|
1
|
# Django settings for sp project.
|
|
2
|
|
|
3
|
import os
|
|
4
|
import pfconfigxml
|
|
5
|
from django.conf import global_settings
|
|
6
|
|
|
7
|
PROJECT_PATH = os.path.dirname(os.path.dirname(__file__))
|
|
8
|
|
|
9
|
DEBUG = os.environ.get('DEBUG') == 'yes'
|
|
10
|
TEMPLATE_DEBUG = DEBUG
|
|
11
|
|
|
12
|
# fastcgi (see http://docs.djangoproject.com/en/dev/howto/deployment/fastcgi/)
|
|
13
|
FORCE_SCRIPT_NAME=''
|
|
14
|
|
|
15
|
ADMINS = ()
|
|
16
|
MANAGERS = ADMINS
|
|
17
|
|
|
18
|
DATABASES = {
|
|
19
|
'default': {
|
|
20
|
'ENGINE': 'django.db.backends.sqlite3',
|
|
21
|
'NAME': '/var/db/univnautes-sp.sqlite3',
|
|
22
|
}
|
|
23
|
}
|
|
24
|
|
|
25
|
# Hosts/domain names that are valid for this site; required if DEBUG is False
|
|
26
|
# See https://docs.djangoproject.com/en/1.5/ref/settings/#allowed-hosts
|
|
27
|
ALLOWED_HOSTS = ['*']
|
|
28
|
|
|
29
|
# Local time zone for this installation. Choices can be found here:
|
|
30
|
# http://en.wikipedia.org/wiki/List_of_tz_zones_by_name
|
|
31
|
# although not all choices may be available on all operating systems.
|
|
32
|
# In a Windows environment this must be set to your system time zone.
|
|
33
|
TIME_ZONE = 'Europe/Paris'
|
|
34
|
|
|
35
|
# Language code for this installation. All choices can be found here:
|
|
36
|
# http://www.i18nguy.com/unicode/language-identifiers.html
|
|
37
|
LANGUAGE_CODE = 'fr-fr'
|
|
38
|
|
|
39
|
SITE_ID = 1
|
|
40
|
|
|
41
|
# If you set this to False, Django will make some optimizations so as not
|
|
42
|
# to load the internationalization machinery.
|
|
43
|
USE_I18N = True
|
|
44
|
|
|
45
|
# If you set this to False, Django will not format dates, numbers and
|
|
46
|
# calendars according to the current locale.
|
|
47
|
USE_L10N = True
|
|
48
|
|
|
49
|
# If you set this to False, Django will not use timezone-aware datetimes.
|
|
50
|
USE_TZ = True
|
|
51
|
|
|
52
|
# Absolute filesystem path to the directory that will hold user-uploaded files.
|
|
53
|
# Example: "/var/www/example.com/media/"
|
|
54
|
MEDIA_ROOT = ''
|
|
55
|
|
|
56
|
# URL that handles the media served from MEDIA_ROOT. Make sure to use a
|
|
57
|
# trailing slash.
|
|
58
|
# Examples: "http://example.com/media/", "http://media.example.com/"
|
|
59
|
MEDIA_URL = ''
|
|
60
|
|
|
61
|
# Absolute path to the directory static files should be collected to.
|
|
62
|
# Don't put anything in this directory yourself; store your static files
|
|
63
|
# in apps' "static/" subdirectories and in STATICFILES_DIRS.
|
|
64
|
# Example: "/var/www/example.com/static/"
|
|
65
|
STATIC_ROOT = os.path.join(PROJECT_PATH, 'www', 'static')
|
|
66
|
|
|
67
|
# URL prefix for static files.
|
|
68
|
# Example: "http://example.com/static/", "http://static.example.com/"
|
|
69
|
STATIC_URL = '/static/'
