From 84d1d94eee48bb0ab0b1f3f5a182bd8f2681294a Mon Sep 17 00:00:00 2001
From: Rohan Karan
Date: Sat, 1 Oct 2022 03:13:44 +0530
Subject: [PATCH 01/16] implementing jwt token for rest api
---
AUTHORS.rst | 1 +
requirements.txt | 1 +
wger/settings_global.py | 15 ++++++++++++++-
wger/urls.py | 20 +++++++++++++++++---
4 files changed, 33 insertions(+), 4 deletions(-)
diff --git a/AUTHORS.rst b/AUTHORS.rst
index b088ce148..1e222c1b3 100644
--- a/AUTHORS.rst
+++ b/AUTHORS.rst
@@ -66,6 +66,7 @@ Developers
* Sofiko Alaverdashvili - https://github.com/sophiamartelli
* Kade - https://github.com/kp5431/
* Tom Bowyer - https://github.com/ImTheTom
+* Rohan Karan - https://github.com/RohanKaran
Translators
-----------
diff --git a/requirements.txt b/requirements.txt
index fd67985e2..4c8aeaa1b 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -28,6 +28,7 @@ requests==2.28.1
django-cors-headers==3.13.0
django-filter==22.1
djangorestframework~=3.14
+djangorestframework-simplejwt[crypto]==5.2.0
# Not used anymore, but needed because some modules are imported in DB migration
# files
diff --git a/wger/settings_global.py b/wger/settings_global.py
index 71a33bf42..d65a1e91d 100644
--- a/wger/settings_global.py
+++ b/wger/settings_global.py
@@ -18,7 +18,7 @@
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
import os
import re
-
+from datetime import timedelta
"""
This file contains the global settings that don't usually need to be changed.
@@ -82,6 +82,7 @@
'rest_framework',
'rest_framework.authtoken',
'django_filters',
+ 'rest_framework_simplejwt',
# Breadcrumbs
'django_bootstrap_breadcrumbs',
@@ -376,6 +377,7 @@
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.TokenAuthentication',
+ 'rest_framework_simplejwt.authentication.JWTAuthentication',
),
'DEFAULT_FILTER_BACKENDS': (
'django_filters.rest_framework.DjangoFilterBackend',
@@ -387,6 +389,17 @@
}
}
+#
+# Django Rest Framework SimpleJWT
+#
+SIMPLE_JWT = {
+ 'ACCESS_TOKEN_LIFETIME': timedelta(minutes=5),
+ 'REFRESH_TOKEN_LIFETIME': timedelta(days=1),
+ 'ROTATE_REFRESH_TOKENS': False,
+ 'BLACKLIST_AFTER_ROTATION': False,
+ 'UPDATE_LAST_LOGIN': False,
+}
+
#
# CORS headers: allow all hosts to access the API
#
diff --git a/wger/urls.py b/wger/urls.py
index f060926f6..73379bd78 100644
--- a/wger/urls.py
+++ b/wger/urls.py
@@ -29,6 +29,7 @@
# Third Party
from rest_framework import routers
+from rest_framework_simplejwt.views import TokenObtainPairView, TokenRefreshView, TokenVerifyView
# wger
from wger.core.api import views as core_api_views
@@ -42,8 +43,7 @@
from wger.utils.generic_views import TextTemplateView
from wger.weight.api import views as weight_api_views
-
-#admin.autodiscover()
+# admin.autodiscover()
#
# REST API
@@ -155,7 +155,7 @@
# The actual URLs
#
urlpatterns = i18n_patterns(
- #url(r'^admin/', admin.site.urls),
+ # url(r'^admin/', admin.site.urls),
path('', include(('wger.core.urls', 'core'), namespace='core')),
path('workout/', include(('wger.manager.urls', 'manager'), namespace='manager')),
path('exercise/', include(('wger.exercises.urls', 'exercise'), namespace='exercise')),
@@ -195,6 +195,20 @@
core_api_views.UserAPIRegistrationViewSet.as_view({'post': 'post'}),
name='api_register'
),
+ path(
+ 'api/v2/token/',
+ TokenObtainPairView.as_view(),
+ name='token_obtain_pair'
+ ),
+ path(
+ 'api/v2/token/refresh/',
+ TokenRefreshView.as_view(),
+ name='token_refresh'
+ ),
+ path(
+ 'api/v2/token/verify/',
+ TokenVerifyView.as_view(),
+ name='token_verify'),
# Others
path(
From 25f0e6094ff36c410a7ddff10e47a6bd242af650 Mon Sep 17 00:00:00 2001
From: Rohan Karan
Date: Sat, 1 Oct 2022 15:25:45 +0530
Subject: [PATCH 02/16] added jwt usage docs and added deprecation message for
/login/ endpoint
---
wger/core/api/views.py | 28 ++++++++++++++++-----
wger/software/templates/api.html | 42 +++++++++++++++++++++++++++++---
2 files changed, 61 insertions(+), 9 deletions(-)
diff --git a/wger/core/api/views.py b/wger/core/api/views.py
index 43507ce57..6a38637c9 100644
--- a/wger/core/api/views.py
+++ b/wger/core/api/views.py
@@ -17,6 +17,8 @@
# Standard Library
import logging
+import warnings
+from warnings import warn
# Django
from django.contrib.auth.models import User
@@ -62,7 +64,6 @@
WgerPermission,
)
-
logger = logging.getLogger(__name__)
@@ -101,7 +102,7 @@ class ApplicationVersionView(viewsets.ViewSet):
"""
Returns the application's version
"""
- permission_classes = (AllowAny, )
+ permission_classes = (AllowAny,)
@staticmethod
def get(request):
@@ -112,7 +113,7 @@ class RequiredApplicationVersionView(viewsets.ViewSet):
"""
Returns the minimum required version of flutter app to access this server
"""
- permission_classes = (AllowAny, )
+ permission_classes = (AllowAny,)
@staticmethod
def get(request):
@@ -122,6 +123,7 @@ def get(request):
class UserAPILoginView(viewsets.ViewSet):
"""
API endpoint for api user objects
+ .. warning:: This endpoint is deprecated
"""
permission_classes = (AllowAny, )
queryset = User.objects.all()
@@ -129,7 +131,15 @@ class UserAPILoginView(viewsets.ViewSet):
throttle_scope = 'login'
def get(self, request):
- return Response({'message': "You must send a 'username' and 'password' via POST"})
+ return Response(
+ data={
+ 'message': "You must send a 'username' and 'password' via POST",
+ 'warning': "This endpoint is deprecated."
+ },
+ headers={
+ "Deprecation": "Sat, 01 Oct 2022 23:59:59 GMT",
+ },
+ )
def post(self, request):
data = request.data
@@ -147,7 +157,13 @@ def post(self, request):
)
token = create_token(form.get_user())
- return Response({'token': token.key}, status=status.HTTP_200_OK)
+ return Response(
+ data={'token': token.key, 'message': "This endpoint is deprecated."},
+ status=status.HTTP_200_OK,
+ headers={
+ "Deprecation": "Sat, 01 Oct 2022 23:59:59 GMT",
+ }
+ )
class UserAPIRegistrationViewSet(viewsets.ViewSet):
@@ -198,7 +214,7 @@ class DaysOfWeekViewSet(viewsets.ReadOnlyModelViewSet):
queryset = DaysOfWeek.objects.all()
serializer_class = DaysOfWeekSerializer
ordering_fields = '__all__'
- filterset_fields = ('day_of_week', )
+ filterset_fields = ('day_of_week',)
class LicenseViewSet(viewsets.ReadOnlyModelViewSet):
diff --git a/wger/software/templates/api.html b/wger/software/templates/api.html
index 46a0b40c1..7ab00bcd0 100644
--- a/wger/software/templates/api.html
+++ b/wger/software/templates/api.html
@@ -16,11 +16,47 @@ Authentication
objects such as workouts, you need to generate an API KEY and pass
it in the header, see the link on the sidebar for details.
