# Settings
{% hint style="info" %}
**settings.py** is part of **.gitignore** and hence not synced with GitHub.\
It is used for local development and testing purposes only. The PROD environment uses secrets fetched by the generic settings in software\configurations\base.py.
{% endhint %}
**settings.py** is located in the project folder and is used as the core configuration of a given Automail instance for your local development and testing environment.
### General Settings
settings.py should always extend configurations.base, which includes the generic configurations that apply to all Automail instances.
```python
from configurations.base import *
PROJECT_NAME = "automail-lv-cookie" # instance name
COMPANY_NAME = "ABC Inc." # client company name
APPLICATION_NAME = f"Automail DEV {VERSION}" # instance-specific name displayed on the sign-in page
APPLICATION_NAME_SHORT = APPLICATION_NAME # instance-specific short name displayed next to the Lineverge logo on the top left of the site when the left menu is unfolded (maximum 12 characters for optimal display)
DOMAIN = "https://abc.com" # client company website
DESCRIPTION_TEXT = f"This is a testing site of Automail in version {VERSION}..." # notification text displayed on the sign-in page
LOG_FOLDER = r"C:\Lineverge\Staging\staging\Logs" # absolute folder path to store log files (None for local development)
PICKLE_DIR = r"C:\Lineverge\Staging\staging\Pickles" # absolute folder path to store pickles (a pickle is a dataframe stored in a file)
EXPORT_DIR = r"C:\Lineverge\Staging\staging\Exports" # absolute folder path to store files generated through custom backend processes (e.g. export of Costing data into costing.xlsx)
UPLOADS_DIR = r"C:\Lineverge\Staging\staging\Uploads" # absolute folder path for Automail to store files that were uploaded by a users via drag&drop using the Table upload feature
TEMP_DIR = r"C:\Lineverge\Staging\staging\Temp" # absolute folder path for Automail to store temporary files, which are deleted after being served to the user
SECRET_KEY = "ABCABCABCABCABCABCABCABCABCABCABCABC" # salt used for hashing sessions
ALLOWED_HOSTS = ["cookie.lineverge.io", "127.0.0.1"] # domains allowed to run the Automail instance (always put the PROD domain first and then alternative domains, "127.0.0.1" is running the application using the development server)
DEBUG = True # debug flag used for development only (in PROD always set to False for security reasons!)
if DEBUG:
MEDIA_URL = "/"
if DEBUG is False: # HTTP to HTTPS redirect
SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql', # database driver
'NAME': 'automail', # database name
'USER': 'automail', # database user (always set up a dedicated user for Automail called "automail" for consistency)
'PASSWORD': 'SECRET PASSWORD', # database user password
'HOST': 'automail-lv-cookie.ap-east-1.rds.amazonaws.com', # database host ("localhost" for local development)
},
}
DBBACKUP_STORAGE_OPTIONS = {"location": r"C:\Lineverge\Staging\Backups"} # Backup folder
# Outbound SendGrid
SENDGRID_APIKEY = "SG..." # API key to send emails using the Sendgrid API
SENDGRID_APIKEY_DELETE_BOUNCE = "SG..." # API key to delete bounced emails in Sendgrid (to avoid Sendgrid blocking the submissions)
SUPPORT_EMAIL_ADDRESS = "support_automail@abc.com" # support email address of the client to help supply chain partners
EMAIL_USERNAME = "automail_test@lineverge.com" # email address to send the Automail emails (if using a client email address then the required domain records need to be set to avoid emails falling into SPAM)
EMAIL_USERNAME_SEND = EMAIL_USERNAME
SEND_TO_BCC = [] # email addresses to included in BCC for all Automail emails (usually of Lineverge team members)
# Autoform
AWS_BUCKET = "autoform-test-uploads" # Autoform test bucket
AWS_REGION = "ap-southeast-1" # Autoform test region
AUTOFORM_TOKEN = "" # Autoform test token
AUTOFORM_DOMAIN = "https://autoform-test.s3.ap-southeast-1.amazonaws.com" # Autoform test domain
CREATECONFIG_ENDPOINT = "https://td5ag5ha50.execute-api.ap-southeast-1.amazonaws.com/dev/createconfig" # Autoform create test endpoint
UPDATECONFIG_ENDPOINT = "https://2npjre9u95.execute-api.ap-southeast-1.amazonaws.com/dev/updateconfig" # Autoform update test endpoint
LOADCONFIG_ENDPOINT = "https://ebsl128mw2.execute-api.ap-southeast-1.amazonaws.com/dev/loadconfig" # Autoform load test endpoint
CHECKCONFIG_ENDPOINT = "https://9ehwwojapd.execute-api.ap-southeast-1.amazonaws.com/dev/checkconfig" # Autoform bulk config check endpoint
```
### Single Sign-On
Automail has a Single Sign-On (SSO) feature, to allow seamless access to multiple applications and services using a single set of credentials. We use OpenID as our SSO method because it's an open standard that ensures secure user authentication, enabling users to log in using a single digital identity across various websites and applications, reducing the need for multiple passwords, and streamlining the user experience.
An Identity Provider (IdP), is a system that authenticates users and supplies their credentials to other services through a secure connection.
{% hint style="info" %}
The **IdP setup** requires to configure \[CUSTOM\_DOMAIN]/app\_authentication/oidc/callback/ (e.g. ) as callback **URI**.
{% endhint %}
To enable SSO, add the following constants to settings.py:
```python
SSO_AUTHENTICATION = True # To enable SSO within the application
AUTOMAIL_USERNAME_LOGIC = "email" # "email", "email_without_domain"
OIDC_RP_CLIENT_ID = "" # Provided by team managing the IdP
OIDC_RP_CLIENT_SECRET = "" # Provided by team managing the IdP
OIDC_OP_AUTHORIZATION_ENDPOINT = None # (endpoints can be found on IdP - OpenID configuration URL, e.g. "https://ssotesttrial.onelogin.com/oidc/2/auth")
OIDC_OP_TOKEN_ENDPOINT = None # (endpoints can be found on IdP - OpenID configuration URL, e.g. "https://ssotesttrial.onelogin.com/oidc/2/token")
OIDC_OP_USER_ENDPOINT = None # (endpoints can be found on IdP - OpenID configuration URL, e.g. "https://ssotesttrial.onelogin.com/oidc/2/me")
OIDC_OP_JWKS_ENDPOINT = None # (endpoints can be found on IdP - OpenID configuration URL, e.g. "https://contentlab-dev.onelogin.com/oidc/2/certs")
OIDC_RP_SIGN_ALGO = "HS256" # "HS256", "HS512", "RS256", "HS384"
AUTHENTICATION_BACKENDS = ["axes.backends.AxesBackend", "django.contrib.auth.backends.ModelBackend", "polygon.apps.app_authentication.backends.CustomOIDCAuthenticationBackend"]
MIDDLEWARE = [ "django.middleware.security.SecurityMiddleware", "django.contrib.sessions.middleware.SessionMiddleware", "django.middleware.common.CommonMiddleware", "django.middleware.csrf.CsrfViewMiddleware", "django.contrib.auth.middleware.AuthenticationMiddleware", "django.contrib.messages.middleware.MessageMiddleware", "django.middleware.clickjacking.XFrameOptionsMiddleware", "password_policies.middleware.PasswordChangeMiddleware", "axes.middleware.AxesMiddleware", "session_security.middleware.SessionSecurityMiddleware", 'polygon.apps.app_authentication.middlewares.DisableAdminLoginMiddleware', "mozilla_django_oidc.middleware.SessionRefresh"]
```
{% hint style="info" %}
The endpoints are visible at:\
**Google IdP:**
**Microsoft IdP:** ID}/v2.0/.well-known/openid-configuration
{% endhint %}
This will replace the default sign-in page with the SSO button that will redirect users to the IdP authentication page. After successful authentication, the IdP will redirect the users to their authenticated Automail accounts.
