src/laas_dashboard/settings.py

   1 ##############################################################################
   2 # Copyright (c) 2018 Sawyer Bergeron and others.
   3 #
   4 # All rights reserved. This program and the accompanying materials
   5 # are made available under the terms of the Apache License, Version 2.0
   6 # which accompanies this distribution, and is available at
   7 # http://www.apache.org/licenses/LICENSE-2.0
   8 ##############################################################################
   9 import os
  10 from datetime import timedelta
  11
  12 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
  13 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
  14
  15 # SECURITY WARNING: don't run with debug turned on in production!
  16 # NOTE: os.environ only returns strings, so making a comparison to
  17 # 'True' here will convert it to the correct Boolean value.
  18 DEBUG = os.environ.get('DEBUG') == 'True'
  19 TESTING = os.environ.get('TEST') == 'True'
  20
  21 # Application definition
  22
  23 INSTALLED_APPS = [
  24     'dashboard',
  25     'resource_inventory',
  26     'booking',
  27     'account',
  28     'notifier',
  29     'workflow',
  30     'api',
  31     'analytics',
  32     'django.contrib.admin',
  33     'django.contrib.auth',
  34     'mozilla_django_oidc',  # needs to be defined after auth
  35     'django.contrib.contenttypes',
  36     'django.contrib.sessions',
  37     'django.contrib.messages',
  38     'django.contrib.staticfiles',
  39     'django.contrib.humanize',
  40     'bootstrap4',
  41     'rest_framework',
  42     'rest_framework.authtoken',
  43 ]
  44
  45 MIDDLEWARE = [
  46     'django.middleware.security.SecurityMiddleware',
  47     'django.contrib.sessions.middleware.SessionMiddleware',
  48     'django.middleware.common.CommonMiddleware',
  49     'django.middleware.csrf.CsrfViewMiddleware',
  50     'django.contrib.auth.middleware.AuthenticationMiddleware',
  51     'django.contrib.messages.middleware.MessageMiddleware',
  52     'django.middleware.clickjacking.XFrameOptionsMiddleware',
  53     'account.middleware.TimezoneMiddleware',
  54 ]
  55
  56
  57 # AUTHENTICATION_BACKENDS = ['django.contrib.auth.backends.ModelBackend', 'account.views.MyOIDCAB']
  58 AUTHENTICATION_BACKENDS = ['django.contrib.auth.backends.ModelBackend']
  59
  60 AUTH_SETTING = os.environ.get('AUTH_SETTING')
  61
  62 if AUTH_SETTING == 'LFID':
  63     # OpenID Authentications
  64     AUTHENTICATION_BACKENDS.append('account.views.MyOIDCAB')
  65     OIDC_RP_CLIENT_ID = os.environ.get('OIDC_CLIENT_ID')
  66     OIDC_RP_CLIENT_SECRET = os.environ.get('OIDC_CLIENT_SECRET')
  67
  68     OIDC_OP_AUTHORIZATION_ENDPOINT = os.environ.get('OIDC_AUTHORIZATION_ENDPOINT')
  69     OIDC_OP_TOKEN_ENDPOINT = os.environ.get('OIDC_TOKEN_ENDPOINT')
  70     OIDC_OP_USER_ENDPOINT = os.environ.get('OIDC_USER_ENDPOINT')
  71
  72     LOGIN_REDIRECT_URL = os.environ.get('DASHBOARD_URL')
  73     LOGOUT_REDIRECT_URL = os.environ.get('DASHBOARD_URL')
  74
  75     OIDC_RP_SIGN_ALGO = os.environ.get("OIDC_RP_SIGN_ALGO")
  76
  77     if OIDC_RP_SIGN_ALGO == "RS256":
  78         OIDC_OP_JWKS_ENDPOINT = os.environ.get("OIDC_OP_JWKS_ENDPOINT")
  79 else:
  80     raise Exception('AUTH_SETTING set to invalid value')
  81
  82 # This is for LFID auth setups w/ an HTTPS proxy
  83 if os.environ.get('EXPECT_HOST_FORWARDING') == 'True':
  84     SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', "https")
  85     USE_X_FORWARDED_HOST = True
  86
  87 ROOT_URLCONF = 'laas_dashboard.urls'
  88
  89 TEMPLATE_OVERRIDE = os.environ.get("TEMPLATE_OVERRIDE_DIR", "")  # the user's custom template dir
  90 TEMPLATE_DIRS = ["base"]  # where all the base templates are
  91
  92 # If the user has a custom template directory,
  93 # We should search that first. Then we search the
  94 # root template directory so that we can extend the base
  95 # templates within the custom template dir.
