Helios setup

[Rudinei Dias]

Hello!
I am trying to setup a helios system on a virtual machine.

I had installed postgres helios and dependencies

But i am so confused about configuration, and cant login with admin account.

I am not experienced with phyton only another languages.

What i'm doing wrong? Grateful for your help.

versions:

Django==1.11.28

anyjson==0.3.3

redis<=2.10.6

celery==4.2.1

django-picklefield==0.3.0

kombu==4.2.0

html5lib==0.999

psycopg2==2.7.3.2

pyparsing==1.5.7

python-dateutil>=1.5

python-openid==2.2.5

wsgiref==0.1.2

gunicorn==19.9

requests==2.21.0

unicodecsv==0.9.0

dj_database_url==0.3.0

django_webtest>=1.9

webtest==2.0.18

bleach==1.4.1

boto==2.27.0

django-ses==0.6.0

validate_email==1.2

oauth2client==1.2

django-auth-ldap==1.6.1

rollbar==0.12.1

django_celery_results==1.0.4

django_celery_beat==1.6.0

here is my settings .py

# -*- coding: utf-8 -*-

import json

import ldap

import os

from django.utils.translation import ugettext_lazy as _

from django_auth_ldap.config import LDAPSearch, GroupOfNamesType

# a massive hack to see if we're testing, in which case we use different settings

import sys

TESTING = 'test' in sys.argv

# go through environment variables and override them

def get_from_env(var, default):

    if not TESTING and os.environ.has_key(var):

        return os.environ[var]

    else:

        return default

#DEBUG = (get_from_env('DEBUG', '1') == '1')

DEBUG='1'

#If the Host header (or X-Forwarded-Host if USE_X_FORWARDED_HOST is enabled) does not match any value in this list, the django.http.HttpRequest.get_host() method will raise SuspiciousOperation.

#When DEBUG is True or when running tests, host validation is disabled; any host will be accepted. Thus it’s usually only necessary to set it in production.

#This validation only applies via get_host(); if your code accesses the Host header directly from request.META you are bypassing this security protection.

#More info: https://docs.djangoproject.com/en/1.7/ref/settings/#allowed-hosts

# set a value for production environment, alongside with debug set to false

ALLOWED_HOSTS = get_from_env('ALLOWED_HOSTS', 'localhost').split(",")

# Make this unique, and don't share it with anybody.

SECRET_KEY = get_from_env('SECRET_KEY', 'replaceme')

ROOT_URLCONF = 'urls'

ROOT_PATH = os.path.dirname(__file__)

# add admins of the form:

#    ('Ben Adida', 'ben@...'),

# if you want to be emailed about errors.

ADMINS = (

        ('Rudinei','rudinei.dias@...')

)

MANAGERS = ADMINS

# is this the master Helios web site?

MASTER_HELIOS = (get_from_env('MASTER_HELIOS', '0') == '1')

# show ability to log in? (for example, if the site is mostly used by voters)

# if turned off, the admin will need to know to go to /auth/login manually

SHOW_LOGIN_OPTIONS = (get_from_env('SHOW_LOGIN_OPTIONS', '1') == '1')

# sometimes, when the site is not that social, it's not helpful

# to display who created the election

SHOW_USER_INFO = (get_from_env('SHOW_USER_INFO', '1') == '1')

DATABASES = {

    'default': {

        'ENGINE': 'django.db.backends.postgresql_psycopg2',

        'NAME': get_from_env('DB_NAME', 'helios'),

        'USER': get_from_env('DB_USER', 'helios'),

        'PASSWORD': get_from_env('DB_PWD', 'helios'),

        'HOST': get_from_env('POSTGRES_HOST', 'localhost'),

        'PORT': get_from_env('POSTGRES_PORT', '5432'),

    }

}

# override if we have an env variable

if get_from_env('DATABASE_URL', None):

    import dj_database_url

    DATABASES['default'] =  dj_database_url.config()

    DATABASES['default']['ENGINE'] = 'django.db.backends.postgresql_psycopg2'

    DATABASES['default']['CONN_MAX_AGE'] = '600'

    # require SSL

    DATABASES['default']['OPTIONS'] = {'sslmode': 'require'}

# Local time zone for this installation. Choices can be found here:

# http://en.wikipedia.org/wiki/List_of_tz_zones_by_name

# although not all choices may be available on all operating systems.

# If running in a Windows environment this must be set to the same as your

# system time zone.

TIME_ZONE = 'America/Sao_Paulo'

LANGUAGE_CODE = 'pt-br'

SITE_ID = 1

USE_I18N = True

USE_TZ = True

LANGUAGES = (

    ('en', _('English')),

    ('pt-br', _('Brazilian Portuguese')),

)

LOCALE_PATHS = (

    ROOT_PATH + '/locale',

)

# Absolute path to the directory that holds media.

# Example: "/home/media/media.lawrence.com/"

MEDIA_ROOT = ''

# URL that handles the media served from MEDIA_ROOT. Make sure to use a

# trailing slash if there is a path component (optional in other cases).

# Examples: "http://media.lawrence.com", "http://example.com/media/"

MEDIA_URL = ''

# URL prefix for admin media -- CSS, JavaScript and images. Make sure to use a

# trailing slash.

# Examples: "http://foo.com/media/", "/media/".

STATIC_URL = '/media/'

STATIC_ROOT = ROOT_PATH + '/sitestatic'

STATICFILES_DIRS = (

    ROOT_PATH + '/heliosbooth',

    ROOT_PATH + '/heliosverifier',

    ROOT_PATH + '/helios_auth/media',

    ROOT_PATH + '/helios/media',

    ROOT_PATH + '/server_ui/media',

    ROOT_PATH + '/heliosinstitution/media/',

)

# If debug is set to false and ALLOWED_HOSTS is not declared, django raises  "CommandError: You must set settings.ALLOWED_HOSTS if DEBUG is False."

# If in production, you got a bad request (400) error

#More info: https://docs.djangoproject.com/en/1.7/ref/settings/#allowed-hosts (same for 1.6)

# Secure Stuff

if get_from_env('SSL', '0') == '1':

    SECURE_SSL_REDIRECT = True

    SESSION_COOKIE_SECURE = True

    # tuned for Heroku

    SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")

SESSION_COOKIE_HTTPONLY = True

# let's go with one year because that's the way to do it now

STS = False

if get_from_env('HSTS', '0') == '1':

    STS = True

    # we're using our own custom middleware now

    # SECURE_HSTS_SECONDS = 31536000

    # not doing subdomains for now cause that is not likely to be necessary and can screw things up.

    # SECURE_HSTS_INCLUDE_SUBDOMAINS = True

SECURE_BROWSER_XSS_FILTER = True

SECURE_CONTENT_TYPE_NOSNIFF = True

SILENCED_SYSTEM_CHECKS = ['urls.W002']

MIDDLEWARE = [

    # secure a bunch of things

    'django.middleware.security.SecurityMiddleware',

    'helios.security.HSTSMiddleware',

    'django.middleware.clickjacking.XFrameOptionsMiddleware',

    # 'django.middleware.csrf.CsrfViewMiddleware',

    'django.middleware.common.CommonMiddleware',

    'django.contrib.sessions.middleware.SessionMiddleware',

    'django.contrib.auth.middleware.AuthenticationMiddleware',

    'django.contrib.messages.middleware.MessageMiddleware',

    # 'flatpages_i18n.middleware.FlatpageFallbackMiddleware'

]

TEMPLATES = [

    {

        'BACKEND': 'django.template.backends.django.DjangoTemplates',

        'APP_DIRS': True,

        'DIRS': [

            ROOT_PATH,

            os.path.join(ROOT_PATH, 'templates'),

            # os.path.join(ROOT_PATH, 'helios/templates'),  # covered by APP_DIRS:True

            # os.path.join(ROOT_PATH, 'helios_auth/templates'),  # covered by APP_DIRS:True

            # os.path.join(ROOT_PATH, 'server_ui/templates'),  # covered by APP_DIRS:True

        ],

        'OPTIONS': {

            'debug': DEBUG,

            'context_processors': [

                "django.contrib.auth.context_processors.auth",

            ],

        }

    },

]

