Initial mfa support (for internal users) #93591
@ -1,7 +1,7 @@
|
||||
"""Give everybody with a NULL nickname something based on their full name."""
|
||||
from __future__ import unicode_literals
|
||||
|
||||
from django.db import migrations, IntegrityError, transaction
|
||||
from django.db import migrations
|
||||
|
||||
|
||||
def set_nickname(model, user, nickname) -> bool:
|
||||
@ -9,7 +9,6 @@ def set_nickname(model, user, nickname) -> bool:
|
||||
|
||||
count = model.objects.filter(nickname=nickname).count()
|
||||
if count > 0:
|
||||
print(f'already {count} user(s) with nickname {nickname!r}')
|
||||
return False
|
||||
|
||||
user.nickname = nickname
|
||||
@ -30,7 +29,6 @@ def random_nums():
|
||||
def fill_nicknames(apps, schema_editor):
|
||||
"""Give users with a NULL nickname something based on their full name."""
|
||||
import re
|
||||
import datetime
|
||||
|
||||
# We can't import the User model directly as it may be a newer
|
||||
# version than this migration expects. We use the historical version.
|
||||
@ -42,14 +40,10 @@ def fill_nicknames(apps, schema_editor):
|
||||
users = User.objects.filter(nickname=None)
|
||||
total_users = users.count()
|
||||
last_report = 0
|
||||
start = datetime.datetime.now()
|
||||
print()
|
||||
print(f' - migrating {total_users} users.')
|
||||
for idx, user in enumerate(users):
|
||||
perc = idx / total_users
|
||||
if perc - last_report > 0.10:
|
||||
last_report = perc
|
||||
print(f' - {idx} ({int(perc*100)}%)')
|
||||
|
||||
# We cannot migrate the entire database in one transaction (too many
|
||||
# queries for MySQL to handle), so do one transaction per user.
|
||||
@ -63,9 +57,6 @@ def fill_nicknames(apps, schema_editor):
|
||||
if set_nickname(User, user, f'{base}-{num}'):
|
||||
break
|
||||
|
||||
end = datetime.datetime.now() # assume the timezone hasn't changed.
|
||||
print(f'Migration of {total_users} took {end - start}')
|
||||
|
||||
|
||||
def fake_reverse(apps, schema_editor):
|
||||
"""Allow reversal of this migration really reversing."""
|
||||
|
||||
@ -8,7 +8,7 @@
|
||||
<p>
|
||||
If the email doesn't arrive shortly, please check your spam folder.
|
||||
</p>
|
||||
<div id="poll_ok" style="display: non">
|
||||
<div id="poll_ok" style="display: none">
|
||||
<div class="alert alert-success">
|
||||
Your email address has been confirmed.
|
||||
</div>
|
||||
@ -24,26 +24,26 @@
|
||||
var poll_url = '{% url 'bid_main:confirm-email-poll' %}';
|
||||
var $result = $('#poll_result');
|
||||
|
||||
function poll() {
|
||||
function poll(attemptCount) {
|
||||
if (attemptCount > 5) {
|
||||
// Stop, don't poll forever
|
||||
return;
|
||||
}
|
||||
$.get(poll_url)
|
||||
.done(function(data) {
|
||||
if (typeof(data.confirmed) === 'undefined' || data.confirmed == null) {
|
||||
// Not yet confirmed, wait longer
|
||||
window.setTimeout(poll, 2500);
|
||||
// Not yet confirmed, wait longer with exponential backoff
|
||||
attemptCount += 1;
|
||||
window.setTimeout(poll, 10000 * (2 ** attemptCount), attemptCount);
|
||||
return;
|
||||
}
|
||||
// Confirmation has been confirmed!
|
||||
$('#poll_ok').show();
|
||||
})
|
||||
.fail(function(err) {
|
||||
// This is a frequent poll and the email address confirmation system works
|
||||
// fine without it, so let's not bother the user with error messages.
|
||||
// Stop on error
|
||||
if (console) console.log('Error: ', err);
|
||||
|
||||
// Try again after a while.
|
||||
window.setTimeout(poll, 4000);
|
||||
});
|
||||
}
|
||||
// Do a quick test first, then slow down a little bit.
