Merge pull request #1 from hiiro-app/enable_api

enable api and disable csrf

requirements.txt

@@ -1,4 +1,4 @@
-Django>=3.2
+Django==5.*
 django-bootstrap4-form
 celery
 email-reply-parser

standalone/Dockerfile

@@ -8,6 +8,7 @@ RUN apt-get install -yqq \
    git
 COPY requirements.txt /opt/django-helpdesk/requirements.txt
 COPY standalone/extra-requirements.txt /opt/django-helpdesk/standalone/extra-requirements.txt
+RUN pip3 install packaging
 RUN pip3 install -r /opt/django-helpdesk/requirements.txt
 RUN pip3 install -r /opt/django-helpdesk/standalone/extra-requirements.txt
 COPY . /opt/django-helpdesk

standalone/config/local_settings.py

@@ -1 +1,21 @@
 from .settings import *
+
+REST_FRAMEWORK = {
+    "DEFAULT_AUTHENTICATION_CLASSES": [
+        "rest_framework.authentication.BasicAuthentication",
+    ]
+}
+
+HELPDESK_ACTIVATE_API_ENDPOINT = True
+
+DATABASES = {
+    # Setup postgress db with postgres as host and db name and read password from env var
+    "default": {
+        "ENGINE": "django.db.backends.postgresql",
+        "NAME": os.environ.get("POSTGRES_DB", "postgres"),
+        "USER": os.environ.get("POSTGRES_USER", "postgres"),
+        "PASSWORD": os.environ.get("POSTGRES_PASSWORD", "postgres"),
+        "HOST": os.environ.get("POSTGRES_HOST", "postgres"),
+        "PORT": os.environ.get("POSTGRES_PORT", "5432"),
+    }
+}

standalone/config/settings.py

@@ -8,7 +8,6 @@ For the full list of settings and their values, see
 https://docs.djangoproject.com/en/1.11/ref/settings/
 """
 
-
 import os
 
 
@@ -21,70 +20,72 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 
 # Read SECRET_KEY from DJANGO_HELPDESK_SECRET_KEY env var
 try:
-    SECRET_KEY = os.environ['DJANGO_HELPDESK_SECRET_KEY']
+    SECRET_KEY = os.environ["DJANGO_HELPDESK_SECRET_KEY"]
 except KeyError:
     raise Exception("DJANGO_HELPDESK_SECRET_KEY environment variable is not set")
 
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = False
 
-ALLOWED_HOSTS = os.environ.get("DJANGO_HELPDESK_ALLOWED_HOSTS", "*, localhost, 0.0.0.0").split(",")
+ALLOWED_HOSTS = os.environ.get(
+    "DJANGO_HELPDESK_ALLOWED_HOSTS", "*, localhost, 0.0.0.0"
+).split(",")
 
-SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
-SESSION_COOKIE_SECURE = True
-CSRF_COOKIE_SECURE = True
+SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "http")
+SESSION_COOKIE_SECURE = False
+CSRF_COOKIE_SECURE = False
 
 # Application definition
 
 INSTALLED_APPS = [
-    'django.contrib.admin',
-    'django.contrib.auth',
-    'django.contrib.contenttypes',
-    'django.contrib.sessions',
-    'django.contrib.messages',
-    'django.contrib.staticfiles',
-    'django.contrib.sites',
-    'django.contrib.humanize',
-    'bootstrap4form',
-    'account',  # Required by pinax-teams
-    'pinax.invitations',  # required by pinax-teams
-    'pinax.teams',  # team support
-    'reversion',  # required by pinax-teams
-    'helpdesk',  # This is us!
-    'rest_framework',  # required for the API
+    "django.contrib.admin",
+    "django.contrib.auth",
+    "django.contrib.contenttypes",
+    "django.contrib.sessions",
+    "django.contrib.messages",
+    "django.contrib.staticfiles",
+    "django.contrib.sites",
+    "django.contrib.humanize",
+    "bootstrap4form",
+    "account",  # Required by pinax-teams
+    "pinax.invitations",  # required by pinax-teams
+    "pinax.teams",  # team support
+    "reversion",  # required by pinax-teams
+    "helpdesk",  # This is us!
+    "rest_framework",  # required for the API
 ]
 
