From 84d1d94eee48bb0ab0b1f3f5a182bd8f2681294a Mon Sep 17 00:00:00 2001 From: Rohan Karan Date: Sat, 1 Oct 2022 03:13:44 +0530 Subject: [PATCH 01/16] implementing jwt token for rest api --- AUTHORS.rst | 1 + requirements.txt | 1 + wger/settings_global.py | 15 ++++++++++++++- wger/urls.py | 20 +++++++++++++++++--- 4 files changed, 33 insertions(+), 4 deletions(-) diff --git a/AUTHORS.rst b/AUTHORS.rst index b088ce148..1e222c1b3 100644 --- a/AUTHORS.rst +++ b/AUTHORS.rst @@ -66,6 +66,7 @@ Developers * Sofiko Alaverdashvili - https://github.com/sophiamartelli * Kade - https://github.com/kp5431/ * Tom Bowyer - https://github.com/ImTheTom +* Rohan Karan - https://github.com/RohanKaran Translators ----------- diff --git a/requirements.txt b/requirements.txt index fd67985e2..4c8aeaa1b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -28,6 +28,7 @@ requests==2.28.1 django-cors-headers==3.13.0 django-filter==22.1 djangorestframework~=3.14 +djangorestframework-simplejwt[crypto]==5.2.0 # Not used anymore, but needed because some modules are imported in DB migration # files diff --git a/wger/settings_global.py b/wger/settings_global.py index 71a33bf42..d65a1e91d 100644 --- a/wger/settings_global.py +++ b/wger/settings_global.py @@ -18,7 +18,7 @@ # Build paths inside the project like this: os.path.join(BASE_DIR, ...) import os import re - +from datetime import timedelta """ This file contains the global settings that don't usually need to be changed. @@ -82,6 +82,7 @@ 'rest_framework', 'rest_framework.authtoken', 'django_filters', + 'rest_framework_simplejwt', # Breadcrumbs 'django_bootstrap_breadcrumbs', @@ -376,6 +377,7 @@ 'DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework.authentication.SessionAuthentication', 'rest_framework.authentication.TokenAuthentication', + 'rest_framework_simplejwt.authentication.JWTAuthentication', ), 'DEFAULT_FILTER_BACKENDS': ( 'django_filters.rest_framework.DjangoFilterBackend', @@ -387,6 +389,17 @@ } } +# +# Django Rest Framework SimpleJWT +# +SIMPLE_JWT = { + 'ACCESS_TOKEN_LIFETIME': timedelta(minutes=5), + 'REFRESH_TOKEN_LIFETIME': timedelta(days=1), + 'ROTATE_REFRESH_TOKENS': False, + 'BLACKLIST_AFTER_ROTATION': False, + 'UPDATE_LAST_LOGIN': False, +} + # # CORS headers: allow all hosts to access the API # diff --git a/wger/urls.py b/wger/urls.py index f060926f6..73379bd78 100644 --- a/wger/urls.py +++ b/wger/urls.py @@ -29,6 +29,7 @@ # Third Party from rest_framework import routers +from rest_framework_simplejwt.views import TokenObtainPairView, TokenRefreshView, TokenVerifyView # wger from wger.core.api import views as core_api_views @@ -42,8 +43,7 @@ from wger.utils.generic_views import TextTemplateView from wger.weight.api import views as weight_api_views - -#admin.autodiscover() +# admin.autodiscover() # # REST API @@ -155,7 +155,7 @@ # The actual URLs # urlpatterns = i18n_patterns( - #url(r'^admin/', admin.site.urls), + # url(r'^admin/', admin.site.urls), path('', include(('wger.core.urls', 'core'), namespace='core')), path('workout/', include(('wger.manager.urls', 'manager'), namespace='manager')), path('exercise/', include(('wger.exercises.urls', 'exercise'), namespace='exercise')), @@ -195,6 +195,20 @@ core_api_views.UserAPIRegistrationViewSet.as_view({'post': 'post'}), name='api_register' ), + path( + 'api/v2/token/', + TokenObtainPairView.as_view(), + name='token_obtain_pair' + ), + path( + 'api/v2/token/refresh/', + TokenRefreshView.as_view(), + name='token_refresh' + ), + path( + 'api/v2/token/verify/', + TokenVerifyView.as_view(), + name='token_verify'), # Others path( From 25f0e6094ff36c410a7ddff10e47a6bd242af650 Mon Sep 17 00:00:00 2001 From: Rohan Karan Date: Sat, 1 Oct 2022 15:25:45 +0530 Subject: [PATCH 02/16] added jwt usage docs and added deprecation message for /login/ endpoint --- wger/core/api/views.py | 28 ++++++++++++++++----- wger/software/templates/api.html | 42 +++++++++++++++++++++++++++++--- 2 files changed, 61 insertions(+), 9 deletions(-) diff --git a/wger/core/api/views.py b/wger/core/api/views.py index 43507ce57..6a38637c9 100644 --- a/wger/core/api/views.py +++ b/wger/core/api/views.py @@ -17,6 +17,8 @@ # Standard Library import logging +import warnings +from warnings import warn # Django from django.contrib.auth.models import User @@ -62,7 +64,6 @@ WgerPermission, ) - logger = logging.getLogger(__name__) @@ -101,7 +102,7 @@ class ApplicationVersionView(viewsets.ViewSet): """ Returns the application's version """ - permission_classes = (AllowAny, ) + permission_classes = (AllowAny,) @staticmethod def get(request): @@ -112,7 +113,7 @@ class RequiredApplicationVersionView(viewsets.ViewSet): """ Returns the minimum required version of flutter app to access this server """ - permission_classes = (AllowAny, ) + permission_classes = (AllowAny,) @staticmethod def get(request): @@ -122,6 +123,7 @@ def get(request): class UserAPILoginView(viewsets.ViewSet): """ API endpoint for api user objects + .. warning:: This endpoint is deprecated """ permission_classes = (AllowAny, ) queryset = User.objects.all() @@ -129,7 +131,15 @@ class UserAPILoginView(viewsets.ViewSet): throttle_scope = 'login' def get(self, request): - return Response({'message': "You must send a 'username' and 'password' via POST"}) + return Response( + data={ + 'message': "You must send a 'username' and 'password' via POST", + 'warning': "This endpoint is deprecated." + }, + headers={ + "Deprecation": "Sat, 01 Oct 2022 23:59:59 GMT", + }, + ) def post(self, request): data = request.data @@ -147,7 +157,13 @@ def post(self, request): ) token = create_token(form.get_user()) - return Response({'token': token.key}, status=status.HTTP_200_OK) + return Response( + data={'token': token.key, 'message': "This endpoint is deprecated."}, + status=status.HTTP_200_OK, + headers={ + "Deprecation": "Sat, 01 Oct 2022 23:59:59 GMT", + } + ) class UserAPIRegistrationViewSet(viewsets.ViewSet): @@ -198,7 +214,7 @@ class DaysOfWeekViewSet(viewsets.ReadOnlyModelViewSet): queryset = DaysOfWeek.objects.all() serializer_class = DaysOfWeekSerializer ordering_fields = '__all__' - filterset_fields = ('day_of_week', ) + filterset_fields = ('day_of_week',) class LicenseViewSet(viewsets.ReadOnlyModelViewSet): diff --git a/wger/software/templates/api.html b/wger/software/templates/api.html index 46a0b40c1..7ab00bcd0 100644 --- a/wger/software/templates/api.html +++ b/wger/software/templates/api.html @@ -16,11 +16,47 @@

