From 771fccb3272a6b0e7094165689487cb696271e32 Mon Sep 17 00:00:00 2001 From: Pierre-Yves Chibon Date: Apr 01 2015 08:20:54 +0000 Subject: Adjust example configuration file and default configuration Adjust the local login controller as well to make it use the flask configuration key --- diff --git a/files/pagure.cfg.sample b/files/pagure.cfg.sample index 5f8c0ea..bde6b0d 100644 --- a/files/pagure.cfg.sample +++ b/files/pagure.cfg.sample @@ -1,4 +1,11 @@ +### Set the time after which the admin session expires +# There are two sessions on pagure, login that holds for 31 days and +# the session defined here after which an user has to re-login. +# This session is used when accessing all administrative parts of pagure +# (ie: changing a project's or a user's settings) +ADMIN_SESSION_LIFETIME = timedelta(minutes=20) + ### Secret key for the Flask application SECRET_KEY='' @@ -8,16 +15,23 @@ SECRET_KEY='' DB_URL = 'sqlite:////var/tmp/pagure_dev.sqlite' ### The FAS group in which the admin of pagure are -ADMIN_GROUP = ['sysadmin-main', 'sysadmin-cvs'] +ADMIN_GROUP = ['sysadmin-main'] ### The email address to which the flask.log will send the errors (tracebacks) EMAIL_ERROR = 'pingou@pingoured.fr' +### Default SMTP server to use for sending emails +SMTP_SERVER = 'localhost' + +### Email used to sent emails +FROM_EMAIL = 'pagure@pagure.io' + ### The URL at which the project is available. -APP_URL = 'https://fedorahosted.org/pagure/' +APP_URL = 'https://pagure.io/' ### The URL to use to clone git repositories. -GIT_URL = 'git@pagure.fedorahosted.org' +GIT_URL_SSH = 'git@pagure.io' +GIT_URL_GIT = 'git://pagure.io' ### Folder containing to the git repos GIT_FOLDER = os.path.join( @@ -39,6 +53,12 @@ DOCS_FOLDER = os.path.join( '..', 'docs' ) +### Folder containing the pull-requests repos +REQUESTS_FOLDER = os.path.join( + os.path.abspath(os.path.dirname(__file__)), + '..', + 'requests' +) ### Configuration file for gitolite GITOLITE_CONFIG = os.path.join( @@ -62,15 +82,49 @@ GL_RC = None GL_BINDIR = None - # Optional configuration -### Default SMTP server to use for sending emails -#SMTP_SERVER = 'localhost' +### Number of items displayed per page +# Used when listing items +ITEM_PER_PAGE = 50 -### Email used to sent emails -#FROM_EMAIL = 'pagure@fedoraproject.org' +### Maximum size of the uploaded content +# Used to limit the size of file attached to a ticket for example +MAX_CONTENT_LENGTH = 4 * 1024 * 1024 # 4 megabytes + +### Lenght for short commits ids or file hex +SHORT_LENGTH = 6 + +### List of blacklisted project names that can conflicts for pagure's URLs +### or other +BLACKLISTED_PROJECTS = ['static', 'pv'] + + +# Authentication related configuration option + +### Switch the authentication method +# Specify which authentication method to use, defaults to `fas` can be or +# `local` +# Default: ``fas``. +PAGURE_AUTH = 'fas' + +# When this is set to True, the session cookie will only be returned to the +# server via ssl (https). If you connect to the server via plain http, the +# cookie will not be sent. This prevents sniffing of the cookie contents. +# This may be set to False when testing your application but should always +# be set to True in production. +# Default: ``True``. +SESSION_COOKIE_SECURE = False + +# The name of the cookie used to store the session id. +# Default: ``.pagure``. +SESSION_COOKIE_NAME = 'pagure' + +# Boolean specifying wether to check the user's IP address when retrieving +# its session. This make things more secure (thus is on by default) but +# under certain setup it might not work (for example is there are proxies +# in front of the application). +CHECK_SESSION_IP = True -### the number of items (packages, packagers..) to display on the search -### pages -ITEMS_PER_PAGE = 50 +# Used by SESSION_COOKIE_PATH +APPLICATION_ROOT = '/' diff --git a/pagure/default_config.py b/pagure/default_config.py index 117026f..19e6795 100644 --- a/pagure/default_config.py +++ b/pagure/default_config.py @@ -1,7 +1,7 @@ # -*- coding: utf-8 -*- """ - (c) 2014 - Copyright Red Hat Inc + (c) 2014-2015 - Copyright Red Hat Inc Authors: Pierre-Yves Chibon @@ -112,11 +112,11 @@ PAGURE_AUTH = 'fas' # This may be set to False when testing your application but should always # be set to True in production. # Default: ``True``. -PAGURE_COOKIE_REQUIRES_HTTPS = False +SESSION_COOKIE_SECURE = False # The name of the cookie used to store the session id. -# Default: ``.MirrorManager``. -PAGURE_COOKIE_NAME = 'pagure' +# Default: ``pagure``. +SESSION_COOKIE_PATH = 'pagure' # If not specified the application will rely on the root_url when sending # emails, otherwise it will use this URL @@ -132,9 +132,6 @@ CHECK_SESSION_IP = True # Lenght for short commits ids or file hex SHORT_LENGTH = 6 -# Make browsers send session cookie only via HTTPS -SESSION_COOKIE_SECURE = False - # Used by SESSION_COOKIE_PATH APPLICATION_ROOT = '/' diff --git a/pagure/ui/login.py b/pagure/ui/login.py index ec5cb6a..4c1aaa1 100644 --- a/pagure/ui/login.py +++ b/pagure/ui/login.py @@ -486,7 +486,7 @@ def logout(): def _check_session_cookie(): """ Set the user into flask.g if the user is logged in. """ - cookie_name = APP.config.get('PAGURE_COOKIE_NAME', 'pagure') + cookie_name = APP.config.get('SESSION_COOKIE_NAME', 'pagure') session_id = None user = None @@ -521,8 +521,8 @@ def _check_session_cookie(): def _send_session_cookie(response): """ Set the session cookie if the user is authenticated. """ - cookie_name = APP.config.get('PAGURE_COOKIE_NAME', 'pagure') - secure = APP.config.get('PAGURE_COOKIE_REQUIRES_HTTPS', True) + cookie_name = APP.config.get('SESSION_COOKIE_NAME', 'pagure') + secure = APP.config.get('SESSION_COOKIE_SECURE', True) response.set_cookie( key=cookie_name,