Merge branch 'main' into CA-158-set-up-logging-in-the-backend

intuitem · Feb 22, 2024 · 8ec0a17 · 8ec0a17
2 parents 2805fe8 + 3ac7b39
commit 8ec0a17
Show file tree

Hide file tree

Showing 35 changed files with 1,462 additions and 747 deletions.
diff --git a/.github/workflows/startup-tests.yml b/.github/workflows/startup-tests.yml
@@ -119,15 +119,16 @@ jobs:
       - name: Config the Docker app
         run: |
           docker compose exec backend python manage.py migrate
-          docker compose exec backend /bin/bash -c "[email protected] DJANGO_SUPERUSER_PASSWORD=1234 python manage.py createsuperuser --noinput"
+          docker compose exec backend /bin/bash -c "[email protected] DJANGO_SUPERUSER_PASSWORD=1234 python manage.py createsuperuser --noinput && exit 0"
       - name: Run tests
         working-directory: ${{ env.working-directory }}
-        run: npx playwright test tests/functional/startup.test.ts
-      - uses: actions/upload-artifact@v4
-        if: always()
-        with:
-          name: startup-docker-test-report
-          path: |
-            ${{ env.working-directory }}/tests/reports/
-            ${{ env.working-directory }}/tests/results/
-          retention-days: 5
+        run: |
+          response=$(curl -d "[email protected]&password=1234" -H "Origin: https://localhost:8443" https://localhost:8443/login -k)
+          server_reponse='{"type":"redirect","status":302,"location":"/analytics"}'
+          if [[ "$response" == "$server_reponse" ]]; then
+            echo "Success"
+            exit 0
+          else
+            echo "Failure"
+            exit 1
+          fi
diff --git a/.gitignore b/.gitignore
@@ -4,5 +4,6 @@
 **/node_modules/
 .vscode
 *.sqlite3
+django_secret_key
 temp/
 db/
diff --git a/README.md b/README.md
@@ -71,7 +71,7 @@ cd ciso-assistant-community
 
 When asked for, enter your email and password for your superuser.
 
-You can then reach CISO Assistant using your web brower at [http://localhost:3000/](http://localhost:3000/)
+You can then reach CISO Assistant using your web brower at [https://localhost:8443/](https://localhost:8443/)
 
 For the following executions, use "docker-compose up" directly.
 