 MIDDLEWARE = [
-    'django.middleware.security.SecurityMiddleware',
-    'django.contrib.sessions.middleware.SessionMiddleware',
-    'django.middleware.common.CommonMiddleware',
-    'django.middleware.csrf.CsrfViewMiddleware',
-    'django.contrib.auth.middleware.AuthenticationMiddleware',
-    'django.contrib.messages.middleware.MessageMiddleware',
-    'django.middleware.clickjacking.XFrameOptionsMiddleware',
+    "django.middleware.security.SecurityMiddleware",
+    "django.contrib.sessions.middleware.SessionMiddleware",
+    "django.middleware.common.CommonMiddleware",
+    # "django.middleware.csrf.CsrfViewMiddleware",
+    "django.contrib.auth.middleware.AuthenticationMiddleware",
+    "django.contrib.messages.middleware.MessageMiddleware",
+    "django.middleware.clickjacking.XFrameOptionsMiddleware",
     "whitenoise.middleware.WhiteNoiseMiddleware",
 ]
 
-ROOT_URLCONF = 'standalone.config.urls'
+ROOT_URLCONF = "standalone.config.urls"
 
 TEMPLATES = [
     {
-        'BACKEND': 'django.template.backends.django.DjangoTemplates',
-        'DIRS': [],
-        'APP_DIRS': True,
-        'OPTIONS': {
-            'debug': True,
-            'context_processors': [
-                'django.template.context_processors.debug',
-                'django.template.context_processors.request',
-                'django.contrib.auth.context_processors.auth',
-                'django.contrib.messages.context_processors.messages',
+        "BACKEND": "django.template.backends.django.DjangoTemplates",
+        "DIRS": [],
+        "APP_DIRS": True,
+        "OPTIONS": {
+            "debug": True,
+            "context_processors": [
+                "django.template.context_processors.debug",
+                "django.template.context_processors.request",
+                "django.contrib.auth.context_processors.auth",
+                "django.contrib.messages.context_processors.messages",
             ],
         },
     },
 ]
 
-WSGI_APPLICATION = 'standalone.config.wsgi.application'
+WSGI_APPLICATION = "standalone.config.wsgi.application"
 
 
 # django-helpdesk configuration settings
@@ -94,44 +95,61 @@ WSGI_APPLICATION = 'standalone.config.wsgi.application'
 # Some common settings are below.
 
 HELPDESK_DEFAULT_SETTINGS = {
-    'use_email_as_submitter': os.environ.get('HELPDESK_USE_EMAIL_AS_SUBMITTER', 'True') == 'True',
-    'email_on_ticket_assign': os.environ.get('HELPDESK_EMAIL_ON_TICKET_ASSIGN', 'True') == 'True',
-    'email_on_ticket_change': os.environ.get('HELPDESK_EMAIL_ON_TICKET_CHANGE', 'True') == 'True',
-    'login_view_ticketlist': os.environ.get('HELPDESK_LOGIN_VIEW_TICKETLIST', 'True') == 'True',
-    'email_on_ticket_apichange': os.environ.get('HELPDESK_EMAIL_ON_TICKET_APICHANGE', 'True') == 'True',
-    'preset_replies': os.environ.get('HELPDESK_PRESET_REPLIES', 'True') == 'True',
-    'tickets_per_page': os.environ.get('HELPDESK_TICKETS_PER_PAGE', '25'),
+    "use_email_as_submitter": os.environ.get("HELPDESK_USE_EMAIL_AS_SUBMITTER", "True")
+    == "True",
+    "email_on_ticket_assign": os.environ.get("HELPDESK_EMAIL_ON_TICKET_ASSIGN", "True")
+    == "True",
+    "email_on_ticket_change": os.environ.get("HELPDESK_EMAIL_ON_TICKET_CHANGE", "True")
+    == "True",
+    "login_view_ticketlist": os.environ.get("HELPDESK_LOGIN_VIEW_TICKETLIST", "True")
+    == "True",
+    "email_on_ticket_apichange": os.environ.get(
+        "HELPDESK_EMAIL_ON_TICKET_APICHANGE", "True"
+    )
+    == "True",
+    "preset_replies": os.environ.get("HELPDESK_PRESET_REPLIES", "True") == "True",
+    "tickets_per_page": os.environ.get("HELPDESK_TICKETS_PER_PAGE", "25"),
 }
 