INSTALLED_APPS = (

    'django.contrib.auth',

    'django.contrib.contenttypes',

    'django.contrib.sessions',

    'django.contrib.sites',

    'django.contrib.staticfiles',

    'django.contrib.messages',

    'django.contrib.admin',

    ## HELIOS stuff

    'helios_auth',

    'helios',

    'server_ui',

    'helioslog',

    'heliosinstitution',

    'django_celery_results',

    'django_celery_beat'

)

##

## HELIOS

##

MEDIA_ROOT = ROOT_PATH + "media/"

# a relative path where voter upload files are stored

VOTER_UPLOAD_REL_PATH = "voters/%Y/%m/%d"

# Change your email settings

#DEFAULT_FROM_EMAIL = get_from_env('DEFAULT_FROM_EMAIL', 'heliosv...@gmail.com')

DEFAULT_FROM_EMAIL = get_from_env('DEFAULT_FROM_EMAIL', 'centro_info_services@....')

DEFAULT_FROM_NAME = get_from_env('DEFAULT_FROM_NAME', 'Sistema de Votação Eletrônica')

SERVER_EMAIL = '%s <%s>' % (DEFAULT_FROM_NAME, DEFAULT_FROM_EMAIL)

LOGIN_URL = '/auth/'

LOGOUT_ON_CONFIRMATION = True

# The two hosts are here so the main site can be over plain HTTP

# while the voting URLs are served over SSL.

#URL_HOST = get_from_env("URL_HOST", "http://localhost").rstrip("/")

URL_HOST = "http://10.233.42.124:8000"

# IMPORTANT: you should not change this setting once you've created

# elections, as your elections' cast_url will then be incorrect.

# SECURE_URL_HOST = "https://localhost:8443"

#SECURE_URL_HOST = get_from_env("SECURE_URL_HOST", URL_HOST).rstrip("/")

SECURE_URL_HOST = "http://10.233.42.124:8000"

# election stuff

SITE_TITLE = get_from_env('SITE_TITLE', _('IFSC E-Voting System'))

MAIN_LOGO_URL = get_from_env('MAIN_LOGO_URL', '/static/logo.png')

ALLOW_ELECTION_INFO_URL = (get_from_env('ALLOW_ELECTION_INFO_URL', '0') == '1')

# FOOTER links

FOOTER_LINKS = json.loads(get_from_env('FOOTER_LINKS', '[]'))

FOOTER_LOGO_URL = get_from_env('FOOTER_LOGO_URL', None)

WELCOME_MESSAGE = get_from_env('WELCOME_MESSAGE', _('Welcome to IFSC E-Voting System'))

HELP_EMAIL_ADDRESS = get_from_env('HELP_EMAIL_ADDRESS', 'shi...@gmail.com')

AUTH_TEMPLATE_BASE = "server_ui/templates/base.html"

HELIOS_TEMPLATE_BASE = "server_ui/templates/base.html"

AUTH_TEMPLATE_BASENONAV = "server_ui/templates/basenonav.html"

HELIOS_TEMPLATE_BASENONAV = "server_ui/templates/basenonav.html"

HELIOS_ADMIN_ONLY = True

HELIOS_VOTERS_UPLOAD = True

HELIOS_VOTERS_EMAIL = True

# are elections private by default?

HELIOS_PRIVATE_DEFAULT = True

# authentication systems enabled

#AUTH_ENABLED_AUTH_SYSTEMS = ['password','facebook','twitter', 'google', 'yahoo']

#AUTH_ENABLED_AUTH_SYSTEMS = get_from_env('AUTH_ENABLED_AUTH_SYSTEMS', 'shibboleth').split(",")

