class DjangoFidoSettings(AppSettings):
"""Application specific settings."""
authentication_backends = cast(
List,
NestedListSetting(
inner_setting=CallablePathSetting(),
default=('django.contrib.auth.backends.ModelBackend', ),
transform_default=True,
))
rp_name = cast(Optional[str], StringSetting(default=None))
two_step_auth = BooleanSetting(default=True)
metadata_service = NestedDictSetting(settings=dict(
access_token=StringSetting(required=True),
url=StringSetting(default='https://mds2.fidoalliance.org/'),
timeout=Setting(default=3, validators=[timeout_validator]),
disable_cert_verification=BooleanSetting(default=False),
certificate=NestedListSetting(inner_setting=FileSetting(), default=[]),
crl_list=NestedListSetting(inner_setting=FileSetting(), default=[]),
),
default=None)
class Meta:
"""Meta class."""
setting_prefix = 'django_fido_'
class RdapAppSettings(AppSettings):
"""RDAP specific settings."""
CORBA_NETLOC = StringSetting(default='localhost')
CORBA_CONTEXT = StringSetting(default='fred')
LOGGER = StringSetting(default='grill.DummyLoggerClient')
LOGGER_OPTIONS = LoggerOptionsSetting(default={})
DISCLAIMER = ListSetting(default=None)
UNIX_WHOIS = StringSetting(default=None)
MAX_SIG_LIFE = IntegerSetting(default=None)
class Meta:
setting_prefix = 'RDAP_'
class WebwhoisAppSettings(AppSettings):
"""Web whois settings."""
CORBA_NETLOC = StringSetting(
default=partial(os.environ.get, 'FRED_WEBWHOIS_NETLOC', 'localhost'))
CORBA_CONTEXT = StringSetting(default='fred')
LOGGER = Setting(default='pylogger.corbalogger.Logger')
LOGGER_CORBA_NETLOC = StringSetting(
default=partial(_get_logger_defalt, 'CORBA_NETLOC'))
LOGGER_CORBA_CONTEXT = StringSetting(
default=partial(_get_logger_defalt, 'CORBA_CONTEXT'))
LOGGER_CORBA_OBJECT = StringSetting(default='Logger')
class Meta:
setting_prefix = 'WEBWHOIS_'
class DjangoFidoSettings(AppSettings):
"""Application specific settings."""
authentication_backends = cast(
List,
NestedListSetting(
inner_setting=CallablePathSetting(),
default=('django.contrib.auth.backends.ModelBackend', ),
transform_default=True,
))
rp_name = cast(Optional[str], StringSetting(default=None))
two_step_auth = BooleanSetting(default=True)
metadata_service = NestedDictSetting(settings=dict(
access_token=StringSetting(default=None),
mds_format=PositiveIntegerSetting(default=2),
url=StringSetting(default='https://mds2.fidoalliance.org/'),
timeout=Setting(default=3, validators=[timeout_validator]),
disable_cert_verification=BooleanSetting(default=False),
certificate=NestedListSetting(inner_setting=FileSetting(), default=[]),
crl_list=NestedListSetting(inner_setting=FileSetting(), default=[]),
),
default=None)
resident_key = BooleanSetting(default=False)
passwordless_auth = BooleanSetting(default=False)
@classmethod
def check(cls):
"""Extend parent class check method to perform further project specific settings check."""
super(DjangoFidoSettings, cls).check()
# check passwordless settings
if cls.settings['passwordless_auth'].get_value(
) and not cls.settings['resident_key'].get_value():
raise ImproperlyConfigured(
"To use passwordless auth, RESIDENT_KEY settings must be set to True"
)
if cls.settings['passwordless_auth'].get_value(
) and cls.settings['two_step_auth'].get_value():
raise ImproperlyConfigured(
"To use passwordless auth, TWO_STEP_AUTH must be set to False")
class Meta:
"""Meta class."""
setting_prefix = 'django_fido_'
class DjangoFidoSettings(AppSettings):
"""Application specific settings."""
authentication_backends = NestedListSetting(
inner_setting=CallablePathSetting(),
default=('django.contrib.auth.backends.ModelBackend', ),
transform_default=True,
)
rp_name = StringSetting(default=None)
two_step_auth = BooleanSetting(default=True)
class Meta:
"""Meta class."""
setting_prefix = 'django_fido_'
class ProxyServiceSettings(AppSettings):
"""eIDAS Node Proxy Service settings."""