-You can also generate a token via the login
endpoint. Send a
-username and password and you will get the user's token or a new one will be
-generated. At the moment it is not possible to register via the API.
+JWT Authentication
+
+
+You can generate access token via /token/
endpoint. Send a username and password, and you will get the
+access
token which you can use to access the private endpoints.
+
+curl \
+ -X POST \
+ -H "Content-Type: application/json" \
+ -d '{"username": "example_username", "password": "example_password "}' \
+ https://wger.de/api/v2/token/
+
+...
+{
+ "access":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX3BrIjoxLCJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiY29sZF9zdHVmZiI6IuKYgyIsImV4cCI6MTIzNDU2LCJqdGkiOiJmZDJmOWQ1ZTFhN2M0MmU4OTQ5MzVlMzYyYmNhOGJjYSJ9.NHlztMGER7UADHZJlxNG0WSi22a2KaYSfd1S-AuT7lU",
+ "refresh":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX3BrIjoxLCJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImNvbGRfc3R1ZmYiOiLimIMiLCJleHAiOjIzNDU2NywianRpIjoiZGUxMmY0ZTY3MDY4NDI3ODg5ZjE1YWMyNzcwZGEwNTEifQ.aEoAYkSJjoWH1boshQAaTkf8G3yn0kapko6HFRt7Rh4"
+}
+
+
+Additionally, you can send an access token to /token/verify/
endpoint to verify that token.
+
+When this short-lived access token expires, you can use the longer-lived refresh
+token to obtain another access token.
+
+curl \
+ -X POST \
+ -H "Content-Type: application/json" \
+ -d '{"refresh":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX3BrIjoxLCJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImNvbGRfc3R1ZmYiOiLimIMiLCJleHAiOjIzNDU2NywianRpIjoiZGUxMmY0ZTY3MDY4NDI3ODg5ZjE1YWMyNzcwZGEwNTEifQ.aEoAYkSJjoWH1boshQAaTkf8G3yn0kapko6HFRt7Rh4"}' \
+ https://wger.de/api/v2/token/refresh/
+
+...
+{"access":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX3BrIjoxLCJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiY29sZF9zdHVmZiI6IuKYgyIsImV4cCI6MTIzNTY3LCJqdGkiOiJjNzE4ZTVkNjgzZWQ0NTQyYTU0NWJkM2VmMGI0ZGQ0ZSJ9.ekxRxgb9OKmHkfy-zs1Ro_xs1eMLXiR17dIDBVxeT-w"}
+
+
+
You should always use HTTPS if possible when communicating with the server.
+At the moment it is not possible to register via the API.
+Deprecated: You can also generate a token via the login
endpoint. Send a
+username and password, and you will get the user's token or a new one will be
+generated.
From 899caa026b2a3088c8f07ff125d75e2aece751f9 Mon Sep 17 00:00:00 2001
From: Rohan Karan
Date: Sat, 1 Oct 2022 15:36:38 +0530
Subject: [PATCH 03/16] remove unused imports
---
wger/core/api/views.py | 3 ---
1 file changed, 3 deletions(-)
diff --git a/wger/core/api/views.py b/wger/core/api/views.py
index 6a38637c9..591b97aa5 100644
--- a/wger/core/api/views.py
+++ b/wger/core/api/views.py
@@ -17,12 +17,9 @@
# Standard Library
import logging
-import warnings
-from warnings import warn
# Django
from django.contrib.auth.models import User
-
# Third Party
from rest_framework import (
status,
From b06368b099e600132c4c81d9820ed84c8bb1444e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 11 Oct 2022 23:01:09 +0000
Subject: [PATCH 04/16] Update django-email-verification requirement from
~=0.1.0 to ~=0.3.1
Updates the requirements on [django-email-verification](https://github.com/LeoneBacciu/django-email-verification) to permit the latest version.
