Merge branch 'master' into release

Author: suricactus

.env.example

@@ -38,9 +38,12 @@ LETSENCRYPT_RSA_KEY_SIZE=4096
 # Set to 1 if you're testing your setup to avoid hitting request limits
 LETSENCRYPT_STAGING=1
 
+####################
+# Storage settings
+####################
 
 # Used to define storages in QFieldCloud. Note the contents of this variable is a superset of Django's `STORAGES` setting.
-# NOTE: Note if the DYNAMIC_STORAGES is not available, QFieldCloud will still work with `STORAGE_ACCESS_KEY_ID`, `STORAGE_SECRET_KEY_ID`, `STORAGE_BUCKET_NAME` and `STORAGE_REGION_NAME` from previous QFC versions.
+# NOTE: Note if the `STORAGES` is not available, QFieldCloud will still work with `STORAGE_ACCESS_KEY_ID`, `STORAGE_SECRET_KEY_ID`, `STORAGE_BUCKET_NAME` and `STORAGE_REGION_NAME` from previous QFC versions.
 # NOTE: The custom property `QFC_IS_LEGACY` is temporary available to allow migration from the old to the new way of handling files. This option will soon be removed, so you are highly encouraged to migrate all the projects to the new way of handling files.
 # NOTE: The `endpoint_url` must be a URL reachable from within docker and the host, the default value `172.17.0.1` for `minio` is the docker network `bridge`. On windows/mac, change the value to "http://host.docker.internal:8009".
 # DEFAULT:
@@ -76,6 +79,16 @@ STORAGES='{
 # DEFAULT: ""
 # STORAGES_PROJECT_DEFAULT_STORAGE=
 
+# Local admin username configuration for minio storage in local and standalone instances. Uncomment if necessary.
+# NOTE: Needs to be the same as in the `STORAGES` setting in standalone config.
+# DEFAULT: MINIO_ROOT_USER=minioadmin
+# MINIO_ROOT_USER=minioadmin
+
+# Local admin password configuration for minio storage in local and standalone instances. Uncomment if necessary.
+# NOTE: Needs to be the same as in the `STORAGES` setting in standalone config.
+# DEFAULT: MINIO_ROOT_PASSWORD=minioadmin
+# MINIO_ROOT_PASSWORD=minioadmin
+
 # Public port to the minio API endpoint. It must match the configured port in `STORAGE_ENDPOINT_URL`.
 # NOTE: active only when minio is the configured as storage endpoint. Mostly for local development.
 # DEFAULT: 8009

docker-app/qfieldcloud/authentication/authentication.py

@@ -3,11 +3,12 @@
 from django.http.request import HttpRequest
 from django.utils import timezone
 from django.utils.translation import gettext as _
-from qfieldcloud.core.models import User
 from rest_framework.authentication import (
     TokenAuthentication as DjangoRestFrameworkTokenAuthentication,
 )
 
+from qfieldcloud.core.models import User
+
 from ..core.exceptions import AuthenticationViaTokenFailedError
 from .models import AuthToken
 

docker-app/qfieldcloud/authentication/migrations/0001_initial.py

@@ -1,10 +1,11 @@
 # Generated by Django 3.2.7 on 2021-10-01 22:01
 
 import django.db.models.deletion
-import qfieldcloud.authentication.models
 from django.conf import settings
 from django.db import migrations, models
 
+import qfieldcloud.authentication.models
+
 
 class Migration(migrations.Migration):
     initial = True

docker-app/qfieldcloud/authentication/tests/test_authentication.py

@@ -3,10 +3,11 @@
 
 from django.core.files.base import ContentFile
 from django.utils.timezone import now
+from rest_framework.test import APITransactionTestCase
+
 from qfieldcloud.authentication.models import AuthToken
 from qfieldcloud.core.models import Organization, Person, Team
 from qfieldcloud.core.tests.utils import setup_subscription_plans
-from rest_framework.test import APITransactionTestCase
 
 logging.disable(logging.CRITICAL)
 

docker-app/qfieldcloud/core/adapters.py

@@ -1,10 +1,20 @@
+import logging
+import traceback
+from random import randint
+
 from allauth.account import app_settings
 from allauth.account.adapter import DefaultAccountAdapter
+from allauth.account.models import EmailConfirmationHMAC
+from allauth.socialaccount.adapter import DefaultSocialAccountAdapter
+from allauth.socialaccount.providers.oauth2.provider import OAuth2Provider
+from django.contrib.auth.models import AbstractUser
 from django.core.exceptions import ValidationError
+from django.http import HttpRequest
 from invitations.adapters import BaseInvitationsAdapter
+
 from qfieldcloud.core.models import Person
-from allauth.account.models import EmailConfirmationHMAC
-from django.http import HttpRequest
+
+logger = logging.getLogger(__name__)
 
 
 class AccountAdapter(DefaultAccountAdapter, BaseInvitationsAdapter):
@@ -53,6 +63,43 @@ def clean_username(self, username, shallow=False):
 
