diff --git a/CHANGELOG.rst b/CHANGELOG.rst index eecdb53e..d5e16383 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -2,6 +2,14 @@ Change history ============== +2.3.0 (TBD) +----------- + +.. warning:: + + Two-factor authentication is enabled by default. The ``DISABLE_2FA`` environment variable + can be used to disable it if needed. + 2.2.1 (2024-03-02) ------------------ diff --git a/Dockerfile b/Dockerfile index 2d5e1778..906a7155 100644 --- a/Dockerfile +++ b/Dockerfile @@ -51,6 +51,7 @@ COPY --from=backend-build /usr/local/bin/uwsgi /usr/local/bin/uwsgi # Stage 3.2 - Copy source code WORKDIR /app COPY ./bin/docker_start.sh /start.sh +COPY ./bin/celery_worker.sh /celery_worker.sh RUN mkdir /app/log /app/config # copy frontend build statics diff --git a/bin/celery_worker.sh b/bin/celery_worker.sh new file mode 100755 index 00000000..33fdf84a --- /dev/null +++ b/bin/celery_worker.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +set -e + +LOGLEVEL=${CELERY_LOGLEVEL:-INFO} +CONCURRENCY=${CELERY_WORKER_CONCURRENCY:-1} + +QUEUE=${1:-${CELERY_WORKER_QUEUE:=celery}} +WORKER_NAME=${2:-${CELERY_WORKER_NAME:="${QUEUE}"@%n}} + +_binary=$(which celery) + +if [[ "$ENABLE_COVERAGE" ]]; then + _binary="coverage run $_binary" +fi + +echo "Starting celery worker $WORKER_NAME with queue $QUEUE" +exec $_binary --workdir src --app objects.celery worker \ + -Q $QUEUE \ + -n $WORKER_NAME \ + -l $LOGLEVEL \ + -O fair \ + -c $CONCURRENCY diff --git a/docker-compose.yml b/docker-compose.yml index db1a1f51..12a173d3 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,9 +9,14 @@ services: - POSTGRES_USER=${DB_USER:-objects} - POSTGRES_PASSWORD=${DB_PASSWORD:-objects} + redis: + image: redis:7 + command: ["redis-server", "--appendonly", "yes"] + web: - build: . - environment: + build: &web_build + context: . + environment: &web_env - DJANGO_SETTINGS_MODULE=objects.conf.docker - SECRET_KEY=${SECRET_KEY:-1(@f(-6s_u(5fd&1sg^uvu2s(c-9sapw)1era8q&)g)h@cwxxg} - OBJECTS_SUPERUSER_USERNAME=admin @@ -22,8 +27,18 @@ services: - 8000:8000 depends_on: - db - volumes: + - redis + volumes: &web_volumes - media:/app/media # Shared media volume to get access to saved OAS files + celery: + build: *web_build + environment: *web_env + command: /celery_worker.sh + depends_on: + - db + - redis + volumes: *web_volumes + volumes: media: diff --git a/docs/installation/config.rst b/docs/installation/config.rst index 211826a9..e0f82432 100644 --- a/docs/installation/config.rst +++ b/docs/installation/config.rst @@ -29,8 +29,8 @@ Required settings Defaults to ``*`` for the ``docker`` environment and defaults to ``127.0.0.1,localhost`` for the ``dev`` environment. -Database settings ------------------ +Common settings +--------------- * ``DB_HOST``: Hostname of the PostgreSQL database. Defaults to ``db`` for the ``docker`` environment, otherwise defaults to ``localhost``. @@ -43,6 +43,12 @@ Database settings * ``DB_PORT``: Port number of the database. Defaults to ``5432``. +* ``CELERY_BROKER_URL``: URL for the Redis task broker for Celery. Defaults + to ``redis://127.0.0.1:6379/1``. + +* ``CELERY_RESULT_BACKEND``: URL for the Redis result broker for Celery. + Defaults to ``redis://127.0.0.1:6379/1``. + Elastic APM settings -------------------- @@ -84,17 +90,14 @@ Other settings sent to the Notificaties API for operations on the Object endpoint. Defaults to ``True`` for the ``dev`` environment, otherwise defaults to ``False``. -* ``TWO_FACTOR_FORCE_OTP_ADMIN``: Enforce 2 Factor Authentication in the admin or not. - Default ``True``. You'll probably want to disable this when using OIDC. - -* ``TWO_FACTOR_PATCH_ADMIN``: Whether to use the 2 Factor Authentication login flow for - the admin or not. Default ``True``. You'll probably want to disable this when using OIDC. - * ``USE_X_FORWARDED_HOST``: whether to grab the domain/host from the ``X-Forwarded-Host`` header or not. This header is typically set by reverse proxies (such as nginx, traefik, Apache...). Default ``False`` - this is a header that can be spoofed and you need to ensure you control it before enabling this. +* ``DISABLE_2FA``: whether to disable two-factor authentication. Defaults to ``False``. + If set to ``False``, 2FA will be required if not using OIDC. + Initial superuser creation -------------------------- diff --git a/requirements/base.in b/requirements/base.in index 82102590..90f6e98e 100644 --- a/requirements/base.in +++ b/requirements/base.in @@ -1,4 +1,5 @@ # Core python libraries +celery glom # data represenation based on spec Pillow # handle images psycopg2 # database driver @@ -8,13 +9,12 @@ python-decouple # processing of envvar configs jsonschema # Framework libraries -django~=3.2 +django~=4.2 django-admin-index django-axes django-redis django-rosetta -maykin-django-two-factor-auth -maykin-django-two-factor-auth[phonenumbers] +maykin-2fa mozilla-django-oidc-db # API libraries @@ -30,5 +30,6 @@ sentry-sdk # error monitoring elastic-apm # Elastic APM integration # Common ground libraries -vng-api-common[markdown_docs]>=1.6.4 +notifications-api-common +commonground-api-common[markdown_docs] zgw-consumers # external api auths diff --git a/requirements/base.txt b/requirements/base.txt index feaa7bd3..34996741 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -4,16 +4,28 @@ # # pip-compile --no-emit-index-url requirements/base.in # +amqp==5.2.0 + # via kombu asgiref==3.7.2 # via django +asn1crypto==1.5.1 + # via webauthn attrs==20.3.0 # via # glom # jsonschema +billiard==3.6.4.0 + # via celery