#AUTH_DEFAULT_AUTH_SYSTEM = get_from_env('AUTH_DEFAULT_AUTH_SYSTEM', 'shibboleth')

#AUTH_ENABLED_AUTH_SYSTEMS = get_from_env('AUTH_ENABLED_AUTH_SYSTEMS', 'ldap').split(",")

#AUTH_DEFAULT_AUTH_SYSTEM = get_from_env('AUTH_DEFAULT_AUTH_SYSTEM', 'ldap')

#AUTH_ENABLED_AUTH_SYSTEMS = 'password'

AUTH_ENABLED_AUTH_SYSTEMS = ['password']

AUTH_DEFAULT_AUTH_SYSTEM = ['password']

# google

GOOGLE_CLIENT_ID = get_from_env('GOOGLE_CLIENT_ID', '')

GOOGLE_CLIENT_SECRET = get_from_env('GOOGLE_CLIENT_SECRET', '')

# facebook

FACEBOOK_APP_ID = get_from_env('FACEBOOK_APP_ID','')

FACEBOOK_API_KEY = get_from_env('FACEBOOK_API_KEY','')

FACEBOOK_API_SECRET = get_from_env('FACEBOOK_API_SECRET','')

# twitter

TWITTER_API_KEY = ''

TWITTER_API_SECRET = ''

TWITTER_USER_TO_FOLLOW = 'heliosvoting'

TWITTER_REASON_TO_FOLLOW = "we can direct-message you when the result has been computed in an election in which you participated"

# the token for Helios to do direct messaging

TWITTER_DM_TOKEN = {"oauth_token": "", "oauth_token_secret": "", "user_id": "", "screen_name": ""}

# LinkedIn

LINKEDIN_API_KEY = ''

LINKEDIN_API_SECRET = ''

# CAS (for universities)

CAS_USERNAME = get_from_env('CAS_USERNAME', "")

CAS_PASSWORD = get_from_env('CAS_PASSWORD', "")

CAS_ELIGIBILITY_URL = get_from_env('CAS_ELIGIBILITY_URL', "")

CAS_ELIGIBILITY_REALM = get_from_env('CAS_ELIGIBILITY_REALM', "")

# Clever

CLEVER_CLIENT_ID = get_from_env('CLEVER_CLIENT_ID', "")

CLEVER_CLIENT_SECRET = get_from_env('CLEVER_CLIENT_SECRET', "")

# email server

EMAIL_HOST = get_from_env('EMAIL_HOST', 'localhost')

EMAIL_PORT = int(get_from_env('EMAIL_PORT', "2525"))

EMAIL_HOST_USER = get_from_env('EMAIL_HOST_USER', '')

EMAIL_HOST_PASSWORD = get_from_env('EMAIL_HOST_PASSWORD', '')

EMAIL_USE_TLS = (get_from_env('EMAIL_USE_TLS', '0') == '1')

# to use AWS Simple Email Service

# in which case environment should contain

# AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY

if get_from_env('EMAIL_USE_AWS', '0') == '1':

    EMAIL_BACKEND = 'django_ses.SESBackend'

# set up logging

import logging

logging.basicConfig(

    level = logging.DEBUG,

    format = '%(asctime)s %(levelname)s %(message)s'

)

# set up celery

if TESTING:

    CELERY_TASK_ALWAYS_EAGER = True

#database_url = DATABASES['default']

CELERY_BROKER_URL = get_from_env('CELERY_BROKER_URL', 'redis://127.0.0.1:6379')

CELERY_ACCEPT_CONTENT = ['application/json']

CELERY_TASK_SERIALIZER = 'json'

CELERY_RESULT_SERIALIZER = 'json'

CELERY_RESULT_BACKEND = 'django-db'

CELERY_CACHE_BACKEND = 'django-cache'

CELERY_RESULT_EXPIRES = 5184000  # 60 dias

# see configuration example at https://pythonhosted.org/django-auth-ldap/example.html

AUTH_LDAP_SERVER_URI = "ldap://ldap.forumsys.com" # replace by your Ldap URI

AUTH_LDAP_BIND_DN = "cn=read-only-admin,dc=example,dc=com"

