Commit 36fa098b authored by jocelyn's avatar jocelyn

Rend configurable les modes de transmission des secrets VPN

- en mode crypto-link : affiche un message plutôt que rien lorsque le matériel
  crypto n'a pas encore été généré
- en mode password (illyse) : affiche le bouton de génération du password même
  si le password est actuellement vide

ATTENTION : penser à définir la setting si vous utilisez crypto-link (coucou ARN).

Fix #212 (régression)
parent b8790676
......@@ -421,6 +421,18 @@ See also [using optional apps](#using-optional-apps).
- `{email}`: the mail address of the list
- `{short_name}`: the list name
#### vpn
- `VPN_SECRETS_TRANSMISSION_METHOD` : how are VPN secrets transmited to
subscriber ? Two values are currently supported :
- `gen-password-and-forget` (default, used by Illyse) : generate a
password, push it to LDAP (which holds VPN auth), displays it to user and
forget it.
- `crypto-link` (used by ARN) : credentials are generated by an admin
outside coin, and put on an encrypted burn-after-reading web page, whom
URL is filled-in coin.
Accounting logs
---------------
......
......@@ -327,6 +327,9 @@ MEMBER_CAN_EDIT_VPS_CONF = True
# Allow user to edit their VPN Info
MEMBER_CAN_EDIT_VPN_CONF = True
# vpn app settings : how do we transmit the VPN secrets to subscriber ?
VPN_SECRETS_TRANSMISSION_METHOD = 'gen-password-and-forget'
# Account registration
# Allow visitor to join the association by register on COIN
REGISTRATION_OPEN = False
......
......@@ -4,6 +4,7 @@ from __future__ import unicode_literals
from django.db import models
from django.core.exceptions import ValidationError
from django.conf import settings
from django.core.exceptions import ImproperlyConfigured
from django.core.urlresolvers import reverse
from netfields import InetAddressField, NetManager
import ldapdb.models
......@@ -48,6 +49,17 @@ class VPNConfiguration(CoinLdapSyncMixin, Configuration):
null=True, help_text="Lien à usage unique (détruit après ouverture)")
objects = NetManager()
METHOD_CRYPTO_LINK = 'crypto-link'
METHOD_GEN_PASSWORD_AND_FORGET = 'gen-password-and-forget'
SECRETS_TRANSMISSION_METHOD = settings.VPN_SECRETS_TRANSMISSION_METHOD
if SECRETS_TRANSMISSION_METHOD not in (
METHOD_CRYPTO_LINK, METHOD_GEN_PASSWORD_AND_FORGET):
raise ImproperlyConfigured(
'Invalid value for VPN_SECRETS_TRANSMISSION_METHOD setting: {}'.format(
SECRETS_TRANSMISSION_METHOD))
def get_absolute_url(self):
return reverse('vpn:details', args=[str(self.pk)])
......
......@@ -32,18 +32,26 @@
<td class="center"><span class="label">Identifiant</span></td>
<td>{{object.login}}</td>
</tr>
{% if object.password %}
{% if object.SECRETS_TRANSMISSION_METHOD == object.METHOD_GEN_PASSWORD_AND_FORGET %}
<tr>
<td class="center" colspan="2">
<a class="button tiny radius" id="passgen" href="{% url 'vpn:generate_password' object.pk %}"><i class="fa fa-refresh"></i>
Générer un nouveau mot de passe</a>
Générer un nouveau mot de passe</a>
</td>
</tr>
{% endif %}
{% if object.crypto_link %}
{% if object.SECRETS_TRANSMISSION_METHOD == object.METHOD_CRYPTO_LINK %}
<tr>
<td class="center"><span class="label">Matériel cryptographique</span></td>
<td><a href="{{object.crypto_link}}">Télecharger (lien supprimé après ouverture)</a></td>
<td>
{% if object.crypto_link %}
<a href="{{object.crypto_link}}">Télecharger (lien supprimé après ouverture)</a>
{% else %}
Ton matériel cryptographique n'a pas encore été généré.
{% endif %}
</td>
</tr>
{% endif %}
<tr class="flatfield">
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment