From 3ea513785a9fb5268ade487329f1f3a6d8b757a8 Mon Sep 17 00:00:00 2001
From: "Oksanen, Ilkka (Nokia - FI/Espoo)" <ilkka.oksanen@nokia.com>
Date: Sat, 9 Nov 2019 16:55:12 +0200
Subject: [PATCH 1/3] Add api with which nginx can authenticate users

---
 webapp/urls.py  |  3 ++-
 webapp/views.py | 41 +++++++++++++++++++++++++++++------------
 2 files changed, 31 insertions(+), 13 deletions(-)

diff --git a/webapp/urls.py b/webapp/urls.py
index 535a13d..b29953a 100644
--- a/webapp/urls.py
+++ b/webapp/urls.py
@@ -3,7 +3,7 @@
 from django.conf.urls import url, include
 from rest_framework import routers
 from rest_framework_jwt.views import obtain_jwt_token, verify_jwt_token
-from webapp.views import about_view
+from webapp.views import about_view, nginx_jwt_resp
 
 
 from webapp.views import *
@@ -29,4 +29,5 @@ urlpatterns = [
     url(r'^api/api-token-verify/', verify_jwt_token),
     # git revision
     url(r'^about', about_view),
+    url(r'^jwt_nginx', nginx_jwt_resp),
 ]
diff --git a/webapp/views.py b/webapp/views.py
index 2faef8c..b6a8d89 100644
--- a/webapp/views.py
+++ b/webapp/views.py
@@ -1,29 +1,31 @@
 """Webapp views."""
 
+import jwt
+# import logging
+# import requests
+from dealer.git import git
+from django.conf import settings
+from django.contrib.auth import authenticate, login, logout
+from django.http import HttpResponse
 # from django.db.models import Count
-from django.shortcuts import render, redirect
-from django.contrib.auth import login, logout, authenticate
+from django.shortcuts import redirect, render
 from django.views.decorators.http import require_http_methods
+from django_filters import rest_framework as filters
 # from django.views.decorators.csrf import ensure_csrf_cookie
 # from django.http import HttpResponse, HttpResponseRedirect
 # from django.contrib.auth.decorators import permission_required, login_required
 # from django.conf import settings
 # from django.utils import timezone
-from rest_framework import viewsets, routers
+from rest_framework import permissions, routers, viewsets
+from rest_framework.filters import OrderingFilter, SearchFilter
 from rest_framework.permissions import IsAuthenticatedOrReadOnly
 from rest_framework.response import Response
 from rest_framework.reverse import reverse
-from django_filters import rest_framework as filters
-from rest_framework.filters import SearchFilter, OrderingFilter
-from rest_framework import permissions
-# import logging
-# import requests
-from dealer.git import git
 
-from webapp.models import Event, SignupForm, Signup, TemplateQuestion, Feed,\
-    Committee, Official, Tag
-from webapp.serializers import *
 from members.views.utils import *
+from webapp.models import (Committee, Event, Feed, Official, Signup,
+                           SignupForm, Tag, TemplateQuestion)
+from webapp.serializers import *
 
 
 class IsPostOrIsAuthenticated(permissions.BasePermission):
@@ -207,3 +209,18 @@ def contact_view(request, *args, **kwargs):
     }
 
     return render(request, "contact.html", context)
+
+
+@require_http_methods(["GET"])
+def nginx_jwt_resp(request, *args, **kwargs):
+    cookie = request.COOKIES.get("jwt", None)
+    if not cookie:
+        return HttpResponse("", status=401)
+    try:
+        token = jwt.decode(cookie, settings.SECRET_KEY)
+    except jwt.exceptions.InvalidSignatureError:
+        return HttpResponse("", status=403)
+    user = 'admin' if token.get('username', '') == 'admin' else 'moderator'
+    resp = HttpResponse("", status=200)
+    resp['X-FBrowser-User'] = user
+    return resp

From 59f47dec2601ab2c5d620dd35a3bb3832f7b95c7 Mon Sep 17 00:00:00 2001
From: Jan Tuomi <jan.tuomi@eficode.com>
Date: Sat, 9 Nov 2019 23:51:04 +0200
Subject: [PATCH 2/3] Update signup serializer for use with form ids

---
 webapp/serializers.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/webapp/serializers.py b/webapp/serializers.py
index 9ea9456..2250a8d 100644
--- a/webapp/serializers.py
+++ b/webapp/serializers.py
@@ -49,9 +49,15 @@ class EventSerializer(serializers.HyperlinkedModelSerializer):
 
 
 class SignupSerializer(serializers.ModelSerializer):
+    signupForm = SignupFormSerializer(read_only=True, required=False)
+    signupForm_id = serializers.PrimaryKeyRelatedField(
+        source="signupForm",
+        queryset=SignupForm.objects.all()
+    )
+
     class Meta:
         model = Signup
-        fields = ('id', 'signupForm', 'answer')
+        fields = ('id', 'signupForm', 'signupForm_id', 'answer')
         extra_kwargs = {
             'url': {
                 'view_name': 'signup-detail',

From 8afeec21ccf4d729bb6d82fdd2905207fedcc8bc Mon Sep 17 00:00:00 2001
From: Aarni Halinen <aarni.halinen@gmail.com>
Date: Sun, 10 Nov 2019 03:04:40 +0200
Subject: [PATCH 3/3] Settings add localhost to allowed

---
 sikweb/settings.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sikweb/settings.py b/sikweb/settings.py
index 7333fe2..7f8fd21 100644
--- a/sikweb/settings.py
+++ b/sikweb/settings.py
@@ -17,7 +17,7 @@ from sikweb.base import *
 DEBUG = os.getenv('DEBUG', False) == 'True'
 
 URL = os.getenv("HOST", "sika.sik.party")
-ALLOWED_HOSTS = [URL]
+ALLOWED_HOSTS = ["localhost", "127.0.0.1", URL]
 
 # SECURITY WARNING: keep the secret key used in production secret!
 SECRET_KEY = os.getenv('SECRET_KEY', '<your secret key>')