anthroarts · binaryf0x · Oct 4, 2023 · Sep 18, 2023 · Sep 18, 2023 · Sep 18, 2023
diff --git a/.env b/.env
diff --git a/Dockerfile b/Dockerfile
@@ -1,15 +1,17 @@
-FROM python:3.10-alpine AS native-deps
+FROM python:3.11-alpine AS native-deps
 
 ENV PYTHONDONTWRITEBYTECODE 1
 ENV PYTHONUNBUFFERED 1
 
 WORKDIR /code
 
 # Install native dependencies.
-RUN mkdir /data /run/nginx \
- && pip install --upgrade pip pipenv \
- && apk add --no-cache jpeg libcurl libpq nginx zlib \
- && apk add --no-cache --virtual .build-deps build-base curl-dev jpeg-dev postgresql-dev zlib-dev
+RUN mkdir /data /run/nginx
+RUN pip install --upgrade pip pipenv
+RUN apk add --no-cache jpeg libcurl libpq nginx zlib
+RUN apk add --no-cache --virtual .build-deps
+RUN apk add --no-cache build-base
+RUN apk add --no-cache curl-dev jpeg-dev postgresql-dev zlib-dev
 
 FROM native-deps AS pipfile
 COPY Pipfile Pipfile.lock /code/
@@ -23,6 +25,10 @@ CMD ["/usr/local/bin/supervisord", "-c", "/code/supervisord.conf"]
 
 COPY . /code/
 
+ENV DEBUG=1
+ENV SECRET_KEY="Secret key for development"
+ENV DATABASE_URL="sqlite:///data/artshowjockey.db"
+
 # Setup OAuth provider required for automated tests.
 ENV OAUTHLIB_INSECURE_TRANSPORT=1
 ENV TEST_OAUTH_PROVIDER=1
@@ -43,4 +49,5 @@ CMD ["/usr/local/bin/supervisord", "-c", "/code/supervisord.conf"]
 
 COPY . /code/
 
-RUN python manage.py collectstatic
+RUN DATABASE_URL="sqlite:///data/artshowjockey.db" \
+    python manage.py collectstatic
diff --git a/Pipfile b/Pipfile
@@ -4,23 +4,21 @@ verify_ssl = true
 name = "pypi"
 
 [packages]
-django = "==3.2.*"
+django = "==4.2.*"
 django-ajax-selects = "*"
 django-appconf = "*"
 django-celery-results = "*"
 django-celery-email = "*"
 django-formtools = "*"
-django-nocaptcha-recaptcha = "*"
 django-ses = "*"
 gunicorn = "*"
 "num2words" = "*"
 squareconnect = "*"
 pdfrw = "*"
-Pillow = "==5.2.0"
-reportlab = "==3.5.68"
+reportlab = "*"
 requests = "*"
 requests-oauthlib = "*"
-psycopg2 = "*"
+psycopg = "*"
 supervisor = "*"
 environs = {extras = ["django"],version = "*"}
 celery = {extras = ["sqs"],version = "*"}
@@ -31,7 +29,7 @@ celery = {extras = ["sqs"],version = "*"}
 oauthlib = "*"
 
 [requires]
-python_version = "3.10"
+python_version = "3.11"
 
 [scripts]
 gunicorn = "gunicorn wsgi"

diff --git a/Pipfile.lock b/Pipfile.lock
diff --git a/artshow/tests/test_paypal.py b/artshow/tests/test_paypal.py
@@ -1,16 +1,15 @@
 from .. import paypal
-import datetime
-from django.utils import timezone
+from datetime import datetime, timezone
 from django.test import TestCase
 
