talentmap_api/settings.py
File `settings.py` has 347 lines of code (exceeds 250 allowed). Consider refactoring."""Django settings for talentmap_api project. Generated by 'django-admin startproject' using Django 1.11.2. For more information on this file, seehttps://docs.djangoproject.com/en/1.11/topics/settings/ For the full list of settings and their values, seehttps://docs.djangoproject.com/en/1.11/ref/settings/""" import osimport dj_database_urlimport datetime import saml2import saml2.saml # This supports swagger httpsSECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') def get_delineated_environment_variable(variable, default=None): ''' Returns an environment variable, using the DJANGO_ENVIRONMENT_NAME variable as a prefix. ''' env_name = os.environ.get('DJANGO_ENVIRONMENT_NAME', '') val = os.environ.get(f'{env_name}{variable}', None) if val is None: # Try with no env_name (this can be an issue when using runserver) val = os.environ.get(f'{variable}', None) if val is None: val = default return val # Simple function to evaluate if an environment variable is truthydef bool_env_variable(name): return get_delineated_environment_variable(name) in ["1", "True", "true", True] # Build paths inside the project like this: os.path.join(BASE_DIR, ...)BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) # Quick-start development settings - unsuitable for production# See https://docs.djangoproject.com/en/1.11/howto/deployment/checklist/ # SECURITY WARNING: keep the secret key used in production secret!SECRET_KEY = get_delineated_environment_variable("DJANGO_SECRET_KEY") # SECURITY WARNING: don't run with debug turned on in production!DEBUG = bool_env_variable("DJANGO_DEBUG") # Whether to enable saml2 endpointsENABLE_SAML2 = bool_env_variable("ENABLE_SAML2") # This is * for now, but should be set to a proper host when deployedALLOWED_HOSTS = ['*'] # CORS SettingsCORS_ORIGIN_ALLOW_ALL = True # Login pathsLOGIN_URL = 'rest_framework:login'LOGOUT_URL = 'rest_framework:logout' # Check for SAML2 enableif ENABLE_SAML2: LOGIN_URL = '/saml2/login/' SESSION_EXPIRE_AT_BROWSER_CLOSE = bool_env_variable('SAML2_SESSION_EXPIRE_AT_BROWSER_CLOSE') # Authorization token lifetimeEXPIRING_TOKEN_LIFESPAN = datetime.timedelta(days=1) # Authentication backendsAUTHENTICATION_BACKENDS = ( 'django.contrib.auth.backends.ModelBackend',) if ENABLE_SAML2: AUTHENTICATION_BACKENDS += ('djangosaml2.backends.Saml2Backend',) # Application definition INSTALLED_APPS = [ 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'django.contrib.postgres', # Third-party 'corsheaders', 'django_filters', 'django_extensions', 'rest_framework', 'rest_framework.authtoken', 'rest_framework_expiring_authtoken', 'rest_framework_swagger', 'debug_toolbar', 'djangosaml2', 'simple_history', # TalentMap Apps 'talentmap_api.common', 'talentmap_api.position', 'talentmap_api.language', 'talentmap_api.organization', 'talentmap_api.messaging', 'talentmap_api.user_profile', 'talentmap_api.bidding', 'talentmap_api.permission', 'talentmap_api.glossary', 'talentmap_api.integrations', 'talentmap_api.feedback',] MIDDLEWARE = [ 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', # Third-party 'corsheaders.middleware.CorsMiddleware', 'debug_toolbar.middleware.DebugToolbarMiddleware', 'simple_history.middleware.HistoryRequestMiddleware', # Our middleware 'talentmap_api.common.middleware.IE11Middleware',] ROOT_URLCONF = 'talentmap_api.urls' TEMPLATES = [ { 'BACKEND': 'django.template.backends.django.DjangoTemplates', 'DIRS': [], 'APP_DIRS': True, 'OPTIONS': { 'context_processors': [ 'django.template.context_processors.debug', 'django.template.context_processors.request', 'django.contrib.auth.context_processors.auth', 'django.contrib.messages.context_processors.messages', ], }, },] # Rest framework settingsREST_FRAMEWORK = { 'DEFAULT_PAGINATION_CLASS': 'talentmap_api.common.pagination.ControllablePageNumberPagination', 'DEFAULT_RENDERER_CLASSES': ( 'rest_framework.renderers.JSONRenderer', 'talentmap_api.common.renderers.BrowsableAPIRendererWithoutForms', 'talentmap_api.common.renderers.PaginatedCSVRenderer', ), 'DEFAULT_FILTER_BACKENDS': ( 'talentmap_api.common.filters.DisabledHTMLFilterBackend', 'talentmap_api.common.filters.RelatedOrderingFilter' ), 'DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework_expiring_authtoken.authentication.ExpiringTokenAuthentication', 'rest_framework.authentication.SessionAuthentication', ),} CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.dummy.DummyCache', }} REST_FRAMEWORK_EXTENSIONS = { 'DEFAULT_USE_CACHE': 'default', 'DEFAULT_CACHE_RESPONSE_TIMEOUT': 86400, # 1 day 'DEFAULT_CACHE_KEY_FUNC': 'talentmap_api.common.cache.key_constructor.key_func'} # SAML SettingsSAML_CONFIG = {} # Lookup by emailSAML_DJANGO_USER_MAIN_ATTRIBUTE = 'email'# Use their uid as their usernameSAML_USE_NAME_ID_AS_USERNAME = True# Create a new Django user if we have a saml2 user we don't knowSAML_CREATE_UNKNOWN_USER = True if ENABLE_SAML2: LOGIN_REDIRECT_URL = get_delineated_environment_variable('SAML_LOGIN_REDIRECT_URL') # See https://github.com/knaperek/djangosaml2 for more information SAML_ATTRIBUTE_MAPPING = { 'EmailAddress': ('email', 'username', ), 'givenname': ('first_name', ), 'surname': ('last_name', ), } SAML_CONFIG = { "strict": False, # full path to the xmlsec1 binary program 'xmlsec_binary': get_delineated_environment_variable('SAML2_XMLSEC1_PATH'), # acceptable time differential, in seconds 'accepted_time_diff': 60, # your entity id, usually your subdomain plus the url to the metadata view 'entityid': f"{get_delineated_environment_variable('SAML2_NETWORK_LOCATION')}saml2/metadata/", # directory with attribute mapping 'attribute_map_dir': os.path.join(BASE_DIR, 'talentmap_api', 'saml2', 'attribute_maps'), # this block states what services we provide 'service': { # We are a service provider 'sp': { 'name': 'TalentMAP', 'allow_unsolicited': True, 'name_id_format': saml2.saml.NAMEID_FORMAT_PERSISTENT, 'endpoints': { # url and binding to the assetion consumer service view # do not change the binding or service name 'assertion_consumer_service': [ (f"{get_delineated_environment_variable('FRONT_END_ACS_BINDING')}", saml2.BINDING_HTTP_POST), ], # url and binding to the single logout service view # do not change the binding or service name 'single_logout_service': [ (f"{get_delineated_environment_variable('SAML2_NETWORK_LOCATION')}saml2/ls/", saml2.BINDING_HTTP_REDIRECT), (f"{get_delineated_environment_variable('SAML2_NETWORK_LOCATION')}ls/post", saml2.BINDING_HTTP_POST), ], }, # attributes that this project need to identify a user 'required_attributes': ['EmailAddress', 'nameidentifier', 'givenname', 'surname'], # attributes that may be useful to have but not required # TODO: What attributes are we getting back from DOS IdP? 