cas-eleves/app/settings.py

"""
Django settings for the DGSI project.
"""

import ssl
from pathlib import Path

import ldap3
from loadcredential import Credentials

credentials = Credentials(env_prefix="CE_")

# Build paths inside the project like this: BASE_DIR / "subdir".
BASE_DIR = Path(__file__).resolve().parent.parent

LOCAL_DIR = BASE_DIR / "cas_eleves"

# WARNING: keep the secret key used in production secret!
SECRET_KEY = credentials["SECRET_KEY"]

# WARNING: don't run with debug turned on in production!
DEBUG = credentials.get_json("DEBUG", False)

ALLOWED_HOSTS = credentials.get_json("ALLOWED_HOSTS", [])

DEFAULT_AUTO_FIELD = "django.db.models.AutoField"

###
# Fixtures configuration

FIXTURE_DIRS = [LOCAL_DIR / "fixtures"]

###
# List the installed applications

INSTALLED_APPS = [
    "django.contrib.admin",
    "django.contrib.auth",
    "django.contrib.contenttypes",
    "django.contrib.sessions",
    "django.contrib.messages",
    "django.contrib.staticfiles",
    "bulma",
    "cas_server",
]

###
# List the installed middlewares

MIDDLEWARE = [
    "django.middleware.security.SecurityMiddleware",
    "django.contrib.sessions.middleware.SessionMiddleware",
    "django.middleware.common.CommonMiddleware",
    "django.middleware.csrf.CsrfViewMiddleware",
    "django.contrib.auth.middleware.AuthenticationMiddleware",
    "django.contrib.messages.middleware.MessageMiddleware",
    "django.middleware.clickjacking.XFrameOptionsMiddleware",
    "django.middleware.locale.LocaleMiddleware",
]

###
# The main url configuration

ROOT_URLCONF = "app.urls"

###
# Template configuration:

TEMPLATES = [
    {
        "BACKEND": "django.template.backends.django.DjangoTemplates",
        "DIRS": [LOCAL_DIR / "templates"],
        "APP_DIRS": True,
        "OPTIONS": {
            "context_processors": [
                "django.template.context_processors.debug",
                "django.template.context_processors.request",
                "django.contrib.auth.context_processors.auth",
                "django.contrib.messages.context_processors.messages",
            ],
        },
    },
]

CAS_LOGGED_TEMPLATE = "cas_eleves/logged.html"
CAS_LOGIN_TEMPLATE = "cas_eleves/login.html"
CAS_LOGOUT_TEMPLATE = "cas_eleves/logout.html"
CAS_WARN_TEMPLATE = "cas_eleves/warn.html"

###
# Static files (CSS, JavaScript, Images) configuration
#   -> https://docs.djangoproject.com/en/4.2/howto/static-files/

STATIC_URL = "/static/"
STATICFILES_DIRS = [LOCAL_DIR / "static"]

STATIC_ROOT = credentials.get("STATIC_ROOT")

###
# WSGI application configuration

WSGI_APPLICATION = "app.wsgi.application"

###
# Authentication configuration

AUTH_PASSWORD_VALIDATORS = [
    {
        "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
    },
    {
        "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
    },
    {
        "NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",
    },
    {
        "NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",
    },
]

###
# Database configuration
#   -> https://docs.djangoproject.com/en/4.2/ref/settings/#databases

DATABASES = {
    "default": (
        {
            "ENGINE": "django.db.backends.sqlite3",
            "NAME": BASE_DIR / "db.sqlite3",
        }
        if DEBUG
        else {
            "ENGINE": "django.db.backends.postgresql",
            "NAME": "cas_server",
            "USER": "cas_server",
            "HOST": "/var/run/postgresql/",
        }
    )
}

###
# Internationalization configuration
#   -> https://docs.djangoproject.com/en/4.2/topics/i18n/

LANGUAGE_CODE = "fr-fr"
TIME_ZONE = "Europe/Paris"
USE_I18N = True
USE_L10N = True
USE_TZ = True

LOCALE_PATHS = [LOCAL_DIR / "locale"]

###
# Logging configuration

LOGGING = {
    "version": 1,
    "disable_existing_loggers": False,
    "handlers": {
        "console": {
            "class": "logging.StreamHandler",
        },
    },
    "root": {
        "handlers": ["console"],
        "level": "WARNING",
    },
}

###
# CAS backend configuration
#   -> https://github.com/nitmir/django-cas-server#settings

CAS_AUTH_CLASS = "cas_server.auth.LdapAuthUser"
CAS_LDAP_SERVER = ldap3.Server(
    credentials.get("LDAP_URI", "ldaps://ldap.spi.ens.fr:636"),
    get_info=ldap3.ALL,
    tls=ldap3.Tls(
        validate=ssl.CERT_REQUIRED,
        version=ssl.PROTOCOL_TLSv1_1,
        ciphers="AES256-SHA",
        ssl_options=[ssl.OP_LEGACY_SERVER_CONNECT],
    ),
)
CAS_LDAP_BASE_DN = "dc=spi,dc=ens,dc=fr"
CAS_LDAP_USER_QUERY = "(uid=%s)"
CAS_LDAP_USERNAME_ATTR = "uid"
CAS_LDAP_PASSWORD_CHECK = "bind"

CAS_SHOW_SERVICE_MESSAGES = False

CAS_NEW_VERSION_EMAIL_WARNING = False
CAS_NEW_VERSION_HTML_WARNING = False

###
# Development configuration

if DEBUG:
    INSTALLED_APPS += [
        "django_browser_reload",
    ]

    MIDDLEWARE += [
        "django_browser_reload.middleware.BrowserReloadMiddleware",
    ]