Not sure how a messed-up version of this got into this commit, but it needs to go.
This commit is contained in:
Ken Sternberg
parent
9768684c3c
commit
a31588668d
|
|
@ -13,11 +13,7 @@ from authentik.lib.config import CONFIG
|
||||||
from authentik.lib.logging import get_logger_config, structlog_configure
|
from authentik.lib.logging import get_logger_config, structlog_configure
|
||||||
from authentik.lib.sentry import sentry_init
|
from authentik.lib.sentry import sentry_init
|
||||||
from authentik.lib.utils.reflection import get_env
|
from authentik.lib.utils.reflection import get_env
|
||||||
from authentik.stages.password import (
|
from authentik.stages.password import BACKEND_APP_PASSWORD, BACKEND_INBUILT, BACKEND_LDAP
|
||||||
BACKEND_APP_PASSWORD,
|
|
||||||
BACKEND_INBUILT,
|
|
||||||
BACKEND_LDAP,
|
|
||||||
)
|
|
||||||
|
|
||||||
BASE_DIR = Path(__file__).absolute().parent.parent.parent
|
BASE_DIR = Path(__file__).absolute().parent.parent.parent
|
||||||
STATICFILES_DIRS = [BASE_DIR / Path("web")]
|
STATICFILES_DIRS = [BASE_DIR / Path("web")]
|
||||||
|
|
@ -133,9 +129,7 @@ SPECTACULAR_SETTINGS = {
|
||||||
"CONTACT": {
|
"CONTACT": {
|
||||||
"email": "hello@goauthentik.io",
|
"email": "hello@goauthentik.io",
|
||||||
},
|
},
|
||||||
"AUTHENTICATION_WHITELIST": [
|
"AUTHENTICATION_WHITELIST": ["authentik.api.authentication.TokenAuthentication"],
|
||||||
"authentik.api.authentication.TokenAuthentication"
|
|
||||||
],
|
|
||||||
"LICENSE": {
|
"LICENSE": {
|
||||||
"name": "MIT",
|
"name": "MIT",
|
||||||
"url": "https://github.com/goauthentik/authentik/blob/main/LICENSE",
|
"url": "https://github.com/goauthentik/authentik/blob/main/LICENSE",
|
||||||
|
|
@ -171,9 +165,7 @@ REST_FRAMEWORK = {
|
||||||
"DEFAULT_PARSER_CLASSES": [
|
"DEFAULT_PARSER_CLASSES": [
|
||||||
"rest_framework.parsers.JSONParser",
|
"rest_framework.parsers.JSONParser",
|
||||||
],
|
],
|
||||||
"DEFAULT_PERMISSION_CLASSES": (
|
"DEFAULT_PERMISSION_CLASSES": ("authentik.rbac.permissions.ObjectPermissions",),
|
||||||
"authentik.rbac.permissions.ObjectPermissions",
|
|
||||||
),
|
|
||||||
"DEFAULT_AUTHENTICATION_CLASSES": (
|
"DEFAULT_AUTHENTICATION_CLASSES": (
|
||||||
"authentik.api.authentication.TokenAuthentication",
|
"authentik.api.authentication.TokenAuthentication",
|
||||||
"rest_framework.authentication.SessionAuthentication",
|
"rest_framework.authentication.SessionAuthentication",
|
||||||
|
|
@ -193,9 +185,7 @@ _redis_protocol_prefix = "redis://"
|
||||||
_redis_celery_tls_requirements = ""
|
_redis_celery_tls_requirements = ""
|
||||||
if CONFIG.get_bool("redis.tls", False):
|
if CONFIG.get_bool("redis.tls", False):
|
||||||
_redis_protocol_prefix = "rediss://"
|
_redis_protocol_prefix = "rediss://"
|
||||||
_redis_celery_tls_requirements = (
|
_redis_celery_tls_requirements = f"?ssl_cert_reqs={CONFIG.get('redis.tls_reqs')}"
|
||||||
f"?ssl_cert_reqs={CONFIG.get('redis.tls_reqs')}"
|
|
||||||
)
|
|
||||||
_redis_url = (
|
_redis_url = (
|
||||||
f"{_redis_protocol_prefix}:"
|
f"{_redis_protocol_prefix}:"
|
||||||
f"{quote_plus(CONFIG.get('redis.password'))}@{quote_plus(CONFIG.get('redis.host'))}:"
|
f"{quote_plus(CONFIG.get('redis.password'))}@{quote_plus(CONFIG.get('redis.host'))}:"
|
||||||
|
|
@ -205,8 +195,7 @@ _redis_url = (
|
||||||
CACHES = {
|
CACHES = {
|
||||||
"default": {
|
"default": {
|
||||||
"BACKEND": "django_redis.cache.RedisCache",
|
"BACKEND": "django_redis.cache.RedisCache",
|
||||||
"LOCATION": CONFIG.get("cache.url")
|
"LOCATION": CONFIG.get("cache.url") or f"{_redis_url}/{CONFIG.get('redis.db')}",
|
||||||
or f"{_redis_url}/{CONFIG.get('redis.db')}",
|
|
||||||
"TIMEOUT": CONFIG.get_int("cache.timeout", 300),
|
"TIMEOUT": CONFIG.get_int("cache.timeout", 300),
|
||||||
"OPTIONS": {"CLIENT_CLASS": "django_redis.client.DefaultClient"},
|
"OPTIONS": {"CLIENT_CLASS": "django_redis.client.DefaultClient"},
|
||||||
"KEY_PREFIX": "authentik_cache",
|
"KEY_PREFIX": "authentik_cache",
|
