From f9419aa66460ae3b7cdf113c5b5e15f78b643f48 Mon Sep 17 00:00:00 2001 From: Domenico Date: Thu, 7 Apr 2022 17:48:29 -0500 Subject: [PATCH] security --- django_api/Pipfile | 1 + django_api/Pipfile.lock | 270 ++++++++++++---------- django_api/etools_prp/apps/core/mixins.py | 84 +------ django_api/etools_prp/apps/core/views.py | 9 - django_api/etools_prp/config/settings.py | 19 +- django_api/etools_prp/config/urls.py | 5 +- 6 files changed, 162 insertions(+), 226 deletions(-) diff --git a/django_api/Pipfile b/django_api/Pipfile index 7050ef42fd..b826a0cb0e 100644 --- a/django_api/Pipfile +++ b/django_api/Pipfile @@ -54,6 +54,7 @@ social-auth-app-django = "<=5.0" social-auth-core = "<=5.0" unicef-notification = "<=1.1" unicef-locations = "<=4.0" +unicef-security = "==1.0" uWSGI = "<=2.0.19.1" weasyprint = "<=53.0" diff --git a/django_api/Pipfile.lock b/django_api/Pipfile.lock index 9e7fd0c542..267ae14cb3 100644 --- a/django_api/Pipfile.lock +++ b/django_api/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "c87c68216102318202334a7e9a5d442cbee7643bb5ae4ecbeb8fe99073a3a181" + "sha256": "9943293614d54e2083d3a0b74f38975f0cb87013eb7e7cff42963ebdc23a21a3" }, "pipfile-spec": 6, "requires": { @@ -128,10 +128,10 @@ }, "bleach": { "hashes": [ - "sha256:0900d8b37eba61a802ee40ac0061f8c2b5dee29c1927dd1d233e075ebf5a71da", - "sha256:4d2651ab93271d1129ac9cbc679f524565cc8a1b791909c4a51eac4446a15994" + "sha256:08a1fe86d253b5c88c92cc3d810fd8048a16d15762e1e5b74d502256e5926aa1", + "sha256:c6d6cc054bdc9c83b48b8083e236e5f00f238428666d2ce2e083eaa5fd568565" ], - "version": "==4.1.0" + "version": "==5.0.0" }, "boto3": { "hashes": [ @@ -224,10 +224,10 @@ }, "celery": { "hashes": [ - "sha256:8aacd02fc23a02760686d63dde1eb0daa9f594e735e73ea8fb15c2ff15cb608c", - "sha256:e2cd41667ad97d4f6a2f4672d1c6a6ebada194c619253058b5f23704aaadaa82" + "sha256:d1398cadf30f576266b34370e28e880306ec55f7a4b6307549b0ae9c15663481", + "sha256:da31f8eae7607b1582e5ee2d3f2d6f58450585afd23379491e3d9229d08102d0" ], - "version": "==5.2.3" + "version": "==5.2.6" }, "certifi": { "hashes": [ @@ -308,10 +308,10 @@ }, "click": { "hashes": [ - "sha256:6a7a62563bbfabfda3a38f3023a1db4a35978c0abd76f6c9605ecd6554d6d9b1", - "sha256:8458d7b1287c5fb128c90e23381cf99dcde74beaf6c7ff6384ce84d6fe090adb" + "sha256:24e1a4a9ec5bf6299411369b208c1df2188d9eb8d916302fe6bf03faed227f1e", + "sha256:479707fe14d9ec9a0757618b7a100a0ae4c4e236fac5b7f80ca68028141a1a72" ], - "version": "==8.0.4" + "version": "==8.1.2" }, "click-didyoumean": { "hashes": [ @@ -390,6 +390,12 @@ "index": "pypi", "version": "==3.2.6" }, + "django-admin-extra-buttons": { + "hashes": [ + "sha256:4f43d660af47396f1ecec7262cd903d8414b6b612aaeed6c10dfdb50b1f20c49" + ], + "version": "==1.3.0" + }, "django-admin-extra-urls": { "hashes": [ "sha256:fc68efd40569f2301cb329a0c445dd3517b0aa9c03c1ab7d9fc8a006d22de9b8" @@ -406,9 +412,9 @@ }, "django-autocomplete-light": { "hashes": [ - "sha256:50bc562fe13c206cf53304d7f6a8b929729016ab1dae64d6176d4ccd6caff6ab" + "sha256:0f6da75c1c7186698b867a467a8cdb359f0513fdd8e09288a0c2fb018ae3d94e" ], - "version": "==3.9.1" + "version": "==3.9.4" }, "django-celery-beat": { "hashes": [ @@ -440,6 +446,13 @@ ], "version": "==0.9.2" }, + "django-constance": { + "hashes": [ + "sha256:0a492454acc78799ce7b9f7a28a00c53427d513f34f8bf6fdc90a46d8864b2af", + "sha256:60fec73e397d5f4f7440f611b18d3e7ce5342647f316fedc47b62e1411c849e7" + ], + "version": "==2.8.0" + }, "django-cors-headers": { "hashes": [ "sha256:425c20ceffa42b9ac11b02611eece4ae6c5fef2ff0f039c14c1df20e00c80df8", @@ -448,6 +461,13 @@ "index": "pypi", "version": "==3.8.0" }, + "django-countries": { + "hashes": [ + "sha256:0df6d34193667c2343da8935cbfb8a2bd4fb0c97baf01ac10db4628ba1557a82", + "sha256:27fc8a0f66a87c9d839493f3926b4e0f4dd873ef66465aa8cd3e953f99758cc9" + ], + "version": "==7.3.2" + }, "django-cron": { "hashes": [ "sha256:08d22708c8b2ecab8cda989019a66c7e1e2424c59d822796fd45abf7731d261d" @@ -524,6 +544,13 @@ "index": "pypi", "version": "==0.2" }, + "django-picklefield": { + "hashes": [ + "sha256:15ccba592ca953b9edf9532e64640329cd47b136b7f8f10f2939caa5f9ce4287", + "sha256:3c702a54fde2d322fe5b2f39b8f78d9f655b8f77944ab26f703be6c0ed335a35" + ], + "version": "==3.0.1" + }, "django-post-office": { "hashes": [ "sha256:495c62ab845b381811c3456acf4ddaa5326eb3ffc9813a256224a2de562ca984", @@ -605,10 +632,10 @@ "woff" ], "hashes": [ - "sha256:084dd1762f083a1bf49e41da1bfeafb475c9dce46265690a6bdd33290b9a63f4", - "sha256:6985cc5380c06db07fdc73ade15e6adbd4ce6ff850d7561ca00f97090b4b263d" + "sha256:236b29aee6b113e8f7bee28779c1230a86ad2aac9a74a31b0aedf57e7dfb62a4", + "sha256:2df636a3f402ef14593c6811dac0609563b8c374bd7850e76919eb51ea205426" ], - "version": "==4.30.0" + "version": "==4.31.2" }, "future": { "hashes": [ @@ -696,10 +723,10 @@ }, "jinja2": { "hashes": [ - "sha256:077ce6014f7b40d03b47d1f1ca4b0fc8328a692bd284016f806ed0eaca390ad8", - "sha256:611bb273cd68f3b993fabdc4064fc858c5b47a973cb5aa7999ec1ba405c87cd7" + "sha256:539835f51a74a69f41b848a9645dbdc35b4f20a3b601e2d9a7e22947b15ff119", + "sha256:640bed4bb501cbd17194b3cace1dc2126f5b619cf068a726b98192a0fde74ae9" ], - "version": "==3.0.3" + "version": "==3.1.1" }, "jmespath": { "hashes": [ @@ -724,48 +751,48 @@ }, "markupsafe": { "hashes": [ - "sha256:023af8c54fe63530545f70dd2a2a7eed18d07a9a77b94e8bf1e2ff7f252db9a3", - "sha256:09c86c9643cceb1d87ca08cdc30160d1b7ab49a8a21564868921959bd16441b8", - "sha256:142119fb14a1ef6d758912b25c4e803c3ff66920635c44078666fe7cc3f8f759", - "sha256:1d1fb9b2eec3c9714dd936860850300b51dbaa37404209c8d4cb66547884b7ed", - "sha256:204730fd5fe2fe3b1e9ccadb2bd18ba8712b111dcabce185af0b3b5285a7c989", - "sha256:24c3be29abb6b34052fd26fc7a8e0a49b1ee9d282e3665e8ad09a0a68faee5b3", - "sha256:290b02bab3c9e216da57c1d11d2ba73a9f73a614bbdcc027d299a60cdfabb11a", - "sha256:3028252424c72b2602a323f70fbf50aa80a5d3aa616ea6add4ba21ae9cc9da4c", - "sha256:30c653fde75a6e5eb814d2a0a89378f83d1d3f502ab710904ee585c38888816c", - "sha256:3cace1837bc84e63b3fd2dfce37f08f8c18aeb81ef5cf6bb9b51f625cb4e6cd8", - "sha256:4056f752015dfa9828dce3140dbadd543b555afb3252507348c493def166d454", - "sha256:454ffc1cbb75227d15667c09f164a0099159da0c1f3d2636aa648f12675491ad", - "sha256:598b65d74615c021423bd45c2bc5e9b59539c875a9bdb7e5f2a6b92dfcfc268d", - "sha256:599941da468f2cf22bf90a84f6e2a65524e87be2fce844f96f2dd9a6c9d1e635", - "sha256:5ddea4c352a488b5e1069069f2f501006b1a4362cb906bee9a193ef1245a7a61", - "sha256:62c0285e91414f5c8f621a17b69fc0088394ccdaa961ef469e833dbff64bd5ea", - "sha256:679cbb78914ab212c49c67ba2c7396dc599a8479de51b9a87b174700abd9ea49", - "sha256:6e104c0c2b4cd765b4e83909cde7ec61a1e313f8a75775897db321450e928cce", - "sha256:736895a020e31b428b3382a7887bfea96102c529530299f426bf2e636aacec9e", - "sha256:75bb36f134883fdbe13d8e63b8675f5f12b80bb6627f7714c7d6c5becf22719f", - "sha256:7d2f5d97fcbd004c03df8d8fe2b973fe2b14e7bfeb2cfa012eaa8759ce9a762f", - "sha256:80beaf63ddfbc64a0452b841d8036ca0611e049650e20afcb882f5d3c266d65f", - "sha256:84ad5e29bf8bab3ad70fd707d3c05524862bddc54dc040982b0dbcff36481de7", - "sha256:8da5924cb1f9064589767b0f3fc39d03e3d0fb5aa29e0cb21d43106519bd624a", - "sha256:961eb86e5be7d0973789f30ebcf6caab