diff --git a/.bumpversion.cfg b/.bumpversion.cfg index 298cb70e6..49752e8d5 100644 --- a/.bumpversion.cfg +++ b/.bumpversion.cfg @@ -53,3 +53,4 @@ values = [bumpversion:file:passbook/otp/__init__.py] +[bumpversion:file:passbook/app_gw/__init__.py] diff --git a/debian/etc/passbook/config.yml b/debian/etc/passbook/config.yml index ad373bd39..4a7851c07 100644 --- a/debian/etc/passbook/config.yml +++ b/debian/etc/passbook/config.yml @@ -16,6 +16,8 @@ redis: localhost/0 # Error reporting, sends stacktrace to sentry.services.beryju.org error_report_enabled: true +primary_domain: passbook.local + passbook: sign_up: # Enables signup, created users are stored in internal Database and created in LDAP if ldap.create_users is true diff --git a/helm/passbook/templates/passbook-configmap.yaml b/helm/passbook/templates/passbook-configmap.yaml index 1d6ee3ddd..1c9a3fe1c 100644 --- a/helm/passbook/templates/passbook-configmap.yaml +++ b/helm/passbook/templates/passbook-configmap.yaml @@ -47,6 +47,7 @@ data: secret_key: {{ randAlphaNum 50 }} {{- end }} + primary_domain: {{ .Values.primary_domain }} domains: {{- range .Values.ingress.hosts }} - {{ . | quote }} diff --git a/passbook/admin/templates/administration/property_mapping/list.html b/passbook/admin/templates/administration/property_mapping/list.html index 7bf8c2da2..9076adab7 100644 --- a/passbook/admin/templates/administration/property_mapping/list.html +++ b/passbook/admin/templates/administration/property_mapping/list.html @@ -36,7 +36,7 @@ {% for property_mapping in object_list %} - {{ property_mapping.name }} ({{ property_mapping.slug }}) + {{ property_mapping.name }} {{ property_mapping|verbose_name }} \(}*+|~=-$/_:^@)[{]&\'!,"`' +ERRORS_MESSAGES = { + 'upstream-no-scheme': ("Upstream URL scheme must be either " + "'http' or 'https' (%s).") +} + +# pylint: disable=too-many-instance-attributes +class ApplicationGatewayMiddleware: + """Check if request should be proxied or handeled normally""" + + ignored_hosts = [] + request = None + app_gw = None + http = None + http_no_verify = None + host_header = '' + + _parsed_url = None + _request_headers = None + + def __init__(self, get_response): + self.get_response = get_response + self.ignored_hosts = cache.get(IGNORED_HOSTNAMES_KEY, []) + self.http_no_verify = urllib3.PoolManager() + self.http = urllib3.PoolManager( + cert_reqs='CERT_REQUIRED', + ca_certs=certifi.where()) + + def precheck(self, request): + """Check if a request should be proxied or forwarded to passbook""" + # Check if hostname is in cached list of ignored hostnames + # This saves us having to query the database on each request + self.host_header = request.META.get('HTTP_HOST') + if self.host_header in self.ignored_hosts: + LOGGER.debug("%s is ignored", self.host_header) + return True, None + # Look through all ApplicationGatewayProviders and check hostnames + matches = ApplicationGatewayProvider.objects.filter( + server_name__contains=[self.host_header], + enabled=True) + if not matches.exists(): + # Mo matching Providers found, add host header to ignored list + self.ignored_hosts.append(self.host_header) + cache.set(IGNORED_HOSTNAMES_KEY, self.ignored_hosts) + LOGGER.debug("Ignoring %s", self.host_header) + return True, None + # At this point we're certain there's a matching ApplicationGateway + if len(matches) > 1: + # TODO This should never happen + raise ValueError + app_gw = matches.first() + try: + # Check if ApplicationGateway is associcaited with application + getattr(app_gw, 'application') + return False, app_gw + except Application.DoesNotExist: + LOGGER.debug("ApplicationGateway not associated with Application") + return True, None + return True, None + + def __call__(self, request): + forward, self.app_gw = self.precheck(request) + if forward: + return self.get_response(request) + self.request = request + return self.dispatch(request) + + def get_upstream(self): + """Get upstream as parsed url""" + # TODO: How to choose upstream? + upstream = self.app_gw.upstream[0] + + if not getattr(self, '_parsed_url', None): + self._parsed_url = urlparse(upstream) + + if self._parsed_url.scheme not in ('http', 'https'): + raise InvalidUpstream(ERRORS_MESSAGES['upstream-no-scheme'] % + upstream) + + return upstream + + def _format_path_to_redirect(self, request): + LOGGER.debug("Path before: %s", request.get_full_path()) + rewriter = Rewriter(self.app_gw, request) + after = rewriter.build() + LOGGER.debug("Path after: %s", after) + return after + + def get_proxy_request_headers(self, request): + """Get normalized headers for the upstream + Gets all headers from the original request and normalizes them. + Normalization occurs by removing the prefix ``HTTP_`` and + replacing and ``_`` by ``-``. Example: ``HTTP_ACCEPT_ENCODING`` + becames ``Accept-Encoding``. + .. versionadded:: 0.9.1 + :param request: The original HTTPRequest instance + :returns: Normalized headers for the upstream + """ + return normalize_request_headers(request) + + def get_request_headers(self): + """Return request headers that will be sent to upstream. + The header REMOTE_USER is set to the current user + if AuthenticationMiddleware is enabled and + the view's add_remote_user property is True. + .. versionadded:: 0.9.8 + """ + request_headers = self.get_proxy_request_headers(self.request) + request_headers[self.app_gw.authentication_header] = self.request.user.get_username() + LOGGER.info("%s set", self.app_gw.authentication_header) + + return request_headers + + def check_permission(self): + """Check if user is authenticated and has permission to access app""" + if not hasattr(self.request, 'user'): + return False + if not self.request.user.is_authenticated: + return False + policy_engine = PolicyEngine(self.app_gw.application.policies.all()) + policy_engine.for_user(self.request.user).with_request(self.request).build() + passing, _messages = policy_engine.result + + return passing + + def get_encoded_query_params(self): + """Return encoded query params to be used in proxied request""" + get_data = encode_items(self.request.GET.lists()) + return urlencode(get_data) + + def _created_proxy_response(self, request, path): + request_payload = request.body + + LOGGER.debug("Request headers: %s", self._request_headers) + + request_url = self.get_upstream() + path + LOGGER.debug("Request URL: %s", request_url) + + if request.GET: + request_url += '?' + self.get_encoded_query_params() + LOGGER.debug("Request URL: %s", request_url) + + http = self.http + if not self.app_gw.upstream_ssl_verification: + http = self.http_no_verify + + try: + proxy_response = http.urlopen(request.method, + request_url, + redirect=False, + retries=None, + headers=self._request_headers, + body=request_payload, + decode_content=False, + preload_content=False) + LOGGER.debug("Proxy response header: %s", + proxy_response.getheaders()) + except urllib3.exceptions.HTTPError as error: + LOGGER.exception(error) + raise + + return proxy_response + + def _replace_host_on_redirect_location(self, request, proxy_response): + location = proxy_response.headers.get('Location') + if location: + if request.is_secure(): + scheme = 'https://' + else: + scheme = 'http://' + request_host = scheme + self.host_header + + upstream_host_http = 'http://' + self._parsed_url.netloc + upstream_host_https = 'https://' + self._parsed_url.netloc + + location = location.replace(upstream_host_http, request_host) + location = location.replace(upstream_host_https, request_host) + proxy_response.headers['Location'] = location + LOGGER.debug("Proxy response LOCATION: %s", + proxy_response.headers['Location']) + + def _set_content_type(self, request, proxy_response): + content_type = proxy_response.headers.get('Content-Type') + if not content_type: + content_type = (mimetypes.guess_type(request.path)[0] or + self.app_gw.default_content_type) + proxy_response.headers['Content-Type'] = content_type + LOGGER.debug("Proxy response CONTENT-TYPE: %s", + proxy_response.headers['Content-Type']) + + def dispatch(self, request): + """Build proxied request and pass to upstream""" + # if not self.check_permission(): + # to_url = 'https://%s/?next=%s' % (CONFIG.get('domains')[0], request.get_full_path()) + # return RedirectView.as_view(url=to_url)(request) + + self._request_headers = self.get_request_headers() + + path = self._format_path_to_redirect(request) + proxy_response = self._created_proxy_response(request, path) + + self._replace_host_on_redirect_location(request, proxy_response) + self._set_content_type(request, proxy_response) + response = get_django_response(proxy_response, strict_cookies=False) + + LOGGER.debug("RESPONSE RETURNED: %s", response) + return response diff --git a/passbook/app_gw/migrations/.DS_Store b/passbook/app_gw/migrations/.DS_Store new file mode 100644 index 000000000..5008ddfcf Binary files /dev/null and b/passbook/app_gw/migrations/.DS_Store differ diff --git a/passbook/app_gw/migrations/0001_initial.py b/passbook/app_gw/migrations/0001_initial.py new file mode 100644 index 000000000..bdbf88084 --- /dev/null +++ b/passbook/app_gw/migrations/0001_initial.py @@ -0,0 +1,50 @@ +# Generated by Django 2.1.7 on 2019-03-20 21:38 + +import django.contrib.postgres.fields +import django.db.models.deletion +from django.db import migrations, models + + +class Migration(migrations.Migration): + + initial = True + + dependencies = [ + ('passbook_core', '0020_groupmembershippolicy'), + ] + + operations = [ + migrations.CreateModel( + name='ApplicationGatewayProvider', + fields=[ + ('provider_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='passbook_core.Provider')), + ('server_name', django.contrib.postgres.fields.ArrayField(base_field=models.TextField(), size=None)), + ('upstream', django.contrib.postgres.fields.ArrayField(base_field=models.TextField(), size=None)), + ('enabled', models.BooleanField(default=True)), + ('authentication_header', models.TextField(default='X-Remote-User')), + ('default_content_type', models.TextField(default='application/octet-stream')), + ('upstream_ssl_verification', models.BooleanField(default=True)), + ], + options={ + 'verbose_name': 'Application Gateway Provider', + 'verbose_name_plural': 'Application Gateway Providers', + }, + bases=('passbook_core.provider',), + ), + migrations.CreateModel( + name='RewriteRule', + fields=[ + ('propertymapping_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='passbook_core.PropertyMapping')), + ('match', models.TextField()), + ('halt', models.BooleanField(default=False)), + ('replacement', models.TextField()), + ('redirect', models.CharField(choices=[('internal', 'Internal'), (301, 'Moved Permanently'), (302, 'Found')], max_length=50)), + ('conditions', models.ManyToManyField(to='passbook_core.Policy')), + ], + options={ + 'verbose_name': 'Rewrite Rule', + 'verbose_name_plural': 'Rewrite Rules', + }, + bases=('passbook_core.propertymapping',), + ), + ] diff --git a/passbook/app_gw/migrations/0002_auto_20190321_1521.py b/passbook/app_gw/migrations/0002_auto_20190321_1521.py new file mode 100644 index 000000000..3a9dbe301 --- /dev/null +++ b/passbook/app_gw/migrations/0002_auto_20190321_1521.py @@ -0,0 +1,18 @@ +# Generated by Django 2.1.7 on 2019-03-21 15:21 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('passbook_app_gw', '0001_initial'), + ] + + operations = [ + migrations.AlterField( + model_name='rewriterule', + name='conditions', + field=models.ManyToManyField(blank=True, to='passbook_core.Policy'), + ), + ] diff --git a/passbook/app_gw/migrations/__init__.py b/passbook/app_gw/migrations/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/passbook/app_gw/models.py b/passbook/app_gw/models.py new file mode 100644 index 000000000..1bdf2b80b --- /dev/null +++ b/passbook/app_gw/models.py @@ -0,0 +1,74 @@ +"""passbook app_gw models""" +import re + +from django.contrib.postgres.fields import ArrayField +from django.db import models +from django.utils.translation import gettext