Merge branch 'develop' into 'master'

Develop

See merge request sahkoinsinoorikilta/vtmk/web2.0-backend!82

.husky/pre-commit

@@ -4,7 +4,7 @@
 PURPLE='\033[0;35m'
 NC='\033[0m' # No Color
 
-source "${VIRTUAL_ENV}/bin/activate"
+. "${VIRTUAL_ENV}/bin/activate"
 
 if [ $? -ne 0 ]
 then

.husky/pre-push

@@ -4,7 +4,7 @@
 PURPLE='\033[0;35m'
 NC='\033[0m' # No Color
 
-source "${VIRTUAL_ENV}/bin/activate"
+. "${VIRTUAL_ENV}/bin/activate"
 
 if [ $? -ne 0 ]
 then

production_entrypoint.sh

@@ -10,8 +10,23 @@ fi
 if test -f "$DB_PASSWD_FILE"; then
   export DB_PASSWD=$(cat $DB_PASSWD_FILE)
 fi
-if test -f "$GOOGLE_CREDS_FILE"; then
-  export GOOGLE_CREDS=$(cat $GOOGLE_CREDS_FILE)
+if test -f "$G_PRIVATE_KEY_ID_FILE"; then
+  export G_PRIVATE_KEY_ID=$(cat $G_PRIVATE_KEY_ID_FILE)
+fi
+if test -f "$G_PRIVATE_KEY_FILE"; then
+  export G_PRIVATE_KEY="$(cat $G_PRIVATE_KEY_FILE)"
+fi
+if test -f "$G_CLIENT_EMAIL_FILE"; then
+  export G_CLIENT_EMAIL=$(cat $G_CLIENT_EMAIL_FILE)
+fi
+if test -f "$G_CLIENT_ID_FILE"; then
+  export G_CLIENT_ID=$(cat $G_CLIENT_ID_FILE)
+fi
+if test -f "$G_CLIENT_URL_FILE"; then
+  export G_CLIENT_URL=$(cat $G_CLIENT_URL_FILE)
+fi
+if test -f "$GROUP_KEY_FILE"; then
+  export GROUP_KEY=$(cat $GROUP_KEY_FILE)
 fi
 
 # Collect static files

sikweb/settings.py

@@ -82,11 +82,19 @@ DATABASES = {
 
 # Google api settings
 GROUP_KEY = os.getenv("GROUP_KEY", "")
-try:
-    GOOGLE_CREDS_JSON = json.loads(os.getenv("GOOGLE_CREDS", "{}"))
-except:
-    GOOGLE_CREDS_JSON = json.loads("{}")
 
+GOOGLE_CREDS = {
+    "type": "service_account",
+    "project_id": "web2-backend",
+    "private_key_id": os.getenv("G_PRIVATE_KEY_ID", ""),
+    "private_key": os.getenv("G_PRIVATE_KEY", ""),
+    "client_email": os.getenv("G_CLIENT_EMAIL", ""),
+    "client_id": os.getenv("G_CLIENT_ID", ""),
+    "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+    "token_uri": "https://oauth2.googleapis.com/token",
+    "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+    "client_x509_cert_url": os.getenv("G_CLIENT_URL", ""),
+}
 
 # JWT authentication
 SIMPLE_JWT = {

stack-compose-dev.yml

@@ -29,15 +29,39 @@ services:
       - FRONTEND_URL=dev.sahkoinsinoorikilta.fi
       - DEBUG=True
       - EMAIL_API_KEY_FILE=/run/secrets/DJANGO_EMAIL_API_KEY
+      - G_PRIVATE_KEY_ID_FILE=/run/secrets/BACKEND_G_PRIVATE_KEY_ID
+      - G_PRIVATE_KEY_FILE=/run/secrets/BACKEND_G_PRIVATE_KEY
+      - G_CLIENT_EMAIL_FILE=/run/secrets/BACKEND_G_CLIENT_EMAIL
+      - G_CLIENT_ID_FILE=/run/secrets/BACKEND_G_CLIENT_ID
+      - G_CLIENT_URL_FILE=/run/secrets/BACKEND_G_CLIENT_URL
+      - GROUP_KEY_FILE=/run/secrets/BACKEND_GROUP_KEY
       - DB_HOST=db
       - DB_PORT=5432
 
     secrets:
       - DJANGO_EMAIL_API_KEY
+      - BACKEND_G_PRIVATE_KEY_ID
+      - BACKEND_G_PRIVATE_KEY
+      - BACKEND_G_CLIENT_EMAIL
+      - BACKEND_G_CLIENT_ID
+      - BACKEND_G_CLIENT_URL
+      - BACKEND_GROUP_KEY
 