         return result
 
+    def populate_username(self, request: HttpRequest, user: AbstractUser) -> None:
+        """Customize username population for signups via social logins.
+
+        When a user signs up via username and password, we try to respect their
+        choice of username, and just delegate to the default implementation to
+        avoid collisions.
+
+        For users that directly sign up via a social login however, we:
+        - Take the local part of their email (part before the '@' sign)
+        - Append a random 4-digit suffix to make it likely to be unique and
+          not communicate any information about the existence of other users
+        - Let generate_unique_username() normalize the username and ensure its
+          uniqueness.
+        """
+
+        from allauth.account.utils import user_email, user_username
+
+        email = user_email(user)
+        username = user_username(user)
+
+        if username:
+            # Manually chosen username - defer to default implementation
+            return super().populate_username(request, user)
+
+        # Signup via social login - automatically generate a unique username
+        localpart = email.split("@")[0]
+        suffix = str(randint(1000, 9999))
+        username_candidate = f"{localpart}{suffix}"
+
+        if app_settings.USER_MODEL_USERNAME_FIELD:
+            user_username(
+                user,
+                self.generate_unique_username(
+                    [username_candidate], regex=r"[^\w\s\-_]"
+                ),
+            )
+
     def send_confirmation_mail(
         self,
         request: HttpRequest,
@@ -69,3 +116,37 @@ def send_confirmation_mail(
             )
 
         super().send_confirmation_mail(request, email_confirmation, signup)
+
+
+class SocialAccountAdapter(DefaultSocialAccountAdapter):
+    """Custom SocialAccountAdapter to aid SSO integration in QFC.
+
+    Logs stack trace and error details on 3rd party authentication errors.
+    """
+
+    def on_authentication_error(
+        self,
+        request: HttpRequest,
+        provider: OAuth2Provider,
+        error: str = None,
+        exception: Exception = None,
+        extra_context: dict = None,
+    ) -> None:
+        logger.error("SSO Authentication error:", exc_info=True)
+        logger.error(f"Provider: {provider!r}")
+        logger.error(f"Error: {error!r}")
+
+        if not extra_context:
+            extra_context = {}
+
+        # Make stack strace available in template context.
+        #
+        # That way, it could be displayed in the frontend (for debugging
+        # purposes), by overriding socialaccount/authentication_error.html and
+        # using {{ formatted_exception }} to display the stack trace.
+        extra_context["formatted_exception"] = "\n".join(
+            traceback.format_exception(exception)
+        )
+        super().on_authentication_error(
+            request, provider, error, exception, extra_context
+        )

docker-app/qfieldcloud/core/admin.py

@@ -11,7 +11,6 @@
 from allauth.account.forms import EmailAwarePasswordResetTokenGenerator
 from allauth.account.models import EmailAddress
 from allauth.account.utils import user_pk_to_url_str
-from allauth.socialaccount.models import SocialAccount, SocialApp, SocialToken
 from auditlog.admin import LogEntryAdmin as BaseLogEntryAdmin
 from auditlog.filters import ResourceTypeFilter
 from auditlog.models import ContentType, LogEntry
@@ -37,6 +36,8 @@
 from django.views.decorators.cache import never_cache
 from invitations.admin import InvitationAdmin as InvitationAdminBase
 from invitations.utils import get_invitation_model
+from rest_framework.authtoken.models import TokenProxy
+
 from qfieldcloud.core import exceptions
 from qfieldcloud.core.models import (
     ApplyJob,
@@ -58,7 +59,6 @@
 from qfieldcloud.core.paginators import LargeTablePaginator
 from qfieldcloud.core.templatetags.filters import filesizeformat10
 from qfieldcloud.core.utils2 import delta_utils, jobs, pg_service_file
-from rest_framework.authtoken.models import TokenProxy
 
 admin.site.unregister(LogEntry)
 
@@ -147,9 +147,6 @@ def admin_urlname_by_obj(value, arg):
 # Unregister admins from other Django apps
 admin.site.unregister(Invitation)
 admin.site.unregister(TokenProxy)
-admin.site.unregister(SocialAccount)
-admin.site.unregister(SocialApp)
-admin.site.unregister(SocialToken)
 admin.site.unregister(EmailAddress)
 
 UserEmailDetails = namedtuple(

docker-app/qfieldcloud/core/cron.py

@@ -7,11 +7,11 @@
 from invitations.utils import get_invitation_model
 from sentry_sdk import capture_message
 
+from qfieldcloud.filestorage.models import File
+
 from ..core.models import ApplyJob, ApplyJobDelta, Delta, Job, Project
 from ..core.utils2 import storage
 from .invitations_utils import send_invitation
-from qfieldcloud.filestorage.models import File
-
 
 logger = logging.getLogger(__name__)
 

docker-app/qfieldcloud/core/drf_utils.py

@@ -1,7 +1,8 @@
+from typing import Iterable
+
 from django.db.models import QuerySet
 from rest_framework import filters, views
 from rest_framework.request import Request
-from typing import Iterable
 
 
 class QfcOrderingFilter(filters.OrderingFilter):

docker-app/qfieldcloud/core/fields.py

@@ -1,11 +1,11 @@
 from __future__ import annotations
 
-from typing import Protocol, cast, Any
 from collections.abc import Callable
-from django.db import models
-from django.db.models.fields.files import FieldFile
+from typing import Any, Protocol, cast
+
 from django.core.files.storage import storages
-from django.db.models.fields.files import ImageFieldFile, ImageField
+from django.db import models
+from django.db.models.fields.files import FieldFile, ImageField, ImageFieldFile
 
 
 class FileStorageNameModelProtocol(Protocol):

docker-app/qfieldcloud/core/invitations_utils.py

@@ -9,6 +9,7 @@
 from invitations.adapters import get_invitations_adapter
 from invitations.signals import invite_url_sent
 from invitations.utils import get_invitation_model
+
 from qfieldcloud.core import permissions_utils
 from qfieldcloud.core.models import Person