- [Release notes](https://github.com/LeoneBacciu/django-email-verification/releases)
- [Commits](https://github.com/LeoneBacciu/django-email-verification/commits)
---
updated-dependencies:
- dependency-name: django-email-verification
dependency-type: direct:production
...
Signed-off-by: dependabot[bot]
---
requirements.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/requirements.txt b/requirements.txt
index 1e39aaece..462bd5dd7 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -11,7 +11,7 @@ Django~=3.2
django-activity-stream~=1.4
django-crispy-forms~=1.14
django-simple-history~=3.1
-django-email-verification~=0.1.0
+django-email-verification~=0.3.1
django_compressor~=4.1
django_extensions~=3.2
django-storages~=1.13
From dcdc9e670dd59881e9efe8e43e01ae971e31b2be Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 11 Oct 2022 23:01:14 +0000
Subject: [PATCH 05/16] Update fontawesomefree requirement from ~=6.1.1 to
~=6.2.0
Updates the requirements on [fontawesomefree](https://github.com/FortAwesome/Font-Awesome) to permit the latest version.
- [Release notes](https://github.com/FortAwesome/Font-Awesome/releases)
- [Changelog](https://github.com/FortAwesome/Font-Awesome/blob/6.x/CHANGELOG.md)
- [Commits](https://github.com/FortAwesome/Font-Awesome/compare/6.1.1...6.2.0)
---
updated-dependencies:
- dependency-name: fontawesomefree
dependency-type: direct:production
...
Signed-off-by: dependabot[bot]
---
requirements.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/requirements.txt b/requirements.txt
index 1e39aaece..2665b1523 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -17,7 +17,7 @@ django_extensions~=3.2
django-storages~=1.13
django-environ==0.9.0
easy-thumbnails==2.8.3
-fontawesomefree~=6.1.1
+fontawesomefree~=6.2.0
icalendar==4.1.0
invoke==1.7.3
pillow==9.2.0
From 57987dda07bb6aa296bf7d93a71b758527ea1459 Mon Sep 17 00:00:00 2001
From: Roland Geider
Date: Tue, 11 Oct 2022 15:35:19 +0200
Subject: [PATCH 06/16] Make get_absolute_url more intelligent if the slug is
empty
---
wger/exercises/models/exercise.py | 10 +++---
wger/exercises/tests/test_exercise_model.py | 38 +++++++++++++++++++++
2 files changed, 44 insertions(+), 4 deletions(-)
create mode 100644 wger/exercises/tests/test_exercise_model.py
diff --git a/wger/exercises/models/exercise.py b/wger/exercises/models/exercise.py
index bf80d8631..d822cefc4 100644
--- a/wger/exercises/models/exercise.py
+++ b/wger/exercises/models/exercise.py
@@ -116,12 +116,14 @@ def get_absolute_url(self):
"""
Returns the canonical URL to view an exercise
"""
+ slug_name = slugify(self.name)
+ kwargs = {'pk': self.exercise_base_id}
+ if slug_name:
+ kwargs['slug'] = slug_name
+
return reverse(
'exercise:exercise:view-base',
- kwargs={
- 'pk': self.exercise_base_id,
- 'slug': slugify(self.name)
- }
+ kwargs=kwargs
)
def save(self, *args, **kwargs):
diff --git a/wger/exercises/tests/test_exercise_model.py b/wger/exercises/tests/test_exercise_model.py
new file mode 100644
index 000000000..947027633
--- /dev/null
+++ b/wger/exercises/tests/test_exercise_model.py
@@ -0,0 +1,38 @@
+# This file is part of wger Workout Manager.
