From e9212f6d131f59bf7b12599a1653ed9640863b2a Mon Sep 17 00:00:00 2001 From: Florian Aucomte Date: Fri, 1 Nov 2024 21:25:31 +0000 Subject: [PATCH 1/4] fix: Disable DB gateways (#2374) * fix: Disable logging in, verifying, resetting password and registering * Disable anonymisation cron job view --- portal/urls.py | 80 +++++++++++++++++++++++---------------- portal/views/cron/user.py | 72 +++++++++++++++++------------------ portal/views/home.py | 2 +- 3 files changed, 84 insertions(+), 70 deletions(-) diff --git a/portal/urls.py b/portal/urls.py index 0dd8127ce..5d9b77cf0 100644 --- a/portal/urls.py +++ b/portal/urls.py @@ -223,53 +223,63 @@ ), url(r"^$", home, name="home"), url(r"^home-learning", home_learning, name="home-learning"), - url(r"^register_form", register_view, name="register"), + url( + r"^register_form", + # register_view, + home, + name="register", + ), url( r"^login/teacher/$", - # The ratelimit decorator checks how often a POST request is performed on that view. - # It checks against the username value specifically. If the number of requests - # exceeds the specified rate, then the user will be blocked (if block = True). - ratelimit( - group=RATELIMIT_LOGIN_GROUP, - key="post:auth-username", - method=RATELIMIT_METHOD, - rate=RATELIMIT_LOGIN_RATE, - block=True, - )(TeacherLoginView.as_view()), + # # The ratelimit decorator checks how often a POST request is performed on that view. + # # It checks against the username value specifically. If the number of requests + # # exceeds the specified rate, then the user will be blocked (if block = True). + # ratelimit( + # group=RATELIMIT_LOGIN_GROUP, + # key="post:auth-username", + # method=RATELIMIT_METHOD, + # rate=RATELIMIT_LOGIN_RATE, + # block=True, + # )(TeacherLoginView.as_view()), + home, name="teacher_login", ), url( rf"^login/student/(?P{ACCESS_CODE_REGEX})/(?:(?Pclassform)/)?$", - ratelimit( - group=RATELIMIT_LOGIN_GROUP, - key=school_student_key, - method=RATELIMIT_METHOD, - rate=RATELIMIT_LOGIN_RATE_SCHOOL_STUDENT, - block=True, - is_teacher=False, - )(StudentLoginView.as_view()), + # ratelimit( + # group=RATELIMIT_LOGIN_GROUP, + # key=school_student_key, + # method=RATELIMIT_METHOD, + # rate=RATELIMIT_LOGIN_RATE_SCHOOL_STUDENT, + # block=True, + # is_teacher=False, + # )(StudentLoginView.as_view()), + home, name="student_login", ), url( r"^login/student/$", - StudentClassCodeView.as_view(), + # StudentClassCodeView.as_view(), + home, name="student_login_access_code", ), url( r"^u/(?P[0-9]+)/(?P[a-z0-9]+)/$", - student_direct_login, + # student_direct_login, + home, name="student_direct_login", ), url( r"^login/independent/$", - ratelimit( - group=RATELIMIT_LOGIN_GROUP, - key="post:username", - method=RATELIMIT_METHOD, - rate=RATELIMIT_LOGIN_RATE, - block=True, - is_teacher=False, - )(IndependentStudentLoginView.as_view()), + # ratelimit( + # group=RATELIMIT_LOGIN_GROUP, + # key="post:username", + # method=RATELIMIT_METHOD, + # rate=RATELIMIT_LOGIN_RATE, + # block=True, + # is_teacher=False, + # )(IndependentStudentLoginView.as_view()), + home, name="independent_student_login", ), url(r"^login_form", old_login_form_redirect, name="old_login_form"), @@ -290,17 +300,20 @@ ), url( rf"^verify_email/(?P{JWT_REGEX})/$", - verify_email, + # verify_email, + home, name="verify_email", ), url( r"^user/password/reset/student/$", - student_password_reset, + # student_password_reset, + home, name="student_password_reset", ), url( r"^user/password/reset/teacher/$", - teacher_password_reset, + # teacher_password_reset, + home, name="teacher_password_reset", ), url( @@ -310,7 +323,8 @@ ), url( r"^user/password/reset/(?P[0-9A-Za-z]+)-(?P.