From a22e4a89a06bda681ba329bf73e05a7d9196efe3 Mon Sep 17 00:00:00 2001
From: Corentin LABBE <clabbe@baylibre.com>
Date: Mon, 4 Jun 2018 15:02:00 +0200
Subject: Permit to access LAVA webadmin via https

This patch permits to access LAVA webadmin via HTTPS.

Resolve SPEC-1493
---
 README.md                 |  1 +
 lava-master/settings.conf | 16 ----------------
 lavalab-gen.py            | 31 +++++++++++++++++++++++++++++++
 3 files changed, 32 insertions(+), 16 deletions(-)
 delete mode 100644 lava-master/settings.conf

diff --git a/README.md b/README.md
index 5580f06..2ea9773 100644
--- a/README.md
+++ b/README.md
@@ -214,6 +214,7 @@ This file describe how the DUTs are connected and powered.
 masters:
  - name:  lava-master	name of the master
     host: name		name of the host running lava-master (default to "local")
+    webadmin_https:	Does the LAVA webadmin is accessed via https
     users:
     - name: LAVA username
       token: The token of this user
diff --git a/lava-master/settings.conf b/lava-master/settings.conf
deleted file mode 100644
index c809e2c..0000000
--- a/lava-master/settings.conf
+++ /dev/null
@@ -1,16 +0,0 @@
-{
-    "DEBUG": false,
-    "STATICFILES_DIRS": [
-        ["lava-server", "/usr/share/pyshared/lava_server/htdocs/"]
-    ],
-    "MEDIA_ROOT": "/var/lib/lava-server/default/media",
-    "ARCHIVE_ROOT": "/var/lib/lava-server/default/archive",
-    "STATIC_ROOT": "/usr/share/lava-server/static",
-    "STATIC_URL": "/static/",
-    "MOUNT_POINT": "/",
-    "HTTPS_XML_RPC": false,
-    "LOGIN_URL": "/accounts/login/",
-    "LOGIN_REDIRECT_URL": "/",
-	"CSRF_COOKIE_SECURE": false,
-	"SESSION_COOKIE_SECURE": false
-}
diff --git a/lavalab-gen.py b/lavalab-gen.py
index 7645d08..13677c8 100755
--- a/lavalab-gen.py
+++ b/lavalab-gen.py
@@ -43,6 +43,25 @@ template_udev_devpath = string.Template("""#
 SUBSYSTEM=="tty", ATTRS{idVendor}=="${idvendor}", ATTRS{idProduct}=="${idproduct}", ATTRS{devpath}=="${devpath}", MODE="0664", OWNER="uucp", SYMLINK+="${board}"
 """)
 
+template_settings_conf = string.Template("""
+{
+    "DEBUG": false,
+    "STATICFILES_DIRS": [
+        ["lava-server", "/usr/share/pyshared/lava_server/htdocs/"]
+    ],
+    "MEDIA_ROOT": "/var/lib/lava-server/default/media",
+    "ARCHIVE_ROOT": "/var/lib/lava-server/default/archive",
+    "STATIC_ROOT": "/usr/share/lava-server/static",
+    "STATIC_URL": "/static/",
+    "MOUNT_POINT": "/",
+    "HTTPS_XML_RPC": false,
+    "LOGIN_URL": "/accounts/login/",
+    "LOGIN_REDIRECT_URL": "/",
+    "CSRF_COOKIE_SECURE": $cookie_secure,
+    "SESSION_COOKIE_SECURE": $session_cookie_secure
+}
+""")
+
 def main():
     fp = open(boards_yaml, "r")
     workers = yaml.load(fp)
@@ -83,6 +102,18 @@ def main():
         userdir = "%s/users" % workerdir
         os.mkdir(userdir)
         worker = master
+        webadmin_https = False
+        if "webadmin_https" in worker:
+            webadmin_https = worker["webadmin_https"]
+        if webadmin_https:
+            cookie_secure = "true"
+            session_cookie_secure = "true"
+        else:
+            cookie_secure = "false"
+            session_cookie_secure = "false"
+        fsettings = open("%s/settings.conf" % workerdir, 'w')
+        fsettings.write(template_settings_conf.substitute(cookie_secure=cookie_secure, session_cookie_secure=session_cookie_secure))
+        fsettings.close()
         if "users" in worker:
             for user in worker["users"]:
                 username = user["name"]
-- 
cgit 1.2.3-korg