  96 if TEMPLATE_OVERRIDE:
  97     TEMPLATE_DIRS = [TEMPLATE_OVERRIDE, ""] + TEMPLATE_DIRS
  98
  99 # all template dirs are relative to /project_root/templates/
 100 dirs = [os.path.join(BASE_DIR, "templates", d) for d in TEMPLATE_DIRS]
 101
 102 TEMPLATES = [
 103     {
 104         'BACKEND': 'django.template.backends.django.DjangoTemplates',
 105         'DIRS': dirs,
 106         'APP_DIRS': True,
 107         'OPTIONS': {
 108             'context_processors': [
 109                 'dashboard.context_processors.debug',
 110                 'django.template.context_processors.debug',
 111                 'django.template.context_processors.request',
 112                 'django.contrib.auth.context_processors.auth',
 113                 'django.contrib.messages.context_processors.messages',
 114             ],
 115         },
 116     },
 117 ]
 118
 119 TEMPLATE_CONTEXT_PROCESSORS = [
 120     'dashboard.context_processors.debug',
 121 ]
 122
 123 WSGI_APPLICATION = 'laas_dashboard.wsgi.application'
 124
 125 # Password validation
 126 # https://docs.djangoproject.com/en/1.10/ref/settings/#auth-password-validators
 127
 128 AUTH_PASSWORD_VALIDATORS = [
 129     {
 130         'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
 131     },
 132     {
 133         'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
 134     },
 135     {
 136         'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
 137     },
 138     {
 139         'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
 140     },
 141 ]
 142
 143 # Internationalization
 144 # https://docs.djangoproject.com/en/1.10/topics/i18n/
 145
 146 LANGUAGE_CODE = 'en-us'
 147
 148 TIME_ZONE = 'UTC'
 149
 150 USE_I18N = True
 151
 152 USE_L10N = True
 153
 154 USE_TZ = True
 155
 156 # Static files (CSS, JavaScript, Images)
 157 # https://docs.djangoproject.com/en/1.10/howto/static-files/
 158 MEDIA_URL = '/media/'
 159 STATIC_URL = '/static/'
 160
 161 # Static files (CSS, JavaScript, Images)
 162 # https://docs.djangoproject.com/en/1.10/howto/static-files/
 163 STATICFILES_DIRS = [
 164     os.path.join(BASE_DIR, "static"),
 165 ]
 166
 167 LOGIN_REDIRECT_URL = '/'
 168
 169 # SECURITY WARNING: keep the secret key used in production secret!
 170 SECRET_KEY = os.environ.get('SECRET_KEY')
 171
 172 BOOTSTRAP3 = {
 173     'set_placeholder': False,
 174 }
 175
 176 ALLOWED_HOSTS = ['*']
 177
 178 # Database
 179 # https://docs.djangoproject.com/en/1.10/ref/settings/#databases
 180 DATABASES = {
 181     'default': {
 182         'ENGINE': 'django.db.backends.postgresql',
 183         'NAME': os.environ.get('DB_NAME'),
 184         'USER': os.environ.get('DB_USER'),
 185         'PASSWORD': os.environ.get('DB_PASS'),
 186         'HOST': os.environ.get('DB_SERVICE'),
 187         'PORT': os.environ.get('DB_PORT')
 188     }
 189 }
 190
 191 # Rest API Settings
 192 REST_FRAMEWORK = {
 193     'DEFAULT_PERMISSION_CLASSES': [
 194         'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly'
 195     ],
 196     'DEFAULT_FILTER_BACKENDS': ('django_filters.rest_framework.FilterSet',),
 197     'DEFAULT_AUTHENTICATION_CLASSES': (
 198         'rest_framework.authentication.SessionAuthentication',
 199         'rest_framework.authentication.TokenAuthentication',
 200     )
 201 }
 202
 203 MEDIA_ROOT = '/media'
 204 STATIC_ROOT = '/static'
 205
 206 OAUTH_CONSUMER_KEY = os.environ.get('OAUTH_CONSUMER_KEY')
 207 OAUTH_CONSUMER_SECRET = os.environ.get('OAUTH_CONSUMER_SECRET')
 208
 209 OAUTH_CALLBACK_URL = os.environ.get('DASHBOARD_URL') + '/accounts/authenticated'
 210
 211 # Celery Settings
 212 CELERY_TIMEZONE = 'UTC'
 213
 214 RABBITMQ_URL = 'rabbitmq'
 215 # RABBITMQ_DEFAULT_USER = os.environ['DEFAULT_USER']
 216 # RABBITMQ_DEFAULT_PASS = os.environ['DEFAULT_PASS']
 217 RABBITMQ_DEFAULT_USER = os.environ['RABBITMQ_DEFAULT_USER']
 218 RABBITMQ_DEFAULT_PASS = os.environ['RABBITMQ_DEFAULT_PASS']
 219
 220 CELERY_BROKER_URL = 'amqp://' + RABBITMQ_DEFAULT_USER + ':' + RABBITMQ_DEFAULT_PASS + '@rabbitmq:5672//'
 221
 222 CELERY_BEAT_SCHEDULE = {
 223     'booking_poll': {
 224         'task': 'dashboard.tasks.booking_poll',
 225         'schedule': timedelta(minutes=1)
 226     },
 227     'free_hosts': {
 228         'task': 'dashboard.tasks.free_hosts',
 229         'schedule': timedelta(minutes=1)
 230     },
 231     'notify_expiring': {
 232         'task': 'notifier.tasks.notify_expiring',
 233         'schedule': timedelta(hours=1)
 234     },
 235     'query_vpn_users': {
 236         'task': 'dashboard.tasks.query_vpn_users',
 237         'schedule': timedelta(hours=1)
 238     },
 239     'dispatch_emails': {
 240         'task': 'notifier.tasks.dispatch_emails',
 241         'schedule': timedelta(minutes=10)
 242     }
 243 }
 244
 245 # Notifier Settings
 246 EMAIL_HOST = os.environ.get('EMAIL_HOST')
 247 EMAIL_PORT = os.environ.get('EMAIL_PORT')
 248 EMAIL_HOST_USER = os.environ.get('EMAIL_HOST_USER')
 249 EMAIL_HOST_PASSWORD = os.environ.get('EMAIL_HOST_PASSWORD')
 250 EMAIL_USE_TLS = True
 251 DEFAULT_EMAIL_FROM = os.environ.get('DEFAULT_EMAIL_FROM', 'webmaster@localhost')
 252 SESSION_ENGINE = "django.contrib.sessions.backends.signed_cookies"
 253 EXPIRE_LIFETIME = 12  # Minimum lifetime of booking to send notification
 254 EXPIRE_HOURS = 48  # Notify when booking is expiring within this many hours