Debrand: add the branding config variable

ZaPF · Oct 27, 2020 · 9413217 · 9413217
1 parent 5786495
commit 9413217
Show file tree

Hide file tree

Showing 9 changed files with 44 additions and 35 deletions.
diff --git a/app/templates/base.html b/app/templates/base.html
@@ -18,7 +18,7 @@
         <span class="icon-bar"></span>
       </button>
       <a class="navbar-brand" href="{{url_for('user.home')}}">
-        <span class="glyphicon glyphicon-lock" aria-hidden="true"></span> ZaPF-Auth
+        <span class="glyphicon glyphicon-lock" aria-hidden="true"></span> {{config["BRANDING"]}}
       </a>
     </div>
 

diff --git a/app/user/helpers.py b/app/user/helpers.py
@@ -4,7 +4,7 @@
 
 def send_password_reset_mail(user):
     msg = Message(
-        "ZaPF-Auth-System: Passwort zurücksetzen",
+        f"{current_app.config['BRANDING']}: Passwort zurücksetzen",
         recipients=[user.mail],
         sender=current_app.config["MAIL_DEFAULT_SENDER"],
     )
@@ -24,16 +24,16 @@ def send_password_reset_mail(user):
 Der Link ist für 1 Tag gültig.
 
 Viele Grüße
-Dein ZaPF-Auth-System""".format(
-        user, url
+Dein {2}}""".format(
+        user, url, current_app.config["BRANDING"]
     )
 
     current_app.mail.send(msg)
 
 
 def send_confirm_mail(user):
     msg = Message(
-        "ZaPF-Auth-System: E-Mail bestätigen",
+        f"{current_app.config['BRANDING']}: E-Mail bestätigen",
         recipients=[user.mail],
         sender=current_app.config["MAIL_DEFAULT_SENDER"],
     )
@@ -53,8 +53,8 @@ def send_confirm_mail(user):
 Der Link ist für 1 Tag gültig.
 
 Viele Grüße
-Dein ZaPF-Auth-System""".format(
-        user, url
+Dein {2}}""".format(
+        user, url, current_app.config["BRANDING"]
     )
 
     current_app.mail.send(msg)
diff --git a/config.py b/config.py
@@ -6,6 +6,7 @@
 class Config:
     FLASK_COVERAGE = 0
     MOCKSERVER = False
+    BRANDING = "Auth"
     LDAP_HOST = "localhost"
     LDAP_PORT = 8369
     LDAP_BASE_DN = "dc=my-domain,dc=com"
@@ -34,8 +35,7 @@ class Config:
     ]
 
     MAIL_USE_TLS = True
-    MAIL_DEFAULT_SENDER = "[email protected]"
-    MAIL_NEXT_ZAPF_ORGA = "[email protected]"
+    MAIL_DEFAULT_SENDER = "[email protected]"
 
     CACHE_TYPE = "simple"
 
@@ -50,11 +50,20 @@ def init_app(app):
 
 
 class DevelopmentConfig(Config):
+    print(" * Using development config!")
+
     SECRET_KEY = "secrets"
     DEBUG = True
     RECAPTCHA_PUBLIC_KEY = "6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI"
     RECAPTCHA_PRIVATE_KEY = "6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe"
     RECAPTCHA_USE_SSL = False
+
+    LDAP_BASE_DN = "dc=example,dc=com"
+    LDAP_BIND_USER_DN = "uid=auth,dc=example,dc=com"
+    LDAP_BIND_USER_PASSWORD = "test"
+    import ldap3
+
+    PASSWORD_HASHING_FUNC = ldap3.HASHED_SALTED_SHA
     # MOCKSERVER = True
 
 

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -3,8 +3,8 @@ services:
   openldap:
     image: osixia/openldap
     environment:
-      LDAP_ORGANISATION: "ZaPF"
-      LDAP_DOMAIN: "zapf.in"
+      LDAP_ORGANISATION: "Example Org."
+      LDAP_DOMAIN: "example.com"
       LDAP_BACKEND: "mdb"
     expose:
       - "389"
@@ -22,9 +22,9 @@ services:
     command: --copy-service
   auth:
     build: .
-    image: zapf-auth:latest
+    image: auth:latest
     ports:
-      - "80"
+      - "5000:80"
     volumes:
       - type: bind
         source: ./docker/auth.conf

diff --git a/docker.md b/docker.md
@@ -13,24 +13,24 @@ An OpenLDAP server is provided using the [osixia/openldap] docker image.
 
