diff --git a/admin/base/settings/defaults.py b/admin/base/settings/defaults.py index f0647492f67..85b25a57ef4 100644 --- a/admin/base/settings/defaults.py +++ b/admin/base/settings/defaults.py @@ -3,7 +3,9 @@ """ from django.contrib import messages + from api.base.settings import * # noqa + # TODO ALL SETTINGS FROM API WILL BE IMPORTED AND WILL NEED TO BE OVERRRIDEN # TODO THIS IS A STEP TOWARD INTEGRATING ADMIN & API INTO ONE PROJECT @@ -15,27 +17,17 @@ # Quick-start development settings - unsuitable for production # See https://docs.djangoproject.com/en/1.8/howto/deployment/checklist/ -# from the OSF settings -# SECURITY WARNING: keep the secret key used in production secret! -SECRET_KEY = osf_settings.SECRET_KEY - # Don't allow migrations DATABASE_ROUTERS = ['admin.base.db.router.NoMigrationRouter'] # SECURITY WARNING: don't run with debug turned on in production! -DEBUG = osf_settings.DEBUG_MODE -DEBUG_PROPAGATE_EXCEPTIONS = True - # session: SESSION_COOKIE_NAME = 'admin' -SESSION_COOKIE_SECURE = osf_settings.SECURE_MODE -SESSION_COOKIE_HTTPONLY = osf_settings.SESSION_COOKIE_HTTPONLY # csrf: CSRF_COOKIE_NAME = 'admin-csrf' -CSRF_COOKIE_SECURE = osf_settings.SECURE_MODE # set to False for admin draft registration uses a SPA and ajax and grab the token to use it in the requests CSRF_COOKIE_HTTPONLY = False @@ -63,9 +55,9 @@ # Sendgrid Email Settings - Using OSF credentials. # Add settings references to local.py -EMAIL_HOST = osf_settings.MAIL_SERVER -EMAIL_HOST_USER = osf_settings.MAIL_USERNAME -EMAIL_HOST_PASSWORD = osf_settings.MAIL_PASSWORD +EMAIL_HOST = MAIL_SERVER +EMAIL_HOST_USER = MAIL_USERNAME +EMAIL_HOST_PASSWORD = MAIL_PASSWORD EMAIL_PORT = 587 EMAIL_USE_TLS = True @@ -115,23 +107,25 @@ 'addons_twofactor': None, } -USE_TZ = True -TIME_ZONE = 'UTC' - # local development using https -if osf_settings.SECURE_MODE and osf_settings.DEBUG_MODE: +if SECURE_MODE and DEBUG_MODE: INSTALLED_APPS += ('sslserver',) -# Custom user model (extends AbstractBaseUser) -AUTH_USER_MODEL = 'osf.OSFUser' - -# Settings related to CORS Headers addon: allow API to receive authenticated requests from OSF -# CORS plugin only matches based on "netloc" part of URL, so as workaround we add that to the list -CORS_ORIGIN_ALLOW_ALL = False -CORS_ORIGIN_WHITELIST = ( - osf_settings.DOMAIN.rstrip('/'), -) -CORS_ALLOW_CREDENTIALS = True +TEMPLATES = [ + { + 'BACKEND': 'django.template.backends.django.DjangoTemplates', + 'DIRS': [os.path.join(BASE_DIR, 'templates')], + 'APP_DIRS': True, + 'OPTIONS': { + 'context_processors': [ + 'django.template.context_processors.debug', + 'django.template.context_processors.request', + 'django.contrib.auth.context_processors.auth', + 'django.contrib.messages.context_processors.messages', + ], + } + } +] MIDDLEWARE = ( # TokuMX transaction support @@ -158,20 +152,6 @@ messages.WARNING: 'text-warning', } -TEMPLATES = [ - { - 'BACKEND': 'django.template.backends.django.DjangoTemplates', - 'DIRS': [os.path.join(BASE_DIR, 'templates')], - 'APP_DIRS': True, - 'OPTIONS': { - 'context_processors': [ - 'django.template.context_processors.debug', - 'django.template.context_processors.request', - 'django.contrib.auth.context_processors.auth', - 