Newer
Older
# See https://docs.djangoproject.com/en/dev/howto/deployment/checklist/
SECRET_KEY = '<CHANGE ME TO SOME RANDOM STRING ONCE IN PRODUCTION>'
# Configure the following as url as above.
RELATE_BASE_URL = "http://YOUR/RELATE/SITE/DOMAIN"
# Uncomment this to use a real database. If left commented out, a local SQLite3
# database will be used, which is not recommended for production use.
#
# DATABASES = {
# 'default': {
# 'PASSWORD': '<PASSWORD>',
# 'HOST': '127.0.0.1',
# 'PORT': '5432',
# }
# }
# Recommended, because dulwich is kind of slow in retrieving stuff.
#
# Also, progress bars for long-running operations will only work
# properly if you enable this. (or a similar out-of-process cache
# backend)
#
# 'default': {
# 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
# 'LOCATION': '127.0.0.1:11211',
# }
# SECURITY WARNING: don't run with debug turned on in production!
TIME_ZONE = "America/Chicago"
# }}}
# {{{ git storage
# Your course git repositories will be stored under this directory.
# Make sure it's writable by your web user.
# The default below makes them sit side-by-side with your relate checkout,
# which makes sense for development, but you probably want to change this
# in production.
#
# The 'course identifiers' you enter will be directory names below this root.
#GIT_ROOT = "/some/where"
GIT_ROOT = ".."
EMAIL_HOST = '127.0.0.1'
EMAIL_HOST_USER = ''
EMAIL_HOST_PASSWORD = ''
EMAIL_PORT = 25
EMAIL_USE_TLS = False
ROBOT_EMAIL_FROM = "Example Admin <admin@example.com>"
RELATE_ADMIN_EMAIL_LOCALE = "en_US"
# Cool down time (seconds) required before another new session of a flow
# is allowed to be started.
RELATE_SESSION_RESTART_COOLDOWN_SECONDS = 10
SERVER_EMAIL = ROBOT_EMAIL_FROM
("Example Admin", "admin@example.com"),
)
RELATE_SIGN_IN_BY_EMAIL_ENABLED = True
RELATE_REGISTRATION_ENABLED = False
RELATE_SIGN_IN_BY_EXAM_TICKETS_ENABLED = True
# If you enable this, you must also have saml_config.py in this directory.
# See saml_config.py.example for help.
RELATE_SIGN_IN_BY_SAML2_ENABLED = False
# {{{ editable institutional id before verification?
# If set to False, user won't be able to edit institutional ID
# after submission. Set to False only when you trust your students
# or you don't want to verfiy insitutional ID they submit.
RELATE_EDITABLE_INST_ID_BEFORE_VERIFICATION = True
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
# {{{ user full_name format
# RELATE's default fullname format is "'%s %s' % (first_name, last_name)",
# you can override it by supply a customized method/fuction, with
# "firstname" and "lastname" as its paramaters, and return a string.
# For example, you can define it like this:
#<code>
# def my_fullname_format(firstname, lastname)
# return "%s%s" % (last_name, first_name)
#</code>
# and then uncomment the following line and enable it with:
#RELATE_USER_FULL_NAME_FORMAT = my_fullname_format
# You can also import it from your custom module.
# }}}
# {{{ system email appelation priority
# RELATE's default email appelation is a ordered list:
# ["first_name", "email", "username"], when first_name is not None
# (e.g, first_name = "Foo"), the email will be opened
# by "Dear Foo,". If first_name is None, then email will be used
# as appelation, so on and so force.
# you can override the appelation priority by supply a customized list,
# available list named RELATE_EMAIL_APPELATION_PRIORITY_LIST. The available
# elements include first_name, last_name, get_full_name, email and
# username.
#RELATE_EMAIL_APPELATION_PRIORITY_LIST = ["first_name", "email", "username", "full_name"]
# }}}
# {{{
# When displayed in lists, user realname is diplayed by two fields,
# last_name and first_name, so that the bpth fields can be ordered.
# You can set the following configuration to True if you want to
# display name using full_name format.
# RELATE_DISPLAY_USER_FULLNAME_IN_LIST = True
# }}}
# A string containing the image ID of the docker image to be used to run
# student Python code. Docker should download the image on first run.
RELATE_DOCKER_RUNPY_IMAGE = "inducer/relate-runpy-i386"
# A URL pointing to the Docker command interface which RELATE should use
# to spawn containers for student code.
RELATE_DOCKER_URL = "unix://var/run/docker.sock"
RELATE_DOCKER_TLS_CONFIG = None
# Example setup for targeting remote Docker instances
# with TLS authentication:
# RELATE_DOCKER_URL = "https://relate.cs.illinois.edu:2375"
#
# import os.path
#
# import docker.tls
# RELATE_DOCKER_TLS_CONFIG = docker.tls.TLSConfig(
# client_cert=(
# os.path.join(pki_base_dir, "client-cert.pem"),
# os.path.join(pki_base_dir, "client-key.pem"),
# ca_cert=os.path.join(pki_base_dir, "ca.pem"),
# }}}
# {{{ maintenance and announcements
# May be set to a string to set a sitewide announcement visible on every page.
RELATE_SITE_ANNOUNCEMENT = None
# Uncomment this to enable i18n, change 'en-us' to locale name your language.
# Make sure you have generated, translate and compile the message file of your
# language. If commented, RELATE will use default language 'en-us'.
#LANGUAGE_CODE='en-us'
RELATE_FACILITIES = {
"test_center": {
"ip_ranges": [
"192.168.192.0/24",
],
"exams_only": False,
# For how many minutes is an exam ticket still usable for login after its first
# use?
RELATE_TICKET_MINUTES_VALID_AFTER_USE = 12*60
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
# {{{ saml2 (optional)
if RELATE_SIGN_IN_BY_SAML2_ENABLED:
from os import path
import saml2.saml
_BASEDIR = path.dirname(path.abspath(__file__))
_BASE_URL = 'https://relate.cs.illinois.edu'
SAML_CONFIG = {
# full path to the xmlsec1 binary programm
'xmlsec_binary': '/usr/bin/xmlsec1',
# your entity id, usually your subdomain plus the url to the metadata view
# (usually no need to change)
'entityid': _BASE_URL + '/saml2/metadata/',
# directory with attribute mapping
# (already populated with samples from djangosaml2, usually no need to
# change)
'attribute_map_dir': path.join(_BASEDIR, 'saml-config', 'attribute-maps'),
# this block states what services we provide
'service': {
'sp': {
'name': 'RELATE SAML2 SP',
'name_id_format': saml2.saml.NAMEID_FORMAT_TRANSIENT,
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
'endpoints': {
# url and binding to the assertion consumer service view
# do not change the binding or service name
'assertion_consumer_service': [
(_BASE_URL + '/saml2/acs/',
saml2.BINDING_HTTP_POST),
],
# url and binding to the single logout service view
# do not change the binding or service name
'single_logout_service': [
(_BASE_URL + '/saml2/ls/',
saml2.BINDING_HTTP_REDIRECT),
(_BASE_URL + '/saml2/ls/post',
saml2.BINDING_HTTP_POST),
],
},
# attributes that this project needs to identify a user
'required_attributes': ['uid'],
# attributes that may be useful to have but not required
'optional_attributes': ['eduPersonAffiliation'],
# in this section the list of IdPs we talk to are defined
'idp': {
# Find the entity ID of your IdP and make this the key here:
'urn:mace:incommon:uiuc.edu': {
'single_sign_on_service': {
# Add the POST and REDIRECT bindings for the sign on service here:
saml2.BINDING_HTTP_POST:
'https://shibboleth.illinois.edu/idp/profile/SAML2/POST/SSO',
saml2.BINDING_HTTP_REDIRECT:
'https://shibboleth.illinois.edu/idp/profile/SAML2/Redirect/SSO',
},
'single_logout_service': {
# And the REDIRECT binding for the logout service here:
saml2.BINDING_HTTP_REDIRECT:
'https://shibboleth.illinois.edu/idp/logout.jsp', # noqa
},
},
},
},
},
# You will get this XML file from your institution. It has finite validity
# and will need to be re-downloaded periodically.
#
# "itrust" is an example name that's valid for the University of Illinois.
# This particular file is public and lives at
# https://discovery.itrust.illinois.edu/itrust-metadata/itrust-metadata.xml
'metadata': {
'local': [path.join(_BASEDIR, 'saml-config', 'itrust-metadata.xml')],
},
# set to 1 to output debugging information
'debug': 1,
# certificate
# see saml2-keygen.sh in this directory
'key_file': path.join(_BASEDIR, 'saml-config', 'sp-key.pem'), # private part
'cert_file': path.join(_BASEDIR, 'saml-config', 'sp-cert.pem'), # public part
# own metadata settings
'contact_person': [
{'given_name': 'Andreas',
'sur_name': 'Kloeckner',
'company': 'CS - University of Illinois',
'email_address': 'andreask@illinois.edu',
'contact_type': 'technical'},
{'given_name': 'Andreas',
'sur_name': 'Kloeckner',
'company': 'CS - University of Illinois',
'email_address': 'andreask@illinois.edu',
'contact_type': 'administrative'},
],
# you can set multilanguage information here
'organization': {
'name': [('RELATE', 'en')],
'display_name': [('RELATE', 'en')],
'url': [(_BASE_URL, 'en')],
},
'valid_for': 24, # how long is our metadata valid
}
# }}}
# vim: filetype=python:foldmethod=marker