 **Make sure to change the passwords for the following default accounts:**
 
-The admin DN for the main tree at `dc=zapf,dc=in` is `cn=admin,dc=zapf,dc=in`
+The admin DN for the main tree at `dc=example,dc=com` is `cn=admin,dc=example,dc=com`
 with the password specified in `LDAP_ADMIN_PASSWORD` environment variable.
 This defaults to `admin`.
 
 The admin DN for the config tree at `cn=config` is `cn=admin,cn=config` with
 the password specified in `LDAP_CONFIG_PASSWORD`.
 This defaults to `config`.
 
-The bind user for the auth application is `uid=zapf-auth,dc=zapf,dc=in`.
+The bind user for the auth application is `uid=auth,dc=example,dc=com`.
 The password is specified in the
 [`docker/bootstrap_openldap/ldif/bootstrap.ldif`] file.
 This defaults to `test`.
 When changing this password, hash it using `slappasswd`.
 
 ### Tree Structure
 
-The OU entries for `ou=people,dc=zapf,dc=in`, `ou=groups,dc=zapf,dc=in` and
-`ou=oauth,dc=zapf,dc=in` are created on startup.
+The OU entries for `ou=people,dc=example,dc=com`, `ou=groups,dc=example,dc=com` and
+`ou=oauth,dc=example,dc=com` are created on startup.
 
 ## App configuration
 
@@ -46,8 +46,8 @@ BOOTSTRAP_SERVE_LOCAL = True
 # LDAP
 LDAP_HOST = 'openldap'
 LDAP_PORT = 389
-LDAP_BASE_DN = 'dc=zapf,dc=in'
-LDAP_BIND_USER_DN = 'uid=zapf-auth,dc=zapf,dc=in'
+LDAP_BASE_DN = 'dc=example,dc=com'
+LDAP_BIND_USER_DN = 'uid=auth,dc=example,dc=com'
 LDAP_BIND_USER_PASSWORD = 'test'
 import ldap3
 PASSWORD_HASHING_FUNC = ldap3.HASHED_SALTED_SHA
@@ -62,7 +62,7 @@ MAIL_SERVER='smtp.example.org'
 MAIL_PORT=465
 MAIL_USE_TLS = False
 MAIL_USE_SSL=True
-MAIL_USERNAME='zapf-auth-sender'
+MAIL_USERNAME='auth-sender'
 MAIL_PASSWORD='CHANGEME'
 
