Merge pull request #1418 from IFRCGo/develop

szabozoltan69 · web-flow · commit eeda37d51b17 · 2022-04-23T12:28:10.000+02:00
Security update for Django 2.2.27/28
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,17 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## Unreleased
 
+## 1.1.438
+## 1.1.437
+
+### Added
+ - Nginx setup fixing
+ - /docs/ fixing
+ - User registration reminder job cleanup
+ - Lang: page-number
+ - Tidylib - adding
+ - Sit_fields_date also to be converted 
+
 ## 1.1.436
 
 ### Added
@@ -1959,7 +1970,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## 0.1.20
 
-[Unreleased]: https://github.com/IFRCGo/go-api/compare/1.1.436...HEAD
+[Unreleased]: https://github.com/IFRCGo/go-api/compare/1.1.438...HEAD
+[1.1.438]: https://github.com/IFRCGo/go-api/compare/1.1.437...1.1.438
+[1.1.437]: https://github.com/IFRCGo/go-api/compare/1.1.436...1.1.437
 [1.1.436]: https://github.com/IFRCGo/go-api/compare/1.1.435...1.1.436
 [1.1.435]: https://github.com/IFRCGo/go-api/compare/1.1.434...1.1.435
 [1.1.434]: https://github.com/IFRCGo/go-api/compare/1.1.433...1.1.434
diff --git a/api/management/commands/user_registration_reminder.py b/api/management/commands/user_registration_reminder.py
@@ -1,34 +1,16 @@
 from datetime import datetime, timezone, timedelta
-from django.db.models import Q, F, ExpressionWrapper, DurationField, Sum
-from django.db.models.query import QuerySet
 from django.core.management.base import BaseCommand
-from django.contrib.auth.models import User
-from django.conf import settings
 from django.template.loader import render_to_string
-from elasticsearch.helpers import bulk
-from utils.elasticsearch import construct_es_data
-from api.esconnection import ES_CLIENT
-from api.models import UserRegion, Region, Event, ActionsTaken, CronJob, CronJobStatus, Profile
-from api.logger import logger
-from notifications.models import RecordType, SubscriptionType, Subscription, SurgeAlert
-from notifications.hello import get_hello
-from notifications.notification import send_notification
-from deployments.models import PersonnelDeployment, ERU, Personnel
-from main.frontend import frontend_url
+from api.models import UserRegion, Region
 from registrations.models import Pending
 from notifications.notification import send_notification
-import html
-
-
-time_3_day = timedelta(days=3)
-
 
 
 class Command(BaseCommand):
     help = 'Send reminder about the pending registrations'
 
     def diff_3_day(self):
-        return datetime.utcnow().replace(tzinfo=timezone.utc) - time_3_day
+        return datetime.utcnow().replace(tzinfo=timezone.utc) - timedelta(days=3)
 
     def handle(self, *args, **options):
         region_ids = Region.objects.all().values_list('id', flat=True)
diff --git a/lang/permissions.py b/lang/permissions.py
@@ -12,6 +12,10 @@ def has_permission(self, request, view):
         # so we'll always allow GET, HEAD or OPTIONS requests. (`view` is allowed for all)
         if request.method in permissions.SAFE_METHODS:
             return True
+        if request.method == 'POST' and \
+                hasattr(request, '_request') and request.path[:6] == '/docs/' and \
+                hasattr(view, 'basename') and view.basename == 'language':
+            return True
         return String.has_perm(request.user, view.kwargs['pk'])
 
     def has_object_permission(self, request, view, obj):
diff --git a/main/__init__.py b/main/__init__.py
@@ -3,4 +3,4 @@
 from .celery import app as celery_app
 
 __all__ = ['celery_app']
-__version__ = '1.1.437'
+__version__ = '1.1.438'
diff --git a/main/nginx.conf b/main/nginx.conf
@@ -43,3 +43,5 @@ server {
         proxy_pass http://unix:/home/ifrc/django_app.sock;
     }
 }
+
+# This environment is CHANGE_ME_BEFORE_START.
diff --git a/main/runserver.sh b/main/runserver.sh
@@ -9,11 +9,17 @@ python manage.py collectstatic --noinput -l
 python manage.py make_permissions
 
