From 9736287070fdf5668d48b3e604b07b85560463d8 Mon Sep 17 00:00:00 2001 From: Floris272 Date: Thu, 4 Jul 2024 17:02:22 +0200 Subject: [PATCH 01/11] install open_api_framework & update config --- requirements/base.in | 21 +- requirements/base.txt | 283 ++++++++++++++++++-- requirements/ci.txt | 455 +++++++++++++++++++++++++++++++- requirements/dev.txt | 443 ++++++++++++++++++++++++++++++- src/open_producten/conf/base.py | 445 ++----------------------------- 5 files changed, 1163 insertions(+), 484 deletions(-) diff --git a/requirements/base.in b/requirements/base.in index edb53d5..fde677a 100644 --- a/requirements/base.in +++ b/requirements/base.in @@ -1,25 +1,12 @@ # Core python libraries Pillow # handle images -psycopg2 # database driver -python-dotenv # environment variables for secrets -python-decouple # processing of envvar configs + +open-api-framework # Framework libraries -django ~= 4.2 -django-admin-index -django-axes -django-hijack -django-redis -django-rosetta -maykin-2fa +# django-hijack +# django-rosetta # API libraries -# djangorestframework # django-extra-fields -# django-filter -# drf-yasg # api documentation -# WSGI servers & monitoring - production oriented -uwsgi -sentry-sdk # error monitoring -elastic-apm # Elastic APM integration diff --git a/requirements/base.txt b/requirements/base.txt index 7212608..72c6f62 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -4,14 +4,37 @@ # # ./bin/compile_dependencies.sh # +amqp==5.2.0 + # via kombu +ape-pie==0.2.0 + # via zgw-consumers asgiref==3.8.1 # via # django # django-axes + # django-cors-headers asn1crypto==1.5.1 # via webauthn +attrs==23.2.0 + # via + # glom + # jsonschema + # referencing +billiard==4.2.0 + # via celery +bleach==6.1.0 + # via open-api-framework +boltons==24.0.0 + # via + # face + # glom cbor2==5.6.4 # via webauthn +celery==5.4.0 + # via + # flower + # notifications-api-common + # open-api-framework certifi==2024.6.2 # via # elastic-apm @@ -21,89 +44,307 @@ cffi==1.16.0 # via cryptography charset-normalizer==3.3.2 # via requests +click==8.1.7 + # via + # celery + # click-didyoumean + # click-plugins + # click-repl +click-didyoumean==0.3.1 + # via celery +click-plugins==1.1.1 + # via celery +click-repl==0.3.0 + # via celery +commonground-api-common==1.13.1 + # via open-api-framework +coreapi==2.3.3 + # via commonground-api-common +coreschema==0.0.4 + # via coreapi cryptography==42.0.8 # via + # django-simple-certmanager + # josepy + # mozilla-django-oidc # pyopenssl # webauthn django==4.2.13 # via - # -r requirements/base.in + # commonground-api-common # django-admin-index + # django-appconf # django-axes + # django-cors-headers + # django-filter # django-formtools - # django-hijack + # django-jsonform + # django-log-outgoing-requests + # django-markup # django-otp # django-phonenumber-field + # django-privates # django-redis - # django-rosetta + # django-relativedelta + # django-rest-framework-condition + # django-sendfile2 + # django-setup-configuration + # django-simple-certmanager + # django-solo # django-two-factor-auth + # djangorestframework + # djangorestframework-inclusions + # drf-nested-routers + # drf-spectacular + # drf-yasg # maykin-2fa + # mozilla-django-oidc + # mozilla-django-oidc-db + # notifications-api-common + # open-api-framework + # zgw-consumers django-admin-index==3.1.1 - # via -r requirements/base.in + # via open-api-framework +django-appconf==1.0.6 + # via django-log-outgoing-requests django-axes==6.5.1 - # via -r requirements/base.in + # via open-api-framework +django-cors-headers==4.4.0 + # via open-api-framework +django-filter==24.2 + # via + # commonground-api-common + # open-api-framework django-formtools==2.5.1 # via django-two-factor-auth -django-hijack==3.5.4 - # via -r requirements/base.in +django-jsonform==2.22.0 + # via + # mozilla-django-oidc-db + # open-api-framework +django-log-outgoing-requests==0.6.1 + # via open-api-framework +django-markup==1.8.1 + # via open-api-framework django-ordered-model==3.7.4 # via django-admin-index django-otp==1.5.0 # via django-two-factor-auth django-phonenumber-field==7.3.0 # via django-two-factor-auth +django-privates==2.0.0.post1 + # via django-simple-certmanager django-redis==5.4.0 - # via -r requirements/base.in -django-rosetta==0.10.0 - # via -r requirements/base.in + # via open-api-framework +django-relativedelta==2.0.0 + # via zgw-consumers +django-rest-framework-condition==0.1.1 + # via commonground-api-common +django-sendfile2==0.7.1 + # via django-privates +django-setup-configuration==0.1.0 + # via open-api-framework +django-simple-certmanager==2.0.0 + # via zgw-consumers +django-solo==2.3.0 + # via + # commonground-api-common + # django-log-outgoing-requests + # mozilla-django-oidc-db + # notifications-api-common + # zgw-consumers django-two-factor-auth[phonenumberslite,webauthn]==1.16.0 # via maykin-2fa +djangorestframework==3.15.2 + # via + # commonground-api-common + # djangorestframework-gis + # djangorestframework-inclusions + # drf-nested-routers + # drf-spectacular + # drf-yasg + # notifications-api-common + # open-api-framework +djangorestframework-camel-case==1.4.2 + # via + # commonground-api-common + # notifications-api-common +djangorestframework-gis==1.0 + # via open-api-framework +djangorestframework-inclusions==1.2.0 + # via open-api-framework +drf-nested-routers==0.94.1 + # via commonground-api-common +drf-spectacular==0.27.2 + # via open-api-framework +drf-yasg==1.21.7 + # via commonground-api-common ecs-logging==2.2.0 # via elastic-apm elastic-apm==6.22.3 - # via -r requirements/base.in + # via open-api-framework +face==20.1.1 + # via glom +flower==2.0.1 + # via open-api-framework +furl==2.1.3 + # via ape-pie +gemma-zds-client==2.0.0 + # via + # commonground-api-common + # notifications-api-common +glom==23.5.0 + # via mozilla-django-oidc-db +humanize==4.9.0 + # via flower idna==3.7 # via requests +inflection==0.5.1 + # via + # drf-spectacular + # drf-yasg +iso-639==0.4.5 + # via commonground-api-common +isodate==0.6.1 + # via commonground-api-common +itypes==1.2.0 + # via coreapi +jinja2==3.1.4 + # via coreschema +josepy==1.14.0 + # via mozilla-django-oidc +jsonschema==4.22.0 + # via drf-spectacular +jsonschema-specifications==2023.12.1 + # via jsonschema +kombu==5.3.7 + # via celery +markupsafe==2.1.5 + # via jinja2 maykin-2fa==1.0.0 + # via open-api-framework +mozilla-django-oidc==4.0.1 + # via mozilla-django-oidc-db +mozilla-django-oidc-db==0.19.0 + # via open-api-framework +notifications-api-common==0.2.2 + # via commonground-api-common +open-api-framework==0.5.0 # via -r requirements/base.in +orderedmultidict==1.0.1 + # via furl +oyaml==1.0 + # via commonground-api-common +packaging==24.1 + # via drf-yasg phonenumberslite==8.13.40 # via django-two-factor-auth pillow==10.4.0 # via -r requirements/base.in -polib==1.2.0 - # via django-rosetta +prometheus-client==0.20.0 + # via flower +prompt-toolkit==3.0.47 + # via click-repl psycopg2==2.9.9 - # via -r requirements/base.in + # via open-api-framework pycparser==2.22 # via cffi +pyjwt==2.8.0 + # via + # commonground-api-common + # gemma-zds-client + # zgw-consumers pyopenssl==24.1.0 - # via webauthn + # via + # josepy + # webauthn pypng==0.20220715.0 # via qrcode +python-dateutil==2.9.0.post0 + # via + # celery + # django-relativedelta python-decouple==3.8 - # via -r requirements/base.in + # via open-api-framework python-dotenv==1.0.1 - # via -r requirements/base.in + # via open-api-framework +pytz==2024.1 + # via + # drf-yasg + # flower +pyyaml==6.0.1 + # via + # drf-spectacular + # drf-yasg + # gemma-zds-client + # oyaml qrcode==7.4.2 # via django-two-factor-auth redis==5.0.7 # via django-redis +referencing==0.35.1 + # via + # jsonschema + # jsonschema-specifications requests==2.32.3 - # via django-rosetta + # via + # ape-pie + # commonground-api-common + # coreapi + # django-log-outgoing-requests + # gemma-zds-client + # mozilla-django-oidc + # open-api-framework + # zgw-consumers +rpds-py==0.18.1 + # via + # jsonschema + # referencing sentry-sdk==2.7.1 - # via -r requirements/base.in + # via open-api-framework +six==1.16.0 + # via + # bleach + # furl + # isodate + # orderedmultidict + # python-dateutil sqlparse==0.5.0 # via django +tornado==6.4.1 + # via flower typing-extensions==4.12.2 - # via qrcode + # via + # mozilla-django-oidc-db + # qrcode + # zgw-consumers +tzdata==2024.1 + # via celery +uritemplate==4.1.1 + # via + # coreapi + # drf-spectacular + # drf-yasg urllib3==2.2.2 # via # elastic-apm # requests # sentry-sdk uwsgi==2.0.26 - # via -r requirements/base.in + # via open-api-framework +vine==5.1.0 + # via + # amqp + # celery + # kombu +wcwidth==0.2.13 + # via prompt-toolkit webauthn==2.2.0 # via django-two-factor-auth +webencodings==0.5.1 + # via bleach wrapt==1.16.0 # via elastic-apm +zgw-consumers==0.33.0 + # via + # notifications-api-common + # open-api-framework diff --git a/requirements/ci.txt b/requirements/ci.txt index e42021e..af39f4f 100644 --- a/requirements/ci.txt +++ b/requirements/ci.txt @@ -4,12 +4,23 @@ # # ./bin/compile_dependencies.sh # +amqp==5.2.0 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # kombu +ape-pie==0.2.0 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # zgw-consumers asgiref==3.8.1 # via # -c requirements/base.txt # -r requirements/base.txt # django # django-axes + # django-cors-headers asn1crypto==1.5.1 # via # -c requirements/base.txt @@ -17,13 +28,43 @@ asn1crypto==1.5.1 # webauthn astroid==3.2.2 # via pylint +attrs==23.2.0 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # glom + # jsonschema + # referencing beautifulsoup4==4.12.3 # via webtest +billiard==4.2.0 