settings.py 7.51 KB
Newer Older
David Seaward's avatar
David Seaward committed
1
import ldap
2
import strictyaml
David Seaward's avatar
David Seaward committed
3 4 5
from decouple import Config, Csv, RepositoryIni
from django_auth_ldap.config import LDAPSearch

6
import purist.limitmonitor
David Seaward's avatar
David Seaward committed
7 8 9 10 11 12
from .settings_original import *

#
# LOAD CONFIGURATION FILE
#

13 14 15
CONFIG_PATH = '/etc/opt/purist/middleware/config.ini'
SECRET_PATH = '/etc/opt/purist/middleware/secret.ini'
LINK_PROFILE_PATH = '/etc/opt/purist/middleware/link_profile.strict.yml'
David Seaward's avatar
David Seaward committed
16 17 18 19

config = Config(RepositoryIni(CONFIG_PATH))
secret_config = Config(RepositoryIni(SECRET_PATH))

20
with open(LINK_PROFILE_PATH, 'r') as stream:
21
    LINK_PROFILE_ORDERED_DICT = strictyaml.load(stream.read()).data
22

David Seaward's avatar
David Seaward committed
23 24 25 26 27 28 29 30 31
#
# SECURITY
#

# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = secret_config("DJANGO_SECRET_KEY")

# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = config("DEBUG", cast=bool)
32 33

# it is safe to use these flags in production
David Seaward's avatar
David Seaward committed
34 35 36
DEBUG_ALL_ACCESS = config("DEBUG_ALL_ACCESS", cast=bool)
DEBUG_CHANGE_PASSWORD = config("DEBUG_CHANGE_PASSWORD", cast=bool)
DEBUG_SKIP_ACTIVATION_COMMAND = config("DEBUG_SKIP_ACTIVATION_COMMAND", cast=bool)
37
DEBUG_SKIP_VALIDATE_ON_AUTHENTICATION = config("DEBUG_SKIP_VALIDATE_ON_AUTHENTICATION", cast=bool)
38
DEBUG_REGISTER_STATUS = config("DEBUG_REGISTER_STATUS", cast=bool)
Noe Nieto's avatar
Merge  
Noe Nieto committed
39
DEBUG_LOCAL_MAIL = config("DEBUG_LOCAL_MAIL", cast=bool)
40 41 42
DEBUG_REMOVE_CAPTCHA = config("DEBUG_REMOVE_CAPTCHA", cast=bool)


David Seaward's avatar
David Seaward committed
43 44 45 46 47 48 49 50

# Required if DEBUG is False
ALLOWED_HOSTS = config("ALLOWED_HOSTS", cast=Csv())

#
# INSTALLED APPLICATIONS
#

51 52 53 54 55 56 57 58 59 60
INSTALLED_APPS += ["crispy_forms",
                   "django_agpl",
                   "django_celery_beat",
                   "django_extensions",
                   "ldapregister",
                   "limitmonitor",
                   "purist",
                   "captcha",
                   "cart",
                   "registration",
61
                   "rest_framework",
Noe Nieto's avatar
Merge  
Noe Nieto committed
62
                   "password_reset",
63
                   "invitation"]
David Seaward's avatar
David Seaward committed
64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143

#
# AGPL APPLICATION
#

AGPL_ROOT = os.path.abspath(os.path.dirname(__file__) + "/..")

# no special exclusions are required, configuration and secrets are not stored in the site folder
AGPL_EXCLUDE_DIRS = [
    r'\.git$',
    r'\.idea$',
]

AGPL_FILENAME_PREFIX = 'middleware'

#
# REGISTRATION APPLICATION
#

REGISTRATION_OPEN = config("REGISTRATION_OPEN", cast=bool)

REG_PERSON_BASE_DN = config("REG_PERSON_BASE_DN")
REG_PERSON_OBJECT_CLASSES = config("REG_PERSON_OBJECT_CLASSES", cast=Csv())

REG_GROUP_BASE_DN = config("REG_GROUP_BASE_DN")
REG_GROUP_OBJECT_CLASSES = config("REG_GROUP_OBJECT_CLASSES", cast=Csv())

