From 5d9580d09385534424ced45c5c0694476fdbc18b Mon Sep 17 00:00:00 2001 From: Pawan Verma Date: Wed, 10 Jan 2024 18:06:47 +0530 Subject: [PATCH 1/4] Add django-environ --- requirements/requirements.in | 3 ++- requirements/requirements.txt | 22 ++++------------------ 2 files changed, 6 insertions(+), 19 deletions(-) diff --git a/requirements/requirements.in b/requirements/requirements.in index 7f5f258..32245b6 100644 --- a/requirements/requirements.in +++ b/requirements/requirements.in @@ -8,4 +8,5 @@ phonenumberslite psycopg2 twilio zxcvbn -fcm-django \ No newline at end of file +fcm-django +django-environ diff --git a/requirements/requirements.txt b/requirements/requirements.txt index dbcdd93..55ca9b4 100644 --- a/requirements/requirements.txt +++ b/requirements/requirements.txt @@ -6,8 +6,6 @@ # asgiref==3.6.0 # via django -build==0.10.0 - # via pip-tools cachecontrol==0.13.1 # via firebase-admin cachetools==5.3.1 @@ -18,8 +16,6 @@ cffi==1.15.1 # via cryptography charset-normalizer==3.1.0 # via requests -click==8.1.3 - # via pip-tools cryptography==41.0.2 # via # jwcrypto @@ -34,6 +30,8 @@ django==4.1.7 # django-phonenumber-field # djangorestframework # fcm-django +django-environ==0.11.2 + # via -r requirements.in django-oauth-toolkit==2.3.0 # via -r requirements.in django-otp==1.1.6 @@ -100,12 +98,8 @@ msgpack==1.0.7 # via cachecontrol oauthlib==3.2.2 # via django-oauth-toolkit -packaging==23.1 - # via build phonenumberslite==8.13.11 # via -r requirements.in -pip-tools==6.13.0 - # via -r requirements.in proto-plus==1.22.3 # via google-cloud-firestore protobuf==4.24.4 @@ -131,8 +125,6 @@ pyjwt[crypto]==2.6.0 # twilio pyparsing==3.1.1 # via httplib2 -pyproject-hooks==1.0.0 - # via build pytz==2022.7.1 # via # djangorestframework @@ -154,17 +146,11 @@ uritemplate==4.1.1 # via google-api-python-client urllib3==1.26.15 # via requests -wheel==0.40.0 - # via pip-tools wrapt==1.15.0 # via deprecated zxcvbn==4.4.28 # via -r requirements.in # The following packages are considered to be unsafe in a requirements file: -pip==23.1.2 - # via pip-tools -setuptools==67.8.0 - # via - # gunicorn - # pip-tools +setuptools==69.0.3 + # via gunicorn From 998e088873979c2c15093f7f755f53df449e8722 Mon Sep 17 00:00:00 2001 From: Pawan Verma Date: Wed, 10 Jan 2024 18:07:38 +0530 Subject: [PATCH 2/4] Remove localsettings --- .gitignore | 4 ++-- connectid/localsettings.example.py | 30 ------------------------------ 2 files changed, 2 insertions(+), 32 deletions(-) delete mode 100644 connectid/localsettings.example.py diff --git a/.gitignore b/.gitignore index c80004b..296f615 100644 --- a/.gitignore +++ b/.gitignore @@ -3,8 +3,8 @@ *~ *.swp *.swo -*localsettings* -!*localsettings.example.py +*.env +!*.env_example *.log* /staticfiles/ /.idea diff --git a/connectid/localsettings.example.py b/connectid/localsettings.example.py deleted file mode 100644 index 98f3eda..0000000 --- a/connectid/localsettings.example.py +++ /dev/null @@ -1,30 +0,0 @@ -# SECURITY WARNING: keep the secret key used in production secret! -SECRET_KEY = 'django-insecure-yofpqrszrdtv0ftihjd09cuim2al9^n9j^b85%-y0v*^_lj18d' - -# SECURITY WARNING: don't run with debug turned on in production! -DEBUG = True - -# Database -# https://docs.djangoproject.com/en/4.1/ref/settings/#databases - -DATABASES = { - 'default': { - 'ENGINE': 'django.db.backends.postgresql', - 'NAME': 'connect', - 'USER': 'connect', - 'PASSWORD': 'connect', - 'HOST': 'localhost', - 'PORT': '5433' - } -} - -ALLOWED_HOSTS = [ - '127.0.0.1', - 'localhost' -] - -TWILIO_ACCOUNT_SID = None -TWILIO_AUTH_TOKEN = None -TWILIO_MESSAGING_SERVICE = None - -FCM_CREDENTIALS = None From 7bc9a59cf907f2f0e31dc81c6512931cee16dcb9 Mon Sep 17 00:00:00 2001 From: Pawan Verma Date: Thu, 8 Feb 2024 11:40:22 +0530 Subject: [PATCH 3/4] Use .env files to load settings, add .env_example --- .env_example | 8 ++++++++ connectid/settings.py | 35 ++++++++++++++++++++++++++++++++--- 2 files changed, 40 insertions(+), 3 deletions(-) create mode 100644 .env_example diff --git a/.env_example b/.env_example new file mode 100644 index 0000000..b3bba69 --- /dev/null +++ b/.env_example @@ -0,0 +1,8 @@ +SECRET_KEY=changeme +DEBUG=true +DATABASE_URL=postgres:///connect +DJANGO_ALLOWED_HOSTS= +TWILIO_ACCOUNT_SID= +TWILIO_AUTH_TOKEN= +TWILIO_MESSAGING_SERVICE= +FCM_CREDENTIALS= diff --git a/connectid/settings.py b/connectid/settings.py index bcca8fa..4322fe8 100644 --- a/connectid/settings.py +++ b/connectid/settings.py @@ -9,13 +9,14 @@ For the full list of settings and their values, see https://docs.djangoproject.com/en/4.1/ref/settings/ """ -import os +import environ from pathlib import Path # Build paths inside the project like this: BASE_DIR / 'subdir'. BASE_DIR = Path(__file__).resolve().parent.parent - +env = environ.Env() +env.read_env(str(BASE_DIR / ".env")) # Quick-start development settings - unsuitable for production # See https://docs.djangoproject.com/en/4.1/howto/deployment/checklist/ @@ -196,10 +197,38 @@ "DELETE_INACTIVE_DEVICES": False, } -from .localsettings import * +# SECURITY WARNING: keep the secret key used in production secret! +SECRET_KEY = env( + "SECRET_KEY", + default="django-insecure-yofpqrszrdtv0ftihjd09cuim2al9^n9j^b85%-y0v*^_lj18d", +) + +# SECURITY WARNING: don't run with debug turned on in production! +DEBUG = env("DEBUG", default=False) + +# Database +# https://docs.djangoproject.com/en/4.1/ref/settings/#databases + +DATABASES = { + "default": env.db( + "DATABASE_URL", + default="postgres:///connect", + ), +} + +ALLOWED_HOSTS = ["127.0.0.1", "localhost"] + env.list( + "DJANGO_ALLOWED_HOSTS", default=[] +) + +TWILIO_ACCOUNT_SID = env("TWILIO_ACCOUNT_SID") +TWILIO_AUTH_TOKEN = env("TWILIO_AUTH_TOKEN") +TWILIO_MESSAGING_SERVICE = env("TWILIO_MESSAGING_SERVICE") + +FCM_CREDENTIALS = env("FCM_CREDENTIALS", default=None) # Firebase if FCM_CREDENTIALS: from firebase_admin import credentials, initialize_app + creds = credentials.Certificate(FCM_CREDENTIALS) default_app = initialize_app(credential=creds) From 14d18c0a7ecb42c364fff716badee844679e1861 Mon Sep 17 00:00:00 2001 From: Pawan Verma Date: Wed, 15 May 2024 20:11:48 +0530 Subject: [PATCH 4/4] Add FCM_CREDENTIALS members and OIDC_RSA_PRIVATE_KEY --- .env_example | 11 ++++++++++- connectid/settings.py | 27 ++++++++++++++++++++++++++- 2 files changed, 36 insertions(+), 2 deletions(-) diff --git a/.env_example b/.env_example index b3bba69..f4f2ff3 100644 --- a/.env_example +++ b/.env_example @@ -2,7 +2,16 @@ SECRET_KEY=changeme DEBUG=true DATABASE_URL=postgres:///connect DJANGO_ALLOWED_HOSTS= +CSRF_TRUSTED_ORIGINS= TWILIO_ACCOUNT_SID= TWILIO_AUTH_TOKEN= TWILIO_MESSAGING_SERVICE= -FCM_CREDENTIALS= + +FCM_PROJECT_ID= +FCM_PRIVATE_KEY_ID= +FCM_CLIENT_EMAIL= +FCM_CLIENT_ID= +FCM_CLIENT_X509_CERT_URL= +FCM_PRIVATE_KEY= + +OIDC_RSA_PRIVATE_KEY= diff --git a/connectid/settings.py b/connectid/settings.py index fe41e3b..4327d33 100644 --- a/connectid/settings.py +++ b/connectid/settings.py @@ -237,11 +237,36 @@ "DJANGO_ALLOWED_HOSTS", default=[] ) +CSRF_TRUSTED_ORIGINS = env.list("CSRF_TRUSTED_ORIGINS", default=[]) + TWILIO_ACCOUNT_SID = env("TWILIO_ACCOUNT_SID") TWILIO_AUTH_TOKEN = env("TWILIO_AUTH_TOKEN") TWILIO_MESSAGING_SERVICE = env("TWILIO_MESSAGING_SERVICE") -FCM_CREDENTIALS = env("FCM_CREDENTIALS", default=None) +FCM_CREDENTIALS = { + "type": "service_account", + "project_id": env("FCM_PROJECT_ID", default=""), + "private_key_id": env("FCM_PRIVATE_KEY_ID", default=""), + "private_key": env("FCM_PRIVATE_KEY", default=""), + "client_email": env("FCM_CLIENT_EMAIL", default=""), + "client_id": env("FCM_CLIENT_ID", default=""), + "auth_uri": "https://accounts.google.com/o/oauth2/auth", + "token_uri": "https://oauth2.googleapis.com/token", + "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", + "client_x509_cert_url": env("FCM_CLIENT_X509_CERT_URL", default=""), + "universe_domain": "googleapis.com" +} + +OAUTH2_PROVIDER = { + "OIDC_ENABLED": True, + "OIDC_RSA_PRIVATE_KEY": env("OIDC_RSA_PRIVATE_KEY", default=""), + "SCOPES": { + "openid": "OpenID Connect scope", + "sync": "sync with commcarehq" + }, + "PKCE_REQUIRED": False, + "OAUTH2_VALIDATOR_CLASS": "users.oauth.ConnectOAuth2Validator", +} # Firebase if FCM_CREDENTIALS: