settings_local.example.py 3.77 KB
Newer Older
1
2
# Django settings for uccmemberdb project.

frekk's avatar
frekk committed
3
4
5
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
import os
BASE_DIR = os.path.dirname(os.path.dirname(__file__))
6
ROOT_DIR = os.path.dirname(BASE_DIR)
frekk's avatar
frekk committed
7

8
9
DEBUG = True

Zack Wong's avatar
Zack Wong committed
10
11
ENV = '${SHORT_ENV_NAME}'

12
ADMINS = (
Zack Wong's avatar
Zack Wong committed
13
	('UCC Committee', '[email protected]'),
14
15
)

16
### Database connection options ###
17
DATABASES = {
Zack Wong's avatar
Zack Wong committed
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
	'default': {
		'ENGINE': '${DB_ENGINE}',     # Add 'postgresql', 'mysql', 'sqlite3' or 'oracle'.
		# this should end up in uccportal/.db/members.db
		'NAME': '${DB_NAME}',   # Or path to database file if using sqlite3.
		'USER': '${DB_USER}',                                 # Not used with sqlite3.
		'PASSWORD': '${DB_SECRET}',                             # Not used with sqlite3.
		'HOST': '${DB_HOST}',                                 # Set to empty string for localhost. Not used with sqlite3.
		'PORT': '',                                 # Set to empty string for default. Not used with sqlite3.
	},
	'memberdb_old': {
		'ENGINE': 'django.db.backends.postgresql',
		'NAME': 'uccmemberdb_2018',
		'USER': 'uccmemberdb',
		'PASSWORD': '${OLDDB_SECRET}',
		'HOST': 'mussel.ucc.gu.uwa.edu.au',
		'PORT': '',
	}
35
36
37
}

# Make this unique, and don't share it with anybody.
Zack Wong's avatar
Zack Wong committed
38
SECRET_KEY = '${APP_SECRET}'
39

40
# Set this to whatever your ServerName/ServerAlias(es) are
Zack Wong's avatar
Zack Wong committed
41
ALLOWED_HOSTS = ['${DEPLOY_HOST}']
42

43
44
45
LOG_LEVEL = 'DEBUG'
LOG_FILENAME = os.path.join(ROOT_DIR, "django.log")

46
47
48
import ldap
from django_auth_ldap.config import LDAPSearch, ActiveDirectoryGroupType, LDAPGroupQuery

Zack Wong's avatar
Zack Wong committed
49
# LDAP admin settings
50
LDAP_BASE_DN = 'DC=ad,DC=ucc,DC=gu,DC=uwa,DC=edu,DC=au'
Zack Wong's avatar
Zack Wong committed
51
LDAP_USER_SEARCH_DN = 'CN=Users,DC=ad,DC=ucc,DC=gu,DC=uwa,DC=edu,DC=au'
52
LDAP_BIND_DN = 'CN=uccportal,CN=Users,DC=ad,DC=ucc,DC=gu,DC=uwa,DC=edu,DC=au'
Zack Wong's avatar
Zack Wong committed
53
LDAP_BIND_SECRET = "${LDAP_SECRET}"
Zack Wong's avatar
Zack Wong committed
54

frekk's avatar
frekk committed
55
56
# this could be ad.ucc.gu.uwa.edu.au but that doesn't resolve externally -
# useful for testing, but should be changed in production so failover works
zack's avatar
zack committed
57
AUTH_LDAP_SERVER_URI = 'ldaps://ad.ucc.gu.uwa.edu.au'
58

frekk's avatar
frekk committed
59
# This is also a bad idea, should be changed in production
60
AUTH_LDAP_GLOBAL_OPTIONS = {
Zack Wong's avatar
Zack Wong committed
61
	ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER,
62
63
64
65
}

# directly attempt to authenticate users to bind to LDAP
AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = True
66
67
68
69
AUTH_LDAP_ALWAYS_UPDATE_USER = True
AUTH_LDAP_MIRROR_GROUPS = False
AUTH_LDAP_GROUP_TYPE = ActiveDirectoryGroupType()
AUTH_LDAP_FIND_GROUP_PERMS = False
70

71
AUTH_LDAP_USER_DN_TEMPLATE = 'CN=%(user)s,CN=Users,DC=ad,DC=ucc,DC=gu,DC=uwa,DC=edu,DC=au'
72
73

AUTH_LDAP_GROUP_SEARCH = LDAPSearch("OU=Groups,DC=ad,DC=ucc,DC=gu,DC=uwa,DC=edu,DC=au",
Zack Wong's avatar
Zack Wong committed
74
	ldap.SCOPE_SUBTREE, "(objectClass=group)")
75
76

# Populate the Django user from the LDAP directory.
frekk's avatar
frekk committed
77
# note: somehow the LDAP/AD users don't have firstName/sn, rather the full name is in name or displayName
78
AUTH_LDAP_USER_ATTR_MAP = {
Zack Wong's avatar
Zack Wong committed
79
80
81
	"first_name": "givenName",
	"last_name": "sn",
	"email": "email",
82
83
}

84
ADMIN_ACCESS_QUERY = \
Zack Wong's avatar
Zack Wong committed
85
86
87
		LDAPGroupQuery("CN=committee,OU=Groups,DC=ad,DC=ucc,DC=gu,DC=uwa,DC=edu,DC=au") | \
		LDAPGroupQuery("CN=door,OU=Groups,DC=ad,DC=ucc,DC=gu,DC=uwa,DC=edu,DC=au") | \
		LDAPGroupQuery("CN=wheel,OU=Groups,DC=ad,DC=ucc,DC=gu,DC=uwa,DC=edu,DC=au")
88

89
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
Zack Wong's avatar
Zack Wong committed
90
91
	# staff can login to the admin site
	"is_staff": ADMIN_ACCESS_QUERY,
92

Zack Wong's avatar
Zack Wong committed
93
94
	# superusers have all permissions (but also need staff to login to admin site)
	"is_superuser": ADMIN_ACCESS_QUERY,
frekk's avatar
frekk committed
95
96
97
}

# the Square app and location data (set to sandbox unless you want it to charge people)
98
99
100
SQUARE_APP_ID = '${SQUARE_APP_ID}'
SQUARE_LOCATION = '${SQUARE_LOCATION}'
SQUARE_ACCESS_TOKEN = '${SQUARE_SECRET}'
101
102
103
104
105
106
107
108

DISPENSE_BIN = '/usr/local/bin/dispense'

# configure the email backend (see https://docs.djangoproject.com/en/2.1/topics/email/)
EMAIL_HOST = "secure.ucc.asn.au"
EMAIL_PORT = 465
EMAIL_USE_SSL = True
EMAIL_HOST_USER = "uccportal"
109
EMAIL_HOST_PASSWORD = "${EMAIL_SECRET}"