#
#  AUTHENTICATION
#

AUTH_PASSWORD_VALIDATORS = [
    {
        'NAME': 'purist.custom.PassphraseValidator',
    },
]

AUTHENTICATION_BACKENDS = (
    'purist.custom.AuthenticationBackend',
)

AUTH_LDAP_SERVER_URI = config("AUTH_LDAP_SERVER_URI")
AUTH_LDAP_START_TLS = config("AUTH_LDAP_START_TLS", cast=bool)

AUTH_LDAP_BIND_DN = config("AUTH_LDAP_BIND_DN")
AUTH_LDAP_BIND_PASSWORD = secret_config("AUTH_LDAP_BIND_PASSWORD")

BASE_DN = config("AUTH_LDAP_USER_SEARCH_BASE_DN")
AUTH_LDAP_USER_SEARCH = LDAPSearch(BASE_DN, ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
# must match `base_dn` and primary key in `ldapregister.models.LdapPerson`

AUTH_USER_MODEL = 'purist.User'

#
# DATABASE
#

# See also:
# https://docs.djangoproject.com/en/1.11/ref/settings/#databases
# and https://pypi.python.org/pypi/django-ldapdb/
# (re-uses LDAP connection details from authentication settings)

SQLITE_DB_PATH = config("SQLITE_DB_PATH")

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.sqlite3',
        'NAME': SQLITE_DB_PATH,
    },
    'ldap': {
        'ENGINE': 'ldapdb.backends.ldap',
        'NAME': AUTH_LDAP_SERVER_URI,
        'USER': AUTH_LDAP_BIND_DN,
        'PASSWORD': AUTH_LDAP_BIND_PASSWORD,
        'TLS': AUTH_LDAP_START_TLS,
    },
}

DATABASE_ROUTERS = ['ldapdb.router.Router']

144 145 146 147 148
#
# Context processor that makes the django settings avaiable to templates
#

TEMPLATES[0]['OPTIONS']['context_processors'].append('purist.context_processors.settings')
149
TEMPLATES[1]['OPTIONS']['context_processors'] = ['purist.context_processors.settings']
150 151


David Seaward's avatar
David Seaward committed
152 153 154 155 156 157 158 159 160 161 162
#
# STATIC AND SITE SETTINGS
#

STATIC_ROOT = config("STATIC_ROOT")
STATICFILES_DIRS = config("STATICFILES_DIRS", cast=Csv())
SITE_TITLE = config("SITE_TITLE")
SITE_BYLINE = config("SITE_BYLINE")
SITE_DOMAIN = config("SITE_DOMAIN")
SITE_PROVIDER = config("SITE_PROVIDER")
SITE_PROVIDER_LINK = config("SITE_PROVIDER_LINK")
163
EMAIL_DOMAIN = config("EMAIL_DOMAIN")
David Seaward's avatar
David Seaward committed
164 165 166 167 168 169 170
#
# WOOCOMMERCE
#

WOO_URL = config("WOO_URL")
WOO_WP_API = config("WOO_WP_API", cast=bool)
WOO_VERSION = config("WOO_VERSION")
171
WOO_QUERY_STRING_AUTH = config("WOO_QUERY_STRING_AUTH", cast=bool)  # required for OAuth over HTTPS
David Seaward's avatar
David Seaward committed
172 173
WOO_CONSUMER_KEY = secret_config("WOO_CONSUMER_KEY")
WOO_CONSUMER_SECRET = secret_config("WOO_CONSUMER_SECRET")
174 175 176 177 178 179 180

#
# WOOCOMMERCE CART
#

WOO_CART_BASIC = config("WOO_CART_BASIC", cast=Csv(str))
WOO_CART_COMPLETE = config("WOO_CART_COMPLETE", cast=Csv(str))
181 182
WOO_CART_GROUP_BASIC = config("WOO_CART_GROUP_BASIC", cast=Csv(str))
WOO_CART_GROUP_COMPLETE = config("WOO_CART_GROUP_COMPLETE", cast=Csv(str))
183 184
WOO_CART_ZERO = config("WOO_CART_ZERO", cast=bool)
WOO_CART_999 = config("WOO_CART_999", cast=bool)
185 186
WOO_CART_5000 = config("WOO_CART_5000", cast=bool)
WOO_CART_5999 = config("WOO_CART_5999", cast=bool)
187 188
WOO_CART_BILLING_PATH = config("WOO_CART_BILLING_PATH")
WOO_CART_THANKS_PATH = config("WOO_CART_THANKS_PATH")
David Seaward's avatar
David Seaward committed
189 190

