From 89f7d1113b527ffd37eba883c3e6ead5297ea834 Mon Sep 17 00:00:00 2001 From: Mariano Ruiz Date: Thu, 29 Aug 2024 17:57:39 -0300 Subject: [PATCH 01/13] Update test libs --- requirements/requirements-test.in | 4 ++-- requirements/requirements-test.txt | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/requirements/requirements-test.in b/requirements/requirements-test.in index efbbea5..159a1a4 100644 --- a/requirements/requirements-test.in +++ b/requirements/requirements-test.in @@ -1,3 +1,3 @@ -pytest~=7.3.0 +pytest~=7.4.4 pytest-cov~=4.0.0 -pytest-django==4.5.2 +pytest-django==4.8.0 diff --git a/requirements/requirements-test.txt b/requirements/requirements-test.txt index c6e3f97..8716275 100644 --- a/requirements/requirements-test.txt +++ b/requirements/requirements-test.txt @@ -12,16 +12,16 @@ packaging==21.3 # via pytest pluggy==1.0.0 # via pytest -pyparsing==3.0.7 +pyparsing==3.1.4 # via packaging -pytest==7.3.0 +pytest==7.4.4 # via # -r requirements-test.in # pytest-cov # pytest-django pytest-cov==4.0.0 # via -r requirements-test.in -pytest-django==4.5.2 +pytest-django==4.8.0 # via -r requirements-test.in tomli==2.0.1 # via coverage From 8d1772a9100cd2205855c223df638443df104e25 Mon Sep 17 00:00:00 2001 From: Mariano Ruiz Date: Thu, 29 Aug 2024 18:22:53 -0300 Subject: [PATCH 02/13] Add SSO with Google within the Admin --- README.rst | 3 ++- coleman/settings.py | 10 ++++++++ coleman/urls.py | 11 +++++--- requirements/requirements-dev.in | 1 + requirements/requirements-dev.txt | 42 +++++++++++++++++++++++++++++++ 5 files changed, 63 insertions(+), 4 deletions(-) diff --git a/README.rst b/README.rst index 3ce946f..d4378e1 100644 --- a/README.rst +++ b/README.rst @@ -15,7 +15,8 @@ Features partner (customer, provider...), description, responsible of the task, priority... * Each task may have items: sub-tasks to be done. * The built-in Django *Authentication and Authorization* system - to manage users and groups, login, etc. + to manage users and groups, login, etc, and optionally SSO with Google + within the Admin (`django-google-sso `_). * Module `django-adminfilters `_ that allows multiselection searches. * Send emails when a task is created. diff --git a/coleman/settings.py b/coleman/settings.py index 0debcbf..e776cb1 100644 --- a/coleman/settings.py +++ b/coleman/settings.py @@ -49,6 +49,7 @@ 'django.contrib.staticfiles', 'django_extensions', 'health_check', + 'django_google_sso', ] REST_ENABLED = env.bool('REST_ENABLED', False) @@ -177,6 +178,15 @@ } +GOOGLE_SSO_ENABLED = env.bool('GOOGLE_SSO_ENABLED', False) +SSO_SHOW_FORM_ON_ADMIN_PAGE = env.bool('SSO_SHOW_FORM_ON_ADMIN_PAGE', True) +GOOGLE_SSO_CLIENT_ID = env.str("GOOGLE_SSO_CLIENT_ID", None) +GOOGLE_SSO_CLIENT_SECRET = env.str('GOOGLE_SSO_CLIENT_SECRET', None) +GOOGLE_SSO_PROJECT_ID = env.str('GOOGLE_SSO_PROJECT_ID', "django-coleman") +GOOGLE_SSO_AUTO_CREATE_USERS = True +GOOGLE_SSO_STAFF_LIST = ["*"] +GOOGLE_SSO_ALLOWABLE_DOMAINS = env.str('GOOGLE_SSO_ALLOWABLE_DOMAINS', "gmail.com").split(',') + # # Custom configurations # diff --git a/coleman/urls.py b/coleman/urls.py index 85ba623..3aac851 100644 --- a/coleman/urls.py +++ b/coleman/urls.py @@ -13,9 +13,8 @@ 1. Import