'optional_attributes': [], # in this section the list of IdPs we talk to are defined 'idp': { # the keys of this dictionary are entity ids get_delineated_environment_variable('SAML2_IDP_METADATA_ENDPOINT'): { 'single_sign_on_service': { saml2.BINDING_HTTP_REDIRECT: get_delineated_environment_variable('SAML2_IDP_SSO_LOGIN_ENDPOINT'), }, 'single_logout_service': { saml2.BINDING_HTTP_REDIRECT: get_delineated_environment_variable('SAML2_IDP_SLO_LOGOUT_ENDPOINT'), }, }, }, # End IDP config }, # End SP config }, # End Service config # where the remote metadata is stored 'metadata': { 'local': [os.path.join(BASE_DIR, 'talentmap_api', 'saml2', 'remote_metadata', 'remote_metadata.xml')], }, # set to 1 to output debugging information 'debug': get_delineated_environment_variable('SAML2_DEBUG'), # Signing 'key_file': get_delineated_environment_variable('SAML2_SIGNING_KEY'), # private part 'cert_file': get_delineated_environment_variable('SAML2_SIGNING_CERT'), # public part # Encryption 'encryption_keypairs': [{ 'key_file': get_delineated_environment_variable('SAML2_ENCRYPTION_KEY'), # private part 'cert_file': get_delineated_environment_variable('SAML2_ENCRYPTION_CERT'), # public part }], # Our metadata 'contact_person': [ { 'given_name': get_delineated_environment_variable('SAML2_TECHNICAL_POC_FIRST_NAME'), 'sur_name': get_delineated_environment_variable('SAML2_TECHNICAL_POC_LAST_NAME'), 'company': get_delineated_environment_variable('SAML2_TECHNICAL_POC_COMPANY'), 'email_address': get_delineated_environment_variable('SAML2_TECHNICAL_POC_EMAIL'), 'contact_type': 'technical' }, { 'given_name': get_delineated_environment_variable('SAML2_ADMINISTRATIVE_POC_FIRST_NAME'), 'sur_name': get_delineated_environment_variable('SAML2_ADMINISTRATIVE_POC_LAST_NAME'), 'company': get_delineated_environment_variable('SAML2_ADMINISTRATIVE_POC_COMPANY'), 'email_address': get_delineated_environment_variable('SAML2_ADMINISTRATIVE_POC_EMAIL'), 'contact_type': 'administrative' }, ], "valid_for": 24 # Our metadata is valid for 24-hours } # End SAML config LOGGING = { 'version': 1, 'disable_existing_loggers': False, 'formatters': { 'verbose': { 'format': '%(levelname)s %(asctime)s %(module)s %(process)d %(thread)d %(message)s' }, 'simple': { 'format': '%(levelname)s %(asctime)s %(message)s' }, }, 'filters': { 'require_debug_true': { '()': 'django.utils.log.RequireDebugTrue', }, }, 'handlers': { 'console': { 'level': 'INFO', 'class': 'logging.StreamHandler', 'formatter': 'simple' }, 'auth': { 'level': 'DEBUG', 'class': 'logging.handlers.RotatingFileHandler', 'filename': get_delineated_environment_variable('DJANGO_LOG_DIRECTORY', '/var/log/talentmap/') + get_delineated_environment_variable('DJANGO_LOG_AUTH_NAME', 'auth.log'), 'maxBytes': int(get_delineated_environment_variable('DJANGO_LOG_AUTH_MAX_SIZE', 1024 * 1024 * 5)), 'backupCount': int(get_delineated_environment_variable('DJANGO_LOG_AUTH_NUM_BACKUPS', 5)), 'formatter': 'simple', }, 'access': { 'level': 'INFO', 'class': 'logging.handlers.RotatingFileHandler', 'filename': get_delineated_environment_variable('DJANGO_LOG_DIRECTORY', '/var/log/talentmap/') + get_delineated_environment_variable('DJANGO_LOG_ACCESS_NAME', 'access.log'), 'maxBytes': int(get_delineated_environment_variable('DJANGO_LOG_ACCESS_MAX_SIZE', 1024 * 1024 * 5)), 'backupCount': int(get_delineated_environment_variable('DJANGO_LOG_ACCESS_NUM_BACKUPS', 5)), 'formatter': 'simple', }, 'permission': { 'level': 'INFO', 'class': 'logging.handlers.RotatingFileHandler', 'filename': get_delineated_environment_variable('DJANGO_LOG_DIRECTORY', '/var/log/talentmap/') + get_delineated_environment_variable('DJANGO_LOG_PERM_NAME', 'permissions.log'), 'maxBytes': int(get_delineated_environment_variable('DJANGO_LOG_PERM_MAX_SIZE', 1024 * 1024 * 5)), 'backupCount': int(get_delineated_environment_variable('DJANGO_LOG_PERM_NUM_BACKUPS', 5)), 'formatter': 'simple', }, 'db': { 'level': 'DEBUG', 'class': 'logging.handlers.RotatingFileHandler', 'filename': get_delineated_environment_variable('DJANGO_LOG_DIRECTORY', '/var/log/talentmap/') + get_delineated_environment_variable('DJANGO_LOG_DB_NAME', 'db.log'), 'maxBytes': int(get_delineated_environment_variable('DJANGO_LOG_DB_MAX_SIZE', 1024 * 1024 * 5)), 'backupCount': int(get_delineated_environment_variable('DJANGO_LOG_DB_NUM_BACKUPS', 5)), 'formatter': 'simple', }, 'sync': { 'level': 'INFO', 'class': 'logging.handlers.RotatingFileHandler', 'filename': get_delineated_environment_variable('DJANGO_LOG_DIRECTORY', '/var/log/talentmap/') + get_delineated_environment_variable('DJANGO_LOG_SYNC_NAME', 'sync.log'), 'maxBytes': int(get_delineated_environment_variable('DJANGO_LOG_SYNC_MAX_SIZE', 1024 * 1024 * 5)), 'backupCount': int(get_delineated_environment_variable('DJANGO_LOG_SYNC_NUM_BACKUPS', 5)), 'formatter': 'simple', }, 'generic': { 'level': 'INFO', 'class': 'logging.handlers.RotatingFileHandler', 'filename': get_delineated_environment_variable('DJANGO_LOG_DIRECTORY', '/var/log/talentmap/') + get_delineated_environment_variable('DJANGO_LOG_GENERIC_NAME', 'talentmap.log'), 'maxBytes': int(get_delineated_environment_variable('DJANGO_LOG_GENERIC_MAX_SIZE', 1024 * 1024 * 5)), 'backupCount': int(get_delineated_environment_variable('DJANGO_LOG_GENERIC_NUM_BACKUPS', 5)), 'formatter': 'simple', }, }, 'loggers': { 'console': { 'handlers': ['console'], 'level': 'INFO', 'propagate': True, }, 'django': { 'handlers': ['console', 'access'], 'level': 'INFO', 'propagate': True, }, 'django.db.backends': { 'handlers': ['console', 'db'], 'level': 'DEBUG', 'propagate': True, }, 'talentmap_api': { 'handlers': ['console', 'generic'], 'level': 'INFO', 'propagate': False, }, 'talentmap_api.permission': { 'handlers': ['console', 'permission'], 'level': 'INFO', 'propagate': False, # Consume these logs }, 'talentmap_api.integrations': { 'handlers': ['console', 'sync'], 'level': 'INFO', 'propagate': False, # Consume these logs }, 'talentmap_api.saml2': { 'handlers': ['console', 'auth'], 'level': 'DEBUG', 'propagate': False, # Consume these logs }, 'zeep.transports': { 'handlers': ['console'], 'level': 'DEBUG', 'propagate': True, 'filters': ['require_debug_true'] }, }} WSGI_APPLICATION = 'talentmap_api.wsgi.application' # Database# https://docs.djangoproject.com/en/1.11/ref/settings/#databases # Set up the DB from a connection string in the environment variable, DATABASE_URL# see https://github.com/kennethreitz/dj-database-url for more info DATABASES = {'default': dj_database_url.parse(get_delineated_environment_variable('DATABASE_URL'), conn_max_age=1)} # Password validation# https://docs.djangoproject.com/en/1.11/ref/settings/#auth-password-validators AUTH_PASSWORD_VALIDATORS = [ { 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator', }, { 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', }, { 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator', }, { 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator', },] # Debug toolbar settingsDEBUG_TOOLBAR_CONFIG = { "SHOW_TOOLBAR_CALLBACK": lambda request: DEBUG} # Internationalization# https://docs.djangoproject.com/en/1.11/topics/i18n/ LANGUAGE_CODE = 'en-us' TIME_ZONE = 'UTC' USE_I18N = True USE_L10N = True USE_TZ = True # Static files (CSS, JavaScript, Images)# https://docs.djangoproject.com/en/1.11/howto/static-files/ STATIC_URL = '/static/'STATIC_ROOT = os.path.join(BASE_DIR, 'talentmap_api/static/')