From 79d2098b8fc86fae437486848c76f4f024be971f Mon Sep 17 00:00:00 2001 From: Dan Trickey Date: Thu, 28 Dec 2023 19:18:09 +0000 Subject: [PATCH 1/4] Update environment example --- .env.example | 9 ++++++--- README.md | 11 +++++++++++ 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/.env.example b/.env.example index a80bffb..db8da29 100644 --- a/.env.example +++ b/.env.example @@ -1,9 +1,12 @@ SECRET_KEY=django-insecure-rT1fjisdfhsdfsiof3fsdfjs9d0fwqe78(UO-X^FPe -OIDC_RP_CLIENT_ID=YourClientIdHere -OIDC_RP_CLIENT_SECRET=YourClientSecretHere +SSO_OIDC_CONFIGURATION_URL=https://sso.example.com/.well-known/openid-configuration +SSO_OIDC_CLIENT_ID=YourClientIdHere +SSO_OIDC_CLIENT_SECRET=YourClientSecretHere SSO_STAFF_GROUP_NAME=kmicms:staff SSO_SUPERUSER_GROUP_NAME=kmicms:superuser DISCORD_APP_CLIENT_ID=123 -DISCORD_APP_CLIENT_SECRET=secret \ No newline at end of file +DISCORD_APP_CLIENT_SECRET=secret + +NETBOX_API_TOKEN=abc \ No newline at end of file diff --git a/README.md b/README.md index 5857688..3b6af77 100644 --- a/README.md +++ b/README.md @@ -25,6 +25,17 @@ You need to create a `.env` file containing the secrets: ``` SECRET_KEY=django-insecure-rT1fjisdfhsdfsiof3fsdfjs9d0fwqe78(UO-X^FPe + +SSO_OIDC_CONFIGURATION_URL=https://sso.example.com/.well-known/openid-configuration +SSO_OIDC_CLIENT_ID=YourClientIdHere +SSO_OIDC_CLIENT_SECRET=YourClientSecretHere +SSO_STAFF_GROUP_NAME=kmicms:staff +SSO_SUPERUSER_GROUP_NAME=kmicms:superuser + +DISCORD_APP_CLIENT_ID=123 +DISCORD_APP_CLIENT_SECRET=secret + +NETBOX_API_TOKEN=abc ``` There is an example of this file: `.env.example` From 936483f7bcf99a0a669729fbfd0052b4014ca16b Mon Sep 17 00:00:00 2001 From: Dan Trickey Date: Thu, 28 Dec 2023 19:18:16 +0000 Subject: [PATCH 2/4] Drop support for Python 3.9 --- .github/workflows/test.yml | 2 +- kmicms/kmicms/settings.py | 4 ++-- kmicms/pyproject.toml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 76aed2f..90538a1 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -12,7 +12,7 @@ jobs: strategy: matrix: os: [ubuntu-latest] - python: [3.9, "3.10", "3.11", "3.12"] + python: ["3.10", "3.11", "3.12"] steps: - uses: actions/checkout@v2 - name: Set up Python ${{ matrix.python }} diff --git a/kmicms/kmicms/settings.py b/kmicms/kmicms/settings.py index df824d7..ec9f563 100644 --- a/kmicms/kmicms/settings.py +++ b/kmicms/kmicms/settings.py @@ -14,9 +14,9 @@ BASE_DIR = os.path.dirname(PROJECT_DIR) # Validate Python version -if parse_version(platform.python_version()) < parse_version("3.9.0"): # pragma: nocover +if parse_version(platform.python_version()) < parse_version("3.10.0"): # pragma: nocover raise RuntimeError( - f"SOWN CMS requires Python 3.9 or higher (current: Python {platform.python_version()})", + f"SOWN CMS requires Python 3.10 or higher (current: Python {platform.python_version()})", ) # diff --git a/kmicms/pyproject.toml b/kmicms/pyproject.toml index ebd7537..94333ac 100644 --- a/kmicms/pyproject.toml +++ b/kmicms/pyproject.toml @@ -1,5 +1,5 @@ [tool.ruff] -target-version = "py39" +target-version = "py310" line-length = 120 select = [ From 430a8bbe04733128a9993295496f3081012a4f8a Mon Sep 17 00:00:00 2001 From: Dan Trickey Date: Thu, 28 Dec 2023 19:28:38 +0000 Subject: [PATCH 3/4] Various tweaks --- kmicms/core/templatetags/brand.py | 2 +- kmicms/kmicms/settings.py | 14 +++++++++----- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/kmicms/core/templatetags/brand.py b/kmicms/core/templatetags/brand.py index a1c1e3b..9ad1007 100644 --- a/kmicms/core/templatetags/brand.py +++ b/kmicms/core/templatetags/brand.py @@ -24,7 +24,7 @@ def static_for_brand(parser: Any, token: Any) -> str: Usage:: - {% static path [as varname] %} + {% static_for_brand path [as varname] %} Examples:: diff --git a/kmicms/kmicms/settings.py b/kmicms/kmicms/settings.py index ec9f563..91debbe 100644 --- a/kmicms/kmicms/settings.py +++ b/kmicms/kmicms/settings.py @@ -16,7 +16,7 @@ # Validate Python version if parse_version(platform.python_version()) < parse_version("3.10.0"): # pragma: nocover raise RuntimeError( - f"SOWN CMS requires Python 3.10 or higher (current: Python {platform.python_version()})", + f"KMI-CMS requires Python 3.10 or higher (current: Python {platform.python_version()})", ) # @@ -231,9 +231,6 @@ # https://docs.djangoproject.com/en/4.2/topics/i18n/ USE_I18N = True - -USE_L10N = True - USE_TZ = True MESSAGE_TAGS = { @@ -262,7 +259,14 @@ # ManifestStaticFilesStorage is recommended in production, to prevent outdated # JavaScript / CSS assets being served from cache (e.g. after a Wagtail upgrade). # See https://docs.djangoproject.com/en/4.2/ref/contrib/staticfiles/#manifeststaticfilesstorage -STATICFILES_STORAGE = "django.contrib.staticfiles.storage.ManifestStaticFilesStorage" +STORAGES = { + "default": { + "BACKEND": "django.core.files.storage.FileSystemStorage", + }, + "staticfiles": { + "BACKEND": "django.contrib.staticfiles.storage.ManifestStaticFilesStorage", + }, +} STATIC_ROOT = os.path.join(BASE_DIR, "static") STATIC_URL = "/static/" From 720b7d21b54697255937f6e4278415f83e7805ca Mon Sep 17 00:00:00 2001 From: Dan Trickey Date: Thu, 28 Dec 2023 19:31:37 +0000 Subject: [PATCH 4/4] Update cryptography to 41.0.6 Contains fix for CVE-2023-49083 --- requirements-dev.txt | 2 +- requirements.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index bdf5f7d..1fc0c72 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -42,7 +42,7 @@ coverage[toml]==7.3.2 # via pytest-cov crispy-bootstrap5==2023.10 # via -r requirements.txt -cryptography==41.0.5 +cryptography==41.0.6 # via # -r requirements.txt # authlib diff --git a/requirements.txt b/requirements.txt index 9a92016..a8a6717 100644 --- a/requirements.txt +++ b/requirements.txt @@ -22,7 +22,7 @@ charset-normalizer==3.3.2 # via requests crispy-bootstrap5==2023.10 # via -r requirements.in -cryptography==41.0.5 +cryptography==41.0.6 # via authlib defusedxml==0.7.1 # via willow