Coverage for cas_server/default_settings.py : 96%
Hot-keys on this page
r m x p toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1# -*- coding: utf-8 -*-
2# This program is distributed in the hope that it will be useful, but WITHOUT
3# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
4# FOR A PARTICULAR PURPOSE. See the GNU General Public License version 3 for
5# more details.
6#
7# You should have received a copy of the GNU General Public License version 3
8# along with this program; if not, write to the Free Software Foundation, Inc., 51
9# Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
10#
11# (c) 2015-2016 Valentin Samir
12"""Default values for the app's settings"""
13from django.conf import settings
14from django.templatetags.static import static
15from django.utils.translation import ugettext_lazy as _
17from importlib import import_module
20try:
21 #: URL to the logo showed in the up left corner on the default templates.
22 CAS_LOGO_URL = static("cas_server/logo.png")
23 #: URL to the favicon (shortcut icon) used by the default templates. Default is a key icon.
24 CAS_FAVICON_URL = static("cas_server/favicon.ico")
25# is settings.DEBUG is False and collectstatics has not been run yet, the static function will
26# raise a ValueError because the file is not found.
27except ValueError:
28 #: URL to the logo showed in the up left corner on the default templates.
29 CAS_LOGO_URL = None
30 #: URL to the favicon (shortcut icon) used by the default templates. Default is a key icon.
31 CAS_FAVICON_URL = None
34#: Show the powered by footer if set to ``True``
35CAS_SHOW_POWERED = True
36#: URLs to css and javascript external components.
37CAS_COMPONENT_URLS = {
38 "bootstrap3_css": "//maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css",
39 "bootstrap3_js": "//maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js",
40 "html5shiv": "//oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js",
41 "respond": "//oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js",
42 "bootstrap4_css": "//stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css",
43 "bootstrap4_js": "//stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js",
44 "jquery": "//code.jquery.com/jquery.min.js",
45}
46#: Path to the template showed on /login then the user is not autenticated.
47CAS_LOGIN_TEMPLATE = 'cas_server/bs4/login.html'
48#: Path to the template showed on /login?service=... then the user is authenticated and has asked
49#: to be warned before being connected to a service.
50CAS_WARN_TEMPLATE = 'cas_server/bs4/warn.html'
51#: Path to the template showed on /login then to user is authenticated.
52CAS_LOGGED_TEMPLATE = 'cas_server/bs4/logged.html'
53#: Path to the template showed on /logout then to user is being disconnected.
54CAS_LOGOUT_TEMPLATE = 'cas_server/bs4/logout.html'
55#: Should we redirect users to /login after they logged out instead of displaying
56#: :obj:`CAS_LOGOUT_TEMPLATE`.
57CAS_REDIRECT_TO_LOGIN_AFTER_LOGOUT = False
60#: A dotted path to a class or a class implementing cas_server.auth.AuthUser.
61CAS_AUTH_CLASS = 'cas_server.auth.DjangoAuthUser'
62#: Path to certificate authorities file. Usually on linux the local CAs are in
63#: /etc/ssl/certs/ca-certificates.crt. ``True`` tell requests to use its internal certificat
64#: authorities.
65CAS_PROXY_CA_CERTIFICATE_PATH = True
66#: Maximum number of parallel single log out requests send
67#: if more requests need to be send, there are queued
68CAS_SLO_MAX_PARALLEL_REQUESTS = 10
69#: Timeout for a single SLO request in seconds.
70CAS_SLO_TIMEOUT = 5
71#: Shared to transmit then using the view :class:`cas_server.views.Auth`
72CAS_AUTH_SHARED_SECRET = ''
73#: Max time after with the user MUST reauthenticate. Let it to `None` for no max time.
74#: This can be used to force refreshing cached informations only available upon user authentication
75#: like the user attributes in federation mode or with the ldap auth in bind mode.
76CAS_TGT_VALIDITY = None
79#: Number of seconds the service tickets and proxy tickets are valid. This is the maximal time
80#: between ticket issuance by the CAS and ticket validation by an application.
81CAS_TICKET_VALIDITY = 60
82#: Number of seconds the proxy granting tickets are valid.
83CAS_PGT_VALIDITY = 3600
84#: Number of seconds a ticket is kept in the database before sending Single Log Out request and
85#: being cleared.
