[enh] Link with ldap

conf/local.py

@@ -2,6 +2,7 @@
 DEBUG=True
 
 URL_PREFIX='YNH_APP_PREFIX/'
+STATIC_ROOT='YNH_APP_STATIC_ROOT'
 NOTIFICATION_EMAILS=['YNH_APP_ARG_EMAIL']
 DEFAULT_FROM_EMAIL='notifier@YNH_APP_ARG_DOMAIN'
 SITE_URL="https://YNH_APP_ARG_DOMAINYNH_APP_ARG_PATH"
@@ -20,3 +21,35 @@ ISP={
         'NUMBER':'YNH_APP_ARG_CNIL_NUMBER'
     }
 }
+SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+
+# Tous accés
+# paramétrer SSO en protect_uris
+# OU
+# Pas d'accès
+# hook
+# paramétrer SSO en protect_uris
+import ldap
+from django_auth_ldap.config import LDAPSearch, PosixGroupType
+AUTHENTICATION_BACKENDS = (
+    'django_auth_ldap.backend.LDAPBackend',
+    'django.contrib.auth.backends.ModelBackend',
+)
+AUTH_LDAP_SERVER_URI = "ldap://localhost:389"
+AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=users,dc=yunohost,dc=org", ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
+AUTH_LDAP_USER_FLAGS_BY_GROUP = {
+    "is_active": "cn=sftpusers,ou=groups,dc=yunohost,dc=org",
+    "is_staff": "cn=sftpusers,ou=groups,dc=yunohost,dc=org",
+    "is_superuser": "cn=sftpusers,ou=groups,dc=yunohost,dc=org"
+}
+AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=groups,dc=yunohost,dc=org", ldap.SCOPE_SUBTREE, "(objectClass=posixGroup)")
+AUTH_LDAP_GROUP_TYPE = PosixGroupType()
+AUTH_LDAP_ALWAYS_UPDATE_USER = True
+AUTH_LDAP_AUTHORIZE_ALL_USERS = True
+AUTH_LDAP_FIND_GROUP_PERMS = True
+#AUTH_LDAP_CACHE_GROUPS = True
+#AUTH_LDAP_GROUP_CACHE_TIMEOUT = 300
+#import logging
+#logger = logging.getLogger('django_auth_ldap')
+#logger.addHandler(logging.StreamHandler())
+#logger.setLevel(logging.DEBUG)

conf/nginx.conf

@@ -21,5 +21,6 @@ location @YNH_APP_INSTANCE_NAME {
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
     proxy_pass http://unix:/opt/YNH_APP_INSTANCE_NAME/sock;
 }

scripts/install

@@ -49,7 +49,7 @@ sudo yunohost app checkurl "${domain}${path}" -a "$app" \
     || ynh_die "Path not available: ${domain}${path}"
 
 # Dependencies
-ynh_package_install python3-pip python3-virtualenv
+ynh_package_install python3-pip python3-virtualenv libldap2-dev libsasl2-dev
 
 
 # Delete db and user if exit with an error
@@ -93,12 +93,14 @@ source $final_path/venv/bin/activate
 set -o nounset
 $final_path/venv/bin/pip install gunicorn
 $final_path/venv/bin/pip install -r $final_path/requirements/base.txt
+$final_path/venv/bin/pip install django-auth-ldap
 set +o nounset
 deactivate
 set -o nounset
 
 
 # Configuration Django
+sed -i "s@YNH_APP_ARG_ADMIN@$admin@g" ../conf/local.py
 sed -i "s@YNH_APP_ARG_DOMAIN@$domain@g" ../conf/local.py
 sed -i "s@YNH_APP_ARG_PATH@$path@g" ../conf/local.py
 sed -i "s@YNH_APP_PREFIX@${path#"/"}@g" ../conf/local.py
@@ -113,6 +115,7 @@ sed -i "s#YNH_APP_ARG_ZOOM#$zoom#g" ../conf/local.py
 sed -i "s#YNH_APP_ARG_CNIL_LINK#$cnil_link#g" ../conf/local.py
 sed -i "s#YNH_APP_ARG_CNIL_NUMBER#$cnil_number#g" ../conf/local.py
 sed -i "s#YNH_APP_ARG_URL_CONTACT#$url_contact#g" ../conf/local.py
+sed -i "s#YNH_APP_STATIC_ROOT#$final_path/static#g" ../conf/local.py
 sudo cp ../conf/local.py $final_path/wifiwithme/settings/local.py
 
 # Set production
@@ -138,6 +141,7 @@ cd $final_path
 set +o nounset
 source $final_path/venv/bin/activate
 sudo $final_path/venv/bin/python3 manage.py migrate --noinput
+sudo $final_path/venv/bin/python3 manage.py collectstatic --noinput
 set -o nounset
 cd $old_pwd
 

sources/wifiwithme/core/urls.py

@@ -2,6 +2,7 @@ from django.conf import settings
 from django.conf.urls import url, include
 from django.contrib import admin
 from django.contrib.auth.views import login, logout
+from django.views.generic.base import RedirectView
 
 def prefix(url_pattern):
     """
@@ -14,4 +15,5 @@ urlpatterns = [
     url(prefix(r'accounts/logout/$'), logout, name='logout'),
     url(prefix(r'admin/'), admin.site.urls),
     url(prefix(r'map/'), include('contribmap.urls')),
+    url(prefix(r'$'), RedirectView.as_view(url=r'map/', permanent=False)),
 ]