diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 5ad4ccc4..75f8ca93 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -2,6 +2,15 @@ Change history ============== +2.x.x +===== +*TBD* + +**New features** + +* Updated OAF version to 0.9.0. This upgrade allows admin users managing their sessions through the admin. + + 2.4.3 (2024-09-18) ------------------ @@ -61,7 +70,7 @@ Change history **Bugfixes and QOL** * added Celery healthcheck -* made user emails unique to prevent two users logging in with the same email, +* made user emails unique to prevent two users logging in with the same email, causing an error **Project maintenance** @@ -70,8 +79,8 @@ Change history .. warning:: - User email addresses will now be unique on a database level. The database - migration will fail if there are already two or more users with the same + User email addresses will now be unique on a database level. The database + migration will fail if there are already two or more users with the same email address. You must ensure this is not the case before upgrading. 2.4.0 (2024-07-05) @@ -80,7 +89,7 @@ Change history **New features** * added superuser permissions to API (#369) -* added `setup_configuration` management command which can configure API with +* added `setup_configuration` management command which can configure API with environment variables (#368) * added `Record.data` as a search filter in the Admin (#381) * displayed `Objecttype.uuid` in the Objecttype and Object admin pages (#315) diff --git a/docs/installation/config.rst b/docs/installation/config.rst index ade5c652..d317e921 100644 --- a/docs/installation/config.rst +++ b/docs/installation/config.rst @@ -16,7 +16,7 @@ Available environment variables Required -------- -* ``SECRET_KEY``: Secret key that's used for certain cryptographic utilities. . +* ``SECRET_KEY``: Secret key that's used for certain cryptographic utilities. You should generate one via `miniwebtool `_. * ``ALLOWED_HOSTS``: a comma separated (without spaces!) list of domains that serve the installation. Used to protect against Host header attacks. Defaults to: ``(empty string)``. * ``CACHE_DEFAULT``: redis cache address for the default cache (this **MUST** be set when using Docker). Defaults to: ``localhost:6379/0``. * ``CACHE_AXES``: redis cache address for the brute force login protection cache (this **MUST** be set when using Docker). Defaults to: ``localhost:6379/0``. @@ -86,7 +86,8 @@ Optional * ``LOG_LEVEL``: control the verbosity of logging output. Available values are ``CRITICAL``, ``ERROR``, ``WARNING``, ``INFO`` and ``DEBUG``. Defaults to: ``WARNING``. * ``LOG_QUERIES``: enable (query) logging at the database backend level. Note that you must also set ``DEBUG=1``, which should be done very sparingly!. Defaults to: ``False``. * ``LOG_REQUESTS``: enable logging of the outgoing requests. Defaults to: ``False``. -* ``SESSION_COOKIE_SAMESITE``: The value of the SameSite flag on the session cookie. This flag prevents the cookie from being sent in cross-site requests thus preventing CSRF attacks and making some methods of stealing session cookie impossible.Currently interferes with OIDC. Keep the value set at Lax if used. Defaults to: ``Lax``. +* ``SESSION_COOKIE_AGE``: For how long, in seconds, the session cookie will be valid. Defaults to: ``1209600``. +* ``SESSION_COOKIE_SAMESITE``: The value of the SameSite flag on the session cookie. This flag prevents the cookie from being sent in cross-site requests thus preventing CSRF attacks and making some methods of stealing session cookie impossible. Defaults to: ``Strict``. * ``CSRF_COOKIE_SAMESITE``: The value of the SameSite flag on the CSRF cookie. This flag prevents the cookie from being sent in cross-site requests. Defaults to: ``Strict``. * ``ENVIRONMENT``: An identifier for the environment, displayed in the admin depending on the settings module used and included in the error monitoring (see ``SENTRY_DSN``). The default is set according to ``DJANGO_SETTINGS_MODULE``. * ``SUBPATH``: If hosted on a subpath, provide the value here. If you provide ``/gateway``, the component assumes its running at the base URL: ``https://somedomain/gateway/``. Defaults to an empty string. Defaults to: ``None``. diff --git a/requirements/base.txt b/requirements/base.txt index f49d186e..a0982bfc 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -89,6 +89,7 @@ django==4.2.15 # django-relativedelta # django-rest-framework-condition # django-sendfile2 + # django-sessionprofile # django-setup-configuration # django-simple-certmanager # django-solo @@ -145,6 +146,8 @@ django-rest-framework-condition==0.1.1 # via commonground-api-common django-sendfile2==0.7.0 # via django-privates +django-sessionprofile==3.0.0 + # via open-api-framework django-setup-configuration==0.1.0 # via open-api-framework django-simple-certmanager==1.4.1 @@ -241,7 +244,7 @@ notifications-api-common==0.2.2 # via # -r requirements/base.in # commonground-api-common -open-api-framework==0.8.1 +open-api-framework==0.9.0 # via -r requirements/base.in orderedmultidict==1.0.1 # via furl diff --git a/requirements/ci.txt b/requirements/ci.txt index 0222dfeb..136a4c7f 100644 --- a/requirements/ci.txt +++ b/requirements/ci.txt @@ -138,6 +138,7 @@ django==4.2.15 # django-relativedelta # django-rest-framework-condition # django-sendfile2 + # django-sessionprofile # django-setup-configuration # django-simple-certmanager # django-solo @@ -228,6 +229,10 @@ django-sendfile2==0.7.0 # via # -r requirements/base.txt # django-privates +django-sessionprofile==3.0.0 + # via + # -r requirements/base.txt + # open-api-framework django-setup-configuration==0.1.0 # via # -r requirements/base.txt @@ -402,7 +407,7 @@ notifications-api-common==0.2.2 # via # -r requirements/base.txt # commonground-api-common -open-api-framework==0.8.1 +open-api-framework==0.9.0 # via -r requirements/base.txt orderedmultidict==1.0.1 # via diff --git a/requirements/dev.txt b/requirements/dev.txt index 7e03d906..e6871c65 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -149,6 +149,7 @@ django==4.2.15 # django-relativedelta # django-rest-framework-condition # django-sendfile2 + # django-sessionprofile # django-setup-configuration # django-simple-certmanager # django-solo @@ -243,6 +244,10 @@ django-sendfile2==0.7.0 # via # -r requirements/base.txt # django-privates +django-sessionprofile==3.0.0 + # via + # -r requirements/base.txt + # open-api-framework django-setup-configuration==0.1.0 # via # -r requirements/base.txt @@ -424,7 +429,7 @@ notifications-api-common==0.2.2 # via # -r requirements/base.txt # commonground-api-common -open-api-framework==0.8.1 +open-api-framework==0.9.0 # via -r requirements/base.txt orderedmultidict==1.0.1 # via diff --git a/src/objects/fixtures/default_admin_index.json b/src/objects/fixtures/default_admin_index.json index 5edc547d..7ae95c50 100644 --- a/src/objects/fixtures/default_admin_index.json +++ b/src/objects/fixtures/default_admin_index.json @@ -21,6 +21,10 @@ [ "two_factor_webauthn", "webauthndevice" + ], + [ + "sessionprofile", + "sessionprofile" ] ] }