From a151e81f08c6565353320a179c2a951b27175d0c Mon Sep 17 00:00:00 2001
From: Nassim Tabchiche <n.tabchiche2@gmail.com>
Date: Wed, 24 Apr 2024 14:36:59 +0200
Subject: [PATCH 1/3] Run functional test workflows on Ubuntu 20.04

---
 .github/workflows/functional-tests.yml | 7 ++-----
 .github/workflows/startup-tests.yml    | 4 ++--
 2 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/functional-tests.yml b/.github/workflows/functional-tests.yml
index 6564f4ffa..b152d47f2 100644
--- a/.github/workflows/functional-tests.yml
+++ b/.github/workflows/functional-tests.yml
@@ -11,7 +11,7 @@ env:
 
 jobs:
   functional-tests:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     env:
       backend-directory: ./backend
       working-directory: ./frontend
@@ -27,10 +27,7 @@ jobs:
         options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
       mailhog:
         image: mailhog/mailhog
-        ports: [
-          "1025:1025", 
-          "8025:8025"
-        ]
+        ports: ["1025:1025", "8025:8025"]
 
     strategy:
       max-parallel: 4
diff --git a/.github/workflows/startup-tests.yml b/.github/workflows/startup-tests.yml
index edee09781..c68b4a0ac 100644
--- a/.github/workflows/startup-tests.yml
+++ b/.github/workflows/startup-tests.yml
@@ -11,7 +11,7 @@ env:
 
 jobs:
   startup-functional-test:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
 
     services:
       postgres:
@@ -92,7 +92,7 @@ jobs:
             ${{ env.working-directory }}/tests/reports/
           retention-days: 5
   startup-docker-compose-test:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     env:
       COMPOSE_TEST: True
     steps:

From 3b5289f4a440bdc28f46024a869dd09ee25469ba Mon Sep 17 00:00:00 2001
From: Nassim Tabchiche <n.tabchiche2@gmail.com>
Date: Wed, 24 Apr 2024 15:31:37 +0200
Subject: [PATCH 2/3] Rewrite export backup view as a class-based view

This fixes the error 400 when attempting to export a backup.

The issue was due to dump_db_view being a function-based view,
and thus not inheriting `settings.DEFAULT_AUTHENTICATION_CLASSES`,
therefore assuming the authentication is session-based while it is
in fact token-based.
---
 backend/serdes/urls.py  |  2 +-
 backend/serdes/views.py | 65 +++++++++++++++++++----------------------
 2 files changed, 31 insertions(+), 36 deletions(-)

diff --git a/backend/serdes/urls.py b/backend/serdes/urls.py
index 2165d580b..48f741602 100644
--- a/backend/serdes/urls.py
+++ b/backend/serdes/urls.py
@@ -3,7 +3,7 @@
 from . import views
 
 urlpatterns = [
-    path("dump-db/", views.dump_db_view, name="dump-db"),
+    path("dump-db/", views.ExportBackupView.as_view(), name="dump-db"),
     path(
         "load-backup/",
         views.LoadBackupView.as_view(),
diff --git a/backend/serdes/views.py b/backend/serdes/views.py
index 6c4781c94..3ceed8bf5 100644
--- a/backend/serdes/views.py
+++ b/backend/serdes/views.py
@@ -1,47 +1,42 @@
+import io
 import json
-from django.http import HttpResponse
-from django.core import management
-from django.core.management.commands import loaddata, dumpdata
-from django.contrib.auth.decorators import user_passes_test
+import sys
 from datetime import datetime
+
+from ciso_assistant.settings import VERSION
+from django.core import management
+from django.core.management.commands import dumpdata, loaddata
+from django.http import HttpResponse
 from rest_framework import status
 from rest_framework.parsers import JSONParser
 from rest_framework.response import Response
-
 from rest_framework.views import APIView
 
-from ciso_assistant.settings import VERSION
-
-import sys
-import io
-
 from serdes.serializers import LoadBackupSerializer
 
 
-def is_admin_check(user):
-    return user.has_backup_permission
-
-
-@user_passes_test(is_admin_check)
-def dump_db_view(request):
-    response = HttpResponse(content_type="application/json")
-    timestamp = datetime.now().strftime("%Y%m%d-%H%M%S")
-    response["Content-Disposition"] = (
-        f'attachment; filename="ciso-assistant-db-{timestamp}.json"'
-    )
-
-    response.write(f'[{{"meta": [{{"media_version": "{VERSION}"}}]}},\n')
-    # Here we dump th data to stdout
-    # NOTE: We will not be able to dump selected folders with this method.
-    management.call_command(
-        dumpdata.Command(),
-        exclude=["contenttypes", "auth.permission", "sessions.session"],
-        indent=4,
-        stdout=response,
-        natural_foreign=True,
-    )
-    response.write("]")
-    return response
+class ExportBackupView(APIView):
+    def get(self, request, *args, **kwargs):
+        if not request.user.has_backup_permission:
+            return Response(status=status.HTTP_403_FORBIDDEN)
+        response = HttpResponse(content_type="application/json")
+        timestamp = datetime.now().strftime("%Y%m%d-%H%M%S")
+        response[
+            "Content-Disposition"
+        ] = f'attachment; filename="ciso-assistant-db-{timestamp}.json"'
+
+        response.write(f'[{{"meta": [{{"media_version": "{VERSION}"}}]}},\n')
+        # Here we dump th data to stdout
+        # NOTE: We will not be able to dump selected folders with this method.
+        management.call_command(
+            dumpdata.Command(),
+            exclude=["contenttypes", "auth.permission", "sessions.session"],
+            indent=4,
+            stdout=response,
+            natural_foreign=True,
+        )
+        response.write("]")
+        return response
 
 
 class LoadBackupView(APIView):
@@ -49,7 +44,7 @@ class LoadBackupView(APIView):
     serializer_class = LoadBackupSerializer
 
     def post(self, request, *args, **kwargs):
-        if not is_admin_check(request.user):
+        if not request.user.has_backup_permission:
             return Response(status=status.HTTP_403_FORBIDDEN)
         if request.data:
             sys.stdin = io.StringIO(json.dumps(request.data[1]))

From 0f32e87dc26cc135bdc66265a401b64da3dd88cf Mon Sep 17 00:00:00 2001
From: Nassim Tabchiche <n.tabchiche2@gmail.com>
Date: Wed, 24 Apr 2024 16:46:56 +0200
Subject: [PATCH 3/3] chore: Run formatter

---
 backend/serdes/views.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/backend/serdes/views.py b/backend/serdes/views.py
index 3ceed8bf5..4cd2cb218 100644
--- a/backend/serdes/views.py
+++ b/backend/serdes/views.py
@@ -21,9 +21,9 @@ def get(self, request, *args, **kwargs):
             return Response(status=status.HTTP_403_FORBIDDEN)
         response = HttpResponse(content_type="application/json")
         timestamp = datetime.now().strftime("%Y%m%d-%H%M%S")
-        response[
-            "Content-Disposition"
-        ] = f'attachment; filename="ciso-assistant-db-{timestamp}.json"'
+        response["Content-Disposition"] = (
+            f'attachment; filename="ciso-assistant-db-{timestamp}.json"'
+        )
 
         response.write(f'[{{"meta": [{{"media_version": "{VERSION}"}}]}},\n')
         # Here we dump th data to stdout