Merge pull request #222 from uw-it-aca/django-upgrade

Django upgrade

.gitignore

@@ -30,6 +30,9 @@ spotseeker_web
 # IDE files
 .idea/
 
+# vscode files
+.vscode/
+
 # pipenv
 Pipfile
 Pipfile.lock

Dockerfile

@@ -1,4 +1,6 @@
-FROM gcr.io/uwit-mci-axdd/django-container:1.3.8 as app-container
+ARG DJANGO_CONTAINER_VERSION=1.4.1
+
+FROM gcr.io/uwit-mci-axdd/django-container:${DJANGO_CONTAINER_VERSION} as app-container
 
 USER root
 RUN apt-get update && apt-get install mysql-client libmysqlclient-dev -y
@@ -16,7 +18,7 @@ COPY --chown=acait:acait docker/test_settings.py project/test_settings.py
 ADD --chown=acait:acait docker/app_start.sh /scripts
 RUN chmod u+x /scripts/app_start.sh
 
-FROM gcr.io/uwit-mci-axdd/django-test-container:1.3.8 as app-test-container
+FROM gcr.io/uwit-mci-axdd/django-test-container:${DJANGO_CONTAINER_VERSION} as app-test-container
 
 COPY --from=0 /app/ /app/
 COPY --from=0 /static/ /static/

README.md

@@ -1,9 +1,9 @@
+# Spotseeker Server
+
 [![Build Status](https://github.com/uw-it-aca/spotseeker_server/workflows/Build%2C%20Test%20and%20Deploy/badge.svg?branch=master)](https://github.com/uw-it-aca/spotseeker_server/actions)
 [![Coverage Status](https://coveralls.io/repos/github/uw-it-aca/spotseeker_server/badge.svg?branch=master)](https://coveralls.io/github/uw-it-aca/spotseeker_server?branch=master)
 
-# SpaceScout Server
-
-This is the server for the SpaceScout suite of applications. It stores space metadata and resources as well as provides services to the SpaceScout web and mobile apps.
+This is the server for the Scout suite of applications. It stores space metadata and resources as well as provides services to the Scout web and mobile apps.
 
 ## Getting Started
 
@@ -16,70 +16,72 @@ These instructions will get you a copy of the project up and running on your loc
 * git
 * JPEG libraries from [http://www.ijg.org/](http://www.ijg.org/) (Optional, but PIL will not support JPEG images without it.)
 
-
 ### Steps to run
 
 First, clone the app:
 
-    $ git clone https://github.com/uw-it-aca/spotseeker_server.git
+```bash
+git clone https://github.com/uw-it-aca/spotseeker_server.git
+```
 
 If you wish to change the default settings, navigate to the develop branch and copy the sample environment variables into your own `.env` file:
 
-    $ cd spotseeker_server
-    $ git checkout develop
-    $ cp sample.env .env
+```bash
+cd spotseeker_server
+git checkout develop
+cp sample.env .env
+```
 
 Then, run the following command to build your docker container:
 
-    $ docker-compose up --build
-
-
-#### Additional settings:
+```bash
+docker-compose up --build
+```
 
-SPOTSEEKER_AUTH_MODULE setting can be one of 'all_ok' or 'oauth'. If using 'oauth', client applications will need an oauth key/secret pair. The 'all_ok' module is not suitable for production.
+#### Additional settings
 
-To find more information on how to set up the 'all_ok' Auth Module, check [here](https://github.com/uw-it-aca/spotseeker_server/wiki/Using-'all_ok'-oauth-module)
+SPOTSEEKER_OAUTH_ENABLED setting is a boolean. If true, client applications will need an oauth credential, and it's not required otherwise.
 
