new release: 0.9.0-pre7

closes #118

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 0.9.0-pre6
+current_version = 0.9.0-pre7
 tag = True
 commit = True
 parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-(?P<release>.*)

.github/workflows/release.yml

@@ -16,11 +16,11 @@ jobs:
       - name: Building Docker Image
         run: docker build
           --no-cache
-          -t beryju/passbook:0.9.0-pre6
+          -t beryju/passbook:0.9.0-pre7
           -t beryju/passbook:latest
           -f Dockerfile .
       - name: Push Docker Container to Registry (versioned)
-        run: docker push beryju/passbook:0.9.0-pre6
+        run: docker push beryju/passbook:0.9.0-pre7
       - name: Push Docker Container to Registry (latest)
         run: docker push beryju/passbook:latest
   build-gatekeeper:
@@ -37,11 +37,11 @@ jobs:
           cd gatekeeper
           docker build \
           --no-cache \
-          -t beryju/passbook-gatekeeper:0.9.0-pre6 \
+          -t beryju/passbook-gatekeeper:0.9.0-pre7 \
           -t beryju/passbook-gatekeeper:latest \
           -f Dockerfile .
       - name: Push Docker Container to Registry (versioned)
-        run: docker push beryju/passbook-gatekeeper:0.9.0-pre6
+        run: docker push beryju/passbook-gatekeeper:0.9.0-pre7
       - name: Push Docker Container to Registry (latest)
         run: docker push beryju/passbook-gatekeeper:latest
   build-static:
@@ -66,11 +66,11 @@ jobs:
         run: docker build
           --no-cache
           --network=$(docker network ls | grep github | awk '{print $1}')
-          -t beryju/passbook-static:0.9.0-pre6
+          -t beryju/passbook-static:0.9.0-pre7
           -t beryju/passbook-static:latest
           -f static.Dockerfile .
       - name: Push Docker Container to Registry (versioned)
-        run: docker push beryju/passbook-static:0.9.0-pre6
+        run: docker push beryju/passbook-static:0.9.0-pre7
       - name: Push Docker Container to Registry (latest)
         run: docker push beryju/passbook-static:latest
   test-release:
@@ -100,5 +100,5 @@ jobs:
           SENTRY_PROJECT: passbook
           SENTRY_URL: https://sentry.beryju.org
         with:
-          tagName: 0.9.0-pre6
+          tagName: 0.9.0-pre7
           environment: production

docs/installation/kubernetes.md

@@ -27,6 +27,7 @@ config:
     enabled: false
     server_url: ""
     secret_token: ""
+    verify_server_cert: true
 
 # This Helm chart ships with built-in Prometheus ServiceMonitors and Rules.
 # This requires the CoreOS Prometheus Operator.

helm/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v1
-appVersion: "0.9.0-pre6"
+appVersion: "0.9.0-pre7"
 description: A Helm chart for passbook.
 name: passbook
-version: "0.9.0-pre6"
+version: "0.9.0-pre7"
 icon: https://git.beryju.org/uploads/-/system/project/avatar/108/logo.png

helm/templates/configmap.yaml

@@ -25,3 +25,4 @@ data:
       enabled: {{ .Values.config.apm.enabled }}
       server_url: "{{ .Values.config.apm.server_url }}"
       secret_token: "{{ .Values.config.apm.server_token }}"
+      verify_server_cert: {{ .Values.config.apm.verify_server_cert }}

helm/values.yaml

@@ -2,7 +2,7 @@
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 image:
-  tag: 0.9.0-pre6
+  tag: 0.9.0-pre7
 
 nameOverride: ""
 
@@ -19,6 +19,7 @@ config:
     enabled: false
     server_url: ""
     secret_token: ""
+    verify_server_cert: true
 
 # This Helm chart ships with built-in Prometheus ServiceMonitors and Rules.
 # This requires the CoreOS Prometheus Operator.