60b844203f4396ece27310295a6082c7", - "sha256:96de1932237abe0a13ba68b63e94113678c379dca45afa040a17b6e1ad7ed076", - "sha256:a0a0abef2ca47b33fb615b491ce31b055ef2430de52c5b3fb19a4042dbc5cadb", - "sha256:b2a5a856019d2833c56a3dcac1b80fe795c95f401818ea963594b345929dffa7", - "sha256:b8811d48078d1cf2a6863dafb896e68406c5f513048451cd2ded0473133473c7", - "sha256:c532d5ab79be0199fa2658e24a02fce8542df196e60665dd322409a03db6a52c", - "sha256:d3b64c65328cb4cd252c94f83e66e3d7acf8891e60ebf588d7b493a55a1dbf26", - "sha256:d4e702eea4a2903441f2735799d217f4ac1b55f7d8ad96ab7d4e25417cb0827c", - "sha256:d5653619b3eb5cbd35bfba3c12d575db2a74d15e0e1c08bf1db788069d410ce8", - "sha256:d66624f04de4af8bbf1c7f21cc06649c1c69a7f84109179add573ce35e46d448", - "sha256:e67ec74fada3841b8c5f4c4f197bea916025cb9aa3fe5abf7d52b655d042f956", - "sha256:e6f7f3f41faffaea6596da86ecc2389672fa949bd035251eab26dc6697451d05", - "sha256:f02cf7221d5cd915d7fa58ab64f7ee6dd0f6cddbb48683debf5d04ae9b1c2cc1", - "sha256:f0eddfcabd6936558ec020130f932d479930581171368fd728efcfb6ef0dd357", - "sha256:fabbe18087c3d33c5824cb145ffca52eccd053061df1d79d4b66dafa5ad2a5ea", - "sha256:fc3150f85e2dbcf99e65238c842d1cfe69d3e7649b19864c1cc043213d9cd730" - ], - "version": "==2.1.0" + "sha256:0212a68688482dc52b2d45013df70d169f542b7394fc744c02a57374a4207003", + "sha256:089cf3dbf0cd6c100f02945abeb18484bd1ee57a079aefd52cffd17fba910b88", + "sha256:10c1bfff05d95783da83491be968e8fe789263689c02724e0c691933c52994f5", + "sha256:33b74d289bd2f5e527beadcaa3f401e0df0a89927c1559c8566c066fa4248ab7", + "sha256:3799351e2336dc91ea70b034983ee71cf2f9533cdff7c14c90ea126bfd95d65a", + "sha256:3ce11ee3f23f79dbd06fb3d63e2f6af7b12db1d46932fe7bd8afa259a5996603", + "sha256:421be9fbf0ffe9ffd7a378aafebbf6f4602d564d34be190fc19a193232fd12b1", + "sha256:43093fb83d8343aac0b1baa75516da6092f58f41200907ef92448ecab8825135", + "sha256:46d00d6cfecdde84d40e572d63735ef81423ad31184100411e6e3388d405e247", + "sha256:4a33dea2b688b3190ee12bd7cfa29d39c9ed176bda40bfa11099a3ce5d3a7ac6", + "sha256:4b9fe39a2ccc108a4accc2676e77da025ce383c108593d65cc909add5c3bd601", + "sha256:56442863ed2b06d19c37f94d999035e15ee982988920e12a5b4ba29b62ad1f77", + "sha256:671cd1187ed5e62818414afe79ed29da836dde67166a9fac6d435873c44fdd02", + "sha256:694deca8d702d5db21ec83983ce0bb4b26a578e71fbdbd4fdcd387daa90e4d5e", + "sha256:6a074d34ee7a5ce3effbc526b7083ec9731bb3cbf921bbe1d3005d4d2bdb3a63", + "sha256:6d0072fea50feec76a4c418096652f2c3238eaa014b2f94aeb1d56a66b41403f", + "sha256:6fbf47b5d3728c6aea2abb0589b5d30459e369baa772e0f37a0320185e87c980", + "sha256:7f91197cc9e48f989d12e4e6fbc46495c446636dfc81b9ccf50bb0ec74b91d4b", + "sha256:86b1f75c4e7c2ac2ccdaec2b9022845dbb81880ca318bb7a0a01fbf7813e3812", + "sha256:8dc1c72a69aa7e082593c4a203dcf94ddb74bb5c8a731e4e1eb68d031e8498ff", + "sha256:8e3dcf21f367459434c18e71b2a9532d96547aef8a871872a5bd69a715c15f96", + "sha256:8e576a51ad59e4bfaac456023a78f6b5e6e7651dcd383bcc3e18d06f9b55d6d1", + "sha256:96e37a3dc86e80bf81758c152fe66dbf60ed5eca3d26305edf01892257049925", + "sha256:97a68e6ada378df82bc9f16b800ab77cbf4b2fada0081794318520138c088e4a", + "sha256:99a2a507ed3ac881b975a2976d59f38c19386d128e7a9a18b7df6fff1fd4c1d6", + "sha256:a49907dd8420c5685cfa064a1335b6754b74541bbb3706c259c02ed65b644b3e", + "sha256:b09bf97215625a311f669476f44b8b318b075847b49316d3e28c08e41a7a573f", + "sha256:b7bd98b796e2b6553da7225aeb61f447f80a1ca64f41d83612e6139ca5213aa4", + "sha256:b87db4360013327109564f0e591bd2a3b318547bcef31b468a92ee504d07ae4f", + "sha256:bcb3ed405ed3222f9904899563d6fc492ff75cce56cba05e32eff40e6acbeaa3", + "sha256:d4306c36ca495956b6d568d276ac11fdd9c30a36f1b6eb928070dc5360b22e1c", + "sha256:d5ee4f386140395a2c818d149221149c54849dfcfcb9f1debfe07a8b8bd63f9a", + "sha256:dda30ba7e87fbbb7eab1ec9f58678558fd9a6b8b853530e176eabd064da81417", + "sha256:e04e26803c9c3851c931eac40c695602c6295b8d432cbe78609649ad9bd2da8a", + "sha256:e1c0b87e09fa55a220f058d1d49d3fb8df88fbfab58558f1198e08c1e1de842a", + "sha256:e72591e9ecd94d7feb70c1cbd7be7b3ebea3f548870aa91e2732960fa4d57a37", + "sha256:e8c843bbcda3a2f1e3c2ab25913c80a3c5376cd00c6e8c4a86a89a28c8dc5452", + "sha256:efc1913fd2ca4f334418481c7e595c00aad186563bbc1ec76067848c7ca0a933", + "sha256:f121a1420d4e173a5d96e47e9a0c0dcff965afdf1626d28de1460815f7c4ee7a", + "sha256:fc7b548b17d238737688817ab67deebb30e8073c95749d55538ed473130ec0c7" + ], + "version": "==2.1.1" }, "multidict": { "hashes": [ @@ -871,59 +898,55 @@ "index": "pypi", "version": "==3.0.7" }, - "packaging": { - "hashes": [ - "sha256:dd47c42927d89ab911e606518907cc2d3a1f38bbd026385970643f9c5b8ecfeb", - "sha256:ef103e05f519cdc783ae24ea4e2e0f508a9c99b2d4969652eed6a2e1ea5bd522" - ], - "version": "==21.3" - }, "pillow": { "hashes": [ - "sha256:011233e0c42a4a7836498e98c1acf5e744c96a67dd5032a6f666cc1fb97eab97", - "sha256:0f29d831e2151e0b7b39981756d201f7108d3d215896212ffe2e992d06bfe049", - "sha256:12875d118f21cf35604176872447cdb57b07126750a33748bac15e77f90f1f9c", - "sha256:14d4b1341ac07ae07eb2cc682f459bec932a380c3b122f5540432d8977e64eae", - "sha256:1c3c33ac69cf059bbb9d1a71eeaba76781b450bc307e2291f8a4764d779a6b28", - "sha256:1d19397351f73a88904ad1aee421e800fe4bbcd1aeee6435fb62d0a05ccd1030", - "sha256:253e8a302a96df6927310a9d44e6103055e8fb96a6822f8b7f514bb7ef77de56", - "sha256:2632d0f846b7c7600edf53c48f8f9f1e13e62f66a6dbc15191029d950bfed976", - "sha256:335ace1a22325395c4ea88e00ba3dc89ca029bd66bd5a3c382d53e44f0ccd77e", - "sha256:413ce0bbf9fc6278b2d63309dfeefe452835e1c78398efb431bab0672fe9274e", - "sha256:5100b45a4638e3c00e4d2320d3193bdabb2d75e79793af7c3eb139e4f569f16f", - "sha256:514ceac913076feefbeaf89771fd6febde78b0c4c1b23aaeab082c41c694e81b", - "sha256:528a2a692c65dd5cafc130de286030af251d2ee0483a5bf50c9348aefe834e8a", - "sha256:6295f6763749b89c994fcb6d8a7f7ce03c3992e695f89f00b741b4580b199b7e", - "sha256:6c8bc8238a7dfdaf7a75f5ec5a663f4173f8c367e5a39f87e720495e1eed75fa", - "sha256:718856856ba31f14f13ba885ff13874be7fefc53984d2832458f12c38205f7f7", - "sha256:7f7609a718b177bf171ac93cea9fd2ddc0e03e84d8fa4e887bdfc39671d46b00", - "sha256:80ca33961ced9c63358056bd08403ff866512038883e74f3a4bf88ad3eb66838", - "sha256:80fe64a6deb6fcfdf7b8386f2cf216d329be6f2781f7d90304351811fb591360", - "sha256:81c4b81611e3a3cb30e59b0cf05b888c675f97e3adb2c8672c3154047980726b", - "sha256:855c583f268edde09474b081e3ddcd5cf3b20c12f26e0d434e1386cc5d318e7a", - "sha256:9bfdb82cdfeccec50aad441afc332faf8606dfa5e8efd18a6692b5d6e79f00fd", - "sha256:a5d24e1d674dd9d72c66ad3ea9131322819ff86250b30dc5821cbafcfa0b96b4", - "sha256:a9f44cd7e162ac6191491d7249cceb02b8116b0f7e847ee33f739d7cb1ea1f70", - "sha256:b5b3f092fe345c03bca1e0b687dfbb39364b21ebb8ba90e3fa707374b7915204", - "sha256:b9618823bd237c0d2575283f2939655f54d51b4527ec3972907a927acbcc5bfc", - "sha256:cef9c85ccbe9bee00909758936ea841ef12035296c748aaceee535969e27d31b", - "sha256:d21237d0cd37acded35154e29aec853e945950321dd2ffd1a7d86fe686814669", - "sha256:d3c5c79ab7dfce6d88f1ba639b77e77a17ea33a01b07b99840d6ed08031cb2a7", - "sha256:d9d7942b624b04b895cb95af03a23407f17646815495ce4547f0e60e0b06f58e", - "sha256:db6d9fac65bd08cea7f3540b899977c6dee9edad959fa4eaf305940d9cbd861c", - "sha256:ede5af4a2702444a832a800b8eb7f0a7a1c0eed55b644642e049c98d589e5092", - "sha256:effb7749713d5317478bb3acb3f81d9d7c7f86726d41c1facca068a04cf5bb4c", - "sha256:f154d173286a5d1863637a7dcd8c3437bb557520b01bddb0be0258dcb72696b5", - "sha256:f25ed6e28ddf50de7e7ea99d7a976d6a9c415f03adcaac9c41ff6ff41b6d86ac" - ], - "version": "==9.0.1" + "sha256:01ce45deec9df310cbbee11104bae1a2a43308dd9c317f99235b6d3080ddd66e", + "sha256:0c51cb9edac8a5abd069fd0758ac0a8bfe52c261ee0e330f363548aca6893595", + "sha256:17869489de2fce6c36690a0c721bd3db176194af5f39249c1ac56d0bb0fcc512", + "sha256:21dee8466b42912335151d24c1665fcf44dc2ee47e021d233a40c3ca5adae59c", + "sha256:25023a6209a4d7c42154073144608c9a71d3512b648a2f5d4465182cb93d3477", + "sha256:255c9d69754a4c90b0ee484967fc8818c7ff8311c6dddcc43a4340e10cd1636a", + "sha256:35be4a9f65441d9982240e6966c1eaa1c654c4e5e931eaf580130409e31804d4", + "sha256:3f42364485bfdab19c1373b5cd62f7c5ab7cc052e19644862ec8f15bb8af289e", + "sha256:3fddcdb619ba04491e8f771636583a7cc5a5051cd193ff1aa1ee8616d2a692c5", + "sha256:463acf531f5d0925ca55904fa668bb3461c3ef6bc779e1d6d8a488092bdee378", + "sha256:4fe29a070de394e449fd88ebe1624d1e2d7ddeed4c12e0b31624561b58948d9a", + "sha256:55dd1cf09a1fd7c7b78425967aacae9b0d70125f7d3ab973fadc7b5abc3de652", + "sha256:5a3ecc026ea0e14d0ad7cd990ea7f48bfcb3eb4271034657dc9d06933c6629a7", + "sha256:5cfca31ab4c13552a0f354c87fbd7f162a4fafd25e6b521bba93a57fe6a3700a", + "sha256:66822d01e82506a19407d1afc104c3fcea3b81d5eb11485e593ad6b8492f995a", + "sha256:69e5ddc609230d4408277af135c5b5c8fe7a54b2bdb8ad7c5100b86b3aab04c6", + "sha256:6b6d4050b208c8ff886fd3db6690bf04f9a48749d78b41b7a5bf24c236ab0165", + "sha256:7a053bd4d65a3294b153bdd7724dce864a1d548416a5ef61f6d03bf149205160", + "sha256:82283af99c1c3a5ba1da44c67296d5aad19f11c535b551a5ae55328a317ce331", + "sha256:8782189c796eff29dbb37dd87afa4ad4d40fc90b2742704f94812851b725964b", + "sha256:8d79c6f468215d1a8415aa53d9868a6b40c4682165b8cb62a221b1baa47db458", + "sha256:97bda660702a856c2c9e12ec26fc6d187631ddfd896ff685814ab21ef0597033", + "sha256:a325ac71914c5c043fa50441b36606e64a10cd262de12f7a179620f579752ff8", + "sha256:a336a4f74baf67e26f3acc4d61c913e378e931817cd1e2ef4dfb79d3e051b481", + "sha256:a598d8830f6ef5501002ae85c7dbfcd9c27cc4efc02a1989369303ba85573e58", + "sha256:a5eaf3b42df2bcda61c53a742ee2c6e63f777d0e085bbc6b2ab7ed57deb13db7", + "sha256:aea7ce61328e15943d7b9eaca87e81f7c62ff90f669116f857262e9da4057ba3", + "sha256:af79d3fde1fc2e33561166d62e3b63f0cc3e47b5a3a2e5fea40d4917754734ea", + "sha256:c24f718f9dd73bb2b31a6201e6db5ea4a61fdd1d1c200f43ee585fc6dcd21b34", + "sha256:c5b0ff59785d93b3437c3703e3c64c178aabada51dea2a7f2c5eccf1bcf565a3", + "sha256:c7110ec1701b0bf8df569a7592a196c9d07c764a0a74f65471ea56816f10e2c8", + "sha256:c870193cce4b76713a2b29be5d8327c8ccbe0d4a49bc22968aa1e680930f5581", + "sha256:c9efef876c21788366ea1f50ecb39d5d6f65febe25ad1d4c0b8dff98843ac244", + "sha256:de344bcf6e2463bb25179d74d6e7989e375f906bcec8cb86edb8b12acbc7dfef", + "sha256:eb1b89b11256b5b6cad5e7593f9061ac4624f7651f7a8eb4dfa37caa1dfaa4d0", + "sha256:ed742214068efa95e9844c2d9129e209ed63f61baa4d54dbf4cf8b5e2d30ccf2", + "sha256:f401ed2bbb155e1ade150ccc63db1a4f6c1909d3d378f7d1235a44e90d75fb97", + "sha256:fb89397013cf302f282f0fc998bb7abf11d49dcff72c8ecb320f76ea6e2c5717" + ], + "version": "==9.1.0" }, "prompt-toolkit": { "hashes": [ - "sha256:30129d870dcb0b3b6a53efdc9d0a83ea96162ffd28ffe077e94215b233dc670c", - "sha256:9f1cd16b1e86c2968f2519d7fb31dd9d669916f515612c269d14e9ed52b51650" + "sha256:62291dad495e665fca0bda814e342c69952086afb0f4094d0893d357e5c78752", + "sha256:bd640f60e8cecd74f0dc249713d433ace2ddc62b65ee07f96d358e0b152b6ea7" ], - "version": "==3.0.28" + "version": "==3.0.29" }, "psycopg2-binary": { "hashes": [ @@ -995,13 +1018,6 @@ ], "version": "==2.3.0" }, - "pyparsing": { - "hashes": [ - "sha256:18ee9022775d270c55187733956460083db60b37d0d0fb357445f3094eed3eea", - "sha256:a6c06a88f252e6c322f65faf8f418b16213b51bdfaece0524c1c1bc30c63c484" - ], - "version": "==3.0.7" - }, "pyphen": { "hashes": [ "sha256:459020cd320eb200c0c5ba46b98b2278fd34c5546f520fdcd2ce5f8d733eb994", @@ -1055,10 +1071,10 @@ }, "pytz": { "hashes": [ - "sha256:3672058bc3453457b622aab7a1c3bfd5ab0bdae451512f6cf25f64ed37f5b87c", - "sha256:acad2d8b20a1af07d4e4c9d2e9285c5ed9104354062f275f3fcd88dcef4f1326" + "sha256:1e760e2fe6a8163bc0b3d9a19c4f84342afa0a2affebfaa84b01b978a02ecaa7", + "sha256:e68985985296d9a66a881eb3193b0906246245294a881e7c8afe623866ac6a5c" ], - "version": "==2021.3" + "version": "==2022.1" }, "redis": { "hashes": [ @@ -1230,6 +1246,14 @@ "index": "pypi", "version": "==1.1" }, + "unicef-security": { + "hashes": [ + "sha256:239c923d90b0317eb54956c1405d1a2134fa3915d7aba5fd0156acca6a6d28cb", + "sha256:fbc27b982f8fe6d0897ed10874d042bebc1d59ed8071dcf47d3a84ee63218844" + ], + "index": "pypi", + "version": "==1.0" + }, "uritemplate": { "hashes": [ "sha256:4346edfc5c3b79f694bccd6d6099a322bbeb628dbf2cd86eea55a456ce5124f0", @@ -1239,10 +1263,10 @@ }, "urllib3": { "hashes": [ - "sha256:000ca7f471a233c2251c6c7023ee85305721bfdf18621ebff4fd17a8653427ed", - "sha256:0e7c33d9a63e7ddfcb86780aac87befc2fbddf46c58dbb487e0855f7ceec283c" + "sha256:44ece4d53fb1706f667c9bd1c648f5469a2ec925fcf3a776667042d645472c14", + "sha256:aabaf16477806a5e1dd19aa41f8c2b7950dd3c746362d7e3223dbe6de6ac448e" ], - "version": "==1.26.8" + "version": "==1.26.9" }, "uwsgi": { "hashes": [ @@ -1453,10 +1477,10 @@ }, "faker": { "hashes": [ - "sha256:66db859b6abe376d02e805ad81eb8dcfce38f0945f17ee7cdf74ed349985ea52", - "sha256:fe969607836ce7100e38b88dcb598aacb733d895e6e9401894dd603e35623000" + "sha256:188961065fb5c78ea639f42176f55100f72c90c3a3179ac6c955c4bd712b0511", + "sha256:7758ece2593ce603db117db3d27393c31f4af03f783e176f3f0e14839a4f3426" ], - "version": "==13.3.2" + "version": "==13.3.4" }, "flake8": { "hashes": [ diff --git a/django_api/etools_prp/apps/core/mixins.py b/django_api/etools_prp/apps/core/mixins.py index 4e5c6da2bb..363874c273 100644 --- a/django_api/etools_prp/apps/core/mixins.py +++ b/django_api/etools_prp/apps/core/mixins.py @@ -1,41 +1,16 @@ from datetime import datetime, timedelta from urllib.parse import quote -from django.conf import settings from django.contrib.auth import get_user_model from django.http import HttpResponseRedirect from django.utils.deconstruct import deconstructible -from social_core.backends.azuread_b2c import AzureADB2COAuth2 -from social_core.pipeline import social_auth, user as social_core_user -from social_django.middleware import SocialAuthExceptionMiddleware from storages.backends.azure_storage import AzureStorage from storages.utils import setting -def social_details(backend, details, response, *args, **kwargs): - r = social_auth.social_details(backend, details, response, *args, **kwargs) - - user = kwargs.get('user', None) - if user: - # here we are preventing messing up between current us and social user - return HttpResponseRedirect(f"/unauthorized/?eu={user.email}&msgc=alreadyauthenticated") - - r['details']['idp'] = response.get('idp') - - if not r['details'].get('email'): - if not response.get('email'): - r['details']['email'] = response["signInNames.emailAddress"] - else: - r['details']['email'] = response.get('email') - - email = r['details'].get('email') - if isinstance(email, str): - r['details']['email'] = email.lower().strip() - return r - - def get_username(strategy, details, backend, user=None, *args, **kwargs): + """allow to login only existing/already created users """ username = details.get('email') try: @@ -48,63 +23,6 @@ def get_username(strategy, details, backend, user=None, *args, **kwargs): return {'username': details.get('email')} -def user_details(strategy, details, backend, user=None, *args, **kwargs): - # # This is where we update the user - # # see what the property to map by is here - # updates_available = False - - if user: - # user_groups = [group.name for group in user.groups.all()] - # business_area_code = details.get("business_area_code", 'defaultBA1235') - - # Update username with email and unusable password - user.username = user.email - user.first_name = details['first_name'] - user.last_name = details['last_name'] - user.set_unusable_password() - user.save() - - return social_core_user.user_details(strategy, details, backend, user, *args, **kwargs) - - -class CustomAzureADBBCOAuth2(AzureADB2COAuth2): - BASE_URL = 'https://{tenant_id}.b2clogin.com/{tenant_id}.onmicrosoft.com' - - def __init__(self, *args, **kwargs): - super().__init__(*args, **kwargs) - self.redirect_uri = settings.FRONTEND_HOST + '/social/complete/azuread-b2c-oauth2/' - - -class CustomSocialAuthExceptionMiddleware(SocialAuthExceptionMiddleware): - - def get_redirect_uri(self, request, exception): - error = request.GET.get('error', None) - - # This is what we should expect: - # ['AADB2C90118: The user has forgotten their password.\r\n - # Correlation ID: 7e8c3cf9-2fa7-47c7-8924-a1ea91137ba9\r\n - # Timestamp: 2018-11-13 11:37:56Z\r\n'] - error_description = request.GET.get('error_description', None) - if error == "access_denied" and error_description is not None: - if 'AADB2C90118' in error_description: - auth_class = CustomAzureADBBCOAuth2() - redirect_home = auth_class.get_redirect_uri() - redirect_url = auth_class.base_url + '/oauth2/v2.0/' + \ - 'authorize?p=' + settings.SOCIAL_PASSWORD_RESET_POLICY + \ - '&client_id=' + settings.KEY + \ - '&nonce=defaultNonce&redirect_uri=' + redirect_home + \ - '&scope=openid+email&response_type=code' - return redirect_url - - # TODO: In case of password reset the state can't be verified figure out a way to log the user in after reset - if error is None: - return "/landing" - - strategy = getattr(request, 'social_strategy', None) - redirect_url = strategy.setting('LOGIN_ERROR_URL') + "?msgc=loginerror" - return redirect_url - - @deconstructible class EToolsAzureStorage(AzureStorage): account_name = setting("AZURE_ACCOUNT_NAME") diff --git a/django_api/etools_prp/apps/core/views.py b/django_api/etools_prp/apps/core/views.py index 7149d92ad6..9526af84c1 100644 --- a/django_api/etools_prp/apps/core/views.py +++ b/django_api/etools_prp/apps/core/views.py @@ -1,6 +1,5 @@ import importlib -from django.conf import settings from django.contrib.auth.mixins import LoginRequiredMixin from django.db.models import Q from django.http import HttpResponseRedirect @@ -274,11 +273,3 @@ def get_context_data(self, **kwargs): context = super().get_context_data(**kwargs) context['unicef_user'] = self.request.user.is_authenticated and self.request.user.email.endswith('@unicef.org') return context - - -# TODO import from unicef-security -class SocialLogoutView(RedirectView): - - def get_redirect_url(self, *args, **kwargs): - return f'https://{settings.TENANT_B2C_URL}/{settings.TENANT_ID}.onmicrosoft.com/{settings.POLICY}/oauth2/' \ - f'v2.0/logout?post_logout_redirect_uri={settings.FRONTEND_HOST}{settings.LOGOUT_URL}' diff --git a/django_api/etools_prp/config/settings.py b/django_api/etools_prp/config/settings.py index 4715fa11b0..89a8cc0fdc 100644 --- a/django_api/etools_prp/config/settings.py +++ b/django_api/etools_prp/config/settings.py @@ -36,10 +36,10 @@ os.path.join(BASE_DIR, 'static'), ] -DOMAIN_NAME = env('DOMAIN_NAME', default='127.0.0.1:8081') # 'www.partnerreportingportal.org' +DOMAIN_NAME = env('DOMAIN_NAME', default='localhost:8081') # 'www.partnerreportingportal.org' WWW_ROOT = 'http://%s/' % DOMAIN_NAME ALLOWED_HOSTS = env('ALLOWED_HOSTS', default='localhost').split(",") - +HOST = DOMAIN_NAME FRONTEND_HOST = env( 'PRP_FRONTEND_HOST', @@ -102,7 +102,7 @@ 'social_django', 'unicef_locations', - + 'unicef_security', 'etools_prp.apps.account', 'etools_prp.apps.cluster', 'etools_prp.apps.core', @@ -122,7 +122,7 @@ 'corsheaders.middleware.CorsMiddleware', 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', - 'etools_prp.apps.core.mixins.CustomSocialAuthExceptionMiddleware', + 'unicef_security.middleware.UNICEFSocialAuthExceptionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', @@ -423,8 +423,9 @@ SOCIAL_PASSWORD_RESET_POLICY = env('AZURE_B2C_PASS_RESET_POLICY', default="B2C_1_PasswordResetPolicy") POLICY = env('AZURE_B2C_POLICY_NAME', default="b2c_1A_UNICEF_PARTNERS_signup_signin") -TENANT_ID = env('AZURE_B2C_TENANT', default='unicefpartners') -TENANT_B2C_URL = f'{TENANT_ID}.b2clogin.com' +TENANT_NAME = env('TENANT_NAME', default='unicefpartners') +TENANT_ID = f'{TENANT_NAME}.onmicrosoft.com' +TENANT_B2C_URL = f'{TENANT_NAME}.b2clogin.com' SCOPE = ['openid', 'email'] @@ -443,7 +444,7 @@ SOCIAL_AUTH_PIPELINE = ( # 'social_core.pipeline.social_auth.social_details', - 'etools_prp.apps.core.mixins.social_details', + 'unicef_security.pipeline.social_details', 'social_core.pipeline.social_auth.social_uid', # allows based on emails being listed in 'WHITELISTED_EMAILS' or 'WHITELISTED_DOMAINS' 'social_core.pipeline.social_auth.auth_allowed', @@ -455,7 +456,7 @@ 'social_core.pipeline.social_auth.associate_user', 'social_core.pipeline.social_auth.load_extra_data', # 'social_core.pipeline.user.user_details', - 'etools_prp.apps.core.mixins.user_details', + 'unicef_security.pipeline.user_details', ) @@ -508,7 +509,7 @@ }) AUTHENTICATION_BACKENDS = ( - 'etools_prp.apps.core.mixins.CustomAzureADBBCOAuth2', + 'unicef_security.backends.UNICEFAzureADB2COAuth2', 'django.contrib.auth.backends.ModelBackend', ) diff --git a/django_api/etools_prp/config/urls.py b/django_api/etools_prp/config/urls.py index 719a6e49a3..f8b3e064c3 100644 --- a/django_api/etools_prp/config/urls.py +++ b/django_api/etools_prp/config/urls.py @@ -21,8 +21,9 @@ from django.urls import include, re_path from rest_framework_swagger.views import get_swagger_view +from unicef_security.views import UNICEFLogoutView -from etools_prp.apps.core.views import HomeView, RedirectAppView, SocialLogoutView, UnauthorizedView +from etools_prp.apps.core.views import HomeView, RedirectAppView, UnauthorizedView schema_view = get_swagger_view(title='eTools PRP API') @@ -41,7 +42,7 @@ re_path(r'^api/id-management/', include('etools_prp.apps.id_management.urls')), # Social auth urls - re_path(r'^social/unicef-logout/', SocialLogoutView.as_view()), + re_path(r'^social/unicef-logout/', UNICEFLogoutView.as_view()), re_path(r'^social/', include('social_django.urls', namespace='social')), re_path(r'^unauthorized/$', UnauthorizedView.as_view(), name="unauthorized"), ]