 # Add server name(s) to django settings and nginx - later maybe only nginx would be enough, and ALLOWED_HOSTS could be "*"
-if [ "$API_FQDN"x = prddsgocdnapi.azureedge.netx ]; then
-    sed -i 's/\$NGINX_SERVER_NAME/'$API_FQDN' api.go.ifrc.org goadmin.ifrc.org/g' /etc/nginx/sites-available/nginx.conf
+if [ "$API_FQDN"x = goadmin.ifrc.orgx ]; then
+    sed -i 's/\$NGINX_SERVER_NAME/'$API_FQDN' api.go.ifrc.org/g' /etc/nginx/sites-available/nginx.conf
 else
     sed -i 's/\$NGINX_SERVER_NAME/'$API_FQDN'/g' /etc/nginx/sites-available/nginx.conf
 fi
+# Just a temporary test:
+if [ "$GO_ENVIRONMENT"x = productionx ]; then
+    sed -i 's/CHANGE_ME_BEFORE_START/prod/' /etc/nginx/sites-available/nginx.conf
+else
+    sed -i 's/CHANGE_ME_BEFORE_START/'$GO_ENVIRONMENT'/' /etc/nginx/sites-available/nginx.conf
+fi
 
 # Prepare log files and start outputting logs to stdout
 touch $HOME/logs/gunicorn.log
diff --git a/main/urls.py b/main/urls.py
@@ -193,7 +193,7 @@
     url(r'^api/v2/event/(?P<pk>\d+)', api_views.EventViewset.as_view({'get': 'retrieve'})),
     url(r'^api/v2/event/(?P<slug>[-\w]+)', api_views.EventViewset.as_view({'get': 'retrieve'}, lookup_field='slug')),
     url(r'^api/v2/exportperresults/', per_views.ExportAssessmentToCSVViewset.as_view()),
-    url(r'^docs/', include_docs_urls(title='IFRC Go API')),
+    url(r'^docs/', include_docs_urls(title='IFRC Go API', public=False)),
     url(r'^tinymce/', include('tinymce.urls')),
     url(r'^admin/', RedirectView.as_view(url='/')),
     # url(r'^', admin.site.urls),
diff --git a/notifications/drf_views.py b/notifications/drf_views.py
@@ -1,4 +1,4 @@
-from datetime import datetime, timedelta
+from datetime import datetime, timedelta, timezone
 from django.db.models import Q
 from django_filters import rest_framework as filters
 from rest_framework.authentication import TokenAuthentication
@@ -41,7 +41,7 @@ def get_serializer_class(self):
     def get_queryset(self):
         limit = 14  # days
         cond1 = Q(is_stood_down=True)
-        cond2 = Q(end__lt=datetime.now()-timedelta(days=limit))
+        cond2 = Q(end__lt=datetime.utcnow().replace(tzinfo=timezone.utc)-timedelta(days=limit))
         return SurgeAlert.objects.exclude(cond1 & cond2)
 
 
diff --git a/per/drf_views.py b/per/drf_views.py
@@ -338,6 +338,7 @@ def get_queryset(self):
 
 class GlobalPreparednessViewset(viewsets.ReadOnlyModelViewSet):
     """Global Preparedness Highlights"""
+    # Probably not used. E.g. no 'code' in Form
     queryset = Form.objects.all()
     authentication_classes = (TokenAuthentication,)
     permission_classes = (IsAuthenticated,)
@@ -351,13 +352,13 @@ def get_queryset(self):
             last_duedate = tmz.localize(datetime(2000, 11, 15, 9, 59, 25, 0))
         if not next_duedate:
             next_duedate = tmz.localize(datetime(2222, 11, 15, 9, 59, 25, 0))
-        queryset = FormData.objects.filter(form__updated_at__gt=last_duedate, selected_option=7).select_related('form')
+        queryset = FormData.objects.filter(form__updated_at__gt=last_duedate, selected_answer_id=7).select_related('form')
         result = []
-        for i in queryset:
-            j = {'id': i.form.id}
-            j.update({'code': i.form.code})
-            j.update({'question_id': i.question_id})
-            result.append(j)
+        # for i in queryset:
+        #     j = {'id': i.form.id}
+        #     j.update({'code': i.form.code})
+        #     j.update({'question_id': i.question_id})
+        #     result.append(j)
         return result
 
 
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml

Original file line number	Diff line number	Diff line change
`@@ -43,3 +43,5 @@ server {`
`43`	`43`	`proxy_pass http://unix:/home/ifrc/django_app.sock;`
`44`	`44`	`}`
`45`	`45`	`}`
	`46`	`+`
	`47`	`+# This environment is CHANGE_ME_BEFORE_START.`