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # celery +bleach==6.1.0 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # open-api-framework +boltons==24.0.0 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # face + # glom cbor2==5.6.4 # via # -c requirements/base.txt # -r requirements/base.txt # webauthn +celery==5.4.0 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # flower + # notifications-api-common + # open-api-framework certifi==2024.6.2 # via # -c requirements/base.txt @@ -41,12 +82,53 @@ charset-normalizer==3.3.2 # -c requirements/base.txt # -r requirements/base.txt # requests +click==8.1.7 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # celery + # click-didyoumean + # click-plugins + # click-repl +click-didyoumean==0.3.1 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # celery +click-plugins==1.1.1 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # celery +click-repl==0.3.0 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # celery +commonground-api-common==1.13.1 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # open-api-framework +coreapi==2.3.3 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # commonground-api-common +coreschema==0.0.4 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # coreapi coverage==4.5.4 # via -r requirements/test-tools.in cryptography==42.0.8 # via # -c requirements/base.txt # -r requirements/base.txt + # django-simple-certmanager + # josepy + # mozilla-django-oidc # pyopenssl # webauthn cssselect==1.2.0 @@ -57,36 +139,88 @@ django==4.2.13 # via # -c requirements/base.txt # -r requirements/base.txt + # commonground-api-common # django-admin-index + # django-appconf # django-axes + # django-cors-headers + # django-filter # django-formtools - # django-hijack # django-jenkins + # django-jsonform + # django-log-outgoing-requests + # django-markup # django-otp # django-phonenumber-field + # django-privates # django-redis - # django-rosetta + # django-relativedelta + # django-rest-framework-condition + # django-sendfile2 + # django-setup-configuration + # django-simple-certmanager + # django-solo # django-two-factor-auth + # djangorestframework + # djangorestframework-inclusions + # drf-nested-routers + # drf-spectacular + # drf-yasg # maykin-2fa + # mozilla-django-oidc + # mozilla-django-oidc-db + # notifications-api-common + # open-api-framework + # zgw-consumers django-admin-index==3.1.1 # via # -c requirements/base.txt # -r requirements/base.txt + # open-api-framework +django-appconf==1.0.6 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # django-log-outgoing-requests django-axes==6.5.1 # via # -c requirements/base.txt # -r requirements/base.txt -django-formtools==2.5.1 + # open-api-framework +django-cors-headers==4.4.0 # via # -c requirements/base.txt # -r requirements/base.txt - # django-two-factor-auth -django-hijack==3.5.4 + # open-api-framework +django-filter==24.2 # via # -c requirements/base.txt # -r requirements/base.txt + # commonground-api-common + # open-api-framework +django-formtools==2.5.1 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # django-two-factor-auth django-jenkins==0.110.0 # via -r requirements/test-tools.in +django-jsonform==2.22.0 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # mozilla-django-oidc-db + # open-api-framework +django-log-outgoing-requests==0.6.1 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # open-api-framework +django-markup==1.8.1 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # open-api-framework django-ordered-model==3.7.4 # via # -c requirements/base.txt @@ -102,14 +236,50 @@ django-phonenumber-field==7.3.0 # -c requirements/base.txt # -r requirements/base.txt # django-two-factor-auth +django-privates==2.0.0.post1 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # django-simple-certmanager django-redis==5.4.0 # via # -c requirements/base.txt # -r requirements/base.txt -django-rosetta==0.10.0 + # open-api-framework +django-relativedelta==2.0.0 # via # -c requirements/base.txt # -r requirements/base.txt + # zgw-consumers +django-rest-framework-condition==0.1.1 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # commonground-api-common +django-sendfile2==0.7.1 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # django-privates +django-setup-configuration==0.1.0 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # open-api-framework +django-simple-certmanager==2.0.0 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # zgw-consumers +django-solo==2.3.0 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # commonground-api-common + # django-log-outgoing-requests + # mozilla-django-oidc-db + # notifications-api-common + # zgw-consumers django-two-factor-auth[phonenumberslite,webauthn]==1.16.0 # via # -c requirements/base.txt @@ -117,6 +287,49 @@ django-two-factor-auth[phonenumberslite,webauthn]==1.16.0 # maykin-2fa django-webtest==1.9.11 # via -r requirements/test-tools.in +djangorestframework==3.15.2 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # commonground-api-common + # djangorestframework-gis + # djangorestframework-inclusions + # drf-nested-routers + # drf-spectacular + # drf-yasg + # notifications-api-common + # open-api-framework +djangorestframework-camel-case==1.4.2 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # commonground-api-common + # notifications-api-common +djangorestframework-gis==1.0 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # open-api-framework +djangorestframework-inclusions==1.2.0 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # open-api-framework +drf-nested-routers==0.94.1 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # commonground-api-common +drf-spectacular==0.27.2 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # open-api-framework +drf-yasg==1.21.7 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # commonground-api-common ecs-logging==2.2.0 # via # -c requirements/base.txt @@ -126,31 +339,149 @@ elastic-apm==6.22.3 # via # -c requirements/base.txt # -r requirements/base.txt + # open-api-framework +face==20.1.1 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # glom factory-boy==3.3.0 # via -r requirements/test-tools.in faker==26.0.0 # via factory-boy flake8==7.1.0 # via -r requirements/test-tools.in +flower==2.0.1 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # open-api-framework freezegun==1.5.1 # via -r requirements/test-tools.in +furl==2.1.3 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # ape-pie +gemma-zds-client==2.0.0 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # commonground-api-common + # notifications-api-common +glom==23.5.0 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # mozilla-django-oidc-db +humanize==4.9.0 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # flower idna==3.7 # via # -c requirements/base.txt # -r requirements/base.txt # requests +inflection==0.5.1 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # drf-spectacular + # drf-yasg +iso-639==0.4.5 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # commonground-api-common +isodate==0.6.1 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # commonground-api-common isort==5.13.2 # via pylint +itypes==1.2.0 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # coreapi +jinja2==3.1.4 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # coreschema +josepy==1.14.0 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # mozilla-django-oidc +jsonschema==4.22.0 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # drf-spectacular +jsonschema-specifications==2023.12.1 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # jsonschema +kombu==5.3.7 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # celery lxml==5.2.2 # via pyquery +markupsafe==2.1.5 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # jinja2 maykin-2fa==1.0.0 # via # -c requirements/base.txt # -r requirements/base.txt + # open-api-framework mccabe==0.7.0 # via # flake8 # pylint +mozilla-django-oidc==4.0.1 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # mozilla-django-oidc-db +mozilla-django-oidc-db==0.19.0 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # open-api-framework +notifications-api-common==0.2.2 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # commonground-api-common +open-api-framework==0.5.0 + # via + # -c requirements/base.txt + # -r requirements/base.txt +orderedmultidict==1.0.1 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # furl +oyaml==1.0 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # commonground-api-common +packaging==24.1 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # drf-yasg phonenumberslite==8.13.40 # via # -c requirements/base.txt @@ -162,15 +493,21 @@ pillow==10.4.0 # -r requirements/base.txt platformdirs==4.2.2 # via pylint -polib==1.2.0 +prometheus-client==0.20.0 # via # -c requirements/base.txt # -r requirements/base.txt - # django-rosetta + # flower +prompt-toolkit==3.0.47 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # click-repl psycopg2==2.9.9 # via # -c requirements/base.txt # -r requirements/base.txt + # open-api-framework pycodestyle==2.12.0 # via flake8 pycparser==2.22 @@ -180,12 +517,20 @@ pycparser==2.22 # cffi pyflakes==3.2.0 # via flake8 +pyjwt==2.8.0 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # commonground-api-common + # gemma-zds-client + # zgw-consumers pylint==3.2.5 # via -r requirements/test-tools.in pyopenssl==24.1.0 # via # -c requirements/base.txt # -r requirements/base.txt + # josepy # webauthn pypng==0.20220715.0 # via @@ -196,16 +541,36 @@ pyquery==2.0.0 # via -r requirements/test-tools.in python-dateutil==2.9.0.post0 # via + # -c requirements/base.txt + # -r requirements/base.txt + # celery + # django-relativedelta # faker # freezegun python-decouple==3.8 # via # -c requirements/base.txt # -r requirements/base.txt + # open-api-framework python-dotenv==1.0.1 # via # -c requirements/base.txt # -r requirements/base.txt + # open-api-framework +pytz==2024.1 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # drf-yasg + # flower +pyyaml==6.0.1 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # drf-spectacular + # drf-yasg + # gemma-zds-client + # oyaml qrcode==7.4.2 # via # -c requirements/base.txt @@ -216,20 +581,47 @@ redis==5.0.7 # -c requirements/base.txt # -r requirements/base.txt # django-redis +referencing==0.35.1 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # jsonschema + # jsonschema-specifications requests==2.32.3 # via # -c requirements/base.txt # -r requirements/base.txt - # django-rosetta + # ape-pie + # commonground-api-common + # coreapi + # django-log-outgoing-requests + # gemma-zds-client + # mozilla-django-oidc + # open-api-framework # requests-mock + # zgw-consumers requests-mock==1.12.1 # via -r requirements/test-tools.in +rpds-py==0.18.1 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # jsonschema + # referencing sentry-sdk==2.7.1 # via # -c requirements/base.txt # -r requirements/base.txt + # open-api-framework six==1.16.0 - # via python-dateutil + # via + # -c requirements/base.txt + # -r requirements/base.txt + # bleach + # furl + # isodate + # orderedmultidict + # python-dateutil soupsieve==2.5 # via beautifulsoup4 sqlparse==0.5.0 @@ -241,11 +633,30 @@ tblib==3.0.0 # via -r requirements/test-tools.in tomlkit==0.12.5 # via pylint +tornado==6.4.1 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # flower typing-extensions==4.12.2 # via # -c requirements/base.txt # -r requirements/base.txt + # mozilla-django-oidc-db # qrcode + # zgw-consumers +tzdata==2024.1 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # celery +uritemplate==4.1.1 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # coreapi + # drf-spectacular + # drf-yasg urllib3==2.2.2 # via # -c requirements/base.txt @@ -257,13 +668,31 @@ uwsgi==2.0.26 # via # -c requirements/base.txt # -r requirements/base.txt + # open-api-framework +vine==5.1.0 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # amqp + # celery + # kombu waitress==3.0.0 # via webtest +wcwidth==0.2.13 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # prompt-toolkit webauthn==2.2.0 # via # -c requirements/base.txt # -r requirements/base.txt # django-two-factor-auth +webencodings==0.5.1 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # bleach webob==1.8.7 # via webtest webtest==3.0.0 @@ -273,3 +702,9 @@ wrapt==1.16.0 # -c requirements/base.txt # -r requirements/base.txt # elastic-apm +zgw-consumers==0.33.0 + # via + # -c requirements/base.txt + # -r requirements/base.txt + # notifications-api-common + # open-api-framework diff --git a/requirements/dev.txt b/requirements/dev.txt index 1ba93aa..7e45700 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -6,12 +6,23 @@ # alabaster==0.7.16 # via sphinx +amqp==5.2.0 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # kombu +ape-pie==0.2.0 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # zgw-consumers asgiref==3.8.1 # via # -c requirements/ci.txt # -r requirements/ci.txt # django # django-axes + # django-cors-headers asn1crypto==1.5.1 # via # -c requirements/ci.txt @@ -22,6 +33,13 @@ astroid==3.2.2 # -c requirements/ci.txt # -r requirements/ci.txt # pylint +attrs==23.2.0 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # glom + # jsonschema + # referencing babel==2.15.0 # via sphinx beautifulsoup4==4.12.3 @@ -29,8 +47,24 @@ beautifulsoup4==4.12.3 # -c requirements/ci.txt # -r requirements/ci.txt # webtest +billiard==4.2.0 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # celery black==24.4.2 # via -r requirements/dev.in +bleach==6.1.0 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # open-api-framework +boltons==24.0.0 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # face + # glom build==1.2.1 # via pip-tools bump2version==1.0.1 @@ -40,6 +74,13 @@ cbor2==5.6.4 # -c requirements/ci.txt # -r requirements/ci.txt # webauthn +celery==5.4.0 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # flower + # notifications-api-common + # open-api-framework certifi==2024.6.2 # via # -c requirements/ci.txt @@ -59,10 +100,46 @@ charset-normalizer==3.3.2 # requests click==8.1.7 # via + # -c requirements/ci.txt + # -r requirements/ci.txt # black + # celery + # click-didyoumean + # click-plugins + # click-repl # pip-tools +click-didyoumean==0.3.1 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # celery +click-plugins==1.1.1 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # celery +click-repl==0.3.0 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # celery colorama==0.4.6 # via isort +commonground-api-common==1.13.1 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # open-api-framework +coreapi==2.3.3 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # commonground-api-common +coreschema==0.0.4 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # coreapi coverage==4.5.4 # via # -c requirements/ci.txt @@ -71,6 +148,9 @@ cryptography==42.0.8 # via # -c requirements/ci.txt # -r requirements/ci.txt + # django-simple-certmanager + # josepy + # mozilla-django-oidc # pyopenssl # webauthn cssselect==1.2.0 @@ -87,44 +167,96 @@ django==4.2.13 # via # -c requirements/ci.txt # -r requirements/ci.txt + # commonground-api-common # django-admin-index + # django-appconf # django-axes + # django-cors-headers # django-debug-toolbar # django-extensions + # django-filter # django-formtools - # django-hijack # django-jenkins + # django-jsonform + # django-log-outgoing-requests + # django-markup # django-otp # django-phonenumber-field + # django-privates # django-redis - # django-rosetta + # django-relativedelta + # django-rest-framework-condition + # django-sendfile2 + # django-setup-configuration + # django-simple-certmanager + # django-solo # django-two-factor-auth + # djangorestframework + # djangorestframework-inclusions + # drf-nested-routers + # drf-spectacular + # drf-yasg # maykin-2fa + # mozilla-django-oidc + # mozilla-django-oidc-db + # notifications-api-common + # open-api-framework + # zgw-consumers django-admin-index==3.1.1 # via # -c requirements/ci.txt # -r requirements/ci.txt + # open-api-framework +django-appconf==1.0.6 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # django-log-outgoing-requests django-axes==6.5.1 # via # -c requirements/ci.txt # -r requirements/ci.txt + # open-api-framework +django-cors-headers==4.4.0 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # open-api-framework django-debug-toolbar==4.4.2 # via -r requirements/dev.in django-extensions==3.2.3 # via -r requirements/dev.in +django-filter==24.2 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # commonground-api-common + # open-api-framework django-formtools==2.5.1 # via # -c requirements/ci.txt # -r requirements/ci.txt # django-two-factor-auth -django-hijack==3.5.4 +django-jenkins==0.110.0 # via # -c requirements/ci.txt # -r requirements/ci.txt -django-jenkins==0.110.0 +django-jsonform==2.22.0 # via # -c requirements/ci.txt # -r requirements/ci.txt + # mozilla-django-oidc-db + # open-api-framework +django-log-outgoing-requests==0.6.1 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # open-api-framework +django-markup==1.8.1 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # open-api-framework django-ordered-model==3.7.4 # via # -c requirements/ci.txt @@ -140,14 +272,50 @@ django-phonenumber-field==7.3.0 # -c requirements/ci.txt # -r requirements/ci.txt # django-two-factor-auth +django-privates==2.0.0.post1 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # django-simple-certmanager django-redis==5.4.0 # via # -c requirements/ci.txt # -r requirements/ci.txt -django-rosetta==0.10.0 + # open-api-framework +django-relativedelta==2.0.0 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # zgw-consumers +django-rest-framework-condition==0.1.1 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # commonground-api-common +django-sendfile2==0.7.1 # via # -c requirements/ci.txt # -r requirements/ci.txt + # django-privates +django-setup-configuration==0.1.0 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # open-api-framework +django-simple-certmanager==2.0.0 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # zgw-consumers +django-solo==2.3.0 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # commonground-api-common + # django-log-outgoing-requests + # mozilla-django-oidc-db + # notifications-api-common + # zgw-consumers django-two-factor-auth[phonenumberslite,webauthn]==1.16.0 # via # -c requirements/ci.txt @@ -157,10 +325,53 @@ django-webtest==1.9.11 # via # -c requirements/ci.txt # -r requirements/ci.txt +djangorestframework==3.15.2 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # commonground-api-common + # djangorestframework-gis + # djangorestframework-inclusions + # drf-nested-routers + # drf-spectacular + # drf-yasg + # notifications-api-common + # open-api-framework +djangorestframework-camel-case==1.4.2 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # commonground-api-common + # notifications-api-common +djangorestframework-gis==1.0 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # open-api-framework +djangorestframework-inclusions==1.2.0 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # open-api-framework docutils==0.20.1 # via # sphinx # sphinx-rtd-theme +drf-nested-routers==0.94.1 