+)/$", - password_reset_check_and_confirm, + # password_reset_check_and_confirm, + home, name="password_reset_check_and_confirm", ), url( diff --git a/portal/views/cron/user.py b/portal/views/cron/user.py index 9531703dc..6c09fc7ac 100644 --- a/portal/views/cron/user.py +++ b/portal/views/cron/user.py @@ -172,42 +172,42 @@ def get(self, request): class AnonymiseUnverifiedAccounts(CronMixin, APIView): def get(self, request): - user_count = User.objects.filter(is_active=True).count() - - teacher_queryset, independent_student_queryset = get_unverified_users( - USER_DELETE_UNVERIFIED_ACCOUNT_DAYS, - same_day=False, - ) - teacher_count = teacher_queryset.count() - indy_count = independent_student_queryset.count() - - user_queryset = teacher_queryset.union(independent_student_queryset) - - for user in user_queryset.iterator(chunk_size=100): - try: - anonymise(user) - except Exception as ex: - logging.error(f"Failed to anonymise user with id: {user.id}") - logging.exception(ex) - - user_count -= User.objects.filter(is_active=True).count() - logging.info(f"{user_count} unverified users anonymised.") - - activity_today = DailyActivity.objects.get_or_create( - date=datetime.now().date() - )[0] - activity_today.anonymised_unverified_teachers = teacher_count - activity_today.anonymised_unverified_independents = indy_count - activity_today.save() - - TotalActivity.objects.update( - anonymised_unverified_teachers=F("anonymised_unverified_teachers") - + teacher_count, - anonymised_unverified_independents=F( - "anonymised_unverified_independents" - ) - + indy_count, - ) + # user_count = User.objects.filter(is_active=True).count() + # + # teacher_queryset, independent_student_queryset = get_unverified_users( + # USER_DELETE_UNVERIFIED_ACCOUNT_DAYS, + # same_day=False, + # ) + # teacher_count = teacher_queryset.count() + # indy_count = independent_student_queryset.count() + # + # user_queryset = teacher_queryset.union(independent_student_queryset) + # + # for user in user_queryset.iterator(chunk_size=100): + # try: + # anonymise(user) + # except Exception as ex: + # logging.error(f"Failed to anonymise user with id: {user.id}") + # logging.exception(ex) + # + # user_count -= User.objects.filter(is_active=True).count() + # logging.info(f"{user_count} unverified users anonymised.") + # + # activity_today = DailyActivity.objects.get_or_create( + # date=datetime.now().date() + # )[0] + # activity_today.anonymised_unverified_teachers = teacher_count + # activity_today.anonymised_unverified_independents = indy_count + # activity_today.save() + # + # TotalActivity.objects.update( + # anonymised_unverified_teachers=F("anonymised_unverified_teachers") + # + teacher_count, + # anonymised_unverified_independents=F( + # "anonymised_unverified_independents" + # ) + # + indy_count, + # ) return Response() diff --git a/portal/views/home.py b/portal/views/home.py index 47baa59e4..8a4abc09d 100644 --- a/portal/views/home.py +++ b/portal/views/home.py @@ -255,7 +255,7 @@ def coding_club(request): def download_student_pack(request, student_pack_type): if request.method == "POST": - count_student_pack_downloads_click(int(student_pack_type)) + # count_student_pack_downloads_click(int(student_pack_type)) link = cloud_storage("club_packs/PrimaryCodingClub.zip") return redirect(link) From 27ac724f050bd480238965cd06ea2ab7e1e8a60a Mon Sep 17 00:00:00 2001 From: github-actions Date: Fri, 1 Nov 2024 21:27:24 +0000 Subject: [PATCH 2/4] 7.4.5 Automatically generated by python-semantic-release --- portal/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/portal/__init__.py b/portal/__init__.py index b820814e9..ef424e40f 100644 --- a/portal/__init__.py +++ b/portal/__init__.py @@ -1 +1 @@ -__version__ = "7.4.4" +__version__ = "7.4.5" From 1f7ec61bbbaebb0aba0d2a4a02637d3f5119019b Mon Sep 17 00:00:00 2001 From: faucomte97 Date: Sat, 2 Nov 2024 01:11:16 +0000 Subject: [PATCH 3/4] fix: Revert "fix: Disable DB gateways (#2374)" This reverts commit e9212f6d131f59bf7b12599a1653ed9640863b2a. --- portal/urls.py | 80 ++++++++++++++++----------------------- portal/views/cron/user.py | 72 +++++++++++++++++------------------ portal/views/home.py | 2 +- 3 files changed, 70 insertions(+), 84 deletions(-) diff --git a/portal/urls.py b/portal/urls.py index 5d9b77cf0..0dd8127ce 100644 --- a/portal/urls.py +++ b/portal/urls.py @@ -223,63 +223,53 @@ ), url(r"^$", home, name="home"), url(r"^home-learning", home_learning, name="home-learning"), - url( - r"^register_form", - # register_view, - home, - name="register", - ), + url(r"^register_form", register_view, name="register"), url( r"^login/teacher/$", - # # The ratelimit decorator checks how often a POST request is performed on that view. - # # It checks against the username value specifically. If the number of requests - # # exceeds the specified rate, then the user will be blocked (if block = True). - # ratelimit( - # group=RATELIMIT_LOGIN_GROUP, - # key="post:auth-username", - # method=RATELIMIT_METHOD, - # rate=RATELIMIT_LOGIN_RATE, - # block=True, - # )(TeacherLoginView.as_view()), - home, + # The ratelimit decorator checks how often a POST request is performed on that view. + # It checks against the username value specifically. If the number of requests + # exceeds the specified rate, then the user will be blocked (if block = True). + ratelimit( + group=RATELIMIT_LOGIN_GROUP, + key="post:auth-username", + method=RATELIMIT_METHOD, + rate=RATELIMIT_LOGIN_RATE, + block=True, + )(TeacherLoginView.as_view()), name="teacher_login", ), url( rf"^login/student/(?P{ACCESS_CODE_REGEX})/(?:(?Pclassform)/)?$", - # ratelimit( - # group=RATELIMIT_LOGIN_GROUP, - # key=school_student_key, - # method=RATELIMIT_METHOD, - # rate=RATELIMIT_LOGIN_RATE_SCHOOL_STUDENT, - # block=True, - # is_teacher=False, - # )(StudentLoginView.as_view()), - home, + ratelimit( + group=RATELIMIT_LOGIN_GROUP, + key=school_student_key, + method=RATELIMIT_METHOD, + rate=RATELIMIT_LOGIN_RATE_SCHOOL_STUDENT, + block=True, + is_teacher=False, + )(StudentLoginView.as_view()), name="student_login", ), url( r"^login/student/$", - # StudentClassCodeView.as_view(), - home, + StudentClassCodeView.as_view(), name="student_login_access_code", ), url( r"^u/(?P[0-9]+)/(?P[a-z0-9]+)/$", - # student_direct_login, - home, + student_direct_login, name="student_direct_login", ), url( r"^login/independent/$", - # ratelimit( - # group=RATELIMIT_LOGIN_GROUP, - # key="post:username", - # method=RATELIMIT_METHOD, - # rate=RATELIMIT_LOGIN_RATE, - # block=True, - # is_teacher=False, - # )(IndependentStudentLoginView.as_view()), - home, + ratelimit( + group=RATELIMIT_LOGIN_GROUP, + key="post:username", + method=RATELIMIT_METHOD, + rate=RATELIMIT_LOGIN_RATE, + block=True, + is_teacher=False, + )(IndependentStudentLoginView.as_view()), name="independent_student_login", ), url(r"^login_form", old_login_form_redirect, name="old_login_form"), @@ -300,20 +290,17 @@ ), url( rf"^verify_email/(?P{JWT_REGEX})/$", - # verify_email, - home, + verify_email, name="verify_email", ), url( r"^user/password/reset/student/$", - # student_password_reset, - home, + student_password_reset, name="student_password_reset", ), url( r"^user/password/reset/teacher/$", - # teacher_password_reset, - home, + teacher_password_reset, name="teacher_password_reset", ), url( @@ -323,8 +310,7 @@ ), url( r"^user/password/reset/(?P[0-9A-Za-z]+)-(?P.+)/$", - # password_reset_check_and_confirm, - home, + password_reset_check_and_confirm, name="password_reset_check_and_confirm", ), url( diff --git a/portal/views/cron/user.py b/portal/views/cron/user.py index 6c09fc7ac..9531703dc 100644 --- a/portal/views/cron/user.py +++ b/portal/views/cron/user.py @@ -172,42 +172,42 @@ def get(self, request): class AnonymiseUnverifiedAccounts(CronMixin, APIView): def get(self, request): - # user_count = User.objects.filter(is_active=True).count() - # - # teacher_queryset, independent_student_queryset = get_unverified_users( - # USER_DELETE_UNVERIFIED_ACCOUNT_DAYS, - # same_day=False, - # ) - # teacher_count = teacher_queryset.count() - # indy_count = independent_student_queryset.count() - # - # user_queryset = teacher_queryset.union(independent_student_queryset) - # - # for user in user_queryset.iterator(chunk_size=100): - # try: - # anonymise(user) - # except Exception as ex: - # logging.error(f"Failed to anonymise user with id: {user.id}") - # logging.exception(ex) - # - # user_count -= User.objects.filter(is_active=True).count() - # logging.info(f"{user_count} unverified users anonymised.") - # - # activity_today = DailyActivity.objects.get_or_create( - # date=datetime.now().date() - # )[0] - # activity_today.anonymised_unverified_teachers = teacher_count - # activity_today.anonymised_unverified_independents = indy_count - # activity_today.save() - # - # TotalActivity.objects.update( - # anonymised_unverified_teachers=F("anonymised_unverified_teachers") - # + teacher_count, - # anonymised_unverified_independents=F( - # "anonymised_unverified_independents" - # ) - # + indy_count, - # ) + user_count = User.objects.filter(is_active=True).count() + + teacher_queryset, independent_student_queryset = get_unverified_users( + USER_DELETE_UNVERIFIED_ACCOUNT_DAYS, + same_day=False, + ) + teacher_count = teacher_queryset.count() + indy_count = independent_student_queryset.count() + + user_queryset = teacher_queryset.union(independent_student_queryset) + + for user in user_queryset.iterator(chunk_size=100): + try: + anonymise(user) + except Exception as ex: + logging.error(f"Failed to anonymise user with id: {user.id}") + logging.exception(ex) + + user_count -= User.objects.filter(is_active=True).count() + logging.info(f"{user_count} unverified users anonymised.") + + activity_today = DailyActivity.objects.get_or_create( + date=datetime.now().date() + )[0] + activity_today.anonymised_unverified_teachers = teacher_count + activity_today.anonymised_unverified_independents = indy_count + activity_today.save() + + TotalActivity.objects.update( + anonymised_unverified_teachers=F("anonymised_unverified_teachers") + + teacher_count, + anonymised_unverified_independents=F( + "anonymised_unverified_independents" + ) + + indy_count, + ) return Response() diff --git a/portal/views/home.py b/portal/views/home.py index 8a4abc09d..47baa59e4 100644 --- a/portal/views/home.py +++ b/portal/views/home.py @@ -255,7 +255,7 @@ def coding_club(request): def download_student_pack(request, student_pack_type): if request.method == "POST": - # count_student_pack_downloads_click(int(student_pack_type)) + count_student_pack_downloads_click(int(student_pack_type)) link = cloud_storage("club_packs/PrimaryCodingClub.zip") return redirect(link) From 00ad61ee5ec460d0210790706a17d7f1d5d82a93 Mon Sep 17 00:00:00 2001 From: github-actions Date: Sat, 2 Nov 2024 01:14:06 +0000 Subject: [PATCH 4/4] 7.4.6 Automatically generated by python-semantic-release --- portal/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/portal/__init__.py b/portal/__init__.py index ef424e40f..de85773b5 100644 --- a/portal/__init__.py +++ b/portal/__init__.py @@ -1 +1 @@ -__version__ = "7.4.5" +__version__ = "7.4.6"