From 43126f804ded9b540ca1b14efaa479c47f1afe9d Mon Sep 17 00:00:00 2001 From: Steven Bal Date: Thu, 27 Jun 2024 12:42:32 +0200 Subject: [PATCH 1/6] :arrow_up: Upgrade open-api-framework to 0.6.0 --- requirements/base.txt | 13 ++++++++++++- requirements/ci.txt | 19 ++++++++++++++++++- requirements/dev.txt | 22 +++++++++++++++++++++- 3 files changed, 51 insertions(+), 3 deletions(-) diff --git a/requirements/base.txt b/requirements/base.txt index 8f7d80f..6e7c48a 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -74,12 +74,14 @@ django==4.2.11 # via # commonground-api-common # django-admin-index + # django-appconf # django-axes # django-cors-headers # django-filter # django-formtools # django-import-export # django-jsonform + # django-log-outgoing-requests # django-markup # django-otp # django-phonenumber-field @@ -88,6 +90,7 @@ django==4.2.11 # django-relativedelta # django-rest-framework-condition # django-sendfile2 + # django-setup-configuration # django-simple-certmanager # django-solo # django-two-factor-auth @@ -104,6 +107,8 @@ django==4.2.11 # zgw-consumers django-admin-index==3.1.1 # via open-api-framework +django-appconf==1.0.6 + # via django-log-outgoing-requests django-axes==6.4.0 # via open-api-framework django-cors-headers==4.3.1 @@ -120,6 +125,8 @@ django-jsonform==2.22.0 # via # mozilla-django-oidc-db # open-api-framework +django-log-outgoing-requests==0.6.1 + # via open-api-framework django-markup==1.8.1 # via open-api-framework django-ordered-model==3.7.4 @@ -138,11 +145,14 @@ django-rest-framework-condition==0.1.1 # via commonground-api-common django-sendfile2==0.7.1 # via django-privates +django-setup-configuration==0.1.0 + # via open-api-framework django-simple-certmanager==2.0.0 # via zgw-consumers django-solo==2.2.0 # via # commonground-api-common + # django-log-outgoing-requests # mozilla-django-oidc-db # notifications-api-common # zgw-consumers @@ -224,7 +234,7 @@ mozilla-django-oidc-db==0.15.0 # via open-api-framework notifications-api-common==0.2.2 # via commonground-api-common -open-api-framework==0.2.0 +open-api-framework==0.6.0 # via -r requirements/base.in openpyxl==3.1.4 # via tablib @@ -286,6 +296,7 @@ requests==2.31.0 # ape-pie # commonground-api-common # coreapi + # django-log-outgoing-requests # gemma-zds-client # mozilla-django-oidc # open-api-framework diff --git a/requirements/ci.txt b/requirements/ci.txt index 1c4e599..65a9463 100644 --- a/requirements/ci.txt +++ b/requirements/ci.txt @@ -120,12 +120,14 @@ django==4.2.11 # -r requirements/base.txt # commonground-api-common # django-admin-index + # django-appconf # django-axes # django-cors-headers # django-filter # django-formtools # django-import-export # django-jsonform + # django-log-outgoing-requests # django-markup # django-otp # django-phonenumber-field @@ -134,6 +136,7 @@ django==4.2.11 # django-relativedelta # django-rest-framework-condition # django-sendfile2 + # django-setup-configuration # django-simple-certmanager # django-solo # django-two-factor-auth @@ -152,6 +155,10 @@ django-admin-index==3.1.1 # via # -r requirements/base.txt # open-api-framework +django-appconf==1.0.6 + # via + # -r requirements/base.txt + # django-log-outgoing-requests django-axes==6.4.0 # via # -r requirements/base.txt @@ -176,6 +183,10 @@ django-jsonform==2.22.0 # -r requirements/base.txt # mozilla-django-oidc-db # open-api-framework +django-log-outgoing-requests==0.6.1 + # via + # -r requirements/base.txt + # open-api-framework django-markup==1.8.1 # via # -r requirements/base.txt @@ -212,6 +223,10 @@ django-sendfile2==0.7.1 # via # -r requirements/base.txt # django-privates +django-setup-configuration==0.1.0 + # via + # -r requirements/base.txt + # open-api-framework django-simple-certmanager==2.0.0 # via # -r requirements/base.txt @@ -220,6 +235,7 @@ django-solo==2.2.0 # via # -r requirements/base.txt # commonground-api-common + # django-log-outgoing-requests # mozilla-django-oidc-db # notifications-api-common # zgw-consumers @@ -377,7 +393,7 @@ notifications-api-common==0.2.2 # via # -r requirements/base.txt # commonground-api-common -open-api-framework==0.2.0 +open-api-framework==0.6.0 # via -r requirements/base.txt openpyxl==3.1.4 # via @@ -485,6 +501,7 @@ requests==2.31.0 # ape-pie # commonground-api-common # coreapi + # django-log-outgoing-requests # gemma-zds-client # mozilla-django-oidc # open-api-framework diff --git a/requirements/dev.txt b/requirements/dev.txt index 75ced90..0782190 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -161,6 +161,7 @@ django==4.2.11 # -r requirements/ci.txt # commonground-api-common # django-admin-index + # django-appconf # django-axes # django-cors-headers # django-debug-toolbar @@ -169,6 +170,7 @@ django==4.2.11 # django-formtools # django-import-export # django-jsonform + # django-log-outgoing-requests # django-markup # django-otp # django-phonenumber-field @@ -177,6 +179,7 @@ django==4.2.11 # django-relativedelta # django-rest-framework-condition # django-sendfile2 + # django-setup-configuration # django-simple-certmanager # django-solo # django-two-factor-auth @@ -196,6 +199,11 @@ django-admin-index==3.1.1 # -c requirements/ci.txt # -r requirements/ci.txt # open-api-framework +django-appconf==1.0.6 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # django-log-outgoing-requests django-axes==6.4.0 # via # -c requirements/ci.txt @@ -231,6 +239,11 @@ django-jsonform==2.22.0 # -r requirements/ci.txt # mozilla-django-oidc-db # open-api-framework +django-log-outgoing-requests==0.6.1 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # open-api-framework django-markup==1.8.1 # via # -c requirements/ci.txt @@ -276,6 +289,11 @@ django-sendfile2==0.7.1 # -c requirements/ci.txt # -r requirements/ci.txt # django-privates +django-setup-configuration==0.1.0 + # via + # -c requirements/ci.txt + # -r requirements/ci.txt + # open-api-framework django-simple-certmanager==2.0.0 # via # -c requirements/ci.txt @@ -286,6 +304,7 @@ django-solo==2.2.0 # -c requirements/ci.txt # -r requirements/ci.txt # commonground-api-common + # django-log-outgoing-requests # mozilla-django-oidc-db # notifications-api-common # zgw-consumers @@ -506,7 +525,7 @@ notifications-api-common==0.2.2 # -c requirements/ci.txt # -r requirements/ci.txt # commonground-api-common -open-api-framework==0.2.0 +open-api-framework==0.6.0 # via # -c requirements/ci.txt # -r requirements/ci.txt @@ -659,6 +678,7 @@ requests==2.31.0 # ape-pie # commonground-api-common # coreapi + # django-log-outgoing-requests # gemma-zds-client # mozilla-django-oidc # open-api-framework From c0a179d6b9411e0e813d03d33e6c122ffaeb9521 Mon Sep 17 00:00:00 2001 From: Steven Bal Date: Thu, 27 Jun 2024 13:03:43 +0200 Subject: [PATCH 2/6] :wrench: [open-zaak/open-zaak#1629] Refactor base settings and use generic settings from OAF --- src/referentielijsten/conf/base.py | 416 +----------------- src/referentielijsten/conf/production.py | 20 +- .../utils/context_processors.py | 1 - 3 files changed, 16 insertions(+), 421 deletions(-) diff --git a/src/referentielijsten/conf/base.py b/src/referentielijsten/conf/base.py index 5faaf0e..1c28d09 100644 --- a/src/referentielijsten/conf/base.py +++ b/src/referentielijsten/conf/base.py @@ -1,124 +1,20 @@ -import os - from django.urls import reverse_lazy from import_export.formats.base_formats import DEFAULT_FORMATS +from notifications_api_common.settings import * # noqa +from open_api_framework.conf.base import * # noqa +from open_api_framework.conf.utils import config from .api import * # noqa -from .utils import config - -# Build paths inside the project, so further paths can be defined relative to -# the code root. - -DJANGO_PROJECT_DIR = os.path.abspath( - os.path.join(os.path.dirname(__file__), os.path.pardir) -) - -BASE_DIR = os.path.abspath( - os.path.join(DJANGO_PROJECT_DIR, os.path.pardir, os.path.pardir) -) # # Core Django settings # -# SITE_ID = config("SITE_ID", default=1) - -# SECURITY WARNING: keep the secret key used in production secret! -SECRET_KEY = config("SECRET_KEY") - -# NEVER run with DEBUG=True in production-like environments -DEBUG = config("DEBUG", default=False) - -# = domains we're running on -ALLOWED_HOSTS = config("ALLOWED_HOSTS", default="", split=True) -USE_X_FORWARDED_HOST = config("USE_X_FORWARDED_HOST", default=False) - -IS_HTTPS = config("IS_HTTPS", default=not DEBUG) - -# Internationalization -# https://docs.djangoproject.com/en/2.0/topics/i18n/ - -LANGUAGE_CODE = "nl" - -TIME_ZONE = "UTC" - -USE_I18N = True - -USE_L10N = True - -USE_TZ = True - -USE_THOUSAND_SEPARATOR = True - -# -# DATABASE and CACHING setup -# -DATABASES = { - "default": { - "ENGINE": config("DB_ENGINE", "django.db.backends.postgresql"), - "NAME": config("DB_NAME", "referentielijsten"), - "USER": config("DB_USER", "referentielijsten"), - "PASSWORD": config("DB_PASSWORD", "referentielijsten"), - "HOST": config("DB_HOST", "localhost"), - "PORT": config("DB_PORT", 5432), - } -} - -DEFAULT_AUTO_FIELD = "django.db.models.AutoField" - -CACHES = { - "default": { - "BACKEND": "django_redis.cache.RedisCache", - "LOCATION": f"redis://{config('CACHE_DEFAULT', 'localhost:6379/0')}", - "OPTIONS": { - "CLIENT_CLASS": "django_redis.client.DefaultClient", - "IGNORE_EXCEPTIONS": True, - }, - }, - "axes": { - "BACKEND": "django_redis.cache.RedisCache", - "LOCATION": f"redis://{config('CACHE_AXES', 'localhost:6379/0')}", - "OPTIONS": { - "CLIENT_CLASS": "django_redis.client.DefaultClient", - "IGNORE_EXCEPTIONS": True, - }, - }, -} - # # APPLICATIONS enabled for this project # - -INSTALLED_APPS = [ - "django.contrib.auth", - "django.contrib.sessions", - "django.contrib.contenttypes", - # NOTE: If enabled, at least one Site object is required and - # uncomment SITE_ID above. - # 'django.contrib.sites', - "django.contrib.messages", - "django.contrib.staticfiles", - # Two-factor authentication in the Django admin, enforced. - "django_otp", - "django_otp.plugins.otp_static", - "django_otp.plugins.otp_totp", - "two_factor", - "two_factor.plugins.webauthn", # USB key/token support - "maykin_2fa", - # Optional applications. - "ordered_model", - "django_admin_index", - "django.contrib.admin", - # External applications. - "axes", - "mozilla_django_oidc", - "mozilla_django_oidc_db", - "drf_spectacular", - "rest_framework", - "solo", - "django_jsonform", - "vng_api_common", +INSTALLED_APPS = INSTALLED_APPS + [ "import_export", # Project applications. "referentielijsten.accounts", @@ -126,228 +22,16 @@ "referentielijsten.api", ] -MIDDLEWARE = [ - "django.middleware.security.SecurityMiddleware", - "django.contrib.sessions.middleware.SessionMiddleware", - # 'django.middleware.locale.LocaleMiddleware', - "django.middleware.common.CommonMiddleware", - "django.middleware.csrf.CsrfViewMiddleware", - "django.contrib.auth.middleware.AuthenticationMiddleware", - "mozilla_django_oidc_db.middleware.SessionRefresh", - "maykin_2fa.middleware.OTPMiddleware", - "django.contrib.messages.middleware.MessageMiddleware", - "django.middleware.clickjacking.XFrameOptionsMiddleware", - # should be last according to docs - "axes.middleware.AxesMiddleware", -] - -ROOT_URLCONF = "referentielijsten.urls" - -# List of callables that know how to import templates from various sources. -TEMPLATE_LOADERS = ( - "django.template.loaders.filesystem.Loader", - "django.template.loaders.app_directories.Loader", -) - -TEMPLATES = [ - { - "BACKEND": "django.template.backends.django.DjangoTemplates", - "DIRS": [os.path.join(DJANGO_PROJECT_DIR, "templates")], - "APP_DIRS": False, # conflicts with explicity specifying the loaders - "OPTIONS": { - "context_processors": [ - "django.template.context_processors.debug", - "django.template.context_processors.request", - "django.contrib.auth.context_processors.auth", - "django.contrib.messages.context_processors.messages", - "referentielijsten.utils.context_processors.settings", - ], - "loaders": TEMPLATE_LOADERS, - }, - }, -] - -WSGI_APPLICATION = "referentielijsten.wsgi.application" - -# Translations -LOCALE_PATHS = (os.path.join(DJANGO_PROJECT_DIR, "conf", "locale"),) - -# -# SERVING of static and media files -# - -STATIC_URL = "/static/" - -STATIC_ROOT = os.path.join(BASE_DIR, "static") - -# Additional locations of static files -STATICFILES_DIRS = [os.path.join(DJANGO_PROJECT_DIR, "static")] - -# List of finder classes that know how to find static files in -# various locations. -STATICFILES_FINDERS = [ - "django.contrib.staticfiles.finders.FileSystemFinder", - "django.contrib.staticfiles.finders.AppDirectoriesFinder", -] - -MEDIA_ROOT = os.path.join(BASE_DIR, "media") - -MEDIA_URL = "/media/" - -FILE_UPLOAD_PERMISSIONS = 0o644 - -# -# Sending EMAIL -# -EMAIL_HOST = config("EMAIL_HOST", default="localhost") -EMAIL_PORT = config( - "EMAIL_PORT", default=25 -) # disabled on Google Cloud, use 487 instead -EMAIL_HOST_USER = config("EMAIL_HOST_USER", default="") -EMAIL_HOST_PASSWORD = config("EMAIL_HOST_PASSWORD", default="") -EMAIL_USE_TLS = config("EMAIL_USE_TLS", default=False) -EMAIL_TIMEOUT = 10 - -DEFAULT_FROM_EMAIL = "referentielijsten@example.com" - -# -# LOGGING -# -LOG_STDOUT = config("LOG_STDOUT", default=False) - -LOGGING_DIR = os.path.join(BASE_DIR, "log") - -LOGGING = { - "version": 1, - "disable_existing_loggers": False, - "formatters": { - "verbose": { - "format": "%(asctime)s %(levelname)s %(name)s %(module)s %(process)d %(thread)d %(message)s" - }, - "timestamped": {"format": "%(asctime)s %(levelname)s %(name)s %(message)s"}, - "simple": {"format": "%(levelname)s %(message)s"}, - "performance": { - "format": "%(asctime)s %(process)d | %(thread)d | %(message)s", - }, - }, - "filters": { - "require_debug_false": {"()": "django.utils.log.RequireDebugFalse"}, - }, - "handlers": { - "mail_admins": { - "level": "ERROR", - "filters": ["require_debug_false"], - "class": "django.utils.log.AdminEmailHandler", - }, - "null": { - "level": "DEBUG", - "class": "logging.NullHandler", - }, - "console": { - "level": "DEBUG", - "class": "logging.StreamHandler", - "formatter": "timestamped", - }, - "django": { - "level": "DEBUG", - "class": "logging.handlers.RotatingFileHandler", - "filename": os.path.join(LOGGING_DIR, "django.log"), - "formatter": "verbose", - "maxBytes": 1024 * 1024 * 10, # 10 MB - "backupCount": 10, - }, - "project": { - "level": "DEBUG", - "class": "logging.handlers.RotatingFileHandler", - "filename": os.path.join(LOGGING_DIR, "referentielijsten.log"), - "formatter": "verbose", - "maxBytes": 1024 * 1024 * 10, # 10 MB - "backupCount": 10, - }, - "performance": { - "level": "INFO", - "class": "logging.handlers.RotatingFileHandler", - "filename": os.path.join(LOGGING_DIR, "performance.log"), - "formatter": "performance", - "maxBytes": 1024 * 1024 * 10, # 10 MB - "backupCount": 