request_token = NestedDictSetting(settings=dict(
hash_algorithm=StringSetting(default='sha256', min_length=1),
parameter_name=StringSetting(default='token', min_length=1),
secret=StringSetting(required=True, min_length=1),
issuer=StringSetting(required=True, min_length=1),
lifetime=PositiveIntegerSetting(default=10),
),
required=True)
response_token = NestedDictSetting(settings=dict(
hash_algorithm=StringSetting(default='sha256', min_length=1),
parameter_name=StringSetting(default='token', min_length=1),
secret=StringSetting(required=True, min_length=1),
issuer=StringSetting(required=True, min_length=1),
),
required=True)
identity_provider = NestedDictSetting(
settings=dict(
endpoint=StringSetting(required=True, min_length=1),
request_issuer=StringSetting(required=True, min_length=1),
request_signature=NestedDictSetting(
settings=dict(
# required=True leads to a strange error:
# "REQUEST_SIGNATURE setting is missing required item 'REQUEST_SIGNATURE'"
key_file=StringSetting(min_length=1),
cert_file=StringSetting(min_length=1),
signature_method=StringSetting(default='RSA_SHA512',
min_length=1),
digest_method=StringSetting(default='SHA512',
min_length=1),
),
# https://github.com/pawamoy/django-appsettings/issues/91
required=True),
key_file=StringSetting(),
cert_file=StringSetting(),
),
required=True)
light_storage = NestedDictSetting(settings=dict(
backend=StringSetting(
default='eidas_node.storage.ignite.IgniteStorage', min_length=1),
options=DictSetting(required=True),
),
required=True)
eidas_node = NestedDictSetting(settings=dict(
proxy_service_response_url=StringSetting(required=True, min_length=1),
response_issuer=StringSetting(required=True, min_length=1),
),
required=True)
levels_of_assurance = DictSetting(key_type=str,
value_type=LevelOfAssurance)
transient_name_id_fallback = BooleanSetting(default=False)
track_country_code = BooleanSetting(default=False)
auxiliary_storage = NestedDictSetting(settings=dict(
backend=StringSetting(
default='eidas_node.storage.ignite.AuxiliaryIgniteStorage',
min_length=1),
options=DictSetting(required=True),
))
class Meta:
"""Metadata."""
setting_prefix = 'proxy_service_'
class ConnectorSettings(AppSettings):
"""eIDAS Node Connector settings."""
request_token = NestedDictSetting(settings=dict(
hash_algorithm=StringSetting(default='sha256', min_length=1),
parameter_name=StringSetting(default='token', min_length=1),
secret=StringSetting(required=True, min_length=1),
issuer=StringSetting(required=True, min_length=1),
),
required=True)
response_token = NestedDictSetting(settings=dict(
hash_algorithm=StringSetting(default='sha256', min_length=1),
parameter_name=StringSetting(default='token', min_length=1),
secret=StringSetting(required=True, min_length=1),
issuer=StringSetting(required=True, min_length=1),
lifetime=PositiveIntegerSetting(default=10),
),
required=True)
service_provider = NestedDictSetting(
settings=dict(
endpoint=StringSetting(required=True, min_length=1),
cert_file=StringSetting(min_length=1),
request_issuer=StringSetting(required=True, min_length=1),
response_issuer=StringSetting(required=True, min_length=1),
response_signature=NestedDictSetting(
settings=dict(
# required=True leads to a strange error:
# "RESPONSE_SIGNATURE setting is missing required item 'RESPONSE_SIGNATURE'"
key_file=StringSetting(min_length=1),
cert_file=StringSetting(min_length=1),
signature_method=StringSetting(default='RSA_SHA512',
min_length=1),
digest_method=StringSetting(default='SHA512',
min_length=1),
),
# https://github.com/pawamoy/django-appsettings/issues/91
required=True),
response_encryption=NestedDictSetting(
settings=dict(
# required=True leads to a strange error as in response_signature above.
cert_file=StringSetting(min_length=1),
encryption_method=EnumSetting(XmlBlockCipher,
default='AES256_GCM'),
key_transport=EnumSetting(XmlKeyTransport,
default='RSA_OAEP_MGF1P'),
),
# https://github.com/pawamoy/django-appsettings/issues/91
required=True),
response_validity=PositiveIntegerSetting(default=10),
country_parameter=StringSetting(default='country', min_length=1),
),
required=True)
light_storage = NestedDictSetting(settings=dict(
backend=StringSetting(
default='eidas_node.storage.ignite.IgniteStorage', min_length=1),
options=DictSetting(required=True),
),
required=True)
eidas_node = NestedDictSetting(settings=dict(
connector_request_url=StringSetting(required=True, min_length=1),
request_issuer=StringSetting(required=True, min_length=1),
),
required=True)
allowed_attributes = IterableSetting(default=set(ATTRIBUTE_MAP))
selector_countries = IterableSetting(default=DEFAULT_COUNTRIES,
min_length=1)
track_country_code = BooleanSetting(default=False)
auxiliary_storage = NestedDictSetting(settings=dict(
backend=StringSetting(
default='eidas_node.storage.ignite.AuxiliaryIgniteStorage',
min_length=1),
options=DictSetting(required=True),
))
class Meta:
"""Metadata."""
setting_prefix = 'connector_'