Skip to content

Commit

Permalink
Merge branch 'upgrade-cors-django-3' of https://github.com/johnetordo…
Browse files Browse the repository at this point in the history
…ff/osf.io into django-3-onmibus

* 'upgrade-cors-django-3' of https://github.com/johnetordoff/osf.io:
  upgrade CORS for Django 3
  [ENG-3867] Create Storage Regions on post migration signal (CenterForOpenScience#9965)
  [ENG-3866] Move citation style population out of migration stream (CenterForOpenScience#9966)
  [ENG-3868] Move blocked email domains to post-migrate signal (CenterForOpenScience#9958)
  [ENG-3863] Move schema ensuring and schema blocks update to post-migrate signals (CenterForOpenScience#9974)
  [ENG-3865] Create Licenses using post-migrate signal (CenterForOpenScience#9961)
  [ENG-3836] Investigate waffle flags (CenterForOpenScience#9950)
  move createcachetable to post migrate signal (CenterForOpenScience#9944)
  remove post-migrate signals from migration stream (CenterForOpenScience#9964)

# Conflicts:
#	admin/base/settings/defaults.py
#	api/base/settings/defaults.py
#	osf/apps.py
#	osf/migrations/0037_ensure_licenses.py
#	osf/migrations/0038_ensure_schemas.py
#	osf/migrations/0074_parse_citation_styles.py
#	osf/migrations/0077_ensure_schemas.py
#	osf/migrations/0078_ensure_schemas.py
#	osf/migrations/0080_ensure_schemas.py
#	osf/migrations/0083_add_ember_waffle_flags.py
#	osf/migrations/0095_add_url_to_licenses.py
#	osf/migrations/0095_ensure_licenses.py
#	osf/migrations/0096_ensure_schemas.py
#	osf/migrations/0099_add_default_storage_region.py
#	osf/migrations/0107_add_dependent_styles.py
#	osf/migrations/0112_ensure_schemas.py
#	osf/migrations/0121_remove_support_page_waffle_flag.py
#	osf/migrations/0121_remove_waffle_flags.py
#	osf/migrations/0135_user_settings_waffles.py
#	osf/migrations/0136_add_ember_auth_register_waffle_flag.py
#	osf/migrations/0136_preprint_node_divorce.py
#	osf/migrations/0137_transfer_preprint_service_permissions.py
#	osf/migrations/0138_ensure_subjects_and_providers.py
#	osf/migrations/0142_change_registration_schemas.py
#	osf/migrations/0142_remove_forks_flag.py
#	osf/migrations/0142_remove_waffle_analytics_flags.py
#	osf/migrations/0144_add_prereg_winddown_switches.py
#	osf/migrations/0147_blacklistedemaildomain.py
#	osf/migrations/0149_add_datacite_doi_switch.py
#	osf/migrations/0152_ensure_schemas.py
#	osf/migrations/0154_remove_ember_project_registrations_flag.py
#	osf/migrations/0156_create_cache_table.py
#	osf/migrations/0157_add_storage_usage_flag.py
#	osf/migrations/0162_post_migrate.py
#	osf/migrations/0167_auto_20190506_1556.py
#	osf/migrations/0170_ensure_schemas.py
#	osf/migrations/0172_ensure_schemas.py
#	osf/migrations/0173_ensure_schemas.py
#	osf/migrations/0174_add_ab_testing_home_page_version_b_flag.py
#	osf/migrations/0191_migrate_schemas_to_schemablocks.py
#	osf/migrations/0195_add_enable_chronos_waffle_flag.py
#	osf/migrations/0196_update_schemas.py
#	osf/migrations/0197_add_ab_testing_home_page_hero_text_version_b_flag.py
#	osf/migrations/0199_draft_node_permissions.py
#	osf/migrations/0201_add_egap_flag.py
#	osf/migrations/0204_ensure_schemas.py
#	osf/migrations/0207_ensure_schemas.py
#	osf/migrations/0207_update_schemas2.py
#	osf/migrations/0208_update_EGAP_schema.py
#	osf/migrations/0221_add_schemas.py
#	osf/migrations/0227_add_secondary_data.py
#	osf/migrations/__init__.py
#	osf_tests/test_registration_bulk_upload_parser.py
#	requirements.txt
  • Loading branch information
John Tordoff committed Aug 26, 2022
2 parents 9e246a2 + abef7a7 commit adb8503
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 15 deletions.
4 changes: 2 additions & 2 deletions api/base/middleware.py
Original file line number Diff line number Diff line change
Expand Up @@ -68,9 +68,9 @@ class CorsMiddleware(corsheaders.middleware.CorsMiddleware):
_context = threading.local()

def origin_found_in_white_lists(self, origin, url):
settings.CORS_ORIGIN_WHITELIST += api_settings.ORIGINS_WHITELIST
settings.CORS_ALLOWED_ORIGINS += api_settings.CORS_ALLOWED_ORIGINS
# Check if origin is in the dynamic custom domain whitelist
found = super(CorsMiddleware, self).origin_found_in_white_lists(origin, url)
found = super().origin_found_in_white_lists(origin, url)
# Check if a cross-origin request using the Authorization header
if not found:
if not self._context.request.COOKIES:
Expand Down
8 changes: 3 additions & 5 deletions api/base/settings/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,6 @@
>>> settings.API_BASE
'v2/'
"""
import os
from future.moves.urllib.parse import urlparse
import warnings
import itertools