86CAS_TICKET_TIMEOUT = 24*3600
89#: All CAS implementation MUST support ST and PT up to 32 chars,
90#: PGT and PGTIOU up to 64 chars and it is RECOMMENDED that all
91#: tickets up to 256 chars are supports so we use 64 for the default
92#: len.
93CAS_TICKET_LEN = 64
95#: alias of :obj:`settings.CAS_TICKET_LEN`
96CAS_LT_LEN = getattr(settings, 'CAS_TICKET_LEN', CAS_TICKET_LEN)
97#: alias of :obj:`settings.CAS_TICKET_LEN`
98#: Services MUST be able to accept service tickets of up to 32 characters in length.
99CAS_ST_LEN = getattr(settings, 'CAS_TICKET_LEN', CAS_TICKET_LEN)
100#: alias of :obj:`settings.CAS_TICKET_LEN`
101#: Back-end services MUST be able to accept proxy tickets of up to 32 characters.
102CAS_PT_LEN = getattr(settings, 'CAS_TICKET_LEN', CAS_TICKET_LEN)
103#: alias of :obj:`settings.CAS_TICKET_LEN`
104#: Services MUST be able to handle proxy-granting tickets of up to 64
105CAS_PGT_LEN = getattr(settings, 'CAS_TICKET_LEN', CAS_TICKET_LEN)
106#: alias of :obj:`settings.CAS_TICKET_LEN`
107#: Services MUST be able to handle PGTIOUs of up to 64 characters in length.
108CAS_PGTIOU_LEN = getattr(settings, 'CAS_TICKET_LEN', CAS_TICKET_LEN)
110#: Prefix of login tickets.
111CAS_LOGIN_TICKET_PREFIX = u'LT'
112#: Prefix of service tickets. Service tickets MUST begin with the characters ST so you should not
113#: change this.
114CAS_SERVICE_TICKET_PREFIX = u'ST'
115#: Prefix of proxy ticket. Proxy tickets SHOULD begin with the characters, PT.
116CAS_PROXY_TICKET_PREFIX = u'PT'
117#: Prefix of proxy granting ticket. Proxy-granting tickets SHOULD begin with the characters PGT.
118CAS_PROXY_GRANTING_TICKET_PREFIX = u'PGT'
119#: Prefix of proxy granting ticket IOU. Proxy-granting ticket IOUs SHOULD begin with the characters
120#: PGTIOU.
121CAS_PROXY_GRANTING_TICKET_IOU_PREFIX = u'PGTIOU'
124#: Host for the SQL server.
125CAS_SQL_HOST = 'localhost'
126#: Username for connecting to the SQL server.
127CAS_SQL_USERNAME = ''
128#: Password for connecting to the SQL server.
129CAS_SQL_PASSWORD = ''
130#: Database name.
131CAS_SQL_DBNAME = ''
132#: Database charset.
133CAS_SQL_DBCHARSET = 'utf8'
135#: The query performed upon user authentication.
136CAS_SQL_USER_QUERY = 'SELECT user AS username, pass AS password, users.* FROM users WHERE user = %s'
137#: The method used to check the user password. Must be one of ``"crypt"``, ``"ldap"``,
138#: ``"hex_md5"``, ``"hex_sha1"``, ``"hex_sha224"``, ``"hex_sha256"``, ``"hex_sha384"``,
139#: ``"hex_sha512"``, ``"plain"``.
140CAS_SQL_PASSWORD_CHECK = 'crypt'
141#: charset the SQL users passwords was hash with
142CAS_SQL_PASSWORD_CHARSET = "utf-8"
145#: Address of the LDAP server
146CAS_LDAP_SERVER = 'localhost'
147#: LDAP user bind address, for example ``"cn=admin,dc=crans,dc=org"`` for connecting to the LDAP
148#: server.
149CAS_LDAP_USER = None
150#: LDAP connection password
151CAS_LDAP_PASSWORD = None
152#: LDAP seach base DN, for example ``"ou=data,dc=crans,dc=org"``.
153CAS_LDAP_BASE_DN = None
154#: LDAP search filter for searching user by username. User inputed usernames are escaped using
155#: :func:`ldap3.utils.conv.escape_bytes`.
156CAS_LDAP_USER_QUERY = "(uid=%s)"
157#: LDAP attribute used for users usernames
158CAS_LDAP_USERNAME_ATTR = "uid"
159#: LDAP attribute used for users passwords
160CAS_LDAP_PASSWORD_ATTR = "userPassword"
161#: The method used to check the user password. Must be one of ``"crypt"``, ``"ldap"``,
162#: ``"hex_md5"``, ``"hex_sha1"``, ``"hex_sha224"``, ``"hex_sha256"``, ``"hex_sha384"``,
163#: ``"hex_sha512"``, ``"plain"``.
164CAS_LDAP_PASSWORD_CHECK = "ldap"
165#: charset the LDAP users passwords was hash with
166CAS_LDAP_PASSWORD_CHARSET = "utf-8"
169#: Username of the test user.
170CAS_TEST_USER = 'test'
171#: Password of the test user.
172CAS_TEST_PASSWORD = 'test'
173#: Attributes of the test user.
174CAS_TEST_ATTRIBUTES = {
175 'nom': 'Nymous',
176 'prenom': 'Ano',
177 'email': 'anonymous@example.net',
178 'alias': ['demo1', 'demo2']
179}
182#: A :class:`bool` for activatinc the hability to fetch tickets using javascript.
183CAS_ENABLE_AJAX_AUTH = False
186#: A :class:`bool` for activating the federated mode
187CAS_FEDERATE = False
188#: Time after witch the cookie use for “remember my identity provider” expire (one week).
189CAS_FEDERATE_REMEMBER_TIMEOUT = 604800
191#: A :class:`bool` for diplaying a warning on html pages then a new version of the application
192#: is avaible. Once closed by a user, it is not displayed to this user until the next new version.
193CAS_NEW_VERSION_HTML_WARNING = True
194#: A :class:`bool` for sending emails to ``settings.ADMINS`` when a new version is available.
195CAS_NEW_VERSION_EMAIL_WARNING = True
196#: URL to the pypi json of the application. Used to retreive the version number of the last version.
197#: You should not change it.
198CAS_NEW_VERSION_JSON_URL = "https://pypi.org/pypi/django-cas-server/json"
200#: If the service message should be displayed on the login page
201CAS_SHOW_SERVICE_MESSAGES = True
203#: Messages displayed in a info-box on the html pages of the default templates.
204#: ``CAS_INFO_MESSAGES`` is a :class:`dict` mapping message name to a message :class:`dict`.
205#: A message :class:`dict` has 3 keys:
206#: * ``message``: A :class:`unicode`, the message to display, potentially wrapped around
207#: ugettex_lazy
208#: * ``discardable``: A :class:`bool`, specify if the users can close the message info-box
209#: * ``type``: One of info, success, info, warning, danger. The type of the info-box.
210#: ``CAS_INFO_MESSAGES`` contains by default one message, ``cas_explained``, which explain
211#: roughly the purpose of a CAS.
212CAS_INFO_MESSAGES = {
213 "cas_explained": {
214 "message": _(
215 u"The Central Authentication Service grants you access to most of our websites by "
216 u"authenticating only once, so you don't need to type your credentials again unless "
217 u"your session expires or you logout."
218 ),
219 "discardable": True,
220 "type": "info", # one of info, success, info, warning, danger
221 },
222}
223#: :class:`list` of message names. Order in which info-box messages are displayed.
224#: Let the list empty to disable messages display.
225CAS_INFO_MESSAGES_ORDER = []
228GLOBALS = globals().copy()
229for name, default_value in GLOBALS.items():
230 # only care about parameter begining by CAS_
231 if name.startswith("CAS_"):
232 # get the current setting value, falling back to default_value
233 value = getattr(settings, name, default_value)
234 # set the setting value to its value if defined, ellse to the default_value.
235 setattr(settings, name, value)
237# Allow the user defined CAS_COMPONENT_URLS to omit not changed values
238MERGED_CAS_COMPONENT_URLS = CAS_COMPONENT_URLS.copy()
239MERGED_CAS_COMPONENT_URLS.update(settings.CAS_COMPONENT_URLS)
240settings.CAS_COMPONENT_URLS = MERGED_CAS_COMPONENT_URLS
242# if the federated mode is enabled, we must use the :class`cas_server.auth.CASFederateAuth` auth
243# backend.
244if settings.CAS_FEDERATE:
245 settings.CAS_AUTH_CLASS = "cas_server.auth.CASFederateAuth"
248#: SessionStore class depending of :django:setting:`SESSION_ENGINE`
249SessionStore = import_module(settings.SESSION_ENGINE).SessionStore