the include() function: from django.urls import include, path 2. Add a URL to urlpatterns: path('blog/', include('blog.urls')) """ -from django.urls import re_path, include +from django.urls import path, re_path, include from django.contrib import admin -from django.urls import path from django.conf import settings from django.http import HttpResponseRedirect @@ -29,13 +28,19 @@ urlpatterns = [ re_path('^api/v1/', include(router.urls)), + re_path(r'^health/', include('health_check.urls')), + path( + "google_sso/", include( + "django_google_sso.urls", + namespace="django_google_sso" + ) + ), ] if settings.ADMIN: urlpatterns = [ re_path(r'^$', lambda r: HttpResponseRedirect('admin/')), # Remove this redirect if you add custom views path('admin/', admin.site.urls), - re_path(r'^health/', include('health_check.urls')), ] + urlpatterns admin.site.site_title = admin.site.site_header = settings.SITE_HEADER diff --git a/requirements/requirements-dev.in b/requirements/requirements-dev.in index 206d5cc..21d9426 100644 --- a/requirements/requirements-dev.in +++ b/requirements/requirements-dev.in @@ -5,4 +5,5 @@ django-admin-list-filter-dropdown~=1.0.3 django-adminfilters~=2.1.0 djangorestframework~=3.15.2 django-extensions~=3.2.1 +django-google-sso~=6.5.0 django-health-check~=3.17.0 diff --git a/requirements/requirements-dev.txt b/requirements/requirements-dev.txt index a18fef6..458bfa8 100644 --- a/requirements/requirements-dev.txt +++ b/requirements/requirements-dev.txt @@ -6,6 +6,12 @@ # asgiref==3.6.0 # via django +cachetools==5.5.0 + # via google-auth +certifi==2024.7.4 + # via requests +charset-normalizer==3.3.2 + # via requests dj-database-url==1.3.0 # via -r requirements-dev.in django==4.2.15 @@ -13,6 +19,7 @@ django==4.2.15 # -r requirements-dev.in # dj-database-url # django-extensions + # django-google-sso # django-health-check # djangorestframework django-admin-list-filter-dropdown==1.0.3 @@ -21,17 +28,52 @@ django-adminfilters==2.1.0 # via -r requirements-dev.in django-extensions==3.2.1 # via -r requirements-dev.in +django-google-sso==6.5.0 + # via -r requirements-dev.in django-health-check==3.17.0 # via -r requirements-dev.in djangorestframework==3.15.2 # via -r requirements-dev.in environs==9.5.0 # via -r requirements-dev.in +google-auth==2.34.0 + # via + # django-google-sso + # google-auth-httplib2 + # google-auth-oauthlib +google-auth-httplib2==0.2.0 + # via django-google-sso +google-auth-oauthlib==1.2.1 + # via django-google-sso +httplib2==0.22.0 + # via google-auth-httplib2 +idna==3.8 + # via requests +loguru==0.7.2 + # via django-google-sso marshmallow==3.14.1 # via environs +oauthlib==3.2.2 + # via requests-oauthlib +pyasn1==0.6.0 + # via + # pyasn1-modules + # rsa +pyasn1-modules==0.4.0 + # via google-auth +pyparsing==3.1.4 + # via httplib2 python-dotenv==0.19.2 # via environs +requests==2.32.3 + # via requests-oauthlib +requests-oauthlib==2.0.0 + # via google-auth-oauthlib +rsa==4.9 + # via google-auth sqlparse==0.5.0 # via django typing-extensions==4.5.0 # via dj-database-url +urllib3==2.2.2 + # via requests From 1a11b8622dfda1a02f9c423b49f44ac53317bc96 Mon Sep 17 00:00:00 2001 From: Mariano Ruiz Date: Mon, 2 Sep 2024 11:17:26 -0300 Subject: [PATCH 03/13] Google SSO enable/disable at runtime --- coleman/settings.py | 19 +++++++++++-------- coleman/urls.py | 16 ++++++++++------ 2 files changed, 21 insertions(+), 14 deletions(-) diff --git a/coleman/settings.py b/coleman/settings.py index e776cb1..bdf6c5b 100644 --- a/coleman/settings.py +++ b/coleman/settings.py @@ -49,7 +49,6 @@ 'django.contrib.staticfiles', 'django_extensions', 'health_check', - 'django_google_sso', ] REST_ENABLED = env.bool('REST_ENABLED', False) @@ -178,14 +177,18 @@ } +# Google SSO (django-google-sso) GOOGLE_SSO_ENABLED = env.bool('GOOGLE_SSO_ENABLED', False) -SSO_SHOW_FORM_ON_ADMIN_PAGE = env.bool('SSO_SHOW_FORM_ON_ADMIN_PAGE', True) -GOOGLE_SSO_CLIENT_ID = env.str("GOOGLE_SSO_CLIENT_ID", None) -GOOGLE_SSO_CLIENT_SECRET = env.str('GOOGLE_SSO_CLIENT_SECRET', None) -GOOGLE_SSO_PROJECT_ID = env.str('GOOGLE_SSO_PROJECT_ID', "django-coleman") -GOOGLE_SSO_AUTO_CREATE_USERS = True -GOOGLE_SSO_STAFF_LIST = ["*"] -GOOGLE_SSO_ALLOWABLE_DOMAINS = env.str('GOOGLE_SSO_ALLOWABLE_DOMAINS', "gmail.com").split(',') +if GOOGLE_SSO_ENABLED: + SSO_SHOW_FORM_ON_ADMIN_PAGE = env.bool('SSO_SHOW_FORM_ON_ADMIN_PAGE', True) + GOOGLE_SSO_CLIENT_ID = env.str("GOOGLE_SSO_CLIENT_ID", None) + GOOGLE_SSO_CLIENT_SECRET = env.str('GOOGLE_SSO_CLIENT_SECRET', None) + GOOGLE_SSO_PROJECT_ID = env.str('GOOGLE_SSO_PROJECT_ID', "django-coleman") + GOOGLE_SSO_AUTO_CREATE_USERS = True + GOOGLE_SSO_STAFF_LIST = ["*"] + GOOGLE_SSO_ALLOWABLE_DOMAINS = env.str('GOOGLE_SSO_ALLOWABLE_DOMAINS', "gmail.com").split(',') + INSTALLED_APPS += ['django_google_sso'] + # # Custom configurations diff --git a/coleman/urls.py b/coleman/urls.py index 3aac851..0ead31a 100644 --- a/coleman/urls.py +++ b/coleman/urls.py @@ -29,12 +29,6 @@ urlpatterns = [ re_path('^api/v1/', include(router.urls)), re_path(r'^health/', include('health_check.urls')), - path( - "google_sso/", include( - "django_google_sso.urls", - namespace="django_google_sso" - ) - ), ] if settings.ADMIN: @@ -43,5 +37,15 @@ path('admin/', admin.site.urls), ] + urlpatterns +if settings.GOOGLE_SSO_ENABLED: + urlpatterns = [ + path( + "google_sso/", include( + "django_google_sso.urls", + namespace="django_google_sso" + ) + ), + ] + urlpatterns + admin.site.site_title = admin.site.site_header = settings.SITE_HEADER admin.site.index_title = settings.INDEX_TITLE From 4cb565f63a4487c56d08403838d6f6d6bb82fac3 Mon Sep 17 00:00:00 2001 From: Mariano Ruiz Date: Mon, 2 Sep 2024 11:25:27 -0300 Subject: [PATCH 04/13] Bump health package --- requirements/requirements-dev.in | 2 +- requirements/requirements-dev.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements/requirements-dev.in b/requirements/requirements-dev.in index 21d9426..7ec7207 100644 --- a/requirements/requirements-dev.in +++ b/requirements/requirements-dev.in @@ -6,4 +6,4 @@ django-adminfilters~=2.1.0 djangorestframework~=3.15.2 django-extensions~=3.2.1 django-google-sso~=6.5.0 -django-health-check~=3.17.0 +django-health-check~=3.18.3 diff --git a/requirements/requirements-dev.txt b/requirements/requirements-dev.txt index 458bfa8..7fc9ebb 100644 --- a/requirements/requirements-dev.txt +++ b/requirements/requirements-dev.txt @@ -30,7 +30,7 @@ django-extensions==3.2.1 # via -r requirements-dev.in django-google-sso==6.5.0 # via -r requirements-dev.in -django-health-check==3.17.0 +django-health-check==3.18.3 # via -r requirements-dev.in djangorestframework==3.15.2 # via -r requirements-dev.in From 4fb853774703943fa2ecf89f67137c5f06063071 Mon Sep 17 00:00:00 2001 From: Mariano Ruiz Date: Mon, 2 Sep 2024 11:28:31 -0300 Subject: [PATCH 05/13] Bump django-extensions package --- requirements/requirements-dev.in | 2 +- requirements/requirements-dev.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements/requirements-dev.in b/requirements/requirements-dev.in index 7ec7207..c6f933c 100644 --- a/requirements/requirements-dev.in +++ b/requirements/requirements-dev.in @@ -4,6 +4,6 @@ dj-database-url~=1.3.0 django-admin-list-filter-dropdown~=1.0.3 django-adminfilters~=2.1.0 djangorestframework~=3.15.2 -django-extensions~=3.2.1 +django-extensions~=3.2.3 django-google-sso~=6.5.0 django-health-check~=3.18.3 diff --git a/requirements/requirements-dev.txt b/requirements/requirements-dev.txt index 7fc9ebb..2b7087f 100644 --- a/requirements/requirements-dev.txt +++ b/requirements/requirements-dev.txt @@ -26,7 +26,7 @@ django-admin-list-filter-dropdown==1.0.3 # via -r requirements-dev.in django-adminfilters==2.1.0 # via -r requirements-dev.in -django-extensions==3.2.1 +django-extensions==3.2.3 # via -r requirements-dev.in django-google-sso==6.5.0 # via -r requirements-dev.in From 796adba7eaf7b7bfde2d0762ad55d288eb297566 Mon Sep 17 00:00:00 2001 From: Mariano Ruiz Date: Mon, 2 Sep 2024 11:32:55 -0300 Subject: [PATCH 06/13] Bump dj-database-url package --- requirements/requirements-dev.in | 2 +- requirements/requirements-dev.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements/requirements-dev.in b/requirements/requirements-dev.in index c6f933c..8faaa11 100644 --- a/requirements/requirements-dev.in +++ b/requirements/requirements-dev.in @@ -1,6 +1,6 @@ Django~=4.2 environs~=9.5.0 -dj-database-url~=1.3.0 +dj-database-url~=2.2.0 django-admin-list-filter-dropdown~=1.0.3 django-adminfilters~=2.1.0 djangorestframework~=3.15.2 diff --git a/requirements/requirements-dev.txt b/requirements/requirements-dev.txt index 2b7087f..4c6490d 100644 --- a/requirements/requirements-dev.txt +++ b/requirements/requirements-dev.txt @@ -12,7 +12,7 @@ certifi==2024.7.4 # via requests charset-normalizer==3.3.2 # via requests -dj-database-url==1.3.0 +dj-database-url==2.2.0 # via -r requirements-dev.in django==4.2.15 # via From 163001c10512fa7fc70969056ed3780126177675 Mon Sep 17 00:00:00 2001 From: Mariano Ruiz Date: Mon, 2 Sep 2024 11:35:14 -0300 Subject: [PATCH 07/13] Bump prod packages --- requirements/requirements-prod.in | 4 ++-- requirements/requirements-prod.txt | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/requirements/requirements-prod.in b/requirements/requirements-prod.in index d1bf821..1e311fc 100644 --- a/requirements/requirements-prod.in +++ b/requirements/requirements-prod.in @@ -1,4 +1,4 @@ # Web server -uWSGI~=2.0.22 +uWSGI~=2.0.26 # PosgreSQL driver -psycopg[binary]~=3.1.8 +psycopg[binary]~=3.2.1 diff --git a/requirements/requirements-prod.txt b/requirements/requirements-prod.txt