Merge remote-tracking branch 'tower/release_3.3.0' into devel

awx/settings/defaults.py

@@ -200,13 +200,15 @@ SESSION_COOKIE_SECURE = True
 
 # Seconds before sessions expire.
 # Note: This setting may be overridden by database settings.
-SESSION_COOKIE_AGE = 1209600
+SESSION_COOKIE_AGE = 1800
 
 # Maximum number of per-user valid, concurrent sessions.
 # -1 is unlimited
 # Note: This setting may be overridden by database settings.
 SESSIONS_PER_USER = -1
 
+CSRF_USE_SESSIONS = False
+
 # Disallow sending csrf cookies over insecure connections
 CSRF_COOKIE_SECURE = True
 
@@ -259,6 +261,7 @@ MIDDLEWARE_CLASSES = (  # NOQA
     'awx.sso.middleware.SocialAuthMiddleware',
     'crum.CurrentRequestUserMiddleware',
     'awx.main.middleware.URLModificationMiddleware',
+    'awx.main.middleware.SessionTimeoutMiddleware',
 )
 
 
@@ -286,8 +289,7 @@ INSTALLED_APPS = (
     'awx.api',
     'awx.ui',
     'awx.sso',
-    'solo',
-    'awx.network_ui'
+    'solo'
 )
 
 INTERNAL_IPS = ('127.0.0.1',)
@@ -348,9 +350,11 @@ AUTHENTICATION_BACKENDS = (
 # Django OAuth Toolkit settings
 OAUTH2_PROVIDER_APPLICATION_MODEL = 'main.OAuth2Application'
 OAUTH2_PROVIDER_ACCESS_TOKEN_MODEL = 'main.OAuth2AccessToken'
+OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL = 'oauth2_provider.RefreshToken'
 
 OAUTH2_PROVIDER = {'ACCESS_TOKEN_EXPIRE_SECONDS': 31536000000,
                    'AUTHORIZATION_CODE_EXPIRE_SECONDS': 600}
+ALLOW_OAUTH2_FOR_EXTERNAL_USERS = False
 
 # LDAP server (default to None to skip using LDAP authentication).
 # Note: This setting may be overridden by database settings.