passbook/__init__.py

@@ -1,2 +1,2 @@
 """passbook"""
-__version__ = "0.9.0-pre6"
+__version__ = "0.9.0-pre7"

passbook/lib/sentry.py

@@ -4,6 +4,7 @@ from botocore.client import ClientError
 from django.core.exceptions import DisallowedHost, ValidationError
 from django.db import InternalError, OperationalError, ProgrammingError
 from django_redis.exceptions import ConnectionInterrupted
+from elasticapm.transport.http import TransportException
 from redis.exceptions import RedisError
 from rest_framework.exceptions import APIException
 from structlog import get_logger
@@ -33,6 +34,7 @@ def before_send(event, hint):
         OSError,
         RedisError,
         SentryIgnoredException,
+        TransportException,
     )
     if "exc_info" in hint:
         _, exc_value, _ = hint["exc_info"]

passbook/policies/reputation/signals.py

@@ -32,6 +32,7 @@ def update_score(request: HttpRequest, username: str, amount: int):
 # pylint: disable=unused-argument
 def handle_failed_login(sender, request, credentials, **_):
     """Lower Score for failed loging attempts"""
+    if "username" in credentials:
         update_score(request, credentials.get("username"), -1)
 
 

passbook/root/settings.py

@@ -281,7 +281,7 @@ if not DEBUG and _ERROR_REPORTING:
         release="passbook@%s" % __version__,
     )
 
-_APM_ENABLED = CONFIG.y("apm.enabled", True)
+_APM_ENABLED = CONFIG.y("apm.enabled", False)
 if _APM_ENABLED:
     INSTALLED_APPS.append("elasticapm.contrib.django")
     ELASTIC_APM = {
@@ -290,7 +290,8 @@ if _APM_ENABLED:
         "SERVICE_NAME": "passbook",
         "SERVICE_VERSION": __version__,
         "SECRET_TOKEN": CONFIG.y("apm.secret_token", ""),
-        "SERVER_URL": CONFIG.y("apm.secret_token", "http://localhost:8200"),
+        "SERVER_URL": CONFIG.y("apm.server_url", "http://localhost:8200"),
+        "VERIFY_SERVER_CERT": CONFIG.y_bool("apm.verify_server_cert", True),
     }
 
 

passbook/sources/oauth/auth.py

@@ -1,24 +1,23 @@
 """passbook oauth_client Authorization backend"""
-
 from django.contrib.auth.backends import ModelBackend
 from django.db.models import Q
+from django.http import HttpRequest
 
+from passbook.core.models import User
 from passbook.sources.oauth.models import OAuthSource, UserOAuthSourceConnection
 
 
 class AuthorizedServiceBackend(ModelBackend):
     "Authentication backend for users registered with remote OAuth provider."
 
-    def authenticate(self, request, source=None, identifier=None):
+    def authenticate(
+        self, request: HttpRequest, source: OAuthSource, identifier: str
+    ) -> User:
         "Fetch user for a given source by id."
         source_q = Q(source__name=source)
         if isinstance(source, OAuthSource):
             source_q = Q(source=source)
-        try:
         access = UserOAuthSourceConnection.objects.filter(
             source_q, identifier=identifier
         ).select_related("user")[0]
-        except IndexError:
-            return None
-        else:
         return access.user

passbook/sources/oauth/models.py

@@ -89,16 +89,16 @@ class GitHubOAuthSource(OAuthSource):
         verbose_name_plural = _("GitHub OAuth Sources")
 
 
-class TwitterOAuthSource(OAuthSource):
-    """Social Login using Twitter.com"""
+# class TwitterOAuthSource(OAuthSource):
+#     """Social Login using Twitter.com"""
 
-    form = "passbook.sources.oauth.forms.TwitterOAuthSourceForm"
+#     form = "passbook.sources.oauth.forms.TwitterOAuthSourceForm"
 
-    class Meta:
+#     class Meta:
 
-        abstract = True
-        verbose_name = _("Twitter OAuth Source")
-        verbose_name_plural = _("Twitter OAuth Sources")
+#         abstract = True
+#         verbose_name = _("Twitter OAuth Source")
+#         verbose_name_plural = _("Twitter OAuth Sources")
 
 
 class FacebookOAuthSource(OAuthSource):

passbook/sources/oauth/settings.py

@@ -1,9 +1,5 @@
 """Oauth2 Client Settings"""
 
