Commit fa667c0c authored by Administrator's avatar Administrator
Browse files

Add default settings.py file

parent 9b02d616
# -*- coding: utf-8 -*-
# a massive hack to see if we're testing, in which case we use different settings
import sys
import ldap
import json
import os
from django.utils.translation import ugettext_lazy as _
from django_auth_ldap.config import LDAPSearch, GroupOfNamesType
TESTING = 'test' in sys.argv
# IFMA - Daniel Lima
import environ
env = environ.Env()
environ.Env.read_env()
# IFMA Fim
# go through environment variables and override them
def get_from_env(var, default):
if not TESTING and os.environ.has_key(var):
return os.environ[var]
else:
return default
DEBUG = (get_from_env('DEBUG', '1') == '1')
ROOT_URLCONF = 'urls'
ROOT_PATH = os.path.dirname(__file__)
#If the Host header (or X-Forwarded-Host if USE_X_FORWARDED_HOST is enabled) does not match any value in this list, the django.http.HttpRequest.get_host() method will raise SuspiciousOperation.
#When DEBUG is True or when running tests, host validation is disabled; any host will be accepted. Thus it’s usually only necessary to set it in production.
#This validation only applies via get_host(); if your code accesses the Host header directly from request.META you are bypassing this security protection.
#More info: https://docs.djangoproject.com/en/1.7/ref/settings/#allowed-hosts
# set a value for production environment, alongside with debug set to false
ALLOWED_HOSTS = get_from_env('ALLOWED_HOSTS', 'localhost').split(",")
# Make this unique, and don't share it with anybody.
SECRET_KEY = get_from_env('SECRET_KEY', 'replaceme')
ROOT_URLCONF = 'urls'
ROOT_PATH = os.path.dirname(__file__)
# add admins of the form:
# ('Ben Adida', 'ben@adida.net'),
# if you want to be emailed about errors.
ADMINS = (
('Helios', 'suporte.eleicoes@ifce.edu.br'),
)
MANAGERS = ADMINS
# is this the master Helios web site?
MASTER_HELIOS = (get_from_env('MASTER_HELIOS', '0') == '1')
# show ability to log in? (for example, if the site is mostly used by voters)
# if turned off, the admin will need to know to go to /auth/login manually
SHOW_LOGIN_OPTIONS = (get_from_env('SHOW_LOGIN_OPTIONS', '1') == '1')
# sometimes, when the site is not that social, it's not helpful
# to display who created the election
SHOW_USER_INFO = (get_from_env('SHOW_USER_INFO', '1') == '1')
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.postgresql_psycopg2',
'NAME': get_from_env('DB_NAME', 'helios'),
'USER': get_from_env('DB_USER', 'postgres'),
'PASSWORD': get_from_env('DB_PWD', 'helios'),
'HOST': get_from_env('POSTGRES_HOST', '127.0.0.1'),
'PORT': get_from_env('POSTGRES_PORT', '5432'),
'CONN_MAX_AGE': int(get_from_env('DB_CONN_MAX_AGE', '600'))
}
}
# override if we have an env variable
if get_from_env('DATABASE_URL', None):
import dj_database_url
DATABASES['default'] = dj_database_url.config()
DATABASES['default']['ENGINE'] = 'django.db.backends.postgresql_psycopg2'
DATABASES['default']['CONN_MAX_AGE'] = '600'
