forked from Github-Mirrors/canaille
updates configuration and config.sample and demo config files toinclude new parameters. adds new tests for configuration condition.
This commit is contained in:
parent
d10497d3d2
commit
9b8f8e9cd4
10 changed files with 68 additions and 4 deletions
|
@ -173,6 +173,7 @@ def setup_config(app, config=None, test_config=True, env_file=".env", env_prefix
|
|||
def validate(config, validate_remote=False):
|
||||
validate_keypair(config.get("CANAILLE_OIDC"))
|
||||
validate_theme(config["CANAILLE"])
|
||||
validate_admin_email(config["CANAILLE"])
|
||||
|
||||
if not validate_remote:
|
||||
return
|
||||
|
@ -234,3 +235,10 @@ def validate_theme(config):
|
|||
os.path.join(ROOT, "themes", config["THEME"])
|
||||
):
|
||||
raise ConfigurationException(f'Cannot find theme \'{config["THEME"]}\'')
|
||||
|
||||
|
||||
def validate_admin_email(config):
|
||||
if config["ENABLE_PASSWORD_COMPROMISSION_CHECK"] and config["ADMIN_EMAIL"] is None:
|
||||
raise ConfigurationException(
|
||||
"You must set an administration email if you want to check if users' passwords are compromised."
|
||||
)
|
||||
|
|
|
@ -42,7 +42,7 @@ SECRET_KEY = "change me before you go in production"
|
|||
# By default, this is true if SMTP is configured, else this is false.
|
||||
# If explicitly set to true and SMTP is disabled, the email field
|
||||
# will be read-only.
|
||||
# EMAIL_CONFIRMATION =
|
||||
# EMAIL_CONFIRMATION = True
|
||||
|
||||
# If ENABLE_REGISTRATION is true, then users can freely create an account
|
||||
# at this instance. If email verification is available, users must confirm
|
||||
|
@ -74,6 +74,28 @@ SECRET_KEY = "change me before you go in production"
|
|||
# - if this is a string, it is passed to the python fileConfig method
|
||||
# https://docs.python.org/3/library/logging.config.html#logging.config.fileConfig
|
||||
|
||||
# Minimum length for user password.
|
||||
# It is possible not to set a minimum, by entering None or 0.
|
||||
# MIN_PASSWORD_LENGTH = 8
|
||||
|
||||
# Maximum length for user password.
|
||||
# There is a technical limit with passlib used by sql database of 4096
|
||||
# characters. If the value entered is 0 or None, or greater than 4096,
|
||||
# then 4096 will be retained.
|
||||
# MAX_PASSWORD_LENGTH = 1000
|
||||
|
||||
# Administration email contact.
|
||||
# In certain special cases (example : questioning about password
|
||||
# corruption), it is necessary to provide an administration contact
|
||||
# email.
|
||||
# ADMIN_EMAIL = "admin@mydomain.tld"
|
||||
|
||||
# If :py:data:`True`, Canaille will check for password compromise on HIBP
|
||||
# every time a new password is register.
|
||||
# (https://haveibeenpwned.com/)
|
||||
# ENABLE_PASSWORD_COMPROMISSION_CHECK = False
|
||||
|
||||
|
||||
# [CANAILLE_SQL]
|
||||
# The SQL database connection string
|
||||
# Details on https://docs.sqlalchemy.org/en/20/core/engines.html
|
||||
|
|
|
@ -313,7 +313,7 @@ class CoreSettings(BaseModel):
|
|||
then 4096 will be retained.
|
||||
"""
|
||||
|
||||
ADMIN_EMAIL: str = None
|
||||
ADMIN_EMAIL: str | None = None
|
||||
"""Administration email contact.
|
||||
|
||||
In certain special cases (example : questioning about password
|
||||
|
@ -322,6 +322,8 @@ class CoreSettings(BaseModel):
|
|||
"""
|
||||
|
||||
ENABLE_PASSWORD_COMPROMISSION_CHECK: bool = False
|
||||
"""Enable to check for password compromise on HIBP.
|
||||
"""If :py:data:`True`, Canaille will check for password compromise on HIBP
|
||||
every time a new password is register.
|
||||
|
||||
(https://haveibeenpwned.com/)
|
||||
"""
|
||||
|
|
|
@ -7,6 +7,7 @@ LOGO = "/static/img/canaille-head.webp"
|
|||
FAVICON = "/static/img/canaille-c.webp"
|
||||
EMAIL_CONFIRMATION = false
|
||||
ENABLE_REGISTRATION = true
|
||||
ADMIN_EMAIL = "admin@mydomain.tld"
|
||||
|
||||
[CANAILLE_LDAP]
|
||||
URI = "ldap://ldap:389"
|
||||
|
|
|
@ -7,6 +7,7 @@ LOGO = "/static/img/canaille-head.webp"
|
|||
FAVICON = "/static/img/canaille-c.webp"
|
||||
EMAIL_CONFIRMATION = false
|
||||
ENABLE_REGISTRATION = true
|
||||
ADMIN_EMAIL = "admin@mydomain.tld"
|
||||
|
||||
[CANAILLE.ACL.DEFAULT]
|
||||
PERMISSIONS = ["edit_self", "use_oidc"]
|
||||
|
|
|
@ -7,6 +7,7 @@ LOGO = "/static/img/canaille-head.webp"
|
|||
FAVICON = "/static/img/canaille-c.webp"
|
||||
EMAIL_CONFIRMATION = false
|
||||
ENABLE_REGISTRATION = true
|
||||
ADMIN_EMAIL = "admin@mydomain.tld"
|
||||
|
||||
[CANAILLE_SQL]
|
||||
DATABASE_URI = "sqlite:///demo.sqlite"
|
||||
|
|
|
@ -6,6 +6,7 @@ LOGO = "/static/img/canaille-head.webp"
|
|||
FAVICON = "/static/img/canaille-c.webp"
|
||||
EMAIL_CONFIRMATION = false
|
||||
ENABLE_REGISTRATION = true
|
||||
ADMIN_EMAIL = "admin@mydomain.tld"
|
||||
|
||||
[CANAILLE.LOGGING]
|
||||
version = 1
|
||||
|
|
|
@ -6,6 +6,7 @@ LOGO = "/static/img/canaille-head.webp"
|
|||
FAVICON = "/static/img/canaille-c.webp"
|
||||
EMAIL_CONFIRMATION = false
|
||||
ENABLE_REGISTRATION = true
|
||||
ADMIN_EMAIL = "admin@mydomain.tld"
|
||||
|
||||
[CANAILLE.LOGGING]
|
||||
version = 1
|
||||
|
|
|
@ -6,6 +6,7 @@ LOGO = "/static/img/canaille-head.webp"
|
|||
FAVICON = "/static/img/canaille-c.webp"
|
||||
EMAIL_CONFIRMATION = false
|
||||
ENABLE_REGISTRATION = true
|
||||
ADMIN_EMAIL = "admin@mydomain.tld"
|
||||
|
||||
[CANAILLE.LOGGING]
|
||||
version = 1
|
||||
|
|
|
@ -203,3 +203,29 @@ def test_invalid_theme(configuration, backend):
|
|||
config_obj = settings_factory(configuration)
|
||||
config_dict = config_obj.model_dump()
|
||||
validate(config_dict, validate_remote=False)
|
||||
|
||||
|
||||
def test_enable_password_compromission_check_with_and_without_admin_email(
|
||||
configuration, backend
|
||||
):
|
||||
configuration["CANAILLE"]["ENABLE_PASSWORD_COMPROMISSION_CHECK"] = False
|
||||
configuration["CANAILLE"]["ADMIN_EMAIL"] = None
|
||||
config_obj = settings_factory(configuration)
|
||||
config_dict = config_obj.model_dump()
|
||||
validate(config_dict, validate_remote=False)
|
||||
|
||||
configuration["CANAILLE"]["ENABLE_PASSWORD_COMPROMISSION_CHECK"] = True
|
||||
configuration["CANAILLE"]["ADMIN_EMAIL"] = "admin_default_mail@mymail.com"
|
||||
config_obj = settings_factory(configuration)
|
||||
config_dict = config_obj.model_dump()
|
||||
validate(config_dict, validate_remote=False)
|
||||
|
||||
with pytest.raises(
|
||||
ConfigurationException,
|
||||
match=r"You must set an administration email if you want to check if users' passwords are compromised.",
|
||||
):
|
||||
configuration["CANAILLE"]["ENABLE_PASSWORD_COMPROMISSION_CHECK"] = True
|
||||
configuration["CANAILLE"]["ADMIN_EMAIL"] = None
|
||||
config_obj = settings_factory(configuration)
|
||||
config_dict = config_obj.model_dump()
|
||||
validate(config_dict, validate_remote=False)
|
||||
|
|
Loading…
Reference in a new issue