src/laas_dashboard/settings.py

   1 ##############################################################################
   2 # Copyright (c) 2018 Sawyer Bergeron and others.
   3 #
   4 # All rights reserved. This program and the accompanying materials
   5 # are made available under the terms of the Apache License, Version 2.0
   6 # which accompanies this distribution, and is available at
   7 # http://www.apache.org/licenses/LICENSE-2.0
   8 ##############################################################################
   9 import os
  10 from datetime import timedelta
  11
  12 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
  13 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
  14
  15 # SECURITY WARNING: don't run with debug turned on in production!
  16 # NOTE: os.environ only returns strings, so making a comparison to
  17 # 'True' here will convert it to the correct Boolean value.
  18 DEBUG = os.environ['DEBUG'] == 'True'
  19 TESTING = os.environ['TEST'] == 'True'
  20
  21 # Application definition
  22
  23 INSTALLED_APPS = [
  24     'dashboard',
  25     'resource_inventory',
  26     'booking',
  27     'account',
  28     'notifier',
  29     'workflow',
  30     'api',
  31     'analytics',
  32     'django.contrib.admin',
  33     'django.contrib.auth',
  34     'mozilla_django_oidc',  # needs to be defined after auth
  35     'django.contrib.contenttypes',
  36     'django.contrib.sessions',
  37     'django.contrib.messages',
  38     'django.contrib.staticfiles',
  39     'django.contrib.humanize',
  40     'bootstrap4',
  41     'rest_framework',
  42     'rest_framework.authtoken',
  43 ]
  44
  45 MIDDLEWARE = [
  46     'django.middleware.security.SecurityMiddleware',
  47     'django.contrib.sessions.middleware.SessionMiddleware',
  48     'django.middleware.common.CommonMiddleware',
  49     'django.middleware.csrf.CsrfViewMiddleware',
  50     'django.contrib.auth.middleware.AuthenticationMiddleware',
  51     'django.contrib.messages.middleware.MessageMiddleware',
  52     'django.middleware.clickjacking.XFrameOptionsMiddleware',
  53     'account.middleware.TimezoneMiddleware',
  54 ]
  55
  56 if os.environ['AUTH_SETTING'] == 'LFID':
  57     AUTHENTICATION_BACKENDS = ['account.views.MyOIDCAB']
  58
  59     # OpenID Authentications
  60     OIDC_RP_CLIENT_ID = os.environ['OIDC_CLIENT_ID']
  61     OIDC_RP_CLIENT_SECRET = os.environ['OIDC_CLIENT_SECRET']
  62
  63     OIDC_OP_AUTHORIZATION_ENDPOINT = os.environ['OIDC_AUTHORIZATION_ENDPOINT']
  64     OIDC_OP_TOKEN_ENDPOINT = os.environ['OIDC_TOKEN_ENDPOINT']
  65     OIDC_OP_USER_ENDPOINT = os.environ['OIDC_USER_ENDPOINT']
  66
  67     LOGIN_REDIRECT_URL = os.environ['DASHBOARD_URL']
  68     LOGOUT_REDIRECT_URL = os.environ['DASHBOARD_URL']
  69
  70     OIDC_RP_SIGN_ALGO = os.environ["OIDC_RP_SIGN_ALGO"]
  71
  72     if OIDC_RP_SIGN_ALGO == "RS256":
  73         OIDC_OP_JWKS_ENDPOINT = os.environ["OIDC_OP_JWKS_ENDPOINT"]
  74
  75 # This is for LFID auth setups w/ an HTTPS proxy
  76 if os.environ['EXPECT_HOST_FORWARDING'] == 'True':
  77     SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', "https")
  78     USE_X_FORWARDED_HOST = True
  79
  80 ROOT_URLCONF = 'laas_dashboard.urls'
  81
  82 TEMPLATE_OVERRIDE = os.environ.get("TEMPLATE_OVERRIDE_DIR", "")  # the user's custom template dir
  83 TEMPLATE_DIRS = ["base"]  # where all the base templates are
  84
  85 # If the user has a custom template directory,
  86 # We should search that first. Then we search the
  87 # root template directory so that we can extend the base
  88 # templates within the custom template dir.
  89 if TEMPLATE_OVERRIDE:
  90     TEMPLATE_DIRS = [TEMPLATE_OVERRIDE, ""] + TEMPLATE_DIRS
  91
  92 # all template dirs are relative to /project_root/templates/
  93 dirs = [os.path.join(BASE_DIR, "templates", d) for d in TEMPLATE_DIRS]
  94
  95 TEMPLATES = [
  96     {
  97         'BACKEND': 'django.template.backends.django.DjangoTemplates',
  98         'DIRS': dirs,
  99         'APP_DIRS': True,
 100         'OPTIONS': {
 101             'context_processors': [
 102                 'dashboard.context_processors.debug',
 103                 'django.template.context_processors.debug',
 104                 'django.template.context_processors.request',
 105                 'django.contrib.auth.context_processors.auth',
 106                 'django.contrib.messages.context_processors.messages',
 107             ],
 108         },
 109     },
 110 ]
 111
 112 TEMPLATE_CONTEXT_PROCESSORS = [
 113     'dashboard.context_processors.debug',
 114 ]
 115
 116 WSGI_APPLICATION = 'laas_dashboard.wsgi.application'
 117
 118 # Password validation
 119 # https://docs.djangoproject.com/en/1.10/ref/settings/#auth-password-validators
 120
 121 AUTH_PASSWORD_VALIDATORS = [
 122     {
 123         'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
 124     },
 125     {
 126         'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
 127     },
 128     {
 129         'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
 130     },
 131     {
 132         'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
 133     },
 134 ]
 135
 136 # Internationalization
 137 # https://docs.djangoproject.com/en/1.10/topics/i18n/
 138
 139 LANGUAGE_CODE = 'en-us'
 140
 141 TIME_ZONE = 'UTC'
 142
 143 USE_I18N = True
 144
 145 USE_L10N = True
 146
 147 USE_TZ = True
 148
 149 # Static files (CSS, JavaScript, Images)
 150 # https://docs.djangoproject.com/en/1.10/howto/static-files/
 151 MEDIA_URL = '/media/'
 152 STATIC_URL = '/static/'
 153
 154 # Static files (CSS, JavaScript, Images)
 155 # https://docs.djangoproject.com/en/1.10/howto/static-files/
 156 STATICFILES_DIRS = [
 157     os.path.join(BASE_DIR, "static"),
 158 ]
 159
 160 LOGIN_REDIRECT_URL = '/'
 161
 162 # SECURITY WARNING: keep the secret key used in production secret!