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # commonground-api-common +drf-spectacular==0.27.2 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # open-api-framework +drf-yasg==1.21.7 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # commonground-api-common ecs-logging==2.2.0 # via # -c requirements/ci.txt @@ -170,6 +381,12 @@ elastic-apm==6.22.3 # via # -c requirements/ci.txt # -r requirements/ci.txt + # open-api-framework +face==20.1.1 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # glom factory-boy==3.3.0 # via # -c requirements/ci.txt @@ -183,14 +400,40 @@ flake8==7.1.0 # via # -c requirements/ci.txt # -r requirements/ci.txt +flower==2.0.1 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # open-api-framework freezegun==1.5.1 # via # -c requirements/ci.txt # -r requirements/ci.txt +furl==2.1.3 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # ape-pie +gemma-zds-client==2.0.0 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # commonground-api-common + # notifications-api-common gitdb==4.0.11 # via gitpython gitpython==3.1.43 # via -r requirements/dev.in +glom==23.5.0 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # mozilla-django-oidc-db +humanize==4.9.0 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # flower idna==3.7 # via # -c requirements/ci.txt @@ -198,37 +441,118 @@ idna==3.7 # requests imagesize==1.4.1 # via sphinx +inflection==0.5.1 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # drf-spectacular + # drf-yasg +iso-639==0.4.5 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # commonground-api-common +isodate==0.6.1 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # commonground-api-common isort[colors]==5.13.2 # via # -c requirements/ci.txt # -r requirements/ci.txt # -r requirements/dev.in # pylint +itypes==1.2.0 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # coreapi jinja2==3.1.4 - # via sphinx + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # coreschema + # sphinx +josepy==1.14.0 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # mozilla-django-oidc +jsonschema==4.22.0 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # drf-spectacular +jsonschema-specifications==2023.12.1 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # jsonschema +kombu==5.3.7 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # celery lxml==5.2.2 # via # -c requirements/ci.txt # -r requirements/ci.txt # pyquery markupsafe==2.1.5 - # via jinja2 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # jinja2 maykin-2fa==1.0.0 # via # -c requirements/ci.txt # -r requirements/ci.txt + # open-api-framework mccabe==0.7.0 # via # -c requirements/ci.txt # -r requirements/ci.txt # flake8 # pylint +mozilla-django-oidc==4.0.1 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # mozilla-django-oidc-db +mozilla-django-oidc-db==0.19.0 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # open-api-framework mypy-extensions==1.0.0 # via black +notifications-api-common==0.2.2 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # commonground-api-common +open-api-framework==0.5.0 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt +orderedmultidict==1.0.1 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # furl +oyaml==1.0 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # commonground-api-common packaging==24.1 # via + # -c requirements/ci.txt + # -r requirements/ci.txt # black # build + # drf-yasg # sphinx pathspec==0.12.1 # via black @@ -249,15 +573,21 @@ platformdirs==4.2.2 # -r requirements/ci.txt # black # pylint -polib==1.2.0 +prometheus-client==0.20.0 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # flower +prompt-toolkit==3.0.47 # via # -c requirements/ci.txt # -r requirements/ci.txt - # django-rosetta + # click-repl psycopg2==2.9.9 # via # -c requirements/ci.txt # -r requirements/ci.txt + # open-api-framework pycodestyle==2.12.0 # via # -c requirements/ci.txt @@ -275,6 +605,13 @@ pyflakes==3.2.0 # flake8 pygments==2.18.0 # via sphinx +pyjwt==2.8.0 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # commonground-api-common + # gemma-zds-client + # zgw-consumers pylint==3.2.5 # via # -c requirements/ci.txt @@ -283,6 +620,7 @@ pyopenssl==24.1.0 # via # -c requirements/ci.txt # -r requirements/ci.txt + # josepy # webauthn pypng==0.20220715.0 # via @@ -301,16 +639,34 @@ python-dateutil==2.9.0.post0 # via # -c requirements/ci.txt # -r requirements/ci.txt + # celery + # django-relativedelta # faker # freezegun python-decouple==3.8 # via # -c requirements/ci.txt # -r requirements/ci.txt + # open-api-framework python-dotenv==1.0.1 # via # -c requirements/ci.txt # -r requirements/ci.txt + # open-api-framework +pytz==2024.1 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # drf-yasg + # flower +pyyaml==6.0.1 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # drf-spectacular + # drf-yasg + # gemma-zds-client + # oyaml qrcode==7.4.2 # via # -c requirements/ci.txt @@ -321,25 +677,49 @@ redis==5.0.7 # -c requirements/ci.txt # -r requirements/ci.txt # django-redis +referencing==0.35.1 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # jsonschema + # jsonschema-specifications requests==2.32.3 # via # -c requirements/ci.txt # -r requirements/ci.txt - # django-rosetta + # ape-pie + # commonground-api-common + # coreapi + # django-log-outgoing-requests + # gemma-zds-client + # mozilla-django-oidc + # open-api-framework # requests-mock # sphinx + # zgw-consumers requests-mock==1.12.1 # via # -c requirements/ci.txt # -r requirements/ci.txt +rpds-py==0.18.1 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # jsonschema + # referencing sentry-sdk==2.7.1 # via # -c requirements/ci.txt # -r requirements/ci.txt + # open-api-framework six==1.16.0 # via # -c requirements/ci.txt # -r requirements/ci.txt + # bleach + # furl + # isodate + # orderedmultidict # python-dateutil smmap==5.0.1 # via gitdb @@ -386,11 +766,30 @@ tomlkit==0.12.5 # -c requirements/ci.txt # -r requirements/ci.txt # pylint +tornado==6.4.1 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # flower typing-extensions==4.12.2 # via # -c requirements/ci.txt # -r requirements/ci.txt + # mozilla-django-oidc-db # qrcode + # zgw-consumers +tzdata==2024.1 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # celery +uritemplate==4.1.1 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # coreapi + # drf-spectacular + # drf-yasg urllib3==2.2.2 # via # -c requirements/ci.txt @@ -402,16 +801,34 @@ uwsgi==2.0.26 # via # -c requirements/ci.txt # -r requirements/ci.txt + # open-api-framework +vine==5.1.0 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # amqp + # celery + # kombu waitress==3.0.0 # via # -c requirements/ci.txt # -r requirements/ci.txt # webtest +wcwidth==0.2.13 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # prompt-toolkit webauthn==2.2.0 # via # -c requirements/ci.txt # -r requirements/ci.txt # django-two-factor-auth +webencodings==0.5.1 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # bleach webob==1.8.7 # via # -c requirements/ci.txt @@ -429,6 +846,12 @@ wrapt==1.16.0 # -c requirements/ci.txt # -r requirements/ci.txt # elastic-apm +zgw-consumers==0.33.0 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # notifications-api-common + # open-api-framework # The following packages are considered to be unsafe in a requirements file: pip==24.1.1 diff --git a/src/open_producten/conf/base.py b/src/open_producten/conf/base.py index 26f4df9..a548971 100644 --- a/src/open_producten/conf/base.py +++ b/src/open_producten/conf/base.py @@ -1,365 +1,46 @@ -import os -from pathlib import Path +from open_api_framework.conf.base import * -import sentry_sdk -# Django-hijack (and Django-hijack-admin) -from django.urls import reverse_lazy - -from .utils import config, get_sentry_integrations - -# Build paths inside the project, so further paths can be defined relative to -# the code root. - -DJANGO_PROJECT_DIR = Path(__file__).resolve().parent.parent - -BASE_DIR = DJANGO_PROJECT_DIR.parent.parent - -# -# Core Django settings -# -# SITE_ID = config("SITE_ID", default=1) - -# SECURITY WARNING: keep the secret key used in production secret! -SECRET_KEY = config("SECRET_KEY") - -# NEVER run with DEBUG=True in production-like environments -DEBUG = config("DEBUG", default=False) - -# = domains we're running on -ALLOWED_HOSTS = config("ALLOWED_HOSTS", default="", split=True) -USE_X_FORWARDED_HOST = config("USE_X_FORWARDED_HOST", default=False) - -IS_HTTPS = config("IS_HTTPS", default=not DEBUG) +init_sentry() # Internationalization # https://docs.djangoproject.com/en/2.0/topics/i18n/ +TIME_ZONE = 'Europe/Amsterdam' # note: this *may* affect the output of DRF datetimes -LANGUAGE_CODE = "nl-nl" - -TIME_ZONE = "Europe/Amsterdam" # note: this *may* affect the output of DRF datetimes - -USE_I18N = True - -USE_L10N = True - -USE_TZ = True - -USE_THOUSAND_SEPARATOR = True - -# -# DATABASE and CACHING setup -# -DATABASES = { - "default": { - "ENGINE": config("DB_ENGINE", "django.db.backends.postgresql"), - "NAME": config("DB_NAME", "{{ project_name|lower }}"), - "USER": config("DB_USER", "{{ project_name|lower }}"), - "PASSWORD": config("DB_PASSWORD", "{{ project_name|lower }}"), - "HOST": config("DB_HOST", "localhost"), - "PORT": config("DB_PORT", 5432), - } -} - -DEFAULT_AUTO_FIELD = "django.db.models.AutoField" - -CACHES = { - "default": { - "BACKEND": "django_redis.cache.RedisCache", - "LOCATION": f"redis://{config('CACHE_DEFAULT', 'localhost:6379/0')}", - "OPTIONS": { - "CLIENT_CLASS": "django_redis.client.DefaultClient", - "IGNORE_EXCEPTIONS": True, - }, - }, - "axes": { - "BACKEND": "django_redis.cache.RedisCache", - "LOCATION": f"redis://{config('CACHE_AXES', 