From 0f0946b17ff29edbf0c6a1d7624b1a9626e5987d Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Sat, 26 Jan 2019 13:54:20 +0100 Subject: [PATCH] Cleanup --- dal/dal/env.sample | 8 ++ dal/dal/settings.py | 176 ++++++++------------------------------------ requirements.txt | 3 +- 3 files changed, 38 insertions(+), 149 deletions(-) create mode 100644 dal/dal/env.sample diff --git a/dal/dal/env.sample b/dal/dal/env.sample new file mode 100644 index 0000000..83a33cb --- /dev/null +++ b/dal/dal/env.sample @@ -0,0 +1,8 @@ +# Create .env to be loaded automatically + +LDAPSERVER="ldap://ldap1.ungleich.ch ldap://ldap2.ungleich.ch" +LDAPSEARCHUSER="user here" +LDAPSEARCHUSERPASSWORD="password here" + +# Space separated list of search bases for users +LDAPSEARCH="ou=users,dc=ungleich,dc=ch ou=customers,dc=ungleich,dc=ch" diff --git a/dal/dal/settings.py b/dal/dal/settings.py index 3e25ba8..3fa0168 100644 --- a/dal/dal/settings.py +++ b/dal/dal/settings.py @@ -11,77 +11,28 @@ https://docs.djangoproject.com/en/1.10/ref/settings/ """ import os - +import dotenv import ldap - from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion -from configparser import ConfigParser +# get config +dotenv.read_dotenv() -config = ConfigParser() -config.read('userservice.conf') +# LDAP setup +AUTH_LDAP_SERVER_URI = os.environ['LDAPSERVER'] +AUTH_LDAP_BIND_DN = os.environ['LDAPSEARCHUSER'] +AUTH_LDAP_BIND_PASSWORD = os.environ['LDAPSEARCHUSERPASSWORD'] -# LDAP config - -AUTH_LDAP_SERVER_URI = config['LDAP']['LDAPSERVER'] -# The search user -AUTH_LDAP_BIND_DN = config['LDAP']['SEARCHUSER'] -# The password for the search user -AUTH_LDAP_BIND_PASSWORD = config.get('LDAP','SEARCHUSERPASSWORD', raw=True) -# Search union over two ou -AUTH_LDAP_USER_SEARCH = LDAPSearchUnion( - LDAPSearch("ou=users,dc=ungleich,dc=ch", ldap.SCOPE_SUBTREE, "(uid=%(user)s)"), - LDAPSearch("ou=customers,dc=ungleich,dc=ch", ldap.SCOPE_SUBTREE, "(uid=%(user)s)"), - ) - -# Basic User -#AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,ou=users,dc=ungleich,dc=ch" - -# Search over just one ou -#AUTH_LDAP_USER_SEARCH = LDAPSearch( LDAPSearch("ou=users,dc=ungleich,dc=ch", -# ldap.SCOPE_SUBTREE, "(uid=%(user)s)") -# ) +# Search union over OUs +search_base = os.environ['LDAPSEARCH'].split() +search_base_ldap = [ LDAPSearch(x, ldap.SCOPE_SUBTREE, "(uid=%(user)s)") for x in search_base ] +AUTH_LDAP_USER_SEARCH = LDAPSearchUnion(*search_base_ldap) -# Maps some user keys since ldap has extensive infos -#AUTH_LDAP_USER_ATTR_MAP = {"first_name": "givenName", "last_name": "sn"} - -# Maps some profile keys since ldap has extensive infos -#AUTH_LDAP_PROFILE_ATTR_MAP = {"home_directory": "homeDirectory"} - -# LDAP config end - -# Django nameko config - -# Where's the Rabbitmq at -NAMEKO_CONFIG = { - 'AMQP_URI': 'amqp://%s' % config['System']['RABBITMQ'] - } - -# Standard pool size -NAMEKO_POOL_SIZE = 4 - -# Django nameko config end - -# Build paths inside the project like this: os.path.join(BASE_DIR, ...) BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) -STATIC_ROOT = os.path.dirname('/home/downhill/ungleich/vuejsuserservice/dal/dal/static/') - -# Quick-start development settings - unsuitable for production -# See https://docs.djangoproject.com/en/1.10/howto/deployment/checklist/ - -# SECURITY WARNING: keep the secret key used in production secret! -SECRET_KEY = 'rn=f&ecp#&#escxpk!0e%a$i3sbm$z@5+g4h9q+w7-83*f2f-i' - -# SECURITY WARNING: don't run with debug turned on in production! -DEBUG = True - ALLOWED_HOSTS = [] - -# Application definition - INSTALLED_APPS = [ 'django.contrib.admin', 'django.contrib.auth', @@ -89,8 +40,6 @@ INSTALLED_APPS = [ 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', - 