Authentication

objects such as workouts, you need to generate an API KEY and pass it in the header, see the link on the sidebar for details.

-

You can also generate a token via the login endpoint. Send a -username and password and you will get the user's token or a new one will be -generated. At the moment it is not possible to register via the API.

+
JWT Authentication
+ +

+You can generate access token via /token/ endpoint. Send a username and password, and you will get the +access token which you can use to access the private endpoints. +

+curl \
+  -X POST \
+  -H "Content-Type: application/json" \
+  -d '{"username": "example_username", "password": "example_password "}' \
+  https://wger.de/api/v2/token/
+
+...
+{
+  "access":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX3BrIjoxLCJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiY29sZF9zdHVmZiI6IuKYgyIsImV4cCI6MTIzNDU2LCJqdGkiOiJmZDJmOWQ1ZTFhN2M0MmU4OTQ5MzVlMzYyYmNhOGJjYSJ9.NHlztMGER7UADHZJlxNG0WSi22a2KaYSfd1S-AuT7lU",
+  "refresh":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX3BrIjoxLCJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImNvbGRfc3R1ZmYiOiLimIMiLCJleHAiOjIzNDU2NywianRpIjoiZGUxMmY0ZTY3MDY4NDI3ODg5ZjE1YWMyNzcwZGEwNTEifQ.aEoAYkSJjoWH1boshQAaTkf8G3yn0kapko6HFRt7Rh4"
+}
+
+ +

Additionally, you can send an access token to /token/verify/ endpoint to verify that token.

