cam: port to mandaye 0.8 and ini configuration file
This commit is contained in:
parent
9e83ad6fbd
commit
6fcde68b2e
121
cam/config.py
121
cam/config.py
|
@ -2,26 +2,36 @@
|
|||
import logging
|
||||
import os
|
||||
|
||||
_PROJECT_PATH = os.path.join(os.path.dirname(__file__), '..')
|
||||
from ConfigParser import SafeConfigParser
|
||||
from mandaye.exceptions import ImproperlyConfigured
|
||||
|
||||
## Virtual hosts configuration
|
||||
hosts = {
|
||||
'linuxfr.local:8000': [
|
||||
{'path': r'/',
|
||||
'target': 'http://linuxfr.org',
|
||||
'mapping': 'mandaye.configs.linuxfr_saml_example.linuxfr_mapping'
|
||||
},
|
||||
],
|
||||
}
|
||||
# get configuration files from :
|
||||
# 1. default-settings.ini from source code
|
||||
# 2. os.environ.get('SETTINGS_INI') if it exists
|
||||
# else /etc/mandaye-cam/config.ini
|
||||
# and then /etc/mandaye-cam/local-config.ini
|
||||
BASE_DIR = os.path.dirname(os.path.abspath(__file__))
|
||||
SETTINGS_INI = (os.path.join(BASE_DIR, 'default-config.ini'),)
|
||||
if os.environ.get('SETTINGS_INI'):
|
||||
SETTINGS_INI += (os.environ.get('SETTINGS_INI'),)
|
||||
else:
|
||||
ETC_DIR = os.path.join('/', 'etc', 'mandaye-cam')
|
||||
SETTINGS_INI += (
|
||||
os.path.join(ETC_DIR, 'config.ini'),
|
||||
os.path.join(ETC_DIR, 'local-config.ini')
|
||||
)
|
||||
|
||||
config = SafeConfigParser()
|
||||
config.read(SETTINGS_INI)
|
||||
|
||||
## SQL Backend config
|
||||
# Database configuration
|
||||
# http://docs.sqlalchemy.org/en/rel_0_7/core/engines.html
|
||||
# rfc 1738 https://tools.ietf.org/html/rfc1738
|
||||
# dialect+driver://username:password@host:port/database
|
||||
db_url = 'sqlite:///' + os.path.join(_PROJECT_PATH, 'test.db')
|
||||
db_url = config.get('database', 'url')
|
||||
|
||||
debug = False
|
||||
debug = config.getboolean('debug', 'debug')
|
||||
|
||||
# Log configuration
|
||||
LOGGING = {
|
||||
|
@ -45,7 +55,7 @@ LOGGING = {
|
|||
'formatter': 'console'
|
||||
},
|
||||
'syslog': {
|
||||
'level': 'INFO',
|
||||
'level': 'DEBUG',
|
||||
'class': 'entrouvert.logging.handlers.SysLogHandler',
|
||||
'formatter': 'file',
|
||||
'address': '/dev/log'
|
||||
|
@ -54,31 +64,38 @@ LOGGING = {
|
|||
'loggers': {
|
||||
'': {
|
||||
'handlers': ['console'],
|
||||
'level': 'DEBUG',
|
||||
'level': 'INFO',
|
||||
'propagate': False,
|
||||
},
|
||||
'mandaye': {
|
||||
'handlers': ['console', 'syslog'],
|
||||
'level': 'DEBUG',
|
||||
'level': 'INFO',
|
||||
'propagate': False,
|
||||
},
|
||||
'cam': {
|
||||
'handlers': ['console', 'syslog'],
|
||||
'level': 'DEBUG',
|
||||
'level': 'INFO',
|
||||
'propagate': False,
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
if config.getboolean('debug', 'log_debug'):
|
||||
LOGGING['loggers']['']['level'] = 'DEBUG'
|
||||
LOGGING['loggers']['mandaye']['level'] = 'DEBUG'
|
||||
LOGGING['loggers']['cam']['level'] = 'DEBUG'
|
||||
|
||||
## PATH
|
||||
# Configuration directory
|
||||
config_root = config.get('dirs', 'config_root')
|
||||
# Template directory
|
||||
template_directory = os.path.join(_PROJECT_PATH, 'cam/templates')
|
||||
template_directory = config.get('dirs', 'template_directory')
|
||||
# Static url
|
||||
static_url = '/mandaye/static'
|
||||