10, - }, - }, - "loggers": { - "referentielijsten": { - "handlers": ["project"] if not LOG_STDOUT else ["console"], - "level": "INFO", - "propagate": True, - }, - "django.request": { - "handlers": ["django"] if not LOG_STDOUT else ["console"], - "level": "ERROR", - "propagate": True, - }, - "django.template": { - "handlers": ["console"], - "level": "INFO", - "propagate": True, - }, - "mozilla_django_oidc": { - "handlers": ["project"] if not LOG_STDOUT else ["console"], - "level": "DEBUG", - }, - }, -} - -# -# AUTH settings - user accounts, passwords, backends... -# -AUTH_USER_MODEL = "accounts.User" - -AUTH_PASSWORD_VALIDATORS = [ - { - "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator" - }, - {"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator"}, - {"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator"}, - {"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator"}, -] - - -# Allow logging in with both username+password and email+password -AUTHENTICATION_BACKENDS = [ - "axes.backends.AxesBackend", - "referentielijsten.accounts.backends.UserModelEmailBackend", - "django.contrib.auth.backends.ModelBackend", - "mozilla_django_oidc_db.backends.OIDCAuthenticationBackend", -] - -SESSION_COOKIE_NAME = "referentielijsten_sessionid" -SESSION_ENGINE = "django.contrib.sessions.backends.cache" - -LOGIN_URL = reverse_lazy("admin:login") -LOGIN_REDIRECT_URL = reverse_lazy("admin:index") -LOGOUT_REDIRECT_URL = reverse_lazy("admin:index") - # # SECURITY settings # -SESSION_COOKIE_SECURE = IS_HTTPS -SESSION_COOKIE_HTTPONLY = True - -CSRF_COOKIE_SECURE = IS_HTTPS CSRF_FAILURE_VIEW = "referentielijsten.accounts.views.csrf_failure" -X_FRAME_OPTIONS = "DENY" - -# -# FIXTURES -# - -FIXTURE_DIRS = (os.path.join(DJANGO_PROJECT_DIR, "fixtures"),) - # # Custom settings # PROJECT_NAME = "Referentielijsten" -ENVIRONMENT = config("ENVIRONMENT", "") +# TODO are these settings actually used? SHOW_ALERT = True ENABLE_ADMIN_NAV_SIDEBAR = config("ENABLE_ADMIN_NAV_SIDEBAR", default=False) @@ -357,26 +41,6 @@ # multiple login urls defined. LOGIN_URLS = [reverse_lazy("admin:login")] -if "GIT_SHA" in os.environ: - GIT_SHA = config("GIT_SHA", "") -# in docker (build) context, there is no .git directory -elif os.path.exists(os.path.join(BASE_DIR, ".git")): - try: - import git - except ImportError: - GIT_SHA = None - else: - repo = git.Repo(search_parent_directories=True) - try: - GIT_SHA = repo.head.object.hexsha - except ( - ValueError - ): # on startproject initial runs before any git commits have been made - GIT_SHA = repo.active_branch.name -else: - GIT_SHA = None - -RELEASE = config("RELEASE", GIT_SHA) # Default (connection timeout, read timeout) for the requests library (in seconds) REQUESTS_DEFAULT_TIMEOUT = (10, 30) @@ -390,46 +54,10 @@ # # Django-Admin-Index # -ADMIN_INDEX_SHOW_REMAINING_APPS = False -ADMIN_INDEX_AUTO_CREATE_APP_GROUP = False -ADMIN_INDEX_SHOW_REMAINING_APPS_TO_SUPERUSERS = True ADMIN_INDEX_DISPLAY_DROP_DOWN_MENU_CONDITION_FUNCTION = ( "referentielijsten.utils.django_two_factor_auth.should_display_dropdown_menu" ) -# -# DJANGO-AXES -# -AXES_CACHE = "axes" # refers to CACHES setting -# The number of login attempts allowed before a record is created for the -# failed logins. Default: 3 -AXES_FAILURE_LIMIT = 10 -# If set, defines a period of inactivity after which old failed login attempts -# will be forgotten. Can be set to a python timedelta object or an integer. If -# an integer, will be interpreted as a number of hours. Default: None -AXES_COOLOFF_TIME = 1 -# If set, specifies a template to render when a user is locked out. Template -# receives cooloff_time and failure_limit as context variables. Default: None -AXES_LOCKOUT_TEMPLATE = "account_blocked.html" -AXES_LOCKOUT_PARAMETERS = [["ip_address", "user_agent", "username"]] -# By default, Axes obfuscates values for formfields named "password", but the admin -# interface login formfield name is "auth-password", so we obfuscate that as well -AXES_SENSITIVE_PARAMETERS = ["password", "auth-password"] # nosec - -# The default meta precedence order -IPWARE_META_PRECEDENCE_ORDER = ( - "HTTP_X_FORWARDED_FOR", - "X_FORWARDED_FOR", # , , - "HTTP_CLIENT_IP", - "HTTP_X_REAL_IP", - "HTTP_X_FORWARDED", - "HTTP_X_CLUSTER_CLIENT_IP", - "HTTP_FORWARDED_FOR", - "HTTP_FORWARDED", - "HTTP_VIA", - "REMOTE_ADDR", -) - # # MAYKIN-2FA # @@ -437,42 +65,10 @@ # those settings too. # # we run the admin site monkeypatch instead. -TWO_FACTOR_PATCH_ADMIN = False # Relying Party name for WebAuthn (hardware tokens) TWO_FACTOR_WEBAUTHN_RP_NAME = "referentielijsten" -# use platform for fingerprint readers etc., or remove the setting to allow any. -# cross-platform would limit the options to devices like phones/yubikeys -TWO_FACTOR_WEBAUTHN_AUTHENTICATOR_ATTACHMENT = "cross-platform" -# add entries from AUTHENTICATION_BACKENDS that already enforce their own two-factor -# auth, avoiding having some set up MFA again in the project. -MAYKIN_2FA_ALLOW_MFA_BYPASS_BACKENDS = [ - # "mozilla_django_oidc_db.backends.OIDCAuthenticationBackend", -] - -# Elastic APM -ELASTIC_APM_SERVER_URL = os.getenv("ELASTIC_APM_SERVER_URL", None) -ELASTIC_APM = { - "SERVICE_NAME": f"referentielijsten {ENVIRONMENT}", - "SECRET_TOKEN": config("ELASTIC_APM_SECRET_TOKEN", "default"), - "SERVER_URL": ELASTIC_APM_SERVER_URL, -} -if not ELASTIC_APM_SERVER_URL: - ELASTIC_APM["ENABLED"] = False - ELASTIC_APM["SERVER_URL"] = "http://localhost:8200" # -# Mozilla Django OIDC DB settings +# django-import-export # -OIDC_AUTHENTICATE_CLASS = "mozilla_django_oidc_db.views.OIDCAuthenticationRequestView" -OIDC_CALLBACK_CLASS = "mozilla_django_oidc_db.views.OIDCCallbackView" -MOZILLA_DJANGO_OIDC_DB_CACHE = "oidc" -MOZILLA_DJANGO_OIDC_DB_CACHE_TIMEOUT = 5 * 60 - -# Subpath (optional) -# This environment variable can be configured during deployment. -SUBPATH = config("SUBPATH", None) -if SUBPATH: - SUBPATH = f"/{SUBPATH.strip('/')}" - - IMPORT_EXPORT_FORMATS = DEFAULT_FORMATS diff --git a/src/referentielijsten/conf/production.py b/src/referentielijsten/conf/production.py index c020d78..871deca 100644 --- a/src/referentielijsten/conf/production.py +++ b/src/referentielijsten/conf/production.py @@ -33,15 +33,15 @@ STATICFILES_STORAGE = "django.contrib.staticfiles.storage.ManifestStaticFilesStorage" # Production logging facility. - -# Production logging facility. -handlers = ["console"] if LOG_STDOUT else ["django"] - LOGGING["loggers"].update( { - "django": {"handlers": handlers, "level": "INFO", "propagate": True}, + "django": { + "handlers": logging_django_handlers, + "level": "INFO", + "propagate": True, + }, "django.security.DisallowedHost": { - "handlers": handlers, + "handlers": logging_django_handlers, "level": "CRITICAL", "propagate": False, }, @@ -56,7 +56,7 @@ # # Custom settings overrides # -SHOW_ALERT = False +ENVIRONMENT_SHOWN_IN_ADMIN = False ############################## # # @@ -70,6 +70,6 @@ "elasticapm.contrib.django", ] -if SUBPATH and SUBPATH != "/": - STATIC_URL = f"{SUBPATH}{STATIC_URL}" - MEDIA_URL = f"{SUBPATH}{MEDIA_URL}" +if subpath and subpath != "/": + STATIC_URL = f"{subpath}{STATIC_URL}" + MEDIA_URL = f"{subpath}{MEDIA_URL}" diff --git a/src/referentielijsten/utils/context_processors.py b/src/referentielijsten/utils/context_processors.py index 438eebf..ded35af 100644 --- a/src/referentielijsten/utils/context_processors.py +++ b/src/referentielijsten/utils/context_processors.py @@ -5,7 +5,6 @@ def settings(request): public_settings = ( "GOOGLE_ANALYTICS_ID", "ENVIRONMENT", - "SHOW_ALERT", "PROJECT_NAME", ) From 8d96dfd7d2f90e37fdc6f9a6269672ab1727463c Mon Sep 17 00:00:00 2001 From: Steven Bal Date: Thu, 27 Jun 2024 14:14:01 +0200 Subject: [PATCH 3/6] :whale: Fix docker-compose setup * add redis * add DISABLE_2FA envvar * add SUBPATH envvar --- docker-compose.