||||||
|
|
@ -268,11 +257,7 @@ CHANNEL_LAYERS = {
|
||||||
"default": {
|
"default": {
|
||||||
"BACKEND": "channels_redis.pubsub.RedisPubSubChannelLayer",
|
"BACKEND": "channels_redis.pubsub.RedisPubSubChannelLayer",
|
||||||
"CONFIG": {
|
"CONFIG": {
|
||||||
"hosts": [
|
"hosts": [CONFIG.get("channel.url", f"{_redis_url}/{CONFIG.get('redis.db')}")],
|
||||||
CONFIG.get(
|
|
||||||
"channel.url", f"{_redis_url}/{CONFIG.get('redis.db')}"
|
|
||||||
)
|
|
||||||
],
|
|
||||||
"prefix": "authentik_channels_",
|
"prefix": "authentik_channels_",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
@ -333,9 +318,7 @@ AUTH_PASSWORD_VALIDATORS = [
|
||||||
},
|
},
|
||||||
{"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator"},
|
{"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator"},
|
||||||
{"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator"},
|
{"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator"},
|
||||||
{
|
{"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator"},
|
||||||
"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator"
|
|
||||||
},
|
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -372,9 +355,7 @@ CELERY = {
|
||||||
"task_default_queue": "authentik",
|
"task_default_queue": "authentik",
|
||||||
"broker_url": CONFIG.get("broker.url")
|
"broker_url": CONFIG.get("broker.url")
|
||||||
or f"{_redis_url}/{CONFIG.get('redis.db')}{_redis_celery_tls_requirements}",
|
or f"{_redis_url}/{CONFIG.get('redis.db')}{_redis_celery_tls_requirements}",
|
||||||
"broker_transport_options": CONFIG.get_dict_from_b64_json(
|
"broker_transport_options": CONFIG.get_dict_from_b64_json("broker.transport_options"),
|
||||||
"broker.transport_options"
|
|
||||||
),
|
|
||||||
"result_backend": CONFIG.get("result_backend.url")
|
"result_backend": CONFIG.get("result_backend.url")
|
||||||
or f"{_redis_url}/{CONFIG.get('redis.db')}{_redis_celery_tls_requirements}",
|
or f"{_redis_url}/{CONFIG.get('redis.db')}{_redis_celery_tls_requirements}",
|
||||||
}
|
}
|
||||||
|
|
@ -385,10 +366,7 @@ _ERROR_REPORTING = CONFIG.get_bool("error_reporting.enabled", False)
|
||||||
if _ERROR_REPORTING:
|
if _ERROR_REPORTING:
|
||||||
sentry_env = CONFIG.get("error_reporting.environment", "customer")
|
sentry_env = CONFIG.get("error_reporting.environment", "customer")
|
||||||
sentry_init()
|
sentry_init()
|
||||||
set_tag(
|
set_tag("authentik.uuid", sha512(str(SECRET_KEY).encode("ascii")).hexdigest()[:16])
|
||||||
"authentik.uuid",
|
|
||||||
sha512(str(SECRET_KEY).encode("ascii")).hexdigest()[:16],
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
# Static files (CSS, JavaScript, Images)
|
# Static files (CSS, JavaScript, Images)
|
||||||
|
|
@ -418,12 +396,8 @@ def _update_settings(app_path: str):
|
||||||
CONFIG.log("debug", "Loaded app settings", path=app_path)
|
CONFIG.log("debug", "Loaded app settings", path=app_path)
|
||||||
INSTALLED_APPS.extend(getattr(settings_module, "INSTALLED_APPS", []))
|
INSTALLED_APPS.extend(getattr(settings_module, "INSTALLED_APPS", []))
|
||||||
MIDDLEWARE.extend(getattr(settings_module, "MIDDLEWARE", []))
|
MIDDLEWARE.extend(getattr(settings_module, "MIDDLEWARE", []))
|
||||||
AUTHENTICATION_BACKENDS.extend(
|
AUTHENTICATION_BACKENDS.extend(getattr(settings_module, "AUTHENTICATION_BACKENDS", []))
|
||||||
getattr(settings_module, "AUTHENTICATION_BACKENDS", [])
|
CELERY["beat_schedule"].update(getattr(settings_module, "CELERY_BEAT_SCHEDULE", {}))
|
||||||
)
|
|
||||||
CELERY["beat_schedule"].update(
|
|
||||||
getattr(settings_module, "CELERY_BEAT_SCHEDULE", {})
|
|
||||||
)
|
|
||||||
for _attr in dir(settings_module):
|
for _attr in dir(settings_module):
|
||||||
if not _attr.startswith("__") and _attr not in _DISALLOWED_ITEMS:
|
if not _attr.startswith("__") and _attr not in _DISALLOWED_ITEMS:
|
||||||
globals()[_attr] = getattr(settings_module, _attr)
|
globals()[_attr] = getattr(settings_module, _attr)
|
||||||
|
|
|
||||||
Reference in New Issue