boltons==21.0.0 # via # face # glom +cbor2==5.6.1 + # via webauthn +celery==5.2.2 + # via + # -r requirements/base.in + # notifications-api-common certifi==2020.12.5 # via # django-simple-certmanager @@ -24,24 +36,37 @@ cffi==1.16.0 # via cryptography chardet==4.0.0 # via requests +click==8.1.7 + # via + # celery + # click-didyoumean + # click-plugins + # click-repl +click-didyoumean==0.3.0 + # via celery +click-plugins==1.1.1 + # via celery +click-repl==0.3.0 + # via celery +commonground-api-common[markdown-docs,markdown_docs]==1.13.0 + # via -r requirements/base.in coreapi==2.3.3 - # via drf-yasg + # via commonground-api-common coreschema==0.0.4 - # via - # coreapi - # drf-yasg + # via coreapi cryptography==41.0.7 # via # django-simple-certmanager # josepy # mozilla-django-oidc # pyopenssl -django==3.2.23 + # webauthn +django==4.2.11 # via # -r requirements/base.in + # commonground-api-common # django-admin-index # django-axes - # django-choices # django-filter # django-formtools # django-jsonform @@ -56,47 +81,44 @@ django==3.2.23 # django-sendfile2 # django-simple-certmanager # django-solo + # django-two-factor-auth # djangorestframework # drf-nested-routers # drf-spectacular # drf-yasg - # maykin-django-two-factor-auth + # maykin-2fa # mozilla-django-oidc # mozilla-django-oidc-db - # vng-api-common + # notifications-api-common # zgw-consumers django-admin-index==3.1.0 # via -r requirements/base.in -django-axes==5.41.1 +django-axes==6.3.0 # via -r requirements/base.in -django-choices==2.0.0 - # via vng-api-common -django-filter==2.4.0 +django-filter==23.5 # via # -r requirements/base.in - # vng-api-common + # commonground-api-common django-formtools==2.3 - # via maykin-django-two-factor-auth -django-ipware==3.0.2 - # via django-axes + # via django-two-factor-auth django-jsonform==2.21.4 # via mozilla-django-oidc-db django-markup==1.3 - # via vng-api-common + # via commonground-api-common django-ordered-model==3.7.4 # via django-admin-index django-otp==1.0.6 - # via maykin-django-two-factor-auth + # via django-two-factor-auth django-phonenumber-field==5.2.0 - # via maykin-django-two-factor-auth + # via django-two-factor-auth django-privates==2.0.0.post0 # via django-simple-certmanager -django-redis==5.2.0 +django-redis==5.4.0 # via -r requirements/base.in django-relativedelta==2.0.0 # via zgw-consumers django-rest-framework-condition==0.1.1 - # via vng-api-common + # via commonground-api-common django-rosetta==0.9.8 # via -r requirements/base.in django-sendfile2==0.7.0 @@ -105,27 +127,33 @@ django-simple-certmanager==1.4.1 # via zgw-consumers django-solo==2.2.0 # via + # commonground-api-common # mozilla-django-oidc-db - # vng-api-common + # notifications-api-common # zgw-consumers -djangorestframework==3.12.4 +django-two-factor-auth[phonenumberslite,webauthn]==1.16.0 + # via maykin-2fa +djangorestframework==3.14.0 # via # -r requirements/base.in + # commonground-api-common # djangorestframework-gis # drf-nested-routers # drf-spectacular # drf-yasg - # vng-api-common -djangorestframework-camel-case==1.2.0 - # via vng-api-common + # notifications-api-common +djangorestframework-camel-case==1.4.2 + # via + # commonground-api-common + # notifications-api-common djangorestframework-gis==1.0 # via -r requirements/base.in drf-nested-routers==0.93.3 - # via vng-api-common -drf-spectacular==0.16.0 + # via commonground-api-common +drf-spectacular==0.26.5 # via -r requirements/base.in -drf-yasg==1.20.0 - # via vng-api-common +drf-yasg==1.21.7 + # via commonground-api-common elastic-apm==6.1.1 # via -r requirements/base.in face==20.1.1 @@ -134,7 +162,8 @@ faker==8.1.0 # via zgw-consumers gemma-zds-client==1.0.1 # via - # vng-api-common + # commonground-api-common + # notifications-api-common # zgw-consumers glom==23.5.0 # via @@ -147,51 +176,60 @@ inflection==0.5.1 # drf-spectacular # drf-yasg iso-639==0.4.5 - # via vng-api-common + # via commonground-api-common isodate==0.6.0 - # via vng-api-common + # via commonground-api-common itypes==1.2.0 # via coreapi jinja2==3.1.3 # via coreschema josepy==1.9.0 # via mozilla-django-oidc -jsonschema==3.2.0 +jsonschema==4.17.3 # via # -r requirements/base.in # drf-spectacular -markdown==3.3.4 - # via vng-api-common +kombu==5.3.5 + # via celery +markdown==3.5.2 + # via commonground-api-common markupsafe==2.1.3 # via jinja2 -maykin-django-two-factor-auth[phonenumbers]==2.0.3 +maykin-2fa==1.0.0 # via -r requirements/base.in mozilla-django-oidc==4.0.0 # via mozilla-django-oidc-db mozilla-django-oidc-db==0.14.1 # via -r requirements/base.in +notifications-api-common==0.2.2 + # via + # -r requirements/base.in + # commonground-api-common oyaml==1.0 - # via vng-api-common + # via commonground-api-common packaging==23.2 # via drf-yasg -phonenumbers==8.12.29 - # via maykin-django-two-factor-auth +phonenumberslite==8.13.30 + # via django-two-factor-auth pillow==10.2.0 # via -r requirements/base.in polib==1.1.1 # via django-rosetta +prompt-toolkit==3.0.43 + # via click-repl psycopg2==2.8.6 # via -r requirements/base.in pycparser==2.20 # via cffi pyjwt==2.4.0 # via + # commonground-api-common # gemma-zds-client - # vng-api-common pyopenssl==23.3.0 # via # django-simple-certmanager # josepy + # webauthn # zgw-consumers pyrsistent==0.17.3 # via jsonschema @@ -206,37 +244,36 @@ python-dotenv==1.0.0 pytz==2021.1 # via # -r requirements/base.in - # django + # celery + # djangorestframework + # drf-yasg pyyaml==6.0.1 # via # drf-spectacular + # drf-yasg # gemma-zds-client # oyaml - # vng-api-common qrcode==6.1 - # via