Expand All @@ -28,14 +26,14 @@
assert getattr(local, setting, None) and getattr(local, setting, None) != getattr(defaults, setting, None), '{} must be specified in local.py when DEV_MODE is False'.format(setting)

def load_origins_whitelist():
global ORIGINS_WHITELIST
global CORS_ALLOWED_ORIGINS
from osf.models import Institution, PreprintProvider

institution_origins = tuple(domain.lower() for domain in itertools.chain(*Institution.objects.values_list('domains', flat=True)))
institution_origins = tuple(f'https://{domain.lower()}' for domain in itertools.chain(*Institution.objects.values_list('domains', flat=True)))

preprintprovider_origins = tuple(preprintprovider.domain.lower() for preprintprovider in PreprintProvider.objects.exclude(domain=''))

ORIGINS_WHITELIST = tuple(urlparse(url).geturl().lower().split('{}://'.format(urlparse(url).scheme))[-1] for url in institution_origins + preprintprovider_origins)
CORS_ALLOWED_ORIGINS = tuple(url for url in institution_origins + preprintprovider_origins)

def build_latest_versions(version_data):
"""Builds a dict with greatest version keyed for each major version"""
Expand Down
16 changes: 8 additions & 8 deletions api_tests/base/test_middleware.py
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ def setUp(self):
class TestCorsMiddleware(MiddlewareTestCase):
MIDDLEWARE = CorsMiddleware

@override_settings(CORS_ORIGIN_ALLOW_ALL=False)
@override_settings(CORS_ALLOW_ALL_ORIGINS=False)
def test_institutions_added_to_cors_whitelist(self):
url = api_v2_url('users/me/')
domain = urlparse('https://dinosaurs.sexy')
Expand All @@ -42,7 +42,7 @@ def test_institutions_added_to_cors_whitelist(self):
self.middleware.process_response(request, response)
assert_equal(response['Access-Control-Allow-Origin'], domain.geturl())

@override_settings(CORS_ORIGIN_ALLOW_ALL=False)
@override_settings(CORS_ALLOW_ALL_ORIGINS=False)
def test_preprintproviders_added_to_cors_whitelist(self):
url = api_v2_url('users/me/')
domain = urlparse('https://dinoprints.sexy')
Expand All @@ -57,18 +57,18 @@ def test_preprintproviders_added_to_cors_whitelist(self):
self.middleware.process_response(request, response)
assert_equal(response['Access-Control-Allow-Origin'], domain.geturl())

@override_settings(CORS_ORIGIN_ALLOW_ALL=False)
@override_settings(CORS_ALLOW_ALL_ORIGINS=False)
def test_cross_origin_request_with_cookies_does_not_get_cors_headers(self):
url = api_v2_url('users/me/')
domain = urlparse('https://dinosaurs.sexy')
request = self.request_factory.get(url, HTTP_ORIGIN=domain.geturl())
response = {}
response = HttpResponse()
with mock.patch.object(request, 'COOKIES', True):
self.middleware.process_request(request)
self.middleware.process_response(request, response)
assert_not_in('Access-Control-Allow-Origin', response)

@override_settings(CORS_ORIGIN_ALLOW_ALL=False)
@override_settings(CORS_ALLOW_ALL_ORIGINS=False)
def test_cross_origin_request_with_Authorization_gets_cors_headers(self):
url = api_v2_url('users/me/')
domain = urlparse('https://dinosaurs.sexy')
Expand All @@ -82,7 +82,7 @@ def test_cross_origin_request_with_Authorization_gets_cors_headers(self):
self.middleware.process_response(request, response)
assert_equal(response['Access-Control-Allow-Origin'], domain.geturl())

@override_settings(CORS_ORIGIN_ALLOW_ALL=False)
@override_settings(CORS_ALLOW_ALL_ORIGINS=False)
def test_cross_origin_request_with_Authorization_and_cookie_does_not_get_cors_headers(
self):
url = api_v2_url('users/me/')
Expand All @@ -92,13 +92,13 @@ def test_cross_origin_request_with_Authorization_and_cookie_does_not_get_cors_he
HTTP_ORIGIN=domain.geturl(),
HTTP_AUTHORIZATION='Bearer aqweqweohuweglbiuwefq'
)
response = {}
response = HttpResponse()
with mock.patch.object(request, 'COOKIES', True):
self.middleware.process_request(request)
self.middleware.process_response(request, response)
assert_not_in('Access-Control-Allow-Origin', response)

@override_settings(CORS_ORIGIN_ALLOW_ALL=False)
@override_settings(CORS_ALLOW_ALL_ORIGINS=False)
def test_non_institution_preflight_request_requesting_authorization_header_gets_cors_headers(
self):
url = api_v2_url('users/me/')
Expand Down

0 comments on commit adb8503

Please sign in to comment.