· 7 years ago · Dec 16, 2018, 12:42 PM
1# ____ _____ ___ ____ _
2# / ___|_ _/ _ \| _ \| |
3# \___ \ | || | | | |_) | |
4# ___) || || |_| | __/|_|
5# |____/ |_| \___/|_| (_)
6#
7# Do not edit this file when installing RatticDB. This file read in the
8# settings from INI style files in conf/local.cfg and /etc/ratticweb.cfg.
9# You should make you changes to those files.
10#
11# If you believe changes are required to these files please write your code
12# to pull the values from these config files (see the code already here)
13# and then submit a Pull Request to us on GitHub.
14#
15# GitHub: https://github.com/tildaslash/RatticWeb
16#
17from ConfigParser import RawConfigParser, NoOptionError
18from urlparse import urljoin
19import ldap
20import os
21from django_auth_ldap.config import LDAPSearch
22from datetime import timedelta
23from django.utils.translation import ugettext_lazy as _
24
25config = RawConfigParser()
26config.readfp(open('conf/defaults.cfg'))
27CONFIGURED_BY = config.read(['conf/local.cfg', '/etc/ratticweb.cfg'])
28
29
30def confget(section, var, default):
31 try:
32 return config.get(section, var)
33 except NoOptionError:
34 return default
35
36
37def confgetbool(section, var, default):
38 try:
39 return config.getboolean(section, var)
40 except NoOptionError:
41 return default
42
43
44ADMINS = (
45 # ('Your Name', 'your_email@example.com'),
46)
47
48MANAGERS = ADMINS
49
50# The Internationalization Settings
51USE_I18N = True
52USE_L10N = True
53LOCALE_PATHS = (
54 'conf/locale',
55)
56LANGUAGES = (
57 ('en', _('English')),
58 ('fr', _('French')),
59 ('de', _('German')),
60 ('it', _('Italian')),
61)
62
63# If you set this to False, Django will not use timezone-aware datetimes.
64USE_TZ = True
65
66# Additional locations of static files
67STATICFILES_DIRS = (
68 # Put strings here, like "/home/html/static" or "C:/www/django/static".
69 # Always use forward slashes, even on Windows.
70 # Don't forget to use absolute paths, not relative paths.
71)
72
73# A tuple of callables that are used to populate the context in
74# RequestContext. These callables take a request object as their
75# argument and return a dictionary of items to be merged into
76# the context.
77TEMPLATE_CONTEXT_PROCESSORS = (
78 "django.contrib.auth.context_processors.auth",
79 "django.core.context_processors.debug",
80 "django.core.context_processors.i18n",
81 "django.core.context_processors.media",
82 "django.core.context_processors.static",
83 "django.core.context_processors.tz",
84 "django.contrib.messages.context_processors.messages",
85 'ratticweb.context_processors.base_template_reqs',
86 'ratticweb.context_processors.logo_selector',
87)
88
89# List of finder classes that know how to find static files in
90# various locations.
91STATICFILES_FINDERS = (
92 'django.contrib.staticfiles.finders.FileSystemFinder',
93 'django.contrib.staticfiles.finders.AppDirectoriesFinder',
94 # 'django.contrib.staticfiles.finders.DefaultStorageFinder',
95)
96
97# List of callables that know how to import templates from various sources.
98TEMPLATE_LOADERS = (
99 'django.template.loaders.filesystem.Loader',
100 'django.template.loaders.app_directories.Loader',
101 # 'django.template.loaders.eggs.Loader',
102)
103
104MIDDLEWARE_CLASSES = (
105 'user_sessions.middleware.SessionMiddleware',
106 'django.middleware.locale.LocaleMiddleware',
107 'django.middleware.common.CommonMiddleware',
108 'django.middleware.csrf.CsrfViewMiddleware',
109 'django.contrib.auth.middleware.AuthenticationMiddleware',
110 'django_otp.middleware.OTPMiddleware',
111
112 # Custom Middleware
113 'account.middleware.StrictAuthentication',
114 'account.middleware.PasswordExpirer',
115 'ratticweb.middleware.DisableClientSideCachingMiddleware',
116 'ratticweb.middleware.XUACompatibleMiddleware',
117 'ratticweb.middleware.CSPMiddleware',
118 'ratticweb.middleware.HSTSMiddleware',
119 'ratticweb.middleware.DisableContentTypeSniffing',
120
121 'django.contrib.messages.middleware.MessageMiddleware',
122 'django.middleware.clickjacking.XFrameOptionsMiddleware',
123)
124
125ROOT_URLCONF = 'ratticweb.urls'
126
127# Urls
128RATTIC_ROOT_URL = config.get('ratticweb', 'urlroot')
129MEDIA_URL = urljoin(RATTIC_ROOT_URL, 'media/')
130STATIC_URL = urljoin(RATTIC_ROOT_URL, 'static/')
131
132# Python dotted path to the WSGI application used by Django's runserver.