+ +

When this short-lived access token expires, you can use the longer-lived refresh +token to obtain another access token. +

+curl \
+  -X POST \
+  -H "Content-Type: application/json" \
+  -d '{"refresh":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX3BrIjoxLCJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImNvbGRfc3R1ZmYiOiLimIMiLCJleHAiOjIzNDU2NywianRpIjoiZGUxMmY0ZTY3MDY4NDI3ODg5ZjE1YWMyNzcwZGEwNTEifQ.aEoAYkSJjoWH1boshQAaTkf8G3yn0kapko6HFRt7Rh4"}' \
+  https://wger.de/api/v2/token/refresh/
+
+...
+{"access":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX3BrIjoxLCJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiY29sZF9zdHVmZiI6IuKYgyIsImV4cCI6MTIzNTY3LCJqdGkiOiJjNzE4ZTVkNjgzZWQ0NTQyYTU0NWJkM2VmMGI0ZGQ0ZSJ9.ekxRxgb9OKmHkfy-zs1Ro_xs1eMLXiR17dIDBVxeT-w"}
+
+

+

You should always use HTTPS if possible when communicating with the server.

+

At the moment it is not possible to register via the API.

+

Deprecated: You can also generate a token via the login endpoint. Send a +username and password, and you will get the user's token or a new one will be +generated.