|
||||
window.setTimeout(poll, 250);
|
||||
window.setTimeout(poll, 1000, 0);
|
||||
</script>{% endblock footer_scripts %}
|
||||
|
||||
@ -146,11 +146,9 @@ TEMPLATES = [
|
||||
WSGI_APPLICATION = "blenderid.wsgi.application"
|
||||
|
||||
DATABASES = {
|
||||
'default': dj_database_url.config(
|
||||
default='postgresql://blender_id:blender_id@127.0.0.1:5432/blender_id',
|
||||
conn_max_age=600,
|
||||
),
|
||||
'default': dj_database_url.config(default='sqlite:///{}'.format(BASE_DIR / 'db.sqlite3')),
|
||||
}
|
||||
DATABASES['default']['CONN_MAX_AGE'] = 600
|
||||
|
||||
DEFAULT_AUTO_FIELD = 'django.db.models.AutoField'
|
||||
|
||||
|
||||
@ -45,7 +45,7 @@ To encrypt this value, use the following command:
|
||||
|
||||
echo -n 'https://foo@bar.example.com/1234' | ansible-vault encrypt_string --vault-id production@prompt --stdin-name 'sentry_dsn'
|
||||
|
||||
Store the ouput of the above command in `environments/production/group_vars/all/99_vault.yaml`
|
||||
Store the output of the above command in `environments/production/group_vars/all/99_vault.yaml`
|
||||
(not tracked by this repository):
|
||||
|
||||
```
|
||||
|
||||
@ -1,8 +1,10 @@
|
||||
env: staging
|
||||
host: web-2.internal
|
||||
db_host: db-postgres-2.internal
|
||||
host: web-staging-1.hz-nbg1.blender.internal
|
||||
db_host: db-postgres-staging-1.hz-nbg1.blender.internal
|
||||
db_name: id_staging
|
||||
db_user: id_staging
|
||||
branch: main
|
||||
|
||||
ssl_only: true
|
||||
|
||||
backup_dir: /data/backups
|
||||
|
||||
@ -1,8 +1,8 @@
|
||||
---
|
||||
ingress:
|
||||
hosts:
|
||||
lb-2:
|
||||
lb-staging-1.hz-nbg1.blender.internal:
|
||||
|
||||
application:
|
||||
hosts:
|
||||
web-2:
|
||||
web-staging-1.hz-nbg1.blender.internal:
|
||||
|
||||
@ -1 +1 @@
|
||||
Subproject commit f3e705b712980c5d2bce58dd94b51665858a2dc3
|
||||
Subproject commit 2e9a85dc8b2f9bd3cb807de5a489615355b50f70
|
||||
@ -36,15 +36,16 @@ rate_limit:
|
||||
burst: 50
|
||||
delay: 10
|
||||
|
||||
mailto: cron@blender.org
|
||||
certbot:
|
||||
email: root@blender.org
|
||||
|
||||
source_url: https://projects.blender.org/infrastructure/{{ project_slug }}.git
|
||||
branch: production
|
||||
|
||||
backup_dir: /mnt/backup
|
||||
|
||||
ssl_only: false
|
||||
PGSSLROOTCERT: /usr/local/share/ca-certificates/cloud-init-ca-cert-1.crt
|
||||
ca_certificate: /usr/local/share/ca-certificates/cloud-init-ca-cert-1.crt
|
||||
|
||||
include_common_services:
|
||||
- background
|
||||
@ -52,4 +53,5 @@ include_common_services:
|
||||
- backup-service-dirs
|
||||
- clearsessions
|
||||
- delete-completed-tasks
|
||||
- notify-email@
|
||||
- process-deletion-requests
|
||||
|
||||
@ -37,7 +37,6 @@ more-itertools==7.2.0 ; python_version >= "3.8" and python_version < "4"
|
||||
oauthlib==3.1.0 ; python_version >= "3.8" and python_version < "4"
|
||||
pep562==1.0 ; python_version >= "3.8" and python_version < "4"
|
||||
pillow==9.1.0 ; python_version >= "3.8" and python_version < "4"
|
||||
psycopg2==2.8.6 ; python_version >= "3.8" and python_version < "4"
|
||||
pycparser==2.19 ; python_version >= "3.8" and python_version < "4"
|
||||
pygments==2.17.2 ; python_version >= "3.8" and python_version < "4"
|
||||
pyinstrument==4.6.0 ; python_version >= "3.8" and python_version < "4"
|
||||
@ -58,6 +57,5 @@ sqlparse==0.5.0 ; python_version >= "3.8" and python_version < "4"
|
||||
tornado==6.0.3 ; python_version >= "3.8" and python_version < "4"
|
||||
urllib3==1.25.11 ; python_version >= "3.8" and python_version < "4"
|
||||
user-agents==2.2.0
|
||||
uwsgi==2.0.23
|
||||
wrapt==1.15.0 ; python_version >= "3.8" and python_version < "4"
|
||||
zipp==0.6.0 ; python_version >= "3.8" and python_version < "4"
|
||||
|
||||
@ -1 +1,3 @@
|
||||
-r requirements.txt
|
||||
psycopg2==2.8.6
|
||||
uwsgi==2.0.23
|
||||
|
||||
Loading…
Reference in New Issue
Block a user