133WSGI_APPLICATION = 'ratticweb.wsgi.application'
134
135TEMPLATE_DIRS = (
136 # Put strings here, like "/home/html/django_templates" or "C:/www/django/templates".
137 # Always use forward slashes, even on Windows.
138 # Don't forget to use absolute paths, not relative paths.
139)
140
141LOCAL_APPS = (
142 # Sub apps
143 'ratticweb',
144 'cred',
145 'account',
146 'staff',
147 'help',
148)
149
150INSTALLED_APPS = (
151 # External apps
152 'django.contrib.auth',
153 'django.contrib.sessions',
154 'django.contrib.contenttypes',
155 'django.contrib.messages',
156 'django.contrib.staticfiles',
157 'django.contrib.admin',
158 'django.contrib.admindocs',
159 'user_sessions',
160 'django_otp',
161 'django_otp.plugins.otp_static',
162 'django_otp.plugins.otp_totp',
163 'two_factor',
164 'south',
165 'tastypie',
166 'kombu.transport.django',
167 'djcelery',
168 'database_files',
169 'social_auth',
170) + LOCAL_APPS
171
172if os.environ.get("ENABLE_TESTS") == "1":
173 INSTALLED_APPS += ('django_nose', )
174
175TEST_RUNNER = 'tests.runner.ExcludeAppsTestSuiteRunner'
176
177# A sample logging configuration. The only tangible logging
178# performed by this configuration is to send an email to
179# the site admins on every HTTP 500 error when DEBUG=False.
180# See http://docs.djangoproject.com/en/dev/topics/logging for
181# more details on how to customize your logging configuration.
182LOGGING = {
183 'version': 1,
184 'disable_existing_loggers': False,
185 'formatters': {
186 'console_format': {
187 'format': '%(asctime)s [%(levelname)s] %(message)s'
188 }
189 },
190 'filters': {
191 'require_debug_false': {
192 '()': 'django.utils.log.RequireDebugFalse'
193 }
194 },
195 'handlers': {
196 'mail_admins': {
197 'level': 'ERROR',
198 'filters': ['require_debug_false'],
199 'class': 'django.utils.log.AdminEmailHandler'
200 },
201 'console': {
202 'level': 'INFO',
203 'class': 'logging.StreamHandler',
204 'formatter': 'console_format'
205 }
206 },
207 'loggers': {
208 'django_auth_ldap': {
209 'handlers': ['console'],
210 'propagate': True,
211 },
212 'django.request': {
213 'handlers': ['console'],
214 'propagate': True,
215 },
216 'db_backup': {
217 'handlers': ['console'],
218 'level': 'INFO',
219 'propagate': True,
220 },
221 }
222}
223
224#######################
225# Custom app settings #
226#######################
227
228# URLs
229PUBLIC_HELP_WIKI_BASE = 'https://github.com/tildaslash/RatticWeb/wiki/'
230LOGIN_REDIRECT_URL = urljoin(RATTIC_ROOT_URL, "cred/list/")
231LOGIN_URL = RATTIC_ROOT_URL
232
233# django-user-sessions
234SESSION_ENGINE = 'user_sessions.backends.db'
235SESSION_EXPIRE_AT_BROWSER_CLOSE = True
236SESSION_COOKIE_AGE = int(config.get('ratticweb', 'session_cookie_age'))
237
238# Icon configuration
239CRED_ICON_JSON = 'db/icons.json'
240CRED_ICON_CSS = 'ratticweb/static/rattic/css/icons.css'
241CRED_ICON_SPRITE = 'rattic/img/sprite.png'
242CRED_ICON_BASEDIR = 'rattic/img/credicons'
243CRED_ICON_CLEAR = 'rattic/img/clear.gif'
244CRED_ICON_DEFAULT = 'Key.png'
245
246# django-auth-ldap
247AUTH_LDAP_USER_FLAGS_BY_GROUP = {}
248
249# celery
250BROKER_URL = 'django://'
251CELERY_TASK_SERIALIZER = 'json'
252CELERY_ACCEPT_CONTENT = ['json']
253CELERY_RESULT_BACKEND = 'djcelery.backends.database:DatabaseBackend'
254
255###############################
256# External environment config #
257###############################
258
259# [ratticweb]