 163 SECRET_KEY = os.environ['SECRET_KEY']
 164
 165 BOOTSTRAP3 = {
 166     'set_placeholder': False,
 167 }
 168
 169 ALLOWED_HOSTS = ['*']
 170
 171 # Database
 172 # https://docs.djangoproject.com/en/1.10/ref/settings/#databases
 173 DATABASES = {
 174     'default': {
 175         'ENGINE': 'django.db.backends.postgresql',
 176         'NAME': os.environ['DB_NAME'],
 177         'USER': os.environ['DB_USER'],
 178         'PASSWORD': os.environ['DB_PASS'],
 179         'HOST': os.environ['DB_SERVICE'],
 180         'PORT': os.environ['DB_PORT']
 181     }
 182 }
 183
 184 # Rest API Settings
 185 REST_FRAMEWORK = {
 186     'DEFAULT_PERMISSION_CLASSES': [
 187         'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly'
 188     ],
 189     'DEFAULT_FILTER_BACKENDS': ('django_filters.rest_framework.FilterSet',),
 190     'DEFAULT_AUTHENTICATION_CLASSES': (
 191         'rest_framework.authentication.SessionAuthentication',
 192         'rest_framework.authentication.TokenAuthentication',
 193     )
 194 }
 195
 196 MEDIA_ROOT = '/media'
 197 STATIC_ROOT = '/static'
 198
 199 # Jira Settings
 200 CREATE_JIRA_TICKET = False
 201
 202 JIRA_URL = os.environ['JIRA_URL']
 203
 204 JIRA_USER_NAME = os.environ['JIRA_USER_NAME']
 205 JIRA_USER_PASSWORD = os.environ['JIRA_USER_PASSWORD']
 206
 207 OAUTH_CONSUMER_KEY = os.environ['OAUTH_CONSUMER_KEY']
 208 OAUTH_CONSUMER_SECRET = os.environ['OAUTH_CONSUMER_SECRET']
 209
 210 OAUTH_REQUEST_TOKEN_URL = JIRA_URL + '/plugins/servlet/oauth/request-token'
 211 OAUTH_ACCESS_TOKEN_URL = JIRA_URL + '/plugins/servlet/oauth/access-token'
 212 OAUTH_AUTHORIZE_URL = JIRA_URL + '/plugins/servlet/oauth/authorize'
 213
 214 OAUTH_CALLBACK_URL = os.environ['DASHBOARD_URL'] + '/accounts/authenticated'
 215
 216 # Celery Settings
 217 CELERY_TIMEZONE = 'UTC'
 218
 219 RABBITMQ_URL = 'rabbitmq'
 220 RABBITMQ_DEFAULT_USER = os.environ['RABBITMQ_DEFAULT_USER']
 221 RABBITMQ_DEFAULT_PASS = os.environ['RABBITMQ_DEFAULT_PASS']
 222
 223 BROKER_URL = 'amqp://' + RABBITMQ_DEFAULT_USER + ':' + RABBITMQ_DEFAULT_PASS + '@rabbitmq:5672//'
 224
 225 CELERYBEAT_SCHEDULE = {
 226     'booking_poll': {
 227         'task': 'dashboard.tasks.booking_poll',
 228         'schedule': timedelta(minutes=1)
 229     },
 230     'free_hosts': {
 231         'task': 'dashboard.tasks.free_hosts',
 232         'schedule': timedelta(minutes=1)
 233     },
 234     'notify_expiring': {
 235         'task': 'notifier.tasks.notify_expiring',
 236         'schedule': timedelta(hours=1)
 237     },
 238     'query_vpn_users': {
 239         'task': 'dashboard.tasks.query_vpn_users',
 240         'schedule': timedelta(hours=1)
 241     }
 242 }
 243
 244 # Notifier Settings
 245 EMAIL_HOST = os.environ['EMAIL_HOST']
 246 EMAIL_PORT = os.environ['EMAIL_PORT']
 247 EMAIL_HOST_USER = os.environ['EMAIL_HOST_USER']
 248 EMAIL_HOST_PASSWORD = os.environ['EMAIL_HOST_PASSWORD']
 249 EMAIL_USE_TLS = True
 250 DEFAULT_EMAIL_FROM = os.environ.get('DEFAULT_EMAIL_FROM', 'webmaster@localhost')
 251 SESSION_ENGINE = "django.contrib.sessions.backends.signed_cookies"
 252 EXPIRE_LIFETIME = 12  # Minimum lifetime of booking to send notification
 253 EXPIRE_HOURS = 48  # Notify when booking is expiring within this many hours