as _ + +from passbook.core.models import Policy, PropertyMapping, Provider + + +class ApplicationGatewayProvider(Provider): + """Virtual server which proxies requests to any hostname in server_name to upstream""" + + server_name = ArrayField(models.TextField()) + upstream = ArrayField(models.TextField()) + enabled = models.BooleanField(default=True) + + authentication_header = models.TextField(default='X-Remote-User') + default_content_type = models.TextField(default='application/octet-stream') + upstream_ssl_verification = models.BooleanField(default=True) + + form = 'passbook.app_gw.forms.ApplicationGatewayProviderForm' + + @property + def name(self): + """since this model has no name property, return a joined list of server_names as name""" + return ', '.join(self.server_name) + + def __str__(self): + return "Application Gateway %s" % ', '.join(self.server_name) + + class Meta: + + verbose_name = _('Application Gateway Provider') + verbose_name_plural = _('Application Gateway Providers') + + +class RewriteRule(PropertyMapping): + """Rewrite requests matching `match` with `replacement`, if all polcies in `conditions` apply""" + + REDIRECT_INTERNAL = 'internal' + REDIRECT_PERMANENT = 301 + REDIRECT_FOUND = 302 + + REDIRECTS = ( + (REDIRECT_INTERNAL, _('Internal')), + (REDIRECT_PERMANENT, _('Moved Permanently')), + (REDIRECT_FOUND, _('Found')), + ) + + match = models.TextField() + halt = models.BooleanField(default=False) + conditions = models.ManyToManyField(Policy, blank=True) + replacement = models.TextField() # python formatted strings, use {match.1} + redirect = models.CharField(max_length=50, choices=REDIRECTS) + + form = 'passbook.app_gw.forms.RewriteRuleForm' + + _matcher = None + + @property + def compiled_matcher(self): + """Cache the compiled regex in memory""" + if not self._matcher: + self._matcher = re.compile(self.match) + return self._matcher + + def __str__(self): + return "Rewrite Rule %s" % self.name + + class Meta: + + verbose_name = _('Rewrite Rule') + verbose_name_plural = _('Rewrite Rules') diff --git a/passbook/app_gw/requirements.txt b/passbook/app_gw/requirements.txt new file mode 100644 index 000000000..ae3eaf219 --- /dev/null +++ b/passbook/app_gw/requirements.txt @@ -0,0 +1,2 @@ +django-revproxy +urllib3[secure] diff --git a/passbook/app_gw/rewrite.py b/passbook/app_gw/rewrite.py new file mode 100644 index 000000000..dc8d6531f --- /dev/null +++ b/passbook/app_gw/rewrite.py @@ -0,0 +1,38 @@ +"""passbook app_gw rewriter""" + +from passbook.app_gw.models import RewriteRule + + +class Context: + """Empty class which we dynamically add attributes to""" + +class Rewriter: + """Apply rewrites""" + + __application = None + __request = None + + def __init__(self, application, request): + self.__application = application + self.__request = request + + def __build_context(self, matches): + """Build object with .0, .1, etc as groups and give access to request""" + context = Context() + for index, group_match in enumerate(matches.groups()): + setattr(context, "g%d" % (index + 1), group_match) + setattr(context, 'request', self.__request) + return context + + def build(self): + """Run all rules over path and return final path""" + path = self.__request.get_full_path() + for rule in RewriteRule.objects.filter(provider__in=[self.__application]): + matches = rule.compiled_matcher.search(path) + if not matches: + continue + replace_context = self.