From 837e8fc6e19d0939b6f51453ece5b4ebc71cbfc6 Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa Date: Tue, 11 Feb 2020 20:59:02 -0800 Subject: [PATCH] web_framework: Separate out Django settings into module This allows for many cases of having to deal with Django objects such as models. - Allows all modules including ones with models to be imported by Sphinx. - Run most of the management commands using django-admin. - Make it simpler to import all modules on REPL interactive Python shells. Does not change any of the settings that we are passing to Django for configuration. Reviewed-by: James Valleroy --- plinth/settings.py | 184 ++++++++++++++++++++++++++++++++++++++++ plinth/web_framework.py | 149 +++++--------------------------- 2 files changed, 207 insertions(+), 126 deletions(-) create mode 100644 plinth/settings.py diff --git a/plinth/settings.py b/plinth/settings.py new file mode 100644 index 000000000..1ee546f73 --- /dev/null +++ b/plinth/settings.py @@ -0,0 +1,184 @@ +# +# This file is part of FreedomBox. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +# +""" +Basic settings for Django web framework. + +During initialization of the service, these settings are overridden before +Django is initialized. However, this file has been written in this format to +let Django initialization easier in other situations such as test cases, +documentation generation, debugging etc. + +See: https://docs.djangoproject.com/en/dev/ref/settings/ + +""" + +ALLOWED_HOSTS = ['*'] + +_pwd = 'django.contrib.auth.password_validation' + +AUTH_PASSWORD_VALIDATORS = [ + { + 'NAME': '{}.UserAttributeSimilarityValidator'.format(_pwd), + }, + { + 'NAME': '{}.MinimumLengthValidator'.format(_pwd), + 'OPTIONS': { + 'min_length': 8, + } + }, + { + 'NAME': '{}.CommonPasswordValidator'.format(_pwd), + }, + { + 'NAME': '{}.NumericPasswordValidator'.format(_pwd), + }, +] + +AXES_LOCKOUT_URL = 'locked/' + +AXES_RESET_ON_SUCCESS = True # Only used with axes >= 4.4.3 + +CACHES = { + 'default': { + 'BACKEND': 'django.core.cache.backends.dummy.DummyCache' + } +} + +CAPTCHA_FONT_PATH = ['/usr/share/fonts/truetype/ttf-bitstream-vera/Vera.ttf'] + +CAPTCHA_LENGTH = 6 + +CAPTCHA_FLITE_PATH = '/usr/bin/flite' + +DATABASES = { + 'default': { + 'ENGINE': 'django.db.backends.sqlite3', + # Overridden based on the configuration key store_file + 'NAME': '/var/lib/plinth/plinth.sqlite3' + } +} + +# Overridden based on command line argument --develop +DEBUG = False + +# Overridden based on the configuration key server_dir +FORCE_SCRIPT_NAME = '/plinth' + +# FreedomBox apps are appended to this list +INSTALLED_APPS = [ + 'axes', + 'captcha', + 'bootstrapform', + 'django.contrib.auth', + 'django.contrib.contenttypes', + 'django.contrib.messages', + 'stronghold', + 'plinth', +] + +# Overridden based on configuration key use_x_forwarded_host +IPWARE_META_PRECEDENCE_ORDER = ('REMOTE_ADDR', ) + +# Overridden by get_languages() +LANGUAGES = [('en', 'English')] + +# Overridden by log configuration in log.py +LOGGING = {'version': 1} + +LOGIN_URL = 'users:login' + +LOGIN_REDIRECT_URL = 'index' + +# Overridden before initialization +MESSAGE_TAGS = {} + +MIDDLEWARE = ( + 'django.middleware.security.SecurityMiddleware', + 'django.contrib.sessions.middleware.SessionMiddleware', + 'django.middleware.locale.LocaleMiddleware', + 'django.middleware.common.CommonMiddleware', + 'django.middleware.csrf.CsrfViewMiddleware', + 'django.contrib.auth.middleware.AuthenticationMiddleware', + 'django.contrib.messages.middleware.MessageMiddleware', + 'django.middleware.clickjacking.XFrameOptionsMiddleware', + 'stronghold.middleware.LoginRequiredMiddleware', + 'plinth.middleware.AdminRequiredMiddleware', + 'plinth.middleware.FirstSetupMiddleware', + 'plinth.modules.first_boot.middleware.FirstBootMiddleware', + 'plinth.middleware.SetupMiddleware', +) + +PASSWORD_HASHERS = [ + 'django.contrib.auth.hashers.Argon2PasswordHasher', + 'django.contrib.auth.hashers.PBKDF2PasswordHasher', + 'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher', + 'django.contrib.auth.hashers.BCryptSHA256PasswordHasher', +] + +ROOT_URLCONF = 'plinth.urls' + +SECURE_BROWSER_XSS_FILTER = True + +SECURE_CONTENT_TYPE_NOSNIFF = True + +# Overridden based configuration key secure_proxy_ssl_header +SECURE_PROXY_SSL_HEADER = None + +SESSION_ENGINE = 'django.contrib.sessions.backends.file' + +SESSION_FILE_PATH = '/var/lib/plinth/sessions' + +# Overridden based on configuration key server_dir +STATIC_URL = '/plinth/static/' + +# STRONGHOLD_PUBLIC_URLS=(r'^captcha/', ) + +STRONGHOLD_PUBLIC_NAMED_URLS = ( + 'captcha-image', + 'captcha-image-2x', + 'captcha-audio', + 'captcha-refresh', +) + +TEMPLATES = [ + { + 'BACKEND': 'django.template.backends.django.DjangoTemplates', + 'APP_DIRS': True, + 'OPTIONS': { + 'context_processors': [ + 'django.contrib.auth.context_processors.auth', + 'django.template.context_processors.debug', + 'django.template.context_processors.i18n', + 'django.template.context_processors.media', + 'django.template.context_processors.request', + 'django.template.context_processors.static', + 'django.template.context_processors.tz', + 'django.contrib.messages.context_processors.messages', + 'plinth.context_processors.common', + ], + }, + }, +] + +TIME_ZONE = 'UTC' + +USE_L10N = True + +USE_TZ = True + +# Overridden by configuration setting use_x_forwarded_host +USE_X_FORWARDED_HOST = False diff --git a/plinth/web_framework.py b/plinth/web_framework.py index e4a709adc..a060529cc 100644 --- a/plinth/web_framework.py +++ b/plinth/web_framework.py @@ -13,145 +13,42 @@ import django.core.wsgi from django.conf import global_settings from django.contrib.messages import constants as message_constants -from . import cfg, log, module_loader +from . import cfg, log, module_loader, settings logger = logging.getLogger(__name__) def init(): """Setup Django configuration in the absence of .settings file""" - templates = [ - { - 'BACKEND': 'django.template.backends.django.DjangoTemplates', - 'APP_DIRS': True, - 'OPTIONS': { - 'context_processors': [ - 'django.contrib.auth.context_processors.auth', - 'django.template.context_processors.debug', - 'django.template.context_processors.i18n', - 'django.template.context_processors.media', - 'django.template.context_processors.request', - 'django.template.context_processors.static', - 'django.template.context_processors.tz', - 'django.contrib.messages.context_processors.messages', - 'plinth.context_processors.common', - ], - }, - }, - ] - - applications = [ - 'axes', - 'captcha', - 'bootstrapform', - 'django.contrib.auth', - 'django.contrib.contenttypes', - 'django.contrib.messages', - 'stronghold', - 'plinth', - ] - applications += module_loader.get_modules_to_load() - sessions_directory = os.path.join(cfg.data_dir, 'sessions') - - secure_proxy_ssl_header = None if cfg.secure_proxy_ssl_header: - secure_proxy_ssl_header = (cfg.secure_proxy_ssl_header, 'https') + settings.SECURE_PROXY_SSL_HEADER = (cfg.secure_proxy_ssl_header, + 'https') - ipware_meta_precedence_order = ('REMOTE_ADDR', ) if cfg.use_x_forwarded_for: - ipware_meta_precedence_order = ('HTTP_X_FORWARDED_FOR', ) + settings.IPWARE_META_PRECEDENCE_ORDER = ('HTTP_X_FORWARDED_FOR', ) - pwd = 'django.contrib.auth.password_validation' + settings.DATABASES['default']['NAME'] = cfg.store_file + settings.DEBUG = cfg.develop + settings.FORCE_SCRIPT_NAME = cfg.server_dir + settings.INSTALLED_APPS += module_loader.get_modules_to_load() + settings.LANGUAGES = get_languages() + settings.LOGGING = log.get_configuration() + settings.MESSAGE_TAGS = {message_constants.ERROR: 'danger'} + settings.SESSION_FILE_PATH = os.path.join(cfg.data_dir, 'sessions') + settings.STATIC_URL = '/'.join([cfg.server_dir, + 'static/']).replace('//', '/') + settings.USE_X_FORWARDED_HOST = cfg.use_x_forwarded_host - django.conf.settings.configure( - ALLOWED_HOSTS=['*'], - AUTH_PASSWORD_VALIDATORS=[ - { - 'NAME': '{}.UserAttributeSimilarityValidator'.format(pwd), - }, - { - 'NAME': '{}.MinimumLengthValidator'.format(pwd), - 'OPTIONS': { - 'min_length': 8, - } - }, - { - 'NAME': '{}.CommonPasswordValidator'.format(pwd), - }, - { - 'NAME': '{}.NumericPasswordValidator'.format(pwd), - }, - ], - AXES_LOCKOUT_URL='locked/', - AXES_RESET_ON_SUCCESS=True, # Only used with axes >= 4.4.3 - CACHES={ - 'default': { - 'BACKEND': 'django.core.cache.backends.dummy.DummyCache' - } - }, - CAPTCHA_FONT_PATH=[ - '/usr/share/fonts/truetype/ttf-bitstream-vera/Vera.ttf' - ], - CAPTCHA_LENGTH=6, - CAPTCHA_FLITE_PATH='/usr/bin/flite', - DATABASES={ - 'default': { - 'ENGINE': 'django.db.backends.sqlite3', - 'NAME': cfg.store_file - } - }, - DEBUG=cfg.develop, - FORCE_SCRIPT_NAME=cfg.server_dir, - INSTALLED_APPS=applications, - IPWARE_META_PRECEDENCE_ORDER=ipware_meta_precedence_order, - LANGUAGES=get_languages(), - LOGGING=log.get_configuration(), - LOGIN_URL='users:login', - LOGIN_REDIRECT_URL='index', - MESSAGE_TAGS={message_constants.ERROR: 'danger'}, - MIDDLEWARE=( - 'django.middleware.security.SecurityMiddleware', - 'django.contrib.sessions.middleware.SessionMiddleware', - 'django.middleware.locale.LocaleMiddleware', - 'django.middleware.common.CommonMiddleware', - 'django.middleware.csrf.CsrfViewMiddleware', - 'django.contrib.auth.middleware.AuthenticationMiddleware', - 'django.contrib.messages.middleware.MessageMiddleware', - 'django.middleware.clickjacking.XFrameOptionsMiddleware', - 'stronghold.middleware.LoginRequiredMiddleware', - 'plinth.middleware.AdminRequiredMiddleware', - 'plinth.middleware.FirstSetupMiddleware', - 'plinth.modules.first_boot.middleware.FirstBootMiddleware', - 'plinth.middleware.SetupMiddleware', - ), - PASSWORD_HASHERS=[ - 'django.contrib.auth.hashers.Argon2PasswordHasher', - 'django.contrib.auth.hashers.PBKDF2PasswordHasher', - 'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher', - 'django.contrib.auth.hashers.BCryptSHA256PasswordHasher', - ], - ROOT_URLCONF='plinth.urls', - SECURE_BROWSER_XSS_FILTER=True, - SECURE_CONTENT_TYPE_NOSNIFF=True, - SECURE_PROXY_SSL_HEADER=secure_proxy_ssl_header, - SESSION_ENGINE='django.contrib.sessions.backends.file', - SESSION_FILE_PATH=sessions_directory, - STATIC_URL='/'.join([cfg.server_dir, 'static/']).replace('//', '/'), - # STRONGHOLD_PUBLIC_URLS=(r'^captcha/', ), - STRONGHOLD_PUBLIC_NAMED_URLS=( - 'captcha-image', - 'captcha-image-2x', - 'captcha-audio', - 'captcha-refresh', - ), - TEMPLATES=templates, - TIME_ZONE='UTC', - USE_L10N=True, - USE_TZ=True, - USE_X_FORWARDED_HOST=cfg.use_x_forwarded_host) + kwargs = {} + for setting in dir(settings): + if setting.isupper(): + kwargs[setting] = getattr(settings, setting) + + django.conf.settings.configure(**kwargs) django.setup(set_prefix=True) - logger.debug('Configured Django with applications - %s', applications) + logger.debug('Configured Django with applications - %s', + settings.INSTALLED_APPS) logger.debug('Creating or adding new tables to data file') verbosity = 1 if cfg.develop else 0