Added config.ini

www/Dockerfile

@@ -32,6 +32,8 @@ RUN pip3 install \
 RUN ln -s /opt/nginx/nginx_warpinfra.conf /etc/nginx/sites-enabled/
 RUN rm /etc/nginx/sites-enabled/default
 
+RUN mkdir /opt/socket/
+
 COPY misc/ldapdb_base.py /usr/local/lib/python2.7/dist-packages/ldapdb/backends/ldap/base.py
 COPY misc/entrypoint.sh /opt/entrypoint.sh
 

www/conf/config.example.ini

+[debug]
+DEBUG = true
+
+[security]
+SECRET_KEY = '4m4c(_$ubwued9p-insp!950g&r0yu851bp287$2a3ydj^y=0='
+PW_RESET_TOKEN_LIFETIME = 5
+
+[ldap]
+LDAP_HOST = ldap
+LDAP_BIND_DN = cn=admin,dc=warpzone,dc=ms
+LDAP_PASSWORD = k7dAw8j2
+
+LDAP_USER_SEARCH_PATH = ou=users,dc=warpzone,dc=ms
+LDAP_GROUP_SEARCH_PATH = dc=warpzone,dc=ms
+LDAP_USER_SEARCH_FILTER = (uid=%(user)s)
+
+LDAP_GROUP_IS_ACTIVE = cn=active,ou=groups,dc=warpzone,dc=ms
+LDAP_GROUP_IS_STAFF = cn=superuser,ou=groups,ou=warpauth,ou=infrastructure,dc=warpzone,dc=ms
+LDAP_GROUP_SUPERUSER = cn=superuser,ou=groups,ou=warpauth,ou=infrastructure,dc=warpzone,dc=ms
+
+[misc]
+LOG_PATH = /var/log/
\ No newline at end of file

www/nginx/nginx_warpinfra.conf

 upstream django {
-    server unix:///tmp/warpinfra.sock;
+    server unix:///opt/socket/warpinfra.sock;
 }
 
 server {

www/nginx/uwsgi.ini

@@ -4,7 +4,7 @@ module=warpzone.wsgi:application
 master=True
 pidfile=/tmp/warpinfra.pid
 vacuum=True
-socket=/tmp/warpinfra.sock
+socket=/opt/socket/warpinfra.sock
 max-requests=5000
 daemonize=/var/log/uwsgi.log
 processes       = 10

www/run_dev.sh

@@ -6,7 +6,8 @@ docker rm warpinfra
 
 docker run \
 	-v $SCRIPTPATH/web:/opt/warpinfra \
-    -v $SCRIPTPATH/nginx:/opt/nginx \
+        -v $SCRIPTPATH/nginx:/opt/nginx \
+	-v $SCRIPTPATH/conf/config.example.ini:/etc/warpinfra/config.ini \
 	--link ldap-service:ldap \
 	--name warpinfra \
 	-p 8000:443 \

www/run_prod.sh

@@ -8,6 +8,7 @@ docker rm warpinfra
 docker run \
 	--link ldap-service:ldap \
 	--name warpinfra \
+    --volume /tmp/warpinfra:/opt/socket \
 	-p 8000:443 \
 	-itd \
 	warpinfra

www/web/warpzone/settings.py

-"""
-Django settings for FlagHunter project.
+import os
+import ldap
+import logging
+import configparser
+from django_auth_ldap.config import LDAPSearch, GroupOfNamesType, PosixGroupType
 
-Generated by 'django-admin startproject' using Django 1.8.3.
+BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 
-For more information on this file, see
-https://docs.djangoproject.com/en/1.8/topics/settings/
 
-For the full list of settings and their values, see
-https://docs.djangoproject.com/en/1.8/ref/settings/
-"""
+# READ FROM CONFIG FILE
+config = configparser.RawConfigParser()
+config.read('/etc/warpinfra/config.ini')
 
-#
-# MAIN TO DO LIST
-#
-# ToDo: Add Content Security Policy
-# ToDo: Fix UTF-8 for all Strings
 
+# LDAP
+LDAP_HOST = "ldap://"+config.get('ldap','LDAP_HOST')
+LDAP_BIND_DN = config.get('ldap','LDAP_BIND_DN')
+LDAP_PASSWORD = config.get('ldap','LDAP_PASSWORD')
 
+LDAP_USER_SEARCH_PATH = config.get('ldap','LDAP_USER_SEARCH_PATH')
+LDAP_GROUP_SEARCH_PATH = config.get('ldap','LDAP_GROUP_SEARCH_PATH')
+LDAP_USER_SEARCH_FILTER = config.get('ldap','LDAP_USER_SEARCH_FILTER')
 
-# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
-import os
-import ldap
-from django_auth_ldap.config import LDAPSearch, GroupOfNamesType, PosixGroupType
-import logging
-
-BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
+LDAP_GROUP_IS_ACTIVE = config.get('ldap','LDAP_GROUP_IS_ACTIVE')
+LDAP_GROUP_IS_STAFF = config.get('ldap','LDAP_GROUP_IS_STAFF')
+LDAP_GROUP_SUPERUSER = config.get('ldap','LDAP_GROUP_SUPERUSER')
 
+# SECURITY
+PW_RESET_TOKEN_LIFETIME = config.get('security','PW_RESET_TOKEN_LIFETIME')
+SECRET_KEY = config.get('security','SECRET_KEY')
 
-# Quick-start development settings - unsuitable for production
-# See https://docs.djangoproject.com/en/1.8/howto/deployment/checklist/
+# DEBUG
+DEBUG = config.getboolean('debug','DEBUG')
 
-# SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = '4m4c(_$ubwued9p-insp!950g&r0yu851bp287$2a3ydj^y=0='
-
-# SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = True
 
 MEDIA_ROOT = 'templates/media/'
 MEDIA_URL = '/media/'
 
 ALLOWED_HOSTS = []
 
-
-# Application definition
-
 INSTALLED_APPS = (
     'django.contrib.admin',
     'django.contrib.auth',
@@ -107,9 +101,9 @@ DATABASES = {
     },
     'ldap': {
         'ENGINE': 'ldapdb.backends.ldap',
-        'NAME': 'ldap://ldap/',
-        'USER': 'cn=admin,dc=warpzone,dc=ms',
-        'PASSWORD': 'k7dAw8j2',
+        'NAME': LDAP_HOST,
+        'USER': LDAP_BIND_DN,
+        'PASSWORD': LDAP_PASSWORD
     }
 }
 DATABASE_ROUTERS = ['ldapdb.router.Router']
@@ -117,13 +111,9 @@ DATABASE_ROUTERS = ['ldapdb.router.Router']
 # https://docs.djangoproject.com/en/1.8/topics/i18n/
 
 LANGUAGE_CODE = 'en-us'
-
 TIME_ZONE = 'Europe/Berlin'
-
 USE_I18N = True
-
 USE_L10N = True
-
 USE_TZ = False
 
 
@@ -142,38 +132,31 @@ AUTHENTICATION_BACKENDS = (
 # AUTH LDAP SETTINGS
 #
 
-#AUTH_LDAP_SERVER_URI = "ldap://s1.dyhost.de"
-AUTH_LDAP_SERVER_URI = "ldap://ldap"
-
-AUTH_LDAP_BIND_DN = "cn=admin,dc=warpzone,dc=ms"
-AUTH_LDAP_BIND_PASSWORD = "k7dAw8j2"
+AUTH_LDAP_SERVER_URI = LDAP_HOST
+AUTH_LDAP_BIND_DN = LDAP_BIND_DN
+AUTH_LDAP_BIND_PASSWORD = LDAP_PASSWORD
 
-
-AUTH_LDAP_USER_SEARCH_PATH = "ou=users,dc=warpzone,dc=ms"
-AUTH_LDAP_USER_SEARCH_FILTER = "(uid=%(user)s)"
-
-AUTH_LDAP_USER_SEARCH = LDAPSearch(AUTH_LDAP_USER_SEARCH_PATH,
-                                   ldap.SCOPE_SUBTREE, AUTH_LDAP_USER_SEARCH_FILTER)
+AUTH_LDAP_USER_SEARCH = LDAPSearch(LDAP_USER_SEARCH_PATH,
+                                   ldap.SCOPE_SUBTREE, LDAP_USER_SEARCH_FILTER)
 
 AUTH_LDAP_USER_ATTR_MAP = {"first_name": "givenName", "last_name": "sn", "email": "mail"}
 AUTH_LDAP_PROFILE_ATTR_MAP = {"home_directory": "homeDirectory"}
 
-AUTH_LDAP_GROUP_SEARCH_PATH = "dc=warpzone,dc=ms"
-AUTH_LDAP_GROUP_SEARCH = LDAPSearch(AUTH_LDAP_GROUP_SEARCH_PATH,
+
+AUTH_LDAP_GROUP_SEARCH = LDAPSearch(LDAP_GROUP_SEARCH_PATH,
                                     ldap.SCOPE_SUBTREE, "(objectClass=posixGroup)"
                                     )
 
 AUTH_LDAP_GROUP_TYPE = PosixGroupType()
 
+
 AUTH_LDAP_USER_FLAGS_BY_GROUP = {
-    "is_active": "cn=active,ou=groups,dc=warpzone,dc=ms",
-    "is_staff": ["cn=superuser,ou=groups,ou=warpauth,ou=infrastructure,dc=warpzone,dc=ms",
-                 "cn=superuser,ou=groups,ou=warpauth,ou=infrastructure,dc=warpzone,dc=ms"],
-    "is_superuser": "cn=superuser,ou=groups,ou=warpauth,ou=infrastructure,dc=warpzone,dc=ms"
+    "is_active": LDAP_GROUP_IS_ACTIVE,
+    "is_staff": [LDAP_GROUP_IS_STAFF, LDAP_GROUP_SUPERUSER],
+    "is_superuser": LDAP_GROUP_SUPERUSER
 }
 
 AUTH_LDAP_FIND_GROUP_PERMS = True
-
 AUTH_LDAP_CACHE_GROUPS = True
 AUTH_LDAP_GROUP_CACHE_TIMEOUT = 10
 
@@ -185,20 +168,6 @@ hdlr.setFormatter(formatter)
 logger.addHandler(hdlr) 
 logger.setLevel(logging.DEBUG)
 
-logger1 = logging.getLogger('main')
-hdlr = logging.FileHandler('/tmp/main.log')
-formatter = logging.Formatter('%(asctime)s %(levelname)s %(message)s')
-hdlr.setFormatter(formatter)
-logger1.addHandler(hdlr) 
-logger1.setLevel(logging.DEBUG)
-
-#
-# MISC
-#
-
-# Lifetime of Password Reset Token in Minutes
-PW_RESET_TOKEN_LIFETIME = 5
-
 STATIC_URL = '/static/'
 STATIC_ROOT = os.path.join(BASE_DIR, "static")