'django.contrib.messages.context_processors.messages', - ], - } - }] ROOT_URLCONF = 'admin.base.urls' WSGI_APPLICATION = 'admin.base.wsgi.application' @@ -187,7 +167,6 @@ os.path.join(BASE_DIR, '../website/static'), ) -LANGUAGE_CODE = 'en-us' WEBPACK_LOADER = { 'DEFAULT': { @@ -200,9 +179,9 @@ NOSE_ARGS = ['--verbosity=2'] # Keen.io settings in local.py -KEEN_PROJECT_ID = osf_settings.KEEN['private']['project_id'] -KEEN_READ_KEY = osf_settings.KEEN['private']['read_key'] -KEEN_WRITE_KEY = osf_settings.KEEN['private']['write_key'] +KEEN_PROJECT_ID = KEEN['private']['project_id'] +KEEN_READ_KEY = KEEN['private']['read_key'] +KEEN_WRITE_KEY = KEEN['private']['write_key'] KEEN_CREDENTIALS = { 'keen_ready': False @@ -222,8 +201,6 @@ TINYMCE_APIKEY = '' -SHARE_URL = osf_settings.SHARE_URL -API_DOMAIN = osf_settings.API_DOMAIN if DEBUG: INSTALLED_APPS += ('debug_toolbar', 'nplusone.ext.django',) diff --git a/admin/base/settings/local-dist.py b/admin/base/settings/local-dist.py index 2da039fd6d0..a427e4df9cb 100644 --- a/admin/base/settings/local-dist.py +++ b/admin/base/settings/local-dist.py @@ -1,3 +1,8 @@ ## The default development email backend is the django console backend, as set in ## defaults.py. If you wish to enable sendgrid, uncomment the following line: # EMAIL_BACKEND = 'sendgrid_backend.SendgridBackend' +ALLOWED_HOSTS = [ + '.osf.io', + 'localhost:8001', + 'localhost', +] diff --git a/api/base/settings/defaults.py b/api/base/settings/defaults.py index d74e744f787..1ec4ba8beb5 100644 --- a/api/base/settings/defaults.py +++ b/api/base/settings/defaults.py @@ -14,7 +14,7 @@ from corsheaders.defaults import default_headers -from website import settings as osf_settings +from website.settings import * # noqa: F403 BASE_DIR = os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))) # Quick-start development settings - unsuitable for production @@ -43,32 +43,26 @@ AUTH_USER_MODEL = 'osf.OSFUser' -# SECURITY WARNING: keep the secret key used in production secret! -SECRET_KEY = osf_settings.SECRET_KEY - AUTHENTICATION_BACKENDS = ( 'api.base.authentication.backends.ODMBackend', 'guardian.backends.ObjectPermissionBackend', ) +DEBUG = DEBUG_MODE # SECURITY WARNING: don't run with debug turned on in production! -DEV_MODE = osf_settings.DEV_MODE -DEBUG = osf_settings.DEBUG_MODE DEBUG_PROPAGATE_EXCEPTIONS = True # session: -SESSION_COOKIE_NAME = osf_settings.COOKIE_NAME -SESSION_COOKIE_SECURE = osf_settings.SECURE_MODE -SESSION_COOKIE_HTTPONLY = osf_settings.SESSION_COOKIE_HTTPONLY -SESSION_COOKIE_SAMESITE = osf_settings.SESSION_COOKIE_SAMESITE +SESSION_COOKIE_NAME = COOKIE_NAME +SESSION_COOKIE_SECURE = SECURE_MODE SESSION_COOKIE_AGE = 2592000 # 30 days in seconds SESSION_ENGINE = 'django.contrib.sessions.backends.cache' SESSION_CACHE_ALIAS = 'redis' # csrf: CSRF_COOKIE_NAME = 'api-csrf' -CSRF_COOKIE_SECURE = osf_settings.SECURE_MODE -CSRF_COOKIE_HTTPONLY = osf_settings.SECURE_MODE +CSRF_COOKIE_SECURE = SECURE_MODE +CSRF_COOKIE_HTTPONLY = SECURE_MODE ALLOWED_HOSTS = [ '.osf.io', @@ -121,7 +115,7 @@ ) # local development using https -if osf_settings.SECURE_MODE and DEBUG: +if SECURE_MODE and DEBUG: INSTALLED_APPS += ('sslserver',) BULK_SETTINGS = { @@ -202,9 +196,7 @@ # Settings