'localhost:6379/0')}", - "OPTIONS": { - "CLIENT_CLASS": "django_redis.client.DefaultClient", - "IGNORE_EXCEPTIONS": True, - }, - }, -} - -# -# APPLICATIONS enabled for this project -# - -INSTALLED_APPS = [ - "django.contrib.auth", - "django.contrib.sessions", - "django.contrib.contenttypes", - # NOTE: If enabled, at least one Site object is required and - # uncomment SITE_ID above. - # 'django.contrib.sites', - "django.contrib.messages", - "django.contrib.staticfiles", - # Two-factor authentication in the Django admin, enforced. - "django_otp", - "django_otp.plugins.otp_static", - "django_otp.plugins.otp_totp", - "two_factor", - "two_factor.plugins.webauthn", # USB key/token support - "maykin_2fa", - # Optional applications. - "ordered_model", - "django_admin_index", - "django.contrib.admin", +INSTALLED_APPS += [ # 'django.contrib.admindocs', # 'django.contrib.humanize', # 'django.contrib.sitemaps', # External applications. - "axes", - "hijack", - "hijack.contrib.admin", + # 'hijack', + # 'hijack.contrib.admin', # Project applications. - "{{ project_name|lower }}.accounts", - "{{ project_name|lower }}.utils", + 'open_producten.accounts', + 'open_producten.utils', ] -MIDDLEWARE = [ - "django.middleware.security.SecurityMiddleware", - "django.contrib.sessions.middleware.SessionMiddleware", +MIDDLEWARE += [ # 'django.middleware.locale.LocaleMiddleware', - "django.middleware.common.CommonMiddleware", - "django.middleware.csrf.CsrfViewMiddleware", - "django.contrib.auth.middleware.AuthenticationMiddleware", - "maykin_2fa.middleware.OTPMiddleware", - "django.contrib.messages.middleware.MessageMiddleware", - "django.middleware.clickjacking.XFrameOptionsMiddleware", - "hijack.middleware.HijackUserMiddleware", - # should be last according to docs - "axes.middleware.AxesMiddleware", -] - -ROOT_URLCONF = "{{ project_name|lower }}.urls" - -# List of callables that know how to import templates from various sources. -TEMPLATE_LOADERS = ( - "django.template.loaders.filesystem.Loader", - "django.template.loaders.app_directories.Loader", -) - -TEMPLATES = [ - { - "BACKEND": "django.template.backends.django.DjangoTemplates", - "DIRS": [DJANGO_PROJECT_DIR / "templates"], - "APP_DIRS": False, # conflicts with explicity specifying the loaders - "OPTIONS": { - "context_processors": [ - "django.template.context_processors.debug", - "django.template.context_processors.request", - "django.contrib.auth.context_processors.auth", - "django.contrib.messages.context_processors.messages", - "{{ project_name|lower }}.utils.context_processors.settings", - ], - "loaders": TEMPLATE_LOADERS, - }, - }, -] - -WSGI_APPLICATION = "{{ project_name|lower }}.wsgi.application" - -# Translations -LOCALE_PATHS = (DJANGO_PROJECT_DIR / "conf" / "locale",) - -# -# SERVING of static and media files -# - -STATIC_URL = "/static/" - -STATIC_ROOT = BASE_DIR / "static" - -# Additional locations of static files -STATICFILES_DIRS = [DJANGO_PROJECT_DIR / "static"] - -# List of finder classes that know how to find static files in -# various locations. -STATICFILES_FINDERS = [ - "django.contrib.staticfiles.finders.FileSystemFinder", - "django.contrib.staticfiles.finders.AppDirectoriesFinder", -] - -MEDIA_ROOT = BASE_DIR / "media" - -MEDIA_URL = "/media/" - -FILE_UPLOAD_PERMISSIONS = 0o644 - -# -# Sending EMAIL -# -EMAIL_HOST = config("EMAIL_HOST", default="localhost") -EMAIL_PORT = config( - "EMAIL_PORT", default=25 -) # disabled on Google Cloud, use 487 instead -EMAIL_HOST_USER = config("EMAIL_HOST_USER", default="") -EMAIL_HOST_PASSWORD = config("EMAIL_HOST_PASSWORD", default="") -EMAIL_USE_TLS = config("EMAIL_USE_TLS", default=False) -EMAIL_TIMEOUT = 10 - -DEFAULT_FROM_EMAIL = "{{ project_name|lower }}@example.com" - -# -# LOGGING -# -LOG_STDOUT = config("LOG_STDOUT", default=False) - -LOGGING_DIR = BASE_DIR / "log" - -LOGGING = { - "version": 1, - "disable_existing_loggers": False, - "formatters": { - "verbose": { - "format": "%(asctime)s %(levelname)s %(name)s %(module)s %(process)d %(thread)d %(message)s" - }, - "timestamped": {"format": "%(asctime)s %(levelname)s %(name)s %(message)s"}, - "simple": {"format": "%(levelname)s %(message)s"}, - "performance": { - "format": "%(asctime)s %(process)d | %(thread)d | %(message)s", - }, - }, - "filters": { - "require_debug_false": {"()": "django.utils.log.RequireDebugFalse"}, - }, - "handlers": { - "mail_admins": { - "level": "ERROR", - "filters": ["require_debug_false"], - "class": "django.utils.log.AdminEmailHandler", - }, - "null": { - "level": "DEBUG", - "class": "logging.NullHandler", - }, - "console": { - "level": "DEBUG", - "class": "logging.StreamHandler", - "formatter": "timestamped", - }, - "django": { - "level": "DEBUG", - "class": "logging.handlers.RotatingFileHandler", - "filename": LOGGING_DIR / "django.log", - "formatter": "verbose", - "maxBytes": 1024 * 1024 * 10, # 10 MB - "backupCount": 10, - }, - "project": { - "level": "DEBUG", - "class": "logging.handlers.RotatingFileHandler", - "filename": LOGGING_DIR / "{{ project_name|lower }}.log", - "formatter": "verbose", - "maxBytes": 1024 * 1024 * 10, # 10 MB - "backupCount": 10, - }, - "performance": { - "level": "INFO", - "class": "logging.handlers.RotatingFileHandler", - "filename": LOGGING_DIR / "performance.log", - "formatter": "performance", - "maxBytes": 1024 * 1024 * 10, # 10 MB - "backupCount": 10, - }, - }, - "loggers": { - "{{ project_name|lower }}": { - "handlers": ["project"] if not LOG_STDOUT else ["console"], - "level": "INFO", - "propagate": True, - }, - "django.request": { - "handlers": ["django"] if not LOG_STDOUT else ["console"], - "level": "ERROR", - "propagate": True, - }, - "django.template": { - "handlers": ["console"], - "level": "INFO", - "propagate": True, - }, - }, -} - -# -# AUTH settings - user accounts, passwords, backends... -# -AUTH_USER_MODEL = "accounts.User" - -AUTH_PASSWORD_VALIDATORS = [ - { - "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator" - }, - {"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator"}, - {"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator"}, - {"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator"}, + # 'hijack.middleware.HijackUserMiddleware', ] -# Allow logging in with both username+password and email+password -AUTHENTICATION_BACKENDS = [ - "axes.backends.AxesBackend", - "{{ project_name|lower }}.accounts.backends.UserModelEmailBackend", - "django.contrib.auth.backends.ModelBackend", -] - -SESSION_COOKIE_NAME = "{{ project_name|lower }}_sessionid" -SESSION_ENGINE = "django.contrib.sessions.backends.cache" - -LOGIN_URL = reverse_lazy("admin:login") -LOGIN_REDIRECT_URL = reverse_lazy("admin:index") -LOGOUT_REDIRECT_URL = reverse_lazy("admin:index") - -# -# SECURITY settings -# -SESSION_COOKIE_SECURE = IS_HTTPS -SESSION_COOKIE_HTTPONLY = True - -CSRF_COOKIE_SECURE = IS_HTTPS -CSRF_FAILURE_VIEW = "{{ project_name|lower }}.accounts.views.csrf_failure" - -X_FRAME_OPTIONS = "DENY" - # # FIXTURES # -FIXTURE_DIRS = (DJANGO_PROJECT_DIR / "fixtures",) +FIXTURE_DIRS = (DJANGO_PROJECT_DIR / 'fixtures',) # # Custom settings # -PROJECT_NAME = "{{ project_name|lower }}" -ENVIRONMENT = config("ENVIRONMENT", "") +PROJECT_NAME = 'open_producten' SHOW_ALERT = True -ENABLE_ADMIN_NAV_SIDEBAR = config("ENABLE_ADMIN_NAV_SIDEBAR", default=False) +ENABLE_ADMIN_NAV_SIDEBAR = config('ENABLE_ADMIN_NAV_SIDEBAR', default=False) # This setting is used by the csrf_failure view (accounts app). # You can specify any path that should match the request.path # Note: the LOGIN_URL Django setting is not used because you could have # multiple login urls defined. -LOGIN_URLS = [reverse_lazy("admin:login")] - -if "GIT_SHA" in os.environ: - GIT_SHA = config("GIT_SHA", "") -# in docker (build) context, there is no .git directory -elif (BASE_DIR / ".git").exists(): - try: - import git - except ImportError: - GIT_SHA = None - else: - repo = git.Repo(search_parent_directories=True) - try: - GIT_SHA = repo.head.object.hexsha - except ValueError: # on startproject initial runs before any git commits have been made - GIT_SHA = repo.active_branch.name -else: - GIT_SHA = None - -RELEASE = config("RELEASE", GIT_SHA) +LOGIN_URLS = [reverse_lazy('admin:login')] # Default (connection timeout, read timeout) for the requests library (in seconds) REQUESTS_DEFAULT_TIMEOUT = (10, 30) @@ -373,102 +54,14 @@ # # Django-Admin-Index # -ADMIN_INDEX_SHOW_REMAINING_APPS = False -ADMIN_INDEX_AUTO_CREATE_APP_GROUP = False -ADMIN_INDEX_SHOW_REMAINING_APPS_TO_SUPERUSERS = True ADMIN_INDEX_DISPLAY_DROP_DOWN_MENU_CONDITION_FUNCTION = ( - "{{ project_name|lower }}.utils.django_two_factor_auth.should_display_dropdown_menu" + 'open_producten.utils.django_two_factor_auth.should_display_dropdown_menu' ) -# -# DJANGO-AXES -# -AXES_CACHE = "axes" # refers to CACHES setting -# The number of login attempts allowed before a record is created for the -# failed logins. Default: 3 -AXES_FAILURE_LIMIT = 10 -# If set, defines a period of inactivity after which old failed login attempts -# will be forgotten. Can be set to a python timedelta object or an integer. If -# an integer, will be interpreted as a number of hours. Default: None -AXES_COOLOFF_TIME = 1 -# If set, specifies a template to render when a user is locked out. Template -# receives cooloff_time and failure_limit as context variables. Default: None -AXES_LOCKOUT_TEMPLATE = "account_blocked.html" -AXES_LOCKOUT_PARAMETERS = [["ip_address", "user_agent", "username"]] -# By default, Axes obfuscates values for formfields named "password", but the admin -# interface login formfield name is "auth-password", so we obfuscate that as well -AXES_SENSITIVE_PARAMETERS = ["password", "auth-password"] # nosec - -# The default meta precedence order -IPWARE_META_PRECEDENCE_ORDER = ( - "HTTP_X_FORWARDED_FOR", - "X_FORWARDED_FOR", # , , - "HTTP_CLIENT_IP", - "HTTP_X_REAL_IP", - "HTTP_X_FORWARDED", - "HTTP_X_CLUSTER_CLIENT_IP", - "HTTP_FORWARDED_FOR", - "HTTP_FORWARDED", - "HTTP_VIA", - "REMOTE_ADDR", -) - -# -# MAYKIN-2FA -# -# It uses django-two-factor-auth under the hood so you can configure -# those settings too. -# -# we run the admin site monkeypatch instead. -TWO_FACTOR_PATCH_ADMIN = False -# Relying Party name for WebAuthn (hardware tokens) -TWO_FACTOR_WEBAUTHN_RP_NAME = "{{ project_name }}" -# use platform for fingerprint readers etc., or remove the setting to allow any. -# cross-platform would limit the options to devices like phones/yubikeys -TWO_FACTOR_WEBAUTHN_AUTHENTICATOR_ATTACHMENT = "cross-platform" -# add entries from AUTHENTICATION_BACKENDS that already enforce their own two-factor -# auth, avoiding having some set up MFA again in the project. -MAYKIN_2FA_ALLOW_MFA_BYPASS_BACKENDS = [ - # "mozilla_django_oidc_db.backends.OIDCAuthenticationBackend", -] - # # DJANGO-HIJACK # -HIJACK_PERMISSION_CHECK = "maykin_2fa.hijack.superusers_only_and_is_verified" -HIJACK_INSERT_BEFORE = ( - '