 secrets:
   DJANGO_EMAIL_API_KEY:
     external: true
+  BACKEND_G_PRIVATE_KEY_ID:
+    external: true
+  BACKEND_G_PRIVATE_KEY:
+    external: true
+  BACKEND_G_CLIENT_EMAIL:
+    external: true
+  BACKEND_G_CLIENT_ID:
+    external: true
+  BACKEND_G_CLIENT_URL:
+    external: true
+  BACKEND_GROUP_KEY:
+    external: true
 
 volumes:
   dbdata:

stack-compose.yml

@@ -34,13 +34,23 @@ services:
       - SECRET_KEY_FILE=/run/secrets/BACKEND_SECRET_KEY
       - DB_PASSWD_FILE=/run/secrets/BACKEND_DB_PASSWD
       - EMAIL_API_KEY_FILE=/run/secrets/BACKEND_EMAIL_API_KEY
-      - GOOGLE_CREDS_FILE=/run/secrets/BACKEND_GOOGLE_CREDS
+      - G_PRIVATE_KEY_ID_FILE=/run/secrets/BACKEND_G_PRIVATE_KEY_ID
+      - G_PRIVATE_KEY_FILE=/run/secrets/BACKEND_G_PRIVATE_KEY
+      - G_CLIENT_EMAIL_FILE=/run/secrets/BACKEND_G_CLIENT_EMAIL
+      - G_CLIENT_ID_FILE=/run/secrets/BACKEND_G_CLIENT_ID
+      - G_CLIENT_URL_FILE=/run/secrets/BACKEND_G_CLIENT_URL
+      - GROUP_KEY_FILE=/run/secrets/BACKEND_GROUP_KEY
 
     secrets:
       - BACKEND_SECRET_KEY
       - BACKEND_DB_PASSWD
       - BACKEND_EMAIL_API_KEY
-      - BACKEND_GOOGLE_CREDS
+      - BACKEND_G_PRIVATE_KEY_ID
+      - BACKEND_G_PRIVATE_KEY
+      - BACKEND_G_CLIENT_EMAIL
+      - BACKEND_G_CLIENT_ID
+      - BACKEND_G_CLIENT_URL
+      - BACKEND_GROUP_KEY
 
 secrets:
   BACKEND_SECRET_KEY:
@@ -49,5 +59,15 @@ secrets:
     external: true
   BACKEND_EMAIL_API_KEY:
     external: true
-  BACKEND_GOOGLE_CREDS:
+  BACKEND_G_PRIVATE_KEY_ID:
+    external: true
+  BACKEND_G_PRIVATE_KEY:
+    external: true
+  BACKEND_G_CLIENT_EMAIL:
+    external: true
+  BACKEND_G_CLIENT_ID:
+    external: true
+  BACKEND_G_CLIENT_URL:
+    external: true
+  BACKEND_GROUP_KEY:
     external: true

webapp/utils.py

@@ -25,7 +25,7 @@ from sikweb.settings import (
     DEFAULT_EMAIL_FROM_ADDR,
     ENABLE_AUTOMATIC_EMAILS,
     GROUP_KEY,
-    GOOGLE_CREDS_JSON,
+    GOOGLE_CREDS,
 )
 from datetime import timedelta
 
@@ -136,7 +136,7 @@ def add_to_mailinglist(email: str):
         # create credentials, with subject is used to impersonate admin account
         # jas_manager has groups editor rights in google admin
         credentials = service_account.Credentials.from_service_account_info(
-            info=GOOGLE_CREDS_JSON, scopes=SCOPES
+            info=GOOGLE_CREDS, scopes=SCOPES
         ).with_subject("jas_manager@sahkoinsinoorikilta.fi")
 
         service = build("admin", "directory_v1", credentials=credentials)
@@ -157,3 +157,14 @@ def add_to_mailinglist(email: str):
                 )
 
                 send_email(to, subject, body)
+    except ValueError as err:
+        logging.exception("Formatting of google credentials is incorrect")
+
+        if DEPLOY_ENV == "production":
+            to = "ilari.ojakorpi@sahkoinsinoorikilta.fi"
+            subject = "Web error: Failed adding to google groups"
+            body = "Google credential formatted incorretly\nEmail that was not added: {}\n\nAdd user manually to jäsenet groups.".format(
+                email
+            )
+
+            send_email(to, subject, body)