v3.6.2

.github/workflows/black.yml

@@ -1,6 +1,6 @@
 name: Python Linter (Black)
 
-on: [push, pull_request]
+on: [pull_request]
 
 jobs:
   lint-backend:

.github/workflows/build_docker.pr.yml

@@ -2,12 +2,15 @@ name: Build Docker Image (On PR)
 
 on:
   pull_request:
+    types: [opened, synchronize]
     branches:
       - "dev"
 
 jobs:
   build-docker-pr:
     runs-on: ubuntu-latest
+    outputs:
+      branch: ${{ steps.extract_branch.outputs.branch }}
     steps:
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v1
@@ -18,10 +21,31 @@ jobs:
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Build Docker Image
+      - name: Extract branch name
+        shell: bash
+        run: echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" | tr / - >> $GITHUB_OUTPUT
+        id: extract_branch
+      - name: Build and push pr image
         id: docker_build
         uses: docker/build-push-action@v3
         with:
           file: docker/Dockerfile
           platforms: linux/amd64
-          push: false
+          push: true
+          tags: membermatters/membermatters:untrusted-pr-${{ steps.extract_branch.outputs.branch }}
+
+  comment_docker_image:
+    needs: build-docker-pr
+    runs-on: ubuntu-latest
+    steps:
+      - name: Comment name of docker image
+        id: comment_docker_image
+        uses: actions/github-script@v6
+        with:
+          script: |
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: 'Created image with name `membermatters/membermatters:untrusted-pr-${{ needs.build-docker-pr.outputs.branch }}`.'
+            })

.github/workflows/eslint.yml

@@ -1,5 +1,5 @@
 name: JavaScript Linter (eslint)
-on: [push, pull_request]
+on: [pull_request]
 jobs:
   lint-frontend:
     runs-on: ubuntu-latest

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/psf/black
-    rev: 21.8b0
+    rev: 24.1.1
     hooks:
       - id: black
         language_version: python3

CHANGELOG.md

@@ -5,6 +5,22 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [v3.6.2] - 2024-02-02
+
+### Fixed
+
+- SpaceAPI return type for version number (thanks @rechner)
+
+### Added
+
+- New OIDC scope called `membershipinfo` and extra claims
+- New GitHub Actions for checks and docker build on every PR
+
+### Changed
+
+- Cleaned up some old code/models
+- Tidied up redundant staff/admin attributes
+
 ## [v3.6.1] - 2024-01-20
 
 ### Fixed
@@ -543,11 +559,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - First run detection and fixture loading.
 - Added a handful of missing translation definitions.
 - Corner/border formatting with credit card component.
-- https://github.com/membermatters/MemberMatters/issues/90
-- https://github.com/membermatters/MemberMatters/issues/91
-- https://github.com/membermatters/MemberMatters/issues/92
-- https://github.com/membermatters/MemberMatters/issues/93
-- https://github.com/membermatters/MemberMatters/issues/101
+- <https://github.com/membermatters/MemberMatters/issues/90>
+- <https://github.com/membermatters/MemberMatters/issues/91>
+- <https://github.com/membermatters/MemberMatters/issues/92>
+- <https://github.com/membermatters/MemberMatters/issues/93>
+- <https://github.com/membermatters/MemberMatters/issues/101>
 
 ## Versions prior to v2.1.0 don't have changelog entries
 

memberportal/api_admin_tools/views.py

@@ -726,9 +726,11 @@ def get(self, request, member_id):
                     "totalTime": interlock_log.total_time,
                     "totalCost": (interlock_log.total_cost or 0) / 100,
                     "status": status,
-                    "userEnded": interlock_log.user_ended.get_full_name()
-                    if interlock_log.user_ended
-                    else None,
+                    "userEnded": (
+                        interlock_log.user_ended.get_full_name()
+                        if interlock_log.user_ended
+                        else None
+                    ),
                 }
             )
 

memberportal/api_general/views.py

@@ -394,17 +394,17 @@ def get(self, request):
                         "expiry": p.stripe_card_expiry,
                     },
                 },
-                "membershipPlan": p.membership_plan.get_object()
-                if p.membership_plan
-                else None,
-                "membershipTier": p.membership_plan.member_tier.get_object()
-                if p.membership_plan
-                else None
-                if p.membership_plan
-                else None,
+                "membershipPlan": (
+                    p.membership_plan.get_object() if p.membership_plan else None
+                ),
+                "membershipTier": (
+                    p.membership_plan.member_tier.get_object()
+                    if p.membership_plan
+                    else None if p.membership_plan else None
+                ),
                 "subscriptionState": p.subscription_status,
             },
-            "permissions": {"admin": user.is_admin},
+            "permissions": {"staff": user.is_staff},
         }
 
         return Response(response)
@@ -491,7 +491,7 @@ class Kiosks(APIView):
     permission_classes = (permissions.AllowAny,)
 
     def get(self, request):
-        if not request.user.is_authenticated and not request.user.is_admin:
+        if not request.user.is_authenticated and not request.user.is_staff:
             return Response(status=status.HTTP_403_FORBIDDEN)
 
         kiosks = Kiosk.objects.all()
@@ -520,7 +520,7 @@ def put(self, request, id=None):
                     "HTTP_X_REAL_IP", request.META.get("REMOTE_ADDR")
                 )
                 kiosk.checkin()
-                if not request.user.is_authenticated and not request.user.is_admin:
+                if not request.user.is_authenticated and not request.user.is_staff:
                     return Response(status=status.HTTP_403_FORBIDDEN)
             else:
                 kiosk = Kiosk.objects.get(kiosk_id=body.get("kioskId"))
@@ -533,23 +533,22 @@ def put(self, request, id=None):
                 play_theme=False,
             )
 