 Custom validation can be added by adding SpotForm and ExtendedInfoForm to org_forms and setting them here. (For example, SPOTSEEKER_SPOT_FORM could be default.DefaultSpotForm or org_forms.UWSpotForm , SPOTSEEKER_SPOTEXTENDEDINFO_FORM could be org_forms.UWSpotExtendedInfoForm or default.DefaultSpotExtendedInfoForm, and SPOTSEEKER_SEARCH_FILTERS could contain or  org_filters.uw_search.Filter or org_filters.sample_search.Filter)
 
-```
+```python
 SPOTSEEKER_SPOT_FORM = 'spotseeker_server.org_forms.MODULE'
 SPOTSEEKER_SPOTEXTENDEDINFO_FORM = 'spotseeker_server.org_forms.MODULE'
 SPOTSEEKER_SEARCH_FILTERS = ('spotseeker_server.org_filters.MODULE', )
 ```
 
-To properly access spots while in oauth, you can call
-
-```
-./manage.py loaddata /app/spotseeker_server/fixtures/oauth.json
-```
-
-and use the oauth key/secret pair provided in the json file so you won't have to recreate a consumer each time.
-
 For additional settings, see [some page that doesn't exist.]
 
 You can also optionally create some sample spot data:
 
-```
-python manage.py create_sample_spots
+```bash
+python manage.py create_sample_spots [--force/-f]
 ```
 
+The `--force` flag will not ask for confirmation for deleting existing spots before creating new ones.
+
 ## Running the tests
 
-    $ docker-compose build; docker-compose run --rm app bin/python manage.py test
+```bash
+docker-compose build; docker-compose run --rm app bin/python manage.py test
+```
 
 ## Deployment
 
 (To be completed.)
 
 ### Running `sync_techloan`
 
-    $ docker exec -it spotseeker-server bash
+```bash
+docker exec -it spotseeker-server bash
+```
 
 Create a test consumer and set the [required env variables](#sync_techloan-settings)
 
-    $ . bin/activate
-    (app) $ /scripts/management_daemon.sh --delay 30 sync_techloan
+```bash
+$ . bin/activate
+(app) $ /scripts/management_daemon.sh --delay 30 sync_techloan
+```
 
 ## Built With
 
@@ -107,7 +109,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-http://www.apache.org/licenses/LICENSE-2.0
+<http://www.apache.org/licenses/LICENSE-2.0>
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
@@ -119,12 +121,12 @@ limitations under the License.
 
 (To be moved to the wiki eventually.)
 
-- JSON_PRETTY_PRINT
-- SPOTSEEKER_AUTH_ADMINS
-- SPOTSEEKER_AUTH_MODULE
-- SPOTSEEKER_SEARCH_FILTERS
-- USER_EMAIL_DOMAIN
-- SPOTSEEKER_TECHLOAN_URL
+* JSON_PRETTY_PRINT
+* SPOTSEEKER_AUTH_ADMINS
+* SPOTSEEKER_OAUTH_ENABLED
+* SPOTSEEKER_SEARCH_FILTERS
+* USER_EMAIL_DOMAIN
+* SPOTSEEKER_TECHLOAN_URL
 
 ### `sync_techloan` settings
 

docker-compose.yml

@@ -11,7 +11,7 @@ services:
       - "${PORT:-8000}:8000"
     environment:
       ENV: localdev
-      AUTH_MODULE: ${AUTH_MODULE:-all_ok}
+      SPOTSEEKER_OAUTH_ENABLED: ${SPOTSEEKER_OAUTH_ENABLED}
       SPOTSEEKER_AUTH_ADMINS: ${SPOTSEEKER_AUTH_ADMINS}
       SPOTSEEKER_WEB_SERVER_HOST: ${SPOTSEEKER_WEB_SERVER_HOST}
       SPOTSEEKER_WEB_OAUTH_KEY: ${SPOTSEEKER_WEB_OAUTH_KEY}

docker/prod-values.yml

@@ -71,8 +71,8 @@ daemon:
       command: ["/scripts/management_daemon.sh"]
       args: ["--delay", "300", "sync_techloan"]
 environmentVariables:
-  - name: AUTH_MODULE
-    value: oauth
+  - name: SPOTSEEKER_OAUTH_ENABLED
+    value: true
   - name: CLUSTER_CNAME
     value: api.scout.uw.edu
   - name: ENV

docker/settings.py

@@ -8,14 +8,35 @@
     DEBUG = False
 
 INSTALLED_APPS += [
-    "oauth_provider",
     "spotseeker_server",
+    "oauth2_provider",
+    "corsheaders",
 ]
 
