zulip/zproject/dev_settings.py


# For the Dev VM environment, we use the same settings as the
# sample prod_settings.py file, with a few exceptions.
from .prod_settings_template import *
import os
from typing import Set

LOCAL_UPLOADS_DIR = 'var/uploads'
EMAIL_LOG_DIR = "/var/log/zulip/email.log"
# Check if test_settings.py set EXTERNAL_HOST.
EXTERNAL_HOST = os.getenv('EXTERNAL_HOST')
if EXTERNAL_HOST is None:
    EXTERNAL_HOST = 'zulipdev.com:9991'
ALLOWED_HOSTS = ['*']

# Uncomment extra backends if you want to test with them.  Note that
# for Google and GitHub auth you'll need to do some pre-setup.
AUTHENTICATION_BACKENDS = (
    'zproject.backends.DevAuthBackend',
    'zproject.backends.EmailAuthBackend',
    'zproject.backends.GitHubAuthBackend',
    'zproject.backends.GoogleMobileOauth2Backend',
)

EXTERNAL_URI_SCHEME = "http://"
EMAIL_GATEWAY_PATTERN = "%s@" + EXTERNAL_HOST
NOTIFICATION_BOT = "notification-bot@zulip.com"
ERROR_BOT = "error-bot@zulip.com"
NEW_USER_BOT = "new-user-bot@zulip.com"
EMAIL_GATEWAY_BOT = "emailgateway@zulip.com"
PHYSICAL_ADDRESS = "Zulip Headquarters, 123 Octo Stream, South Pacific Ocean"
EXTRA_INSTALLED_APPS = ["zilencer", "analytics"]
# Disable Camo in development
CAMO_URI = ''
OPEN_REALM_CREATION = True

EMBEDDED_BOTS_ENABLED = True

SAVE_FRONTEND_STACKTRACES = True
EVENT_LOGS_ENABLED = True
SYSTEM_ONLY_REALMS = set()  # type: Set[str]
USING_PGROONGA = True
# Flush cache after migration.
POST_MIGRATION_CACHE_FLUSHING = True  # type: bool

# Enable inline open graph preview in development for now
INLINE_URL_EMBED_PREVIEW = True

# Don't require anything about password strength in development
PASSWORD_MIN_LENGTH = 0
PASSWORD_MIN_GUESSES = 0
Refactor out zproject/dev_settings.py. 2016-06-17 02:30:48 +02:00
			`# For the Dev VM environment, we use the same settings as the`
Rename local_settings.py symlink to prod_settings.py. 2016-07-20 05:42:43 +02:00			`# sample prod_settings.py file, with a few exceptions.`
Rename local_settings_template to prod_settings_template. 2016-07-20 05:45:50 +02:00			`from .prod_settings_template import *`
Fix EXTERNAL_HOST computations in test_settings.py. test_settings.py was setting EXTERNAL_HOST after importing settings.py, which has several variables (like SERVER_URI) that are computed from EXTERNAL_HOST. [tweaked by tabbott to add comments explaining the story here]. 2016-10-06 01:42:24 +02:00			`import os`
dev_settings: Fix linter error in recent mypy work. 2017-03-05 00:34:09 +01:00			`from typing import Set`
Refactor out zproject/dev_settings.py. 2016-06-17 02:30:48 +02:00
Update upload dir to var/uploads. tools/provision.py: Create directory var/uploads. zproject/local_settings_template.py: Update Upload dir to var/uploads. zproject/dev_settings.py: Update upload dir to var/uploads. 2016-07-16 16:13:17 +02:00			`LOCAL_UPLOADS_DIR = 'var/uploads'`
emails: Log emails that are queued or sent in dev environment. Tweaked by tabbott to add some comments and clarify the code. 2017-09-24 00:39:19 +02:00			`EMAIL_LOG_DIR = "/var/log/zulip/email.log"`
dev_settings.py: Set EXTERNAL_HOST when REALMS_HAVE_SUBDOMAINS. Sets EXTERNAL_HOST to zulipdev.com:9991 when REALMS_HAVE_SUBDOMAINS, since subdomains don't currently work with localhost anyway. 2016-10-27 23:14:23 +02:00			`# Check if test_settings.py set EXTERNAL_HOST.`
			`EXTERNAL_HOST = os.getenv('EXTERNAL_HOST')`
			`if EXTERNAL_HOST is None:`
subdomains: Hardcode REALMS_HAVE_SUBDOMAINS=True. 2017-10-02 08:32:09 +02:00			`EXTERNAL_HOST = 'zulipdev.com:9991'`
Add option for hosting each realm on its own subdomain. This adds support for running a Zulip production server with each realm on its own unique subdomain, e.g. https://realm_name.example.com. This patch includes a ton of important features: * Configuring the Zulip sesion middleware to issue cookier correctly for the subdomains case. * Throwing an error if the user tries to visit an invalid subdomain. * Runs a portion of the Casper tests with REALMS_HAVE_SUBDOMAINS enabled to test the subdomain signup process. * Updating our integrations documentation to refer to the current subdomain. * Enforces that users can only login to the subdomain of their realm (but does not restrict the API; that will be tightened in a future commit). Note that toggling settings.REALMS_HAVE_SUBDOMAINS on a live server is not supported without manual intervention (the main problem will be adding "subdomain" values for all the existing realms). [substantially modified by tabbott as part of merging] 2016-07-19 14:35:08 +02:00			`ALLOWED_HOSTS = ['*']`
auth: Separate development login from main login page. This allows us to enable EmailAuthBackend by default in development without cluttering the development login experience. Fixes #3652. 2017-03-18 01:58:45 +01:00
			`# Uncomment extra backends if you want to test with them. Note that`
			`# for Google and GitHub auth you'll need to do some pre-setup.`
			`AUTHENTICATION_BACKENDS = (`
			`'zproject.backends.DevAuthBackend',`
			`'zproject.backends.EmailAuthBackend',`
settings: Enable GitHub and Google auth by default in dev. We now show the GitHub/Google auth buttons by default, and just have a reasonable error message for anyone who clicks them. Fixes #3651. 2017-08-16 18:19:03 +02:00			`'zproject.backends.GitHubAuthBackend',`
			`'zproject.backends.GoogleMobileOauth2Backend',`
auth: Separate development login from main login page. This allows us to enable EmailAuthBackend by default in development without cluttering the development login experience. Fixes #3652. 2017-03-18 01:58:45 +01:00			`)`

Refactor out zproject/dev_settings.py. 2016-06-17 02:30:48 +02:00			`EXTERNAL_URI_SCHEME = "http://"`
			`EMAIL_GATEWAY_PATTERN = "%s@" + EXTERNAL_HOST`
			`NOTIFICATION_BOT = "notification-bot@zulip.com"`
			`ERROR_BOT = "error-bot@zulip.com"`
			`NEW_USER_BOT = "new-user-bot@zulip.com"`
			`EMAIL_GATEWAY_BOT = "emailgateway@zulip.com"`
server settings: Add setting for MAILING_ADDRESS. The rules here are fuzzy, and it's quite possible none of Zulip's emails need an address at all. Every country has its own rules though, which makes it hard to tell. In general, transactional emails do not need an address, and marketing emails do. 2017-10-19 04:09:53 +02:00			`PHYSICAL_ADDRESS = "Zulip Headquarters, 123 Octo Stream, South Pacific Ocean"`
Refactor out zproject/dev_settings.py. 2016-06-17 02:30:48 +02:00			`EXTRA_INSTALLED_APPS = ["zilencer", "analytics"]`
			`# Disable Camo in development`
			`CAMO_URI = ''`
Add interface for creating new realms. This is controlled by settings.OPEN_REALM_CREATION; if that setting is off, this feature doesn't do anything. 2016-06-03 01:02:58 +02:00			`OPEN_REALM_CREATION = True`

Embedded bots: Add support for creating embedded bots via the API. Adds support to add "Embedded bot" Service objects. This service handles every embedded bot. Extracted from "Embedded bots: Add support to add embedded bots from UI" by Robert Honig. Tweaked by tabbott to be disabled by default. 2017-07-14 16:44:07 +02:00			`EMBEDDED_BOTS_ENABLED = True`

settings: Extract settings.SAVE_FRONTEND_STACKTRACES. 2016-07-19 06:44:48 +02:00			`SAVE_FRONTEND_STACKTRACES = True`
settings: Extract EVENT_LOGS_ENABLED setting. 2016-08-12 20:09:38 +02:00			`EVENT_LOGS_ENABLED = True`
pep8: Add compliance with rule E261 zproject/dev_settings.py. 2017-07-09 01:41:52 +02:00			`SYSTEM_ONLY_REALMS = set() # type: Set[str]`
Support full text search for all languages using pgroonga. This adds support for using PGroonga to back the Zulip full-text search feature. Because built-in PostgreSQL full text search doesn't support languages that don't put space between terms such as Japanese, Chinese and so on. PGroonga supports all languages including Japanese and Chinese. Developers will need to re-provision when rebasing past this patch for the tests to pass, since provision is what installs the PGroonga package and extension. PGroonga is enabled by default in development but not in production; the hope is that after the PGroonga support is tested further, we can enable it by default. Fixes #615. [docs and tests tweaked by tabbott] 2016-04-24 17:08:51 +02:00			`USING_PGROONGA = True`
caching: Add configuration class for post-migration cache flushing. - To avoid redefining migrate manage command is added new application configuration class which emit post_migration signal. This signal require models module inside application and defined AppConfig Instance as signal sender. Documentation here: https://docs.djangoproject.com/en/1.8/ref/signals/#post-migrate. - Add AppConf subclass to __init__ zerver app file to make apllication load it by default. Fixes #1084. 2016-10-17 18:11:16 +02:00			`# Flush cache after migration.`
			`POST_MIGRATION_CACHE_FLUSHING = True # type: bool`
Add oembed/Open Graph/Meta tags data retrieval from inline links. This change adds support for displaying inline open graph previews for links posted into Zulip. It is designed to interact correctly with message editing. This adds the new settings.INLINE_URL_EMBED_PREVIEW setting to control whether this feature is enabled. By default, this setting is currently disabled, so that we can burn it in for a bit before it impacts users more broadly. Eventually, we may want to make this manageable via a (set of?) per-realm settings. E.g. I can imagine a realm wanting to be able to enable/disable it for certain URLs. 2016-10-27 12:06:44 +02:00
			`# Enable inline open graph preview in development for now`
			`INLINE_URL_EMBED_PREVIEW = True`
settings: Disable password strength checking in development. 2017-03-22 21:08:56 +01:00
			`# Don't require anything about password strength in development`
			`PASSWORD_MIN_LENGTH = 0`
passwords: Express the quality threshold as guesses required. The original "quality score" was invented purely for populating our password-strength progress bar, and isn't expressed in terms that are particularly meaningful. For configuration and the core accept/reject logic, it's better to use units that are readily understood. Switch to those. I considered using "bits of entropy", defined loosely as the log of this number, but both the zxcvbn paper and the linked CACM article (which I recommend!) are written in terms of the number of guesses. And reading (most of) those two papers made me less happy about referring to "entropy" in our terminology. I already knew that notion was a little fuzzy if looked at too closely, and I gained a better appreciation of how it's contributed to confusion in discussing password policies and to adoption of perverse policies that favor "Password1!" over "derived unusual ravioli raft". So, "guesses" it is. And although the log is handy for some analysis purposes (certainly for a graph like those in the zxcvbn paper), it adds a layer of abstraction, and I think makes it harder to think clearly about attacks, especially in the online setting. So just use the actual number, and if someone wants to set a gigantic value, they will have the pleasure of seeing just how many digits are involved. (Thanks to @YJDave for a prototype that the code changes in this commit are based on.) 2017-10-03 19:48:06 +02:00			`PASSWORD_MIN_GUESSES = 0`