-        if request.user.is_authenticated:
-            if request.user.is_admin:
-                if body.get("playTheme"):
-                    kiosk.play_theme = body.get("playTheme")
+        if request.user.is_authenticated and request.user.is_staff:
+            if body.get("playTheme"):
+                kiosk.play_theme = body.get("playTheme")
 
-                if body.get("name"):
-                    kiosk.name = body.get("name")
+            if body.get("name"):
+                kiosk.name = body.get("name")
 
-                if body.get("authorised") is not None and request.user.is_admin:
-                    kiosk.authorised = body.get("authorised")
+            if body.get("authorised") is not None:
+                kiosk.authorised = body.get("authorised")
 
         kiosk.save()
 
         return Response()
 
     def delete(self, request, id):
-        if not request.user.is_authenticated and not request.user.is_admin:
+        if not request.user.is_authenticated and not request.user.is_staff:
             return Response(status=status.HTTP_403_FORBIDDEN)
 
         kiosk = Kiosk.objects.get(id=id)

memberportal/api_spacedirectory/views.py

@@ -103,7 +103,7 @@ def get(self, request):
                 "open": config.SPACE_DIRECTORY_ICON_OPEN,
                 "closed": config.SPACE_DIRECTORY_ICON_CLOSED,
             }
-            spaceapi["api_compatibility"] = ["0.14"]
+            spaceapi["api_compatibility"] = ["14"]
 
             ## Add the sensor data to the main body of the schema
             spaceapi["sensors"] = sensor_data

memberportal/membermatters/oidc_provider_settings.py

@@ -1,10 +1,56 @@
 def userinfo(claims, user):
     # Populate claims dict.
-    claims["name"] = "{0} {1}".format(user.profile.first_name, user.profile.last_name)
+    claims["name"] = user.get_full_name() or "NO_NAME"
     claims["given_name"] = user.profile.first_name or "NO_FIRSTNAME"
     claims["family_name"] = user.profile.last_name or "NO_LASTNAME"
     claims["nickname"] = user.profile.screen_name or "NO_SCREENNAME"
+    claims["preferred_username"] = user.profile.screen_name or "NO_SCREENNAME"
     claims["email"] = user.email
+    claims["email_verified"] = user.email_verified
     claims["phone_number"] = user.profile.phone or "NO_PHONENUMBER"
+    claims["phone_number_verified"] = False
+    claims["updated_at"] = user.profile.modified.isoformat()
 
     return claims
+
+
+from django.utils.translation import ugettext_lazy as _
+from oidc_provider.lib.claims import ScopeClaims
+
+
+class CustomScopeClaims(ScopeClaims):
+    info_membershipinfo = (
+        _("Membership Info"),
+        _(
+            "Current membership status, and other membership information like permissions/groups."
+        ),
+    )
+
+    def scope_membershipinfo(self):
+        groups = []
+        state = self.user.profile.state
+        subscription_state = self.user.profile.subscription_status
+        subscriptionActive = subscription_state in ["active", "cancelling"]
+        firstSubscribed = self.user.profile.subscription_first_created
+        firstSubscribed = firstSubscribed.isoformat() if firstSubscribed else None
+
+        if self.user.is_staff:
+            groups.append("staff")
+
+        if self.user.is_admin:
+            groups.append("admin")
+
+        if self.user.is_superuser:
+            groups.append("superuser")
+
+        if self.user.profile.state == "active":
+            groups.append("active")
+
+        return {
+            "state": state,
+            "active": state == "active",
+            "subscriptionState": subscription_state,
+            "subscriptionActive": subscriptionActive,
+            "firstSubscribedDate": firstSubscribed,
+            "groups": groups,
+        }

memberportal/membermatters/settings.py

@@ -295,6 +295,7 @@
 CONSTANCE_CONFIG_FIELDSETS = CONSTANCE_CONFIG_FIELDSETS
 
 OIDC_USERINFO = "membermatters.oidc_provider_settings.userinfo"
+OIDC_EXTRA_SCOPE_CLAIMS = "membermatters.oidc_provider_settings.CustomScopeClaims"
 
 USE_X_FORWARDED_HOST = True
 SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")

memberportal/membermatters/urls.py

@@ -1,5 +1,6 @@
 """membermatters URL Configuration
 """
+
 import os
 import django.db.utils
 from django.contrib import admin

memberportal/membermatters/wsgi.py

@@ -3,6 +3,7 @@
 For more information on this file, see 
 https://docs.djangoproject.com/en/1.9/howto/deployment/wsgi/ 
 """
+
 import os
 from django.core.wsgi import get_wsgi_application
 import logging, sys

memberportal/profile/migrations/0001_initial.py

@@ -264,7 +264,6 @@ class Migration(migrations.Migration):
                     models.ImageField(
                         blank=True,
                         null=True,
-                        upload_to=profile.models.Profile.path_and_rename,
                     ),
                 ),
                 (