' # note that this only applies to the admin -) - -# -# SENTRY - error monitoring -# -SENTRY_DSN = config("SENTRY_DSN", None) - -if SENTRY_DSN: - SENTRY_CONFIG = { - "dsn": SENTRY_DSN, - "release": RELEASE, - "environment": ENVIRONMENT, - } - - sentry_sdk.init( - **SENTRY_CONFIG, integrations=get_sentry_integrations(), send_default_pii=True - ) - -# Elastic APM -ELASTIC_APM_SERVER_URL = os.getenv("ELASTIC_APM_SERVER_URL", None) -ELASTIC_APM = { - "SERVICE_NAME": f"{{ project_name }} {ENVIRONMENT}", - "SECRET_TOKEN": config("ELASTIC_APM_SECRET_TOKEN", "default"), - "SERVER_URL": ELASTIC_APM_SERVER_URL, -} -if not ELASTIC_APM_SERVER_URL: - ELASTIC_APM["ENABLED"] = False - ELASTIC_APM["SERVER_URL"] = "http://localhost:8200" - -# Subpath (optional) -# This environment variable can be configured during deployment. -SUBPATH = config("SUBPATH", None) -if SUBPATH: - SUBPATH = f"/{SUBPATH.strip('/')}" +# HIJACK_PERMISSION_CHECK = 'maykin_2fa.hijack.superusers_only_and_is_verified' +# HIJACK_INSERT_BEFORE = ( +# '
' # note that this only applies to the admin +# ) From d977c16347d760a0708c015ece85d10b3b8623da Mon Sep 17 00:00:00 2001 From: Floris272 Date: Thu, 4 Jul 2024 17:26:05 +0200 Subject: [PATCH 02/11] add OIDC_CALLBACK_CLASS & fix docker-init-db.sql --- docker-init-db.sql | 8 ++++---- src/open_producten/conf/base.py | 8 ++++++++ 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/docker-init-db.sql b/docker-init-db.sql index 156af2a..f32916d 100644 --- a/docker-init-db.sql +++ b/docker-init-db.sql @@ -1,5 +1,5 @@ -CREATE USER {{ project_name|lower }}; -CREATE DATABASE {{ project_name|lower }}; -GRANT ALL PRIVILEGES ON DATABASE {{ project_name|lower }} TO {{ project_name|lower }}; +CREATE USER open_producten; +CREATE DATABASE open_producten; +GRANT ALL PRIVILEGES ON DATABASE open_producten TO open_producten; -- On Postgres 15+, connect to the database and grant schema permissions. --- GRANT USAGE, CREATE ON SCHEMA public TO openforms; \ No newline at end of file +-- GRANT USAGE, CREATE ON SCHEMA public TO openforms; diff --git a/src/open_producten/conf/base.py b/src/open_producten/conf/base.py index a548971..38ab92d 100644 --- a/src/open_producten/conf/base.py +++ b/src/open_producten/conf/base.py @@ -1,4 +1,5 @@ from open_api_framework.conf.base import * +from open_api_framework.conf.utils import config init_sentry() @@ -65,3 +66,10 @@ # HIJACK_INSERT_BEFORE = ( # '
' # note that this only applies to the admin # ) + + +# needed until open-api-framework is updated +# Use custom callback view to handle admin login error situations +# NOTE the AdminLoginFailure view for mozilla-django-oidc-db should be added to the projects +# urlpatterns to properly catch errors +OIDC_CALLBACK_CLASS = "mozilla_django_oidc_db.views.OIDCCallbackView" From 1d23452386ad893740acd0bb209090b2e3e2b6a5 Mon Sep 17 00:00:00 2001 From: Floris272 Date: Fri, 5 Jul 2024 17:01:44 +0200 Subject: [PATCH 03/11] update open-api-framework --- requirements/base.txt | 2 +- requirements/ci.txt | 2 +- requirements/dev.txt | 2 +- src/open_producten/conf/base.py | 7 ------- 4 files changed, 3 insertions(+), 10 deletions(-) diff --git a/requirements/base.txt b/requirements/base.txt index 72c6f62..c4697ef 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -228,7 +228,7 @@ mozilla-django-oidc-db==0.19.0 # via open-api-framework notifications-api-common==0.2.2 # via commonground-api-common -open-api-framework==0.5.0 +open-api-framework==0.6.0 # via -r requirements/base.in orderedmultidict==1.0.1 # via furl diff --git a/requirements/ci.txt b/requirements/ci.txt index af39f4f..dc0cb0c 100644 --- a/requirements/ci.txt +++ b/requirements/ci.txt @@ -463,7 +463,7 @@ notifications-api-common==0.2.2 # -c requirements/base.txt # -r requirements/base.txt # commonground-api-common -open-api-framework==0.5.0 +open-api-framework==0.6.0 # via # -c requirements/base.txt # -r requirements/base.txt diff --git a/requirements/dev.txt b/requirements/dev.txt index 7e45700..8312595 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -532,7 +532,7 @@ notifications-api-common==0.2.2 # -c requirements/ci.txt # -r requirements/ci.txt # commonground-api-common -open-api-framework==0.5.0 +open-api-framework==0.6.0 # via # -c requirements/ci.txt # -r requirements/ci.txt diff --git a/src/open_producten/conf/base.py b/src/open_producten/conf/base.py index 38ab92d..f0afca4 100644 --- a/src/open_producten/conf/base.py +++ b/src/open_producten/conf/base.py @@ -66,10 +66,3 @@ # HIJACK_INSERT_BEFORE = ( # '
' # note that this only applies to the admin # ) - - -# needed until open-api-framework is updated -# Use custom callback view to handle admin login error situations -# NOTE the AdminLoginFailure view for mozilla-django-oidc-db should be added to the projects -# urlpatterns to properly catch errors -OIDC_CALLBACK_CLASS = "mozilla_django_oidc_db.views.OIDCCallbackView" From b4c32a26dac234c9d04782ec00caf37c051393f7 Mon Sep 17 00:00:00 2001 From: Floris272 Date: Mon, 8 Jul 2024 15:47:06 +0200 Subject: [PATCH 04/11] lint + ci fixes --- .github/workflows/ci.yml | 1 + Dockerfile | 2 +- setup.cfg | 4 +++- .../accounts/tests/test_hijacking.py | 2 -- .../accounts/tests/test_permission_limit.py | 16 ++++++++++++---- src/open_producten/conf/base.py | 16 ++++++++-------- src/open_producten/conf/production.py | 1 + src/open_producten/conf/test.py | 1 + src/open_producten/setup.py | 5 ++--- src/open_producten/utils/context_processors.py | 4 +--- src/open_producten/utils/pdf.py | 2 +- src/open_producten/wsgi.py | 1 + 12 files changed, 32 insertions(+), 23 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 69c3d90..e446129 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -31,6 +31,7 @@ jobs: # Needed because the postgres container does not provide a healthcheck options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 + --name postgres redis: image: redis:6 ports: diff --git a/Dockerfile b/Dockerfile index 0d2722d..eb701f9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -82,7 +82,7 @@ COPY --from=backend-build /usr/local/bin/uwsgi /usr/local/bin/uwsgi COPY --from=backend-build /app/src/ /app/src/ # copy frontend build statics -COPY --from=frontend-build /app/src/open_producten/static /app/src/open_producten/static +# COPY --from=frontend-build /app/src/open_producten/static /app/src/open_producten/static # copy source code COPY ./src /app/src diff --git a/setup.cfg b/setup.cfg index d764036..a5c6764 100644 --- a/setup.cfg +++ b/setup.cfg @@ -1,9 +1,11 @@ [pycodestyle] [pep8] [flake8] -ignore = W293,W291,E501,E261 +ignore = W293,W291,E501,E261,W503 max-line-length = 88 exclude = migrations,static,media +per-file-ignores = + src/open_producten/conf/*:F405,F403 [isort] combine_as_imports = true diff --git a/src/open_producten/accounts/tests/test_hijacking.py b/src/open_producten/accounts/tests/test_hijacking.py index 3cb9912..cfb5880 100644 --- a/src/open_producten/accounts/tests/test_hijacking.py +++ b/src/open_producten/accounts/tests/test_hijacking.py @@ -1,11 +1,9 @@ from django.test import TestCase from django.urls import NoReverseMatch, reverse - from .factories import UserFactory - class HijackSecurityTests(TestCase): def test_cannot_hijack_without_second_factor(self): diff --git a/src/open_producten/accounts/tests/test_permission_limit.py b/src/open_producten/accounts/tests/test_permission_limit.py index 1fad77d..971b115 100644 --- a/src/open_producten/accounts/tests/test_permission_limit.py +++ b/src/open_producten/accounts/tests/test_permission_limit.py @@ -49,14 +49,20 @@ def setUp(self): super().setUp() self.superuser = UserFactory.create( - username="superuser", password="secret", superuser=True, + username="superuser", + password="secret", + superuser=True, ) self.other_superuser = UserFactory.create( - username="other_superuser", password="secret", superuser=True, + username="other_superuser", + password="secret", + superuser=True, ) self.less_perms_staff_user = UserFactory.create( - username="less_perms_staff_user", password="secret", is_staff=True, + username="less_perms_staff_user", + password="secret", + is_staff=True, ) for p in Permission.objects.filter( content_type=ContentType.objects.get(app_label="accounts", model="user") @@ -64,7 +70,9 @@ def setUp(self): self.less_perms_staff_user.user_permissions.add(p) self.more_perms_staff_user = UserFactory.create( - username="more_perms_staff_user", password="secret", is_staff=True, + username="more_perms_staff_user", + password="secret", + is_staff=True, ) for p in Permission.objects.all(): self.more_perms_staff_user.user_permissions.add(p) diff --git a/src/open_producten/conf/base.py b/src/open_producten/conf/base.py index f0afca4..e534802 100644 --- a/src/open_producten/conf/base.py +++ b/src/open_producten/conf/base.py @@ -5,7 +5,7 @@ # Internationalization # https://docs.djangoproject.com/en/2.0/topics/i18n/ -TIME_ZONE = 'Europe/Amsterdam' # note: this *may* affect the output of DRF datetimes +TIME_ZONE = "Europe/Amsterdam" # note: this *may* affect the output of DRF datetimes INSTALLED_APPS += [ # 'django.contrib.admindocs', @@ -15,8 +15,8 @@ # 'hijack', # 'hijack.contrib.admin', # Project applications. - 'open_producten.accounts', - 'open_producten.utils', + "open_producten.accounts", + "open_producten.utils", ] MIDDLEWARE += [ @@ -28,20 +28,20 @@ # FIXTURES # -FIXTURE_DIRS = (DJANGO_PROJECT_DIR / 'fixtures',) +FIXTURE_DIRS = (DJANGO_PROJECT_DIR / "fixtures",) # # Custom settings # -PROJECT_NAME = 'open_producten' +PROJECT_NAME = "open_producten" SHOW_ALERT = True -ENABLE_ADMIN_NAV_SIDEBAR = config('ENABLE_ADMIN_NAV_SIDEBAR', default=False) +ENABLE_ADMIN_NAV_SIDEBAR = config("ENABLE_ADMIN_NAV_SIDEBAR", default=False) # This setting is used by the csrf_failure view (accounts app). # You can specify any path that should match the request.path # Note: the LOGIN_URL Django setting is not used because you could have # multiple login urls defined. -LOGIN_URLS = [reverse_lazy('admin:login')] +LOGIN_URLS = [reverse_lazy("admin:login")] # Default (connection timeout, read timeout) for the requests library (in seconds) REQUESTS_DEFAULT_TIMEOUT = (10, 30) @@ -56,7 +56,7 @@ # Django-Admin-Index # ADMIN_INDEX_DISPLAY_DROP_DOWN_MENU_CONDITION_FUNCTION = ( - 'open_producten.utils.django_two_factor_auth.should_display_dropdown_menu' + "open_producten.utils.django_two_factor_auth.should_display_dropdown_menu" ) # diff --git a/src/open_producten/conf/production.py b/src/open_producten/conf/production.py index 54894c0..c020d78 100644 --- a/src/open_producten/conf/production.py +++ b/src/open_producten/conf/production.py @@ -3,6 +3,7 @@ Tweaks the base settings so that caching mechanisms are used where possible, and HTTPS is leveraged where possible to further secure things. """ + import os os.environ.setdefault("ENVIRONMENT", "production") diff --git a/src/open_producten/conf/test.py b/src/open_producten/conf/test.py index 1f6a05c..cd25433 100644 --- a/src/open_producten/conf/test.py +++ b/src/open_producten/conf/test.py @@ -2,6 +2,7 @@ Test environment settings module. This *should* be nearly identical to production. """ + import os os.environ.setdefault("ENVIRONMENT", "test") diff --git a/src/open_producten/setup.py b/src/open_producten/setup.py index 27cb8d6..3aee214 100644 --- a/src/open_producten/setup.py +++ b/src/open_producten/setup.py @@ -9,6 +9,7 @@ do NOT import anything Django related here, as this file needs to be loaded before Django is initialized. """ + import logging import os from pathlib import Path @@ -40,9 +41,7 @@ def monkeypatch_requests(): try: from requests import Session except ModuleNotFoundError: - logger.debug( - "Attempt to patch requests, but the library is not installed" - ) + logger.debug("Attempt to patch requests, but the library is not installed") return if hasattr(Session, "_original_request"): diff --git a/src/open_producten/utils/context_processors.py b/src/open_producten/utils/context_processors.py index 1994b63..438eebf 100644 --- a/src/open_producten/utils/context_processors.py +++ b/src/open_producten/utils/context_processors.py @@ -10,9 +10,7 @@ def settings(request): ) context = { - "settings": { - k: getattr(django_settings, k, None) for k in public_settings - }, + "settings": {k: getattr(django_settings, k, None) for k in public_settings}, } if hasattr(django_settings, "SENTRY_CONFIG"): diff --git a/src/open_producten/utils/pdf.py b/src/open_producten/utils/pdf.py index 4b7b7f2..3c4baa9 100644 --- a/src/open_producten/utils/pdf.py +++ b/src/open_producten/utils/pdf.py @@ -10,6 +10,7 @@ in these templates, and they will be resolved through django's staticfiles machinery by the custom :class:`UrlFetcher`. """ + import logging import mimetypes from io import BytesIO @@ -49,7 +50,6 @@ def get_base_url() -> str: class UrlFetcher: - """ URL fetcher that skips the network for /static/* files. """ diff --git a/src/open_producten/wsgi.py b/src/open_producten/wsgi.py index ff1a41b..2d215c6 100644 --- a/src/open_producten/wsgi.py +++ b/src/open_producten/wsgi.py @@ -6,6 +6,7 @@ For more information on this file, see https://docs.djangoproject.com/en/4.2/howto/deployment/wsgi/ """ + from django.core.wsgi import get_wsgi_application from open_producten.setup import setup_env From 1eee8f9bca532e1ec298e284eea212a6a9e96468 Mon Sep 17 00:00:00 2001 From: Floris272 Date: Mon, 8 Jul 2024 17:56:00 +0200 Subject: [PATCH 05/11] add conf/ci.py --- src/open_producten/conf/ci.py | 48 +++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 src/open_producten/conf/ci.py diff --git a/src/open_producten/conf/ci.py b/src/open_producten/conf/ci.py new file mode 100644 index 0000000..5a8420e --- /dev/null +++ b/src/open_producten/conf/ci.py @@ -0,0 +1,48 @@ +import os + +os.environ.setdefault("DEBUG", "no") +os.environ.setdefault("ENVIRONMENT", "ci") +os.environ.setdefault("SECRET_KEY", "for-testing-purposes-only") +os.environ.setdefault("IS_HTTPS", "no") +os.environ.setdefault("ALLOWED_HOSTS", "") + +from .base import * # noqa isort:skip + +LOGGING["loggers"].update( + { + "django": { + "handlers": ["django"], + "level": "WARNING", + "propagate": True, + }, + } +) + +CACHES.update( + { + "default": {"BACKEND": "django.core.cache.backends.locmem.LocMemCache"}, + # See: https://github.com/jazzband/django-axes/blob/master/docs/configuration.rst#cache-problems + "axes": {"BACKEND": "django.core.cache.backends.dummy.DummyCache"}, + "oidc": {"BACKEND": "django.core.cache.backends.locmem.LocMemCache"}, + } +) + +# Django solo caching (disabled for CI) +SOLO_CACHE = None + +# +# Django-axes +# +AXES_BEHIND_REVERSE_PROXY = False + +# THOU SHALT NOT USE NAIVE DATETIMES +warnings.filterwarnings( + "error", + r"DateTimeField .* received a naive datetime", + RuntimeWarning, + r"django\.db\.models\.fields", +) + +PASSWORD_HASHERS = [ + "django.contrib.auth.hashers.MD5PasswordHasher", +] From 251ec96ca416ac22013234887eeb8b9916f277c9 Mon Sep 17 00:00:00 2001 From: Floris272 Date: Mon, 8 Jul 2024 17:56:28 +0200 Subject: [PATCH 06/11] add black to requirements --- requirements/ci.txt | 12 +++++++++++- requirements/dev.txt | 15 ++++++++++++--- requirements/test-tools.in | 2 ++ 3 files changed, 25 insertions(+), 4 deletions(-) diff --git a/requirements/ci.txt b/requirements/ci.txt index dc0cb0c..9fb2a0f 100644 --- a/requirements/ci.txt +++ b/requirements/ci.txt @@ -42,6 +42,8 @@ billiard==4.2.0 # -c requirements/base.txt # -r requirements/base.txt # celery +black==24.4.2 + # via -r requirements/test-tools.in bleach==6.1.0 # via # -c requirements/base.txt @@ -86,6 +88,7 @@ click==8.1.7 # via # -c requirements/base.txt # -r requirements/base.txt + # black # celery # click-didyoumean # click-plugins @@ -458,6 +461,8 @@ mozilla-django-oidc-db==0.19.0 # -c requirements/base.txt # -r requirements/base.txt # open-api-framework +mypy-extensions==1.0.0 + # via black notifications-api-common==0.2.2 # via # -c requirements/base.txt @@ -481,7 +486,10 @@ packaging==24.1 # via # -c requirements/base.txt # -r requirements/base.txt + # black # drf-yasg +pathspec==0.12.1 + # via black phonenumberslite==8.13.40 # via # -c requirements/base.txt @@ -492,7 +500,9 @@ pillow==10.4.0 # -c requirements/base.txt # -r requirements/base.txt platformdirs==4.2.2 - # via pylint + # via + # black + # pylint prometheus-client==0.20.0 # via # -c requirements/base.txt diff --git a/requirements/dev.txt b/requirements/dev.txt index 8312595..9b395c2 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -53,7 +53,10 @@ billiard==4.2.0 # -r requirements/ci.txt # celery black==24.4.2 - # via -r requirements/dev.in + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # -r requirements/dev.in bleach==6.1.0 # via # -c requirements/ci.txt @@ -526,7 +529,10 @@ mozilla-django-oidc-db==0.19.0 # -r requirements/ci.txt # open-api-framework mypy-extensions==1.0.0 - # via black + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # black notifications-api-common==0.2.2 # via # -c requirements/ci.txt @@ -555,7 +561,10 @@ packaging==24.1 # drf-yasg # sphinx pathspec==0.12.1 - # via black + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # black phonenumberslite==8.13.40 # via # -c requirements/ci.txt diff --git a/requirements/test-tools.in b/requirements/test-tools.in index 2aa0c35..dbc1212 100644 --- a/requirements/test-tools.in +++ b/requirements/test-tools.in @@ -10,3 +10,5 @@ pylint pyquery # integrates with webtest requests-mock tblib + +black From ccc1e0374e70ad489895ad1856527f9084dfdec1 Mon Sep 17 00:00:00 2001 From: Floris272 Date: Mon, 8 Jul 2024 17:56:42 +0200 Subject: [PATCH 07/11] fix workflows --- .github/workflows/ci.yml | 2 +- .github/workflows/macos.