 
 class PayPalTests (TestCase):
     def test_date_processing(self):
         self.assertEqual(paypal.convert_date("10:10:10 Jun 10, 2000 PST"),
-                         datetime.datetime(2000, 0o6, 10, 10, 10, 10, tzinfo=paypal.pstzone))
-        self.assertEqual((paypal.convert_date("10:10:10 Jun 10, 2000 PST") - datetime.datetime(1970, 1, 1, tzinfo=timezone.utc)).total_seconds(), 960660610)
+                         datetime(2000, 0o6, 10, 10, 10, 10, tzinfo=paypal.pstzone))
+        self.assertEqual((paypal.convert_date("10:10:10 Jun 10, 2000 PST") - datetime(1970, 1, 1, tzinfo=timezone.utc)).total_seconds(), 960660610)
         self.assertEqual(paypal.convert_date("10:10:10 Jun 10, 2000 PDT"),
-                         datetime.datetime(2000, 0o6, 10, 10, 10, 10, tzinfo=paypal.pdtzone))
-        self.assertEqual((paypal.convert_date("10:10:10 Jun 10, 2000 PDT") - datetime.datetime(1970, 1, 1, tzinfo=timezone.utc)).total_seconds(), 960657010)
+                         datetime(2000, 0o6, 10, 10, 10, 10, tzinfo=paypal.pdtzone))
+        self.assertEqual((paypal.convert_date("10:10:10 Jun 10, 2000 PDT") - datetime(1970, 1, 1, tzinfo=timezone.utc)).total_seconds(), 960657010)
         self.assertRaises(ValueError, paypal.convert_date, "Thu Mar  6 23:27:40 PST 2014")
         self.assertRaises(ValueError, paypal.convert_date, "10:10:10 Jun 10, 2000 GMT")
diff --git a/artshowjockey/settings.py b/artshowjockey/settings.py
@@ -9,8 +9,9 @@
 BASE_DIR = os.path.dirname(os.path.dirname(__file__))
 
 DEBUG = env.bool('DEBUG', default=False)
-SECRET_KEY = env.str('SECRET_KEY')
-ALLOWED_HOSTS = env.list('ALLOWED_HOSTS', default=[])
+SECRET_KEY = env.str('SECRET_KEY', default='')
+ALLOWED_HOSTS = env.list('ALLOWED_HOSTS', default=['localhost'])
+CSRF_TRUSTED_ORIGINS = env.list('CSRF_TRUSTED_ORIGINS', default=['http://localhost:8000'])
 
 with env.prefixed('TEST_'):
     TEST_OAUTH_PROVIDER = env.bool('OAUTH_PROVIDER', default=False)
@@ -19,7 +20,7 @@
 
 MANAGERS = ADMINS
 
-DATABASES = {"default": env.dj_db_url("DATABASE_URL")}
+DATABASES = {'default': env.dj_db_url('DATABASE_URL')}
 
 try:
     email = env.dj_email_url("EMAIL_URL")
@@ -76,10 +77,6 @@
 # to load the internationalization machinery.
 USE_I18N = True
 
-# If you set this to False, Django will not format dates, numbers and
-# calendars according to the current locale.
-USE_L10N = True
-
 # If you set this to False, Django will not use timezone-aware datetimes.
 USE_TZ = True
 
@@ -172,7 +169,6 @@
     'django.contrib.staticfiles',
     'django.contrib.admin',
     'django_ses',
-    'nocaptcha_recaptcha',
     'peeps',
     'artshow',
     'ajax_select',
@@ -196,6 +192,9 @@
 #     hostname, _, ips = socket.gethostbyname_ex(socket.gethostname())
 #     INTERNAL_IPS = [ip[:-1] + '1' for ip in ips] + ['127.0.0.1', '10.0.2.2']
 
+if DEBUG:
+    SILENCED_SYSTEM_CHECKS = ['captcha.recaptcha_test_key_error']
+
 # A sample logging configuration. The only tangible logging
 # performed by this configuration is to send an email to
 # the site admins on every HTTP 500 error when DEBUG=False.
@@ -245,7 +244,8 @@
     ARTSHOW_COMMISSION = env.str('COMMISSION', default='0.1')
     ARTSHOW_INVOICE_PREFIX = env.str('INVOICE_PREFIX', default='INV-')
     ARTSHOW_EMAIL_FOOTER = env.str('EMAIL_FOOTER', default="")
-    ARTSHOW_ARTIST_AGREEMENT_URL = env.str('ARTIST_AGREEMENT_URL')
+    ARTSHOW_ARTIST_AGREEMENT_URL = \
+        env.str('ARTIST_AGREEMENT_URL', default='https://example.com')
 