#
191
# WOOSUB1 PARSER
David Seaward's avatar
David Seaward committed
192 193
#

194
WOOSUB1_PRODUCT_LIST = config("WOOSUB1_PRODUCT_LIST", cast=Csv(int))
David Seaward's avatar
David Seaward committed
195 196 197 198 199 200 201 202 203

#
# SSH CONNECTION TO OPENVPN SERVER
#

OVPN_HOSTNAME = config("OVPN_HOSTNAME")
OVPN_PORT = config("OVPN_PORT", cast=int)
OVPN_USERNAME = config("OVPN_USERNAME")
OVPN_FILEPATH = config("OVPN_FILEPATH")
204

205 206 207 208 209
#
# LIMIT MONITOR
#

LM_SERVICES = purist.limitmonitor.ServicesContainer
210
LM_PARSERS = purist.limitmonitor.ParserContainer
211

212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233
#
# LOGGING
#

LOGGING = {
    'version': 1,
    'disable_existing_loggers': False,
    'handlers': {
        'console': {
            'level': 'DEBUG',
            'filters': None,
            'class': 'logging.StreamHandler',
        },
    },
    'loggers': {
        '': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': True,
        },
    },
}
234 235 236 237 238 239


#
# Captcha
#

David Seaward's avatar
David Seaward committed
240 241
CAPTCHA_FONT_SIZE = 40
CAPTCHA_TIMEOUT = 15
242 243 244
CAPTCHA_LENGTH = 4
CAPTCHA_TEST_MODE = True
CAPTCHA_CHALLENGE_FUNCT = 'captcha.helpers.math_challenge'
245 246 247 248 249 250 251 252 253

#
# Tunnel
#

TUNNEL_IDENTITY = secret_config('TUNNEL_IDENTITY')
TUNNEL_SECRET = secret_config('TUNNEL_SECRET')
TUNNEL_HOST = config('TUNNEL_HOST')
TUNNEL_KEY = secret_config('TUNNEL_KEY')
254 255 256 257 258 259 260 261 262 263

#
# REST framework
#

REST_FRAMEWORK = {
    'DEFAULT_PAGINATION_CLASS':
    'rest_framework.pagination.PageNumberPagination',
    'PAGE_SIZE': 10
}
264 265 266 267 268


#
# django password recover: 30 min
#
Noe Nieto's avatar
Merge  
Noe Nieto committed
269
PASSWORD_RESET_TOKEN_EXPIRES = secret_config('PASSWORD_RESET_TOKEN_EXPIRES', 1800)
270

271
# Email server configuration
Noe Nieto's avatar
Noe Nieto committed
272 273 274
ADMINS = [('Librem One Admins', 'admins@librem.one'), ('Purism Admins', 'admins@puri.sm')]
DEFAULT_FROM_EMAIL = config('DEFAULT_FROM_EMAIL', 'Librem One <noreply@librem.one>')
SERVER_EMAIL = config('SERVER_EMAIL', 'Librem One <noreply@librem.one>')
275
EMAIL_BACKEND = config('EMAIL_BACKEND','django.core.mail.backends.smtp.EmailBackend')
Noe Nieto's avatar
Noe Nieto committed
276 277 278 279
EMAIL_HOST = config('EMAIL_HOST', 'localhost')
EMAIL_HOST_USER = config('EMAIL_HOST_USER', '')
EMAIL_HOST_PASSWORD = secret_config('EMAIL_HOST_PASSWORD', '')
EMAIL_PORT = config('EMAIL_PORT', 25, cast=int)
280 281 282
EMAIL_USE_TLS = config('EMAIL_USE_TLS', False, cast=bool)
EMAIL_USE_SSL = config('EMAIL_USE_SSL', False, cast=bool)

283 284 285
# This is the link to the subscribe page, used in different parts of the middleware
SUBSCRIBE_HREF = config('SUBSCRIBE_HREF')