Hide keyboard shortcuts

Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1# -*- coding: utf-8 -*- 

2# This program is distributed in the hope that it will be useful, but WITHOUT 

3# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 

4# FOR A PARTICULAR PURPOSE. See the GNU General Public License version 3 for 

5# more details. 

6# 

7# You should have received a copy of the GNU General Public License version 3 

8# along with this program; if not, write to the Free Software Foundation, Inc., 51 

9# Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 

10# 

11# (c) 2015-2016 Valentin Samir 

12"""Default values for the app's settings""" 

13from django.conf import settings 

14from django.templatetags.static import static 

15 

16from importlib import import_module 

17 

18import sys 

19if sys.version_info < (3, ): 19 ↛ 20line 19 didn't jump to line 20, because the condition on line 19 was never true

20 from django.utils.translation import ugettext_lazy as _ 

21else: 

22 from django.utils.translation import gettext_lazy as _ 

23 

24 

25try: 

26 #: URL to the logo showed in the up left corner on the default templates. 

27 CAS_LOGO_URL = static("cas_server/logo.png") 

28 #: URL to the favicon (shortcut icon) used by the default templates. Default is a key icon. 

29 CAS_FAVICON_URL = static("cas_server/favicon.ico") 

30# is settings.DEBUG is False and collectstatics has not been run yet, the static function will 

31# raise a ValueError because the file is not found. 

32except ValueError: 

33 #: URL to the logo showed in the up left corner on the default templates. 

34 CAS_LOGO_URL = None 

35 #: URL to the favicon (shortcut icon) used by the default templates. Default is a key icon. 

36 CAS_FAVICON_URL = None 

37 

38 

39#: Show the powered by footer if set to ``True`` 

40CAS_SHOW_POWERED = True 

41#: URLs to css and javascript external components. 

42CAS_COMPONENT_URLS = { 

43 "bootstrap3_css": "//maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css", 

44 "bootstrap3_js": "//maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js", 

45 "html5shiv": "//oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js", 

46 "respond": "//oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js", 

47 "bootstrap4_css": "//stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css", 

48 "bootstrap4_js": "//stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js", 

49 "jquery": "//code.jquery.com/jquery.min.js", 

50} 

51#: Path to the template showed on /login then the user is not autenticated. 

52CAS_LOGIN_TEMPLATE = 'cas_server/bs4/login.html' 

53#: Path to the template showed on /login?service=... then the user is authenticated and has asked 

54#: to be warned before being connected to a service. 

55CAS_WARN_TEMPLATE = 'cas_server/bs4/warn.html' 

56#: Path to the template showed on /login then to user is authenticated. 

57CAS_LOGGED_TEMPLATE = 'cas_server/bs4/logged.html' 

58#: Path to the template showed on /logout then to user is being disconnected. 

59CAS_LOGOUT_TEMPLATE = 'cas_server/bs4/logout.html' 

60#: Should we redirect users to /login after they logged out instead of displaying 

61#: :obj:`CAS_LOGOUT_TEMPLATE`. 

62CAS_REDIRECT_TO_LOGIN_AFTER_LOGOUT = False 

63 

64 

65#: A dotted path to a class or a class implementing cas_server.auth.AuthUser. 

66CAS_AUTH_CLASS = 'cas_server.auth.DjangoAuthUser' 

67#: Path to certificate authorities file. Usually on linux the local CAs are in 

68#: /etc/ssl/certs/ca-certificates.crt. ``True`` tell requests to use its internal certificat 

69#: authorities. 

70CAS_PROXY_CA_CERTIFICATE_PATH = True 

71#: Maximum number of parallel single log out requests send 

72#: if more requests need to be send, there are queued 

73CAS_SLO_MAX_PARALLEL_REQUESTS = 10 

74#: Timeout for a single SLO request in seconds. 

75CAS_SLO_TIMEOUT = 5 

76#: Shared to transmit then using the view :class:`cas_server.views.Auth` 

77CAS_AUTH_SHARED_SECRET = '' 

78#: Max time after with the user MUST reauthenticate. Let it to `None` for no max time. 

79#: This can be used to force refreshing cached informations only available upon user authentication 

80#: like the user attributes in federation mode or with the ldap auth in bind mode. 

81CAS_TGT_VALIDITY = None 

82 

83 

84#: Number of seconds the service tickets and proxy tickets are valid. This is the maximal time 

85#: between ticket issuance by the CAS and ticket validation by an application. 

86CAS_TICKET_VALIDITY = 60 

87#: Number of seconds the proxy granting tickets are valid. 

88CAS_PGT_VALIDITY = 3600 

89#: Number of seconds a ticket is kept in the database before sending Single Log Out request and 

90#: being cleared. 