 # To prevent open redirects in OAuth logout

diff --git a/docker/bootstrap_openldap/acl.ldif b/docker/bootstrap_openldap/acl.ldif
@@ -5,9 +5,9 @@ delete: olcAccess
 add: olcAccess
 olcAccess: {0}to dn.exact="" by * read
 olcAccess: {1}to dn.base="cn=Subschema" by * read
-olcAccess: {2}to attrs=userpassword by self =xw by dn.base="uid=zapf-auth,dc=zapf,dc=in" break by anonymous auth by * none
-olcAccess: {3}to dn.subtree="ou=users,dc=zapf,dc=in" by self write by dn.base="uid=zapf-auth,dc=zapf,dc=in" write by dn.subtree="ou=users,dc=zapf,dc=in" search
-olcAccess: {4}to dn.children="ou=groups,dc=zapf,dc=in" attrs=cn,entry by dn.base="uid=zapf-auth,dc=zapf,dc=in" break by dnattr=member read
-olcAccess: {5}to dn.subtree="ou=groups,dc=zapf,dc=in" by dn.base="uid=zapf-auth,dc=zapf,dc=in" write by dn.subtree="ou=users,dc=zapf,dc=in" search
-olcAccess: {6}to dn.subtree="ou=oauth2,dc=zapf,dc=in" by dn.base="uid=zapf-auth,dc=zapf,dc=in" write
-olcAccess: {7}to dn.subtree="dc=zapf,dc=in" by dn.base="uid=zapf-auth,dc=zapf,dc=in" search
+olcAccess: {2}to attrs=userpassword by self =xw by dn.base="uid=auth,dc=example,dc=com" break by anonymous auth by * none
+olcAccess: {3}to dn.subtree="ou=users,dc=example,dc=com" by self write by dn.base="uid=auth,dc=example,dc=com" write by dn.subtree="ou=users,dc=example,dc=com" search
+olcAccess: {4}to dn.children="ou=groups,dc=example,dc=com" attrs=cn,entry by dn.base="uid=auth,dc=example,dc=com" break by dnattr=member read
+olcAccess: {5}to dn.subtree="ou=groups,dc=example,dc=com" by dn.base="uid=auth,dc=example,dc=com" write by dn.subtree="ou=users,dc=example,dc=com" search
+olcAccess: {6}to dn.subtree="ou=oauth2,dc=example,dc=com" by dn.base="uid=auth,dc=example,dc=com" write
+olcAccess: {7}to dn.subtree="dc=example,dc=com" by dn.base="uid=auth,dc=example,dc=com" search
diff --git a/docker/bootstrap_openldap/ldif/bootstrap.ldif b/docker/bootstrap_openldap/ldif/bootstrap.ldif
@@ -1,25 +1,25 @@
-dn: uid=zapf-auth,dc=zapf,dc=in
+dn: uid=auth,dc=example,dc=com
 changetype: add
-uid: zapf-auth
+uid: auth
 objectClass: top
 objectClass: simpleSecurityObject
 objectClass: account
 description: Bind user for ZaPF-Auth
 userPassword: {SSHA}98H1A4YLoIZaceCtVoXIekAalnwlFsQd
 
-dn: ou=groups,dc=zapf,dc=in
+dn: ou=groups,dc=example,dc=com
 changetype: add
 objectClass: organizationalUnit
 ou: groups
 description: Automagically added by quasisentient sanity checks
 
-dn: ou=users,dc=zapf,dc=in
+dn: ou=users,dc=example,dc=com
 changetype: add
 objectClass: organizationalUnit
 ou: users
 description: Automagically added by quasisentient sanity checks
 
-dn: ou=oauth2,dc=zapf,dc=in
+dn: ou=oauth2,dc=example,dc=com
 changetype: add
 objectClass: organizationalUnit
 ou: oauth2

diff --git a/docker/test.conf b/docker/test.conf
@@ -5,8 +5,8 @@ BOOTSTRAP_SERVE_LOCAL = True
 # LDAP
 LDAP_HOST = 'openldap'
 LDAP_PORT = 389
-LDAP_BASE_DN = 'dc=zapf,dc=in'
-LDAP_BIND_USER_DN = 'uid=zapf-auth,dc=zapf,dc=in'
+LDAP_BASE_DN = 'dc=example,dc=com'
+LDAP_BIND_USER_DN = 'uid=auth,dc=example,dc=com'
 LDAP_BIND_USER_PASSWORD = 'test'
 import ldap3
 PASSWORD_HASHING_FUNC = ldap3.HASHED_SALTED_SHA
@@ -21,7 +21,7 @@ MAIL_SERVER='smtp.example.org'
 MAIL_PORT=465
 MAIL_USE_TLS = False
 MAIL_USE_SSL=True
-MAIL_USERNAME='zapf-auth-sender'
+MAIL_USERNAME='auth-sender'
 MAIL_PASSWORD='CHANGEME'
 
 # To prevent open redirects in OAuth logout

diff --git a/manage.py b/manage.py
@@ -4,7 +4,7 @@
 from flask_migrate import Migrate, MigrateCommand
 from app.db import db
 
-app = create_app()
+app = create_app("development")
 manager = Manager(app)
 migrate = Migrate(app, db)