static_url = config.get('dirs', 'static_url')
|
||||
# Static folder
|
||||
static_root = os.path.join(_PROJECT_PATH, 'cam/static')
|
||||
static_root = config.get('dirs', 'static_root')
|
||||
# Data dir
|
||||
data_dir = os.path.join(_PROJECT_PATH, 'data')
|
||||
data_dir = config.get('dirs', 'data_dir')
|
||||
|
||||
# Supported authentification
|
||||
authentifications = {
|
||||
|
@ -87,48 +104,54 @@ authentifications = {
|
|||
|
||||
# sp mappers
|
||||
mappers = {
|
||||
'linuxfr': 'rp_meyzieu.mappers.linuxfr_example',
|
||||
'portail_famille_ecities': 'rp_meyzieu.mappers.portail_famille_ecities',
|
||||
'archimed': 'cam.mappers.archimed_saml',
|
||||
}
|
||||
|
||||
# Raven Sentry configuration
|
||||
raven_dsn = None
|
||||
raven_dsn = config.get('debug', 'raven_dsn')
|
||||
|
||||
# Email notification configuration
|
||||
email_notification = False
|
||||
email_prefix = '[Mandaye CAM]'
|
||||
smtp_host = 'localhost'
|
||||
smtp_port = 25
|
||||
email_from = 'traceback@entrouvert.com'
|
||||
email_to = ['admin@localhost']
|
||||
|
||||
# platform : should be prod, recette or dev
|
||||
platform = "prod"
|
||||
email_notification = config.getboolean('email', 'notification')
|
||||
email_prefix = config.get('email', 'prefix')
|
||||
smtp_host = config.get('email', 'smtp_host')
|
||||
smtp_port = config.getint('email', 'smtp_port')
|
||||
email_from = config.get('email', 'from')
|
||||
email_to = config.get('email', 'to').split()
|
||||
|
||||
# Use long traceback with xtraceback
|
||||
use_long_trace = True
|
||||
use_long_trace = config.getboolean('debug', 'use_long_trace')
|
||||
|
||||
# Ask Mandaye to auto decompress a response message
|
||||
# Decompress response only if you load a filter
|
||||
auto_decompress = True
|
||||
|
||||
# Encrypt service provider passwords with a secret
|
||||
# You should install pycypto to use this feature
|
||||
encrypt_sp_password = False
|
||||
# Must be a 16, 24, or 32 bytes long
|
||||
encrypt_secret = ''
|
||||
|
||||
# Beaker session configuration
|
||||
session_opts = {
|
||||
'session.type': 'file',
|
||||
'session.cookie_expires': True,
|
||||
'session.timeout': 3600,
|
||||
'session.data_dir': '/var/tmp/beaker'
|
||||
}
|
||||
auto_decompress = config.getboolean('mandaye', 'auto_decompress')
|
||||
|
||||
# Choose storage
|
||||
# Only mandaye.backends.sql at the moment
|
||||
storage_backend = "mandaye.backends.sql"
|
||||
if config.get('mandaye', 'storage_backend') == 'sql':
|
||||
storage_backend = "mandaye.backends.sql"
|
||||
else:
|
||||
ImproperlyConfigured('Storage backend must be sql')
|
||||
|
||||
# Encrypt service provider passwords with a secret
|
||||
# You should install pycypto to use this feature
|
||||
encrypt_sp_password = config.getboolean('mandaye', 'encrypt_sp_password')
|
||||
# Must be a 15, 24, or 32 bytes long
|
||||
encrypt_secret = config.get('mandaye', 'encrypt_secret')
|
||||
|
||||
session_type = config.get('session', 'type')
|
||||
if session_type not in ('file', 'dbm', 'memory', 'memcached'):
|
||||
raise ImproperlyConfigured('Sesssion type %r not supported' % session_type)
|
||||
if session_type == 'memcached':
|
||||
session_type = 'ext:memcached'
|
||||
|
||||
# Beaker session configuration
|
||||
session_opts = {
