cleaned up settings, hopefully reducing chance of putting sensitive info into git

c09d5356 · frekk · 5ab7776f · c09d5356 · 5ab7776f · c09d5356
Commit c09d5356 authored Dec 09, 2018 by frekk
--- a/.gitignore
+++ b/.gitignore
-# autogenerated static files
 gms/static
+**settings_local.py

 # VS Code metadata
 .vscode

--- a/gms/gms/__init__.py
+++ b/gms/gms/__init__.py
--- a/gms/gms/settings.py
+++ b/gms/gms/settings.py
@@ -62,39 +62,15 @@ USE_TZ = True
 # Static files (CSS, JavaScript, Images)
 # https://docs.djangoproject.com/en/1.7/howto/static-files/

-STATIC_URL = '/members/media/'
-STATIC_ROOT = '/services/gms/static'
+STATIC_URL = '/media/'
+STATIC_ROOT = os.path.join(BASE_DIR, 'static')

 AUTHENTICATION_BACKENDS = [
    'django_auth_ldap.backend.LDAPBackend',
    'django.contrib.auth.backends.ModelBackend',
 ]

-import ldap
-from django_auth_ldap.config import LDAPSearch, PosixGroupType
-
-AUTH_LDAP_SERVER_URI = 'ldaps://mussel.ucc.gu.uwa.edu.au/'
-AUTH_LDAP_USER_DN_TEMPLATE = 'uid=%(user)s,ou=People,dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au'
-
-AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=group,dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au",
-    ldap.SCOPE_SUBTREE, "(objectClass=posixGroup)")
-AUTH_LDAP_GROUP_TYPE = PosixGroupType(name_attr='cn')
-
-# Populate the Django user from the LDAP directory.
-AUTH_LDAP_USER_ATTR_MAP = {
-    "first_name": "givenName",
-    "last_name": "sn",
-    "email": "mail"
-}
-
-AUTH_LDAP_USER_FLAGS_BY_GROUP = {
-    "is_staff": "cn=committee,ou=group,dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au",
-    "is_superuser": "cn=committee,ou=group,dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au",
-}
-
-AUTH_LDAP_ALWAYS_UPDATE_USER = False
-
-AUTH_LDAP_MIRROR_GROUPS = True
+# see settings_local.py for LDAP settings

