Merge pull request #362 from maykinmedia/upgrade-42

Prepare upgrade to Django 4.2

CHANGELOG.rst

@@ -2,6 +2,14 @@
 Change history
 ==============
 
+2.3.0 (TBD)
+-----------
+
+.. warning::
+
+    Two-factor authentication is enabled by default. The ``DISABLE_2FA`` environment variable
+    can be used to disable it if needed.
+
 2.2.1 (2024-03-02)
 ------------------
 

Dockerfile

@@ -51,6 +51,7 @@ COPY --from=backend-build /usr/local/bin/uwsgi /usr/local/bin/uwsgi
 # Stage 3.2 - Copy source code
 WORKDIR /app
 COPY ./bin/docker_start.sh /start.sh
+COPY ./bin/celery_worker.sh /celery_worker.sh
 RUN mkdir /app/log /app/config
 
 # copy frontend build statics

bin/celery_worker.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+set -e
+
+LOGLEVEL=${CELERY_LOGLEVEL:-INFO}
+CONCURRENCY=${CELERY_WORKER_CONCURRENCY:-1}
+
+QUEUE=${1:-${CELERY_WORKER_QUEUE:=celery}}
+WORKER_NAME=${2:-${CELERY_WORKER_NAME:="${QUEUE}"@%n}}
+
+_binary=$(which celery)
+
+if [[ "$ENABLE_COVERAGE" ]]; then
+    _binary="coverage run $_binary"
+fi
+
+echo "Starting celery worker $WORKER_NAME with queue $QUEUE"
+exec $_binary --workdir src --app objects.celery worker \
+    -Q $QUEUE \
+    -n $WORKER_NAME \
+    -l $LOGLEVEL \
+    -O fair \
+    -c $CONCURRENCY

docker-compose.yml

@@ -9,9 +9,14 @@ services:
       - POSTGRES_USER=${DB_USER:-objects}
       - POSTGRES_PASSWORD=${DB_PASSWORD:-objects}
 
+  redis:
+    image: redis:7
+    command: ["redis-server", "--appendonly", "yes"]
+
   web:
-    build: .
-    environment:
+    build: &web_build
+      context: .
+    environment: &web_env
       - DJANGO_SETTINGS_MODULE=objects.conf.docker
       - SECRET_KEY=${SECRET_KEY:-1(@f(-6s_u(5fd&1sg^uvu2s(c-9sapw)1era8q&)g)h@cwxxg}
       - OBJECTS_SUPERUSER_USERNAME=admin
@@ -22,8 +27,18 @@ services:
       - 8000:8000
     depends_on:
       - db
-    volumes:
+      - redis
+    volumes: &web_volumes
       - media:/app/media  # Shared media volume to get access to saved OAS files
 
+  celery:
+    build: *web_build
+    environment: *web_env
+    command: /celery_worker.sh
+    depends_on:
+      - db
+      - redis
+    volumes: *web_volumes
+
 volumes:
   media:

docs/installation/config.rst

@@ -29,8 +29,8 @@ Required settings
   Defaults to ``*`` for the ``docker`` environment and defaults to
   ``127.0.0.1,localhost`` for the ``dev`` environment.
 
-Database settings
------------------
+Common settings
+---------------
 
 * ``DB_HOST``: Hostname of the PostgreSQL database. Defaults to ``db`` for the
   ``docker`` environment, otherwise defaults to ``localhost``.
@@ -43,6 +43,12 @@ Database settings
 
 * ``DB_PORT``: Port number of the database. Defaults to ``5432``.
 
+* ``CELERY_BROKER_URL``: URL for the Redis task broker for Celery. Defaults
+  to ``redis://127.0.0.1:6379/1``.
+
+* ``CELERY_RESULT_BACKEND``: URL for the Redis result broker for Celery.
+  Defaults to ``redis://127.0.0.1:6379/1``.
+
 Elastic APM settings
 --------------------
 
@@ -84,17 +90,14 @@ Other settings
   sent to the Notificaties API for operations on the Object endpoint.
   Defaults to ``True`` for the ``dev`` environment, otherwise defaults to ``False``.
 
-* ``TWO_FACTOR_FORCE_OTP_ADMIN``: Enforce 2 Factor Authentication in the admin or not.
-  Default ``True``. You'll probably want to disable this when using OIDC.
-
-* ``TWO_FACTOR_PATCH_ADMIN``: Whether to use the 2 Factor Authentication login flow for
-  the admin or not. Default ``True``. You'll probably want to disable this when using OIDC.
-
 * ``USE_X_FORWARDED_HOST``: whether to grab the domain/host from the ``X-Forwarded-Host``
   header or not. This header is typically set by reverse proxies (such as nginx,
   traefik, Apache...). Default ``False`` - this is a header that can be spoofed and you
   need to ensure you control it before enabling this.
 
+* ``DISABLE_2FA``: whether to disable two-factor authentication. Defaults to ``False``.
+  If set to ``False``, 2FA will be required if not using OIDC.
+
 Initial superuser creation
 --------------------------
 

requirements/base.in

@@ -1,4 +1,5 @@
 # Core python libraries
+celery
 glom # data represenation based on spec
 Pillow  # handle images
 psycopg2  # database driver
@@ -8,13 +9,12 @@ python-decouple  # processing of envvar configs
 jsonschema
 
 # Framework libraries
-django~=3.2
+django~=4.2
 django-admin-index
 django-axes
 django-redis
 django-rosetta
-maykin-django-two-factor-auth
-maykin-django-two-factor-auth[phonenumbers]
+maykin-2fa
 mozilla-django-oidc-db
 
 # API libraries
@@ -30,5 +30,6 @@ sentry-sdk  # error monitoring
 elastic-apm  # Elastic APM integration
 
 # Common ground libraries
-vng-api-common[markdown_docs]>=1.6.4
+notifications-api-common
+commonground-api-common[markdown_docs]
 zgw-consumers  # external api auths