diff --git a/.husky/pre-commit b/.husky/pre-commit index 2867590..32d0bfb 100755 --- a/.husky/pre-commit +++ b/.husky/pre-commit @@ -4,7 +4,7 @@ PURPLE='\033[0;35m' NC='\033[0m' # No Color -source "${VIRTUAL_ENV}/bin/activate" +. "${VIRTUAL_ENV}/bin/activate" if [ $? -ne 0 ] then diff --git a/.husky/pre-push b/.husky/pre-push index 07e64c7..eb484ac 100755 --- a/.husky/pre-push +++ b/.husky/pre-push @@ -4,7 +4,7 @@ PURPLE='\033[0;35m' NC='\033[0m' # No Color -source "${VIRTUAL_ENV}/bin/activate" +. "${VIRTUAL_ENV}/bin/activate" if [ $? -ne 0 ] then diff --git a/production_entrypoint.sh b/production_entrypoint.sh index 1415f92..0efc365 100755 --- a/production_entrypoint.sh +++ b/production_entrypoint.sh @@ -10,8 +10,23 @@ fi if test -f "$DB_PASSWD_FILE"; then export DB_PASSWD=$(cat $DB_PASSWD_FILE) fi -if test -f "$GOOGLE_CREDS_FILE"; then - export GOOGLE_CREDS=$(cat $GOOGLE_CREDS_FILE) +if test -f "$G_PRIVATE_KEY_ID_FILE"; then + export G_PRIVATE_KEY_ID=$(cat $G_PRIVATE_KEY_ID_FILE) +fi +if test -f "$G_PRIVATE_KEY_FILE"; then + export G_PRIVATE_KEY="$(cat $G_PRIVATE_KEY_FILE)" +fi +if test -f "$G_CLIENT_EMAIL_FILE"; then + export G_CLIENT_EMAIL=$(cat $G_CLIENT_EMAIL_FILE) +fi +if test -f "$G_CLIENT_ID_FILE"; then + export G_CLIENT_ID=$(cat $G_CLIENT_ID_FILE) +fi +if test -f "$G_CLIENT_URL_FILE"; then + export G_CLIENT_URL=$(cat $G_CLIENT_URL_FILE) +fi +if test -f "$GROUP_KEY_FILE"; then + export GROUP_KEY=$(cat $GROUP_KEY_FILE) fi # Collect static files diff --git a/sikweb/settings.py b/sikweb/settings.py index 87a5e69..5580203 100644 --- a/sikweb/settings.py +++ b/sikweb/settings.py @@ -82,11 +82,19 @@ DATABASES = { # Google api settings GROUP_KEY = os.getenv("GROUP_KEY", "") -try: - GOOGLE_CREDS_JSON = json.loads(os.getenv("GOOGLE_CREDS", "{}")) -except: - GOOGLE_CREDS_JSON = json.loads("{}") +GOOGLE_CREDS = { + "type": "service_account", + "project_id": "web2-backend", + "private_key_id": os.getenv("G_PRIVATE_KEY_ID", ""), + "private_key": os.getenv("G_PRIVATE_KEY", ""), + "client_email": os.getenv("G_CLIENT_EMAIL", ""), + "client_id": os.getenv("G_CLIENT_ID", ""), + "auth_uri": "https://accounts.google.com/o/oauth2/auth", + "token_uri": "https://oauth2.googleapis.com/token", + "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", + "client_x509_cert_url": os.getenv("G_CLIENT_URL", ""), +} # JWT authentication SIMPLE_JWT = { diff --git a/stack-compose-dev.yml b/stack-compose-dev.yml index d92b95f..ff3cc4c 100644 --- a/stack-compose-dev.yml +++ b/stack-compose-dev.yml @@ -29,15 +29,39 @@ services: - FRONTEND_URL=dev.sahkoinsinoorikilta.fi - DEBUG=True - EMAIL_API_KEY_FILE=/run/secrets/DJANGO_EMAIL_API_KEY + - G_PRIVATE_KEY_ID_FILE=/run/secrets/BACKEND_G_PRIVATE_KEY_ID + - G_PRIVATE_KEY_FILE=/run/secrets/BACKEND_G_PRIVATE_KEY + - G_CLIENT_EMAIL_FILE=/run/secrets/BACKEND_G_CLIENT_EMAIL + - G_CLIENT_ID_FILE=/run/secrets/BACKEND_G_CLIENT_ID + - G_CLIENT_URL_FILE=/run/secrets/BACKEND_G_CLIENT_URL + - GROUP_KEY_FILE=/run/secrets/BACKEND_GROUP_KEY - DB_HOST=db - DB_PORT=5432 secrets: - DJANGO_EMAIL_API_KEY + - BACKEND_G_PRIVATE_KEY_ID + - BACKEND_G_PRIVATE_KEY + - BACKEND_G_CLIENT_EMAIL + - BACKEND_G_CLIENT_ID + - BACKEND_G_CLIENT_URL + - BACKEND_GROUP_KEY secrets: DJANGO_EMAIL_API_KEY: external: true + BACKEND_G_PRIVATE_KEY_ID: + external: true + BACKEND_G_PRIVATE_KEY: + external: true + BACKEND_G_CLIENT_EMAIL: + external: true + BACKEND_G_CLIENT_ID: + external: true + BACKEND_G_CLIENT_URL: + external: true + BACKEND_GROUP_KEY: + external: true volumes: dbdata: diff --git a/stack-compose.yml b/stack-compose.yml index d780df1..a336faf 100644 --- a/stack-compose.yml +++ b/stack-compose.yml @@ -34,13 +34,23 @@ services: - SECRET_KEY_FILE=/run/secrets/BACKEND_SECRET_KEY - DB_PASSWD_FILE=/run/secrets/BACKEND_DB_PASSWD - EMAIL_API_KEY_FILE=/run/secrets/BACKEND_EMAIL_API_KEY - - GOOGLE_CREDS_FILE=/run/secrets/BACKEND_GOOGLE_CREDS + - G_PRIVATE_KEY_ID_FILE=/run/secrets/BACKEND_G_PRIVATE_KEY_ID + - G_PRIVATE_KEY_FILE=/run/secrets/BACKEND_G_PRIVATE_KEY + - G_CLIENT_EMAIL_FILE=/run/secrets/BACKEND_G_CLIENT_EMAIL + - G_CLIENT_ID_FILE=/run/secrets/BACKEND_G_CLIENT_ID + - G_CLIENT_URL_FILE=/run/secrets/BACKEND_G_CLIENT_URL + - GROUP_KEY_FILE=/run/secrets/BACKEND_GROUP_KEY secrets: - BACKEND_SECRET_KEY - BACKEND_DB_PASSWD - BACKEND_EMAIL_API_KEY - - BACKEND_GOOGLE_CREDS + - BACKEND_G_PRIVATE_KEY_ID + - BACKEND_G_PRIVATE_KEY + - BACKEND_G_CLIENT_EMAIL + - BACKEND_G_CLIENT_ID + - BACKEND_G_CLIENT_URL + - BACKEND_GROUP_KEY secrets: BACKEND_SECRET_KEY: @@ -49,5 +59,15 @@ secrets: external: true BACKEND_EMAIL_API_KEY: external: true - BACKEND_GOOGLE_CREDS: + BACKEND_G_PRIVATE_KEY_ID: + external: true + BACKEND_G_PRIVATE_KEY: + external: true + BACKEND_G_CLIENT_EMAIL: + external: true + BACKEND_G_CLIENT_ID: + external: true + BACKEND_G_CLIENT_URL: + external: true + BACKEND_GROUP_KEY: external: true diff --git a/webapp/utils.py b/webapp/utils.py index d79446c..19c2f6c 100644 --- a/webapp/utils.py +++ b/webapp/utils.py @@ -25,7 +25,7 @@ from sikweb.settings import ( DEFAULT_EMAIL_FROM_ADDR, ENABLE_AUTOMATIC_EMAILS, GROUP_KEY, - GOOGLE_CREDS_JSON, + GOOGLE_CREDS, ) from datetime import timedelta @@ -136,7 +136,7 @@ def add_to_mailinglist(email: str): # create credentials, with subject is used to impersonate admin account # jas_manager has groups editor rights in google admin credentials = service_account.Credentials.from_service_account_info( - info=GOOGLE_CREDS_JSON, scopes=SCOPES + info=GOOGLE_CREDS, scopes=SCOPES ).with_subject("jas_manager@sahkoinsinoorikilta.fi") service = build("admin", "directory_v1", credentials=credentials) @@ -157,3 +157,14 @@ def add_to_mailinglist(email: str): ) send_email(to, subject, body) + except ValueError as err: + logging.exception("Formatting of google credentials is incorrect") + + if DEPLOY_ENV == "production": + to = "ilari.ojakorpi@sahkoinsinoorikilta.fi" + subject = "Web error: Failed adding to google groups" + body = "Google credential formatted incorretly\nEmail that was not added: {}\n\nAdd user manually to jäsenet groups.".format( + email + ) + + send_email(to, subject, body)