From 899caa026b2a3088c8f07ff125d75e2aece751f9 Mon Sep 17 00:00:00 2001 From: Rohan Karan Date: Sat, 1 Oct 2022 15:36:38 +0530 Subject: [PATCH 03/16] remove unused imports --- wger/core/api/views.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/wger/core/api/views.py b/wger/core/api/views.py index 6a38637c9..591b97aa5 100644 --- a/wger/core/api/views.py +++ b/wger/core/api/views.py @@ -17,12 +17,9 @@ # Standard Library import logging -import warnings -from warnings import warn # Django from django.contrib.auth.models import User - # Third Party from rest_framework import ( status, From b06368b099e600132c4c81d9820ed84c8bb1444e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 11 Oct 2022 23:01:09 +0000 Subject: [PATCH 04/16] Update django-email-verification requirement from ~=0.1.0 to ~=0.3.1 Updates the requirements on [django-email-verification](https://github.com/LeoneBacciu/django-email-verification) to permit the latest version. - [Release notes](https://github.com/LeoneBacciu/django-email-verification/releases) - [Commits](https://github.com/LeoneBacciu/django-email-verification/commits) --- updated-dependencies: - dependency-name: django-email-verification dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 1e39aaece..462bd5dd7 100644 --- a/requirements.txt +++ b/requirements.txt @@ -11,7 +11,7 @@ Django~=3.2 django-activity-stream~=1.4 django-crispy-forms~=1.14 django-simple-history~=3.1 -django-email-verification~=0.1.0 +django-email-verification~=0.3.1 django_compressor~=4.1 django_extensions~=3.2 django-storages~=1.13 From dcdc9e670dd59881e9efe8e43e01ae971e31b2be Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 11 Oct 2022 23:01:14 +0000 Subject: [PATCH 05/16] Update fontawesomefree requirement from ~=6.1.1 to ~=6.2.0 Updates the requirements on [fontawesomefree](https://github.com/FortAwesome/Font-Awesome) to permit the latest version. - [Release notes](https://github.com/FortAwesome/Font-Awesome/releases) - [Changelog](https://github.com/FortAwesome/Font-Awesome/blob/6.x/CHANGELOG.md) - [Commits](https://github.com/FortAwesome/Font-Awesome/compare/6.1.1...6.2.0) --- updated-dependencies: - dependency-name: fontawesomefree dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 1e39aaece..2665b1523 100644 --- a/requirements.txt +++ b/requirements.txt @@ -17,7 +17,7 @@ django_extensions~=3.2 django-storages~=1.13 django-environ==0.9.0 easy-thumbnails==2.8.3 -fontawesomefree~=6.1.1 +fontawesomefree~=6.2.0 icalendar==4.1.0 invoke==1.7.3 pillow==9.2.0 From 57987dda07bb6aa296bf7d93a71b758527ea1459 Mon Sep 17 00:00:00 2001 From: Roland Geider Date: Tue, 11 Oct 2022 15:35:19 +0200 Subject: [PATCH 06/16] Make get_absolute_url more intelligent if the slug is empty --- wger/exercises/models/exercise.py | 10 +++--- wger/exercises/tests/test_exercise_model.py | 38 +++++++++++++++++++++ 2 files changed, 44 insertions(+), 4 deletions(-) create mode 100644 wger/exercises/tests/test_exercise_model.py diff --git a/wger/exercises/models/exercise.py b/wger/exercises/models/exercise.py index bf80d8631..d822cefc4 100644 --- a/wger/exercises/models/exercise.py +++ b/wger/exercises/models/exercise.py @@ -116,12 +116,14 @@ def get_absolute_url(self): """ Returns the canonical URL to view an exercise """ + slug_name = slugify(self.name) + kwargs = {'pk': self.exercise_base_id} + if slug_name: + kwargs['slug'] = slug_name + return reverse( 'exercise:exercise:view-base', - kwargs={ - 'pk': self.exercise_base_id, - 'slug': slugify(self.name) - } + kwargs=kwargs ) def save(self, *args, **kwargs): diff --git a/wger/exercises/tests/test_exercise_model.py b/wger/exercises/tests/test_exercise_model.py new file mode 100644 index 000000000..947027633 --- /dev/null +++ b/wger/exercises/tests/test_exercise_model.py @@ -0,0 +1,38 @@ +# This file is part of wger Workout Manager. +# +# wger Workout Manager is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# wger Workout Manager is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License + +# wger +from wger.core.tests.base_testcase import WgerTestCase +from wger.exercises.models import Exercise + + +class ExerciseModelTestCase(WgerTestCase): + """ + Test the logic in the exercise model + """ + + def test_absolute_url_name(self): + """Test that the get_absolute_url returns the correct URL""" + exercise = Exercise(exercise_base_id=1, description='abc', name='foo') + self.assertEqual(exercise.get_absolute_url(), '/en/exercise/1/view-base/foo') + + def