+#
+# wger Workout Manager is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# wger Workout Manager is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+
+# wger
+from wger.core.tests.base_testcase import WgerTestCase
+from wger.exercises.models import Exercise
+
+
+class ExerciseModelTestCase(WgerTestCase):
+ """
+ Test the logic in the exercise model
+ """
+
+ def test_absolute_url_name(self):
+ """Test that the get_absolute_url returns the correct URL"""
+ exercise = Exercise(exercise_base_id=1, description='abc', name='foo')
+ self.assertEqual(exercise.get_absolute_url(), '/en/exercise/1/view-base/foo')
+
+ def test_absolute_url_no_name(self):
+ """Test that the get_absolute_url returns the correct URL"""
+ exercise = Exercise(exercise_base_id=2, description='abc', name='')
+ self.assertEqual(exercise.get_absolute_url(), '/en/exercise/2/view-base')
+
+ def test_absolute_url_no_name2(self):
+ """Test that the get_absolute_url returns the correct URL"""
+ exercise = Exercise(exercise_base_id=42, description='abc', name='@@@@@')
+ self.assertEqual(exercise.get_absolute_url(), '/en/exercise/42/view-base')
From add09b1ceeed5f27976d756b9330bac2785c91ec Mon Sep 17 00:00:00 2001
From: Github-actions
Date: Wed, 12 Oct 2022 07:58:14 +0000
Subject: [PATCH 07/16] Automatic linting
---
wger/exercises/models/exercise.py | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/wger/exercises/models/exercise.py b/wger/exercises/models/exercise.py
index d822cefc4..0db2ff9f2 100644
--- a/wger/exercises/models/exercise.py
+++ b/wger/exercises/models/exercise.py
@@ -121,10 +121,7 @@ def get_absolute_url(self):
if slug_name:
kwargs['slug'] = slug_name
- return reverse(
- 'exercise:exercise:view-base',
- kwargs=kwargs
- )
+ return reverse('exercise:exercise:view-base', kwargs=kwargs)
def save(self, *args, **kwargs):
"""
From 6cd0d3808f283574bddf2e67bafd3d20cecc36a3 Mon Sep 17 00:00:00 2001
From: Roland Geider
Date: Wed, 12 Oct 2022 11:41:33 +0200
Subject: [PATCH 08/16] Use new setting names
---
wger/settings_global.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/wger/settings_global.py b/wger/settings_global.py
index 056ebae47..a901c823c 100644
--- a/wger/settings_global.py
+++ b/wger/settings_global.py
@@ -462,8 +462,8 @@ def email_verified_callback(user):
EMAIL_MAIL_SUBJECT = 'Confirm your email'
EMAIL_MAIL_HTML = 'email_verification/email_body_html.tpl'
EMAIL_MAIL_PLAIN = 'email_verification/email_body_txt.tpl'
-EMAIL_TOKEN_LIFE = 60 * 60
-EMAIL_PAGE_TEMPLATE = 'email_verification/confirm_template.html'
+EMAIL_MAIL_TOKEN_LIFE = 60 * 60
+EMAIL_MAIL_PAGE_TEMPLATE = 'email_verification/confirm_template.html'
EMAIL_PAGE_DOMAIN = 'http://localhost:8000/'
#
From 435c2e04d944329a52748eca81133b4bd9265fc6 Mon Sep 17 00:00:00 2001
From: Roland Geider
Date: Wed, 12 Oct 2022 20:02:11 +0200
Subject: [PATCH 09/16] Update version used to tag the docker images
---
.github/workflows/docker.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index bf605c010..22da6300d 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -31,7 +31,7 @@ jobs:
push: true
file: extras/docker/demo/Dockerfile
platforms: linux/amd64,linux/arm64
- tags: wger/demo:latest,wger/demo:2.1-dev,wger/apache:latest,wger/apache:2.1-dev
+ tags: wger/demo:latest,wger/demo:2.2-dev,wger/apache:latest,wger/apache:2.2-dev
- name: Build dev image
uses: docker/build-push-action@v3.1.1
@@ -40,4 +40,4 @@ jobs:
push: true
file: extras/docker/development/Dockerfile
platforms: linux/amd64,linux/arm64
- tags: wger/server:latest,wger/server:2.1-dev,wger/devel:latest,wger/devel:2.1-dev
+ tags: wger/server:latest,wger/server:2.2-dev,wger/devel:latest,wger/devel:2.2-dev
From c0060c3a575a5d3c77188ade7fd792c63d781f21 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 12 Oct 2022 23:02:00 +0000
Subject: [PATCH 10/16] Bump docker/build-push-action from 3.1.1 to 3.2.0
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 3.1.1 to 3.2.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v3.1.1...v3.2.0)
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot]
---
.github/workflows/docker-base.yml | 2 +-
.github/workflows/docker.yml | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/docker-base.yml b/.github/workflows/docker-base.yml
index 38f67b4a1..716af864b 100644
--- a/.github/workflows/docker-base.yml
+++ b/.github/workflows/docker-base.yml
@@ -29,7 +29,7 @@ jobs:
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build base image
- uses: docker/build-push-action@v3.1.1
+ uses: docker/build-push-action@v3.2.0
with:
context: .
