settings.py 7.66 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13
"""
Django settings for ipv6work project.

Generated by 'django-admin startproject' using Django 2.1.2.

For more information on this file, see
https://docs.djangoproject.com/en/2.1/topics/settings/

For the full list of settings and their values, see
https://docs.djangoproject.com/en/2.1/ref/settings/
"""

import os
14
import ldap
PCoder's avatar
PCoder committed
15
import logging
Aatish Neupane's avatar
Aatish Neupane committed
16
from decouple import config, Csv
17
from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion
18

PCoder's avatar
PCoder committed
19 20
logger = logging.getLogger(__name__)

21 22 23 24 25 26 27 28 29 30 31
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))


# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/2.1/howto/deployment/checklist/

# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = '+0t^onasc-b+_ry$!6@hpf4o79rw6m%q7dow5#ia+@nla&2@0-'

# SECURITY WARNING: don't run with debug turned on in production!
Aatish Neupane's avatar
Aatish Neupane committed
32
DEBUG = config('DEBUG', cast=bool, default=False)
33

Aatish Neupane's avatar
Aatish Neupane committed
34
ALLOWED_HOSTS = config('ALLOWED_HOSTS', cast=Csv(), default="*")
Aatish Neupane's avatar
Aatish Neupane committed
35
CSRF_TRUSTED_ORIGINS = ['.ungleich.ch']
36 37 38 39 40 41 42 43 44 45 46 47

# Application definition

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
]

48 49 50 51 52 53 54 55 56
# Libraries and other apps
INSTALLED_APPS += [
    'crispy_forms',

    # Used for autocomplete and dynamic creation of tags.
    # Ff this widget is required for admin, place these
    # before 'django.contrib.admin' app
    'dal',
    'dal_select2',
57

58 59
    # for authorization, rules are autodiscovered from rules.py in apps
    'rules.apps.AutodiscoverRulesConfig',
60 61 62
]

# Our apps
63 64
INSTALLED_APPS += [
    'jobs',
65
    'users',
66 67 68 69 70 71 72 73 74
]

MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
PCoder's avatar
PCoder committed
75
    'django.middleware.clickjacking.XFrameOptionsMiddleware'
76 77
]

78 79 80 81
IPV6_EXEMPT_URLS = [r'^$']
DISABLE_IPV4_BLOCK = config('DISABLE_IPV4_BLOCK', cast=bool, default=False)


82 83 84 85 86
ROOT_URLCONF = 'ipv6work.urls'

TEMPLATES = [
    {
        'BACKEND': 'django.template.backends.django.DjangoTemplates',
87
        'DIRS': ['templates/'],
88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107
        'APP_DIRS': True,
        'OPTIONS': {
            'context_processors': [
                'django.template.context_processors.debug',
                'django.template.context_processors.request',
                'django.contrib.auth.context_processors.auth',
                'django.contrib.messages.context_processors.messages',
            ],
        },
    },
]

WSGI_APPLICATION = 'ipv6work.wsgi.application'


# Database
# https://docs.djangoproject.com/en/2.1/ref/settings/#databases

DATABASES = {
    'default': {
Aatish Neupane's avatar
Aatish Neupane committed
108 109
        'ENGINE': config('DATABASE_BACKEND', default='django.db.backends.sqlite3'),
        'NAME': config('DATABASE_NAME', default=os.path.join(BASE_DIR, 'db.sqlite3')),
110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131
    }
}


# Password validation
# https://docs.djangoproject.com/en/2.1/ref/settings/#auth-password-validators

AUTH_PASSWORD_VALIDATORS = [
    {
        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
    },
]

132 133
AUTHENTICATION_BACKENDS = (
    'rules.permissions.ObjectPermissionBackend',
134
    'django_auth_ldap.backend.LDAPBackend',
135
)
136

137
USE_X_FORWARDED_HOST = True
138
FORCE_SCRIPT_NAME = config('FORCE_SCRIPT_NAME', '/ipv6/work/')
139 140 141 142 143 144 145 146

LOGIN_URL = 'login'
LOGOUT_URL = 'logout'
ROOT_URLCONF = 'ipv6work.urls'


LOGIN_REDIRECT_URL = FORCE_SCRIPT_NAME
LOGOUT_REDIRECT_URL = FORCE_SCRIPT_NAME
147

Aatish Neupane's avatar
Aatish Neupane committed
148 149 150 151 152
# This is necessary because when accessing from dynamicweb.ungleich.ch, 
# the browser tries to access 'favicon.ico' which resets the session as
# another Django app (dynamicweb) is running on /.
SESSION_COOKIE_NAME = 'session-ipv6-work'

153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169
# Internationalization
# https://docs.djangoproject.com/en/2.1/topics/i18n/