__build_context(matches) + path = rule.replacement.format(context=replace_context) + if rule.halt: + return path + return path diff --git a/passbook/app_gw/settings.py b/passbook/app_gw/settings.py new file mode 100644 index 000000000..6e5808d8d --- /dev/null +++ b/passbook/app_gw/settings.py @@ -0,0 +1,5 @@ +"""Application Security Gateway settings""" + +# INSTALLED_APPS = [ +# 'revproxy' +# ] diff --git a/passbook/app_gw/signals.py b/passbook/app_gw/signals.py new file mode 100644 index 000000000..cb07171eb --- /dev/null +++ b/passbook/app_gw/signals.py @@ -0,0 +1,20 @@ +"""passbook app_gw cache clean signals""" + +from logging import getLogger + +from django.core.cache import cache +from django.db.models.signals import post_save +from django.dispatch import receiver + +from passbook.app_gw.middleware import IGNORED_HOSTNAMES_KEY +from passbook.app_gw.models import ApplicationGatewayProvider + +LOGGER = getLogger(__name__) + +@receiver(post_save) +# pylint: disable=unused-argument +def invalidate_app_gw_cache(sender, instance, **kwargs): + """Invalidate Policy cache when app_gw is updated""" + if isinstance(instance, ApplicationGatewayProvider): + LOGGER.debug("Invalidating cache for ignored hostnames") + cache.delete(IGNORED_HOSTNAMES_KEY) diff --git a/passbook/app_gw/urls.py b/passbook/app_gw/urls.py new file mode 100644 index 000000000..b9798bcb4 --- /dev/null +++ b/passbook/app_gw/urls.py @@ -0,0 +1,2 @@ +"""passbook app_gw urls""" +urlpatterns = [] diff --git a/passbook/core/forms/policies.py b/passbook/core/forms/policies.py index f8d54a6c0..8fc1e5a38 100644 --- a/passbook/core/forms/policies.py +++ b/passbook/core/forms/policies.py @@ -7,7 +7,7 @@ from passbook.core.models import (DebugPolicy, FieldMatcherPolicy, GroupMembershipPolicy, PasswordPolicy, WebhookPolicy) -GENERAL_FIELDS = ['name', 'action', 'negate', 'order', ] +GENERAL_FIELDS = ['name', 'action', 'negate', 'order', 'timeout'] class FieldMatcherPolicyForm(forms.ModelForm): """FieldMatcherPolicy Form""" diff --git a/passbook/core/migrations/0021_policy_timeout.py b/passbook/core/migrations/0021_policy_timeout.py new file mode 100644 index 000000000..acf278b69 --- /dev/null +++ b/passbook/core/migrations/0021_policy_timeout.py @@ -0,0 +1,18 @@ +# Generated by Django 2.1.7 on 2019-03-21 12:03 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('passbook_core', '0020_groupmembershippolicy'), + ] + + operations = [ + migrations.AddField( + model_name='policy', + name='timeout', + field=models.IntegerField(default=30), + ), + ] diff --git a/passbook/core/models.py b/passbook/core/models.py index 41ab18e3d..0a09a1311 100644 --- a/passbook/core/models.py +++ b/passbook/core/models.py @@ -220,6 +220,7 @@ class Policy(UUIDModel, CreatedUpdatedModel): action = models.CharField(max_length=20, choices=ACTIONS) negate = models.BooleanField(default=False) order = models.IntegerField(default=0) + timeout = models.IntegerField(default=30) objects = InheritanceManager() diff --git a/passbook/core/policies.py b/passbook/core/policies.py index eecd6ff63..e495f018e 100644 --- a/passbook/core/policies.py +++ b/passbook/core/policies.py @@ -1,7 +1,9 @@ """passbook core policy engine""" from logging import getLogger +from amqp.exceptions import UnexpectedFrame from celery import group +from celery.exceptions import TimeoutError as CeleryTimeoutError from django.core.cache import cache from ipware import get_client_ip @@ -45,6 +47,7 @@ class PolicyEngine: __cached = None policies = None + __get_timeout = 0 __request = None __user = None @@ -83,10 +86,17 @@ class PolicyEngine: cached_policies.append(cached_policy) else: LOGGER.debug("Evaluating policy %s", policy.pk.hex) - signatures.append(_policy_engine_task.s(self.__user.pk, policy.pk.hex, **kwargs)) + signatures.append(_policy_engine_task.signature( + args=(self.__user.pk, policy.pk.hex), + kwargs=kwargs, + time_limit=policy.timeout)) + self.__get_timeout += policy.timeout + LOGGER.debug("Set total policy timeout to %r", self.__get_timeout) # If all policies are cached, we have an empty list here. if signatures: self.__group = group(signatures)() + self.__get_timeout += 3 + self.__get_timeout = (self.__get_timeout / len(self.policies)) * 1.5 self.__cached = cached_policies return self @@ -98,10 +108,15 @@ class PolicyEngine: try: if self.__group: # ValueError can be thrown from _policy_engine_task when user is None - result += self.__group.get() + result += self.__group.get(timeout=self.__get_timeout) result += self.