Merge commit '51f6ffb22e69f63014c244e516b2e911ca5b9910' into release

.env.example

@@ -1,6 +1,5 @@
-COMPOSE_FILE=docker-compose.yml:docker-compose.override.local.yml
-
 DEBUG=1
+ENVIRONMENT=test
 
 QFIELDCLOUD_HOST=localhost
 DJANGO_SETTINGS_MODULE=qfieldcloud.settings
@@ -70,7 +69,6 @@ EMAIL_HOST_USER=user
 EMAIL_HOST_PASSWORD=password
 DEFAULT_FROM_EMAIL=webmaster@localhost
 
-COMPOSE_PROJECT_NAME=qfieldcloud
 QFIELDCLOUD_DEFAULT_NETWORK=qfieldcloud_default
 QFIELDCLOUD_ADMIN_URI=admin/
 
@@ -80,10 +78,28 @@ QFIELDCLOUD_RIBBON_HTML=<a class="qfc-ribbon" href="https://qfield.cloud/tos" ta
 # Timeout in seconds to wait for a job container to finish, otherwise terminate it.
 QFIELDCLOUD_WORKER_TIMEOUT_S=60
 
+# The Django development port. Not used in production.
+# DEFAULT: 8111
+DJANGO_DEV_PORT=8111
+
 GUNICORN_TIMEOUT_S=300
 GUNICORN_MAX_REQUESTS=300
 GUNICORN_WORKERS=3
 GUNICORN_THREADS=3
 
+# Not used in production.
+# DEFAULT: 8112
+SMTP4DEV_WEB_PORT=8112
+
+# Not used in production.
+# DEFAULT: 25
+SMTP4DEV_SMTP_PORT=25
+
+# Not used in production.
+# DEFAULT: 43
+SMTP4DEV_IMAP_PORT=143
+
+COMPOSE_PROJECT_NAME=qfieldcloud
+COMPOSE_FILE=docker-compose.yml:docker-compose.override.local.yml
 # required for making COMPOSE_FILE above cross-platform (do not change)
 COMPOSE_PATH_SEPARATOR=:

.pre-commit-config.yaml

@@ -30,7 +30,7 @@ repos:
 
   # Black formatting
   - repo: https://github.com/psf/black
-    rev: 20.8b1
+    rev: "22.3.0"
     hooks:
       - id: black
 

README.md

@@ -224,15 +224,15 @@ Based on this example
 |---------------|------|----------------------|--------------------|--------------------|--------------------|
 | nginx http    | 80   | WEB_HTTP_PORT        | :white_check_mark: | :white_check_mark: | :white_check_mark: |
 | nginx https   | 443  | WEB_HTTPS_PORT       | :white_check_mark: | :white_check_mark: | :white_check_mark: |
-| django http   | 5001 |                      | :white_check_mark: | :x:                | :x:                |
+| django http   | 8011 | DJANGO_DEV_PORT      | :white_check_mark: | :x:                | :x:                |
 | postgres      | 5433 | HOST_POSTGRES_PORT   | :white_check_mark: | :white_check_mark: | :white_check_mark: |
 | redis         | 6379 | REDIS_PORT           | :white_check_mark: | :white_check_mark: | :white_check_mark: |
 | geodb         | 5432 | HOST_POSTGRES_PORT   | :white_check_mark: | :white_check_mark: | :x:                |
 | minio API     | 8009 | MINIO_API_PORT       | :white_check_mark: | :x:                | :x:                |
 | minio browser | 8010 | MINIO_BROWSER_PORT   | :white_check_mark: | :x:                | :x:                |
-| smtp web      | 5000 |                      | :white_check_mark: | :x:                | :x:                |
-| smtp          | 25   |                      | :white_check_mark: | :x:                | :x:                |
-| imap          | 143  |                      | :white_check_mark: | :x:                | :x:                |
+| smtp web      | 8012 | SMTP4DEV_WEB_PORT    | :white_check_mark: | :x:                | :x:                |
+| smtp          | 25   | SMTP4DEV_SMTP_PORT   | :white_check_mark: | :x:                | :x:                |
+| imap          | 143  | SMTP4DEV_IMAP_PORT   | :white_check_mark: | :x:                | :x:                |
 
 ### Logs
 

SECURITY.md

@@ -0,0 +1,12 @@
+# Security Policy
+
+## Supported Versions
+
+On https://qfield.cloud we always run the latest stable release.
+
+
+## Reporting a Vulnerability
+
+At OPENGIS.ch we take security very seriously, if you found a vulnerability, please get in touch with [email protected].
+
+We'll get back at you as soon as possible after analising your report.

conf/nginx/templates/default.conf.template

@@ -57,7 +57,7 @@ server {
   }
 
   location /swagger.yaml {
-    add_header Access-Control-Allow-Origin $http_host;
+    add_header Access-Control-Allow-Origin https://docs.qfield.org;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto $scheme;
     proxy_set_header Host $http_host;

docker-app/qfieldcloud/core/geodb_utils.py

@@ -122,7 +122,7 @@ def delete_db_and_role(dbname, username):
 
 
 def get_db_size(geodb):
-    """ Return the size of the database in bytes"""
+    """Return the size of the database in bytes"""
 
     with GeodbConnection() as conn:
         cur = conn.cursor()

