1 ##############################################################################
2 # Copyright (c) 2018 Sawyer Bergeron and others.
4 # All rights reserved. This program and the accompanying materials
5 # are made available under the terms of the Apache License, Version 2.0
6 # which accompanies this distribution, and is available at
7 # http://www.apache.org/licenses/LICENSE-2.0
8 ##############################################################################
10 from datetime import timedelta
12 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
13 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
15 # SECURITY WARNING: don't run with debug turned on in production!
16 # NOTE: os.environ only returns strings, so making a comparison to
17 # 'True' here will convert it to the correct Boolean value.
18 DEBUG = os.environ.get('DEBUG') == 'True'
19 TESTING = os.environ.get('TEST') == 'True'
21 # Application definition
32 'django.contrib.admin',
33 'django.contrib.auth',
34 'mozilla_django_oidc', # needs to be defined after auth
35 'django.contrib.contenttypes',
36 'django.contrib.sessions',
37 'django.contrib.messages',
38 'django.contrib.staticfiles',
39 'django.contrib.humanize',
42 'rest_framework.authtoken',
46 'django.middleware.security.SecurityMiddleware',
47 'django.contrib.sessions.middleware.SessionMiddleware',
48 'django.middleware.common.CommonMiddleware',
49 'django.middleware.csrf.CsrfViewMiddleware',
50 'django.contrib.auth.middleware.AuthenticationMiddleware',
51 'django.contrib.messages.middleware.MessageMiddleware',
52 'django.middleware.clickjacking.XFrameOptionsMiddleware',
53 'account.middleware.TimezoneMiddleware',
57 # AUTHENTICATION_BACKENDS = ['django.contrib.auth.backends.ModelBackend', 'account.views.MyOIDCAB']
58 AUTHENTICATION_BACKENDS = ['django.contrib.auth.backends.ModelBackend']
60 AUTH_SETTING = os.environ.get('AUTH_SETTING')
62 if AUTH_SETTING == 'LFID':
63 # OpenID Authentications
64 AUTHENTICATION_BACKENDS.append('account.views.MyOIDCAB')
65 OIDC_RP_CLIENT_ID = os.environ.get('OIDC_CLIENT_ID')
66 OIDC_RP_CLIENT_SECRET = os.environ.get('OIDC_CLIENT_SECRET')
68 OIDC_OP_AUTHORIZATION_ENDPOINT = os.environ.get('OIDC_AUTHORIZATION_ENDPOINT')
69 OIDC_OP_TOKEN_ENDPOINT = os.environ.get('OIDC_TOKEN_ENDPOINT')
70 OIDC_OP_USER_ENDPOINT = os.environ.get('OIDC_USER_ENDPOINT')
72 LOGIN_REDIRECT_URL = os.environ.get('DASHBOARD_URL')
73 LOGOUT_REDIRECT_URL = os.environ.get('DASHBOARD_URL')
75 OIDC_RP_SIGN_ALGO = os.environ.get("OIDC_RP_SIGN_ALGO")
77 if OIDC_RP_SIGN_ALGO == "RS256":
78 OIDC_OP_JWKS_ENDPOINT = os.environ.get("OIDC_OP_JWKS_ENDPOINT")
80 raise Exception('AUTH_SETTING set to invalid value')
82 # This is for LFID auth setups w/ an HTTPS proxy
83 if os.environ.get('EXPECT_HOST_FORWARDING') == 'True':
84 SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', "https")
85 USE_X_FORWARDED_HOST = True
87 ROOT_URLCONF = 'laas_dashboard.urls'
89 TEMPLATE_OVERRIDE = os.environ.get("TEMPLATE_OVERRIDE_DIR", "") # the user's custom template dir
90 TEMPLATE_DIRS = ["base"] # where all the base templates are
92 # If the user has a custom template directory,
93 # We should search that first. Then we search the
94 # root template directory so that we can extend the base
95 # templates within the custom template dir.
97 TEMPLATE_DIRS = [TEMPLATE_OVERRIDE, ""] + TEMPLATE_DIRS
99 # all template dirs are relative to /project_root/templates/
100 dirs = [os.path.join(BASE_DIR, "templates", d) for d in TEMPLATE_DIRS]
104 'BACKEND': 'django.template.backends.django.DjangoTemplates',
108 'context_processors': [
109 'dashboard.context_processors.debug',
110 'django.template.context_processors.debug',
111 'django.template.context_processors.request',
112 'django.contrib.auth.context_processors.auth',
113 'django.contrib.messages.context_processors.messages',
119 TEMPLATE_CONTEXT_PROCESSORS = [
120 'dashboard.context_processors.debug',
123 WSGI_APPLICATION = 'laas_dashboard.wsgi.application'
125 # Password validation
126 # https://docs.djangoproject.com/en/1.10/ref/settings/#auth-password-validators
128 AUTH_PASSWORD_VALIDATORS = [
130 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
133 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
136 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
139 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
143 # Internationalization
144 # https://docs.djangoproject.com/en/1.10/topics/i18n/
146 LANGUAGE_CODE = 'en-us'
156 # Static files (CSS, JavaScript, Images)
157 # https://docs.djangoproject.com/en/1.10/howto/static-files/
158 MEDIA_URL = '/media/'
159 STATIC_URL = '/static/'
161 # Static files (CSS, JavaScript, Images)
162 # https://docs.djangoproject.com/en/1.10/howto/static-files/
164 os.path.join(BASE_DIR, "static"),
167 LOGIN_REDIRECT_URL = '/'
169 # SECURITY WARNING: keep the secret key used in production secret!
170 SECRET_KEY = os.environ.get('SECRET_KEY')
173 'set_placeholder': False,
176 ALLOWED_HOSTS = ['*']
179 # https://docs.djangoproject.com/en/1.10/ref/settings/#databases
182 'ENGINE': 'django.db.backends.postgresql',
183 'NAME': os.environ.get('DB_NAME'),
184 'USER': os.environ.get('DB_USER'),
185 'PASSWORD': os.environ.get('DB_PASS'),
186 'HOST': os.environ.get('DB_SERVICE'),
187 'PORT': os.environ.get('DB_PORT')
193 'DEFAULT_PERMISSION_CLASSES': [
194 'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly'
196 'DEFAULT_FILTER_BACKENDS': ('django_filters.rest_framework.FilterSet',),
197 'DEFAULT_AUTHENTICATION_CLASSES': (
198 'rest_framework.authentication.SessionAuthentication',
199 'rest_framework.authentication.TokenAuthentication',
203 MEDIA_ROOT = '/media'
204 STATIC_ROOT = '/static'
206 OAUTH_CONSUMER_KEY = os.environ.get('OAUTH_CONSUMER_KEY')
207 OAUTH_CONSUMER_SECRET = os.environ.get('OAUTH_CONSUMER_SECRET')
209 OAUTH_CALLBACK_URL = os.environ.get('DASHBOARD_URL') + '/accounts/authenticated'
212 CELERY_TIMEZONE = 'UTC'
214 RABBITMQ_URL = 'rabbitmq'
215 # RABBITMQ_DEFAULT_USER = os.environ['DEFAULT_USER']
216 # RABBITMQ_DEFAULT_PASS = os.environ['DEFAULT_PASS']
217 RABBITMQ_DEFAULT_USER = os.environ['RABBITMQ_DEFAULT_USER']
218 RABBITMQ_DEFAULT_PASS = os.environ['RABBITMQ_DEFAULT_PASS']
220 CELERY_BROKER_URL = 'amqp://' + RABBITMQ_DEFAULT_USER + ':' + RABBITMQ_DEFAULT_PASS + '@rabbitmq:5672//'
222 CELERY_BEAT_SCHEDULE = {
224 'task': 'dashboard.tasks.booking_poll',
225 'schedule': timedelta(minutes=1)
228 'task': 'dashboard.tasks.free_hosts',
229 'schedule': timedelta(minutes=1)
232 'task': 'notifier.tasks.notify_expiring',
233 'schedule': timedelta(hours=1)
236 'task': 'dashboard.tasks.query_vpn_users',
237 'schedule': timedelta(hours=1)
240 'task': 'notifier.tasks.dispatch_emails',
241 'schedule': timedelta(minutes=10)
246 EMAIL_HOST = os.environ.get('EMAIL_HOST')
247 EMAIL_PORT = os.environ.get('EMAIL_PORT')
248 EMAIL_HOST_USER = os.environ.get('EMAIL_HOST_USER')
249 EMAIL_HOST_PASSWORD = os.environ.get('EMAIL_HOST_PASSWORD')
251 DEFAULT_EMAIL_FROM = os.environ.get('DEFAULT_EMAIL_FROM', 'webmaster@localhost')
252 SESSION_ENGINE = "django.contrib.sessions.backends.signed_cookies"
253 EXPIRE_LIFETIME = 12 # Minimum lifetime of booking to send notification
254 EXPIRE_HOURS = 48 # Notify when booking is expiring within this many hours