push: true
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 22da6300d..c9878095f 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -25,7 +25,7 @@ jobs:
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build apache image
- uses: docker/build-push-action@v3.1.1
+ uses: docker/build-push-action@v3.2.0
with:
context: .
push: true
@@ -34,7 +34,7 @@ jobs:
tags: wger/demo:latest,wger/demo:2.2-dev,wger/apache:latest,wger/apache:2.2-dev
- name: Build dev image
- uses: docker/build-push-action@v3.1.1
+ uses: docker/build-push-action@v3.2.0
with:
context: .
push: true
From aac3536309a73e9c82ed2182e6462ea98c132ee8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 12 Oct 2022 23:02:04 +0000
Subject: [PATCH 11/16] Bump docker/setup-buildx-action from 2.0.0 to 2.1.0
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/v2.0.0...v2.1.0)
---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot]
---
.github/workflows/docker-base.yml | 2 +-
.github/workflows/docker.yml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/docker-base.yml b/.github/workflows/docker-base.yml
index 38f67b4a1..e7a5cb0dc 100644
--- a/.github/workflows/docker-base.yml
+++ b/.github/workflows/docker-base.yml
@@ -20,7 +20,7 @@ jobs:
uses: docker/setup-qemu-action@v2.0.0
- name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v2.0.0
+ uses: docker/setup-buildx-action@v2.1.0
- name: Login to DockerHub
uses: docker/login-action@v2.0.0
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 22da6300d..482ba3538 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -16,7 +16,7 @@ jobs:
uses: docker/setup-qemu-action@v2.0.0
- name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v2.0.0
+ uses: docker/setup-buildx-action@v2.1.0
- name: Login to DockerHub
uses: docker/login-action@v2.0.0
From 09422215a6bd6e98f42be84a0b9e75fa6ff589b4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 13 Oct 2022 07:03:48 +0000
Subject: [PATCH 12/16] Bump docker/setup-qemu-action from 2.0.0 to 2.1.0
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](https://github.com/docker/setup-qemu-action/compare/v2.0.0...v2.1.0)
---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot]
---
.github/workflows/docker-base.yml | 2 +-
.github/workflows/docker.yml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/docker-base.yml b/.github/workflows/docker-base.yml
index e7a5cb0dc..09ab17b66 100644
--- a/.github/workflows/docker-base.yml
+++ b/.github/workflows/docker-base.yml
@@ -17,7 +17,7 @@ jobs:
uses: actions/checkout@v3
- name: Set up QEMU
- uses: docker/setup-qemu-action@v2.0.0
+ uses: docker/setup-qemu-action@v2.1.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2.1.0
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 482ba3538..0b5ae6577 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -13,7 +13,7 @@ jobs:
uses: actions/checkout@v3
- name: Set up QEMU
- uses: docker/setup-qemu-action@v2.0.0
+ uses: docker/setup-qemu-action@v2.1.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2.1.0
From 4a60a9315238c2eb75a9924cf09ea177d6d5ddfd Mon Sep 17 00:00:00 2001
From: Roland Geider
Date: Thu, 13 Oct 2022 11:43:45 +0200
Subject: [PATCH 13/16] Allow configuring the JWT settings in docker
---
extras/docker/development/settings.py | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/extras/docker/development/settings.py b/extras/docker/development/settings.py
index 8c707b7c0..311fb3e02 100644
--- a/extras/docker/development/settings.py
+++ b/extras/docker/development/settings.py
@@ -44,7 +44,7 @@
TIME_ZONE = env.str("TIME_ZONE", 'Europe/Berlin')