test_absolute_url_no_name(self): + """Test that the get_absolute_url returns the correct URL""" + exercise = Exercise(exercise_base_id=2, description='abc', name='') + self.assertEqual(exercise.get_absolute_url(), '/en/exercise/2/view-base') + + def test_absolute_url_no_name2(self): + """Test that the get_absolute_url returns the correct URL""" + exercise = Exercise(exercise_base_id=42, description='abc', name='@@@@@') + self.assertEqual(exercise.get_absolute_url(), '/en/exercise/42/view-base') From add09b1ceeed5f27976d756b9330bac2785c91ec Mon Sep 17 00:00:00 2001 From: Github-actions Date: Wed, 12 Oct 2022 07:58:14 +0000 Subject: [PATCH 07/16] Automatic linting --- wger/exercises/models/exercise.py | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/wger/exercises/models/exercise.py b/wger/exercises/models/exercise.py index d822cefc4..0db2ff9f2 100644 --- a/wger/exercises/models/exercise.py +++ b/wger/exercises/models/exercise.py @@ -121,10 +121,7 @@ def get_absolute_url(self): if slug_name: kwargs['slug'] = slug_name - return reverse( - 'exercise:exercise:view-base', - kwargs=kwargs - ) + return reverse('exercise:exercise:view-base', kwargs=kwargs) def save(self, *args, **kwargs): """ From 6cd0d3808f283574bddf2e67bafd3d20cecc36a3 Mon Sep 17 00:00:00 2001 From: Roland Geider Date: Wed, 12 Oct 2022 11:41:33 +0200 Subject: [PATCH 08/16] Use new setting names --- wger/settings_global.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wger/settings_global.py b/wger/settings_global.py index 056ebae47..a901c823c 100644 --- a/wger/settings_global.py +++ b/wger/settings_global.py @@ -462,8 +462,8 @@ def email_verified_callback(user): EMAIL_MAIL_SUBJECT = 'Confirm your email' EMAIL_MAIL_HTML = 'email_verification/email_body_html.tpl' EMAIL_MAIL_PLAIN = 'email_verification/email_body_txt.tpl' -EMAIL_TOKEN_LIFE = 60 * 60 -EMAIL_PAGE_TEMPLATE = 'email_verification/confirm_template.html' +EMAIL_MAIL_TOKEN_LIFE = 60 * 60 +EMAIL_MAIL_PAGE_TEMPLATE = 'email_verification/confirm_template.html' EMAIL_PAGE_DOMAIN = 'http://localhost:8000/' # From 435c2e04d944329a52748eca81133b4bd9265fc6 Mon Sep 17 00:00:00 2001 From: Roland Geider Date: Wed, 12 Oct 2022 20:02:11 +0200 Subject: [PATCH 09/16] Update version used to tag the docker images --- .github/workflows/docker.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index bf605c010..22da6300d 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -31,7 +31,7 @@ jobs: push: true file: extras/docker/demo/Dockerfile platforms: linux/amd64,linux/arm64 - tags: wger/demo:latest,wger/demo:2.1-dev,wger/apache:latest,wger/apache:2.1-dev + tags: wger/demo:latest,wger/demo:2.2-dev,wger/apache:latest,wger/apache:2.2-dev - name: Build dev image uses: docker/build-push-action@v3.1.1 @@ -40,4 +40,4 @@ jobs: push: true file: extras/docker/development/Dockerfile platforms: linux/amd64,linux/arm64 - tags: wger/server:latest,wger/server:2.1-dev,wger/devel:latest,wger/devel:2.1-dev + tags: wger/server:latest,wger/server:2.2-dev,wger/devel:latest,wger/devel:2.2-dev From c0060c3a575a5d3c77188ade7fd792c63d781f21 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 12 Oct 2022 23:02:00 +0000 Subject: [PATCH 10/16] Bump docker/build-push-action from 3.1.1 to 3.2.0 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 3.1.1 to 3.2.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v3.1.1...v3.2.0) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/docker-base.yml | 2 +- .github/workflows/docker.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/docker-base.yml b/.github/workflows/docker-base.yml index 38f67b4a1..716af864b 100644 --- a/.github/workflows/docker-base.yml +++ b/.github/workflows/docker-base.yml @@ -29,7 +29,7 @@ jobs: password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Build base image - uses: docker/build-push-action@v3.1.1 + uses: docker/build-push-action@v3.2.0 with: context: . push: true diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 22da6300d..c9878095f 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -25,7 +25,7 @@ jobs: password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Build apache image - uses: docker/build-push-action@v3.1.1 + uses: docker/build-push-action@v3.2.0 with: context: . push: true @@ -34,7 +34,7 @@ jobs: tags: wger/demo:latest,wger/demo:2.2-dev,wger/apache:latest,wger/apache:2.2-dev - name: Build dev image - uses: docker/build-push-action@v3.1.1 + uses: docker/build-push-action@v3.2.0 with: context: . push: true From aac3536309a73e9c82ed2182e6462ea98c132ee8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 12 Oct 2022 23:02:04 +0000 Subject: [PATCH 11/16] Bump docker/setup-buildx-action from 2.0.0 to 2.1.0 Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.0.0 to 2.1.