dimagi · pxwxnvermx · Jan 10, 2024 · Jan 10, 2024 · Feb 8, 2024 · May 15, 2024
diff --git a/.env_example b/.env_example
@@ -0,0 +1,17 @@
+SECRET_KEY=changeme
+DEBUG=true
+DATABASE_URL=postgres:///connect
+DJANGO_ALLOWED_HOSTS=
+CSRF_TRUSTED_ORIGINS=
+TWILIO_ACCOUNT_SID=
+TWILIO_AUTH_TOKEN=
+TWILIO_MESSAGING_SERVICE=
+
+FCM_PROJECT_ID=
+FCM_PRIVATE_KEY_ID=
+FCM_CLIENT_EMAIL=
+FCM_CLIENT_ID=
+FCM_CLIENT_X509_CERT_URL=
+FCM_PRIVATE_KEY=
+
+OIDC_RSA_PRIVATE_KEY=
diff --git a/.gitignore b/.gitignore
@@ -3,8 +3,8 @@
 *~
 *.swp
 *.swo
-*localsettings*
-!*localsettings.example.py
+*.env
+!*.env_example
 *.log*
 /staticfiles/
 /.idea

diff --git a/connectid/localsettings.example.py → connectid/localsettings.py b/connectid/localsettings.example.py → connectid/localsettings.py
@@ -11,10 +11,10 @@
     'default': {
         'ENGINE': 'django.db.backends.postgresql',
         'NAME': 'connect',
-        'USER': 'connect',
-        'PASSWORD': 'connect',
+        'USER': 'postgres',
+        'PASSWORD': 'postgres',
         'HOST': 'localhost',
-        'PORT': '5433'
+        'PORT': '5432'
     }
 }
 

diff --git a/connectid/settings.py b/connectid/settings.py
@@ -9,13 +9,14 @@
 For the full list of settings and their values, see
 https://docs.djangoproject.com/en/4.1/ref/settings/
 """
-import os
+import environ
 
 from pathlib import Path
 
 # Build paths inside the project like this: BASE_DIR / 'subdir'.
 BASE_DIR = Path(__file__).resolve().parent.parent
-
+env = environ.Env()
+env.read_env(str(BASE_DIR / ".env"))
 
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/4.1/howto/deployment/checklist/
@@ -213,10 +214,63 @@
     "DELETE_INACTIVE_DEVICES": False,
 }
 
-from .localsettings import *
+# SECURITY WARNING: keep the secret key used in production secret!
+SECRET_KEY = env(
+    "SECRET_KEY",
+    default="django-insecure-yofpqrszrdtv0ftihjd09cuim2al9^n9j^b85%-y0v*^_lj18d",
+)
+
+# SECURITY WARNING: don't run with debug turned on in production!
+DEBUG = env("DEBUG", default=False)
+
+# Database
+# https://docs.djangoproject.com/en/4.1/ref/settings/#databases
+
+DATABASES = {
+    "default": env.db(
+        "DATABASE_URL",
+        default="postgres:///connect",
+    ),
+}
+
+ALLOWED_HOSTS = ["127.0.0.1", "localhost"] + env.list(
+    "DJANGO_ALLOWED_HOSTS", default=[]
+)
+
+CSRF_TRUSTED_ORIGINS = env.list("CSRF_TRUSTED_ORIGINS", default=[]) 
+
+TWILIO_ACCOUNT_SID = env("TWILIO_ACCOUNT_SID")
+TWILIO_AUTH_TOKEN = env("TWILIO_AUTH_TOKEN")
+TWILIO_MESSAGING_SERVICE = env("TWILIO_MESSAGING_SERVICE")
+
+FCM_CREDENTIALS = {
+    "type": "service_account",
+    "project_id": env("FCM_PROJECT_ID", default=""),
+    "private_key_id": env("FCM_PRIVATE_KEY_ID", default=""),
+    "private_key": env("FCM_PRIVATE_KEY", default=""),
+    "client_email": env("FCM_CLIENT_EMAIL", default=""),
+    "client_id": env("FCM_CLIENT_ID", default=""),
+    "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+    "token_uri": "https://oauth2.googleapis.com/token",
+    "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+    "client_x509_cert_url": env("FCM_CLIENT_X509_CERT_URL", default=""),
+    "universe_domain": "googleapis.com"
+}
+
+OAUTH2_PROVIDER = {                                                                                                                                                   
+    "OIDC_ENABLED": True,                                                                                                                                             
+    "OIDC_RSA_PRIVATE_KEY": env("OIDC_RSA_PRIVATE_KEY", default=""),
+    "SCOPES": {
+        "openid": "OpenID Connect scope", 
+        "sync": "sync with commcarehq"
+    },
+    "PKCE_REQUIRED": False,
+    "OAUTH2_VALIDATOR_CLASS": "users.oauth.ConnectOAuth2Validator",
+}
 
 # Firebase
 if FCM_CREDENTIALS:
     from firebase_admin import credentials, initialize_app
+
     creds = credentials.Certificate(FCM_CREDENTIALS)
     default_app = initialize_app(credential=creds)
diff --git a/requirements/requirements.in b/requirements/requirements.in
@@ -9,4 +9,5 @@ phonenumberslite
 psycopg2
 twilio
 zxcvbn
-fcm-django
+fcm-django
+django-environ
diff --git a/requirements/requirements.txt b/requirements/requirements.txt
@@ -6,8 +6,6 @@
 #
 asgiref==3.6.0
     # via django
-build==0.10.0
-    # via pip-tools
 cachecontrol==0.13.1
     # via firebase-admin
 cachetools==5.3.1
@@ -18,8 +16,6 @@ cffi==1.15.1
     # via cryptography
 charset-normalizer==3.1.0
     # via requests
-click==8.1.3
-    # via pip-tools
 cryptography==41.0.2
     # via
     #   jwcrypto
@@ -42,6 +38,8 @@ django-ipware==5.0.0
     #   django-phonenumber-field
     #   djangorestframework
     #   fcm-django
+django-environ==0.11.2
+    # via -r requirements.in
 django-oauth-toolkit==2.3.0
     # via -r requirements.in
 django-otp==1.1.6
@@ -108,12 +106,8 @@ msgpack==1.0.7
     # via cachecontrol
 oauthlib==3.2.2
     # via django-oauth-toolkit
-packaging==23.1
-    # via build
 phonenumberslite==8.13.11
     # via -r requirements.in
-pip-tools==6.13.0
-    # via -r requirements.in
 proto-plus==1.22.3
     # via google-cloud-firestore
 protobuf==4.24.4
@@ -139,8 +133,6 @@ pyjwt[crypto]==2.6.0
     #   twilio
 pyparsing==3.1.1
     # via httplib2
-pyproject-hooks==1.0.0
-    # via build
 pytz==2022.7.1
     # via
     #   djangorestframework
@@ -162,8 +154,6 @@ uritemplate==4.1.1
     # via google-api-python-client
 urllib3==1.26.15
     # via requests
-wheel==0.40.0
-    # via pip-tools
 wrapt==1.15.0
     # via deprecated
 zxcvbn==4.4.28