# Make this unique, and don't share it with anybody.
-SECRET_KEY = env.str("SECRET_KEY", 'wger-django-secret-key')
+SECRET_KEY = env.str("SECRET_KEY", 'wger-docker-supersecret-key-1234567890!@#$%^&*(-_)')
# Your reCaptcha keys
@@ -115,3 +115,10 @@
# The site's domain as used by the email verification workflow
EMAIL_PAGE_DOMAIN = 'http://localhost/'
+
+#
+# Django Rest Framework SimpleJWT
+#
+SIMPLE_JWT['ACCESS_TOKEN_LIFETIME'] = timedelta(minutes=env.int("ACCESS_TOKEN_LIFETIME", 15))
+SIMPLE_JWT['REFRESH_TOKEN_LIFETIME'] = timedelta(hours=env.int("REFRESH_TOKEN_LIFETIME", 24))
+SIMPLE_JWT['SIGNING_KEY'] = env.str("SIGNING_KEY", SECRET_KEY)
From 8832395fbfbaaf8f2e980549b73548de0d6c702a Mon Sep 17 00:00:00 2001
From: Github-actions
Date: Thu, 13 Oct 2022 13:59:16 +0000
Subject: [PATCH 14/16] Automatic linting
---
wger/core/api/views.py | 12 ++++++++----
wger/settings_global.py | 1 +
wger/urls.py | 24 +++++++++---------------
3 files changed, 18 insertions(+), 19 deletions(-)
diff --git a/wger/core/api/views.py b/wger/core/api/views.py
index e2e696722..c947a1990 100644
--- a/wger/core/api/views.py
+++ b/wger/core/api/views.py
@@ -65,6 +65,7 @@
from wger.utils.api_token import create_token
from wger.utils.permissions import WgerPermission
+
logger = logging.getLogger(__name__)
@@ -154,7 +155,7 @@ class ApplicationVersionView(viewsets.ViewSet):
"""
Returns the application's version
"""
- permission_classes = (AllowAny,)
+ permission_classes = (AllowAny, )
@staticmethod
def get(request):
@@ -187,7 +188,7 @@ class RequiredApplicationVersionView(viewsets.ViewSet):
"""
Returns the minimum required version of flutter app to access this server
"""
- permission_classes = (AllowAny,)
+ permission_classes = (AllowAny, )
@staticmethod
def get(request):
@@ -232,7 +233,10 @@ def post(self, request):
token = create_token(form.get_user())
return Response(
- data={'token': token.key, 'message': "This endpoint is deprecated."},
+ data={
+ 'token': token.key,
+ 'message': "This endpoint is deprecated."
+ },
status=status.HTTP_200_OK,
headers={
"Deprecation": "Sat, 01 Oct 2022 23:59:59 GMT",
@@ -295,7 +299,7 @@ class DaysOfWeekViewSet(viewsets.ReadOnlyModelViewSet):
queryset = DaysOfWeek.objects.all()
serializer_class = DaysOfWeekSerializer
ordering_fields = '__all__'
- filterset_fields = ('day_of_week',)
+ filterset_fields = ('day_of_week', )
class LicenseViewSet(viewsets.ReadOnlyModelViewSet):
diff --git a/wger/settings_global.py b/wger/settings_global.py
index b58f74563..b1a61a241 100644
--- a/wger/settings_global.py
+++ b/wger/settings_global.py
@@ -20,6 +20,7 @@
import re
from datetime import timedelta
+
"""
This file contains the global settings that don't usually need to be changed.