260DEBUG = confgetbool('ratticweb', 'debug', False)
261TEMPLATE_DEBUG = DEBUG
262TIME_ZONE = config.get('ratticweb', 'timezone')
263SECRET_KEY = config.get('ratticweb', 'secretkey')
264ALLOWED_HOSTS = [config.get('ratticweb', 'hostname'), 'localhost']
265HOSTNAME = config.get('ratticweb', 'hostname')
266RATTIC_MAX_ATTACHMENT_SIZE = int(config.get('ratticweb', 'max_attachment_size'))
267RATTIC_DISABLE_EXPORT = config.getboolean('ratticweb', 'disable_export')
268LOGINLESS_SSH_FINGERPRINTS = config.getboolean("ratticweb", "loginless_ssh_fingerprints")
269
270# Allow SSL termination outside RatticDB
271if confget('ratticweb', 'ssl_header', False):
272 SECURE_PROXY_SSL_HEADER = (config.get('ratticweb', 'ssl_header'), config.get('ratticweb', 'ssl_header_value'))
273
274# Setup the loglevel
275LOGGING['loggers']['django.request']['level'] = config.get('ratticweb', 'loglevel')
276
277# [filepaths]
278HELP_SYSTEM_FILES = confget('filepaths', 'help', False)
279MEDIA_ROOT = confget('filepaths', 'media', '')
280STATIC_ROOT = confget('filepaths', 'static', '')
281#STATIC_ROOT = os.path.join(BASE_DIR, "static/")
282
283# [database]
284DATABASES = {
285 'default': {
286 'ENGINE': confget('database', 'engine', 'django.db.backends.sqlite3'),
287 'NAME': confget('database', 'name', 'db/ratticweb'),
288 'USER': confget('database', 'user', ''),
289 'PASSWORD': confget('database', 'password', ''),
290 'HOST': confget('database', 'host', ''),
291 'PORT': confget('database', 'port', ''),
292 }
293}
294
295# [backup]
296BACKUP_DIR = confget("backup", "dir", None)
297BACKUP_GPG_HOME = confget("backup", "gpg_home", None)
298BACKUP_S3_BUCKET = confget("backup", "s3_bucket", None)
299BACKUP_RECIPIENTS = confget("backup", "recipients", None)
300
301# [email]
302# SMTP Mail Opts
303EMAIL_BACKEND = config.get('email', 'backend')
304EMAIL_FILE_PATH = config.get('email', 'filepath')
305EMAIL_HOST = config.get('email', 'host')
306EMAIL_PORT = config.get('email', 'port')
307EMAIL_HOST_USER = config.get('email', 'user')
308EMAIL_HOST_PASSWORD = config.get('email', 'password')
309EMAIL_USE_TLS = confgetbool('email', 'usetls', False)
310DEFAULT_FROM_EMAIL = config.get('email', 'from_email')
311
312# [scheduler]
313CELERYBEAT_SCHEDULE = {}
314
315chgqreminder = int(config.get('scheduler', 'change_queue_reminder_period'))
316if chgqreminder > 0:
317 CELERYBEAT_SCHEDULE['send-change-queue-reminder-email'] = {
318 'task': 'cred.tasks.change_queue_emails',
319 'schedule': timedelta(days=chgqreminder),
320 }
321
322CELERY_TIMEZONE = TIME_ZONE
323
324# [ldap]
325LDAP_ENABLED = 'ldap' in config.sections()
326
327if LDAP_ENABLED:
328
329 LOGGING['loggers']['django_auth_ldap']['level'] = confget('ldap', 'loglevel', 'WARNING')
330
331 # Needed if anonymous queries are not allowed
332 AUTH_LDAP_BIND_DN = confget('ldap', 'binddn', '')
333
334 AUTH_LDAP_BIND_PASSWORD = confget('ldap', 'bindpw', '')
335
336 # User attributes
337 AUTH_LDAP_USER_ATTR_MAP = {"email": "mail"}
338 if config.has_option('ldap', 'userfirstname'):
339 AUTH_LDAP_USER_ATTR_MAP["first_name"] = config.get('ldap', 'userfirstname')
340 if config.has_option('ldap', 'userfirstname'):
341 AUTH_LDAP_USER_ATTR_MAP["last_name"] = config.get('ldap', 'userlastname')
342
343 # Are we using LDAP groups or local groups? Default to using LDAP groups
344 USE_LDAP_GROUPS = confgetbool('ldap', 'useldapgroups', True)
345
