settings_local.example.py 3.85 KB
Newer Older
1
2
# Django settings for uccmemberdb project.

frekk's avatar
frekk committed
3
4
5
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
import os
BASE_DIR = os.path.dirname(os.path.dirname(__file__))
6
ROOT_DIR = os.path.dirname(BASE_DIR)
frekk's avatar
frekk committed
7

8
9
10
11
12
13
DEBUG = True

ADMINS = (
    ('UCC Committee', '[email protected]'),
)

14
### Database connection options ###
15
16
DATABASES = {
    'default': {
17
        'ENGINE': '${DB_ENGINE}',     # Add 'postgresql', 'mysql', 'sqlite3' or 'oracle'.
frekk's avatar
frekk committed
18
        # this should end up in uccportal/.db/members.db
19
20
21
22
        'NAME': '${DB_NAME}',   # Or path to database file if using sqlite3.
        'USER': '${DB_USER}',                                 # Not used with sqlite3.
        'PASSWORD': '${DB_SECRET}',                             # Not used with sqlite3.
        'HOST': '${DB_HOST}',                                 # Set to empty string for localhost. Not used with sqlite3.
23
        'PORT': '',                                 # Set to empty string for default. Not used with sqlite3.
frekk's avatar
frekk committed
24
25
26
27
28
    },
    'memberdb_old': {
        'ENGINE': 'django.db.backends.postgresql',
        'NAME': 'uccmemberdb_2018',
        'USER': 'uccmemberdb',
29
        'PASSWORD': '${OLDDB_SECRET}',
frekk's avatar
frekk committed
30
31
        'HOST': 'mussel.ucc.gu.uwa.edu.au',
        'PORT': '',
32
33
34
35
    }
}

# Make this unique, and don't share it with anybody.
36
SECRET_KEY = '${SECRET_KEY}'
37

38
# Set this to whatever your ServerName/ServerAlias(es) are
39
40
ALLOWED_HOSTS = []

41
42
43
LOG_LEVEL = 'DEBUG'
LOG_FILENAME = os.path.join(ROOT_DIR, "django.log")

44
45
46
import ldap
from django_auth_ldap.config import LDAPSearch, ActiveDirectoryGroupType, LDAPGroupQuery

Zack Wong's avatar
Zack Wong committed
47
# LDAP admin settings
48
LDAP_BASE_DN = 'DC=ad,DC=ucc,DC=gu,DC=uwa,DC=edu,DC=au'
Zack Wong's avatar
Zack Wong committed
49
LDAP_USER_SEARCH_DN = 'CN=Users,DC=ad,DC=ucc,DC=gu,DC=uwa,DC=edu,DC=au'
50
LDAP_BIND_DN = 'CN=uccportal,CN=Users,DC=ad,DC=ucc,DC=gu,DC=uwa,DC=edu,DC=au'
Zack Wong's avatar
Zack Wong committed
51
52
LDAP_BIND_SECRET = ""

frekk's avatar
frekk committed
53
54
# this could be ad.ucc.gu.uwa.edu.au but that doesn't resolve externally -
# useful for testing, but should be changed in production so failover works
55
AUTH_LDAP_SERVER_URI = 'ldaps://ad.ucc.gu.uwa.edu.au/'
56

frekk's avatar
frekk committed
57
# This is also a bad idea, should be changed in production
58
59
60
61
62
63
AUTH_LDAP_GLOBAL_OPTIONS = {
    ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER,
}

# directly attempt to authenticate users to bind to LDAP
AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = True
64
65
66
67
AUTH_LDAP_ALWAYS_UPDATE_USER = True
AUTH_LDAP_MIRROR_GROUPS = False
AUTH_LDAP_GROUP_TYPE = ActiveDirectoryGroupType()
AUTH_LDAP_FIND_GROUP_PERMS = False
68

69
AUTH_LDAP_USER_DN_TEMPLATE = 'CN=%(user)s,CN=Users,DC=ad,DC=ucc,DC=gu,DC=uwa,DC=edu,DC=au'
70
71
72
73
74

AUTH_LDAP_GROUP_SEARCH = LDAPSearch("OU=Groups,DC=ad,DC=ucc,DC=gu,DC=uwa,DC=edu,DC=au",
    ldap.SCOPE_SUBTREE, "(objectClass=group)")

# Populate the Django user from the LDAP directory.
frekk's avatar
frekk committed
75
# note: somehow the LDAP/AD users don't have firstName/sn, rather the full name is in name or displayName
76
AUTH_LDAP_USER_ATTR_MAP = {
77
78
    "first_name": "givenName",
    "last_name": "sn",
79
    "email": "email",
80
81
}

82
83
84
ADMIN_ACCESS_QUERY = \
        LDAPGroupQuery("CN=committee,OU=Groups,DC=ad,DC=ucc,DC=gu,DC=uwa,DC=edu,DC=au") | \
        LDAPGroupQuery("CN=door,OU=Groups,DC=ad,DC=ucc,DC=gu,DC=uwa,DC=edu,DC=au") | \
frekk's avatar
frekk committed
85
        LDAPGroupQuery("CN=wheel,OU=Groups,DC=ad,DC=ucc,DC=gu,DC=uwa,DC=edu,DC=au")
86

87
88
89
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
    # staff can login to the admin site
    "is_staff": ADMIN_ACCESS_QUERY,
90

91
92
    # superusers have all permissions (but also need staff to login to admin site)
    "is_superuser": ADMIN_ACCESS_QUERY,
frekk's avatar
frekk committed
93
94
95
}

# the Square app and location data (set to sandbox unless you want it to charge people)
96
97
98
SQUARE_APP_ID = '${SQUARE_APP_ID}'
SQUARE_LOCATION = '${SQUARE_LOCATION}'
SQUARE_ACCESS_TOKEN = '${SQUARE_SECRET}'
99
100
101
102
103
104
105
106

DISPENSE_BIN = '/usr/local/bin/dispense'

# configure the email backend (see https://docs.djangoproject.com/en/2.1/topics/email/)
EMAIL_HOST = "secure.ucc.asn.au"
EMAIL_PORT = 465
EMAIL_USE_SSL = True
EMAIL_HOST_USER = "uccportal"
107
EMAIL_HOST_PASSWORD = "${EMAIL_SECRET}"