diff options
Diffstat (limited to 'src/pwman/settings.py')
| -rw-r--r-- | src/pwman/settings.py | 137 |
1 files changed, 137 insertions, 0 deletions
diff --git a/src/pwman/settings.py b/src/pwman/settings.py new file mode 100644 index 0000000..cf7bb69 --- /dev/null +++ b/src/pwman/settings.py @@ -0,0 +1,137 @@ +from os.path import abspath, dirname, join, normpath, isfile +from os import environ +# Django settings for sso project. + +DEBUG = environ.get('DEBUG_MODE', False) + +BASE_DIR = dirname(dirname(abspath(__file__))) +DATA_DIR = environ.get('DATA_DIR', '/opt/pwman') + +# Quick-start development settings - unsuitable for production +# See https://docs.djangoproject.com/en/1.11/howto/deployment/checklist/ + + +ALLOWED_HOSTS = ['crowd.nordu.net', 'pwman.nordu.net', 'localhost'] + +INSTALLED_APPS = [ + 'django.contrib.auth', + 'django.contrib.contenttypes', + 'django.contrib.sessions', + 'django.contrib.messages', + 'django.contrib.staticfiles', + # Uncomment the next line to enable the admin: + # 'django.contrib.admin', + 'apps.changepw', + 'apps.fedlogin', +] + +MIDDLEWARE = [ + 'django.middleware.security.SecurityMiddleware', + 'django.middleware.common.CommonMiddleware', + 'django.contrib.sessions.middleware.SessionMiddleware', + 'django.contrib.auth.middleware.AuthenticationMiddleware', + #'django.contrib.auth.middleware.RemoteUserMiddleware', + 'django.contrib.auth.middleware.PersistentRemoteUserMiddleware', + 'django.middleware.csrf.CsrfViewMiddleware', + 'django.contrib.messages.middleware.MessageMiddleware', + 'django.middleware.clickjacking.XFrameOptionsMiddleware', + 'apps.fedlogin.middleware.CustomHeaderMiddleware', + +] + +AUTHENTICATION_BACKENDS = ( + 'django.contrib.auth.backends.RemoteUserBackend', +) + +ROOT_URLCONF = 'pwman.urls' + +TEMPLATES = [ + { + 'BACKEND': 'django.template.backends.django.DjangoTemplates', + 'DIRS': [ + normpath(join(BASE_DIR, 'templates')), + ], + 'APP_DIRS': True, + 'OPTIONS': { + 'context_processors': [ + 'django.template.context_processors.debug', + 'django.template.context_processors.request', + 'django.contrib.auth.context_processors.auth', + 'django.contrib.messages.context_processors.messages', + ], + }, + }, +] + + +WSGI_APPLICATION = 'pwman.wsgi.application' + +DATABASES = { + 'default': { + 'ENGINE': 'django.db.backends.sqlite3', + 'NAME': join(DATA_DIR, 'database.db'), + } +} + +# Password validation +# https://docs.djangoproject.com/en/1.11/ref/settings/#auth-password-validators + +AUTH_PASSWORD_VALIDATORS = [ + { + 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator', + }, + { + 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', + }, + { + 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator', + }, + { + 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator', + }, +] + +# Local time zone for this installation. Choices can be found here: +# http://en.wikipedia.org/wiki/List_of_tz_zones_by_name +# although not all choices may be available on all operating systems. +# On Unix systems, a value of None will cause Django to use the same +# timezone as the operating system. +# If running in a Windows environment this must be set to the same as your +# system time zone. +TIME_ZONE = 'Europe/Stockholm' + +# Language code for this installation. All choices can be found here: +# http://www.i18nguy.com/unicode/language-identifiers.html +LANGUAGE_CODE = 'en-us' + +# If you set this to False, Django will make some optimizations so as not +# to load the internationalization machinery. +USE_I18N = True + +# If you set this to False, Django will not format dates, numbers and +# calendars according to the current locale +USE_L10N = True + +STATIC_URL = '/sso/static/' + +STATICFILES_DIRS = [ + join(BASE_DIR, "static"), +] + +STATIC_ROOT = join(DATA_DIR, "static") + +LOGIN_URL = '/sso/accounts/login-federated/' + +# secrets +LDAP_USER = environ.get('LDAP_USER', 'cn=admin,dc=nordu,dc=net') +LDAP_PASSWORD = environ.get('LDAP_PASSWORD', '') +LDAP_URL = environ.get('LDAP_URL', 'ldaps://ldap.nordu.net') +KERBEROS_SCRIPT = environ.get('KERBEROS_SCRIPT', join(BASE_DIR, 'scripts/create-kdc-principal.pl')) + +# SECURITY WARNING: keep the secret key used in production secret! +_path = environ.get('SECRET_KEY_FILE', join(DATA_DIR, 'secret.txt')) +if isfile(_path): + with open(_path) as f: + SECRET_KEY = f.read().strip() +else: + SECRET_KEY = environ.get('SECRET_KEY') |