index 0174f24..504b2f8 100644 --- a/requirements/requirements-prod.txt +++ b/requirements/requirements-prod.txt @@ -4,11 +4,11 @@ # # pip-compile --no-emit-index-url --output-file=requirements-prod.txt requirements-prod.in # -psycopg[binary]==3.1.8 +psycopg[binary]==3.2.1 # via -r requirements-prod.in -psycopg-binary==3.1.8 +psycopg-binary==3.2.1 # via psycopg typing-extensions==4.5.0 # via psycopg -uwsgi==2.0.22 +uwsgi==2.0.26 # via -r requirements-prod.in From 833bf14ff0f590f495a36ab8dad3886daa460ef7 Mon Sep 17 00:00:00 2001 From: Mariano Ruiz Date: Mon, 2 Sep 2024 11:57:11 -0300 Subject: [PATCH 08/13] Bump environs package --- requirements/requirements-dev.in | 2 +- requirements/requirements-dev.txt | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/requirements-dev.in b/requirements/requirements-dev.in index 8faaa11..cba3296 100644 --- a/requirements/requirements-dev.in +++ b/requirements/requirements-dev.in @@ -1,5 +1,5 @@ Django~=4.2 -environs~=9.5.0 +environs~=11.0.0 dj-database-url~=2.2.0 django-admin-list-filter-dropdown~=1.0.3 django-adminfilters~=2.1.0 diff --git a/requirements/requirements-dev.txt b/requirements/requirements-dev.txt index 4c6490d..d311aff 100644 --- a/requirements/requirements-dev.txt +++ b/requirements/requirements-dev.txt @@ -34,7 +34,7 @@ django-health-check==3.18.3 # via -r requirements-dev.in djangorestframework==3.15.2 # via -r requirements-dev.in -environs==9.5.0 +environs==11.0.0 # via -r requirements-dev.in google-auth==2.34.0 # via @@ -51,7 +51,7 @@ idna==3.8 # via requests loguru==0.7.2 # via django-google-sso -marshmallow==3.14.1 +marshmallow==3.22.0 # via environs oauthlib==3.2.2 # via requests-oauthlib From 4c214e2cbe9a78fa79eb2023636a375145dcd7f6 Mon Sep 17 00:00:00 2001 From: Mariano Ruiz Date: Mon, 2 Sep 2024 11:58:50 -0300 Subject: [PATCH 09/13] Bump django-adminfilters package --- requirements/requirements-dev.in | 2 +- requirements/requirements-dev.txt | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/requirements/requirements-dev.in b/requirements/requirements-dev.in index cba3296..1519c2a 100644 --- a/requirements/requirements-dev.in +++ b/requirements/requirements-dev.in @@ -2,7 +2,7 @@ Django~=4.2 environs~=11.0.0 dj-database-url~=2.2.0 django-admin-list-filter-dropdown~=1.0.3 -django-adminfilters~=2.1.0 +django-adminfilters~=2.4.3 djangorestframework~=3.15.2 django-extensions~=3.2.3 django-google-sso~=6.5.0 diff --git a/requirements/requirements-dev.txt b/requirements/requirements-dev.txt index d311aff..7e750fb 100644 --- a/requirements/requirements-dev.txt +++ b/requirements/requirements-dev.txt @@ -24,7 +24,7 @@ django==4.2.15 # djangorestframework django-admin-list-filter-dropdown==1.0.3 # via -r requirements-dev.in -django-adminfilters==2.1.0 +django-adminfilters==2.4.3 # via -r requirements-dev.in django-extensions==3.2.3 # via -r requirements-dev.in @@ -55,6 +55,8 @@ marshmallow==3.22.0 # via environs oauthlib==3.2.2 # via requests-oauthlib +packaging==24.1 + # via marshmallow pyasn1==0.6.0 # via # pyasn1-modules From 4bd2385715de492d3302086aec0476b85fe9c4a3 Mon Sep 17 00:00:00 2001 From: Mariano Ruiz Date: Mon, 2 Sep 2024 12:03:03 -0300 Subject: [PATCH 