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e446129..70e5343 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -44,7 +44,7 @@ jobs: python-version: '3.11' optimize-postgres: 'yes' pg-service: 'postgres' - setup-node: 'yes' + setup-node: 'no' # apt-packages: 'gettext postgresql-client' # the default # npm-ci-flags: '--legacy-peer-deps' -> preferably use a .npmrc file diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml index a2857ab..ae0a362 100644 --- a/.github/workflows/macos.yml +++ b/.github/workflows/macos.yml @@ -29,6 +29,7 @@ jobs: - name: Install dependencies run: | export LIBRARY_PATH=$LIBRARY_PATH:/usr/local/opt/openssl/lib/ + pip install psycopg2-binary pip install -r requirements/dev.txt \ --use-pep517 \ --use-feature=no-binary-enable-wheel-cache From 101a8f6417ab4e18ce1247d0162d3cc818ad598e Mon Sep 17 00:00:00 2001 From: Floris272 Date: Mon, 8 Jul 2024 17:57:07 +0200 Subject: [PATCH 08/11] disable production conf path setting --- src/open_producten/conf/production.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/open_producten/conf/production.py b/src/open_producten/conf/production.py index c020d78..b6cee68 100644 --- a/src/open_producten/conf/production.py +++ b/src/open_producten/conf/production.py @@ -70,6 +70,6 @@ "elasticapm.contrib.django", ] -if SUBPATH and SUBPATH != "/": - STATIC_URL = f"{SUBPATH}{STATIC_URL}" - MEDIA_URL = f"{SUBPATH}{MEDIA_URL}" +# if SUBPATH and SUBPATH != "/": +# STATIC_URL = f"{SUBPATH}{STATIC_URL}" +# MEDIA_URL = f"{SUBPATH}{MEDIA_URL}" From 4d8e3d3114031534e024a1242dfca13d6a80aea2 Mon Sep 17 00:00:00 2001 From: Floris272 Date: Wed, 10 Jul 2024 10:43:29 +0200 Subject: [PATCH 09/11] remove hijack --- src/open_producten/accounts/admin.py | 2 - .../accounts/tests/test_hijacking.py | 53 ------------------- .../conf/locale/nl/LC_MESSAGES/django.po | 9 ---- .../hijack/contrib/admin/button.html | 11 ---- src/open_producten/urls.py | 1 - 5 files changed, 76 deletions(-) delete mode 100644 src/open_producten/accounts/tests/test_hijacking.py delete mode 100644 src/open_producten/templates/hijack/contrib/admin/button.html diff --git a/src/open_producten/accounts/admin.py b/src/open_producten/accounts/admin.py index d615d28..b7e68db 100644 --- a/src/open_producten/accounts/admin.py +++ b/src/open_producten/accounts/admin.py @@ -2,7 +2,6 @@ from django.contrib.admin.utils import unquote from django.contrib.auth.admin import UserAdmin as _UserAdmin from django.core.exceptions import PermissionDenied, ValidationError -from django.urls import reverse_lazy from .forms import PreventPrivilegeEscalationMixin, UserChangeForm from .models import User @@ -11,7 +10,6 @@ @admin.register(User) class UserAdmin(_UserAdmin): - hijack_success_url = reverse_lazy("root") form = UserChangeForm def get_form(self, request, obj=None, **kwargs): diff --git a/src/open_producten/accounts/tests/test_hijacking.py b/src/open_producten/accounts/tests/test_hijacking.py deleted file mode 100644 index cfb5880..0000000 --- a/src/open_producten/accounts/tests/test_hijacking.py +++ /dev/null @@ -1,53 +0,0 @@ -from django.test import TestCase -from django.urls import NoReverseMatch, reverse - -from .factories import UserFactory - - -class HijackSecurityTests(TestCase): - - def test_cannot_hijack_without_second_factor(self): - staff_user = UserFactory.create(is_staff=True) - superuser = UserFactory.create(superuser=True) - superuser.totpdevice_set.create() - self.client.force_login(superuser) - - # sanity check - MFA is being enforced - admin_index_response = self.client.get(reverse("admin:index")) - assert ( - admin_index_response.status_code == 302 - ), "Non-verified user unexpected has access to the admin" - - # try the hijack - acquire = self.client.post( - reverse("hijack:acquire"), - data={"user_pk": staff_user.pk}, - ) - - with self.subTest("hijack blocked"): - # bad request due to SuspiciousOperation or 403 from PermissionDenied - self.assertIn(acquire.status_code, [400, 403]) - - with self.subTest("release does not allow gaining verified state"): - # release the user - release = self.client.post(reverse("hijack:release")) - - with self.subTest("release blocked due to hijack not being acquired"): - self.assertEqual(release.status_code, 403) - - with self.subTest("no access to admin gained"): - # due to bypass via release action which sets up a device - admin_response = self.client.get(reverse("admin:index")) - - self.assertNotEqual(admin_response.status_code, 200) - - def test_drf_login_url_not_enabled(self): - """ - The DRF login view may not be enabled, as this bypasses MFA. - """ - try: - reverse("rest_framework:login") - except NoReverseMatch: - pass - else: - self.fail("The DRF login view is exposed, which bypasses MFA!") diff --git a/src/open_producten/conf/locale/nl/LC_MESSAGES/django.po b/src/open_producten/conf/locale/nl/LC_MESSAGES/django.po index f513c5c..17b796b 100644 --- a/src/open_producten/conf/locale/nl/LC_MESSAGES/django.po +++ b/src/open_producten/conf/locale/nl/LC_MESSAGES/django.po @@ -110,15 +110,6 @@ msgstr "beheer" msgid "administration" msgstr "beheer" -#: foobar/templates/hijack/contrib/admin/button.html:6 -msgid "hijack" -msgstr "overnemen" - -#: foobar/templates/hijack/contrib/admin/button.html:8 -#, python-format -msgid "Hijack %(username)s" -msgstr "Inloggen als %(username)s" - #: foobar/templates/samples/pager.html:8 foobar/templates/samples/pager.html:10 msgid "Previous" msgstr "Vorige" diff --git a/src/open_producten/templates/hijack/contrib/admin/button.html b/src/open_producten/templates/hijack/contrib/admin/button.html deleted file mode 100644 index 81118a6..0000000 --- a/src/open_producten/templates/hijack/contrib/admin/button.html +++ /dev/null @@ -1,11 +0,0 @@ -{% load i18n hijack %} -{% if request.user|can_hijack:another_user %} - -{% endif %} diff --git a/src/open_producten/urls.py b/src/open_producten/urls.py index 24afe3c..9865f8e 100644 --- a/src/open_producten/urls.py +++ b/src/open_producten/urls.py @@ -37,7 +37,6 @@ # Use custom login views for the admin + support hardware tokens path("admin/", include((urlpatterns, "maykin_2fa"))), path("admin/", include((webauthn_urlpatterns, "two_factor"))), - path("admin/hijack/", include("hijack.urls")), path("admin/", admin.site.urls), path( "reset///", From a436c8e56655ff5bf65c6d9dffe14ef808eedb67 Mon Sep 17 00:00:00 2001 From: Floris272 Date: Wed, 10 Jul 2024 10:43:42 +0200 Subject: [PATCH 10/11] fix workflows --- .github/workflows/macos.yml | 37 ------------------------------------- setup.cfg | 16 ++++++++-------- 2 files changed, 8 insertions(+), 45 deletions(-) delete mode 100644 .github/workflows/macos.yml diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml deleted file mode 100644 index ae0a362..0000000 --- a/.github/workflows/macos.yml +++ /dev/null @@ -1,37 +0,0 @@ -name: Check MacOS compatibility - -# Run this workflow every time a new commit pushed to your repository -on: - push: - branches: - - main - - stable/* - tags: - - '*' - pull_request: - workflow_dispatch: - -jobs: - macos-deps: - name: Install dev dependencies on MacOS - runs-on: macos-latest - - steps: - - uses: actions/checkout@v3 - - uses: actions/setup-python@v4 - with: - python-version: '3.11' - cache: 'pip' - cache-dependency-path: 'requirements/*.txt' - - name: Install OS-level packages - run: | - brew install pkg-config - - name: Install dependencies - run: | - export LIBRARY_PATH=$LIBRARY_PATH:/usr/local/opt/openssl/lib/ - pip install psycopg2-binary - pip install -r requirements/dev.txt \ - --use-pep517 \ - --use-feature=no-binary-enable-wheel-cache - env: - STATIC_DEPS: 'true' diff --git a/setup.cfg b/setup.cfg index a5c6764..9ad66e2 100644 --- a/setup.cfg +++ b/setup.cfg @@ -35,11 +35,11 @@ omit = [coverage:report] skip_covered = True -exclude_also = - if (typing\.)?TYPE_CHECKING: - @(typing\.)?overload - class .*\(.*Protocol.*\): - @(abc\.)?abstractmethod - raise NotImplementedError - \.\.\. - pass +;exclude_also = +; if (typing\.)?TYPE_CHECKING: +; @(typing\.)?overload +; class .*\(.*Protocol.*\): +; @(abc\.)?abstractmethod +; raise NotImplementedError +; \.\.\. +; pass From 52a106535d7f71f53c5d9195a17d321b6a4012d9 Mon Sep 17 00:00:00 2001 From: Floris272 Date: Tue, 6 Aug 2024 11:35:38 +0200 Subject: [PATCH 11/11] Add isort to test-tools.in --- requirements/ci.txt | 7 +++---- requirements/dev.txt | 5 ----- requirements/test-tools.in | 1 + 3 files changed, 4 insertions(+), 9 deletions(-) diff --git a/requirements/ci.txt b/requirements/ci.txt index 9fb2a0f..4990aca 100644 --- a/requirements/ci.txt +++ b/requirements/ci.txt @@ -149,7 +149,6 @@ django==4.2.13 # django-cors-headers # django-filter # django-formtools - # django-jenkins # django-jsonform # django-log-outgoing-requests # django-markup @@ -206,8 +205,6 @@ django-formtools==2.5.1 # -c requirements/base.txt # -r requirements/base.txt # django-two-factor-auth -django-jenkins==0.110.0 - # via -r requirements/test-tools.in django-jsonform==2.22.0 # via # -c requirements/base.txt @@ -404,7 +401,9 @@ isodate==0.6.1 # -r requirements/base.txt # commonground-api-common isort==5.13.2 - # via pylint + # via + # -r requirements/test-tools.in + # pylint itypes==1.2.0 # via # -c requirements/base.txt diff --git a/requirements/dev.txt b/requirements/dev.txt index 9b395c2..55324c4 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -179,7 +179,6 @@ django==4.2.13 # django-extensions # django-filter # django-formtools - # django-jenkins # django-jsonform # django-log-outgoing-requests # django-markup @@ -240,10 +239,6 @@ django-formtools==2.5.1 # -c requirements/ci.txt # -r requirements/ci.txt # django-two-factor-auth -django-jenkins==0.110.0 - # via - # -c requirements/ci.txt - # -r requirements/ci.txt django-jsonform==2.22.0 # via # -c requirements/ci.txt diff --git a/requirements/test-tools.in b/requirements/test-tools.in index dbc1212..dda3592 100644 --- a/requirements/test-tools.in +++ b/requirements/test-tools.in @@ -12,3 +12,4 @@ requests-mock tblib black +isort