docker-app/qfieldcloud/core/migrations/0052_secret.py

@@ -0,0 +1,72 @@
+# Generated by Django 3.2.12 on 2022-04-13 14:44
+
+import django.core.validators
+import django.db.models.deletion
+import django_cryptography.fields
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("core", "0051_auto_20211125_0444"),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="Secret",
+            fields=[
+                (
+                    "id",
+                    models.AutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="ID",
+                    ),
+                ),
+                (
+                    "name",
+                    models.TextField(
+                        help_text="Must start with a letter and followed by capital letters, numbers or underscores.",
+                        max_length=255,
+                        unique=True,
+                        validators=[
+                            django.core.validators.RegexValidator(
+                                "^[A-Z]+[A-Z0-9_]+$",
+                                "Must start with a letter and followed by capital letters, numbers or underscores.",
+                            )
+                        ],
+                    ),
+                ),
+                (
+                    "type",
+                    models.CharField(
+                        choices=[
+                            ("pgservice", "pg_service"),
+                            ("envvar", "Environment Variable"),
+                        ],
+                        max_length=32,
+                    ),
+                ),
+                (
+                    "project",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="secrets",
+                        to="core.project",
+                    ),
+                ),
+                ("created_at", models.DateTimeField(auto_now_add=True)),
+                (
+                    "created_by",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="project_secrets",
+                        to="core.user",
+                    ),
+                ),
+                ("value", django_cryptography.fields.encrypt(models.TextField())),
+            ],
+        ),
+    ]

docker-app/qfieldcloud/core/models.py

@@ -6,6 +6,7 @@
 from enum import Enum
 from typing import Iterable, List
 
+import django_cryptography.fields
 import qfieldcloud.core.utils2.storage
 from auditlog.registry import auditlog
 from django.contrib.auth.models import AbstractUser, UserManager
@@ -1113,6 +1114,11 @@ class Status(models.TextChoices):
     old_geom = models.GeometryField(null=True, srid=4326, dim=4)
     new_geom = models.GeometryField(null=True, srid=4326, dim=4)
 
+    jobs_to_apply = models.ManyToManyField(
+        to="ApplyJob",
+        through="ApplyJobDelta",
+    )
+
     def __str__(self):
         return str(self.id) + ", project: " + str(self.project.id)
 
@@ -1180,9 +1186,40 @@ class Status(models.TextChoices):
     finished_at = models.DateTimeField(blank=True, null=True, editable=False)
 
     @property
-    def short_id(self):
+    def short_id(self) -> str:
         return str(self.id)[0:8]
 
+    @property
+    def fallback_output(self) -> str:
+        # show whatever is the output if it is present
+        if self.output:
+            return ""
+
+        if self.status == Job.Status.PENDING:
+            return _(
+                "The job is in pending status, it will be started as soon as there are available server resources."
+            )
+        elif self.status == Job.Status.QUEUED:
+            return _(
+                "The job is in queued status. Server resources are allocated and it will be started soon."
+            )
+        elif self.status == Job.Status.STARTED:
+            return _("The job is in started status. Waiting for it to finish...")
+        elif self.status == Job.Status.FINISHED:
+            return _(
+                "The job is in finished status. It finished successfully without any output."
+            )
+        elif self.status == Job.Status.STOPPED:
+            return _("The job is in stopped status. Waiting to be continued...")
+        elif self.status == Job.Status.FAILED:
+            return _(
+                "The job is in failed status. The execution failed due to server error. Please verify the project is configured properly and try again."
+            )
+        else:
+            return _(
+                "The job ended in unknown state. Please verify the project is configured properly, try again and contact QFieldCloud support for more information."
+            )
+
 
 class PackageJob(Job):
     def save(self, *args, **kwargs):
@@ -1239,6 +1276,39 @@ def __str__(self):
         return f"{self.apply_job_id}:{self.delta_id}"
 
 
+class Secret(models.Model):
+    class Type(models.TextChoices):
+        PGSERVICE = "pgservice", _("pg_service")
+        ENVVAR = "envvar", _("Environment Variable")
+
+    name = models.TextField(
+        max_length=255,
+        unique=True,
+        validators=[
+            RegexValidator(
+                r"^[A-Z]+[A-Z0-9_]+$",
+                _(
+                    "Must start with a letter and followed by capital letters, numbers or underscores."
+                ),
+            )
+        ],
+        help_text=_(
+            _(
+                "Must start with a letter and followed by capital letters, numbers or underscores."
+            ),
+        ),
+    )
+    type = models.CharField(max_length=32, choices=Type.choices)
+    project = models.ForeignKey(
+        Project, on_delete=models.CASCADE, related_name="secrets"
+    )
+    created_by = models.ForeignKey(
+        User, on_delete=models.CASCADE, related_name="project_secrets"
+    )
+    created_at = models.DateTimeField(auto_now_add=True)
+    value = django_cryptography.fields.encrypt(models.TextField())
+
+
 auditlog.register(User, exclude_fields=["last_login", "updated_at"])
 auditlog.register(UserAccount)
 auditlog.register(Organization)
@@ -1269,3 +1339,4 @@ def __str__(self):
         "created_by",
     ],
 )
+auditlog.register(Secret, exclude_fields=["value"])

docker-app/qfieldcloud/core/permissions_utils.py

@@ -330,6 +330,28 @@ def can_ignore_delta(user: QfcUser, delta: Delta) -> bool:
     return True
 
 
+def can_create_secrets(user: QfcUser, project: Project) -> bool:
+    return user_has_project_roles(
+        user,
+        project,
+        [
+            ProjectCollaborator.Roles.ADMIN,
+            ProjectCollaborator.Roles.MANAGER,
+        ],
+    )
+
+
+def can_delete_secrets(user: QfcUser, project: Project) -> bool:
+    return user_has_project_roles(
+        user,
+        project,
+        [
+            ProjectCollaborator.Roles.ADMIN,
+            ProjectCollaborator.Roles.MANAGER,
+        ],
+    )
+
+
 def can_list_users_organizations(user: QfcUser) -> bool:
     """Return True if the `user` can list users and organizations.
     Return False otherwise."""