|
|
70
|
|
|
71
|
# Additional locations of static files
|
|
72
|
STATICFILES_DIRS = (
|
|
73
|
# Put strings here, like "/home/html/static" or "C:/www/django/static".
|
|
74
|
# Always use forward slashes, even on Windows.
|
|
75
|
# Don't forget to use absolute paths, not relative paths.
|
|
76
|
)
|
|
77
|
|
|
78
|
# List of finder classes that know how to find static files in
|
|
79
|
# various locations.
|
|
80
|
STATICFILES_FINDERS = (
|
|
81
|
'django.contrib.staticfiles.finders.FileSystemFinder',
|
|
82
|
'django.contrib.staticfiles.finders.AppDirectoriesFinder',
|
|
83
|
)
|
|
84
|
|
|
85
|
# Make this unique, and don't share it with anybody.
|
|
86
|
SECRET_KEY_FILENAME='/usr/local/univnautes/sp/secret.key'
|
|
87
|
try:
|
|
88
|
with open(SECRET_KEY_FILENAME, 'rb') as sk:
|
|
89
|
SECRET_KEY = sk.read()
|
|
90
|
except IOError:
|
|
91
|
import random, string
|
|
92
|
SECRET_KEY = "".join([random.SystemRandom().choice(string.digits + string.letters + string.punctuation) for i in range(100)])
|
|
93
|
with open(SECRET_KEY_FILENAME, 'wb') as sk:
|
|
94
|
sk.write(SECRET_KEY)
|
|
95
|
|
|
96
|
# List of callables that know how to import templates from various sources.
|
|
97
|
TEMPLATE_LOADERS = (
|
|
98
|
'django.template.loaders.filesystem.Loader',
|
|
99
|
'django.template.loaders.app_directories.Loader',
|
|
100
|
)
|
|
101
|
|
|
102
|
MIDDLEWARE_CLASSES = (
|
|
103
|
'django.middleware.common.CommonMiddleware',
|
|
104
|
'django.contrib.sessions.middleware.SessionMiddleware',
|
|
105
|
'django.middleware.csrf.CsrfViewMiddleware',
|
|
106
|
'django.contrib.auth.middleware.AuthenticationMiddleware',
|
|
107
|
'django.contrib.messages.middleware.MessageMiddleware',
|
|
108
|
'django.middleware.clickjacking.XFrameOptionsMiddleware',
|
|
109
|
)
|
|
110
|
|
|
111
|
ROOT_URLCONF = 'sp.urls'
|
|
112
|
|
|
113
|
# Python dotted path to the WSGI application used by Django's runserver.
|
|
114
|
WSGI_APPLICATION = 'sp.wsgi.application'
|
|
115
|
|
|
116
|
TEMPLATE_DIRS = (
|
|
117
|
os.path.join(PROJECT_PATH, 'sp', 'templates'),
|
|
118
|
)
|
|
119
|
|
|
120
|
INSTALLED_APPS = (
|
|
121
|
'django.contrib.auth',
|
|
122
|
'django.contrib.contenttypes',
|
|
123
|
'django.contrib.sessions',
|
|
124
|
'django.contrib.sites',
|
|
125
|
'django.contrib.messages',
|
|
126
|
'django.contrib.staticfiles',
|
|
127
|
'authentic2.idp',
|
|
128
|
'authentic2.attribute_aggregator',
|
|
129
|
'authentic2.saml',
|
|
130
|
'authentic2.authsaml2',
|
|
131
|
'sp',
|
|
132
|
)
|
|
133
|
|
|
134
|
if DEBUG:
|
|
135
|
INSTALLED_APPS += ('django.contrib.admin',)
|
|
136
|
|
|
137
|
SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer'
|
|
138
|