91CAS_TICKET_TIMEOUT = 24*3600 

92 

93 

94#: All CAS implementation MUST support ST and PT up to 32 chars, 

95#: PGT and PGTIOU up to 64 chars and it is RECOMMENDED that all 

96#: tickets up to 256 chars are supports so we use 64 for the default 

97#: len. 

98CAS_TICKET_LEN = 64 

99 

100#: alias of :obj:`settings.CAS_TICKET_LEN` 

101CAS_LT_LEN = getattr(settings, 'CAS_TICKET_LEN', CAS_TICKET_LEN) 

102#: alias of :obj:`settings.CAS_TICKET_LEN` 

103#: Services MUST be able to accept service tickets of up to 32 characters in length. 

104CAS_ST_LEN = getattr(settings, 'CAS_TICKET_LEN', CAS_TICKET_LEN) 

105#: alias of :obj:`settings.CAS_TICKET_LEN` 

106#: Back-end services MUST be able to accept proxy tickets of up to 32 characters. 

107CAS_PT_LEN = getattr(settings, 'CAS_TICKET_LEN', CAS_TICKET_LEN) 

108#: alias of :obj:`settings.CAS_TICKET_LEN` 

109#: Services MUST be able to handle proxy-granting tickets of up to 64 

110CAS_PGT_LEN = getattr(settings, 'CAS_TICKET_LEN', CAS_TICKET_LEN) 

111#: alias of :obj:`settings.CAS_TICKET_LEN` 

112#: Services MUST be able to handle PGTIOUs of up to 64 characters in length. 

113CAS_PGTIOU_LEN = getattr(settings, 'CAS_TICKET_LEN', CAS_TICKET_LEN) 

114 

115#: Prefix of login tickets. 

116CAS_LOGIN_TICKET_PREFIX = u'LT' 

117#: Prefix of service tickets. Service tickets MUST begin with the characters ST so you should not 

118#: change this. 

119CAS_SERVICE_TICKET_PREFIX = u'ST' 

120#: Prefix of proxy ticket. Proxy tickets SHOULD begin with the characters, PT. 

121CAS_PROXY_TICKET_PREFIX = u'PT' 

122#: Prefix of proxy granting ticket. Proxy-granting tickets SHOULD begin with the characters PGT. 

123CAS_PROXY_GRANTING_TICKET_PREFIX = u'PGT' 

124#: Prefix of proxy granting ticket IOU. Proxy-granting ticket IOUs SHOULD begin with the characters 

125#: PGTIOU. 

126CAS_PROXY_GRANTING_TICKET_IOU_PREFIX = u'PGTIOU' 

127 

128 

129#: Host for the SQL server. 

130CAS_SQL_HOST = 'localhost' 

131#: Username for connecting to the SQL server. 

132CAS_SQL_USERNAME = '' 

133#: Password for connecting to the SQL server. 

134CAS_SQL_PASSWORD = '' 

135#: Database name. 

136CAS_SQL_DBNAME = '' 

137#: Database charset. 

138CAS_SQL_DBCHARSET = 'utf8' 

139 

140#: The query performed upon user authentication. 

141CAS_SQL_USER_QUERY = 'SELECT user AS username, pass AS password, users.* FROM users WHERE user = %s' 

142#: The method used to check the user password. Must be one of ``"crypt"``, ``"ldap"``, 

143#: ``"hex_md5"``, ``"hex_sha1"``, ``"hex_sha224"``, ``"hex_sha256"``, ``"hex_sha384"``, 

144#: ``"hex_sha512"``, ``"plain"``. 

145CAS_SQL_PASSWORD_CHECK = 'crypt' 

146#: charset the SQL users passwords was hash with 

147CAS_SQL_PASSWORD_CHARSET = "utf-8" 

148 

149 

150#: Address of the LDAP server 

151CAS_LDAP_SERVER = 'localhost' 

152#: LDAP user bind address, for example ``"cn=admin,dc=crans,dc=org"`` for connecting to the LDAP 

153#: server. 

154CAS_LDAP_USER = None 

155#: LDAP connection password 

156CAS_LDAP_PASSWORD = None 

157#: LDAP seach base DN, for example ``"ou=data,dc=crans,dc=org"``. 

158CAS_LDAP_BASE_DN = None 

159#: LDAP search filter for searching user by username. User inputed usernames are escaped using 

160#: :func:`ldap3.utils.conv.escape_bytes`. 

161CAS_LDAP_USER_QUERY = "(uid=%s)" 

162#: LDAP attribute used for users usernames 

163CAS_LDAP_USERNAME_ATTR = "uid" 

164#: LDAP attribute used for users passwords 

165CAS_LDAP_PASSWORD_ATTR = "userPassword" 

166#: The method used to check the user password. Must be one of ``"crypt"``, ``"ldap"``, 

167#: ``"hex_md5"``, ``"hex_sha1"``, ``"hex_sha224"``, ``"hex_sha256"``, ``"hex_sha384"``, 

168#: ``"hex_sha512"``, ``"plain"``, ``"bind"``. 

169CAS_LDAP_PASSWORD_CHECK = "ldap" 

170#: charset the LDAP users passwords was hash with 

171CAS_LDAP_PASSWORD_CHARSET = "utf-8" 

172#: This parameter is only used then ``CAS_LDAP_PASSWORD_CHECK`` is set to ``"bind"``. 

173#: * if ``0`` the user attributes are retrieved by connecting to the ldap as 

174#: ``CAS_LDAP_USER``. 

175#: * if ``1`` the user attributes are retrieve then the user authenticate using 

176#: the user credentials. These attributes are then cached for the session. 

177#: The default is ``0``. 

178CAS_LDAP_ATTRS_VIEW = 0 

179 

180 

181#: Username of the test user. 

182CAS_TEST_USER = 'test' 

183#: Password of the test user. 

184CAS_TEST_PASSWORD = 'test' 

185#: Attributes of the test user. 

186CAS_TEST_ATTRIBUTES = { 

187 'nom': 'Nymous', 

188 'prenom': 'Ano', 

189 'email': 'anonymous@example.net', 

190 'alias': ['demo1', 'demo2'] 

191} 

192 

193 

194#: A :class:`bool` for activatinc the hability to fetch tickets using javascript. 

195CAS_ENABLE_AJAX_AUTH = False 

196 

197 

198#: A :class:`bool` for activating the federated mode 

199CAS_FEDERATE = False 

200#: Time after witch the cookie use for “remember my identity provider” expire (one week). 

201CAS_FEDERATE_REMEMBER_TIMEOUT = 604800 

202 

203#: A :class:`bool` for diplaying a warning on html pages then a new version of the application 

204#: is avaible. Once closed by a user, it is not displayed to this user until the next new version. 

205CAS_NEW_VERSION_HTML_WARNING = True 

206#: A :class:`bool` for sending emails to ``settings.ADMINS`` when a new version is available. 

207CAS_NEW_VERSION_EMAIL_WARNING = True 

208#: URL to the pypi json of the application. Used to retreive the version number of the last version. 

209#: You should not change it. 

210CAS_NEW_VERSION_JSON_URL = "https://pypi.org/pypi/django-cas-server/json" 

211 

212#: If the service message should be displayed on the login page 

213CAS_SHOW_SERVICE_MESSAGES = True 

214 

215#: Messages displayed in a info-box on the html pages of the default templates. 

216#: ``CAS_INFO_MESSAGES`` is a :class:`dict` mapping message name to a message :class:`dict`. 

217#: A message :class:`dict` has 3 keys: 

218#: * ``message``: A :class:`unicode`, the message to display, potentially wrapped around 

219#: ugettex_lazy 

220#: * ``discardable``: A :class:`bool`, specify if the users can close the message info-box 

221#: * ``type``: One of info, success, info, warning, danger. The type of the info-box. 

222#: ``CAS_INFO_MESSAGES`` contains by default one message, ``cas_explained``, which explain 

223#: roughly the purpose of a CAS. 

224CAS_INFO_MESSAGES = { 

225 "cas_explained": { 

226 "message": _( 

227 u"The Central Authentication Service grants you access to most of our websites by " 

228 u"authenticating only once, so you don't need to type your credentials again unless " 

229 u"your session expires or you logout." 

230 ), 

231 "discardable": True, 

232 "type": "info", # one of info, success, info, warning, danger 

233 }, 

234} 

235#: :class:`list` of message names. Order in which info-box messages are displayed. 

236#: Let the list empty to disable messages display. 

237CAS_INFO_MESSAGES_ORDER = [] 

238 

239 

240GLOBALS = globals().copy() 

241for name, default_value in GLOBALS.items(): 

242 # only care about parameter begining by CAS_ 

243 if name.startswith("CAS_"): 

244 # get the current setting value, falling back to default_value 

245 value = getattr(settings, name, default_value) 

246 # set the setting value to its value if defined, ellse to the default_value. 

247 setattr(settings, name, value) 

248 

249# Allow the user defined CAS_COMPONENT_URLS to omit not changed values 

250MERGED_CAS_COMPONENT_URLS = CAS_COMPONENT_URLS.copy() 

251MERGED_CAS_COMPONENT_URLS.update(settings.CAS_COMPONENT_URLS) 

252settings.CAS_COMPONENT_URLS = MERGED_CAS_COMPONENT_URLS 

253 

254# if the federated mode is enabled, we must use the :class`cas_server.auth.CASFederateAuth` auth 

255# backend. 

256if settings.CAS_FEDERATE: 

257 settings.CAS_AUTH_CLASS = "cas_server.auth.CASFederateAuth" 

258 

259 

260#: SessionStore class depending of :django:setting:`SESSION_ENGINE` 

261SessionStore = import_module(settings.SESSION_ENGINE).SessionStore