|
||||
'session.type': session_type,
|
||||
'session.url': config.get('session', 'url'),
|
||||
'session.cookie_expires': config.get('session', 'cookie_expires'),
|
||||
'session.timeout': config.getint('session', 'timeout'),
|
||||
'session.data_dir': config.get('session', 'data_dir')
|
||||
}
|
||||
|
||||
# Import local config
|
||||
try:
|
||||
|
|
|
@ -26,6 +26,10 @@ def default_req(env, values, request):
|
|||
return request
|
||||
|
||||
def default_resp(env, values, request, response):
|
||||
try:
|
||||
response.msg = response.msg.decode('utf-8')
|
||||
except UnicodeDecodeError:
|
||||
response.msg = response.msg.decode('iso8859-15')
|
||||
response.msg = response.msg.replace(
|
||||
env['target'].geturl(),
|
||||
env['mandaye.scheme'] + '://' + env["HTTP_HOST"]
|
||||
|
@ -33,7 +37,8 @@ def default_resp(env, values, request, response):
|
|||
response.msg = response.msg.replace(
|
||||
'http:\\/\\/mediatheque.montpellier-agglo.com',
|
||||
env['mandaye.scheme'] + ':\\/\\/' + env["HTTP_HOST"]
|
||||
)
|
||||
)
|
||||
response.msg = response.msg.encode('utf-8')
|
||||
return response
|
||||
|
||||
def associate_req(env, values, request):
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
|
||||
from mandaye.auth.saml2 import SAML2Auth
|
||||
from mandaye.configs import saml2 as saml2_config
|
||||
from mandaye.auth.saml2 import END_POINTS_PATH
|
||||
|
||||
from cam.filters import archimed
|
||||
from cam import config
|
||||
|
@ -15,19 +15,13 @@ form_values = {
|
|||
'password_field': 'password',
|
||||
}
|
||||
|
||||
if config.platform == "dev":
|
||||
saml2_config.IDP_METADATA = "http://idp-montpellier.entrouvert.org/idp/saml2/metadata"
|
||||
elif config.platform == "recette":
|
||||
saml2_config.IDP_METADATA = "https://idp-test-entrouvert.montpellier-agglo.com/idp/saml2/metadata"
|
||||
else:
|
||||
saml2_config.IDP_METADATA = "https://compte-citoyen.montpellier-agglo.com/idp/saml2/metadata"
|
||||
urls = {
|
||||
'login_url': '/mandaye/login',
|
||||
'connection_url': '/mandaye/sso',
|
||||
'associate_url': '/mandaye/associate',
|
||||
}
|
||||
|
||||
saml2_config.SAML_SIGNATURE_PUBLIC_KEY = config.SAML_SIGNATURE_PUBLIC_KEY
|
||||
saml2_config.SAML_SIGNATURE_PRIVATE_KEY = config.SAML_SIGNATURE_PRIVATE_KEY
|
||||
|
||||
auth = SAML2Auth(form_values, 'archimed', saml2_config)
|
||||
|
||||
archimed_mapping = [
|
||||
mapping = [
|
||||
{
|
||||
'path': r'/',
|
||||
'on_request': [{
|
||||
|
@ -59,7 +53,7 @@ archimed_mapping = [
|
|||
'path': r'/mandaye/login$',
|
||||
'method': 'GET',
|
||||
'response': [{
|
||||
'filter': auth.login,
|
||||
'auth': 'login',
|
||||
'values': {
|
||||
'associate_url': '/mandaye/associate',
|
||||
},
|
||||
|
@ -70,28 +64,21 @@ archimed_mapping = [
|
|||
'path': r'/mandaye/sso$',
|
||||
'method': 'GET',
|
||||
'response': [{
|
||||
'filter': auth.sso,
|
||||
'auth': 'sso',
|
||||
}]
|
||||
},
|
||||
{
|
||||
'path': r'/mandaye/slo$',
|
||||
'method': 'GET',
|
||||
'response': [{
|
||||
'filter': auth.slo,
|
||||
'auth': 'slo',
|
||||
}]
|
||||
},
|
||||
{
|
||||
'path': r'%s$' % auth.config.END_POINTS_PATH['metadata'],
|
||||
'method': 'GET',
|
||||
'response': [{
|
||||
'filter': auth.metadata,
|
||||
}]
|
||||
},
|
||||
{
|
||||