10/13] Fix package version --- requirements/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements/requirements-test.txt b/requirements/requirements-test.txt index 8716275..dcd57d5 100644 --- a/requirements/requirements-test.txt +++ b/requirements/requirements-test.txt @@ -8,7 +8,7 @@ coverage[toml]==6.3.1 # via pytest-cov iniconfig==1.1.1 # via pytest -packaging==21.3 +packaging==24.1 # via pytest pluggy==1.0.0 # via pytest From 6176adb1968900367e538cd9fe381c817f5e8e65 Mon Sep 17 00:00:00 2001 From: Mariano Ruiz Date: Mon, 2 Sep 2024 12:26:37 -0300 Subject: [PATCH 11/13] Expire session cookie after 8 hours --- coleman/settings.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/coleman/settings.py b/coleman/settings.py index bdf6c5b..ff4d2f9 100644 --- a/coleman/settings.py +++ b/coleman/settings.py @@ -176,6 +176,8 @@ ] } +SESSION_COOKIE_AGE = 8 * 60 * 60 + # Google SSO (django-google-sso) GOOGLE_SSO_ENABLED = env.bool('GOOGLE_SSO_ENABLED', False) From 1786ca142a04be04c9186cf5619e4734c492928e Mon Sep 17 00:00:00 2001 From: Mariano Ruiz Date: Mon, 2 Sep 2024 16:07:36 -0300 Subject: [PATCH 12/13] README fixes --- README.rst | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/README.rst b/README.rst index d4378e1..6a0ae01 100644 --- a/README.rst +++ b/README.rst @@ -45,7 +45,7 @@ Requirements Docker, or: -* Python 3.8+ (tested with Python 3.8 and 3.11). +* Python 3.10+ (tested with 3.11). * Django 4.2 LTS and other dependencies declared in the ``requirements.txt`` file (use virtual environments or containers!). * A Django compatible database like PostgreSQL (by default uses @@ -125,8 +125,9 @@ in `Docker Hub `_. Also ``compose.yaml`` and ``.env.example`` files are provided in the `dcoleman-e2e `_ project, you -can run all from there, Django Coleman, the viewer app and Postgres, -and the E2E tests. +can run all from there, Django Coleman, the +`viewer `_ app +and Postgres, and the E2E tests. First, copy the ``.env.example`` file as ``.env`` files from the E2E repo, and edit whatever value you want to:: @@ -200,10 +201,11 @@ set *debug* options to false:: $ DEBUG=False LANGUAGE_CODE=es-ar python3 manage.py runserver Also in development environments an ``.env`` file can be used to setup -the environment variables easily, checkout the `<.env.example>`_ as example. +the environment variables easily, checkout the +`.env.example `_ as example. You can copy the example file and edit the variables you want to change:: - $ cp .env.example .env + $ cp ../dcoleman-e2e/.env.example .env $ vi .env Some available settings: From 45a2d01eaaa718e7b6aa173e0d7b7c87284ab4ca Mon Sep 17 00:00:00 2001 From: Mariano Ruiz Date: Tue, 3 Sep 2024 11:48:23 -0300 Subject: [PATCH 13/13] Fix migration deps --- mtasks/migrations/0003_auth_groups.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mtasks/migrations/0003_auth_groups.py b/mtasks/migrations/0003_auth_groups.py index 3a50644..6f2a323 100644 --- a/mtasks/migrations/0003_auth_groups.py +++ b/mtasks/migrations/0003_auth_groups.py @@ -64,6 +64,8 @@ class Migration(migrations.Migration): """ dependencies = [ + ('contenttypes', '__latest__'), + ('auth', '__latest__'), ('mtasks', '0002_alter_task_options'), ]