maykin-django-two-factor-auth + # via django-two-factor-auth redis==3.5.3 # via django-redis requests==2.25.1 # via + # commonground-api-common # coreapi # django-rosetta # gemma-zds-client # mozilla-django-oidc # requests-mock - # vng-api-common # zgw-consumers requests-mock==1.8.0 # via zgw-consumers -ruamel-yaml==0.17.4 - # via drf-yasg sentry-sdk==1.0.0 # via -r requirements/base.in -six==1.15.0 +six==1.16.0 # via # django-markup # isodate - # jsonschema # python-dateutil # qrcode # requests-mock @@ -258,12 +295,19 @@ urllib3==1.26.6 # sentry-sdk uwsgi==2.0.21 # via -r requirements/base.in -vng-api-common[markdown-docs]==1.8.0 +vine==5.1.0 # via - # -r requirements/base.in - # vng-api-common + # amqp + # celery + # kombu +wcwidth==0.2.13 + # via prompt-toolkit +webauthn==2.0.0 + # via django-two-factor-auth zgw-consumers==0.27.0 - # via -r requirements/base.in + # via + # -r requirements/base.in + # notifications-api-common # The following packages are considered to be unsafe in a requirements file: # setuptools diff --git a/requirements/ci.txt b/requirements/ci.txt index 0f320a93..4bdc9878 100644 --- a/requirements/ci.txt +++ b/requirements/ci.txt @@ -4,10 +4,18 @@ # # pip-compile --no-emit-index-url --output-file=requirements/ci.txt requirements/base.txt requirements/test-tools.in # +amqp==5.2.0 + # via + # -r requirements/base.txt + # kombu asgiref==3.7.2 # via # -r requirements/base.txt # django +asn1crypto==1.5.1 + # via + # -r requirements/base.txt + # webauthn attrs==20.3.0 # via # -r requirements/base.txt @@ -15,11 +23,23 @@ attrs==20.3.0 # jsonschema beautifulsoup4==4.9.3 # via webtest +billiard==3.6.4.0 + # via + # -r requirements/base.txt + # celery boltons==21.0.0 # via # -r requirements/base.txt # face # glom +cbor2==5.6.1 + # via + # -r requirements/base.txt + # webauthn +celery==5.2.2 + # via + # -r requirements/base.txt + # notifications-api-common certifi==2020.12.5 # via # -r requirements/base.txt @@ -35,15 +55,37 @@ chardet==4.0.0 # via # -r requirements/base.txt # requests +click==8.1.7 + # via + # -r requirements/base.txt + # celery + # click-didyoumean + # click-plugins + # click-repl +click-didyoumean==0.3.0 + # via + # -r requirements/base.txt + # celery +click-plugins==1.1.1 + # via + # -r requirements/base.txt + # celery +click-repl==0.3.0 + # via + # -r requirements/base.txt + # celery +commonground-api-common[markdown-docs]==1.13.0 + # via + # -r requirements/base.txt + # commonground-api-common coreapi==2.3.3 # via # -r requirements/base.txt - # drf-yasg + # commonground-api-common coreschema==0.0.4 # via # -r requirements/base.txt # coreapi - # drf-yasg coverage==4.5.4 # via -r requirements/test-tools.in cryptography==41.0.7 @@ -53,14 +95,15 @@ cryptography==41.0.7 # josepy # mozilla-django-oidc # pyopenssl + # webauthn cssselect==1.1.0 # via pyquery -django==3.2.23 +django==4.2.11 # via # -r requirements/base.txt + # commonground-api-common # django-admin-index # django-axes - # django-choices # django-filter # django-formtools # django-jsonform @@ -75,41 +118,36 @@ django==3.2.23 # django-sendfile2 # django-simple-certmanager # django-solo + # django-two-factor-auth # djangorestframework # drf-nested-routers # drf-spectacular # drf-yasg - # maykin-django-two-factor-auth + # maykin-2fa # mozilla-django-oidc # mozilla-django-oidc-db - # vng-api-common + # notifications-api-common # zgw-consumers django-admin-index==3.1.0 # via -r requirements/base.txt -django-axes==5.41.1 +django-axes==6.3.0 # via -r requirements/base.txt -django-choices==2.0.0 +django-filter==23.5 # via # -r requirements/base.txt - # vng-api-common -django-filter==2.4.0 - # via - # -r requirements/base.txt - # vng-api-common + # commonground-api-common django-formtools==2.3 # via # -r requirements/base.txt - # maykin-django-two-factor-auth -django-ipware==3.0.2 - # via - # -r requirements/base.txt - # django-axes + # django-two-factor-auth django-jsonform==2.21.4 # via # -r requirements/base.txt # mozilla-django-oidc-db django-markup==1.3 - # via -r requirements/base.txt + # via + # -r requirements/base.txt + # commonground-api-common django-ordered-model==3.7.4 # via # -r requirements/base.txt @@ -117,16 +155,16 @@ django-ordered-model==3.7.4 django-otp==1.0.6 # via # -r requirements/base.txt - # maykin-django-two-factor-auth + # django-two-factor-auth django-phonenumber-field==5.2.0 # via # -r requirements/base.txt - # maykin-django-two-factor-auth + # django-two-factor-auth django-privates==2.0.0.post0 # via # -r requirements/base.txt # django-simple-certmanager -django-redis==5.2.0 +django-redis==5.4.0 # via -r requirements/base.txt django-relativedelta==2.0.0 # via @@ -135,7 +173,7 @@ django-relativedelta==2.0.0 django-rest-framework-condition==0.1.1 # via # -r requirements/base.txt - # vng-api-common + # commonground-api-common django-rosetta==0.9.8 # via -r requirements/base.txt django-sendfile2==0.7.0 @@ -149,35 +187,43 @@ django-simple-certmanager==1.4.1 django-solo==2.2.0 # via # -r requirements/base.txt + # commonground-api-common # mozilla-django-oidc-db - # vng-api-common + # notifications-api-common # zgw-consumers +django-two-factor-auth[phonenumberslite,webauthn]==1.16.0 + # via + # -r requirements/base.txt + # django-two-factor-auth + # maykin-2fa django-webtest==1.9.7 # via -r requirements/test-tools.in -djangorestframework==3.12.4 +djangorestframework==3.14.0 # via # -r requirements/base.txt + # commonground-api-common # djangorestframework-gis # drf-nested-routers # drf-spectacular # drf-yasg - # vng-api-common -djangorestframework-camel-case==1.2.0 + # notifications-api-common +djangorestframework-camel-case==1.4.2 # via # -r requirements/base.txt - # vng-api-common + # commonground-api-common + # notifications-api-common djangorestframework-gis==1.0 # via -r requirements/base.txt drf-nested-routers==0.93.3 # via # -r requirements/base.txt - # vng-api-common -drf-spectacular==0.16.0 + # commonground-api-common +drf-spectacular==0.26.5 # via -r requirements/base.txt -drf-yasg==1.20.0 +drf-yasg==1.21.7 # via # -r requirements/base.txt - # vng-api-common + # commonground-api-common elastic-apm==6.1.1 # via -r requirements/base.txt face==20.1.1 @@ -196,7 +242,8 @@ freezegun==1.1.0 gemma-zds-client==1.0.1 # via # -r requirements/base.txt - # vng-api-common + # commonground-api-common + # notifications-api-common # zgw-consumers glom==23.5.0 # via @@ -214,11 +261,11 @@ inflection==0.5.1 iso-639==0.4.5 # via # -r requirements/base.txt - # vng-api-common + # commonground-api-common isodate==0.6.0 # via # -r requirements/base.txt - # vng-api-common + # commonground-api-common itypes==1.2.0 # via # -r requirements/base.txt @@ -231,46 +278,58 @@ josepy==1.9.0 # via # -r requirements/base.txt # mozilla-django-oidc -jsonschema==3.2.0 +jsonschema==4.17.3 # via # -r requirements/base.txt # drf-spectacular +kombu==5.3.5 + # via + # -r requirements/base.txt + # celery lxml==4.7.1 # via pyquery -markdown==3.3.4 - # via -r requirements/base.txt -markupsafe==2.1.3 +markdown==3.5.2 # via # -r requirements/base.txt - # jinja2 -maykin-django-two-factor-auth[phonenumbers]==2.0.3 + # commonground-api-common +markupsafe==2.1.3 # via # -r requirements/base.txt - # maykin-django-two-factor-auth + # jinja2 +maykin-2fa==1.0.0 + # via -r requirements/base.txt mozilla-django-oidc==4.0.0 # via # -r requirements/base.txt # mozilla-django-oidc-db mozilla-django-oidc-db==0.14.1 # via -r requirements/base.txt +notifications-api-common==0.2.2 + # via + # -r requirements/base.txt + # commonground-api-common oyaml==1.0 # via # -r requirements/base.txt - # vng-api-common + # commonground-api-common packaging==23.2 # via # -r requirements/base.txt # drf-yasg -phonenumbers==8.12.29 +phonenumberslite==8.13.30 # via # -r requirements/base.txt - # maykin-django-two-factor-auth + # django-two-factor-auth pillow==10.2.0 # via -r requirements/base.txt polib==1.1.1 # via # -r requirements/base.txt # django-rosetta +prompt-toolkit==3.0.43 + # via + # -r requirements/base.txt + # click-repl psycopg2==2.8.6 # via -r requirements/base.txt pycparser==2.20 @@ -280,13 +339,14 @@ pycparser==2.20 pyjwt==2.4.0 # via # -r requirements/base.txt + # commonground-api-common # gemma-zds-client - # vng-api-common pyopenssl==23.3.0 # via # -r requirements/base.txt # django-simple-certmanager # josepy + # webauthn # zgw-consumers pyquery==1.4.3 # via -r requirements/test-tools.in @@ -307,18 +367,20 @@ python-dotenv==1.0.0 pytz==2021.1 # via # -r requirements/base.txt - # django + # celery + # djangorestframework + # drf-yasg pyyaml==6.0.1 # via # -r requirements/base.txt # drf-spectacular + # drf-yasg # gemma-zds-client # oyaml - # vng-api-common qrcode==6.1 # via # -r requirements/base.txt - # maykin-django-two-factor-auth + # django-two-factor-auth redis==3.5.3 # via # -r requirements/base.txt @@ -326,30 +388,25 @@ redis==3.5.3 requests==2.25.1 # via # -r requirements/base.txt + # commonground-api-common # coreapi # django-rosetta # gemma-zds-client # mozilla-django-oidc # requests-mock - # vng-api-common # zgw-consumers requests-mock==1.8.0 # via # -r requirements/base.txt # -r requirements/test-tools.in # zgw-consumers -ruamel-yaml==0.17.4 - # via - # -r requirements/base.txt - # drf-yasg sentry-sdk==1.0.0 # via -r requirements/base.txt -six==1.15.0 +six==1.16.0 # via # -r requirements/base.txt # django-markup # isodate - # jsonschema # python-dateutil # qrcode # requests-mock @@ -384,18 +441,30 @@ urllib3==1.26.6 # sentry-sdk uwsgi==2.0.21 # via -r requirements/base.txt -vng-api-common[markdown-docs]==1.8.0 +vine==5.1.0 # via # -r requirements/base.txt - # vng-api-common + # amqp + # celery + # kombu waitress==2.1.1 # via webtest +wcwidth==0.2.13 + # via + # -r requirements/base.txt + # prompt-toolkit +webauthn==2.0.0 + # via + # -r requirements/base.txt + # django-two-factor-auth webob==1.8.7 # via webtest webtest==2.0.35 # via django-webtest zgw-consumers==0.27.0 - # via -r requirements/base.txt + # via + # -r requirements/base.txt + # notifications-api-common # The following packages are considered to be unsafe in a requirements file: # setuptools diff --git a/requirements/dev.txt b/requirements/dev.txt index 1f2e664a..4fcc442b 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -6,10 +6,18 @@ # alabaster==0.7.12 # via sphinx +amqp==5.2.0 + # via + # -r requirements/ci.txt + # kombu asgiref==3.7.2 # via # -r requirements/ci.txt # django +asn1crypto==1.5.1 + # via + # -r requirements/ci.txt + # webauthn attrs==20.3.0 # via # -r requirements/ci.txt @@ -21,6 +29,10 @@ beautifulsoup4==4.9.3 # via # -r requirements/ci.txt # webtest +billiard==3.6.4.0 + # via + # -r requirements/ci.txt + # celery black==23.12.1 # via -r requirements/dev.in boltons==21.0.0 @@ -34,6 +46,14 @@ bump2version==1.0.1 # via bumpversion bumpversion==0.6.0 # via -r requirements/dev.in +cbor2==5.6.1 + # via + # -r requirements/ci.txt + # webauthn +celery==5.2.2 + # via + # -r requirements/ci.txt + # notifications-api-common certifi==2020.12.5 # via # -r requirements/ci.txt @@ -51,19 +71,39 @@ chardet==4.0.0 # requests click==8.1.7 # via + # -r requirements/ci.txt # black + # celery + # click-didyoumean + # click-plugins + # click-repl # pip-tools +click-didyoumean==0.3.0 + # via + # -r requirements/ci.txt + # celery +click-plugins==1.1.1 + # via + # -r requirements/ci.txt + # celery +click-repl==0.3.0 + # via + # -r requirements/ci.txt + # celery +commonground-api-common[markdown-docs]==1.13.0 + # via + # -r requirements/ci.txt + # commonground-api-common commonmark==0.9.1 # via recommonmark coreapi==2.3.3 # via # -r requirements/ci.txt - # drf-yasg + # commonground-api-common coreschema==0.0.4 # via # -r requirements/ci.txt # coreapi - # drf-yasg coverage==4.5.4 # via -r requirements/ci.txt cryptography==41.0.7 @@ -73,16 +113,17 @@ cryptography==41.0.7 # josepy # mozilla-django-oidc # pyopenssl + # webauthn cssselect==1.1.0 # via # -r requirements/ci.txt # pyquery -django==3.2.23 +django==4.2.11 # via # -r requirements/ci.txt + # commonground-api-common # django-admin-index # django-axes - # django-choices # django-debug-toolbar # django-extensions # django-filter @@ -99,39 +140,32 @@ django==3.2.23 # django-sendfile2 # django-simple-certmanager # django-solo + # django-two-factor-auth # djangorestframework # drf-nested-routers # drf-spectacular # drf-yasg - # maykin-django-two-factor-auth + # maykin-2fa # mozilla-django-oidc # mozilla-django-oidc-db - # vng-api-common + # notifications-api-common # zgw-consumers django-admin-index==3.1.0 # via -r requirements/ci.txt -django-axes==5.41.1 +django-axes==6.3.0 # via -r requirements/ci.txt -django-choices==2.0.0 - # via - # -r requirements/ci.txt - # vng-api-common django-debug-toolbar==4.2.0 # via -r requirements/dev.in django-extensions==3.2.3 # via -r requirements/dev.in -django-filter==2.4.0 +django-filter==23.5 # via # -r requirements/ci.txt - # vng-api-common + # commonground-api-common django-formtools==2.3 # via # -r requirements/ci.txt - # maykin-django-two-factor-auth -django-ipware==3.0.2 - # via - # -r requirements/ci.txt - # django-axes + # django-two-factor-auth django-jsonform==2.21.4 # via # -r requirements/ci.txt @@ -145,16 +179,16 @@ django-ordered-model==3.7.4 django-otp==1.0.6 # via # -r requirements/ci.txt - # maykin-django-two-factor-auth + # django-two-factor-auth django-phonenumber-field==5.2.0 # via # -r requirements/ci.txt - # maykin-django-two-factor-auth + # django-two-factor-auth django-privates==2.0.0.post0 # via # -r requirements/ci.txt # django-simple-certmanager -django-redis==5.2.0 +django-redis==5.4.0 # via -r requirements/ci.txt django-relativedelta==2.0.0 # via @@ -163,7 +197,7 @@ django-relativedelta==2.0.0 django-rest-framework-condition==0.1.1 # via # -r requirements/ci.txt - # vng-api-common + # commonground-api-common django-rosetta==0.9.8 # via -r requirements/ci.txt django-sendfile2==0.7.0 @@ -177,23 +211,31 @@ django-simple-certmanager==1.4.1 django-solo==2.2.0 # via # -r requirements/ci.txt + # commonground-api-common # mozilla-django-oidc-db - # vng-api-common + # notifications-api-common # zgw-consumers +django-two-factor-auth[phonenumberslite,webauthn]==1.16.0 + # via + # -r requirements/ci.txt + # django-two-factor-auth + # maykin-2fa django-webtest==1.9.7 # via -r requirements/ci.txt -djangorestframework==3.12.4 +djangorestframework==3.14.0 # via # -r requirements/ci.txt + # commonground-api-common # djangorestframework-gis # drf-nested-routers # drf-spectacular # drf-yasg - # vng-api-common -djangorestframework-camel-case==1.2.0 + # notifications-api-common +djangorestframework-camel-case==1.4.2 # via # -r requirements/ci.txt - # vng-api-common + # commonground-api-common + # notifications-api-common djangorestframework-gis==1.0 # via -r requirements/ci.txt docutils==0.18.1 @@ -205,13 +247,13 @@ docutils==0.18.1 drf-nested-routers==0.93.3 # via # -r requirements/ci.txt - # vng-api-common -drf-spectacular==0.16.0 + # commonground-api-common +drf-spectacular==0.26.5 # via -r requirements/ci.txt -drf-yasg==1.20.0 +drf-yasg==1.21.7 # via # -r requirements/ci.txt - # vng-api-common + # commonground-api-common elastic-apm==6.1.1 # via -r requirements/ci.txt face==20.1.1 @@ -232,7 +274,8 @@ freezegun==1.1.0 gemma-zds-client==1.0.1 # via # -r requirements/ci.txt - # vng-api-common + # commonground-api-common + # notifications-api-common # zgw-consumers glom==23.5.0 # via @@ -252,11 +295,11 @@ inflection==0.5.1 iso-639==0.4.5 # via # -r requirements/ci.txt - # vng-api-common + # commonground-api-common isodate==0.6.0 # via # -r requirements/ci.txt - # vng-api-common + # commonground-api-common isort==5.13.2 # via -r requirements/dev.in itypes==1.2.0 @@ -272,24 +315,26 @@ josepy==1.9.0 # via # -r requirements/ci.txt # mozilla-django-oidc -jsonschema==3.2.0 +jsonschema==4.17.3 # via # -r requirements/ci.txt # drf-spectacular +kombu==5.3.5 + # via + # -r requirements/ci.txt + # celery lxml==4.7.1 # via # -r requirements/ci.txt # pyquery -markdown==3.3.4 +markdown==3.5.2 # via -r requirements/ci.txt markupsafe==2.1.3 # via # -r requirements/ci.txt # jinja2 -maykin-django-two-factor-auth[phonenumbers]==2.0.3 - # via - # -r requirements/ci.txt - # maykin-django-two-factor-auth +maykin-2fa==1.0.0 + # via -r requirements/ci.txt mccabe==0.7.0 # via flake8 mozilla-django-oidc==4.0.0 @@ -300,10 +345,14 @@ mozilla-django-oidc-db==0.14.1 # via -r requirements/ci.txt mypy-extensions==0.4.3 # via black +notifications-api-common==0.2.2 + # via + # -r requirements/ci.txt + # commonground-api-common oyaml==1.0 # via # -r requirements/ci.txt - # vng-api-common + # commonground-api-common packaging==23.2 # via # -r requirements/ci.txt @@ -313,10 +362,10 @@ packaging==23.2 # sphinx pathspec==0.11.2 # via black -phonenumbers==8.12.29 +phonenumberslite==8.13.30 # via # -r requirements/ci.txt - # maykin-django-two-factor-auth + # django-two-factor-auth pillow==10.2.0 # via -r requirements/ci.txt pip-tools==7.3.0 @@ -327,6 +376,10 @@ polib==1.1.1 # via # -r requirements/ci.txt # django-rosetta +prompt-toolkit==3.0.43 + # via + # -r requirements/ci.txt + # click-repl psycopg2==2.8.6 # via -r requirements/ci.txt pycodestyle==2.11.1 @@ -344,13 +397,14 @@ pygments==2.17.2 pyjwt==2.4.0 # via # -r requirements/ci.txt + # commonground-api-common # gemma-zds-client - # vng-api-common pyopenssl==23.3.0 # via # -r requirements/ci.txt # django-simple-certmanager # josepy + # webauthn # zgw-consumers pyproject-hooks==1.0.0 # via build @@ -374,18 +428,20 @@ pytz==2021.1 # via # -r requirements/ci.txt # babel - # django + # celery + # djangorestframework + # drf-yasg pyyaml==6.0.1 # via # -r requirements/ci.txt # drf-spectacular + # drf-yasg # gemma-zds-client # oyaml - # vng-api-common qrcode==6.1 # via # -r requirements/ci.txt - # maykin-django-two-factor-auth + # django-two-factor-auth recommonmark==0.7.1 # via -r requirements/dev.in redis==3.5.3 @@ -395,30 +451,25 @@ redis==3.5.3 requests==2.25.1 # via # -r requirements/ci.txt + # commonground-api-common # coreapi # django-rosetta # gemma-zds-client # mozilla-django-oidc # requests-mock # sphinx - # vng-api-common # zgw-consumers requests-mock==1.8.0 # via # -r requirements/ci.txt # zgw-consumers -ruamel-yaml==0.17.4 - # via - # -r requirements/ci.txt - # drf-yasg sentry-sdk==1.0.0 # via -r requirements/ci.txt -six==1.15.0 +six==1.16.0 # via # -r requirements/ci.txt # django-markup # isodate - # jsonschema # python-dateutil # qrcode # requests-mock @@ -490,14 +541,24 @@ urllib3==1.26.6 # sentry-sdk uwsgi==2.0.21 # via -r requirements/ci.txt -vng-api-common[markdown-docs]==1.8.0 +vine==5.1.0 # via # -r requirements/ci.txt - # vng-api-common + # amqp + # celery + # kombu waitress==2.1.1 # via # -r requirements/ci.txt # webtest +wcwidth==0.2.13 + # via + # -r requirements/ci.txt + # prompt-toolkit +webauthn==2.0.0 + # via + # -r requirements/ci.txt + # django-two-factor-auth webob==1.8.7 # via # -r requirements/ci.txt @@ -509,7 +570,9 @@ webtest==2.0.35 wheel==0.42.0 # via pip-tools zgw-consumers==0.27.0 - # via -r requirements/ci.txt + # via + # -r requirements/ci.txt + # notifications-api-common # The following packages are considered to be unsafe in a requirements file: # pip diff --git a/src/objects/__init__.py b/src/objects/__init__.py index 85d26250..77df6d6b 100644 --- a/src/objects/__init__.py +++ b/src/objects/__init__.py @@ -1,3 +1,6 @@ +from .celery import app as celery_app + +__all__ = ("celery_app",) __version__ = "2.2.1" __author__ = "Maykin Media" __homepage__ = "https://github.com/maykinmedia/objects-api" diff --git a/src/objects/accounts/management/commands/createinitialsuperuser.py b/src/objects/accounts/management/commands/createinitialsuperuser.py index 436dadc0..42680e00 100644 --- a/src/objects/accounts/management/commands/createinitialsuperuser.py +++ b/src/objects/accounts/management/commands/createinitialsuperuser.py @@ -1,4 +1,6 @@ import os +import secrets +import string from django.conf import settings from django.contrib.auth.management.commands.createsuperuser import ( @@ -50,7 +52,8 @@ def handle(self, **options): user = qs.get() if not password and options["generate_password"]: - password = self.UserModel.objects.make_random_password(length=20) + alphabet = string.ascii_letters + string.digits + password = "".join(secrets.choice(alphabet) for _ in range(20)) if password: self.stdout.write("Setting user password...") diff --git a/src/objects/api/fields.py b/src/objects/api/fields.py index 3cd1b28f..1e4a2da1 100644 --- a/src/objects/api/fields.py +++ b/src/objects/api/fields.py @@ -1,5 +1,5 @@ from django.core.exceptions import ObjectDoesNotExist -from django.utils.encoding import smart_text +from django.utils.encoding import smart_str from django.utils.translation import gettext_lazy as _ from rest_framework import serializers @@ -42,7 +42,7 @@ def to_internal_value(self, data): try: return self.get_queryset().get_by_url(data) except ObjectDoesNotExist: - self.fail("does_not_exist", value=smart_text(data)) + self.fail("does_not_exist", value=smart_str(data)) except (TypeError, ValueError): self.fail("invalid") diff --git a/src/objects/api/kanalen.py b/src/objects/api/kanalen.py index 2ac56ccf..d2b29bb1 100644 --- a/src/objects/api/kanalen.py +++ b/src/objects/api/kanalen.py @@ -3,7 +3,7 @@ from django.conf import settings from django.db import models -from vng_api_common.notifications.kanalen import Kanaal +from notifications_api_common.kanalen import Kanaal from objects.core.models import ObjectRecord diff --git a/src/objects/api/mixins.py b/src/objects/api/mixins.py index dad3010d..1731b3bf 100644 --- a/src/objects/api/mixins.py +++ b/src/objects/api/mixins.py @@ -1,5 +1,10 @@ from django.db import models +from notifications_api_common.viewsets import ( + NotificationCreateMixin, + NotificationDestroyMixin, + conditional_atomic, +) from rest_framework.exceptions import NotAcceptable from rest_framework.renderers import BrowsableAPIRenderer from vng_api_common.exceptions import PreconditionFailed @@ -10,11 +15,6 @@ GeoMixin as _GeoMixin, extract_header, ) -from vng_api_common.notifications.viewsets import ( - NotificationCreateMixin, - NotificationDestroyMixin, - conditional_atomic, -) class GeoMixin(_GeoMixin): diff --git a/src/objects/api/v1/filters.py b/src/objects/api/v1/filters.py index 49b9e70d..bb36d9f6 100644 --- a/src/objects/api/v1/filters.py +++ b/src/objects/api/v1/filters.py @@ -1,3 +1,5 @@ +from datetime import date as date_ + from django import forms from django.utils.translation import gettext_lazy as _ @@ -108,8 +110,8 @@ def filter_data_attrs(self, queryset, name, value: str): return queryset - def filter_date(self, queryset, name, value: date): + def filter_date(self, queryset, name, value: date_): return queryset.filter_for_date(value) - def filter_registration_date(self, queryset, name, value: date): + def filter_registration_date(self, queryset, name, value: date_): return queryset.filter_for_registration_date(value) diff --git a/src/objects/api/v1/openapi.yaml b/src/objects/api/v1/openapi.yaml index 832f404a..2fdecd42 100644 --- a/src/objects/api/v1/openapi.yaml +++ b/src/objects/api/v1/openapi.yaml @@ -639,8 +639,8 @@ components: typeVersion: type: integer maximum: 32767 - description: Version of the OBJECTTYPE for data in the object record minimum: 0 + description: Version of the OBJECTTYPE for data in the object record data: type: object additionalProperties: {} @@ -661,6 +661,7 @@ components: type: string format: date readOnly: true + nullable: true description: Legal end date of the object record registrationAt: type: string @@ -668,13 +669,17 @@ components: readOnly: true description: The date when the record was registered in the system correctionFor: - type: string - readOnly: true + type: integer + maximum: 2147483647 + minimum: 0 description: Index of the record corrected by the current record - correctedBy: - type: string readOnly: true + correctedBy: + type: integer + maximum: 2147483647 + minimum: 0 description: Index of the record, which corrects the current record + readOnly: true required: - startAt - typeVersion @@ -786,8 +791,8 @@ components: typeVersion: type: integer maximum: 32767 - description: Version of the OBJECTTYPE for data in the object record minimum: 0 + description: Version of the OBJECTTYPE for data in the object record data: type: object additionalProperties: {} @@ -808,6 +813,7 @@ components: type: string format: date readOnly: true + nullable: true description: Legal end date of the object record registrationAt: type: string @@ -815,12 +821,16 @@ components: readOnly: true description: The date when the record was registered in the system correctionFor: - type: string + type: integer + maximum: 2147483647 + minimum: 0 description: Index of the record corrected by the current record correctedBy: - type: string - readOnly: true + type: integer + maximum: 2147483647 + minimum: 0 description: Index of the record, which corrects the current record + readOnly: true required: - startAt - typeVersion diff --git a/src/objects/api/v2/openapi.yaml b/src/objects/api/v2/openapi.yaml index d47d0b7f..4e3a2f7f 100644 --- a/src/objects/api/v2/openapi.yaml +++ b/src/objects/api/v2/openapi.yaml @@ -727,8 +727,8 @@ components: typeVersion: type: integer maximum: 32767 - description: Version of the OBJECTTYPE for data in the object record minimum: 0 + description: Version of the OBJECTTYPE for data in the object record data: type: object additionalProperties: {} @@ -749,6 +749,7 @@ components: type: string format: date readOnly: true + nullable: true description: Legal end date of the object record registrationAt: type: string @@ -756,13 +757,17 @@ components: readOnly: true description: The date when the record was registered in the system correctionFor: - type: string - readOnly: true + type: integer + maximum: 2147483647 + minimum: 0 description: Index of the record corrected by the current record - correctedBy: - type: string readOnly: true + correctedBy: + type: integer + maximum: 2147483647 + minimum: 0 description: Index of the record, which corrects the current record + readOnly: true required: - startAt - typeVersion @@ -787,6 +792,9 @@ components: - read_only - read_and_write type: string + description: |- + * `read_only` - Read-only + * `read_and_write` - Read and write MultiLineString: type: object description: GeoJSON multi-line-string geometry @@ -879,8 +887,8 @@ components: typeVersion: type: integer maximum: 32767 - description: Version of the OBJECTTYPE for data in the object record minimum: 0 + description: Version of the OBJECTTYPE for data in the object record data: type: object additionalProperties: {} @@ -901,6 +909,7 @@ components: type: string format: date readOnly: true + nullable: true description: Legal end date of the object record registrationAt: type: string @@ -908,12 +917,16 @@ components: readOnly: true description: The date when the record was registered in the system correctionFor: - type: string + type: integer + maximum: 2147483647 + minimum: 0 description: Index of the record corrected by the current record correctedBy: - type: string - readOnly: true + type: integer + maximum: 2147483647 + minimum: 0 description: Index of the record, which corrects the current record + readOnly: true required: - startAt - typeVersion @@ -1022,7 +1035,11 @@ components: mode: allOf: - $ref: '#/components/schemas/ModeEnum' - description: Permission mode + description: |- + Permission mode + + * `read_only` - Read-only + * `read_and_write` - Read and write use_fields: type: boolean description: Use field-based authorization diff --git a/src/objects/celery.py b/src/objects/celery.py new file