1 ##############################################################################
2 # Copyright (c) 2018 Sawyer Bergeron and others.
4 # All rights reserved. This program and the accompanying materials
5 # are made available under the terms of the Apache License, Version 2.0
6 # which accompanies this distribution, and is available at
7 # http://www.apache.org/licenses/LICENSE-2.0
8 ##############################################################################
10 from datetime import timedelta
12 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
13 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
15 # SECURITY WARNING: don't run with debug turned on in production!
16 # NOTE: os.environ only returns strings, so making a comparison to
17 # 'True' here will convert it to the correct Boolean value.
18 DEBUG = os.environ['DEBUG'] == 'True'
19 TESTING = os.environ['TEST'] == 'True'
21 # Application definition
32 'django.contrib.admin',
33 'django.contrib.auth',
34 'mozilla_django_oidc', # needs to be defined after auth
35 'django.contrib.contenttypes',
36 'django.contrib.sessions',
37 'django.contrib.messages',
38 'django.contrib.staticfiles',
39 'django.contrib.humanize',
42 'rest_framework.authtoken',
46 'django.middleware.security.SecurityMiddleware',
47 'django.contrib.sessions.middleware.SessionMiddleware',
48 'django.middleware.common.CommonMiddleware',
49 'django.middleware.csrf.CsrfViewMiddleware',
50 'django.contrib.auth.middleware.AuthenticationMiddleware',
51 'django.contrib.messages.middleware.MessageMiddleware',
52 'django.middleware.clickjacking.XFrameOptionsMiddleware',
53 'account.middleware.TimezoneMiddleware',
56 if os.environ['AUTH_SETTING'] == 'LFID':
57 AUTHENTICATION_BACKENDS = ['account.views.MyOIDCAB']
59 # OpenID Authentications
60 OIDC_RP_CLIENT_ID = os.environ['OIDC_CLIENT_ID']
61 OIDC_RP_CLIENT_SECRET = os.environ['OIDC_CLIENT_SECRET']
63 OIDC_OP_AUTHORIZATION_ENDPOINT = os.environ['OIDC_AUTHORIZATION_ENDPOINT']
64 OIDC_OP_TOKEN_ENDPOINT = os.environ['OIDC_TOKEN_ENDPOINT']
65 OIDC_OP_USER_ENDPOINT = os.environ['OIDC_USER_ENDPOINT']
67 LOGIN_REDIRECT_URL = os.environ['DASHBOARD_URL']
68 LOGOUT_REDIRECT_URL = os.environ['DASHBOARD_URL']
70 OIDC_RP_SIGN_ALGO = os.environ["OIDC_RP_SIGN_ALGO"]
72 if OIDC_RP_SIGN_ALGO == "RS256":
73 OIDC_OP_JWKS_ENDPOINT = os.environ["OIDC_OP_JWKS_ENDPOINT"]
75 # This is for LFID auth setups w/ an HTTPS proxy
76 if os.environ['EXPECT_HOST_FORWARDING'] == 'True':
77 SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', "https")
78 USE_X_FORWARDED_HOST = True
80 ROOT_URLCONF = 'laas_dashboard.urls'
82 TEMPLATE_OVERRIDE = os.environ.get("TEMPLATE_OVERRIDE_DIR", "") # the user's custom template dir
83 TEMPLATE_DIRS = ["base"] # where all the base templates are
85 # If the user has a custom template directory,
86 # We should search that first. Then we search the
87 # root template directory so that we can extend the base
88 # templates within the custom template dir.
90 TEMPLATE_DIRS = [TEMPLATE_OVERRIDE, ""] + TEMPLATE_DIRS
92 # all template dirs are relative to /project_root/templates/
93 dirs = [os.path.join(BASE_DIR, "templates", d) for d in TEMPLATE_DIRS]
97 'BACKEND': 'django.template.backends.django.DjangoTemplates',
101 'context_processors': [
102 'dashboard.context_processors.debug',
103 'django.template.context_processors.debug',
104 'django.template.context_processors.request',
105 'django.contrib.auth.context_processors.auth',
106 'django.contrib.messages.context_processors.messages',
112 TEMPLATE_CONTEXT_PROCESSORS = [
113 'dashboard.context_processors.debug',
116 WSGI_APPLICATION = 'laas_dashboard.wsgi.application'
118 # Password validation
119 # https://docs.djangoproject.com/en/1.10/ref/settings/#auth-password-validators
121 AUTH_PASSWORD_VALIDATORS = [
123 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
126 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
129 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
132 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
136 # Internationalization
137 # https://docs.djangoproject.com/en/1.10/topics/i18n/
139 LANGUAGE_CODE = 'en-us'
149 # Static files (CSS, JavaScript, Images)
150 # https://docs.djangoproject.com/en/1.10/howto/static-files/
151 MEDIA_URL = '/media/'
152 STATIC_URL = '/static/'
154 # Static files (CSS, JavaScript, Images)
155 # https://docs.djangoproject.com/en/1.10/howto/static-files/
157 os.path.join(BASE_DIR, "static"),
160 LOGIN_REDIRECT_URL = '/'
162 # SECURITY WARNING: keep the secret key used in production secret!
