2021-10-12 16:24:51 +00:00
|
|
|
import os
|
2021-10-13 08:12:44 +00:00
|
|
|
import smtplib
|
|
|
|
|
import socket
|
2024-03-26 12:57:14 +00:00
|
|
|
import sys
|
2023-12-18 17:06:03 +00:00
|
|
|
from typing import Optional
|
2023-06-15 16:29:12 +00:00
|
|
|
|
2024-03-15 18:58:06 +00:00
|
|
|
from flask import current_app
|
2024-03-29 18:31:01 +00:00
|
|
|
from pydantic import ValidationError
|
2023-12-18 17:06:03 +00:00
|
|
|
from pydantic import create_model
|
|
|
|
|
from pydantic_settings import BaseSettings
|
|
|
|
|
from pydantic_settings import SettingsConfigDict
|
2024-03-15 18:58:06 +00:00
|
|
|
|
2023-12-18 17:06:03 +00:00
|
|
|
from canaille.core.configuration import CoreSettings
|
2021-12-20 22:57:27 +00:00
|
|
|
|
2023-12-18 17:06:03 +00:00
|
|
|
ROOT = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
|
2024-04-22 14:36:39 +00:00
|
|
|
DEFAULT_ENV_FILE = ".env"
|
2021-10-28 13:24:34 +00:00
|
|
|
|
2021-10-12 16:24:51 +00:00
|
|
|
|
2023-12-18 17:06:03 +00:00
|
|
|
class RootSettings(BaseSettings):
|
|
|
|
|
"""The top-level namespace contains holds the configuration settings
|
|
|
|
|
unrelated to Canaille. The configuration paramateres from the following
|
|
|
|
|
libraries can be used:
|
|
|
|
|
|
|
|
|
|
- :doc:`Flask <flask:config>`
|
|
|
|
|
- :doc:`Flask-WTF <flask-wtf:config>`
|
|
|
|
|
- :doc:`Flask-Babel <flask-babel:index>`
|
|
|
|
|
- :doc:`Authlib <authlib:flask/2/authorization-server>`
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
model_config = SettingsConfigDict(
|
|
|
|
|
extra="allow",
|
|
|
|
|
env_nested_delimiter="__",
|
|
|
|
|
case_sensitive=True,
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
SECRET_KEY: str
|
|
|
|
|
"""The Flask :external:py:data:`SECRET_KEY` configuration setting.
|
|
|
|
|
|
|
|
|
|
You MUST change this.
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
SERVER_NAME: Optional[str] = None
|
|
|
|
|
"""The Flask :external:py:data:`SERVER_NAME` configuration setting.
|
|
|
|
|
|
|
|
|
|
This sets domain name on which canaille will be served.
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
PREFERRED_URL_SCHEME: str = "https"
|
|
|
|
|
"""The Flask :external:py:data:`PREFERRED_URL_SCHEME` configuration
|
|
|
|
|
setting.
|
|
|
|
|
|
|
|
|
|
This sets the url scheme by which canaille will be served.
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
DEBUG: bool = False
|
|
|
|
|
"""The Flask :external:py:data:`DEBUG` configuration setting.
|
|
|
|
|
|
|
|
|
|
This enables debug options. This is useful for development but
|
|
|
|
|
should be absolutely avoided in production environments.
|
|
|
|
|
"""
|
2021-10-13 08:12:44 +00:00
|
|
|
|
|
|
|
|
|
2023-12-18 17:06:03 +00:00
|
|
|
def settings_factory(config):
|
|
|
|
|
"""Overly complicated function that pushes the backend specific
|
|
|
|
|
configuration into CoreSettings, in the purpose break dependency against
|
|
|
|
|
backends libraries like python-ldap or sqlalchemy."""
