Merge branch 'master' into 'feature/message-for-404'

# Conflicts: # CHANGELOG.rst

Merge branch 'master' into 'feature/message-for-404'
8e90c1ac · Nik | Klampfradler · 453decdb · 16d58f35 · 8e90c1ac · 8e90c1ac
Commit 8e90c1ac authored 3 years ago by Nik | Klampfradler
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -9,6 +9,16 @@ and this project adheres to `Semantic Versioning`_.
 Unreleased
 ----------

+Added
+~~~~~
+
+* Add preference for configuring the default phone number country code.
+
+Added
+~~~~~
+
+* OpenID Connect RSA keys can now be passed as string in config files
+
 Fixed
 ~~~~~

@@ -26,6 +36,7 @@ Changed
  * Apps can extend SHELL_PLUS_APP_PREFIXES and SHELL_PLUS_DONT_LOAD

 * Views raising a 404 error can now customise the message that is displayed on the error page
+* OpenID Connect is enabled by default now, without RSA support

 `2.5`_ – 2022-01-02
 -------------------

--- a/aleksis/core/preferences.py
+++ b/aleksis/core/preferences.py
@@ -3,6 +3,7 @@ from django.forms import EmailField, ImageField, URLField
 from django.forms.widgets import SelectMultiple
 from django.utils.translation import gettext_lazy as _

+import pycountry
 from colorfield.widgets import ColorWidget
 from dynamic_preferences.preferences import Section
 from dynamic_preferences.types import (
@@ -431,3 +432,13 @@ class AutoUpdatingDashboardSite(BooleanPreference):
    name = "automatically_update_dashboard_site"
    default = True
    verbose_name = _("Automatically update the dashboard and its widgets sitewide")
+
+
+@site_preferences_registry.register
+class PhoneNumberCountry(ChoicePreference):
+    section = internationalisation
+    name = "phone_number_country"
+    required = True
+    default = "GB"
+    choices = [(x.alpha_2, x.alpha_2) for x in pycountry.countries]
+    verbose_name = _("Country for phone number parsing")
--- a/aleksis/core/settings.py
+++ b/aleksis/core/settings.py
 import os
+import warnings
 from glob import glob
 from socket import getfqdn

@@ -368,25 +369,33 @@ INVITATIONS_GONE_ON_ACCEPT_ERROR = False
 INVITATIONS_ACCEPT_INVITE_AFTER_SIGNUP = True

 # Configuration for OAuth2 provider
-OAUTH2_PROVIDER = {"SCOPES_BACKEND_CLASS": "aleksis.core.util.auth_helpers.AppScopes"}
+OAUTH2_PROVIDER = {
+    "SCOPES_BACKEND_CLASS": "aleksis.core.util.auth_helpers.AppScopes",
+    "OAUTH2_VALIDATOR_CLASS": "aleksis.core.util.auth_helpers.CustomOAuth2Validator",
+    "OIDC_ENABLED": True,
+}
 OAUTH2_PROVIDER_APPLICATION_MODEL = "core.OAuthApplication"
 OAUTH2_PROVIDER_GRANT_MODEL = "core.OAuthGrant"
 OAUTH2_PROVIDER_ACCESS_TOKEN_MODEL = "core.OAuthAccessToken"  # noqa: S105
 OAUTH2_PROVIDER_ID_TOKEN_MODEL = "core.OAuthIDToken"  # noqa: S105
 OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL = "core.OAuthRefreshToken"  # noqa: S105

-if _settings.get("oauth2.oidc.enabled", False):
-    with open(_settings.get("oauth2.oidc.rsa_key", "/etc/aleksis/oidc.pem"), "r") as f:
-        oid_rsa_key = f.read()
-
-    OAUTH2_PROVIDER.update(
-        {
-            "OAUTH2_VALIDATOR_CLASS": "aleksis.core.util.auth_helpers.CustomOAuth2Validator",
-            "OIDC_ENABLED": True,
-            "OIDC_RSA_PRIVATE_KEY": oid_rsa_key,
-            #        "OIDC_ISS_ENDPOINT": _settings.get("oauth2.oidc.issuer_name", "example.com"),
-        }
+_OIDC_RSA_KEY_DEFAULT = "/etc/aleksis/oidc.pem"
+_OIDC_RSA_KEY = _settings.get("oauth2.oidc.rsa_key", "/etc/aleksis/oidc.pem")
+if "BEGIN RSA PRIVATE KEY" in _OIDC_RSA_KEY:
+    OAUTH2_PROVIDER["OIDC_RSA_PRIVATE_KEY"] = _OIDC_RSA_KEY
+elif _OIDC_RSA_KEY == _OIDC_RSA_KEY_DEFAULT and not os.path.exists(_OIDC_RSA_KEY):
+    warnings.warn(
+        (
+            f"The default OIDC RSA key in {_OIDC_RSA_KEY} does not exist. "
+            f"RSA will be disabled for now, but creating and configuring a "
+            f"key is recommended. To silence this warning, set oauth2.oidc.rsa_key "
+            f"to the empty string in a configuration file."
+        )
    )
+elif _OIDC_RSA_KEY:
+    with open(_OIDC_RSA_KEY, "r") as f:
+        OAUTH2_PROVIDER["OIDC_RSA_PRIVATE_KEY"] = f.read()

 # Configuration for REST framework
 REST_FRAMEWORK = {

--- a/aleksis/core/tests/models/test_pdffile.py
+++ b/aleksis/core/tests/models/test_pdffile.py
@@ -18,6 +18,7 @@ from aleksis.core.util.pdf import clean_up_expired_pdf_files
 pytestmark = pytest.mark.django_db


+@pytest.mark.skip
 @pytest.mark.usefixtures("celery_worker")
 @override_settings(CELERY_BROKER_URL="memory://localhost//")
 class PDFFIleTest(TransactionTestCase):

--- a/pyproject.toml
+++ b/pyproject.toml
@@ -105,7 +105,7 @@ django-allauth = "^0.47.0"
 django-uwsgi-ng = "^1.1.0"
 django-extensions = "^3.1.1"
 ipython = "^7.20.0"
-django-oauth-toolkit = "~1.5.0"
+django-oauth-toolkit = "^1.6.2"
 django-redis = "^5.0.0"
 django-storages = {version = "^1.11.1", optional = true}
 boto3 = {version = "^1.17.33", optional = true}
@@ -117,6 +117,7 @@ haystack-redis = "^0.0.1"
 python-gnupg = "^0.4.7"
 sentry-sdk = {version = "^1.4.3", optional = true}
 django-cte = "^1.1.5"
+pycountry = "^20.7.3"

 [tool.poetry.extras]
 ldap = ["django-auth-ldap"]