LANGUAGE_CODE = 'en-us'

TIME_ZONE = 'UTC'

USE_I18N = True

USE_L10N = True

USE_TZ = True


# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/2.1/howto/static-files/

Aatish Neupane's avatar
Aatish Neupane committed
170

171
STATIC_URL = FORCE_SCRIPT_NAME + 'static/'
Aatish Neupane's avatar
Aatish Neupane committed
172

Aatish Neupane's avatar
Aatish Neupane committed
173
STATIC_ROOT = os.path.join(BASE_DIR, 'static/')
174

Aatish Neupane's avatar
Aatish Neupane committed
175
MEDIA_ROOT = os.path.join(BASE_DIR, 'media/')
176
MEDIA_URL = FORCE_SCRIPT_NAME + 'media/'
177 178

CRISPY_TEMPLATE_PACK = 'bootstrap4'
179 180 181 182 183


AUTH_LDAP_SERVER_URI = config('AUTH_LDAP_SERVER_URI')
AUTH_LDAP_BIND_DN = config('AUTH_LDAP_BIND_DN')
AUTH_LDAP_BIND_PASSWORD = config('AUTH_LDAP_BIND_PASSWORD')
184 185 186 187 188 189 190
AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(
    LDAPSearch("ou=users,dc=ungleich,dc=ch",
               ldap.SCOPE_SUBTREE, "(uid=%(user)s)"),
    LDAPSearch("ou=customers,dc=ungleich,dc=ch",
               ldap.SCOPE_SUBTREE, "(uid=%(user)s)"),
)

191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211
AUTH_LDAP_USER_ATTR_MAP = {
    'first_name': 'givenName',
    'last_name': 'sn',
    'email': 'mail',
}
AUTH_LDAP_ALWAYS_UPDATE_USER = True
LOGGING = {
    'disable_existing_loggers': False,
    'version': 1,
    'handlers': {
        'console': {
            'class': 'logging.StreamHandler',
        },
    },
    'loggers': {
        'django_auth_ldap': {
            'level': 'DEBUG',
            'handlers': ['console'],
        },
    },
}
212

PCoder's avatar
PCoder committed
213 214 215 216 217 218 219 220 221 222
LDAP_SEARCH_BASE=config(
    'LDAP_SEARCH_BASE',
    default='ou=users,dc=ungleich,dc=ch'
)

LDAP_MAX_UID_PATH = os.path.join(
    os.path.abspath(os.path.dirname(__file__)),
    'ldap_max_uid_file'
)

223
LDAP_IPV6_WORK_USER_GROUP = config('LDAP_IPV6_WORK_USER_GROUP', cast=int)
PCoder's avatar
PCoder committed
224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250


def set_max_uid(max_uid):
    """
    a utility function to save max_uid value to a file

    :param max_uid: an integer representing the max uid
    :return:
    """
    with open(LDAP_MAX_UID_PATH, 'w+') as handler:
        handler.write(max_uid)


def get_max_uid():
    """
    A utility function to read the max uid value that was previously set

    :return: An integer representing the max uid value that was previously set
    """
    try:
        with open(LDAP_MAX_UID_PATH, 'r+') as handler:
            return int(handler.read())
    except FileNotFoundError as fnfe:
        logger.error("File not found : " + str(fnfe))
        ret = config('DEFAULT_START_UID', cast=int, default=10000)
        logger.error("So, returing UID={}".format(ret))

251
if config('ENABLE_DEBUG_LOG', cast=bool, default=False):
252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280
    loggers_dict = {}
    LOGGING['handlers']['file'] = {
        'level': 'DEBUG',
        'class': 'logging.FileHandler',
        'filename': os.path.join(BASE_DIR, 'debug.log'),
    }

    MODULES_TO_LOG = config('MODULES_TO_LOG', 'django')
    LOGGING['handlers']['file'] = {
        'level': 'DEBUG',
        'class': 'logging.FileHandler',
        'filename': os.path.join(BASE_DIR, 'debug.log'),
    }

    if MODULES_TO_LOG is None:
        # set MODULES_TO_LOG to django, if it is not set
        MODULES_TO_LOG = 'django'
    modules_to_log_list = MODULES_TO_LOG.split(',')
    for custom_module in modules_to_log_list:
        logger_item = {
            custom_module: {
                'handlers': ['file'],
                'level': 'DEBUG',
                'propagate': True
            }
        }
        loggers_dict.update(logger_item)

    LOGGING['loggers'] = loggers_dict
PCoder's avatar
PCoder committed
281 282 283 284 285 286

    if 'ldap3' in modules_to_log_list:
        from ldap3.utils.log import (
            set_library_log_detail_level, OFF, BASIC, NETWORK, EXTENDED
        )
        set_library_log_detail_level(BASIC)