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v2.0.0...v2.1.0) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/docker-base.yml | 2 +- .github/workflows/docker.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-base.yml b/.github/workflows/docker-base.yml index 38f67b4a1..e7a5cb0dc 100644 --- a/.github/workflows/docker-base.yml +++ b/.github/workflows/docker-base.yml @@ -20,7 +20,7 @@ jobs: uses: docker/setup-qemu-action@v2.0.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2.0.0 + uses: docker/setup-buildx-action@v2.1.0 - name: Login to DockerHub uses: docker/login-action@v2.0.0 diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 22da6300d..482ba3538 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -16,7 +16,7 @@ jobs: uses: docker/setup-qemu-action@v2.0.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2.0.0 + uses: docker/setup-buildx-action@v2.1.0 - name: Login to DockerHub uses: docker/login-action@v2.0.0 From 09422215a6bd6e98f42be84a0b9e75fa6ff589b4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Oct 2022 07:03:48 +0000 Subject: [PATCH 12/16] Bump docker/setup-qemu-action from 2.0.0 to 2.1.0 Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 2.0.0 to 2.1.0. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/v2.0.0...v2.1.0) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/docker-base.yml | 2 +- .github/workflows/docker.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-base.yml b/.github/workflows/docker-base.yml index e7a5cb0dc..09ab17b66 100644 --- a/.github/workflows/docker-base.yml +++ b/.github/workflows/docker-base.yml @@ -17,7 +17,7 @@ jobs: uses: actions/checkout@v3 - name: Set up QEMU - uses: docker/setup-qemu-action@v2.0.0 + uses: docker/setup-qemu-action@v2.1.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2.1.0 diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 482ba3538..0b5ae6577 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -13,7 +13,7 @@ jobs: uses: actions/checkout@v3 - name: Set up QEMU - uses: docker/setup-qemu-action@v2.0.0 + uses: docker/setup-qemu-action@v2.1.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2.1.0 From 4a60a9315238c2eb75a9924cf09ea177d6d5ddfd Mon Sep 17 00:00:00 2001 From: Roland Geider Date: Thu, 13 Oct 2022 11:43:45 +0200 Subject: [PATCH 13/16] Allow configuring the JWT settings in docker --- extras/docker/development/settings.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/extras/docker/development/settings.py b/extras/docker/development/settings.py index 8c707b7c0..311fb3e02 100644 --- a/extras/docker/development/settings.py +++ b/extras/docker/development/settings.py @@ -44,7 +44,7 @@ TIME_ZONE = env.str("TIME_ZONE", 'Europe/Berlin') # Make this unique, and don't share it with anybody. -SECRET_KEY = env.str("SECRET_KEY", 'wger-django-secret-key') +SECRET_KEY = env.str("SECRET_KEY", 'wger-docker-supersecret-key-1234567890!@#$%^&*(-_)') # Your reCaptcha keys @@ -115,3 +115,10 @@ # The site's domain as used by the email verification workflow EMAIL_PAGE_DOMAIN = 'http://localhost/' + +# +# Django Rest Framework SimpleJWT +# +SIMPLE_JWT['ACCESS_TOKEN_LIFETIME'] = timedelta(minutes=env.int("ACCESS_TOKEN_LIFETIME", 15)) +SIMPLE_JWT['REFRESH_TOKEN_LIFETIME'] = timedelta(hours=env.int("REFRESH_TOKEN_LIFETIME", 24)) +SIMPLE_JWT['SIGNING_KEY'] = env.str("SIGNING_KEY", SECRET_KEY) From 8832395fbfbaaf8f2e980549b73548de0d6c702a Mon Sep 17 00:00:00 2001 From: Github-actions Date: Thu, 13 Oct 2022 13:59:16 +0000 Subject: [PATCH 14/16] Automatic linting --- wger/core/api/views.py | 12 ++++++++---- wger/settings_global.py | 1 + wger/urls.py | 24 +++++++++--------------- 3 files changed, 18 insertions(+), 19 deletions(-) diff --git a/wger/core/api/views.py b/wger/core/api/views.py index e2e696722..c947a1990 100644 --- a/wger/core/api/views.py +++ b/wger/core/api/views.py @@ -65,6 +65,7 @@ from wger.utils.api_token import create_token from wger.utils.permissions import WgerPermission + logger = logging.getLogger(__name__) @@ -154,7 +155,7 @@ class ApplicationVersionView(viewsets.ViewSet): """ Returns the application's version """ - permission_classes = (AllowAny,) + permission_classes = (AllowAny, ) @staticmethod def get(request): @@ -187,7 +188,7 @@ class RequiredApplicationVersionView(viewsets.ViewSet): """ Returns the minimum required version of flutter app to access this server """ - permission_classes = (AllowAny,) + permission_classes = (AllowAny, ) @staticmethod def get(request): @@ -232,7 +233,10 @@ def post(self, request): token = create_token(form.get_user()) return Response( - data={'token': token.key, 'message': "This endpoint is deprecated."