-AUTHENTICATION_BACKENDS = [
-    "passbook.sources.oauth.backends.AuthorizedServiceBackend",
-]
-
 PASSBOOK_SOURCES_OAUTH_TYPES = [
     "passbook.sources.oauth.types.discord",
     "passbook.sources.oauth.types.facebook",

passbook/sources/oauth/types/manager.py

@@ -50,9 +50,9 @@ class SourceTypeManager:
                 return self.__source_types[kind.value][source.provider_type]
             LOGGER.warning("no matching type found, using default")
             # Return defaults
-            if kind.value == RequestKind.callback:
+            if kind == RequestKind.callback:
                 return OAuthCallback
-            if kind.value == RequestKind.redirect:
+            if kind == RequestKind.redirect:
                 return OAuthRedirect
         raise KeyError(
             f"Provider Type {source.provider_type} (type {kind.value}) not found."

passbook/sources/oauth/types/twitter.py

@@ -1,10 +1,10 @@
 """Twitter OAuth Views"""
-from passbook.sources.oauth.types.manager import MANAGER, RequestKind
+# from passbook.sources.oauth.types.manager import MANAGER, RequestKind
 from passbook.sources.oauth.utils import user_get_or_create
 from passbook.sources.oauth.views.core import OAuthCallback
 
 
-@MANAGER.source(kind=RequestKind.callback, name="Twitter")
+# @MANAGER.source(kind=RequestKind.callback, name="Twitter")
 class TwitterOAuthCallback(OAuthCallback):
     """Twitter OAuth2 Callback"""
 

passbook/sources/oauth/views/core.py

@@ -3,7 +3,6 @@ from typing import Any, Callable, Dict, Optional
 
 from django.conf import settings
 from django.contrib import messages
-from django.contrib.auth import authenticate
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.http import Http404, HttpRequest, HttpResponse
 from django.shortcuts import get_object_or_404, redirect, render
@@ -22,6 +21,7 @@ from passbook.flows.planner import (
 )
 from passbook.flows.views import SESSION_KEY_PLAN
 from passbook.lib.utils.urls import redirect_with_qs
+from passbook.sources.oauth.auth import AuthorizedServiceBackend
 from passbook.sources.oauth.clients import BaseOAuthClient, get_client
 from passbook.sources.oauth.models import OAuthSource, UserOAuthSourceConnection
 from passbook.stages.password.stage import PLAN_CONTEXT_AUTHENTICATION_BACKEND
@@ -134,7 +134,7 @@ class OAuthCallback(OAuthClientMixin, View):
                     identifier=identifier,
                     access_token=token.get("access_token"),
                 )
-            user = authenticate(
+            user = AuthorizedServiceBackend().authenticate(
                 source=self.source, identifier=identifier, request=request
             )
             if user is None:
@@ -181,7 +181,8 @@ class OAuthCallback(OAuthClientMixin, View):
             self.request,
             {
                 PLAN_CONTEXT_PENDING_USER: user,
-                PLAN_CONTEXT_AUTHENTICATION_BACKEND: user.backend,
+                # Since we authenticate the user by their token, they have no backend set
+                PLAN_CONTEXT_AUTHENTICATION_BACKEND: "django.contrib.auth.backends.ModelBackend",
                 PLAN_CONTEXT_SSO: True,
             },
         )
@@ -206,7 +207,7 @@ class OAuthCallback(OAuthClientMixin, View):
                 % {"source": self.source.name}
             ),
         )
-        user = authenticate(
+        user = AuthorizedServiceBackend().authenticate(
             source=access.source, identifier=access.identifier, request=self.request
         )
         return self.handle_login_flow(source.authentication_flow, user)
@@ -249,7 +250,7 @@ class OAuthCallback(OAuthClientMixin, View):
                 )
             )
         # User was not authenticated, new user has been created
-        user = authenticate(
+        user = AuthorizedServiceBackend().authenticate(
             source=access.source, identifier=access.identifier, request=self.request
         )
         messages.success(