'bootstrap3', - 'sekizai', 'dal', ] @@ -104,12 +53,8 @@ MIDDLEWARE = [ 'django.middleware.clickjacking.XFrameOptionsMiddleware', ] -# Backend for auth - AUTHENTICATION_BACKENDS = ( 'django_auth_ldap.backend.LDAPBackend', -# we only use LDAP for this service, so no auth against the standard DB -# 'django.contrib.auth.backends.ModelBackend', ) @@ -134,87 +79,6 @@ TEMPLATES = [ WSGI_APPLICATION = 'dal.wsgi.application' -# Django Bootstrap - Settings -# Added Configuration for bootstrap static files to load over https. -BOOTSTRAP3 = { - - # The URL to the jQuery JavaScript file - 'jquery_url': '//code.jquery.com/jquery.min.js', - - # The Bootstrap base URL - 'base_url': '//maxcdn.bootstrapcdn.com/bootstrap/3.3.4/', - - # The complete URL to the Bootstrap CSS file - # (None means derive it from base_url) - 'css_url': None, - - # The complete URL to the Bootstrap CSS file (None means no theme) - 'theme_url': None, - - # The complete URL to the Bootstrap JavaScript file - # (None means derive it from base_url) - 'javascript_url': None, - - # Put JavaScript in the HEAD section of the HTML document - # (only relevant if you use bootstrap3.html) - 'javascript_in_head': False, - - # Include jQuery with Bootstrap JavaScript - # (affects django-bootstrap3 template tags) - 'include_jquery': False, - - # Label class to use in horizontal forms - 'horizontal_label_class': 'col-md-3', - - # Field class to use in horizontal forms - 'horizontal_field_class': 'col-md-9', - - # Set HTML required attribute on required fields - 'set_required': True, - - # Set HTML disabled attribute on disabled fields - 'set_disabled': False, - - # Set placeholder attributes to label if no placeholder is provided - 'set_placeholder': True, - - # Class to indicate required (better to set this in your Django form) - 'required_css_class': '', - - # Class to indicate error (better to set this in your Django form) - 'error_css_class': 'has-error', - - # Class to indicate success, meaning the field has valid input - # (better to set this in your Django form) - 'success_css_class': 'has-success', - - # Renderers (only set these if you have studied the source and understand - # the inner workings) - 'formset_renderers': { - 'default': 'bootstrap3.renderers.FormsetRenderer', - }, - 'form_renderers': { - 'default': 'bootstrap3.renderers.FormRenderer', - }, - 'field_renderers': { - 'default': 'bootstrap3.renderers.FieldRenderer', - 'inline': 'bootstrap3.renderers.InlineFieldRenderer', - }, -} - - - -# Database -# https://docs.djangoproject.com/en/1.10/ref/settings/#databases - -DATABASES = { - 'default': { - 'ENGINE': 'django.db.backends.sqlite3', - 'NAME': os.path.join(BASE_DIR, 'db.sqlite3'), - } -} - - # Password validation # https://docs.djangoproject.com/en/1.10/ref/settings/#auth-password-validators @@ -252,3 +116,21 @@ USE_TZ = True # https://docs.djangoproject.com/en/1.10/howto/static-files/ STATIC_URL = '/static/' + +############################# To be fixed + +STATIC_ROOT = os.path.dirname('/home/downhill/ungleich/vuejsuserservice/dal/dal/static/') + +# Database +# https://docs.djangoproject.com/en/1.10/ref/settings/#databases + +DATABASES = { + 'default': { + 'ENGINE': 'django.db.backends.sqlite3', + 'NAME': os.path.join(BASE_DIR, 'db.sqlite3'), + } +} +SECRET_KEY = 'rn=f&ecp#&#escxpk!0e%a$i3sbm$z@5+g4h9q+w7-83*f2f-i' + +# SECURITY WARNING: don't run with debug turned on in production! +DEBUG = True diff --git a/requirements.txt b/requirements.txt index e022bb6..0f502d8 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,4 @@ django>=2.1.2 django-auth-ldap>=1.7.0 ldap3>=2.5.1 -django-bootstrap3>=11.0.0 -django-compressor>=2.2 +django-dotenv