mode 100644 index 00000000..f5c5e0e0 --- /dev/null +++ b/src/objects/celery.py @@ -0,0 +1,9 @@ +from celery import Celery + +from .setup import setup_env + +setup_env() + +app = Celery("objects") +app.config_from_object("django.conf:settings", namespace="CELERY") +app.autodiscover_tasks() diff --git a/src/objects/conf/base.py b/src/objects/conf/base.py index d77e8afb..db8e498c 100644 --- a/src/objects/conf/base.py +++ b/src/objects/conf/base.py @@ -79,14 +79,15 @@ "solo", "django_markup", "vng_api_common", - "vng_api_common.notifications", + "notifications_api_common", "simple_certmanager", "zgw_consumers", - # 2fa apps + # Two-factor authentication in the Django admin, enforced. "django_otp", "django_otp.plugins.otp_static", "django_otp.plugins.otp_totp", "two_factor", + "maykin_2fa", # Project applications. "objects.accounts", "objects.api", @@ -102,11 +103,11 @@ "django.middleware.common.CommonMiddleware", "django.middleware.csrf.CsrfViewMiddleware", "django.contrib.auth.middleware.AuthenticationMiddleware", + "maykin_2fa.middleware.OTPMiddleware", "mozilla_django_oidc_db.middleware.SessionRefresh", "django.contrib.messages.middleware.MessageMiddleware", "django.middleware.clickjacking.XFrameOptionsMiddleware", "axes.middleware.AxesMiddleware", - "django_otp.middleware.OTPMiddleware", ] ROOT_URLCONF = "objects.urls" @@ -171,8 +172,6 @@ USE_I18N = True -USE_L10N = True - USE_TZ = True USE_THOUSAND_SEPARATOR = True @@ -331,7 +330,7 @@ "objects.utils.admin_index.should_display_dropdown_menu" ) -# Django-Axes (4.0+) +# Django-Axes # # The number of login attempts allowed before a record is created for the # failed logins. Default: 3 @@ -340,15 +339,10 @@ # will be forgotten. Can be set to a python timedelta object or an integer. If # an integer, will be interpreted as a number of hours. Default: None AXES_COOLOFF_TIME = 1 -# If True only locks based on user id and never locks by IP if attempts limit -# exceed, otherwise utilize the existing IP and user locking logic Default: -# False -AXES_ONLY_USER_FAILURES = True # If set, specifies a template to render when a user is locked out. Template # receives cooloff_time and failure_limit as context variables. Default: None AXES_LOCKOUT_TEMPLATE = "account_blocked.html" -AXES_USE_USER_AGENT = True # Default: False -AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP = True # Default: False +AXES_LOCKOUT_PARAMETERS = [["ip_address", "user_agent", "username"]] # The default meta precedence order IPWARE_META_PRECEDENCE_ORDER = ( @@ -426,10 +420,21 @@ NOTIFICATIONS_DISABLED = config("NOTIFICATIONS_DISABLED", False) # -# Maykin fork of DJANGO-TWO-FACTOR-AUTH +# MAYKIN-2FA +# Uses django-two-factor-auth under the hood, so relevant upstream package settings +# apply too. # -TWO_FACTOR_FORCE_OTP_ADMIN = config("TWO_FACTOR_FORCE_OTP_ADMIN", not DEBUG) -TWO_FACTOR_PATCH_ADMIN = config("TWO_FACTOR_PATCH_ADMIN", True) + +# we run the admin site monkeypatch instead. +TWO_FACTOR_PATCH_ADMIN = False +# add entries from AUTHENTICATION_BACKENDS that already enforce their own two-factor +# auth, avoiding having some set up MFA again in the project. +MAYKIN_2FA_ALLOW_MFA_BYPASS_BACKENDS = [ + "mozilla_django_oidc_db.backends.OIDCAuthenticationBackend", +] + +if config("DISABLE_2FA", default=False): # pragma: no cover + MAYKIN_2FA_ALLOW_MFA_BYPASS_BACKENDS = AUTHENTICATION_BACKENDS # # Mozilla Django OIDC DB settings @@ -437,3 +442,15 @@ OIDC_AUTHENTICATE_CLASS = "mozilla_django_oidc_db.views.OIDCAuthenticationRequestView" MOZILLA_DJANGO_OIDC_DB_CACHE = "oidc" MOZILLA_DJANGO_OIDC_DB_CACHE_TIMEOUT = 5 * 60 + +# +# CELERY - async task queue +# +CELERY_BROKER_URL = config("CELERY_BROKER_URL", "redis://localhost:6379/0") +CELERY_RESULT_BACKEND = config("CELERY_RESULT_BACKEND", "redis://localhost:6379/0") + +# Add (by default) 5 (soft), 15 (hard) minute timeouts to all Celery tasks. +CELERY_TASK_TIME_LIMIT = config("CELERY_TASK_HARD_TIME_LIMIT", default=15 * 60) # hard +CELERY_TASK_SOFT_TIME_LIMIT = config( + "CELERY_TASK_SOFT_TIME_LIMIT", default=5 * 60 +) # soft diff --git a/src/objects/conf/ci.py b/src/objects/conf/ci.py index 23946766..def866cd 100644 --- a/src/objects/conf/ci.py +++ b/src/objects/conf/ci.py @@ -29,9 +29,3 @@ AXES_BEHIND_REVERSE_PROXY = False NOTIFICATIONS_DISABLED = True - - -# -# Maykin fork of django-two-factor-auth -# -TWO_FACTOR_FORCE_OTP_ADMIN = False diff --git a/src/objects/conf/dev.py b/src/objects/conf/dev.py index f06e07ec..0c77b1b7 100644 --- a/src/objects/conf/dev.py +++ b/src/objects/conf/dev.py @@ -102,8 +102,10 @@ if "test" in sys.argv: NOTIFICATIONS_DISABLED = True - TWO_FACTOR_PATCH_ADMIN = False - TWO_FACTOR_FORCE_OTP_ADMIN = False + +# None of the authentication backends require two-factor authentication. +if config("DISABLE_2FA", default=True): # pragma: no cover + MAYKIN_2FA_ALLOW_MFA_BYPASS_BACKENDS = AUTHENTICATION_BACKENDS # Override settings with local settings. try: diff --git a/src/objects/fixtures/default_admin_index.json b/src/objects/fixtures/default_admin_index.json index b11e8500..48aa5b94 100644 --- a/src/objects/fixtures/default_admin_index.json +++ b/src/objects/fixtures/default_admin_index.json @@ -29,7 +29,7 @@ "appgroup" ], [ - "notifications", + "notifications_api_common", "notificationsconfig" ], [ diff --git a/src/objects/templates/admin/base_site.html b/src/objects/templates/admin/base_site.html index 6e1a9e1f..1352afce 100644 --- a/src/objects/templates/admin/base_site.html +++ b/src/objects/templates/admin/base_site.html @@ -23,9 +23,9 @@