 ARTSHOW_CHEQUE_THANK_YOU = \
     "Thank you for exhibiting at the " + ARTSHOW_SHOW_NAME
@@ -259,20 +259,14 @@
 
 PEEPS_DEFAULT_COUNTRY = "USA"
 
-with env.prefixed('NORECAPTCHA_'):
-    # Visit https://www.google.com/recaptcha/admin/create to create a keypair.
-    # These are test keys.
-    NORECAPTCHA_SITE_KEY = env.str('SITE_KEY')
-    NORECAPTCHA_SECRET_KEY = env.str('SECRET_KEY')
-
 with env.prefixed('ARTSHOW_PAYPAL_'):
-    ARTSHOW_PAYPAL_ACCOUNT = env.str('ACCOUNT')
+    ARTSHOW_PAYPAL_ACCOUNT = env.str('ACCOUNT', default='')
     ARTSHOW_PAYPAL_URL = env.str('URL', 'https://www.paypal.com/cgi-bin/webscr')
 
 with env.prefixed('ARTSHOW_SQUARE_'):
-    ARTSHOW_SQUARE_APPLICATION_ID = env.str('APPLICATION_ID')
-    ARTSHOW_SQUARE_LOCATION_ID = env.str('LOCATION_ID')
-    ARTSHOW_SQUARE_ACCESS_TOKEN = env.str('ACCESS_TOKEN')
+    ARTSHOW_SQUARE_APPLICATION_ID = env.str('APPLICATION_ID', default='')
+    ARTSHOW_SQUARE_LOCATION_ID = env.str('LOCATION_ID', default='')
+    ARTSHOW_SQUARE_ACCESS_TOKEN = env.str('ACCESS_TOKEN', default='')
 
 SITE_ID = 1
 SITE_NAME = ARTSHOW_SHOW_NAME
@@ -286,8 +280,8 @@
     CONCAT_API = SITE_ROOT_URL + '/test/oauth/api'
 else:
     with env.prefixed('OAUTH_'):
-        OAUTH_AUTHORIZE_URL = env.str('AUTHORIZE_URL')
-        OAUTH_CLIENT_ID = env.str('CLIENT_ID')
-        OAUTH_CLIENT_SECRET = env.str('CLIENT_SECRET')
-        OAUTH_TOKEN_URL = env.str('TOKEN_URL')
-    CONCAT_API = env.str('CONCAT_API')
+        OAUTH_AUTHORIZE_URL = env.str('AUTHORIZE_URL', default='')
+        OAUTH_CLIENT_ID = env.str('CLIENT_ID', default='')
+        OAUTH_CLIENT_SECRET = env.str('CLIENT_SECRET', default='')
+        OAUTH_TOKEN_URL = env.str('TOKEN_URL', default='')
+    CONCAT_API = env.str('CONCAT_API', default='')
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -11,10 +11,21 @@ services:
     ports:
       - "8000:8000"
     environment:
+      - DEBUG=1
+      - SECRET_KEY="Not so secret developer key"
       - DATABASE_URL=postgres://postgres:insecuredefaultpassword@db/postgres
       - BROKER_URL=amqp://broker
+
+      # Internal test OAuth provider configuration
       - OAUTHLIB_INSECURE_TRANSPORT=1
       - TEST_OAUTH_PROVIDER=1
+
+      # ConCat testing configuration
+      # - CONCAT_API="https://reg-test.furtherconfusion.org/api"
+      # - OAUTH_AUTHORIZE_URL="https://reg-test.furtherconfusion.org/oauth/authorize"
+      # - OAUTH_TOKEN_URL="https://reg-test.furtherconfusion.org/api/oauth/token"
+      # - OAUTH_CLIENT_ID="<FILL IN>"
+      # - OAUTH_CLIENT_SECRET="<FILL IN>"
     volumes:
       - ./:/code # Map source directory over /code for development purposes.
   db:

diff --git a/nginx.conf b/nginx.conf
@@ -17,6 +17,7 @@ http {
 			proxy_pass http://localhost:5000/;
 			proxy_set_header Host $host;
 			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+			proxy_set_header X-Forwarded-Proto $scheme;
 		}
 
 		location /static/ {

diff --git a/tinyreg/forms.py b/tinyreg/forms.py