163 SECRET_KEY = os.environ['SECRET_KEY']
166 'set_placeholder': False,
169 ALLOWED_HOSTS = ['*']
172 # https://docs.djangoproject.com/en/1.10/ref/settings/#databases
175 'ENGINE': 'django.db.backends.postgresql',
176 'NAME': os.environ['DB_NAME'],
177 'USER': os.environ['DB_USER'],
178 'PASSWORD': os.environ['DB_PASS'],
179 'HOST': os.environ['DB_SERVICE'],
180 'PORT': os.environ['DB_PORT']
186 'DEFAULT_PERMISSION_CLASSES': [
187 'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly'
189 'DEFAULT_FILTER_BACKENDS': ('django_filters.rest_framework.FilterSet',),
190 'DEFAULT_AUTHENTICATION_CLASSES': (
191 'rest_framework.authentication.SessionAuthentication',
192 'rest_framework.authentication.TokenAuthentication',
196 MEDIA_ROOT = '/media'
197 STATIC_ROOT = '/static'
200 CREATE_JIRA_TICKET = False
202 JIRA_URL = os.environ['JIRA_URL']
204 JIRA_USER_NAME = os.environ['JIRA_USER_NAME']
205 JIRA_USER_PASSWORD = os.environ['JIRA_USER_PASSWORD']
207 OAUTH_CONSUMER_KEY = os.environ['OAUTH_CONSUMER_KEY']
208 OAUTH_CONSUMER_SECRET = os.environ['OAUTH_CONSUMER_SECRET']
210 OAUTH_REQUEST_TOKEN_URL = JIRA_URL + '/plugins/servlet/oauth/request-token'
211 OAUTH_ACCESS_TOKEN_URL = JIRA_URL + '/plugins/servlet/oauth/access-token'
212 OAUTH_AUTHORIZE_URL = JIRA_URL + '/plugins/servlet/oauth/authorize'
214 OAUTH_CALLBACK_URL = os.environ['DASHBOARD_URL'] + '/accounts/authenticated'
217 CELERY_TIMEZONE = 'UTC'
219 RABBITMQ_URL = 'rabbitmq'
220 RABBITMQ_DEFAULT_USER = os.environ['RABBITMQ_DEFAULT_USER']
221 RABBITMQ_DEFAULT_PASS = os.environ['RABBITMQ_DEFAULT_PASS']
223 BROKER_URL = 'amqp://' + RABBITMQ_DEFAULT_USER + ':' + RABBITMQ_DEFAULT_PASS + '@rabbitmq:5672//'
225 CELERYBEAT_SCHEDULE = {
227 'task': 'dashboard.tasks.booking_poll',
228 'schedule': timedelta(minutes=1)
231 'task': 'dashboard.tasks.free_hosts',
232 'schedule': timedelta(minutes=1)
235 'task': 'notifier.tasks.notify_expiring',
236 'schedule': timedelta(hours=1)
239 'task': 'dashboard.tasks.query_vpn_users',
240 'schedule': timedelta(hours=1)
245 EMAIL_HOST = os.environ['EMAIL_HOST']
246 EMAIL_PORT = os.environ['EMAIL_PORT']
247 EMAIL_HOST_USER = os.environ['EMAIL_HOST_USER']
248 EMAIL_HOST_PASSWORD = os.environ['EMAIL_HOST_PASSWORD']
250 DEFAULT_EMAIL_FROM = os.environ.get('DEFAULT_EMAIL_FROM', 'webmaster@localhost')
251 SESSION_ENGINE = "django.contrib.sessions.backends.signed_cookies"
252 EXPIRE_LIFETIME = 12 # Minimum lifetime of booking to send notification
253 EXPIRE_HOURS = 48 # Notify when booking is expiring within this many hours