Merge branch 'issue-6127' into issue-6126

Author: sharadsw

Dockerfile

@@ -9,6 +9,7 @@ RUN apt-get update \
         libldap-2.4-2 \
         libmariadb3 \
         rsync \
+        tzdata \
  && apt-get clean \
  && rm -rf /var/lib/apt/lists/*
 
@@ -42,6 +43,8 @@ RUN npx webpack --mode production
 
 FROM common AS build-backend
 
+ENV DEBIAN_FRONTEND=noninteractive
+
 RUN apt-get update \
  && apt-get -y install --no-install-recommends \
         build-essential \
@@ -58,6 +61,7 @@ RUN apt-get update \
         python3.8-distutils \
         python3.8-dev \
         libmariadbclient-dev \
+        tzdata \
  && apt-get clean \
  && rm -rf /var/lib/apt/lists/*
 
@@ -129,13 +133,15 @@ RUN echo \
         "\nREPORT_RUNNER_PORT = os.getenv('REPORT_RUNNER_PORT', '')" \
         "\nWEB_ATTACHMENT_URL = os.getenv('ASSET_SERVER_URL', None)" \
         "\nWEB_ATTACHMENT_KEY = os.getenv('ASSET_SERVER_KEY', None)" \
-        "\nWEB_ATTACHMENT_COLLECTION = os.getenv('ASSET_SERVER_COLLECTION', None)" \
+        "\nWEB_ATTACHMENT_COLLECTION = os.getenv('ASSET_SERVER_COLLECTION', DATABASE_NAME) or DATABASE_NAME" \
         "\nSEPARATE_WEB_ATTACHMENT_FOLDERS = os.getenv('SEPARATE_WEB_ATTACHMENT_FOLDERS', None)" \
         "\nCELERY_BROKER_URL = os.getenv('CELERY_BROKER_URL', None)" \
         "\nCELERY_RESULT_BACKEND = os.getenv('CELERY_RESULT_BACKEND', None)" \
         "\nCELERY_TASK_DEFAULT_QUEUE = os.getenv('CELERY_TASK_QUEUE', DATABASE_NAME)" \
         "\nANONYMOUS_USER = os.getenv('ANONYMOUS_USER', None)" \
         "\nSPECIFY_CONFIG_DIR = os.environ.get('SPECIFY_CONFIG_DIR', '/opt/Specify/config')" \
+        "\nhost = os.getenv('CSRF_TRUSTED_ORIGINS', None)" \
+        "\nCSRF_TRUSTED_ORIGINS = [origin.strip() for origin in host.split(',')] if host else []" \
         > settings/local_specify_settings.py
 
 RUN echo "import os \nDEBUG = os.getenv('SP7_DEBUG', '').lower() == 'true'\n" \

docker-entrypoint.sh

@@ -1,3 +1,4 @@
+#!/bin/bash
 set -e
 if [ -z "$(ls -A /volumes/static-files/specify-config)" ]; then
   mkdir -p /volumes/static-files/specify-config/config/

requirements.txt

@@ -1,6 +1,10 @@
+setuptools>=50.0.0
+tzdata
+wheel
+backports.zoneinfo==0.2.1
 kombu==5.2.4
 celery[redis]==5.2.7
-Django==3.2.15
+Django==4.2.18
 mysqlclient==2.1.1
 SQLAlchemy==1.2.11
 requests==2.32.2

specifyweb/accounts/views.py

@@ -16,7 +16,7 @@
 from django.shortcuts import render
 from django.template.response import TemplateResponse
 from django.utils import crypto
-from django.utils.http import is_safe_url, urlencode
+from django.utils.http import url_has_allowed_host_and_scheme, urlencode
 from django.views.decorators.cache import never_cache
 from typing import Union, Optional, Dict, cast
 from typing_extensions import TypedDict
@@ -362,7 +362,7 @@ def choose_collection(request) -> http.HttpResponse:
 
     redirect_to = (request.POST if request.method == "POST" else request.GET).get('next', '')
     redirect_resp = http.HttpResponseRedirect(
-        redirect_to if is_safe_url(url=redirect_to, allowed_hosts=request.get_host())
+        redirect_to if url_has_allowed_host_and_scheme(url=redirect_to, allowed_hosts=request.get_host())
         else settings.LOGIN_REDIRECT_URL
     )
 

specifyweb/attachment_gw/urls.py

@@ -1,14 +1,13 @@
-from django.conf.urls import url
+from django.urls import path
 
 from . import views
 
 urlpatterns = [
-    url(r'^get_settings/$', views.get_settings),
-    url(r'^get_upload_params/$', views.get_upload_params),
-    url(r'^get_token/$', views.get_token),
-    url(r'^proxy/$', views.proxy),
-    url(r'^download_all/$', views.download_all),
-    url(r'^dataset/$', views.datasets),
-    url(r'^dataset/(?P<ds_id>\d+)/$', views.dataset),
-
+    path('get_settings/', views.get_settings),
+    path('get_upload_params/', views.get_upload_params),
+    path('get_token/', views.get_token),
+    path('proxy/', views.proxy),
+    path('download_all/', views.download_all),
+    path('dataset/', views.datasets),
+    path('dataset/<int:ds_id>/', views.dataset),
 ]

specifyweb/attachment_gw/views.py

@@ -72,8 +72,11 @@ def get_collection(request=None):
     # do any better than using the first collection
     # and hoping that all the assets are in the same
     # folder.
-    from specifyweb.specify.models import Collection
-    return Collection.objects.all()[0].collectionname
+    # from specifyweb.specify.models import Collection
+    # return Collection.objects.all()[0].collectionname
+
+    # The default coll parameter to assets is the database name
+    return settings.DATABASE_NAME
 
 @openapi(schema={
     "get": {

specifyweb/barvis/urls.py

@@ -1,7 +1,7 @@
-from django.conf.urls import url
+from django.urls import path
 
 from . import views
 
 urlpatterns = [
-    url(r'^taxon_bar/$', views.taxon_bar),
+    path('taxon_bar/', views.taxon_bar),
 ]

specifyweb/businessrules/__init__.py

@@ -1 +0,0 @@
-default_app_config = 'specifyweb.businessrules.apps.BussinessRuleConfig'

specifyweb/businessrules/urls.py

@@ -1,8 +1,8 @@
-from django.conf.urls import include, url
+from django.urls import path
 
 from . import views
 
 urlpatterns = [
-    url(r'^uniqueness_rules/(?P<discipline_id>\d+)/$', views.uniqueness_rule),
-    url(r'^uniqueness_rules/validate/$', views.validate_uniqueness),
+    path('uniqueness_rules/<int:discipline_id>/', views.uniqueness_rule),
+    path('uniqueness_rules/validate/', views.validate_uniqueness),
 ]

specifyweb/context/remote_prefs.py

@@ -1,4 +1,4 @@
-from django.utils.encoding import force_text
+from django.utils.encoding import force_str
 
 from specifyweb.specify.models import Spappresourcedata
 
@@ -11,10 +11,10 @@ def get_remote_prefs() -> str:
     # Spappresource.data is stored in a blob field even though we treat
     # it as a TextField. Starting in django 2.2 it doesn't automatically
     # get decoded from bytes to str.
-    return '\n'.join(force_text(r.data) for r in res)
+    return '\n'.join(force_str(r.data) for r in res)
 
 def get_global_prefs() -> str:
     res = Spappresourcedata.objects.filter(
         spappresource__name='preferences',
         spappresource__spappresourcedir__usertype='Global Prefs')
-    return '\n'.join(force_text(r.data) for r in res)
+    return '\n'.join(force_str(r.data) for r in res)