# require SSL
DATABASES['default']['OPTIONS'] = {'sslmode': 'require'}
# Local time zone for this installation. Choices can be found here:
# http://en.wikipedia.org/wiki/List_of_tz_zones_by_name
# although not all choices may be available on all operating systems.
# If running in a Windows environment this must be set to the same as your
# system time zone.
TIME_ZONE = 'America/Fortaleza'
LANGUAGE_CODE = 'pt-br'
SITE_ID = 1
USE_I18N = True
USE_TZ = True
LANGUAGES = (
('pt-br', _('Brazilian Portuguese')),
('en', _('English')),
)
LOCALE_PATHS = (
ROOT_PATH + '/locale',
)
# Absolute path to the directory that holds media.
# Example: "/home/media/media.lawrence.com/"
MEDIA_ROOT = ROOT_PATH + '/media'
# URL that handles the media served from MEDIA_ROOT. Make sure to use a
# trailing slash if there is a path component (optional in other cases).
# Examples: "http://media.lawrence.com", "http://example.com/media/"
MEDIA_URL = '/uploads/'
# URL prefix for admin media -- CSS, JavaScript and images. Make sure to use a
# trailing slash.
# Examples: "http://foo.com/media/", "/media/".
STATIC_URL = '/media/'
STATIC_ROOT = ROOT_PATH + '/sitestatic'
STATICFILES_DIRS = (
ROOT_PATH + '/heliosbooth',
ROOT_PATH + '/heliosverifier',
ROOT_PATH + '/helios_auth/media',
ROOT_PATH + '/helios/media',
ROOT_PATH + '/server_ui/media',
ROOT_PATH + '/heliosinstitution/media/',
)
# If debug is set to false and ALLOWED_HOSTS is not declared, django raises "CommandError: You must set settings.ALLOWED_HOSTS if DEBUG is False."
# If in production, you got a bad request (400) error
#More info: https://docs.djangoproject.com/en/1.7/ref/settings/#allowed-hosts (same for 1.6)
# Secure Stuff
if get_from_env('SSL', '0') == '1':
SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
# tuned for Heroku
SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
SESSION_COOKIE_HTTPONLY = True
# let's go with one year because that's the way to do it now
STS = False
if get_from_env('HSTS', '0') == '1':
STS = True
# we're using our own custom middleware now
# SECURE_HSTS_SECONDS = 31536000
# not doing subdomains for now cause that is not likely to be necessary and can screw things up.
# SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_BROWSER_XSS_FILTER = True
SECURE_CONTENT_TYPE_NOSNIFF = True
SILENCED_SYSTEM_CHECKS = ['urls.W002']
MIDDLEWARE = [
# secure a bunch of things
'django.middleware.security.SecurityMiddleware',
'helios.security.HSTSMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
# 'django.middleware.csrf.CsrfViewMiddleware',
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
]
TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'APP_DIRS': True,
'DIRS': [
ROOT_PATH,
os.path.join(ROOT_PATH, 'templates'),
# os.path.join(ROOT_PATH, 'helios/templates'), # covered by APP_DIRS:True
# os.path.join(ROOT_PATH, 'helios_auth/templates'), # covered by APP_DIRS:True
# os.path.join(ROOT_PATH, 'server_ui/templates'), # covered by APP_DIRS:True
],
'OPTIONS': {
'context_processors': [
'django.contrib.auth.context_processors.auth',
'django.template.context_processors.debug',
'django.template.context_processors.i18n',
'django.template.context_processors.media',
'django.template.context_processors.request',
'django.template.context_processors.tz',
'django.contrib.messages.context_processors.messages',
],
'debug': DEBUG
}
},
]
INSTALLED_APPS = (
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.messages',
'django.contrib.sessions',
'django.contrib.sites',
'django.contrib.staticfiles',
'django.contrib.admin',
# IFMA
'mailer',
## HELIOS stuff
'helios_auth',
'helios',
'server_ui',
'helioslog',
'heliosinstitution',
)
##
## HELIOS
##
# a relative path where voter upload files are stored
VOTER_UPLOAD_REL_PATH = "voters/%Y/%m/%d"
# Change your email settings
DEFAULT_FROM_EMAIL = get_from_env('DEFAULT_FROM_EMAIL', 'heliosvoting.pt@gmail.com')
DEFAULT_FROM_NAME = get_from_env('DEFAULT_FROM_NAME', 'Sistema de Votação Eletrônica')
SERVER_EMAIL = '%s <%s>' % (DEFAULT_FROM_NAME, DEFAULT_FROM_EMAIL)
LOGIN_URL = '/auth/'
LOGOUT_ON_CONFIRMATION = True
# The two hosts are here so the main site can be over plain HTTP
# while the voting URLs are served over SSL.
URL_HOST = get_from_env("URL_HOST", "http://localhost:8000").rstrip("/")
# IMPORTANT: you should not change this setting once you've created
# elections, as your elections' cast_url will then be incorrect.
# SECURE_URL_HOST = "https://localhost:8443"
SECURE_URL_HOST = get_from_env("SECURE_URL_HOST", URL_HOST).rstrip("/")
# election stuff
SITE_TITLE = get_from_env('SITE_TITLE', _('IFCE E-Voting System'))
MAIN_LOGO_URL = get_from_env('MAIN_LOGO_URL', '/static/logo.png')
ALLOW_ELECTION_INFO_URL = (get_from_env('ALLOW_ELECTION_INFO_URL', '0') == '1')
# FOOTER links
FOOTER_LINKS = json.loads(get_from_env('FOOTER_LINKS', '[]'))
FOOTER_LOGO_URL = get_from_env('FOOTER_LOGO_URL', None)
WELCOME_MESSAGE = get_from_env('WELCOME_MESSAGE', _('Welcome to IFCE E-Voting System'))
HELP_EMAIL_ADDRESS = get_from_env('HELP_EMAIL_ADDRESS', 'shirlei@gmail.com')
AUTH_TEMPLATE_BASE = "server_ui/templates/base.html"
HELIOS_TEMPLATE_BASE = "server_ui/templates/base.html"
AUTH_TEMPLATE_BASENONAV = "server_ui/templates/basenonav.html"
HELIOS_TEMPLATE_BASENONAV = "server_ui/templates/basenonav.html"
HELIOS_ADMIN_ONLY = False
HELIOS_VOTERS_UPLOAD = True
HELIOS_VOTERS_EMAIL = True
# are elections private by default?
HELIOS_PRIVATE_DEFAULT = True
# authentication systems enabled
# AUTH_ENABLED_AUTH_SYSTEMS = ['password','facebook','twitter', 'google', 'yahoo']
# AUTH_ENABLED_AUTH_SYSTEMS = get_from_env('AUTH_ENABLED_AUTH_SYSTEMS', 'shibboleth').split(",")
# AUTH_DEFAULT_AUTH_SYSTEM = get_from_env('AUTH_DEFAULT_AUTH_SYSTEM', 'shibboleth')
AUTH_ENABLED_AUTH_SYSTEMS = get_from_env('AUTH_ENABLED_AUTH_SYSTEMS', 'ldap').split(",")
AUTH_DEFAULT_AUTH_SYSTEM = get_from_env('AUTH_DEFAULT_AUTH_SYSTEM', 'ldap')
# google
GOOGLE_CLIENT_ID = get_from_env('GOOGLE_CLIENT_ID', '')
GOOGLE_CLIENT_SECRET = get_from_env('GOOGLE_CLIENT_SECRET', '')
# facebook
FACEBOOK_APP_ID = get_from_env('FACEBOOK_APP_ID', '')
FACEBOOK_API_KEY = get_from_env('FACEBOOK_API_KEY', '')
FACEBOOK_API_SECRET = get_from_env('FACEBOOK_API_SECRET', '')
# twitter
TWITTER_API_KEY = ''
TWITTER_API_SECRET = ''
TWITTER_USER_TO_FOLLOW = 'heliosvoting'
TWITTER_REASON_TO_FOLLOW = "we can direct-message you when the result has been computed in an election in which you participated"
# the token for Helios to do direct messaging
TWITTER_DM_TOKEN = {"oauth_token": "", "oauth_token_secret": "", "user_id": "", "screen_name": ""}
# LinkedIn
LINKEDIN_API_KEY = ''
LINKEDIN_API_SECRET = ''
# CAS (for universities)
CAS_USERNAME = get_from_env('CAS_USERNAME', "")
CAS_PASSWORD = get_from_env('CAS_PASSWORD', "")