'path': r'%s$' % auth.config.END_POINTS_PATH['single_sign_on_post'],
|
||||
'path': r'%s$' % END_POINTS_PATH['single_sign_on_post'],
|
||||
'method': 'POST',
|
||||
'response': [{
|
||||
'filter': auth.single_sign_on_post,
|
||||
'auth': 'single_sign_on_post',
|
||||
'values': {
|
||||
'login_url': '/mandaye/login',
|
||||
'next_url': '/%s/' % base
|
||||
|
@ -99,17 +86,17 @@ archimed_mapping = [
|
|||
}]
|
||||
},
|
||||
{
|
||||
'path': r'%s$' % auth.config.END_POINTS_PATH['single_logout'],
|
||||
'path': r'%s$' % END_POINTS_PATH['single_logout'],
|
||||
'method': 'GET',
|
||||
'response': [{
|
||||
'filter': auth.single_logout,
|
||||
'auth': 'single_logout',
|
||||
}]
|
||||
},
|
||||
{
|
||||
'path': r'%s$' % auth.config.END_POINTS_PATH['single_logout_return'],
|
||||
'path': r'%s$' % END_POINTS_PATH['single_logout_return'],
|
||||
'method': 'GET',
|
||||
'response': [{
|
||||
'filter': auth.single_logout_return,
|
||||
'auth': 'single_logout_return',
|
||||
'values': {
|
||||
'next_url': '/%s' % base
|
||||
}
|
||||
|
@ -141,7 +128,7 @@ archimed_mapping = [
|
|||
'path': r'/mandaye/disassociate$',
|
||||
'method': 'GET',
|
||||
'response': [{
|
||||
'filter': auth.disassociate,
|
||||
'auth': 'disassociate',
|
||||
}],
|
||||
},
|
||||
{
|
||||
|
@ -160,11 +147,7 @@ archimed_mapping = [
|
|||
'method': 'POST',
|
||||
'response': [
|
||||
{
|
||||
'filter': auth.associate_submit,
|
||||
'values': {
|
||||
'connection_url': '/mandaye/sso',
|
||||
'associate_url': '/mandaye/associate',
|
||||
},
|
||||
'auth': 'associate_submit',
|
||||
'condition': "'\"success\":true' in response.msg"
|
||||
},
|
||||
],
|
|
@ -1,12 +1,17 @@
|
|||
|
||||
import os
|
||||
os.environ['MANDAYE_CONFIG_MODULE'] = 'cam.config'
|
||||
|
||||
from mandaye.server import MandayeApp
|
||||
|
||||
from mandaye import config
|
||||
from cam import config
|
||||
from beaker.middleware import SessionMiddleware
|
||||
from whitenoise import WhiteNoise
|
||||
|
||||
os.environ['MANDAYE_CONFIG_MODULE'] = 'cam.config'
|
||||
|
||||
from mandaye import config
|
||||
|
||||
application = SessionMiddleware(MandayeApp(), config.session_opts)
|
||||
application_dev = WhiteNoise(application, root=config.static_root, prefix=config.static_url)
|
||||
|
||||
|
||||
|
|
|
@ -12,20 +12,19 @@ import sys
|
|||
from mandaye.log import logger
|
||||
from gunicorn.app.wsgiapp import WSGIApplication
|
||||
|
||||
class WSGIApplication(WSGIApplication):
|
||||
class MandayeWSGIApplication(WSGIApplication):
|
||||
|
||||
def init(self, parser, opts, args):
|
||||
self.cfg.set("default_proc_name", "cam.wsgi:application")
|
||||
self.app_uri = "cam.wsgi:application"
|
||||
|
||||
sys.path.insert(0, os.getcwd())
|
||||
self.cfg.set("default_proc_name", "cam.wsgi:application_dev")
|
||||
self.app_uri = "cam.wsgi:application_dev"
|
||||
|
||||
def main():
|
||||
""" The ``gunicorn`` command line runner for launcing Gunicorn with
|
||||
generic WSGI applications.
|
||||
"""
|
||||
logger.info('CAM rp start')
|
||||
WSGIApplication("%prog [OPTIONS]").run()
|
||||
logger.info('CAM reverse-proxy start')
|
||||
MandayeWSGIApplication("%(prog)s [OPTIONS]").run()
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
|
||||
|
|
Reference in New Issue