}, + data={ + 'token': token.key, + 'message': "This endpoint is deprecated." + }, status=status.HTTP_200_OK, headers={ "Deprecation": "Sat, 01 Oct 2022 23:59:59 GMT", @@ -295,7 +299,7 @@ class DaysOfWeekViewSet(viewsets.ReadOnlyModelViewSet): queryset = DaysOfWeek.objects.all() serializer_class = DaysOfWeekSerializer ordering_fields = '__all__' - filterset_fields = ('day_of_week',) + filterset_fields = ('day_of_week', ) class LicenseViewSet(viewsets.ReadOnlyModelViewSet): diff --git a/wger/settings_global.py b/wger/settings_global.py index b58f74563..b1a61a241 100644 --- a/wger/settings_global.py +++ b/wger/settings_global.py @@ -20,6 +20,7 @@ import re from datetime import timedelta + """ This file contains the global settings that don't usually need to be changed. For a full list of options, visit: diff --git a/wger/urls.py b/wger/urls.py index 2ce477be2..f5a391c60 100644 --- a/wger/urls.py +++ b/wger/urls.py @@ -30,7 +30,11 @@ # Third Party from django_email_verification import urls as email_urls from rest_framework import routers -from rest_framework_simplejwt.views import TokenObtainPairView, TokenRefreshView, TokenVerifyView +from rest_framework_simplejwt.views import ( + TokenObtainPairView, + TokenRefreshView, + TokenVerifyView, +) # wger from wger.core.api import views as core_api_views @@ -44,6 +48,7 @@ from wger.utils.generic_views import TextTemplateView from wger.weight.api import views as weight_api_views + # admin.autodiscover() # @@ -244,20 +249,9 @@ core_api_views.UserAPIRegistrationViewSet.as_view({'post': 'post'}), name='api_register' ), - path( - 'api/v2/token/', - TokenObtainPairView.as_view(), - name='token_obtain_pair' - ), - path( - 'api/v2/token/refresh/', - TokenRefreshView.as_view(), - name='token_refresh' - ), - path( - 'api/v2/token/verify/', - TokenVerifyView.as_view(), - name='token_verify'), + path('api/v2/token/', TokenObtainPairView.as_view(), name='token_obtain_pair'), + path('api/v2/token/refresh/', TokenRefreshView.as_view(), name='token_refresh'), + path('api/v2/token/verify/', TokenVerifyView.as_view(), name='token_verify'), # Others path( From ccf1bc0dff9598bd22d03b6fa7c401601ee74d5f Mon Sep 17 00:00:00 2001 From: Roland Geider Date: Thu, 13 Oct 2022 16:19:36 +0200 Subject: [PATCH 15/16] Build docker images in parallel --- .github/workflows/docker.yml | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 445ca58fc..82ff90afe 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -6,7 +6,8 @@ on: - master jobs: - path-context: + apache: + name: Build apache image runs-on: ubuntu-latest steps: - name: Checkout @@ -24,7 +25,7 @@ jobs: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Build apache image + - name: Build image uses: docker/build-push-action@v3.2.0 with: context: . @@ -33,7 +34,26 @@ jobs: platforms: linux/amd64,linux/arm64 tags: wger/demo:latest,wger/demo:2.2-dev,wger/apache:latest,wger/apache:2.2-dev - - name: Build dev image + prod: + name: Build production image + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v2.1.0 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2.1.0 + + - name: Login to DockerHub + uses: docker/login-action@v2.0.0 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Build image uses: docker/build-push-action@v3.2.0 with: context: . From f38a27c6f4b5928a5e2e67fc2d57688903a8243a Mon Sep 17 00:00:00 2001 From: Roland Geider Date: Thu, 13 Oct 2022 16:19:54 +0200 Subject: [PATCH 16/16] Bump dependency --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index efc8cf2a9..c3eefb86a 100644 --- a/requirements.txt +++ b/requirements.txt @@ -32,7 +32,7 @@ requests==2.28.1 django-cors-headers==3.13.0 django-filter==22.1 djangorestframework~=3.14 -djangorestframework-simplejwt[crypto]==5.2.0 +djangorestframework-simplejwt[crypto]==5.2.1 # Not used anymore, but needed because some modules are imported in DB migration # files