fix: mise à jour settings pour la prod / correction CORS

Back-End/N3wtSchool/error.py

@@ -1,4 +1,5 @@
 from typing import Final
+from N3wtSchool import settings
 
 WRONG_ID: Final = 1
 INCOMPLETE: Final = 2
@@ -8,11 +9,14 @@ DIFFERENT_PASWWORD: Final = 5
 PROFIL_NOT_EXISTS: Final = 6
 MESSAGE_REINIT_PASSWORD: Final = 7
 EXPIRED_URL: Final = 8
-PASSWORD_CHANGED: Final = 8
+PASSWORD_CHANGED: Final = 9
-WRONG_MAIL_FORMAT: Final = 9
+WRONG_MAIL_FORMAT: Final = 10
-PROFIL_INACTIVE: Final = 10
+PROFIL_INACTIVE: Final = 11
-MESSAGE_ACTIVATION_PROFILE: Final = 11
+MESSAGE_ACTIVATION_PROFILE: Final = 12
-PROFIL_ACTIVE: Final = 12
+PROFIL_ACTIVE: Final = 13
+
+def get_expired_url_message():
+    return f"L'URL a expiré. Effectuer à nouveau la demande de réinitialisation de mot de passe : {settings.BASE_URL}/password/new"
 
 returnMessage = {
     WRONG_ID:'Identifiants invalides',
@@ -22,7 +26,7 @@ returnMessage = {
     DIFFERENT_PASWWORD: 'Les mots de passe ne correspondent pas',
     PROFIL_NOT_EXISTS: 'Aucun profil associé à cet utilisateur',
     MESSAGE_REINIT_PASSWORD: 'Un mail a été envoyé à l\'adresse \'%s\'',
-    EXPIRED_URL:'L\'URL a expiré. Effectuer à nouveau la demande de réinitialisation de mot de passe : http://localhost:3000/password/new',
+    EXPIRED_URL: get_expired_url_message(),
     PASSWORD_CHANGED: 'Le mot de passe a été réinitialisé',
     WRONG_MAIL_FORMAT: 'L\'adresse mail est mal formatée',
     PROFIL_INACTIVE: 'Le profil n\'est pas actif',

Back-End/N3wtSchool/middleware.py

@@ -1,8 +1,11 @@
+from django.conf import settings
+
+
 class ContentSecurityPolicyMiddleware:
     def __init__(self, get_response):
         self.get_response = get_response
 
     def __call__(self, request):
         response = self.get_response(request)
-        response['Content-Security-Policy'] = "frame-ancestors 'self' http://localhost:3000"
+        response['Content-Security-Policy'] = f"frame-ancestors 'self' {settings.BASE_URL}"
         return response

Back-End/N3wtSchool/settings.py

@@ -32,11 +32,8 @@ LOGIN_REDIRECT_URL = '/Subscriptions/registerForms'
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/5.0/howto/deployment/checklist/
 
-# SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = 'django-insecure-afjm6kvigncxzx6jjjf(qb0n(*qvi#je79r=gqflcn007d_ve9'
-
 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = True
+DEBUG = os.getenv('DJANGO_DEBUG', True)
 
 ALLOWED_HOSTS = ['*']
 
@@ -212,8 +209,6 @@ USE_I18N = True
 # Static files (CSS, JavaScript, Images)
 # https://docs.djangoproject.com/en/5.0/howto/static-files/
 
-DEBUG = True
-
 STATIC_URL = 'static/'
 
 STATICFILES_DIRS = [
@@ -233,33 +228,18 @@ DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
 ########################################################################
 
 
-
-DJANGO_SUPERUSER_PASSWORD='admin'
-DJANGO_SUPERUSER_USERNAME='admin'
-DJANGO_SUPERUSER_EMAIL='admin@n3wtschool.com'
 # Configuration de l'email de l'application
-smtp_config_file = 'N3wtSchool/Configuration/application.json'
+EMAIL_HOST = os.getenv('EMAIL_HOST', 'smtp.example.com')
-
+EMAIL_PORT = os.getenv('EMAIL_PORT', 587)
-if os.path.exists(smtp_config_file):
+EMAIL_HOST_USER = os.getenv('EMAIL_HOST_USER', '')
-    try:
+EMAIL_HOST_PASSWORD = os.getenv('EMAIL_HOST_PASSWORD', '')
-        with open(smtp_config_file, 'r') as f:
+EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
-            smtpSettings = json.load(f)
+EMAIL_USE_TLS = os.getenv('EMAIL_USE_TLS', True)
-        EMAIL_HOST = smtpSettings.get('hostSMTP', '')
+EMAIL_USE_SSL = os.getenv('EMAIL_USE_SSL', False)
-        EMAIL_PORT = smtpSettings.get('portSMTP', 587)
-        EMAIL_HOST_USER = smtpSettings.get('username', '')
-        EMAIL_HOST_PASSWORD = smtpSettings.get('password', '')
-        EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
-        EMAIL_USE_TLS = smtpSettings.get('useTLS', True)
-        EMAIL_USE_SSL = smtpSettings.get('useSSL', False)
-    except Exception as e:
-        logger.error(f"Erreur lors de la lecture du fichier de configuration SMTP : {e}")
-else:
-    logger.error(f"Fichier de configuration SMTP introuvable : {smtp_config_file}")
 
 DOCUMENT_DIR = 'documents'
 
 # Configuration CORS temporaire pour debug
-CORS_ALLOW_ALL_HEADERS = True
 CORS_ALLOW_CREDENTIALS = True
 
 # Configuration CORS spécifique pour la production
@@ -298,14 +278,19 @@ CSRF_COOKIE_NAME = 'csrftoken'
 USE_TZ = True
 TZ_APPLI = 'Europe/Paris'
 
+DB_NAME = os.getenv('DB_NAME', 'school')
+DB_USER = os.getenv('DB_USER', 'postgres')
+DB_PASSWORD = os.getenv('DB_PASSWORD', 'postgres')
+DB_HOST = os.getenv('DB_HOST', 'database')
+DB_PORT = os.getenv('DB_PORT', '5432')
 DATABASES = {
     'default': {
         'ENGINE': 'django.db.backends.postgresql',
-        "NAME": "school",
+        "NAME": DB_NAME,
-        "USER": "postgres",
+        "USER": DB_USER,
-        "PASSWORD": "postgres",
+        "PASSWORD": DB_PASSWORD,
-        "HOST": "database",
+        "HOST": DB_HOST,
-        "PORT": "5432",
+        "PORT": DB_PORT,
     }
 }
 
@@ -340,14 +325,14 @@ CELERY_RESULT_SERIALIZER = 'json'
 CELERY_TIMEZONE = 'Europe/Paris'
 CELERY_BROKER_CONNECTION_RETRY_ON_STARTUP = True
 
-URL_DJANGO = 'http://localhost:8080/'
+URL_DJANGO = os.getenv('URL_DJANGO', 'http://localhost:8080/')
 
 REDIS_HOST = 'redis'
 REDIS_PORT = 6379
 REDIS_DB = 0
 REDIS_PASSWORD = None
 
-SECRET_KEY = 'QWQ8bYlCz1NpQ9G0vR5kxMnvWszfH2y3'
+SECRET_KEY = os.getenv('SECRET_KEY', 'QWQ8bYlCz1NpQ9G0vR5kxMnvWszfH2y3')
 SIMPLE_JWT = {
     'ACCESS_TOKEN_LIFETIME': timedelta(minutes=15),
     'REFRESH_TOKEN_LIFETIME': timedelta(days=1),