Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zulip/zproject/dev_settings.py

221 lines
8.0 KiB
Python
Raw Normal View History

Fix EXTERNAL_HOST computations in test_settings.py. test_settings.py was setting EXTERNAL_HOST after importing settings.py, which has several variables (like SERVER_URI) that are computed from EXTERNAL_HOST. [tweaked by tabbott to add comments explaining the story here].
2016-10-06 01:42:24 +02:00
import os
droplets: Set EXTERNAL_HOST to username.zulipdev.org:9991.
2017-11-10 23:44:00 +01:00
import pwd
Refactor out zproject/dev_settings.py.
2016-06-17 02:30:48 +02:00
zthumbor: Remove Python 2 residue. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-07-07 01:26:50 +02:00
from scripts.lib.zulip_tools import deport
settings_type: Extract new module for types used in settings. This breaks an import cycle that prevented django-stubs from inferring types for django.conf.settings. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-09-24 06:44:08 +02:00
from zproject.settings_types import SCIMConfigDict
settings: Split hostname from port more carefully. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-27 02:37:49 +02:00
dev_settings: Set ZULIP_ADMINISTRATOR. Fixes this error in the dev environment: $ ./manage.py checkconfig Error: You must set ZULIP_ADMINISTRATOR in /etc/zulip/settings.py. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-08 03:24:49 +02:00
ZULIP_ADMINISTRATOR = "desdemona+admin@zulip.com"
settings: Refactor how TEST_SUITE is configured. This is designed to allow us to access the value inside configured_settings.py
2023-12-04 05:53:00 +01:00
# Initiatize TEST_SUITE early, so other code can rely on the setting.
TEST_SUITE = os.getenv("ZULIP_TEST_SUITE") == "true"
export: Fix finding manage.py to export usermessages. We were using a hardcoded relative path, which doesn't work if you're not running this from the root of the Zulip checkout. As part of fixing this, we need to make `LOCAL_UPLOADS_DIR` an absolute path. Fixes #11581.
2019-02-15 20:23:54 +01:00
# We want LOCAL_UPLOADS_DIR to be an absolute path so that code can
Revert "dev_settings: Deduplicate DEPLOY_ROOT definition." This reverts commit b8acd82b7223779ef83b161d4190accb6c3ccd59.
2020-06-10 11:11:00 +02:00
# chdir without having problems accessing it. Unfortunately, this
# means we need a duplicate definition of DEPLOY_ROOT with the one in
# settings.py.
DEPLOY_ROOT = os.path.realpath(os.path.dirname(os.path.dirname(__file__)))
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
LOCAL_UPLOADS_DIR = os.path.join(DEPLOY_ROOT, "var/uploads")
export: Fix finding manage.py to export usermessages. We were using a hardcoded relative path, which doesn't work if you're not running this from the root of the Zulip checkout. As part of fixing this, we need to make `LOCAL_UPLOADS_DIR` an absolute path. Fixes #11581.
2019-02-15 20:23:54 +01:00
dev_settings: Fix run-dev SyntaxError. zthumbor loads dev_settings from Python 2. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-25 05:07:50 +02:00
# We assume dev droplets are the only places where
# users use zulipdev as the user.
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
IS_DEV_DROPLET = pwd.getpwuid(os.getuid()).pw_name == "zulipdev"
droplet settings: Fix hostname-related settings. We recently changed our droplet setup such that their host names no longer include zulipdev.org. This caused a few things to break. The particular symptom that this commit fixes is that we were trying to server static assets from showell:9991 instead of showell.zulipdev.org:9991, which meant that you couldn't use the app locally. (The server would start, but the site's pretty unusable without static assets.) Now we rely 100% on `dev_settings.py` to set `EXTERNAL_HOST` for any droplet users who don't set that var in their own environment. That allows us to remove some essentially duplicate code in `run-dev.py`. We also set `IS_DEV_DROPLET` explicitly, so that other code doesn't have to make inferences or duplicate logic to detemine whether we're a droplet or not. And then in `settings.py` we use `IS_DEV_DROPLET` to know that we can use a prod-like method of calculating `STATIC_URL`, instead of hard coding `localhost`. We may want to iterate on this further--this was sort of a quick fix to get droplets functional again. It's possible we can re-configure droplets to have folks get reasonable `EXTERNAL_HOST` settings in their bash profiles, or something like that, although that may have its own tradeoffs.
2020-04-24 20:47:22 +02:00
emails: Add option to forward mails send in dev env to external email. Fixes #7085.
2017-10-25 01:58:05 +02:00
FORWARD_ADDRESS_CONFIG_FILE = "var/forward_address.ini"
dev_settings.py: Set EXTERNAL_HOST when REALMS_HAVE_SUBDOMAINS. Sets EXTERNAL_HOST to zulipdev.com:9991 when REALMS_HAVE_SUBDOMAINS, since subdomains don't currently work with localhost anyway.
2016-10-27 23:14:23 +02:00
# Check if test_settings.py set EXTERNAL_HOST.
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
external_host_env = os.getenv("EXTERNAL_HOST")
settings: Fix typing for EXTERNAL_HOST. The previous logic has a reassignment of EXTERNAL_HOST temporarily to Optional[str], which we don't want.
2019-07-24 02:21:03 +02:00
if external_host_env is None:
droplet settings: Fix hostname-related settings. We recently changed our droplet setup such that their host names no longer include zulipdev.org. This caused a few things to break. The particular symptom that this commit fixes is that we were trying to server static assets from showell:9991 instead of showell.zulipdev.org:9991, which meant that you couldn't use the app locally. (The server would start, but the site's pretty unusable without static assets.) Now we rely 100% on `dev_settings.py` to set `EXTERNAL_HOST` for any droplet users who don't set that var in their own environment. That allows us to remove some essentially duplicate code in `run-dev.py`. We also set `IS_DEV_DROPLET` explicitly, so that other code doesn't have to make inferences or duplicate logic to detemine whether we're a droplet or not. And then in `settings.py` we use `IS_DEV_DROPLET` to know that we can use a prod-like method of calculating `STATIC_URL`, instead of hard coding `localhost`. We may want to iterate on this further--this was sort of a quick fix to get droplets functional again. It's possible we can re-configure droplets to have folks get reasonable `EXTERNAL_HOST` settings in their bash profiles, or something like that, although that may have its own tradeoffs.
2020-04-24 20:47:22 +02:00
if IS_DEV_DROPLET:
droplets: Set the hostname correctly using cloud-init.
2020-04-27 20:35:16 +02:00
# For our droplets, we use the hostname (eg github_username.zulipdev.org) by default.
run-dev: Drop .py from script name. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-03-04 02:17:54 +01:00
# Note that this code is duplicated in run-dev.
droplets: Set the hostname correctly using cloud-init.
2020-04-27 20:35:16 +02:00
EXTERNAL_HOST = os.uname()[1].lower() + ":9991"
droplets: Set EXTERNAL_HOST to username.zulipdev.org:9991.
2017-11-10 23:44:00 +01:00
else:
# For local development environments, we use localhost by
# default, via the "zulipdev.com" hostname.
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
EXTERNAL_HOST = "zulipdev.com:9991"
dev_settings: Add localhost:9991 as realm host for zulip realm. [greg: Tweaked explanatory comment.]
2017-11-11 21:32:33 +01:00
# Serve the main dev realm at the literal name "localhost",
# so it works out of the box even when not on the Internet.
REALM_HOSTS = {
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
"zulip": "localhost:9991",
dev_settings: Add localhost:9991 as realm host for zulip realm. [greg: Tweaked explanatory comment.]
2017-11-11 21:32:33 +01:00
}
Set REALM_HOSTS based on EXTERNAL_HOST if it is available. Also update remote.md to recommend setting EXTERNAL_HOST in an environment variable. Fixes #8670
2018-03-13 13:20:59 +01:00
else:
settings: Fix typing for EXTERNAL_HOST. The previous logic has a reassignment of EXTERNAL_HOST temporarily to Optional[str], which we don't want.
2019-07-24 02:21:03 +02:00
EXTERNAL_HOST = external_host_env
Set REALM_HOSTS based on EXTERNAL_HOST if it is available. Also update remote.md to recommend setting EXTERNAL_HOST in an environment variable. Fixes #8670
2018-03-13 13:20:59 +01:00
REALM_HOSTS = {
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
"zulip": EXTERNAL_HOST,
Set REALM_HOSTS based on EXTERNAL_HOST if it is available. Also update remote.md to recommend setting EXTERNAL_HOST in an environment variable. Fixes #8670
2018-03-13 13:20:59 +01:00
}
zthumbor: Remove Python 2 residue. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-07-07 01:26:50 +02:00
EXTERNAL_HOST_WITHOUT_PORT = deport(EXTERNAL_HOST)
settings: Split hostname from port more carefully. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-27 02:37:49 +02:00
settings: Set FAKE_EMAIL_DOMAIN for development environment. This is necessary to use the development environment with an IP address EXTERNAL_HOST, which is used in mobile development.
2020-07-28 20:39:06 +02:00
FAKE_EMAIL_DOMAIN = "zulipdev.com"
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
ALLOWED_HOSTS = ["*"]
auth: Separate development login from main login page. This allows us to enable EmailAuthBackend by default in development without cluttering the development login experience. Fixes #3652.
2017-03-18 01:58:45 +01:00
# Uncomment extra backends if you want to test with them. Note that
# for Google and GitHub auth you'll need to do some pre-setup.
ruff: Fix UP006 Use `list` instead of `List` for type annotation. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-07-12 02:30:17 +02:00
AUTHENTICATION_BACKENDS: tuple[str, ...] = (
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
"zproject.backends.DevAuthBackend",
"zproject.backends.EmailAuthBackend",
"zproject.backends.GitHubAuthBackend",
"zproject.backends.GoogleAuthBackend",
"zproject.backends.SAMLAuthBackend",
auth: Add support for Azure Active Directory authentication. This takes advantage of all of our work on making the python-social-auth integration reusable for other authentication backends.
2018-10-05 14:32:02 +02:00
# 'zproject.backends.AzureADAuthBackend',
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
"zproject.backends.GitLabAuthBackend",
"zproject.backends.AppleAuthBackend",
auth: Implement a generic OpenID Connect backend. Fixes #11939.
2021-05-21 16:45:43 +02:00
"zproject.backends.GenericOpenIdConnectBackend",
settings: Convert variable type annotations to Python 3.6 style. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-07-07 02:05:02 +02:00
)
auth: Separate development login from main login page. This allows us to enable EmailAuthBackend by default in development without cluttering the development login experience. Fixes #3652.
2017-03-18 01:58:45 +01:00
Refactor out zproject/dev_settings.py.
2016-06-17 02:30:48 +02:00
EXTERNAL_URI_SCHEME = "http://"
run-dev: Add flag to allow JSON requests through HTTPS proxy.
2023-03-13 04:06:55 +01:00
if os.getenv("BEHIND_HTTPS_PROXY"):
# URLs served by the development environment will be HTTPS
EXTERNAL_URI_SCHEME = "https://"
# Trust requests from this host (required due to Nginx proxy)
CSRF_TRUSTED_ORIGINS = [EXTERNAL_URI_SCHEME + EXTERNAL_HOST]
settings: Split hostname from port more carefully. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-27 02:37:49 +02:00
EMAIL_GATEWAY_PATTERN = "%s@" + EXTERNAL_HOST_WITHOUT_PORT
Refactor out zproject/dev_settings.py.
2016-06-17 02:30:48 +02:00
NOTIFICATION_BOT = "notification-bot@zulip.com"
EMAIL_GATEWAY_BOT = "emailgateway@zulip.com"
server settings: Add setting for MAILING_ADDRESS. The rules here are fuzzy, and it's quite possible none of Zulip's emails need an address at all. Every country has its own rules though, which makes it hard to tell. In general, transactional emails do not need an address, and marketing emails do.
2017-10-19 04:09:53 +02:00
PHYSICAL_ADDRESS = "Zulip Headquarters, 123 Octo Stream, South Pacific Ocean"
billing: Add option to request a sponsorship in /upgrade.
2020-06-09 12:24:32 +02:00
STAFF_SUBDOMAIN = "zulip"
billing: Move billing-related views and urls to corporate.
2018-09-25 12:24:11 +02:00
EXTRA_INSTALLED_APPS = ["zilencer", "analytics", "corporate"]
Refactor out zproject/dev_settings.py.
2016-06-17 02:30:48 +02:00
# Disable Camo in development
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
CAMO_URI = ""
settings: Disable KaTeX server in development. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-07-18 02:32:27 +02:00
KATEX_SERVER = False
antispam: Don't let new accounts in open realms immediately send invites. We haven't had a problem with this yet, but this should help prevent it.
2017-12-05 06:31:21 +01:00
tornado: Merge the TORNADO_SERVER and TORNADO_PORTS configs. Having both of these is confusing; TORNADO_SERVER is used only when there is one TORNADO_PORT. Its primary use is actually to be _unset_, and signal that in-process handling is to be done. Rename to USING_TORNADO, to parallel the existing USING_RABBITMQ, and switch the places that used it for its contents to using TORNADO_PORTS.
2020-09-17 00:30:45 +02:00
TORNADO_PORTS = [9993]
tornado: Move default production port to 9800. In development and test, we keep the Tornado port at 9993 and 9983, respectively; this allows tests to run while a dev instance is running. In production, moving to port 9800 consistently removes an odd edge case, when just one worker is on an entirely different port than if two workers are used.
2020-09-15 01:35:44 +02:00
Add interface for creating new realms. This is controlled by settings.OPEN_REALM_CREATION; if that setting is off, this feature doesn't do anything.
2016-06-03 01:02:58 +02:00
OPEN_REALM_CREATION = True
settings: Add web_public_streams_enabled server setting. This new setting both serves as a guard to allow us to merge API support for web public streams to main before we're ready for this feature to be available on Zulip Cloud, and also long term will protect self-hosted servers from accidentally enabling web-public streams (which could be a scary possibility for the administrators of a corporate Zulip server).
2021-09-21 19:49:12 +02:00
WEB_PUBLIC_STREAMS_ENABLED = True
antispam: Don't let new accounts in open realms immediately send invites. We haven't had a problem with this yet, but this should help prevent it.
2017-12-05 06:31:21 +01:00
INVITES_MIN_USER_AGE_DAYS = 0
Add interface for creating new realms. This is controlled by settings.OPEN_REALM_CREATION; if that setting is off, this feature doesn't do anything.
2016-06-03 01:02:58 +02:00
settings: Allow customizing HOME_NOT_LOGGED_IN. This can be useful if one wants a third-party authentication system to apply first.
2022-05-09 04:53:19 +02:00
# Redirect to /devlogin/ by default in dev mode
settings: Add CUSTOM_HOME_NOT_LOGGED_IN for type narrowing. django-stubs dynamically collects the type annotation for us from the settings, acknowledging mypy that `HOME_NOT_LOGGED_IN` is an `Optional[str]`. Type narrowing with assertions does not play well with the default value of the decorator, so we define the same setting variable with a different name as `CUSTOM_HOME_NOT_LOGGED_IN` to bypass this restriction. Filed python/mypy#13087 to track this issue. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-07-08 02:27:56 +02:00
CUSTOM_HOME_NOT_LOGGED_IN = "/devlogin/"
settings: Allow customizing HOME_NOT_LOGGED_IN. This can be useful if one wants a third-party authentication system to apply first.
2022-05-09 04:53:19 +02:00
LOGIN_URL = "/devlogin/"
portico: Use /help/ style pages for displaying policies. This replaces the TERMS_OF_SERVICE and PRIVACY_POLICY settings with just a POLICIES_DIRECTORY setting, in order to support settings (like Zulip Cloud) where there's more policies than just those two. With minor changes by Eeshan Garg.
2021-11-03 21:36:54 +01:00
# For development convenience, configure the ToS/Privacy Policies
POLICIES_DIRECTORY = "corporate/policies"
TERMS_OF_SERVICE_VERSION = "1.0"
ruff: Fix UP007 Use `X | Y` for type annotations. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-07-12 02:30:23 +02:00
TERMS_OF_SERVICE_MESSAGE: str | None = "Description of changes to the ToS!"
corporate: Add Zulip Cloud privacy policy and terms of service. Including these in the project makes it easier to do development on the Terms/Privacy section of the Zulip website.
2018-05-25 21:41:06 +02:00
Embedded bots: Add support for creating embedded bots via the API. Adds support to add "Embedded bot" Service objects. This service handles every embedded bot. Extracted from "Embedded bots: Add support to add embedded bots from UI" by Robert Honig. Tweaked by tabbott to be disabled by default.
2017-07-14 16:44:07 +02:00
EMBEDDED_BOTS_ENABLED = True
ruff: Fix UP006 Use `list` instead of `List` for type annotation. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-07-12 02:30:17 +02:00
SYSTEM_ONLY_REALMS: set[str] = set()
pgroonga: Re-enable PGroonga in development. This partially reverts commit fdabf0b357b69d2a0577c04319370d69c8c45b60 (#21104). Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-12 03:39:06 +01:00
USING_PGROONGA = True
caching: Add configuration class for post-migration cache flushing. - To avoid redefining migrate manage command is added new application configuration class which emit post_migration signal. This signal require models module inside application and defined AppConfig Instance as signal sender. Documentation here: https://docs.djangoproject.com/en/1.8/ref/signals/#post-migrate. - Add AppConf subclass to __init__ zerver app file to make apllication load it by default. Fixes #1084.
2016-10-17 18:11:16 +02:00
# Flush cache after migration.
settings: Convert variable type annotations to Python 3.6 style. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-07-07 02:05:02 +02:00
POST_MIGRATION_CACHE_FLUSHING = True
Add oembed/Open Graph/Meta tags data retrieval from inline links. This change adds support for displaying inline open graph previews for links posted into Zulip. It is designed to interact correctly with message editing. This adds the new settings.INLINE_URL_EMBED_PREVIEW setting to control whether this feature is enabled. By default, this setting is currently disabled, so that we can burn it in for a bit before it impacts users more broadly. Eventually, we may want to make this manageable via a (set of?) per-realm settings. E.g. I can imagine a realm wanting to be able to enable/disable it for certain URLs.
2016-10-27 12:06:44 +02:00
push_notifs: Support APNs token auth, as well as cert auth. This will make it possible to send notifications to multiple distinct app IDs over the same connection.
2023-11-08 01:37:08 +01:00
# If a sandbox APNs key or cert is provided, use it.
# To create such a key or cert, see instructions at:
push_notifs: In dev, automatically use dev APNs cert if provided This lets us simplify the instructions for testing push notifications with a development client on iOS.
2023-11-03 00:42:01 +01:00
# https://github.com/zulip/zulip-mobile/blob/main/docs/howto/push-notifications.md#ios
push_notifs: Support APNs token auth, as well as cert auth. This will make it possible to send notifications to multiple distinct app IDs over the same connection.
2023-11-08 01:37:08 +01:00
_candidate_apns_token_key_file = "zproject/apns-dev-key.p8"
push_notifs: In dev, automatically use dev APNs cert if provided This lets us simplify the instructions for testing push notifications with a development client on iOS.
2023-11-03 00:42:01 +01:00
_candidate_apns_cert_file = "zproject/apns-dev.pem"
push_notifs: Support APNs token auth, as well as cert auth. This will make it possible to send notifications to multiple distinct app IDs over the same connection.
2023-11-08 01:37:08 +01:00
if os.path.isfile(_candidate_apns_token_key_file):
APNS_TOKEN_KEY_FILE = _candidate_apns_token_key_file
elif os.path.isfile(_candidate_apns_cert_file):
push_notifs: In dev, automatically use dev APNs cert if provided This lets us simplify the instructions for testing push notifications with a development client on iOS.
2023-11-03 00:42:01 +01:00
APNS_CERT_FILE = _candidate_apns_cert_file
settings: Disable password strength checking in development.
2017-03-22 21:08:56 +01:00
# Don't require anything about password strength in development
PASSWORD_MIN_LENGTH = 0
passwords: Express the quality threshold as guesses required. The original "quality score" was invented purely for populating our password-strength progress bar, and isn't expressed in terms that are particularly meaningful. For configuration and the core accept/reject logic, it's better to use units that are readily understood. Switch to those. I considered using "bits of entropy", defined loosely as the log of this number, but both the zxcvbn paper and the linked CACM article (which I recommend!) are written in terms of the number of guesses. And reading (most of) those two papers made me less happy about referring to "entropy" in our terminology. I already knew that notion was a little fuzzy if looked at too closely, and I gained a better appreciation of how it's contributed to confusion in discussing password policies and to adoption of perverse policies that favor "Password1!" over "derived unusual ravioli raft". So, "guesses" it is. And although the log is handy for some analysis purposes (certainly for a graph like those in the zxcvbn paper), it adds a layer of abstraction, and I think makes it harder to think clearly about attacks, especially in the online setting. So just use the actual number, and if someone wants to set a gigantic value, they will have the pleasure of seeing just how many digits are involved. (Thanks to @YJDave for a prototype that the code changes in this commit are based on.)
2017-10-03 19:48:06 +02:00
PASSWORD_MIN_GUESSES = 0
emails: Add option to forward mails send in dev env to external email. Fixes #7085.
2017-10-25 01:58:05 +02:00
two_factor: Add configuration and URLs. This adds django-two-factor to the project, but held behind settings.TWO_FACTOR_AUTHENTICATION_ENABLED, so that this has no effect by default.
2017-07-12 09:36:51 +02:00
# Two factor authentication: Use the fake backend for development.
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
TWO_FACTOR_CALL_GATEWAY = "two_factor.gateways.fake.Fake"
TWO_FACTOR_SMS_GATEWAY = "two_factor.gateways.fake.Fake"
local-uploads: Start running authentication checks on file requests. From here on we start to authenticate uploaded file request before serving this files in production. This involves allowing NGINX to pass on these file requests to Django for authentication and then serve these files by making use on internal redirect requests having x-accel-redirect field. The redirection on requests and loading of x-accel-redirect param is handled by django-sendfile. NOTE: This commit starts to authenticate these requests for Zulip servers running platforms either Ubuntu Xenial (16.04) or above. Fixes: #320 and #291 partially.
2018-02-12 18:18:03 +01:00
auth: Add fakeldap based authentication method in development environment. This uses the MockLDAP class of fakeldap to fake a ldap server, based on the approach already used in the tests in `test_auth_backends.py`. Adds the following settings: - FAKE_LDAP_MODE: Lets user choose out of three preset configurations. The default mode if someone erases the entry in settings is 'a'. The fake ldap server is disable if this option is set to None. - FAKE_LDAP_EXTRA_USERS: Number of extra users in LDAP directory beyond the default 8. Fixes #9934.
2018-08-04 01:44:49 +02:00
# FAKE_LDAP_MODE supports using a fake LDAP database in the
# development environment, without needing an LDAP server!
#
docs: Add missing space to compound verbs “log in”, “set up”, etc. Noun: backup, checkout, cleanup, login, logout, setup, shutdown, signup, timeout. Verb: back up, check out, clean up, log in, log out, set up, shut down, sign up, time out. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-04-25 23:05:38 +02:00
# Three modes are allowed, and each will set up Zulip and the fake LDAP
auth: Add fakeldap based authentication method in development environment. This uses the MockLDAP class of fakeldap to fake a ldap server, based on the approach already used in the tests in `test_auth_backends.py`. Adds the following settings: - FAKE_LDAP_MODE: Lets user choose out of three preset configurations. The default mode if someone erases the entry in settings is 'a'. The fake ldap server is disable if this option is set to None. - FAKE_LDAP_EXTRA_USERS: Number of extra users in LDAP directory beyond the default 8. Fixes #9934.
2018-08-04 01:44:49 +02:00
# database in a way appropriate for the corresponding mode described
docs: Clean up documentation for fakeldap testing in development.
2018-09-27 22:30:29 +02:00
# in https://zulip.readthedocs.io/en/latest/production/authentication-methods.html#ldap-including-active-directory
auth: Add fakeldap based authentication method in development environment. This uses the MockLDAP class of fakeldap to fake a ldap server, based on the approach already used in the tests in `test_auth_backends.py`. Adds the following settings: - FAKE_LDAP_MODE: Lets user choose out of three preset configurations. The default mode if someone erases the entry in settings is 'a'. The fake ldap server is disable if this option is set to None. - FAKE_LDAP_EXTRA_USERS: Number of extra users in LDAP directory beyond the default 8. Fixes #9934.
2018-08-04 01:44:49 +02:00
# (A) If users' email addresses are in LDAP and used as username.
# (B) If LDAP only has usernames but email addresses are of the form
# username@example.com
# (C) If LDAP usernames are completely unrelated to email addresses.
#
docs: Clean up documentation for fakeldap testing in development.
2018-09-27 22:30:29 +02:00
# Fake LDAP data has e.g. ("ldapuser1", "ldapuser1@zulip.com") for username/email.
ruff: Fix UP007 Use `X | Y` for type annotations. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-07-12 02:30:23 +02:00
FAKE_LDAP_MODE: str | None = None
auth: Use different defaults for name and email for fakeldap. Fixes part of #10297. Use FAKE_LDAP_NUM_USERS which specifies the number of LDAP users instead of FAKE_LDAP_EXTRA_USERS which specified the number of extra users.
2018-08-18 02:35:19 +02:00
# FAKE_LDAP_NUM_USERS = 8
auth: Add fakeldap based authentication method in development environment. This uses the MockLDAP class of fakeldap to fake a ldap server, based on the approach already used in the tests in `test_auth_backends.py`. Adds the following settings: - FAKE_LDAP_MODE: Lets user choose out of three preset configurations. The default mode if someone erases the entry in settings is 'a'. The fake ldap server is disable if this option is set to None. - FAKE_LDAP_EXTRA_USERS: Number of extra users in LDAP directory beyond the default 8. Fixes #9934.
2018-08-04 01:44:49 +02:00
if FAKE_LDAP_MODE:
ldap: Fix development environment configuration. The state of the FAKELDAP setup for the dev env has fallen behind the backend changes and updates to fakeldap (which implemented SCOPE_ONELEVEL searches), as well as having some other minor issues. This commit restore it to a working state and now all three config modes work properly.
2019-11-07 06:57:09 +01:00
import ldap
from django_auth_ldap.config import LDAPSearch
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
settings: Configure LDAP avatar synchronization in dev environment. This should make it a lot more convenient to do manual testing of these common LDAP configuration options.
2019-06-17 22:11:29 +02:00
# To understand these parameters, read the docs in
# prod_settings_template.py and on ReadTheDocs.
auth: Add fakeldap based authentication method in development environment. This uses the MockLDAP class of fakeldap to fake a ldap server, based on the approach already used in the tests in `test_auth_backends.py`. Adds the following settings: - FAKE_LDAP_MODE: Lets user choose out of three preset configurations. The default mode if someone erases the entry in settings is 'a'. The fake ldap server is disable if this option is set to None. - FAKE_LDAP_EXTRA_USERS: Number of extra users in LDAP directory beyond the default 8. Fixes #9934.
2018-08-04 01:44:49 +02:00
LDAP_APPEND_DOMAIN = None
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
AUTH_LDAP_USER_SEARCH = LDAPSearch(
"ou=users,dc=zulip,dc=com", ldap.SCOPE_ONELEVEL, "(uid=%(user)s)"
)
AUTH_LDAP_REVERSE_EMAIL_SEARCH = LDAPSearch(
"ou=users,dc=zulip,dc=com", ldap.SCOPE_ONELEVEL, "(email=%(email)s)"
)
auth: Add fakeldap based authentication method in development environment. This uses the MockLDAP class of fakeldap to fake a ldap server, based on the approach already used in the tests in `test_auth_backends.py`. Adds the following settings: - FAKE_LDAP_MODE: Lets user choose out of three preset configurations. The default mode if someone erases the entry in settings is 'a'. The fake ldap server is disable if this option is set to None. - FAKE_LDAP_EXTRA_USERS: Number of extra users in LDAP directory beyond the default 8. Fixes #9934.
2018-08-04 01:44:49 +02:00
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
if FAKE_LDAP_MODE == "a":
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
AUTH_LDAP_REVERSE_EMAIL_SEARCH = LDAPSearch(
"ou=users,dc=zulip,dc=com", ldap.SCOPE_ONELEVEL, "(uid=%(email)s)"
)
ldap: Fix development environment configuration. The state of the FAKELDAP setup for the dev env has fallen behind the backend changes and updates to fakeldap (which implemented SCOPE_ONELEVEL searches), as well as having some other minor issues. This commit restore it to a working state and now all three config modes work properly.
2019-11-07 06:57:09 +01:00
AUTH_LDAP_USERNAME_ATTR = "uid"
settings: Configure LDAP avatar synchronization in dev environment. This should make it a lot more convenient to do manual testing of these common LDAP configuration options.
2019-06-17 22:11:29 +02:00
AUTH_LDAP_USER_ATTR_MAP = {
"full_name": "cn",
"avatar": "thumbnailPhoto",
# This won't do much unless one changes the fact that
# all users have LDAP_USER_ACCOUNT_CONTROL_NORMAL in
# zerver/lib/dev_ldap_directory.py
"userAccountControl": "userAccountControl",
}
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
elif FAKE_LDAP_MODE == "b":
LDAP_APPEND_DOMAIN = "zulip.com"
settings: Configure LDAP avatar synchronization in dev environment. This should make it a lot more convenient to do manual testing of these common LDAP configuration options.
2019-06-17 22:11:29 +02:00
AUTH_LDAP_USER_ATTR_MAP = {
"full_name": "cn",
"avatar": "jpegPhoto",
"custom_profile_field__birthday": "birthDate",
"custom_profile_field__phone_number": "phoneNumber",
}
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
elif FAKE_LDAP_MODE == "c":
ldap: Fix development environment configuration. The state of the FAKELDAP setup for the dev env has fallen behind the backend changes and updates to fakeldap (which implemented SCOPE_ONELEVEL searches), as well as having some other minor issues. This commit restore it to a working state and now all three config modes work properly.
2019-11-07 06:57:09 +01:00
AUTH_LDAP_USERNAME_ATTR = "uid"
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
LDAP_EMAIL_ATTR = "email"
settings: Configure LDAP avatar synchronization in dev environment. This should make it a lot more convenient to do manual testing of these common LDAP configuration options.
2019-06-17 22:11:29 +02:00
AUTH_LDAP_USER_ATTR_MAP = {
"full_name": "cn",
}
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
AUTHENTICATION_BACKENDS += ("zproject.backends.ZulipLDAPAuthBackend",)
auth: Add fakeldap based authentication method in development environment. This uses the MockLDAP class of fakeldap to fake a ldap server, based on the approach already used in the tests in `test_auth_backends.py`. Adds the following settings: - FAKE_LDAP_MODE: Lets user choose out of three preset configurations. The default mode if someone erases the entry in settings is 'a'. The fake ldap server is disable if this option is set to None. - FAKE_LDAP_EXTRA_USERS: Number of extra users in LDAP directory beyond the default 8. Fixes #9934.
2018-08-04 01:44:49 +02:00
models: Add plan_type to Realm.
2018-08-09 21:38:22 +02:00
BILLING_ENABLED = True
ruff: Fix UP007 Use `X | Y` for type annotations. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-07-12 02:30:23 +02:00
LANDING_PAGE_NAVBAR_MESSAGE: str | None = None
portico: Enable default ToS for development environment.
2019-07-23 02:34:59 +02:00
run-dev: Drop .py from script name. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-03-04 02:17:54 +01:00
# Our run-dev proxy uses X-Forwarded-Port to communicate to Django
run-dev: Set HTTP header to show we're proxing from port 9991. Previously, while Django code that relied on EXTERNAL_HOST and other settings would know the Zulip server is actually on port 9991, the upcoming Django SAML code in python-social-auth would end up detecting a port of 9992 (the one the Django server is actually listening on). We fix this using X-Forwarded-Port.
2019-10-07 06:16:51 +02:00
# that the request is actually on port 9991, not port 9992 (the Django
# server's own port); this setting tells Django to read that HTTP
# header. Important for SAML authentication in the development
# environment.
USE_X_FORWARDED_PORT = True
auth: Add initial SAML authentication support. There are a few outstanding issues that we expect to resolve beforce including this in a release, but this is good checkpoint to merge. This PR is a collaboration with Tim Abbott. Fixes #716.
2019-09-29 06:32:56 +02:00
# Override the default SAML entity ID
dev_settings. Adjust SAML entity id for the dev environment. The trailing slash has no good reason to be there and is also inconsistent with how we instruct to set up Audience Restriction in the Okta SAML setup docs for the dev environment.
2020-04-30 14:46:19 +02:00
SOCIAL_AUTH_SAML_SP_ENTITY_ID = "http://localhost:9991"
settings: Support optional memcached authentication. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-01-02 23:19:27 +01:00
dev_settings: Set SOCIAL_AUTH_SUBDOMAIN to "auth". This allows testing the social auth subdomain in the dev environment, by accessing auth.zulipdev.com.
2021-08-23 15:14:05 +02:00
SOCIAL_AUTH_SUBDOMAIN = "auth"
ruff: Fix UP007 Use `X | Y` for type annotations. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-07-12 02:30:23 +02:00
MEMCACHED_USERNAME: str | None = None
auth: Add support for using SCIM for account management.
2021-09-10 18:36:56 +02:00
ruff: Fix UP006 Use `list` instead of `List` for type annotation. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-07-12 02:30:17 +02:00
SCIM_CONFIG: dict[str, SCIMConfigDict] = {
auth: Add support for using SCIM for account management.
2021-09-10 18:36:56 +02:00
"zulip": {
"bearer_token": "token1234",
"scim_client_name": "test-scim-client",
"name_formatted_included": True,
}
}
auth: Allow easier bouncer testing in dev env.
2023-10-02 01:52:22 +02:00
requests: Add SELF_HOSTING_MANAGEMENT_SUBDOMAIN.
2023-11-20 20:16:03 +01:00
SELF_HOSTING_MANAGEMENT_SUBDOMAIN = "selfhosting"
settings: Simplify testing push bouncer. We already override PUSH_NOTIFICATION_BOUNCER_URL in test_extra_settings.py, so making this change should have as its only impact making it a bit easier to test the push notifications bouncer manually in a development environment. I submitted a related PR to the mobile app documentation for testing the push notifications software against a production server motivated by this.
2023-12-11 01:29:57 +01:00
DEVELOPMENT_DISABLE_PUSH_BOUNCER_DOMAIN_CHECK = True
settings: Rework how push notifications service is configured. Instead of the PUSH_NOTIFICATIONS_BOUNCER_URL and SUBMIT_USAGE_STATISTICS settings, we want servers to configure individual ZULIP_SERVICE_* settings, while maintaining backward compatibility with the old settings. Thus, if all the new ZULIP_SERVICE_* are at their default False value, but the legacy settings are activated, they need to be translated in computed_settings to the modern way.
2024-07-16 22:52:01 +02:00
ZULIP_SERVICES_URL = f"http://push.{EXTERNAL_HOST}"
ZULIP_SERVICE_PUSH_NOTIFICATIONS = True
ZULIP_SERVICE_SUBMIT_USAGE_STATISTICS = True
user_groups: Add server level setting disallow anonymous groups for settings. This commit adds a server level setting which controls whether the setting can be set to anonymous user groups. We only allow it in the tests for now because the UI can only handle named user groups.
2024-05-30 05:45:38 +02:00
topic: Add resolve topic undo grace period. Currently we send a notification to the topic if it has been resolved or unresolved even if there is an immediate event of resolving and then unresolving or vice-versa. This adds a setting of RESOLVE_TOPIC_UNDO_GRACE_PERIOD_SECONDS under which if a topic has been unresolved after being resolved immediately and the last message was the notification of resolving, then delete the last message and don't send a new notification and vice-versa. We use the new message.type field to precisely identify relevant messages. Fixes #19181. Co-authored-by: Mateusz Mandera <mateusz.mandera@zulip.com>
2024-06-04 22:43:37 +02:00
# This value needs to be lower in development than usual to allow
# for quicker testing of the feature.
RESOLVE_TOPIC_UNDO_GRACE_PERIOD_SECONDS = 5
dev_settings: Fix landing page not accessible on root domain. The ROOT_DOMAIN_LANDING_PAGE boolean setting is set based on whether the root domain is a landing page or can host a realm. We set it to False by default as we don't expect it to be used by someone outside zulip.com (mentioned in 3173db37f7904221). But the development environment uses the root domain 'zulipdev.com' as landing page and the default realm is hosted at the subdomain 'zulip.zulipdev.com'. So, this commit overrides the default value in 'dev_settings.py'. Earlier, the zulip.com equivalent landing pages, including the help center pages were not accessible in the dev environment. This commit fixes those bugs. Fixes #30750.
2024-09-02 13:55:45 +02:00
# In a dev environment, 'zulipdev.com:9991' is used to access the landing page.
# See: https://zulip.readthedocs.io/en/latest/subsystems/realms.html#working-with-subdomains-in-development-environment
ROOT_DOMAIN_LANDING_PAGE = True