab871f 100644
--- a/provisioning/cron.dev
+++ b/provisioning/cron.dev
@@ -1,5 +1,5 @@
 # On utilise la version de développement de GestioCOF
-DJANGO_SETTINGS_MODULE='cof.settings_dev'
+DJANGO_SETTINGS_MODULE='cof.settings.dev'
 
 # Identifiants MySQL
 DBUSER="cof_gestion"
diff --git a/provisioning/supervisor.conf b/provisioning/supervisor.conf
index c806a13d..5fe3c22b 100644
--- a/provisioning/supervisor.conf
+++ b/provisioning/supervisor.conf
@@ -2,7 +2,7 @@
 command=/home/ubuntu/venv/bin/python /vagrant/manage.py runworker
 directory=/vagrant/
 user=ubuntu
-environment=DBUSER={DBUSER},DBNAME={DBNAME},DBPASSWD={DBPASSWD},DJANGO_SETTINGS_MODULE="cof.settings_dev"
+environment=DBUSER={DBUSER},DBNAME={DBNAME},DBPASSWD={DBPASSWD},DJANGO_SETTINGS_MODULE="cof.settings.dev"
 autostart=true
 autorestart=true
 redirect_stderr=true
@@ -11,7 +11,7 @@ redirect_stderr=true
 
 [program:interface]
 command=/home/ubuntu/venv/bin/daphne -b 127.0.0.1 -p 8001 cof.asgi:channel_layer
-environment=DBUSER={DBUSER},DBNAME={DBNAME},DBPASSWD={DBPASSWD},DJANGO_SETTINGS_MODULE="cof.settings_dev"
+environment=DBUSER={DBUSER},DBNAME={DBNAME},DBPASSWD={DBPASSWD},DJANGO_SETTINGS_MODULE="cof.settings.dev"
 directory=/vagrant/
 redirect_stderr=true
 autostart=true

From ff73a635f82dfb85af4922f6d5319e06c8f29e54 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20P=C3=A9pin?= <martin.pepin@ens.fr>
Date: Sat, 15 Apr 2017 11:09:16 +0100
Subject: [PATCH 3/3] Minor fixes in settings/

- Typo
- Removes old comments
- Moves the template debug context processor back to the common file: it
  won't be loaded anyway if `DEBUG=False`.
- Ddt's middleware should be loaded first
---
 cof/settings/common.py | 7 ++-----
 cof/settings/dev.py    | 9 ++++-----
 2 files changed, 6 insertions(+), 10 deletions(-)

diff --git a/cof/settings/common.py b/cof/settings/common.py
index 4a6f9a12..93b11dae 100644
--- a/cof/settings/common.py
+++ b/cof/settings/common.py
@@ -3,7 +3,7 @@
 Django common settings for cof project.
 
 Everything which is supposed to be identical between the production server and
-the local development serveur should be here.
+the local development server should be here.
 """
 
 import os
@@ -79,6 +79,7 @@ TEMPLATES = [
         'APP_DIRS': True,
         'OPTIONS': {
             'context_processors': [
+                'django.template.context_processors.debug',
                 'django.template.context_processors.request',
                 'django.contrib.auth.context_processors.auth',
                 'django.contrib.messages.context_processors.messages',
@@ -118,10 +119,6 @@ USE_L10N = True
 
 USE_TZ = True
 
-
-# Media upload (through ImageField, SiteField)
-# https://docs.djangoproject.com/en/1.9/ref/models/fields/
-
 # Various additional settings
 SITE_ID = 1
 
diff --git a/cof/settings/dev.py b/cof/settings/dev.py
index 8f5c9f29..6272e6d9 100644
--- a/cof/settings/dev.py
+++ b/cof/settings/dev.py
@@ -12,10 +12,6 @@ EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
 
 DEBUG = True
 
-TEMPLATES[0]["OPTIONS"]["context_processors"] += [
-    'django.template.context_processors.debug'
-]
-
 
 # ---
 # Apache static/media config
@@ -46,7 +42,10 @@ def show_toolbar(request):
     return True
 
 INSTALLED_APPS += ["debug_toolbar"]
-MIDDLEWARE_CLASSES += ["debug_toolbar.middleware.DebugToolbarMiddleware"]
+MIDDLEWARE_CLASSES = (
+    ["debug_toolbar.middleware.DebugToolbarMiddleware"]
+    + MIDDLEWARE_CLASSES
+)
 DEBUG_TOOLBAR_CONFIG = {
     'SHOW_TOOLBAR_CALLBACK': show_toolbar,
 }