 # Should the public web portal be enabled?
-HELPDESK_PUBLIC_ENABLED = os.environ.get('HELPDESK_PUBLIC_ENABLED', 'True') == 'True'
-HELPDESK_VIEW_A_TICKET_PUBLIC = os.environ.get('HELPDESK_VIEW_A_TICKET_PUBLIC', 'True') == 'True'
-HELPDESK_SUBMIT_A_TICKET_PUBLIC = os.environ.get('HELPDESK_SUBMIT_A_TICKET_PUBLIC', 'True') == 'True'
+HELPDESK_PUBLIC_ENABLED = os.environ.get("HELPDESK_PUBLIC_ENABLED", "True") == "True"
+HELPDESK_VIEW_A_TICKET_PUBLIC = (
+    os.environ.get("HELPDESK_VIEW_A_TICKET_PUBLIC", "True") == "True"
+)
+HELPDESK_SUBMIT_A_TICKET_PUBLIC = (
+    os.environ.get("HELPDESK_SUBMIT_A_TICKET_PUBLIC", "True") == "True"
+)
 
 # Should the Knowledgebase be enabled?
-HELPDESK_KB_ENABLED = os.environ.get('HELPDESK_KB_ENABLED', 'True') == 'True'
+HELPDESK_KB_ENABLED = os.environ.get("HELPDESK_KB_ENABLED", "True") == "True"
 
-HELPDESK_TICKETS_TIMELINE_ENABLED = os.environ.get('HELPDESK_TICKETS_TIMELINE_ENABLED', 'True') == 'True'
+HELPDESK_TICKETS_TIMELINE_ENABLED = (
+    os.environ.get("HELPDESK_TICKETS_TIMELINE_ENABLED", "True") == "True"
+)
 
 # Allow users to change their passwords
-HELPDESK_SHOW_CHANGE_PASSWORD = os.environ.get('HELPDESK_SHOW_CHANGE_PASSWORD', 'True') == 'True'
+HELPDESK_SHOW_CHANGE_PASSWORD = (
+    os.environ.get("HELPDESK_SHOW_CHANGE_PASSWORD", "True") == "True"
+)
 
 # Instead of showing the public web portal first,
 # we can instead redirect users straight to the login page.
-HELPDESK_REDIRECT_TO_LOGIN_BY_DEFAULT = os.environ.get('HELPDESK_REDIRECT_TO_LOGIN_BY_DEFAULT', 'False') == 'True'
-LOGIN_URL = 'helpdesk:login'
-LOGIN_REDIRECT_URL = 'helpdesk:home'
+HELPDESK_REDIRECT_TO_LOGIN_BY_DEFAULT = (
+    os.environ.get("HELPDESK_REDIRECT_TO_LOGIN_BY_DEFAULT", "False") == "True"
+)
+LOGIN_URL = "helpdesk:login"
+LOGIN_REDIRECT_URL = "helpdesk:home"
 
 
 DATABASES = {
-  # Setup postgress db with postgres as host and db name and read password from env var
-    'default': {
-        'ENGINE': 'django.db.backends.postgresql',
-        'NAME': os.environ.get('POSTGRES_DB', 'postgres'),
-        'USER': os.environ.get('POSTGRES_USER', 'postgres'),
-        'PASSWORD': os.environ.get('POSTGRES_PASSWORD', 'postgres'),
-        'HOST': os.environ.get('POSTGRES_HOST', 'postgres'),
-        'PORT': os.environ.get('POSTGRES_PORT', '5432'),
+    # Setup postgress db with postgres as host and db name and read password from env var
+    "default": {
+        "ENGINE": "django.db.backends.postgresql",
+        "NAME": os.environ.get("POSTGRES_DB", "postgres"),
+        "USER": os.environ.get("POSTGRES_USER", "postgres"),
+        "PASSWORD": os.environ.get("POSTGRES_PASSWORD", "postgres"),
+        "HOST": os.environ.get("POSTGRES_HOST", "postgres"),
+        "PORT": os.environ.get("POSTGRES_PORT", "5432"),
     }
 }
 