 MIDDLEWARE += [
     "spotseeker_server.logger.oauth.LogMiddleware",
+    "corsheaders.middleware.CorsMiddleware",
 ]
 
+AUTH_USER_MODEL = "spotseeker_server.Client"
+
+AUTHENTICATION_BACKENDS = (
+    "oauth2_provider.backends.OAuth2Backend",
+    "django.contrib.auth.backends.ModelBackend",
+)
+
+CORS_ORIGIN_ALLOW_ALL = DEBUG
+if os.getenv("ENV", "localdev") == "prod":
+    CORS_ALLOWED_ORIGINS = [
+        "https://scout.uw.edu",
+        "https://manager.scout.uw.edu",
+    ]
+else:
+    CORS_ALLOWED_ORIGINS = [
+        "https://test.scout.uw.edu",
+        "https://test.manager.scout.uw.edu",
+    ]
+
 # django storages settings
 if not DEBUG:
     DEFAULT_FILE_STORAGE = "storages.backends.gcloud.GoogleCloudStorage"
@@ -27,9 +48,11 @@
         "/gcs/credentials.json"
     )
 
-SPOTSEEKER_AUTH_MODULE = "spotseeker_server.auth.{}".format(
-    os.getenv("AUTH_MODULE", "all_ok")
-)
+SPOTSEEKER_OAUTH_ENABLED = os.getenv("SPOTSEEKER_OAUTH_ENABLED", not DEBUG)
+# convert string to boolean if set in .env
+if type(SPOTSEEKER_OAUTH_ENABLED) == str:
+    SPOTSEEKER_OAUTH_ENABLED = SPOTSEEKER_OAUTH_ENABLED.lower() == "true"
+
 # turn string of auth admins into list
 SPOTSEEKER_AUTH_ADMINS = (
     os.getenv("SPOTSEEKER_AUTH_ADMINS", "").replace(" ", "").split(",")
@@ -59,7 +82,8 @@
         }
     }
 else:
-    # The various MEMCACHED variables are set in django-container's base_settings/common.py
+    # The various MEMCACHED variables are set in django-container's
+    # base_settings/common.py
     CACHES = {
         'default': {
             'BACKEND': 'django.core.cache.backends.memcached.PyLibMCCache',

docker/test-values.yml

@@ -65,8 +65,8 @@ daemon:
       command: ["/scripts/management_daemon.sh"]
       args: ["--delay", "300", "sync_techloan"]
 environmentVariables:
-  - name: AUTH_MODULE
-    value: oauth
+  - name: SPOTSEEKER_OAUTH_ENABLED
+    value: true
   - name: CLUSTER_CNAME
     value: test.api.scout.uw.edu
   - name: ENV

docker/urls.py

@@ -1,34 +1,24 @@
-"""docker URL Configuration
+# Copyright 2023 UW-IT, University of Washington
+# SPDX-License-Identifier: Apache-2.0
 
