Coverage for cas_server/default

Hot-keys on this page

r m x p toggle line displays

j k next/prev highlighted chunk

0 (zero) top of page

1 (one) first highlighted chunk

1# -*- coding: utf-8 -*-

2# This program is distributed in the hope that it will be useful, but WITHOUT

3# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS

4# FOR A PARTICULAR PURPOSE. See the GNU General Public License version 3 for

5# more details.

7# You should have received a copy of the GNU General Public License version 3

8# along with this program; if not, write to the Free Software Foundation, Inc., 51

9# Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

10#

12"""Default values for the app's settings"""

13from django.conf import settings

14from django.templatetags.static import static

15from django.utils.translation import ugettext_lazy as _

17from importlib import import_module

20try:

21 #: URL to the logo showed in the up left corner on the default templates.

22 CAS_LOGO_URL = static("cas_server/logo.png")

23 #: URL to the favicon (shortcut icon) used by the default templates. Default is a key icon.

24 CAS_FAVICON_URL = static("cas_server/favicon.ico")

25# is settings.DEBUG is False and collectstatics has not been run yet, the static function will

26# raise a ValueError because the file is not found.

27except ValueError:

28 #: URL to the logo showed in the up left corner on the default templates.

29 CAS_LOGO_URL = None

30 #: URL to the favicon (shortcut icon) used by the default templates. Default is a key icon.

31 CAS_FAVICON_URL = None

34#: Show the powered by footer if set to ``True``

35CAS_SHOW_POWERED = True

36#: URLs to css and javascript external components.

37CAS_COMPONENT_URLS = {

38 "bootstrap3_css": "//maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css",

39 "bootstrap3_js": "//maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js",

40 "html5shiv": "//oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js",

41 "respond": "//oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js",

42 "jquery": "//code.jquery.com/jquery.min.js",

43}

44#: Path to the template showed on /login then the user is not autenticated.

45CAS_LOGIN_TEMPLATE = 'cas_server/login.html'

46#: Path to the template showed on /login?service=... then the user is authenticated and has asked

47#: to be warned before being connected to a service.

48CAS_WARN_TEMPLATE = 'cas_server/warn.html'

49#: Path to the template showed on /login then to user is authenticated.

50CAS_LOGGED_TEMPLATE = 'cas_server/logged.html'

51#: Path to the template showed on /logout then to user is being disconnected.

52CAS_LOGOUT_TEMPLATE = 'cas_server/logout.html'

53#: Should we redirect users to /login after they logged out instead of displaying

54#: :obj:`CAS_LOGOUT_TEMPLATE`.

55CAS_REDIRECT_TO_LOGIN_AFTER_LOGOUT = False

58#: A dotted path to a class or a class implementing cas_server.auth.AuthUser.

59CAS_AUTH_CLASS = 'cas_server.auth.DjangoAuthUser'

60#: Path to certificate authorities file. Usually on linux the local CAs are in

61#: /etc/ssl/certs/ca-certificates.crt. ``True`` tell requests to use its internal certificat

62#: authorities.

63CAS_PROXY_CA_CERTIFICATE_PATH = True

64#: Maximum number of parallel single log out requests send

65#: if more requests need to be send, there are queued

66CAS_SLO_MAX_PARALLEL_REQUESTS = 10

67#: Timeout for a single SLO request in seconds.

68CAS_SLO_TIMEOUT = 5

69#: Shared to transmit then using the view :class:`cas_server.views.Auth`

70CAS_AUTH_SHARED_SECRET = ''

71#: Max time after with the user MUST reauthenticate. Let it to `None` for no max time.

72#: This can be used to force refreshing cached informations only available upon user authentication

73#: like the user attributes in federation mode or with the ldap auth in bind mode.

74CAS_TGT_VALIDITY = None

77#: Number of seconds the service tickets and proxy tickets are valid. This is the maximal time

78#: between ticket issuance by the CAS and ticket validation by an application.

79CAS_TICKET_VALIDITY = 60

80#: Number of seconds the proxy granting tickets are valid.

81CAS_PGT_VALIDITY = 3600

82#: Number of seconds a ticket is kept in the database before sending Single Log Out request and

83#: being cleared.

84CAS_TICKET_TIMEOUT = 24*3600

87#: All CAS implementation MUST support ST and PT up to 32 chars,

88#: PGT and PGTIOU up to 64 chars and it is RECOMMENDED that all

89#: tickets up to 256 chars are supports so we use 64 for the default

90#: len.

91CAS_TICKET_LEN = 64

93#: alias of :obj:`settings.CAS_TICKET_LEN`

94CAS_LT_LEN = getattr(settings, 'CAS_TICKET_LEN', CAS_TICKET_LEN)

95#: alias of :obj:`settings.CAS_TICKET_LEN`

96#: Services MUST be able to accept service tickets of up to 32 characters in length.

97CAS_ST_LEN = getattr(settings, 'CAS_TICKET_LEN', CAS_TICKET_LEN)

98#: alias of :obj:`settings.CAS_TICKET_LEN`

99#: Back-end services MUST be able to accept proxy tickets of up to 32 characters.

100CAS_PT_LEN = getattr(settings, 'CAS_TICKET_LEN', CAS_TICKET_LEN)

101#: alias of :obj:`settings.CAS_TICKET_LEN`

102#: Services MUST be able to handle proxy-granting tickets of up to 64

103CAS_PGT_LEN = getattr(settings, 'CAS_TICKET_LEN', CAS_TICKET_LEN)

104#: alias of :obj:`settings.CAS_TICKET_LEN`

105#: Services MUST be able to handle PGTIOUs of up to 64 characters in length.

106CAS_PGTIOU_LEN = getattr(settings, 'CAS_TICKET_LEN', CAS_TICKET_LEN)

107

108#: Prefix of login tickets.

109CAS_LOGIN_TICKET_PREFIX = u'LT'

110#: Prefix of service tickets. Service tickets MUST begin with the characters ST so you should not

111#: change this.

112CAS_SERVICE_TICKET_PREFIX = u'ST'

113#: Prefix of proxy ticket. Proxy tickets SHOULD begin with the characters, PT.

114CAS_PROXY_TICKET_PREFIX = u'PT'

115#: Prefix of proxy granting ticket. Proxy-granting tickets SHOULD begin with the characters PGT.

116CAS_PROXY_GRANTING_TICKET_PREFIX = u'PGT'

117#: Prefix of proxy granting ticket IOU. Proxy-granting ticket IOUs SHOULD begin with the characters

118#: PGTIOU.

119CAS_PROXY_GRANTING_TICKET_IOU_PREFIX = u'PGTIOU'

120

121

122#: Host for the SQL server.

123CAS_SQL_HOST = 'localhost'

124#: Username for connecting to the SQL server.

125CAS_SQL_USERNAME = ''

126#: Password for connecting to the SQL server.

127CAS_SQL_PASSWORD = ''

128#: Database name.

129CAS_SQL_DBNAME = ''

130#: Database charset.

131CAS_SQL_DBCHARSET = 'utf8'

132

133#: The query performed upon user authentication.

134CAS_SQL_USER_QUERY = 'SELECT user AS username, pass AS password, users.* FROM users WHERE user = %s'

135#: The method used to check the user password. Must be one of ``"crypt"``, ``"ldap"``,

136#: ``"hex_md5"``, ``"hex_sha1"``, ``"hex_sha224"``, ``"hex_sha256"``, ``"hex_sha384"``,

137#: ``"hex_sha512"``, ``"plain"``.

138CAS_SQL_PASSWORD_CHECK = 'crypt'

139#: charset the SQL users passwords was hash with

140CAS_SQL_PASSWORD_CHARSET = "utf-8"

141

142

143#: Address of the LDAP server

144CAS_LDAP_SERVER = 'localhost'

145#: LDAP user bind address, for example ``"cn=admin,dc=crans,dc=org"`` for connecting to the LDAP

146#: server.

147CAS_LDAP_USER = None

148#: LDAP connection password

149CAS_LDAP_PASSWORD = None

150#: LDAP seach base DN, for example ``"ou=data,dc=crans,dc=org"``.

151CAS_LDAP_BASE_DN = None

152#: LDAP search filter for searching user by username. User inputed usernames are escaped using

153#: :func:`ldap3.utils.conv.escape_bytes`.

154CAS_LDAP_USER_QUERY = "(uid=%s)"

155#: LDAP attribute used for users usernames

156CAS_LDAP_USERNAME_ATTR = "uid"

157#: LDAP attribute used for users passwords

158CAS_LDAP_PASSWORD_ATTR = "userPassword"

159#: The method used to check the user password. Must be one of ``"crypt"``, ``"ldap"``,

160#: ``"hex_md5"``, ``"hex_sha1"``, ``"hex_sha224"``, ``"hex_sha256"``, ``"hex_sha384"``,

161#: ``"hex_sha512"``, ``"plain"``.

162CAS_LDAP_PASSWORD_CHECK = "ldap"

163#: charset the LDAP users passwords was hash with

164CAS_LDAP_PASSWORD_CHARSET = "utf-8"

165

166

167#: Username of the test user.

168CAS_TEST_USER = 'test'

169#: Password of the test user.

170CAS_TEST_PASSWORD = 'test'

171#: Attributes of the test user.

172CAS_TEST_ATTRIBUTES = {

173 'nom': 'Nymous',

174 'prenom': 'Ano',

175 'email': 'anonymous@example.net',

176 'alias': ['demo1', 'demo2']

177}

178

179

180#: A :class:`bool` for activatinc the hability to fetch tickets using javascript.

181CAS_ENABLE_AJAX_AUTH = False

182

183

184#: A :class:`bool` for activating the federated mode

185CAS_FEDERATE = False

186#: Time after witch the cookie use for “remember my identity provider” expire (one week).

187CAS_FEDERATE_REMEMBER_TIMEOUT = 604800

188

189#: A :class:`bool` for diplaying a warning on html pages then a new version of the application

190#: is avaible. Once closed by a user, it is not displayed to this user until the next new version.

191CAS_NEW_VERSION_HTML_WARNING = True

192#: A :class:`bool` for sending emails to ``settings.ADMINS`` when a new version is available.

193CAS_NEW_VERSION_EMAIL_WARNING = True

194#: URL to the pypi json of the application. Used to retreive the version number of the last version.

195#: You should not change it.

196CAS_NEW_VERSION_JSON_URL = "https://pypi.org/pypi/django-cas-server/json"

197

198#: If the service message should be displayed on the login page

199CAS_SHOW_SERVICE_MESSAGES = True

200

201#: Messages displayed in a info-box on the html pages of the default templates.

202#: ``CAS_INFO_MESSAGES`` is a :class:`dict` mapping message name to a message :class:`dict`.

203#: A message :class:`dict` has 3 keys:

204#: * ``message``: A :class:`unicode`, the message to display, potentially wrapped around

205#: ugettex_lazy

206#: * ``discardable``: A :class:`bool`, specify if the users can close the message info-box

207#: * ``type``: One of info, success, info, warning, danger. The type of the info-box.

208#: ``CAS_INFO_MESSAGES`` contains by default one message, ``cas_explained``, which explain

209#: roughly the purpose of a CAS.

210CAS_INFO_MESSAGES = {

211 "cas_explained": {

212 "message": _(

213 u"The Central Authentication Service grants you access to most of our websites by "

214 u"authenticating only once, so you don't need to type your credentials again unless "

215 u"your session expires or you logout."

216 ),

217 "discardable": True,

218 "type": "info", # one of info, success, info, warning, danger

219 },

220}

221#: :class:`list` of message names. Order in which info-box messages are displayed.

222#: Let the list empty to disable messages display.

223CAS_INFO_MESSAGES_ORDER = []

224

225

226GLOBALS = globals().copy()

227for name, default_value in GLOBALS.items():

228 # only care about parameter begining by CAS_

229 if name.startswith("CAS_"):

230 # get the current setting value, falling back to default_value

231 value = getattr(settings, name, default_value)

232 # set the setting value to its value if defined, ellse to the default_value.

233 setattr(settings, name, value)

234

235# Allow the user defined CAS_COMPONENT_URLS to omit not changed values

236MERGED_CAS_COMPONENT_URLS = CAS_COMPONENT_URLS.copy()

237MERGED_CAS_COMPONENT_URLS.update(settings.CAS_COMPONENT_URLS)

238settings.CAS_COMPONENT_URLS = MERGED_CAS_COMPONENT_URLS

239

240# if the federated mode is enabled, we must use the :class`cas_server.auth.CASFederateAuth` auth

241# backend.

242if settings.CAS_FEDERATE:

243 settings.CAS_AUTH_CLASS = "cas_server.auth.CASFederateAuth"

244

245

246#: SessionStore class depending of :django:setting:`SESSION_ENGINE`

247SessionStore = import_module(settings.SESSION_ENGINE).SessionStore

Coverage for cas_server/default_settings.py : 96%

78 statements 75 run 3 missing 0 excluded 0 partial