CAS_ELIGIBILITY_URL = get_from_env('CAS_ELIGIBILITY_URL', "")
CAS_ELIGIBILITY_REALM = get_from_env('CAS_ELIGIBILITY_REALM', "")
# Clever
CLEVER_CLIENT_ID = get_from_env('CLEVER_CLIENT_ID', "")
CLEVER_CLIENT_SECRET = get_from_env('CLEVER_CLIENT_SECRET', "")
# email server
EMAIL_HOST = get_from_env('EMAIL_HOST', 'localhost')
EMAIL_PORT = int(get_from_env('EMAIL_PORT', "2525"))
EMAIL_HOST_USER = get_from_env('EMAIL_HOST_USER', '')
EMAIL_HOST_PASSWORD = get_from_env('EMAIL_HOST_PASSWORD', '')
EMAIL_USE_TLS = (get_from_env('EMAIL_USE_TLS', '0') == '1')
if DEBUG:
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
# IFMA - Daniel Lima - Lib para disparo de emails por varias contas
# django-mailer
MAILER_EMAIL_ACCOUNT_LIST = []
MAILER_NUM_ACCOUNTS = int(get_from_env('MAILER_NUM_ACCOUNTS', 1))
if MAILER_NUM_ACCOUNTS > 0:
for mail_number in range(1, MAILER_NUM_ACCOUNTS+1):
MAILER_EMAIL_ACCOUNT_LIST.append({
'EMAIL_HOST': env.str('EMAIL_HOST_{}'.format(mail_number), ''),
'EMAIL_PORT': env.int('EMAIL_PORT_{}'.format(mail_number), ''),
'EMAIL_HOST_USER': env.str('EMAIL_HOST_USER_{}'.format(mail_number), ''),
'EMAIL_HOST_PASSWORD': env.str('EMAIL_HOST_PASSWORD_{}'.format(mail_number), ''),
'EMAIL_USE_TLS': env.bool('EMAIL_USE_TLS_{}'.format(mail_number), ''),
})
MAILER_DAILY_SENDING_LIMIT_PER_ACCOUNT = int(get_from_env('MAILER_DAILY_SENDING_LIMIT_PER_ACCOUNT', 100))
MAILER_DAYS_PURGE_MAIL_LOG = int(get_from_env('MAILER_DAYS_PURGE_MAIL_LOG', 7))
MAILER_MINUTS_TO_RETRY_DEFERRED = int(get_from_env('MAILER_MINUTS_TO_RETRY_DEFERRED', 30))
MAILER_MINUTS_TO_SEND_MAIL = int(get_from_env('MAILER_MINUTS_TO_SEND_MAIL', 5))
EMAIL_BACKEND = 'mailer.backend.DbBackend'
if DEBUG:
MAILER_EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
# IFMA Fim
# to use AWS Simple Email Service
# in which case environment should contain
# AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
if get_from_env('EMAIL_USE_AWS', '0') == '1':
EMAIL_BACKEND = 'django_ses.SESBackend'
# set up logging
import logging
logging.basicConfig(
level=logging.INFO,
format='%(asctime)s %(levelname)s %(message)s'
)
# set up celery
CELERY_BROKER_URL = get_from_env('CELERY_BROKER_URL', 'amqp://localhost')
if TESTING:
CELERY_TASK_ALWAYS_EAGER = True
# IFMA - Daniel Lima - Uso do celery para debug
# if DEBUG:
# from celery import current_app
# current_app.conf.CELERY_ALWAYS_EAGER = True
# current_app.conf.CELERY_EAGER_PROPAGATES_EXCEPTIONS = True
# IFMA Fim
# see configuration example at https://pythonhosted.org/django-auth-ldap/example.html
AUTH_LDAP_SERVER_URI = get_from_env('LDAP_SERVER_URI', '') # replace by your Ldap URI
AUTH_LDAP_BIND_DN = get_from_env('LDAP_BIND_DN', '')
