src/laas_dashboard/settings.py

   1 ##############################################################################
   2 # Copyright (c) 2018 Sawyer Bergeron and others.
   3 #
   4 # All rights reserved. This program and the accompanying materials
   5 # are made available under the terms of the Apache License, Version 2.0
   6 # which accompanies this distribution, and is available at
   7 # http://www.apache.org/licenses/LICENSE-2.0
   8 ##############################################################################
   9 import os
  10 from datetime import timedelta
  11
  12 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
  13 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
  14
  15 # SECURITY WARNING: don't run with debug turned on in production!
  16 # NOTE: os.environ only returns strings, so making a comparison to
  17 # 'True' here will convert it to the correct Boolean value.
  18 DEBUG = os.environ['DEBUG'] == 'True'
  19 TESTING = os.environ['TEST'] == 'True'
  20
  21 # Application definition
  22
  23 INSTALLED_APPS = [
  24     'dashboard',
  25     'resource_inventory',
  26     'booking',
  27     'account',
  28     'notifier',
  29     'workflow',
  30     'api',
  31     'analytics',
  32     'django.contrib.admin',
  33     'django.contrib.auth',
  34     'mozilla_django_oidc',  # needs to be defined after auth
  35     'django.contrib.contenttypes',
  36     'django.contrib.sessions',
  37     'django.contrib.messages',
  38     'django.contrib.staticfiles',
  39     'django.contrib.humanize',
  40     'bootstrap4',
  41     'rest_framework',
  42     'rest_framework.authtoken',
  43 ]
  44
  45 MIDDLEWARE = [
  46     'django.middleware.security.SecurityMiddleware',
  47     'django.contrib.sessions.middleware.SessionMiddleware',
  48     'django.middleware.common.CommonMiddleware',
  49     'django.middleware.csrf.CsrfViewMiddleware',
  50     'django.contrib.auth.middleware.AuthenticationMiddleware',
  51     'django.contrib.messages.middleware.MessageMiddleware',
  52     'django.middleware.clickjacking.XFrameOptionsMiddleware',
  53     'account.middleware.TimezoneMiddleware',
  54 ]
  55
  56 AUTH_SETTING = os.environ.get('AUTH_SETTING', 'JIRA')
  57
  58 if AUTH_SETTING == 'LFID':
  59     AUTHENTICATION_BACKENDS = ['account.views.MyOIDCAB']
  60
  61     # OpenID Authentications
  62     OIDC_RP_CLIENT_ID = os.environ['OIDC_CLIENT_ID']
  63     OIDC_RP_CLIENT_SECRET = os.environ['OIDC_CLIENT_SECRET']
  64
  65     OIDC_OP_AUTHORIZATION_ENDPOINT = os.environ['OIDC_AUTHORIZATION_ENDPOINT']
  66     OIDC_OP_TOKEN_ENDPOINT = os.environ['OIDC_TOKEN_ENDPOINT']
  67     OIDC_OP_USER_ENDPOINT = os.environ['OIDC_USER_ENDPOINT']
  68
  69     LOGIN_REDIRECT_URL = os.environ['DASHBOARD_URL']
  70     LOGOUT_REDIRECT_URL = os.environ['DASHBOARD_URL']
  71
  72     OIDC_RP_SIGN_ALGO = os.environ["OIDC_RP_SIGN_ALGO"]
  73
  74     if OIDC_RP_SIGN_ALGO == "RS256":
  75         OIDC_OP_JWKS_ENDPOINT = os.environ["OIDC_OP_JWKS_ENDPOINT"]
  76
  77 # This is for LFID auth setups w/ an HTTPS proxy
  78 if os.environ['EXPECT_HOST_FORWARDING'] == 'True':
  79     SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', "https")
  80     USE_X_FORWARDED_HOST = True
  81
  82 ROOT_URLCONF = 'laas_dashboard.urls'
  83
  84 TEMPLATE_OVERRIDE = os.environ.get("TEMPLATE_OVERRIDE_DIR", "")  # the user's custom template dir
  85 TEMPLATE_DIRS = ["base"]  # where all the base templates are
  86
  87 # If the user has a custom template directory,
  88 # We should search that first. Then we search the
  89 # root template directory so that we can extend the base
  90 # templates within the custom template dir.
  91 if TEMPLATE_OVERRIDE:
  92     TEMPLATE_DIRS = [TEMPLATE_OVERRIDE, ""] + TEMPLATE_DIRS
  93
  94 # all template dirs are relative to /project_root/templates/
  95 dirs = [os.path.join(BASE_DIR, "templates", d) for d in TEMPLATE_DIRS]
  96
  97 TEMPLATES = [
  98     {
  99         'BACKEND': 'django.template.backends.django.DjangoTemplates',
 100         'DIRS': dirs,
 101         'APP_DIRS': True,
 102         'OPTIONS': {
 103             'context_processors': [
 104                 'dashboard.context_processors.debug',
 105                 'django.template.context_processors.debug',
 106                 'django.template.context_processors.request',
 107                 'django.contrib.auth.context_processors.auth',
 108                 'django.contrib.messages.context_processors.messages',
 109             ],
 110         },
 111     },
 112 ]
 113
 114 TEMPLATE_CONTEXT_PROCESSORS = [
 115     'dashboard.context_processors.debug',
 116 ]
 117
 118 WSGI_APPLICATION = 'laas_dashboard.wsgi.application'
 119
 120 # Password validation
 121 # https://docs.djangoproject.com/en/1.10/ref/settings/#auth-password-validators
 122
 123 AUTH_PASSWORD_VALIDATORS = [
 124     {
 125         'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
 126     },
 127     {
 128         'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
 129     },
 130     {
 131         'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
 132     },
 133     {
 134         'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
 135     },
 136 ]
 137
 138 # Internationalization
 139 # https://docs.djangoproject.com/en/1.10/topics/i18n/
 140
 141 LANGUAGE_CODE = 'en-us'
 142
 143 TIME_ZONE = 'UTC'
 144
 145 USE_I18N = True
 146
 147 USE_L10N = True
 148
 149 USE_TZ = True
 150
 151 # Static files (CSS, JavaScript, Images)
 152 # https://docs.djangoproject.com/en/1.10/howto/static-files/
 153 MEDIA_URL = '/media/'
 154 STATIC_URL = '/static/'
 155
 156 # Static files (CSS, JavaScript, Images)
 157 # https://docs.djangoproject.com/en/1.10/howto/static-files/
 158 STATICFILES_DIRS = [
 159     os.path.join(BASE_DIR, "static"),
 160 ]
 161
 162 LOGIN_REDIRECT_URL = '/'
 163
 164 # SECURITY WARNING: keep the secret key used in production secret!