|
2024-03-29 18:31:01 +00:00
|
|
|
attributes = {"CANAILLE": (CoreSettings, CoreSettings())}
|
2023-06-15 16:29:12 +00:00
|
|
|
|
2023-12-18 17:06:03 +00:00
|
|
|
if "CANAILLE_SQL" in config or any(
|
|
|
|
|
var.startswith("CANAILLE_SQL__") for var in os.environ
|
|
|
|
|
):
|
|
|
|
|
from canaille.backends.sql.configuration import SQLSettings
|
|
|
|
|
|
|
|
|
|
attributes["CANAILLE_SQL"] = (Optional[SQLSettings], None)
|
2023-06-15 16:29:12 +00:00
|
|
|
|
2023-12-18 17:06:03 +00:00
|
|
|
if "CANAILLE_LDAP" in config or any(
|
|
|
|
|
var.startswith("CANAILLE__LDAP__") for var in os.environ
|
|
|
|
|
):
|
|
|
|
|
from canaille.backends.ldap.configuration import LDAPSettings
|
2023-06-15 16:29:12 +00:00
|
|
|
|
2023-12-18 17:06:03 +00:00
|
|
|
attributes["CANAILLE_LDAP"] = (Optional[LDAPSettings], None)
|
2023-06-15 16:29:12 +00:00
|
|
|
|
2023-12-18 17:06:03 +00:00
|
|
|
if "CANAILLE_OIDC" in config or any(
|
|
|
|
|
var.startswith("CANAILLE_OIDC__") for var in os.environ
|
|
|
|
|
):
|
|
|
|
|
from canaille.oidc.configuration import OIDCSettings
|
|
|
|
|
|
|
|
|
|
attributes["CANAILLE_OIDC"] = (Optional[OIDCSettings], None)
|
|
|
|
|
|
|
|
|
|
Settings = create_model(
|
|
|
|
|
"Settings",
|
|
|
|
|
__base__=RootSettings,
|
|
|
|
|
**attributes,
|
|
|
|
|
)
|
2023-06-15 16:29:12 +00:00
|
|
|
|
2024-04-22 14:36:39 +00:00
|
|
|
env_file = os.getenv("ENV_FILE", config.get("ENV_FILE", DEFAULT_ENV_FILE))
|
|
|
|
|
return Settings(
|
|
|
|
|
**config,
|
|
|
|
|
_secrets_dir=os.environ.get("SECRETS_DIR"),
|
|
|
|
|
_env_file=env_file,
|
|
|
|
|
)
|
2023-12-18 17:06:03 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class ConfigurationException(Exception):
|
|
|
|
|
pass
|
2023-06-15 16:29:12 +00:00
|
|
|
|
|
|
|
|
|
2024-03-26 12:57:14 +00:00
|
|
|
def toml_content(file_path):
|
2023-08-16 15:14:11 +00:00
|
|
|
try:
|
2024-03-26 12:57:14 +00:00
|
|
|
if sys.version_info < (3, 11): # pragma: no cover
|
|
|
|
|
import toml
|
|
|
|
|
|
|
|
|
|
return toml.load(file_path)
|
|
|
|
|
|
|
|
|
|
import tomllib
|
|
|
|
|
|
|
|
|
|
with open(file_path, "rb") as fd:
|
|
|
|
|
return tomllib.load(fd)
|
|
|
|
|
|
2023-09-01 08:46:56 +00:00
|
|
|
except ImportError:
|
2024-03-26 12:57:14 +00:00
|
|
|
raise Exception("toml library not installed. Cannot load configuration.")
|
|
|
|
|
|
|
|
|
|
|
2023-12-18 17:06:03 +00:00
|
|
|
def setup_config(app, config=None, test_config=True):
|
2024-03-26 12:57:14 +00:00
|
|
|
from canaille.oidc.installation import install
|
2023-08-16 15:14:11 +00:00
|
|
|
|
2023-06-15 16:29:12 +00:00
|
|
|
app.config.from_mapping(
|
|
|
|
|
{
|
|
|
|
|
"SESSION_COOKIE_NAME": "canaille",
|
|
|
|
|
"OAUTH2_REFRESH_TOKEN_GENERATOR": True,
|
|
|
|
|
"OAUTH2_ACCESS_TOKEN_GENERATOR": "canaille.oidc.oauth.generate_access_token",
|
|
|
|
|
}
|
|
|
|
|
)
|
2023-12-18 17:06:03 +00:00
|
|
|
if not config and "CONFIG" in os.environ:
|
|
|
|
|
config = toml_content(os.environ.get("CONFIG"))
|
2024-03-26 12:57:14 +00:00
|
|
|
|
2024-03-29 18:31:01 +00:00
|
|
|
try:
|
|
|
|
|
config_obj = settings_factory(config or {})
|
|
|
|
|
except ValidationError as exc: # pragma: no cover
|
|
|
|
|
app.logger.critical(str(exc))
|
|
|
|
|
return False
|
|
|
|
|
|
2023-12-18 17:06:03 +00:00
|
|
|
app.config.from_mapping(config_obj.model_dump())
|
2023-06-15 16:29:12 +00:00
|
|
|
|
2023-09-01 08:46:56 +00:00
|
|
|
if app.debug:
|
2023-07-01 16:46:11 +00:00
|
|
|
install(app.config, debug=True)
|
2023-06-15 16:29:12 +00:00
|
|
|
|
2023-12-18 17:06:03 +00:00
|
|
|
if test_config:
|
2023-06-15 16:29:12 +00:00
|
|
|
validate(app.config)
|
|
|
|
|
|
2024-03-29 18:31:01 +00:00
|
|
|
return True
|
|
|
|
|
|
2023-06-15 16:29:12 +00:00
|
|
|
|
2021-10-12 16:24:51 +00:00
|
|
|
def validate(config, validate_remote=False):
|
2023-12-18 17:06:03 +00:00
|
|
|
validate_keypair(config.get("CANAILLE_OIDC"))
|
|
|
|
|
validate_theme(config["CANAILLE"])
|
2021-10-28 13:24:34 +00:00
|
|
|
|
|
|
|
|
if not validate_remote:
|
|
|
|
|
return
|
|
|
|
|
|
2023-06-05 16:10:37 +00:00
|
|
|
from canaille.backends import BaseBackend
|
2022-01-11 16:57:58 +00:00
|
|
|
|
2023-06-05 16:10:37 +00:00
|
|
|
BaseBackend.get().validate(config)
|
2023-12-18 17:06:03 +00:00
|
|
|
validate_smtp_configuration(config["CANAILLE"]["SMTP"])
|
2021-10-28 13:24:34 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def validate_keypair(config):
|
2023-04-10 14:24:43 +00:00
|
|
|
if (
|
2023-12-18 17:06:03 +00:00
|
|
|
config
|
|
|
|
|
and config["JWT"]
|
|
|
|
|
and not config["JWT"]["PUBLIC_KEY"]
|
2023-07-01 16:46:11 +00:00
|
|
|
and not current_app.debug
|
2023-04-10 14:24:43 +00:00
|
|
|
):
|
2023-07-01 16:46:11 +00:00
|
|
|
raise ConfigurationException("No public key has been set")
|
2021-10-12 16:24:51 +00:00
|
|
|
|
2023-04-10 14:24:43 +00:00
|
|
|
if (
|
2023-12-18 17:06:03 +00:00
|
|
|
config
|
|
|
|
|
and config["JWT"]
|
|
|
|
|
and not config["JWT"]["PRIVATE_KEY"]
|
2023-07-01 16:46:11 +00:00
|
|
|
and not current_app.debug
|
2023-04-10 14:24:43 +00:00
|
|
|
):
|
2023-07-01 16:46:11 +00:00
|
|
|
raise ConfigurationException("No private key has been set")
|
2021-10-12 16:24:51 +00:00
|
|
|
|
2021-10-13 08:12:44 +00:00
|
|
|
|
|
|
|
|
def validate_smtp_configuration(config):
|
2023-12-18 17:06:03 +00:00
|
|
|
host = config["HOST"]
|
|
|
|
|
port = config["PORT"]
|
2021-10-13 08:12:44 +00:00
|
|
|
try:
|
2023-07-10 17:47:00 +00:00
|
|
|
with smtplib.SMTP(host=host, port=port) as smtp:
|
2023-12-18 17:06:03 +00:00
|
|
|
if config["TLS"]:
|
2021-10-13 08:12:44 +00:00
|
|
|
smtp.starttls()
|
|
|
|
|
|
2023-12-18 17:06:03 +00:00
|
|
|
if config["LOGIN"]:
|
2021-10-13 08:12:44 +00:00
|
|
|
smtp.login(
|
2023-12-18 17:06:03 +00:00
|
|
|
user=config["LOGIN"],
|
|
|
|
|
password=config["PASSWORD"],
|
2021-10-13 08:12:44 +00:00
|
|
|
)
|
|
|
|
|
except (socket.gaierror, ConnectionRefusedError) as exc:
|
|
|
|
|
raise ConfigurationException(
|
2023-07-10 17:47:00 +00:00
|
|
|
f"Could not connect to the SMTP server '{host}' on port '{port}'"
|
2021-10-13 08:12:44 +00:00
|
|
|
) from exc
|
|
|
|
|
|
|
|
|
|
except smtplib.SMTPAuthenticationError as exc:
|
|
|
|
|
raise ConfigurationException(
|
2023-12-18 17:06:03 +00:00
|
|
|
f'SMTP authentication failed with user \'{config["LOGIN"]}\''
|
2021-10-13 08:12:44 +00:00
|
|
|
) from exc
|
2021-10-12 18:36:31 +00:00
|
|
|
|
2022-12-27 17:48:55 +00:00
|
|
|
except smtplib.SMTPNotSupportedError as exc:
|
|
|
|
|
raise ConfigurationException(exc) from exc
|
|
|
|
|
|
2021-10-12 16:24:51 +00:00
|
|
|
|
2021-10-28 13:24:34 +00:00
|
|
|
def validate_theme(config):
|
|
|
|
|
if not os.path.exists(config["THEME"]) and not os.path.exists(
|
|
|
|
|
os.path.join(ROOT, "themes", config["THEME"])
|
|
|
|
|
):
|
|
|
|
|
raise ConfigurationException(f'Cannot find theme \'{config["THEME"]}\'')
|