@@ -155,16 +173,16 @@ SESSION_COOKIE_AGE = 86400  # = 1 day
 
 AUTH_PASSWORD_VALIDATORS = [
     {
-        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
+        "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
     },
     {
-        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
+        "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
     },
     {
-        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
+        "NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",
     },
     {
-        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
+        "NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",
     },
 ]
 
@@ -173,21 +191,21 @@ AUTH_PASSWORD_VALIDATORS = [
 
 # This demo uses the console backend, which simply prints emails to the console
 # rather than actually sending them out.
-DEFAULT_FROM_EMAIL = os.environ.get('DEFAULT_FROM_EMAIL', 'example@example.com')
-SERVER_EMAIL = os.environ.get('SERVER_EMAIL', 'example@example.com')
+DEFAULT_FROM_EMAIL = os.environ.get("DEFAULT_FROM_EMAIL", "example@example.com")
+SERVER_EMAIL = os.environ.get("SERVER_EMAIL", "example@example.com")
 
-if os.environ.get('EMAIL_HOST', None):
-    EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
+if os.environ.get("EMAIL_HOST", None):
+    EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend"
     try:
-        EMAIL_HOST = os.environ['EMAIL_HOST']
+        EMAIL_HOST = os.environ["EMAIL_HOST"]
     except KeyError:
-        raise ImproperlyConfigured('Please set the EMAIL_HOST environment variable.')
+        raise ImproperlyConfigured("Please set the EMAIL_HOST environment variable.")
     try:
-        EMAIL_PORT = os.environ['EMAIL_PORT']
+        EMAIL_PORT = os.environ["EMAIL_PORT"]
     except KeyError:
-        raise ImproperlyConfigured('Please set the EMAIL_PORT environment variable.')
+        raise ImproperlyConfigured("Please set the EMAIL_PORT environment variable.")
 else:
-    EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
+    EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend"
 
 # Internationalization
 # https://docs.djangoproject.com/en/1.11/topics/i18n/
@@ -196,9 +214,9 @@ else:
 # The most complete translations are: es-MX, ru, zh-Hans
 # Contribute to our translations via Transifex if you can!
 # See CONTRIBUTING.rst for more info.
-LANGUAGE_CODE = 'en-US'
+LANGUAGE_CODE = "en-US"
 
-TIME_ZONE = 'UTC'
+TIME_ZONE = "UTC"
 
 USE_I18N = True
 
@@ -214,32 +232,34 @@ def normpath(*args):
 
 
 PROJECT_ROOT = normpath(__file__, "..", "..")
-STATIC_ROOT = os.environ.get("DJANGO_HELPDESK_STATIC_ROOT", normpath(PROJECT_ROOT, "static"))
+STATIC_ROOT = os.environ.get(
+    "DJANGO_HELPDESK_STATIC_ROOT", normpath(PROJECT_ROOT, "static")
+)
 STATIC_URL = os.environ.get("DJANGO_HELPDESK_STATIC_URL", "/static/")
 
 
 # MEDIA_ROOT is where media uploads are stored.
 # We set this to a directory to host file attachments created
 # with tickets.
-MEDIA_URL = '/media/'
-MEDIA_ROOT = '/data/media'
+MEDIA_URL = "/media/"
+MEDIA_ROOT = "/data/media"
 
 # for Django 3.2+, set default for autofields:
-DEFAULT_AUTO_FIELD = 'django.db.models.AutoField'
+DEFAULT_AUTO_FIELD = "django.db.models.AutoField"
 
 LOGGING = {
-    'version': 1,
-    'disable_existing_loggers': False,
-    'handlers': {
-        'console': {
-            'class': 'logging.StreamHandler',
+    "version": 1,
+    "disable_existing_loggers": False,
+    "handlers": {
+        "console": {
+            "class": "logging.StreamHandler",
         },
     },
-    'loggers': {
-        'django': {
-            'handlers': ['console'],
-            'level': 'ERROR',  # Change to 'DEBUG' if you want to print all debug messages as well
-            'propagate': True,
+    "loggers": {
+        "django": {
+            "handlers": ["console"],
+            "level": "ERROR",  # Change to 'DEBUG' if you want to print all debug messages as well
+            "propagate": True,
         },
     },
 }