AUTH_LDAP_BIND_PASSWORD = get_from_env('LDAP_BIND_PASSWORD', '')
AUTH_LDAP_USER_SEARCH = LDAPSearch(get_from_env('LDAP_USER_SEARCH', ''), ldap.SCOPE_SUBTREE, "sAMAccountName=%(user)s")
AUTH_LDAP_USER_ATTR_MAP = {
"username": "sAMAccountName",
"first_name": "givenName",
"last_name": "sn",
"email": "mail",
}
AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = True
AUTH_LDAP_ALWAYS_UPDATE_USER = False
AUTH_BIND_USERID_TO_VOTERID = ['ldap']
# Shibboleth auth settings
SHIBBOLETH_ATTRIBUTE_MAP = {
#"Shibboleth-givenName": (True, "first_name"),
"Shib-inetOrgPerson-cn": (True, "common_name"),
"Shib-inetOrgPerson-sn": (True, "last_name"),
"Shib-inetOrgPerson-mail": (True, "email"),
"Shib-eduPerson-eduPersonPrincipalName": (True, "eppn"),
"Shib-brEduPerson-brEduAffiliationType": (True, "affiliation"),
"Shib-Identity-Provider": (True, "identity_provider"),
}
FEDERATION_NAME = "CAFe Expresso"
# To use some manager-specific attributes, like idp address
USE_ELECTION_MANAGER_ATTRIBUTES = True
ELECTION_MANAGER_ATTRIBUTES = ['Provider']
INSTITUTION_ROLE = ['Institution Admin', 'Election Admin']
ATTRIBUTES_AUTOMATICALLY_CHECKED = ['brExitDate']
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
USE_EMBEDDED_DS = False
# end shibboleth auth settings
# Rollbar Error Logging
ROLLBAR_ACCESS_TOKEN = get_from_env('ROLLBAR_ACCESS_TOKEN', None)
if ROLLBAR_ACCESS_TOKEN:
print "setting up rollbar"
MIDDLEWARE += ['rollbar.contrib.django.middleware.RollbarNotifierMiddleware',]
ROLLBAR = {
'access_token': ROLLBAR_ACCESS_TOKEN,
'environment': 'development' if DEBUG else 'production',
}
FEATURE_ELECTION = False
LOGGING = {
'version': 1,
'disable_existing_loggers': False,
'handlers': {
'null': {
'class': 'logging.NullHandler',
}
},
'loggers': {
'django.security.DisallowedHost': {
'handlers' : ['null'],
'propagate': False,
}
}
}
# set up sentry
if get_from_env('SENTRY', '0') == '1':
import raven
RAVEN_CONFIG = {
'dsn': str(os.environ.get('SENTRY_URL')),
# If you are using git, you can also automatically configure the
# release based on the git info.
'release': get_from_env('APP_VERSAO', '1.0'), # //raven.fetch_git_sha(PROJECT_PATH),
'auth_token': str(os.environ.get('SENTRY_TOKEN')), # new on https://sentrylocal/api/
'organization': get_from_env('SENTRY_ORG', 'helios.org'),
'project': get_from_env('SENTRY_APP', 'helios'),
}
if DEBUG:
RAVEN_CONFIG.update({'environment': 'devel'})
else:
RAVEN_CONFIG.update({'environment': 'production'})
MIDDLEWARE += ['raven.contrib.django.raven_compat.middleware.SentryResponseErrorIdMiddleware',]
INSTALLED_APPS += ('raven.contrib.django.raven_compat',)
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment