This is a backend data store with a REST API for use by the teach website.
- Python 2.7
- pip and virtualenv
virtualenv venv
# On Windows, replace the following line with 'venv\Scripts\activate'.
source venv/bin/activate
pip install -r requirements.minimal.txt
python manage.py syncdb
You will be asked if you want to create an administrative user. Respond affirmatively, fill out the details, and then run:
python manage.py initgroups
python manage.py runserver
If you are running the Teach-API in a VM, and you wish to access the Django instance from outside the VM, you will need to have your VM use bridged networking (to make it part of your preexisting local network) and then use the following runserver command:
python manage.py runserver 0.0.0.0:8000
You can then access the server from the host machine on the VM's IP address. For example, if the VM has an IP 192.168.1.1, the host machine can access the teach-api via http://192.168.1.1:8000
In order to use the admin route, you will need to clear a user account by ensuring is_staff = 1. If the webmaker login username that you want to use is the same as the administrative user, you're done. Otherwise, after signing in with your webmaker user account once, connect to the db.sqlite3 database file in the teach-api root directory with a sqlite3 CLI or GUI (SQLite Manager for Firefox is highly recommended for working with Sqlite files), and update the auth_users table, by setting the user record associated with your webmaker account to have is_staff set to 1 rather than 0.
You should now be able to load up the administrative view for the teach-api via http://localhost:8000/admin when logged in with your webmaker account.
Unlike traditional Django settings, we use environment variables for configuration to be compliant with twelve-factor apps.
Note: When an environment variable is described as representing a boolean value, if the variable exists with any value (even the empty string), the boolean is true; otherwise, it's false.
Note: When running manage.py, the following environment
variables are given default values: SECRET_KEY, PORT, ORIGIN.
CORS_API_LOGIN_ORIGINS. Also, DEBUG is enabled.
SECRET_KEYis a large random value.DEBUGis a boolean value that indicates whether debugging is enabled (this should always be false in production).PORTis the port that the server binds to.ORIGINis the origin of the server, as it appears to users. IfDEBUGis enabled, this defaults tohttp://localhost:PORT. Otherwise, it must be defined.ADMIN_PROTECTION_USERPASSis an optional username:password value that can be used to provide extra protection for accessing the admin UI. That is, in addition to requiring staff permission to access the admin UI, they will also be prompted for this username and password via HTTP Basic Authentication.DATABASE_URLis the URL for the database. Defaults to asqlite://URL pointing todb.sqlite3at the root of the repository. If this value is the name of another (all-caps) environment variable, e.g.HEROKU_POSTGRESQL_AMBER_URL, that variable's value will be used as the database URL.SECURE_PROXY_SSL_HEADERis an optional HTTP request header field name and value indicating that the request is actually secure. For example, Heroku deployments should set this toX-Forwarded-Proto: https.DEFAULT_FROM_EMAILis the default email address to use for various automated correspondence from the site manager(s), such as password resets. Defaults towebmaster@localhost.TEACH_STAFF_EMAILSis a comma-separated list of email addresses representing people who should be emailed whenever a Webmaker Club is created, or something else notable (but also non-technical) is done on the site.EMAIL_BACKEND_URLis a URL representing the email backend to use. Examples includeconsole:,smtp://hostname:port, andsmtp+tls://user:pass@hostname:port. Mandrill can also be used via 'mandrill://your-mandrill-api-key', though this requires the djrill package.IDAPI_URLis the URL of the Webmaker ID (OAuth2) server. Defaults tohttps://id.webmaker.org. If it is set to a value of the formfake:username:email, e.g.fake:foo:foo@example.org, and ifDEBUGis true, then the given username/email will always be logged in when the OAuth2 authorize endpoint is contacted, which is useful for offline development.IDAPI_CLIENT_IDis the server's OAuth2 client ID.IDAPI_CLIENT_SECRETis the server's OAuth2 client secret.CORS_API_LOGIN_ORIGINSis a comma-separated list of origins that can submit Persona assertions to the API server in exchange for API tokens. It's also a list of origins that can delegate login to the API server and obtain API tokens. This list should not contain any whitespace. IfDEBUGis enabled, any origin can submit Persona assertions or delegate login to the API server.TEACH_SITE_URLis the URL to the Teach site, used when sending emails to users, among other things. It defaults to https://teach.mozilla.org.DISCOURSE_SSO_SECRETis the SSO secret for Discourse single sign-on. For more information, see discourse_sso/README.md. If empty or undefined, Discourse SSO functionality will be disabled.DISCOURSE_SSO_ORIGINis the origin of your Discourse site. IfDISCOURSE_SSO_SECRETis set, this must also be set.CREDLY_API_KEYCredly API keyCREDLY_APP_SECRETCredly App Secret for more details see https://developers.credly.com/my-apps
These will be removed at some point.
LOGINAPI_URLis the URL of the Webmaker login API server. Defaults tohttps://login.webmaker.org.LOGINAPI_AUTHis the username:password pair that will be used to authenticate with the Webmaker login server, e.g.john:1234. This is needed for Persona-based authentication only.BROWSERID_AUTOLOGIN_EMAILspecifies an email address to auto-login as when Persona login buttons are clicked. It is useful for offline development and is only valid ifDEBUGis true. Make sure an existing Django user account exists for the email associated with this address.
It's assumed that production deploys (i.e. where DEBUG is false)
are hosted over https. The site will not work if it is hosted on
production over http.