-The `urlpatterns` list routes URLs to views. For more information please see:
-    https://docs.djangoproject.com/en/1.11/topics/http/urls/
-Examples:
-Function views
-    1. Add an import:  from my_app import views
-    2. Add a URL to urlpatterns:  url(r'^$', views.home, name='home')
-Class-based views
-    1. Add an import:  from other_app.views import Home
-    2. Add a URL to urlpatterns:  url(r'^$', Home.as_view(), name='home')
-Including another URLconf
-    1. Import the include() function: from django.conf.urls import url, include
-    2. Add a URL to urlpatterns:  url(r'^blog/', include('blog.urls'))
-"""
 from django.conf import settings
-from django.conf.urls import url, include
+from django.urls import path, include
+from django.contrib import admin
 
 urlpatterns = [
-    url(r'^auth/', include('oauth_provider.urls')),
-    url(r'^api/', include('spotseeker_server.urls')),
-    url(r'^', include('django_prometheus.urls')), # add here for django 1.11 compatibility
+    path('api/', include('spotseeker_server.urls')),
+    path(
+        'auth/',
+        include('oauth2_provider.urls', namespace='oauth2_provider')
+    ),
 ]
 
 if settings.DEBUG:
-    from django.contrib import admin
     from django.contrib.staticfiles.urls import staticfiles_urlpatterns
 
     urlpatterns += [
-        url(r'^admin/doc/', include('django.contrib.admindocs.urls')),
-        url(r'^admin/', include(admin.site.urls)),
+        path('admin/doc/', include('django.contrib.admindocs.urls')),
+        path('admin/', admin.site.urls),
     ]
 
     urlpatterns += staticfiles_urlpatterns()

requirements.txt

@@ -1,4 +1,5 @@
 # these two can be upgraded when django gets an update
 mysqlclient~=1.3
-django-prometheus~=2.0
+# this is temporary for testing migrations in upgrade
+django-extensions==2.2.*
 -e .

sample.env

@@ -3,11 +3,13 @@
 # Port to connect to with your browser
 #PORT=8001
 
-# Whether to use all_ok (default) or oauth auth module
-#AUTH_MODULE=oauth
-
 # Comma separated list of admins
 #SPOTSEEKER_AUTH_ADMINS=javerage,demo_user
 
+# enabled oauth (True or False)
+#SPOTSEEKER_OAUTH_ENABLED=True
+
 # URL to sync techloan from sync_techloan management command
-#SPOTSEEKER_TECHLOAN_URL=https://EXAMPLE_DOMAIN/techloan/api/v2/type/?embed=availability&embed=class
+#SPOTSEEKER_TECHLOAN_URL=https://EXAMPLE_DOMAIN/techloan/api/v2/type/?embed=availability&embed=class
+
+#ENV=localdev

setup.py

@@ -7,18 +7,19 @@
     version="1.0",
     description="REST Backend for SpaceScout",
     install_requires=[
-        "Django==1.11.*",
+        "Django==2.2.*",
         "future",
         "mock<=1.0.1",
         "oauthlib==3.1.*",
+        "django-oauth-toolkit",
+        "django-cors-headers==3.10.*",
         "requests==2.26.*",
         "requests-oauthlib==1.3.*",
         "Pillow",
         "pylibmc",  # switch to what django-container uses upon upgrade
         "pyproj",
         "pytz",
         "simplejson>=2.1",
-        "django-oauth-plus@git+https://github.com/edx-unsupported/django-oauth-plus#egg=2.2.9.edx-4",
         "django-storages[google]",
         "schema",
         "six",

spotseeker_server/admin.py

@@ -7,10 +7,8 @@
     [email protected]: use the same forms as used for REST.
 """
 
-from importlib import import_module
-from django.db import models
 from django.contrib import admin
-from django.conf import settings
+from django.contrib.auth.admin import UserAdmin
 from spotseeker_server.models import *
 from spotseeker_server.forms.spot import SpotForm, SpotExtendedInfoForm
 from spotseeker_server.forms.item import ItemForm, ItemExtendedInfoForm
@@ -117,7 +115,7 @@ class SpotExtendedInfoAdmin(admin.ModelAdmin):
 
 
 admin.site.register(SpotType)
-admin.site.register(TrustedOAuthClient)
+admin.site.register(Client, UserAdmin)
 
 
 class ItemAdmin(admin.ModelAdmin):