AUTH_LDAP_BIND_PASSWORD = "password"

AUTH_LDAP_USER_SEARCH = LDAPSearch("dc=example,dc=com",

    ldap.SCOPE_SUBTREE, "(uid=%(user)s)"

)

AUTH_LDAP_USER_ATTR_MAP = {

    "first_name": "givenName",

    "last_name": "sn",

    "email": "mail",

}

AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = True

AUTH_LDAP_ALWAYS_UPDATE_USER = False

AUTH_BIND_USERID_TO_VOTERID = ['ldap']

# Shibboleth auth settings

SHIBBOLETH_ATTRIBUTE_MAP = {

    #"Shibboleth-givenName": (True, "first_name"),

    "Shib-inetOrgPerson-cn": (True, "common_name"),

    "Shib-inetOrgPerson-sn": (True, "last_name"),

    "Shib-inetOrgPerson-mail": (True, "email"),

    "Shib-eduPerson-eduPersonPrincipalName": (True, "eppn"),

    "Shib-brEduPerson-brEduAffiliationType": (True, "affiliation"),

    "Shib-Identity-Provider": (True, "identity_provider"),

}

FEDERATION_NAME = "CAFe Expresso"

# To use some manager-specific attributes, like idp address

USE_ELECTION_MANAGER_ATTRIBUTES = True

ELECTION_MANAGER_ATTRIBUTES = ['Provider']

INSTITUTION_ROLE = ['Institution Admin','Election Admin']

ATTRIBUTES_AUTOMATICALLY_CHECKED = ['brExitDate']

SESSION_EXPIRE_AT_BROWSER_CLOSE = True

USE_EMBEDDED_DS = False

# end shibboleth auth settings

# Rollbar Error Logging

ROLLBAR_ACCESS_TOKEN = get_from_env('ROLLBAR_ACCESS_TOKEN', None)

if ROLLBAR_ACCESS_TOKEN:

  print "setting up rollbar"

  MIDDLEWARE += ['rollbar.contrib.django.middleware.RollbarNotifierMiddleware',]

  ROLLBAR = {

    'access_token': ROLLBAR_ACCESS_TOKEN,

    'environment': 'development' if DEBUG else 'production',  

  }

FEATURE_ELECTION = False

LOGGING = {

    'version': 1,

    'disable_existing_loggers': False,

    'handlers': {

        'null': {

            'class': 'logging.NullHandler',

        }

    },

    'loggers': {

        'django.security.DisallowedHost': {

            'handlers' : ['null'],

            'propagate': False,

        }

     }

}

[Warwick McNaughton]

Hi Rudinei

I wrote up a walk-through which you might find helpful here:

https://wrmack.github.io/helios-server-docs/site/inst_virtualbox/

Cheers

--
--
Helios Voting Google Group
To post: helios...@googlegroups.com
To unsubscribe: helios-votin...@googlegroups.com
More: http://groups.google.com/group/helios-voting?hl=en

---
You received this message because you are subscribed to the Google Groups "Helios Voting" group.
To unsubscribe from this group and stop receiving emails from it, send an email to helios-votin...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/helios-voting/1ed0bba7-40bd-4c64-9b02-3fa32bb73723n%40googlegroups.com.

[Rudinei Dias]

Hi, thanks for your response.
The walk through that you has indicated only authentication with Google OAuth2.
My question is about configuration for  authentication type "password" ou "ldap".

------------------
Rudinei Dias

To view this discussion on the web visit https://groups.google.com/d/msgid/helios-voting/89DC9FD3-CA19-4DA1-902E-23CE7C33C0EA%40gmail.com.

[Warwick McNaughton]

I haven’t tried setting it up with LDAP, sorry.

To view this discussion on the web visit https://groups.google.com/d/msgid/helios-voting/CABofkL4joPjXLhR6bCC46fhA4Qv2GTCVe0MqHhofv5mY23L1sw%40mail.gmail.com.