 TEMPLATES = [
    {
@@ -111,3 +87,53 @@ TEMPLATES = [
        },
    },
 ]
+
+from django.contrib.messages import constants as message_constants
+MESSAGE_LEVEL = message_constants.DEBUG
+
+import logging
+LOGGING = {
+    'version': 1,
+    'disable_existing_loggers': True,
+    'formatters': {
+        'standard': {
+            'format' : "[%(asctime)s] %(levelname)s [%(name)s:%(lineno)s] %(message)s",
+            'datefmt' : "%d/%b/%Y %H:%M:%S"
+        },
+    },
+    'handlers': {
+        # 'logfile': {
+        #     'level':'DEBUG',
+        #     'class':'logging.handlers.RotatingFileHandler',
+        #     'filename': SITE_ROOT + "/logfile",
+        #     'maxBytes': 50000,
+        #     'backupCount': 2,
+        #     'formatter': 'standard',
+        # },
+        'console':{
+            'level':'INFO',
+            'class':'logging.StreamHandler',
+            'formatter': 'standard'
+        },
+    },
+    'loggers': {
+        'django': {
+            'handlers':['console'],
+            'propagate': True,
+            'level':'DEBUG',
+        },
+        'django.db.backends': {
+            'handlers': ['console'],
+            'level': 'DEBUG',
+            'propagate': False,
+        },
+        'django.contrib.auth': {
+            'handlers': ['console'],
+            'level': 'DEBUG',
+        },
+        'django_auth_ldap': {
+            'level': 'DEBUG',
+            'handlers': ['console'],
+        },
+    },
+}
\ No newline at end of file
--- a/gms/gms/settings_local.example.py
+++ b/gms/gms/settings_local.example.py
+# Django settings for uccmemberdb project.
+
+DEBUG = True
+
+ADMINS = (
+    ('UCC Committee', '[email protected]'),
+)
+
+DATABASES = {
+    'default': {
+        'ENGINE': 'django.db.backends.sqlite3',     # Add 'postgresql_psycopg2', 'mysql', 'sqlite3' or 'oracle'.
+        'NAME': 'member.db',                        # Or path to database file if using sqlite3.
+        'USER': '',                                 # Not used with sqlite3.
+        'PASSWORD': '',                             # Not used with sqlite3.
+        'HOST': '',                                 # Set to empty string for localhost. Not used with sqlite3.
+        'PORT': '',                                 # Set to empty string for default. Not used with sqlite3.
+    }
+}
+
+# Make this unique, and don't share it with anybody.
+SECRET_KEY = 'something-unique-here'
+
+ALLOWED_HOSTS = []
+
+import ldap
+from django_auth_ldap.config import LDAPSearch, ActiveDirectoryGroupType, LDAPGroupQuery
+
+AUTH_LDAP_SERVER_URI = 'ldaps://samson.ucc.gu.uwa.edu.au/'
+
+AUTH_LDAP_GLOBAL_OPTIONS = {
+    ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER,
+}
+
+# directly attempt to authenticate users to bind to LDAP
+AUTH_LDAP_USER_DN_TEMPLATE = 'CN=%(user)s,CN=Users,DC=ad,DC=ucc,DC=gu,DC=uwa,DC=edu,DC=au'
+AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = True
+
+AUTH_LDAP_FIND_GROUP_PERMS = True
+
+AUTH_LDAP_USER_SEARCH = LDAPSearch("CN=Users,DC=ad,DC=ucc,DC=gu,DC=uwa,DC=edu,DC=au",
+    ldap.SCOPE_SUBTREE, "(objectClass=user)")
+
+AUTH_LDAP_GROUP_SEARCH = LDAPSearch("OU=Groups,DC=ad,DC=ucc,DC=gu,DC=uwa,DC=edu,DC=au",
+    ldap.SCOPE_SUBTREE, "(objectClass=group)")
+AUTH_LDAP_GROUP_TYPE = ActiveDirectoryGroupType()
+
+# Populate the Django user from the LDAP directory.
+AUTH_LDAP_USER_ATTR_MAP = {
+    "first_name": "displayName",
+    "last_name": "name"
+}
+
+AUTH_LDAP_USER_FLAGS_BY_GROUP = {
+    "is_staff": (
+        LDAPGroupQuery("CN=committee,OU=Groups,DC=ad,DC=ucc,DC=gu,DC=uwa,DC=edu,DC=au") |
+        LDAPGroupQuery("CN=door,OU=Groups,DC=ad,DC=ucc,DC=gu,DC=uwa,DC=edu,DC=au")
+    ),
+    "is_superuser": "CN=committee,OU=Groups,DC=ad,DC=ucc,DC=gu,DC=uwa,DC=edu,DC=au",
+}
+
+AUTH_LDAP_ALWAYS_UPDATE_USER = True
+
+AUTH_LDAP_MIRROR_GROUPS = False
--- a/gms/gms/settings_local.py
+++ b/gms/gms/settings_local.py
-# Django settings for uccmemberdb project.
-
-DEBUG = True
-
-ADMINS = (
-    ('UCC Committee', '[email protected]'),
-    ('David Adam', '[email protected]'),
-    ('Felix von Perger', '[email protected]'),
-)
-
-DATABASES = {
-    'default': {
-        'ENGINE': 'django.db.backends.sqlite3', # Add 'postgresql_psycopg2', 'mysql', 'sqlite3' or 'oracle'.
-        'NAME': '/home/frekk/Documents/projects/usermgmt-ucc/uccportal/.db/members.db',                      # Or path to database file if using sqlite3.
-        'USER': '',                      # Not used with sqlite3.
-        'PASSWORD': '',                  # Not used with sqlite3.
-        'HOST': '',                      # Set to empty string for localhost. Not used with sqlite3.
-        'PORT': '',                      # Set to empty string for default. Not used with sqlite3.
-    }
-}
-
-# Make this unique, and don't share it with anybody.
-SECRET_KEY = 'oB8fVqxJPfeL0MomVCwExU13H3ajZd9vWFgCpL5RMuhR4JOqSXemYasppIdimhLk'
-
-ALLOWED_HOSTS = []
--- a/gms/gms/urls.py
+++ b/gms/gms/urls.py
-from django.urls import path
+from django.urls import path, include
 from django.contrib import admin

 admin.site.site_header = "Gumby Management System"
@@ -6,5 +6,6 @@ admin.site.site_title = "UCC Gumby Management System"
 admin.site.index_title = "Membership Database"

 urlpatterns = [
-    path('', admin.site.urls),
+    path('', include('memberdb.urls')),
+    path('admin/', admin.site.urls),
 ]