__cached except ValueError as exc: - return False, str(exc) + # ValueError can be thrown from _policy_engine_task when user is None + return False, [str(exc)] + except UnexpectedFrame as exc: + return False, [str(exc)] + except CeleryTimeoutError as exc: + return False, [str(exc)] for policy_action, policy_result, policy_message in result: passing = (policy_action == Policy.ACTION_ALLOW and policy_result) or \ (policy_action == Policy.ACTION_DENY and not policy_result) diff --git a/passbook/core/settings.py b/passbook/core/settings.py index f30af2c77..2ad4e1f6d 100644 --- a/passbook/core/settings.py +++ b/passbook/core/settings.py @@ -34,7 +34,7 @@ SECRET_KEY = CONFIG.get('secret_key') # SECURITY WARNING: don't run with debug turned on in production! DEBUG = CONFIG.get('debug') INTERNAL_IPS = ['127.0.0.1'] -ALLOWED_HOSTS = CONFIG.get('domains', []) +ALLOWED_HOSTS = CONFIG.get('domains', []) + [CONFIG.get('primary_domain')] SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') LOGIN_URL = 'passbook_core:auth-login' @@ -45,6 +45,7 @@ AUTH_USER_MODEL = 'passbook_core.User' CSRF_COOKIE_NAME = 'passbook_csrf' SESSION_COOKIE_NAME = 'passbook_session' +SESSION_COOKIE_DOMAIN = CONFIG.get('primary_domain') SESSION_ENGINE = "django.contrib.sessions.backends.cache" SESSION_CACHE_ALIAS = "default" LANGUAGE_COOKIE_NAME = 'passbook_language' @@ -81,6 +82,7 @@ INSTALLED_APPS = [ 'passbook.pretend.apps.PassbookPretendConfig', 'passbook.password_expiry_policy.apps.PassbookPasswordExpiryPolicyConfig', 'passbook.suspicious_policy.apps.PassbookSuspiciousPolicyConfig', + 'passbook.app_gw.apps.PassbookApplicationApplicationGatewayConfig', ] # Message Tag fix for bootstrap CSS Classes @@ -112,11 +114,12 @@ CACHES = { } MIDDLEWARE = [ - 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', + 'django.contrib.auth.middleware.AuthenticationMiddleware', + 'passbook.app_gw.middleware.ApplicationGatewayMiddleware', + 'django.middleware.security.SecurityMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', - 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'raven.contrib.django.raven_compat.middleware.SentryResponseErrorIdMiddleware', diff --git a/passbook/core/static/css/passbook.css b/passbook/core/static/css/passbook.css index ca643f80d..b76bdd833 100644 --- a/passbook/core/static/css/passbook.css +++ b/passbook/core/static/css/passbook.css @@ -195,3 +195,7 @@ form .form-row p.datetime { .selector-remove { background: url(../admin/img/selector-icons.svg) 0 -64px no-repeat; } + +input[data-is-monospace] { + font-family: monospace; +} diff --git a/passbook/core/views/utils.py b/passbook/core/views/utils.py index f1dc747a7..d73199cee 100644 --- a/passbook/core/views/utils.py +++ b/passbook/core/views/utils.py @@ -1,5 +1,4 @@ """passbook core utils view""" -from django.contrib.auth.mixins import LoginRequiredMixin from django.utils.translation import ugettext as _ from django.views.generic import TemplateView @@ -21,7 +20,7 @@ class LoadingView(TemplateView): kwargs['target_url'] = self.get_url() return super().get_context_data(**kwargs) -class PermissionDeniedView(LoginRequiredMixin, TemplateView): +class PermissionDeniedView(TemplateView): """Generic Permission denied view""" template_name = 'login/denied.html' diff --git a/passbook/lib/default.yml b/passbook/lib/default.yml index b36d74f65..d51dd7d70 100644 --- a/passbook/lib/default.yml +++ b/passbook/lib/default.yml @@ -35,6 +35,8 @@ redis: localhost/0 error_report_enabled: true secret_key: 9$@r!d^1^jrn#fk#1#@ks#9&i$^s#1)_13%$rwjrhd=e8jfi_s +primary_domain: 'localhost' + passbook: sign_up: # Enables signup, created users are stored in internal Database and created in LDAP if ldap.create_users is true diff --git a/requirements.txt b/requirements.txt index dbd7672d0..c042574c3 100644 --- a/requirements.txt +++ b/requirements.txt @@ -7,3 +7,4 @@ -r passbook/captcha_factor/requirements.txt -r passbook/admin/requirements.txt -r passbook/api/requirements.txt +-r passbook/app_gw/requirements.txt \ No newline at end of file