 165 SECRET_KEY = os.environ['SECRET_KEY']
 166
 167 BOOTSTRAP3 = {
 168     'set_placeholder': False,
 169 }
 170
 171 ALLOWED_HOSTS = ['*']
 172
 173 # Database
 174 # https://docs.djangoproject.com/en/1.10/ref/settings/#databases
 175 DATABASES = {
 176     'default': {
 177         'ENGINE': 'django.db.backends.postgresql',
 178         'NAME': os.environ['DB_NAME'],
 179         'USER': os.environ['DB_USER'],
 180         'PASSWORD': os.environ['DB_PASS'],
 181         'HOST': os.environ['DB_SERVICE'],
 182         'PORT': os.environ['DB_PORT']
 183     }
 184 }
 185
 186 # Rest API Settings
 187 REST_FRAMEWORK = {
 188     'DEFAULT_PERMISSION_CLASSES': [
 189         'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly'
 190     ],
 191     'DEFAULT_FILTER_BACKENDS': ('django_filters.rest_framework.FilterSet',),
 192     'DEFAULT_AUTHENTICATION_CLASSES': (
 193         'rest_framework.authentication.SessionAuthentication',
 194         'rest_framework.authentication.TokenAuthentication',
 195     )
 196 }
 197
 198 MEDIA_ROOT = '/media'
 199 STATIC_ROOT = '/static'
 200
 201 # Jira Settings
 202 CREATE_JIRA_TICKET = False
 203
 204 JIRA_URL = os.environ['JIRA_URL']
 205
 206 JIRA_USER_NAME = os.environ['JIRA_USER_NAME']
 207 JIRA_USER_PASSWORD = os.environ['JIRA_USER_PASSWORD']
 208
 209 OAUTH_CONSUMER_KEY = os.environ['OAUTH_CONSUMER_KEY']
 210 OAUTH_CONSUMER_SECRET = os.environ['OAUTH_CONSUMER_SECRET']
 211
 212 OAUTH_REQUEST_TOKEN_URL = JIRA_URL + '/plugins/servlet/oauth/request-token'
 213 OAUTH_ACCESS_TOKEN_URL = JIRA_URL + '/plugins/servlet/oauth/access-token'
 214 OAUTH_AUTHORIZE_URL = JIRA_URL + '/plugins/servlet/oauth/authorize'
 215
 216 OAUTH_CALLBACK_URL = os.environ['DASHBOARD_URL'] + '/accounts/authenticated'
 217
 218 # Celery Settings
 219 CELERY_TIMEZONE = 'UTC'
 220
 221 RABBITMQ_URL = 'rabbitmq'
 222 RABBITMQ_DEFAULT_USER = os.environ['RABBITMQ_DEFAULT_USER']
 223 RABBITMQ_DEFAULT_PASS = os.environ['RABBITMQ_DEFAULT_PASS']
 224
 225 BROKER_URL = 'amqp://' + RABBITMQ_DEFAULT_USER + ':' + RABBITMQ_DEFAULT_PASS + '@rabbitmq:5672//'
 226
 227 CELERYBEAT_SCHEDULE = {
 228     'booking_poll': {
 229         'task': 'dashboard.tasks.booking_poll',
 230         'schedule': timedelta(minutes=1)
 231     },
 232     'free_hosts': {
 233         'task': 'dashboard.tasks.free_hosts',
 234         'schedule': timedelta(minutes=1)
 235     },
 236     'notify_expiring': {
 237         'task': 'notifier.tasks.notify_expiring',
 238         'schedule': timedelta(hours=1)
 239     },
 240     'query_vpn_users': {
 241         'task': 'dashboard.tasks.query_vpn_users',
 242         'schedule': timedelta(hours=1)
 243     },
 244     'dispatch_emails': {
 245         'task': 'notifier.tasks.dispatch_emails',
 246         'schedule': timedelta(minutes=10)
 247     }
 248 }
 249
 250 # Notifier Settings
 251 EMAIL_HOST = os.environ['EMAIL_HOST']
 252 EMAIL_PORT = os.environ['EMAIL_PORT']
 253 EMAIL_HOST_USER = os.environ['EMAIL_HOST_USER']
 254 EMAIL_HOST_PASSWORD = os.environ['EMAIL_HOST_PASSWORD']
 255 EMAIL_USE_TLS = True
 256 DEFAULT_EMAIL_FROM = os.environ.get('DEFAULT_EMAIL_FROM', 'webmaster@localhost')
 257 SESSION_ENGINE = "django.contrib.sessions.backends.signed_cookies"
 258 EXPIRE_LIFETIME = 12  # Minimum lifetime of booking to send notification
 259 EXPIRE_HOURS = 48  # Notify when booking is expiring within this many hours