bedrock/.env-dist

DEBUG=True
DEV=True
ALLOWED_HOSTS=*
SWITCH_NEWSLETTER_MAINTENANCE_MODE=False
CSP_DEFAULT_SRC=*.allizom.org
CONTENT_CARDS_URL=https://www-dev.allizom.org/media/
WAGTAIL_ENABLE_ADMIN=True

# By default, local dev builds store CMS-uploaded media on the local system. If
# you need to enable cloud storage for CMS media (likely only needed to debug or
# test that behaviour), you'll need service-account credentials which you
# must save locally in /path/to/bedrock/local-credentials/ (which is gitignored)
# Here's how to get those credentials:
# https://django-storages.readthedocs.io/en/latest/backends/gcloud.html

# GS_BUCKET_NAME="custom-media-bucket-name-here"
# GS_PROJECT_ID="meao-stevejalim-dev-sandbox"
# # export this before starting the django runserver:
# # GOOGLE_APPLICATION_CREDENTIALS="./local-credentials/name-of-credentials-file.json"

# Change to True if you want to use SSO locally, else you'll use username+password auth
USE_SSO_AUTH=False

# If USE_SSO_AUTH is True, you'll be using Mozilla OpenID Connect via Auth0
# Get from IAM creentials from an appropriate person within the org to set here
# in your .env
OIDC_RP_CLIENT_ID=setme
OIDC_RP_CLIENT_SECRET=setme
-												Update docs to use .env file instead of local.py

											
										
										
											2016-05-27 20:28:23 +03:00
+								DEBUG=True
 								DEV=True
 								ALLOWED_HOSTS=*
-												[fix bug 1333938] Fix Failing Bedrock/Newsletter Tests

											
										
										
											2017-01-26 01:37:41 +03:00
+								SWITCH_NEWSLETTER_MAINTENANCE_MODE=False
-												Use external data for home page content cards

This switches the current English home page to display
content cards from data in the mozmeao/www-admin repo.

Fix #6124

											
										
										
											2018-12-14 00:32:35 +03:00
+								CSP_DEFAULT_SRC=*.allizom.org
 								CONTENT_CARDS_URL=https://www-dev.allizom.org/media/
-												Wagtail in Bedrock: main groundwork (#14250)

* Allow disabling Markus when DEBUG=True (default: keep it enabled)

* Add Wagtail 5.2 LTS as a dependency

* Hook in Wagtail Admin, while also keeping jinja-template rendering happy

* Support user-uploaded images into the CMS, both with local and cloud storage options

Of course, the cloud storage option is the only one we'll use when deployed.

Note that this also disables CSP for any routes inside the Wagtail admin
(but not pages rendered by Wagtail)

* Drop in wagtail-localize, ready for i18n/l10n

Also fix up some test regressions as a result of this change, including
changing how Careers renders a custom 404-page message

* Lay in intial 'cms' app as home for our Wagtail-related modelling.

* Support detection of CMS-based pages so that we don't falsely redirect away from pages managed by wagtail-localize

* Wrap simple CMS test page in a Protocol-based base template to confirm we load the right strings and get the lang picker

* Ensure that pages fall back (in their enriety) if we don't have a page with the matching lang code in the CMS

* Exclude the cms-admin path from the sitemap - doesn't need to be discoverable

* Remove now-redundant print statement from a data migration

* Add tests to show locales from page models are used as translations for pages

* Add tests to show that pages with restrictions (e.g. passwords) should not be cached downstream

* Add tests for StructuralPage, confirming it redirects to its parent if accessed directly

* Expand test coverage to include serve_preview for our base page model

* Fixup accidentally-commented-out app in INSTALLED_APPS

Co-authored-by: Ryan Johnson <escattone@gmail.com>

* Improve comment related to local GCS credentials, clarifying who will/won't need them and why

* Disable use of Gravatar URLs for Wagtail users

Low benefit to us, because they need CSP tweaks and also would need scrubbing before the DB export.

* Fix labelling of Wagtail's homepage

* We don't want wagtailforms enabled in our setup: public bedrock is read only

* Back out hack to 404.html for careers-related 404 -- unnecessary following i18n/routing refactor

* Back out unnecessary follow=True on the 404 test

* Ensure that demos run migrations on their local DB, so that any new Wagtail tables get made ASAP, preventing 500s

* Add a fake spec for WAGTAIL_CONTENT_LANGUAGES in Pocket mode, so that it'll boot.

We won't be using wagtail for Pocket mode

* Rename MEDIA_URL from user-media to custom-media, to make it easier to grasp

---------

Co-authored-by: Ryan Johnson <escattone@gmail.com>
											
										
										
											2024-05-20 12:55:49 +03:00
+								WAGTAIL_ENABLE_ADMIN=True
 								# By default, local dev builds store CMS-uploaded media on the local system. If
 								# you need to enable cloud storage for CMS media (likely only needed to debug or
 								# test that behaviour), you'll need service-account credentials which you
 								# must save locally in /path/to/bedrock/local-credentials/ (which is gitignored)
 								# Here's how to get those credentials:
 								# https://django-storages.readthedocs.io/en/latest/backends/gcloud.html
 								# GS_BUCKET_NAME="custom-media-bucket-name-here"
 								# GS_PROJECT_ID="meao-stevejalim-dev-sandbox"
 								# # export this before starting the django runserver:
 								# # GOOGLE_APPLICATION_CREDENTIALS="./local-credentials/name-of-credentials-file.json"
-												Add SSO auth to Wagtail and Django admins  (#14649)

* Add mozilla-django-oidc to the project dependencies

* Add SSO support to Bedrock for accessing Wagtail and Django admins
* Plumbs in mozilla-django-oidc
* Add custom login pages for Wagtail and Django admins that show an SSO button instead of form fields
* Retain support for username + password login (for local development)
* Tests

* Add custom CSRF page to help explain SSO-related session loss, if it occurs

Because a renewed/cycled OIDC/SSO session can zap a CSRF token and block
a user from submitting a CMS edit, we need to provide a bit more information
about what's happened. This changeset adds that, via a new template and a tiny view
to serve it, plugged in as Django's default CSRF view

Logged out users (who are very unlikely to see this anyway) get a simple
version of the message, while logged in users get more detail/context.

* Bump SSO lease time to 18 hours - trying to balance awkward signouts with wanting re-checks

* Update test.env so that Wagtail and Django admins are available by default when urlconf is generated. Oddly the reload trick didn't work here

* Update bedrock/base/templates/403_csrf.html

Co-authored-by: Alex Gibson <alexgibson@users.noreply.github.com>

* Make translation tagging consistent on new login templates

* Move new CSRF view to use a CSS bundle, not inline CSS

* Remove old, redundant CSRF view

It looks like this was no longer in use. It wasn't specified as settings.CSRF_FAILURE_VIEW so wouldn't have been used/found by Django I believe

* Drop translation markup from login templates to simplify

* Don't count the test 404 and 500 views as nonlocaled, because we do localize them

* Update bedrock/admin/templates/wagtailadmin/login.html

* Tweak wording re SSO for login pages

---------

Co-authored-by: Alex Gibson <alexgibson@users.noreply.github.com>
											
										
										
											2024-06-07 13:47:33 +03:00
 								# Change to True if you want to use SSO locally, else you'll use username+password auth
 								USE_SSO_AUTH=False
 								# If USE_SSO_AUTH is True, you'll be using Mozilla OpenID Connect via Auth0
 								# Get from IAM creentials from an appropriate person within the org to set here
 								# in your .env
 								OIDC_RP_CLIENT_ID=setme
 								OIDC_RP_CLIENT_SECRET=setme