For a full list of options, visit:
diff --git a/wger/urls.py b/wger/urls.py
index 2ce477be2..f5a391c60 100644
--- a/wger/urls.py
+++ b/wger/urls.py
@@ -30,7 +30,11 @@
# Third Party
from django_email_verification import urls as email_urls
from rest_framework import routers
-from rest_framework_simplejwt.views import TokenObtainPairView, TokenRefreshView, TokenVerifyView
+from rest_framework_simplejwt.views import (
+ TokenObtainPairView,
+ TokenRefreshView,
+ TokenVerifyView,
+)
# wger
from wger.core.api import views as core_api_views
@@ -44,6 +48,7 @@
from wger.utils.generic_views import TextTemplateView
from wger.weight.api import views as weight_api_views
+
# admin.autodiscover()
#
@@ -244,20 +249,9 @@
core_api_views.UserAPIRegistrationViewSet.as_view({'post': 'post'}),
name='api_register'
),
- path(
- 'api/v2/token/',
- TokenObtainPairView.as_view(),
- name='token_obtain_pair'
- ),
- path(
- 'api/v2/token/refresh/',
- TokenRefreshView.as_view(),
- name='token_refresh'
- ),
- path(
- 'api/v2/token/verify/',
- TokenVerifyView.as_view(),
- name='token_verify'),
+ path('api/v2/token/', TokenObtainPairView.as_view(), name='token_obtain_pair'),
+ path('api/v2/token/refresh/', TokenRefreshView.as_view(), name='token_refresh'),
+ path('api/v2/token/verify/', TokenVerifyView.as_view(), name='token_verify'),
# Others
path(
From ccf1bc0dff9598bd22d03b6fa7c401601ee74d5f Mon Sep 17 00:00:00 2001
From: Roland Geider
Date: Thu, 13 Oct 2022 16:19:36 +0200
Subject: [PATCH 15/16] Build docker images in parallel
---
.github/workflows/docker.yml | 26 +++++++++++++++++++++++---
1 file changed, 23 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 445ca58fc..82ff90afe 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -6,7 +6,8 @@ on:
- master
jobs:
- path-context:
+ apache:
+ name: Build apache image
runs-on: ubuntu-latest
steps:
- name: Checkout
@@ -24,7 +25,7 @@ jobs:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- - name: Build apache image
+ - name: Build image
uses: docker/build-push-action@v3.2.0
with:
context: .
@@ -33,7 +34,26 @@ jobs:
platforms: linux/amd64,linux/arm64
tags: wger/demo:latest,wger/demo:2.2-dev,wger/apache:latest,wger/apache:2.2-dev
- - name: Build dev image
+ prod:
+ name: Build production image
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v3
+
+ - name: Set up QEMU
+ uses: docker/setup-qemu-action@v2.1.0
+
+ - name: Set up Docker Buildx
+ uses: docker/setup-buildx-action@v2.1.0
+
+ - name: Login to DockerHub
+ uses: docker/login-action@v2.0.0
+ with:
+ username: ${{ secrets.DOCKERHUB_USERNAME }}
+ password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+ - name: Build image
uses: docker/build-push-action@v3.2.0
with:
context: .
From f38a27c6f4b5928a5e2e67fc2d57688903a8243a Mon Sep 17 00:00:00 2001
From: Roland Geider
Date: Thu, 13 Oct 2022 16:19:54 +0200
Subject: [PATCH 16/16] Bump dependency
---
requirements.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/requirements.txt b/requirements.txt
index efc8cf2a9..c3eefb86a 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -32,7 +32,7 @@ requests==2.28.1
django-cors-headers==3.13.0
django-filter==22.1
djangorestframework~=3.14
-djangorestframework-simplejwt[crypto]==5.2.0
+djangorestframework-simplejwt[crypto]==5.2.1
# Not used anymore, but needed because some modules are imported in DB migration
# files