Merge branch 'master' into frekk-testing
.gitlab-ci.yml
0 → 100644
src/gms/__init__.py
0 → 100644
... | ... | @@ -7,36 +7,38 @@ ROOT_DIR = os.path.dirname(BASE_DIR) |
DEBUG = True | ||
ENV = '${SHORT_ENV_NAME}' | ||
ADMINS = ( | ||
('UCC Committee', '[email protected]'), | ||
('UCC Committee', '[email protected]'), | ||
) | ||
### Database connection options ### | ||
DATABASES = { | ||
'default': { | ||
'ENGINE': 'django.db.backends.sqlite3', # Add 'postgresql', 'mysql', 'sqlite3' or 'oracle'. | ||
# this should end up in uccportal/.db/members.db | ||
'NAME': os.path.join(ROOT_DIR, '.db', 'members.db'), # Or path to database file if using sqlite3. | ||
'USER': '', # Not used with sqlite3. | ||
'PASSWORD': '', # Not used with sqlite3. | ||
'HOST': '', # Set to empty string for localhost. Not used with sqlite3. | ||
'PORT': '', # Set to empty string for default. Not used with sqlite3. | ||
}, | ||
'memberdb_old': { | ||
'ENGINE': 'django.db.backends.postgresql', | ||
'NAME': 'uccmemberdb_2018', | ||
'USER': 'uccmemberdb', | ||
'PASSWORD': 'something-secret-here', | ||
'HOST': 'mussel.ucc.gu.uwa.edu.au', | ||
'PORT': '', | ||
} | ||
'default': { | ||
'ENGINE': '${DB_ENGINE}', # Add 'postgresql', 'mysql', 'sqlite3' or 'oracle'. | ||
# this should end up in uccportal/.db/members.db | ||
'NAME': '${DB_NAME}', # Or path to database file if using sqlite3. | ||
'USER': '${DB_USER}', # Not used with sqlite3. | ||
'PASSWORD': '${DB_SECRET}', # Not used with sqlite3. | ||
'HOST': '${DB_HOST}', # Set to empty string for localhost. Not used with sqlite3. | ||
'PORT': '', # Set to empty string for default. Not used with sqlite3. | ||
}, | ||
'memberdb_old': { | ||
'ENGINE': 'django.db.backends.postgresql', | ||
'NAME': 'uccmemberdb_2018', | ||
'USER': 'uccmemberdb', | ||
'PASSWORD': '${OLDDB_SECRET}', | ||
'HOST': 'mussel.ucc.gu.uwa.edu.au', | ||
'PORT': '', | ||
} | ||
} | ||
# Make this unique, and don't share it with anybody. | ||
SECRET_KEY = 'something-unique-here' | ||
SECRET_KEY = '${APP_SECRET}' | ||
# Set this to whatever your ServerName/ServerAlias(es) are | ||
ALLOWED_HOSTS = [] | ||
ALLOWED_HOSTS = ['${DEPLOY_HOST}'] | ||
LOG_LEVEL = 'DEBUG' | ||
LOG_FILENAME = os.path.join(ROOT_DIR, "django.log") | ||
... | ... | @@ -44,13 +46,19 @@ LOG_FILENAME = os.path.join(ROOT_DIR, "django.log") |
import ldap | ||
from django_auth_ldap.config import LDAPSearch, ActiveDirectoryGroupType, LDAPGroupQuery | ||
# LDAP admin settings | ||
LDAP_BASE_DN = 'DC=ad,DC=ucc,DC=gu,DC=uwa,DC=edu,DC=au' | ||
LDAP_USER_SEARCH_DN = 'CN=Users,DC=ad,DC=ucc,DC=gu,DC=uwa,DC=edu,DC=au' | ||
LDAP_BIND_DN = 'CN=uccportal,CN=Users,DC=ad,DC=ucc,DC=gu,DC=uwa,DC=edu,DC=au' | ||
LDAP_BIND_SECRET = "${LDAP_SECRET}" | ||
# this could be ad.ucc.gu.uwa.edu.au but that doesn't resolve externally - | ||
# useful for testing, but should be changed in production so failover works | ||
AUTH_LDAP_SERVER_URI = 'ldaps://samson.ucc.gu.uwa.edu.au/' | ||
AUTH_LDAP_SERVER_URI = 'ldaps://ad.ucc.gu.uwa.edu.au' | ||
# This is also a bad idea, should be changed in production | ||
AUTH_LDAP_GLOBAL_OPTIONS = { | ||
ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER, | ||
ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER, | ||
} | ||
# directly attempt to authenticate users to bind to LDAP | ||
... | ... | @@ -63,33 +71,33 @@ AUTH_LDAP_FIND_GROUP_PERMS = False |
AUTH_LDAP_USER_DN_TEMPLATE = 'CN=%(user)s,CN=Users,DC=ad,DC=ucc,DC=gu,DC=uwa,DC=edu,DC=au' | ||
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("OU=Groups,DC=ad,DC=ucc,DC=gu,DC=uwa,DC=edu,DC=au", | ||
ldap.SCOPE_SUBTREE, "(objectClass=group)") | ||
ldap.SCOPE_SUBTREE, "(objectClass=group)") | ||
# Populate the Django user from the LDAP directory. | ||
# note: somehow the LDAP/AD users don't have firstName/sn, rather the full name is in name or displayName | ||
AUTH_LDAP_USER_ATTR_MAP = { | ||
"first_name": "givenName", | ||
"last_name": "sn", | ||
"email": "email", | ||
"first_name": "givenName", | ||
"last_name": "sn", | ||
"email": "email", | ||
} | ||
ADMIN_ACCESS_QUERY = \ | ||
LDAPGroupQuery("CN=committee,OU=Groups,DC=ad,DC=ucc,DC=gu,DC=uwa,DC=edu,DC=au") | \ | ||
LDAPGroupQuery("CN=door,OU=Groups,DC=ad,DC=ucc,DC=gu,DC=uwa,DC=edu,DC=au") | \ | ||
LDAPGroupQuery("CN=wheel,OU=Groups,DC=ad,DC=ucc,DC=gu,DC=uwa,DC=edu,DC=au") | ||
LDAPGroupQuery("CN=committee,OU=Groups,DC=ad,DC=ucc,DC=gu,DC=uwa,DC=edu,DC=au") | \ | ||
LDAPGroupQuery("CN=door,OU=Groups,DC=ad,DC=ucc,DC=gu,DC=uwa,DC=edu,DC=au") | \ | ||
LDAPGroupQuery("CN=wheel,OU=Groups,DC=ad,DC=ucc,DC=gu,DC=uwa,DC=edu,DC=au") | ||
AUTH_LDAP_USER_FLAGS_BY_GROUP = { | ||
# staff can login to the admin site | ||
"is_staff": ADMIN_ACCESS_QUERY, | ||
# staff can login to the admin site | ||
"is_staff": ADMIN_ACCESS_QUERY, | ||
# superusers have all permissions (but also need staff to login to admin site) | ||
"is_superuser": ADMIN_ACCESS_QUERY, | ||
# superusers have all permissions (but also need staff to login to admin site) | ||
"is_superuser": ADMIN_ACCESS_QUERY, | ||
} | ||
# the Square app and location data (set to sandbox unless you want it to charge people) | ||
SQUARE_APP_ID = 'maybe-sandbox-something-something-here' | ||
SQUARE_LOCATION = 'CBASEDE-this-is-probably-somewhere-in-Sydney' | ||
SQUARE_ACCESS_TOKEN = 'keep-this-very-secret' | ||
SQUARE_APP_ID = '${SQUARE_APP_ID}' | ||
SQUARE_LOCATION = '${SQUARE_LOCATION}' | ||
SQUARE_ACCESS_TOKEN = '${SQUARE_SECRET}' | ||
DISPENSE_BIN = '/usr/local/bin/dispense' | ||
... | ... | @@ -98,4 +106,4 @@ EMAIL_HOST = "secure.ucc.asn.au" |
EMAIL_PORT = 465 | ||
EMAIL_USE_SSL = True | ||
EMAIL_HOST_USER = "uccportal" | ||
EMAIL_HOST_PASSWORD = "changeme" | ||
EMAIL_HOST_PASSWORD = "${EMAIL_SECRET}" |
src/gms/wsgi.py
deleted
120000 → 0
src/gms/wsgi.py
0 → 100644
src/memberdb/account.py
0 → 100644