@@ -241,26 +241,9 @@ npm install
 npm run dev
 ```
 
-5. If you want to setup Postgres:
-
-- Launch one of these commands to enter in Postgres:
-  - `psql as superadmin`
-  - `sudo su postgres`
-  - `psql`
-- Create the database "mira"
-  - `create database mira;`
-- Create user "mirauser" and grant it access
-  - `create user mirauser with password '<POSTGRES_PASSWORD>';`
-  - `grant all privileges on database mira to mirauser;`
-
-6. Prepare and apply migrations.
-
-```sh
-(venv)$ cd backend
-(venv)$ pytest
-```
+5. Reach the frontend on http://localhost:5173
 
-Coming soon.
+Note: Safari will not properly work in this setup, as it requires https for secure cookies. The simplest solution is to use Chrome or Firefox. An alternative is to use a caddy proxy. This is the solution used in docker-compose, so you can use it as an example.
 
 ## Managing migrations
 

diff --git a/backend/ciso_assistant/asgi.py b/backend/ciso_assistant/asgi.py
@@ -1,9 +1,5 @@
 """
-<<<<<<<< HEAD:backend/ciso_assistant/asgi.py
 ASGI config for ciso_assistant project.
-========
-ASGI config for mira project.
->>>>>>>> main:mira/asgi.py
 
 It exposes the ASGI callable as a module-level variable named ``application``.
 
@@ -15,10 +11,6 @@
 
 from django.core.asgi import get_asgi_application
 
-<<<<<<<< HEAD:backend/ciso_assistant/asgi.py
 os.environ.setdefault("DJANGO_SETTINGS_MODULE", "ciso_assistant.settings")
-========
-os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'mira.settings')
->>>>>>>> main:mira/asgi.py
 
 application = get_asgi_application()
diff --git a/backend/core/helpers.py b/backend/core/helpers.py
@@ -1,4 +1,5 @@
 from datetime import date, timedelta
+from re import sub
 
 from django.db.models import Count
 from django.shortcuts import get_object_or_404
@@ -23,6 +24,11 @@
     "transfer": "#91cc75",
 }
 
+def camel_case(s):
+    s = sub(r"(_|-)+", " ", s).title().replace(" ", "")
+
+    return ''.join([s[0].lower(), s[1:]])
+
 
 def security_measure_priority(user: User):
     def get_quadrant(security_measure):
@@ -410,6 +416,7 @@ def risk_per_status(user: User):
 def security_measure_per_status(user: User):
     values = list()
     labels = list()
+    local_lables = list()
     color_map = {
         "--": "#93c5fd",
         "planned": "#fdba74",
@@ -432,7 +439,8 @@ def security_measure_per_status(user: User):
         v = {"value": count, "itemStyle": {"color": color_map[st[0]]}}
         values.append(v)
         labels.append(st[1])
-    return {"labels": labels, "values": values}
+    local_lables = [camel_case(str(l)) for l in labels]
+    return {"localLables": local_lables,"labels": labels, "values": values}
 
 
 def security_measure_per_cur_risk(user: User):
@@ -526,7 +534,6 @@ def aggregate_risks_per_field(
             values[m["risk"][i][field]]["count"] += count
     return values
 
-
 def risks_count_per_level(user: User, risk_assessments: list | None = None):
     current_level = list()
     residual_level = list()
@@ -535,14 +542,14 @@ def risks_count_per_level(user: User, risk_assessments: list | None = None):
         user, "name", risk_assessments=risk_assessments
     ).items():
         current_level.append(
-            {"name": r[0], "value": r[1]["count"], "color": r[1]["color"]}
+            {"name": r[0], "value": r[1]["count"], "color": r[1]["color"], "localName": camel_case(r[0])}
         )
 
     for r in aggregate_risks_per_field(
         user, "name", residual=True, risk_assessments=risk_assessments
     ).items():
         residual_level.append(
-            {"name": r[0], "value": r[1]["count"], "color": r[1]["color"]}
+            {"name": r[0], "value": r[1]["count"], "color": r[1]["color"], "localName": camel_case(r[0])}
         )
 
     return {"current": current_level, "residual": residual_level}

diff --git a/docker-compose.sh b/docker-compose.sh
@@ -9,6 +9,6 @@ else
     docker compose exec backend python manage.py migrate
     echo "initialize your superuser account..."
     docker compose exec backend python manage.py createsuperuser
-    echo "connect to ciso assistant on http://localhost:3000"
+    echo "connect to ciso assistant on https://localhost:8443"
     echo "for successive runs you can now use docker compose up"
 fi
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -7,19 +7,33 @@ services:
     restart: always
     environment:
       - ALLOWED_HOSTS=backend
-      - CISO_ASSISTANT_URL=http://localhost:3000
+      - CISO_ASSISTANT_URL=https://localhost:8443
       - DJANGO_DEBUG=True
     volumes:
       - ./db:/code/db
 
   frontend:
     container_name: frontend
     environment:
-        - ORIGIN=http://localhost:3000
         - PUBLIC_BACKEND_API_URL=http://backend:8000/api
+        - PROTOCOL_HEADER=x-forwarded-proto 
+        - HOST_HEADER=x-forwarded-host
     build: ./frontend
     depends_on:
       - backend
-    ports:
-      - 3000:3000
 
+  caddy:
+    container_name: caddy
+    image: caddy:2.7.6
+    restart: unless-stopped
+    ports:
+      - 8443:8443
+    command:
+        - caddy
+        - reverse-proxy
+        - --from
+        - https://localhost:8443
+        - --to
+        - frontend:3000
+    volumes:
+      - ./db:/data
diff --git a/frontend/messages/en.json b/frontend/messages/en.json
@@ -1,5 +1,177 @@
 {
 	"$schema": "https://inlang.com/schema/inlang-message-format",
-	"Home": "Home",
-	"Overview": "Overview"
+	"addButton": "Add {model}",
+	"associatedObject": "Associated {model}",
+	"french": "French",
+	"english": "English",
+	"home": "Home",
+	"edit": "Edit",
+	"overview": "Overview",
+	"context": "Context",
+	"governance": "Governance",
+	"risk": "Risk",
+	"compliance": "Compliance",
+	"organization": "Organisation",
+	"extra": "Extra",
+	"analytics": "Analytics",
+	"calendar": "Calendar",
+	"threats": "Threats",
+	"securityFunctions": "Security functions",
+	"securityMeasures": "Security measures",
+	"assets": "Assets",
+	"asset": "Asset",
+	"policies": "Policies",
+	"riskMatrices": "Risk matrices",
+	"riskAssessments": "Risk assessments",
+	"riskScenarios": "Risk scenarios",
+	"riskScenario": "Risk scenario",
+	"riskAcceptances": "Risk acceptances",
+	"riskAcceptance": "Risk acceptance",
+	"complianceAssessments": "Compliance assessments",
+	"complianceAssessment": "Compliance assessment",
+	"evidences": "Evidences",
+	"evidence": "Evidence",
+	"frameworks": "Frameworks",
+	"domains": "Domains",
+	"projects": "Projects",
+	"users": "Users",
+	"user": "User",
+	"userGroups": "User groups",
+	"roleAssignments": "Role assignments",
+	"xRays": "X-rays",
+	"scoringAssistant": "Scoring assistant",
+	"libraries": "Libraries",
+	"backupRestore": "Backup & restore",
+	"myProfile": "My profile",
+	"aboutCiso": "About CISO Assistant",
+	"Logout": "Log out",
+	"name": "Name",
+	"description": "Description",
+	"parentDomain": "Parent domain",
+	"ref": "Ref",
+	"refId": "Ref ID",
+	"businessValue": "Business value",
+	"email": "Email",
+	"firstName": "First name",
+	"lastName": "Last name",
+	"category": "Category",
+	"eta": "ETA",
+	"securityFunction": "Security function",
+	"securityMeasure": "Security measure",
+	"provider": "Provider",
+	"domain": "Domain",
+	"urn": "URN",
+	"id": "ID",
+	"treatmentStatus": "Treatment status",
+	"currentLevel": "Current level",
+	"residualLevel": "Residual level",
+	"riskMatrix": "Risk matrix",
+	"project": "Project",
+	"folder": "Folder",
+	"riskAssessment": "Risk assessment",
+	"threat": "Threat",
+	"framework": "Framework",
+	"file": "File",
+	"language": "Language",
+	"builtin": "Builtin",
+	"next": "Next",
+	"previous": "Previous",
+	"show": "Show",
+	"entries": "entries",
+	"searchPlaceholder": "Search...",
+	"noEntriesFound": "No entries found",
+	"rowCount": "Showing {start} to {end} of {total}",
+	"status": "Status",
+	"effort": "Effort",
+	"impact": "Impact",
+	"expiryDate": "Expiry date",
+	"link": "Link",
+	"createdAt": "Created at",
+	"updatedAt": "Updated at",
+	"acceptedAt": "Accepted at",
+	"rejectedAt": "Rejected at",
+	"revokedAt": "Revoked at",
+	"locale": "Locale",
+	"defaultLocale": "Default locale",
+	"annotation": "Annotation",
+	"library": "Library",
+	"typicalEvidence": "Typical evidence",
+	"parentAsset": "Parent asset",
+	"parentAssets": "Parent assets",
+	"approver": "Approver",
+	"state": "State",
+	"justification": "Justification",
+	"parentFolder": "Parent folder",
+	"contentType": "Content type",
+	"lcStatus": "Status",
+	"internalReference": "Internal reference",
+	"isActive": "Is active",
+	"dateJoined": "Date joined",
+	"version": "Version",
+	"treatment": "Treatment",
+	"currentProba": "Current probability",
+	"currentImpact": "Current impact",
+	"residualProba": "Residual probability",
+	"residualImpact": "Residual impact",
+	"existingMeasures": "Existing measures",
+	"strengthOfKnowledge": "Strength of knowledge",
+	"dueDate": "Due date",
+	"attachment": "Attachment",
+	"observation": "Observation",
+	"importMatrices": "Import matrices",
+	"importFrameworks": "Import frameworks",
+	"summary": "Summary",
+	"composer": "Composer",
+	"statistics": "Statistics",
+	"myProjects": "My projects",
+	"scenarios": "Scenarios",
+	"assignedObjects": "Assigned to {number} {object}",
+	"currentRiskLevelPerScenario": "Current risk level per risk scenario",
+	"residualRiskLevelPerScenario": "Residual risk level per risk scenario",
+	"securityMeasuresStatus": "Security measures status",
+	"currentRisk": "Current risk",
+	"residualRisk": "Residual risk",
+	"veryLow": "Very low",
+	"low": "Low",
+	"medium": "Medium",
+	"high": "High",
+	"veryHigh": "Very high",
+	"planned": "Planned",
+	"active": "Active",
+	"inactive": "Inactive",
+	"watchlist": "Watch list",
+	"watchlistDescription": "Items that have expired or with close ETA",
+	"measuresToReview": "Measures to review",
+	"exceptionsToReview": "Exceptions to review",
+	"expired": "Expired",
+	"upcoming": "Upcoming",
+	"today": "Today",
+	"actionRequested": "Action requested",
+	"noObjectYet": "No {object} yet",
+	"authors": "Authors",
+	"reviewers": "Reviewers",
+	"process": "Process",
+	"selectTargets": "Select your targets",
+	"composerDescription": "This will help you aggregate multiple components (projects) to get the compiled view on your risk. This is particularly useful for two use cases",
+	"composerDescription1": "business intelligence approach to focus on a specific subset across different project domains (eg. across divisions)",
+	"composerDescription2": "you are interested in the risk assessment of a specific system, for which you need the risk assessment of the underlying components",
+	"overallCompliance": "Overall compliance",
+	"exportButton": "Export",
+	"treatmentProgressOverview": "Treatment progress overview",
+	"pendingMeasures": "Your pending measures",
+	"orderdByRankingScore": "Ordered by ranking score",
+	"rankingScore": "Ranking score",
+	"noPendingObject": "No pending {object}",
+	"rankingScoreDefintion": "Ranking score is an adaptive metric that combines the information of effort and current risk level, and crosses it with the other data to assist you for the prioritization",
+	"actions": "Actions",
+	"projectsSummaryEmpty": "Projects summary is empty",
+	"riskOpen": "Risk: open",
+	"riskMitigate": "Risk: mitigate",
+	"riskAccept": "Risk: accept",
+	"riskAvoid": "Risk: avoid",
+	"measureOpen": "Measure: open",
+	"measureProgress": "Measure: in progress",
+	"measureHold": "Measure: on hold",
+	"measureDone": "Measure: done"
+
 }