346 # If we are not using LDAP groups, then do not update the user model's group membership
347 AUTH_LDAP_MIRROR_GROUPS = USE_LDAP_GROUPS
348
349 AUTH_LDAP_SERVER_URI = config.get('ldap', 'uri')
350
351 AUTH_LDAP_USER_BASE = config.get('ldap', 'userbase')
352
353 # Defaults to AUTH_LDAP_USER_BASE because it must be defined
354 AUTH_LDAP_GROUP_BASE = confget('ldap', 'groupbase', AUTH_LDAP_USER_BASE)
355
356 AUTH_LDAP_USER_FILTER = config.get('ldap', 'userfilter')
357
358 # Defaults to a bogus filter so that searching yields no errors in the log
359 AUTH_LDAP_GROUP_FILTER = confget('ldap', 'groupfilter', '(objectClass=_fake)')
360
361 AUTH_LDAP_USER_SEARCH = LDAPSearch(AUTH_LDAP_USER_BASE, ldap.SCOPE_SUBTREE,
362 AUTH_LDAP_USER_FILTER)
363
364 AUTH_LDAP_GROUP_SEARCH = LDAPSearch(AUTH_LDAP_GROUP_BASE, ldap.SCOPE_SUBTREE,
365 AUTH_LDAP_GROUP_FILTER)
366
367 # Defaults to PosixGroupType because it must match a pre-defined list of selections
368 AUTH_LDAP_GROUP_TYPE = getattr(__import__('django_auth_ldap').config, confget('ldap', 'grouptype', 'PosixGroupType'))()
369
370 # Booleans
371 AUTH_LDAP_ALLOW_PASSWORD_CHANGE = confgetbool('ldap', 'pwchange', False)
372
373 AUTH_LDAP_START_TLS = confgetbool('ldap', 'starttls', False)
374
375 AUTH_LDAP_GLOBAL_OPTIONS = {
376 ldap.OPT_X_TLS_REQUIRE_CERT: confgetbool('ldap', 'requirecert', True),
377 ldap.OPT_REFERRALS: confgetbool('ldap', 'referrals', False),
378 }
379
380 # Determines which LDAP users are staff, if not defined, privilege can be set manually
381 if config.has_option('ldap', 'staff'):
382 AUTH_LDAP_USER_FLAGS_BY_GROUP['is_staff'] = confget('ldap', 'staff', '')
383
384 AUTHENTICATION_BACKENDS = (
385 'django_auth_ldap.backend.LDAPBackend',
386 'django.contrib.auth.backends.ModelBackend',
387 )
388else:
389 # No LDAP section means no LDAP groups
390 USE_LDAP_GROUPS = False
391
392# [goauth2]
393GOAUTH2_ENABLED = 'goauth2' in config.sections()
394
395if GOAUTH2_ENABLED:
396 AUTHENTICATION_BACKENDS = (
397 'social_auth.backends.google.GoogleOAuth2Backend',
398 'django.contrib.auth.backends.ModelBackend',
399 )
400
401 LOGIN_URL = RATTIC_ROOT_URL + 'account/login/google-oauth2/'
402 LOGIN_ERROR_URL = RATTIC_ROOT_URL + '/account/login-error/'
403
404 SOCIAL_AUTH_RAISE_EXCEPTIONS = False
405 SOCIAL_AUTH_PROCESS_EXCEPTIONS = 'social_auth.utils.log_exceptions_to_messages'
406
407 GOOGLE_OAUTH2_CLIENT_ID = config.get('goauth2', 'client_id')
408 GOOGLE_OAUTH2_CLIENT_SECRET = config.get('goauth2', 'client_secret')
409 GOOGLE_WHITE_LISTED_DOMAINS = [config.get('goauth2', 'domain')]
410
411 SOCIAL_AUTH_USERNAME_IS_FULL_EMAIL = True
412 SOCIAL_AUTH_COMPLETE_URL_NAME = 'socialauth_complete'
413 SOCIAL_AUTH_ASSOCIATE_URL_NAME = 'socialauth_associate_complete'
414
415 if confgetbool('goauth2', 'https_redirect', False):
416 SOCIAL_AUTH_REDIRECT_IS_HTTPS = True
417
418 SOCIAL_AUTH_GOOGLE_OAUTH2_IGNORE_DEFAULT_SCOPE = True
419 SOCIAL_AUTH_GOOGLE_OAUTH2_SCOPE = [
420 'https://www.googleapis.com/auth/userinfo.email',
421 'https://www.googleapis.com/auth/userinfo.profile'
422 ]
423
424 SESSION_SERIALIZER='django.contrib.sessions.serializers.PickleSerializer'
425
426# Passwords expiry settings
427if GOAUTH2_ENABLED:
428 PASSWORD_EXPIRY = False
429else:
430 try:
431 PASSWORD_EXPIRY = timedelta(days=int(config.get('ratticweb', 'passwordexpirydays')))
432 except NoOptionError:
433 PASSWORD_EXPIRY = False
434 except ValueError:
435 PASSWORD_EXPIRY = False