# can't be 'django.contrib.sessions.serializers.JSONSerializer' with authentic2
|
|
139
|
|
|
140
|
SESSION_COOKIE_NAME = 'univnautes-sp-sessionid'
|
|
141
|
SESSION_ENGINE = 'django.contrib.sessions.backends.file'
|
|
142
|
SESSION_FILE_PATH = '/var/tmp/univnautes-sp-sessions'
|
|
143
|
try:
|
|
144
|
os.mkdir(SESSION_FILE_PATH)
|
|
145
|
except:
|
|
146
|
pass
|
|
147
|
|
|
148
|
MESSAGE_STORAGE = 'django.contrib.messages.storage.cookie.CookieStorage'
|
|
149
|
|
|
150
|
LOGIN_REDIRECT_URL = '/'
|
|
151
|
|
|
152
|
|
|
153
|
# logging configuration
|
|
154
|
# FIXME : syslog (freebsd -> /var/run/log) / local4 / debug
|
|
155
|
LOGGING = {
|
|
156
|
'version': 1,
|
|
157
|
'disable_existing_loggers': False,
|
|
158
|
'handlers': {
|
|
159
|
'tmpspfile': {
|
|
160
|
'level': 'DEBUG',
|
|
161
|
'class': 'logging.FileHandler',
|
|
162
|
'filename': '/tmp/sp.log'
|
|
163
|
},
|
|
164
|
},
|
|
165
|
'loggers': {
|
|
166
|
'django.request': {
|
|
167
|
'handlers': ['tmpspfile'],
|
|
168
|
'level': 'DEBUG',
|
|
169
|
'propagate': True,
|
|
170
|
},
|
|
171
|
}
|
|
172
|
}
|
|
173
|
|
|
174
|
# authentic2 settings (SP)
|
|
175
|
LOCAL_METADATA_CACHE_TIMEOUT = 600
|
|
176
|
SAML_METADATA_ROOT = 'metadata'
|
|
177
|
SAML_METADATA_AUTOLOAD = 'none'
|
|
178
|
|
|
179
|
AUTH_FRONTENDS = ('authentic2.authsaml2.frontend.AuthSAML2Frontend',)
|
|
180
|
AUTHENTICATION_BACKENDS = (
|
|
181
|
'django.contrib.auth.backends.ModelBackend',
|
|
182
|
'authentic2.authsaml2.backends.AuthSAML2PersistentBackend',
|
|
183
|
'authentic2.authsaml2.backends.AuthSAML2TransientBackend')
|
|
184
|
|
|
185
|
|
|
186
|
# get some values from config.xml
|
|
187
|
# => server must be restarted if config.xml is changed
|
|
188
|
|
|
189
|
if 'CONFIG_XML' in os.environ:
|
|
190
|
# for run this application outside a real pfSense
|
|
191
|
CONFIG_XML = os.environ['CONFIG_XML']
|
|
192
|
else:
|
|
193
|
CONFIG_XML = '/cf/conf/config.xml'
|
|
194
|
|
|
195
|
sp = pfconfigxml.get_sp()
|
|
196
|
# SAML certificate
|
|
197
|
SAML_SIGNATURE_PUBLIC_KEY = sp.get('saml_cert', {}).get('crt')
|
|
198
|
SAML_SIGNATURE_PRIVATE_KEY = sp.get('saml_cert', {}).get('prv')
|
|
199
|
|
|
200
|
# SESSION_COOKIE_AGE from pfsenseid, at least 2 minutes
|
|
201
|
SESSION_COOKIE_AGE = max(sp.get('cp', {}).get('idletimeout', 2)*60, 2*60)
|
|
202
|
|
|
203
|
# SP User Interface parameters
|
|
204
|
SP_UI = sp.get('ui', {})
|
|
205
|
TEMPLATE_CONTEXT_PROCESSORS = global_settings.TEMPLATE_CONTEXT_PROCESSORS + (
|
|
206
|
'sp.context_processors.sp',
|
|
207
|
)
|
|
208
|
|
|
209
|
# FIXME: get this from SP_UI config
|
|
210
|
PROXYMAP_URL = 'http://lactuca.entrouvert.org/proxymap/mapbox/%(z)d/%(x)d/%(y)d.png32'
|
|
211
|
|