related to CORS Headers addon: allow API to receive authenticated requests from OSF # CORS plugin only matches based on "netloc" part of URL, so as workaround we add that to the list CORS_ORIGIN_ALLOW_ALL = False -CORS_ORIGIN_WHITELIST = ( - osf_settings.DOMAIN.rstrip('/'), -) +CORS_ORIGIN_WHITELIST = DOMAIN.rstrip('/'), # This needs to remain True to allow cross origin requests that are in CORS_ORIGIN_WHITELIST to # use cookies. CORS_ALLOW_CREDENTIALS = True @@ -270,7 +262,7 @@ DEFAULT_FILE_STORAGE = 'api.base.storage.RequestlessURLGoogleCloudStorage' GS_BUCKET_NAME = os.environ.get('GS_BUCKET_NAME', 'cos-osf-stage-cdn-us') GS_FILE_OVERWRITE = os.environ.get('GS_FILE_OVERWRITE', False) -elif osf_settings.DEV_MODE or osf_settings.DEBUG_MODE: +elif DEV_MODE or DEBUG_MODE: DEFAULT_FILE_STORAGE = 'api.base.storage.DevFileSystemStorage' # https://docs.djangoproject.com/en/1.8/howto/static-files/ @@ -281,18 +273,12 @@ API_PRIVATE_BASE = '_/' STATIC_URL = '/static/' -NODE_CATEGORY_MAP = osf_settings.NODE_CATEGORY_MAP DEBUG_TRANSACTIONS = DEBUG JWT_SECRET = b'osf_api_cas_login_jwt_secret_32b' JWE_SECRET = b'osf_api_cas_login_jwe_secret_32b' -ENABLE_VARNISH = osf_settings.ENABLE_VARNISH -ENABLE_ESI = osf_settings.ENABLE_ESI -VARNISH_SERVERS = osf_settings.VARNISH_SERVERS -ESI_MEDIA_TYPES = osf_settings.ESI_MEDIA_TYPES - ADDONS_FOLDER_CONFIGURABLE = ['box', 'dropbox', 's3', 'googledrive', 'figshare', 'owncloud', 'onedrive'] ADDONS_OAUTH = ADDONS_FOLDER_CONFIGURABLE + ['dataverse', 'github', 'bitbucket', 'gitlab', 'mendeley', 'zotero', 'forward', 'boa'] diff --git a/api/comments/serializers.py b/api/comments/serializers.py index 6dafa8707ee..d09c0b4a272 100644 --- a/api/comments/serializers.py +++ b/api/comments/serializers.py @@ -8,7 +8,7 @@ from rest_framework.exceptions import ValidationError, PermissionDenied from api.base.exceptions import InvalidModelValueError, Conflict from api.base.utils import absolute_reverse -from api.base.settings import osf_settings +from website import settings as osf_settings from api.base.serializers import ( JSONAPISerializer, TargetField, diff --git a/api_tests/comments/views/test_comment_detail.py b/api_tests/comments/views/test_comment_detail.py index 59d09e00fa9..1e527d18612 100644 --- a/api_tests/comments/views/test_comment_detail.py +++ b/api_tests/comments/views/test_comment_detail.py @@ -4,7 +4,7 @@ from addons.wiki.tests.factories import WikiFactory from api.base.settings.defaults import API_BASE -from api.base.settings import osf_settings +from website import settings as osf_settings from api_tests import utils as test_utils from framework.auth import core from osf.models import Guid diff --git a/api_tests/nodes/views/test_node_comments_list.py b/api_tests/nodes/views/test_node_comments_list.py index 7f50be911a8..f3e34089da9 100644 --- a/api_tests/nodes/views/test_node_comments_list.py +++ b/api_tests/nodes/views/test_node_comments_list.py @@ -1,7 +1,7 @@ import pytest from addons.wiki.tests.factories import WikiFactory -from api.base.settings import osf_settings +from website import settings as osf_settings from api.base.settings.defaults import API_BASE from api_tests import utils as test_utils from framework.auth import core