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index 5e18fa0..09d1cb7 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -12,6 +12,9 @@ services: volumes: - ./docker-init-db.sql:/docker-entrypoint-initdb.d/init_db.sql + redis: + image: redis + web: build: . image: maykinmedia/referentielijsten-api:latest @@ -21,12 +24,17 @@ services: - DB_NAME=referentielijsten - DB_USER=referentielijsten - DB_HOST=db + - CACHE_DEFAULT=redis:6379/0 + - CACHE_AXES=redis:6379/0 + - SUBPATH=${SUBPATH:-/} + - DISABLE_2FA=${DISABLE_2FA:-True} # Only allow all hosts for development/testing purposes! - ALLOWED_HOSTS=* ports: - 8000:8000 depends_on: - db + - redis # See: src/referentielijsten/conf/docker.py # Optional containers below: From 4ec5b1244090a567a25491842e7da5f1439942ec Mon Sep 17 00:00:00 2001 From: Steven Bal Date: Fri, 28 Jun 2024 11:54:55 +0200 Subject: [PATCH 4/6] :wrench: Remove unused settings --- src/referentielijsten/conf/base.py | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/referentielijsten/conf/base.py b/src/referentielijsten/conf/base.py index 1c28d09..c31c785 100644 --- a/src/referentielijsten/conf/base.py +++ b/src/referentielijsten/conf/base.py @@ -3,7 +3,6 @@ from import_export.formats.base_formats import DEFAULT_FORMATS from notifications_api_common.settings import * # noqa from open_api_framework.conf.base import * # noqa -from open_api_framework.conf.utils import config from .api import * # noqa @@ -31,9 +30,6 @@ # Custom settings # PROJECT_NAME = "Referentielijsten" -# TODO are these settings actually used? -SHOW_ALERT = True -ENABLE_ADMIN_NAV_SIDEBAR = config("ENABLE_ADMIN_NAV_SIDEBAR", default=False) # This setting is used by the csrf_failure view (accounts app). # You can specify any path that should match the request.path From ce4e504ea155da11b238e7b5a9643461cc6da1c5 Mon Sep 17 00:00:00 2001 From: Steven Bal Date: Fri, 5 Jul 2024 16:02:28 +0200 Subject: [PATCH 5/6] :wrench: Remove django.contrib.sites explicitly because OAF adds this, but we don't need it here --- src/referentielijsten/conf/base.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/referentielijsten/conf/base.py b/src/referentielijsten/conf/base.py index c31c785..2e729ed 100644 --- a/src/referentielijsten/conf/base.py +++ b/src/referentielijsten/conf/base.py @@ -20,6 +20,9 @@ "referentielijsten.utils", "referentielijsten.api", ] +# open-api-framework currently installs `django.contrib.sites`, but we want to move +# away from this in the future +INSTALLED_APPS.remove("django.contrib.sites") # # SECURITY settings From 5f1b466bc2e93c2ca3f1307f93e0339936d016ba Mon Sep 17 00:00:00 2001 From: Steven Bal Date: Fri, 5 Jul 2024 16:30:02 +0200 Subject: [PATCH 6/6] :memo: Add warnings for redis/2fa to changelog --- CHANGELOG.rst | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 87ac0d6..5648cb2 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -2,6 +2,20 @@ Change history ============== +0.2.0 +===== + +*?? ??, 2024* + +.. warning:: + + Deployment tooling updates required - additional containers needed. + + Redis is now required as a cache backend, make sure to add and configure a Redis container + +.. warning:: + + Two factor authentication was added (by default it is enabled, to disable it, set the ``DISABLE_2FA`` envvar to ``True``) 0.1.0 =====