* Add mozilla-django-oidc to the project dependencies
* Add SSO support to Bedrock for accessing Wagtail and Django admins
* Plumbs in mozilla-django-oidc
* Add custom login pages for Wagtail and Django admins that show an SSO button instead of form fields
* Retain support for username + password login (for local development)
* Tests
* Add custom CSRF page to help explain SSO-related session loss, if it occurs
Because a renewed/cycled OIDC/SSO session can zap a CSRF token and block
a user from submitting a CMS edit, we need to provide a bit more information
about what's happened. This changeset adds that, via a new template and a tiny view
to serve it, plugged in as Django's default CSRF view
Logged out users (who are very unlikely to see this anyway) get a simple
version of the message, while logged in users get more detail/context.
* Bump SSO lease time to 18 hours - trying to balance awkward signouts with wanting re-checks
* Update test.env so that Wagtail and Django admins are available by default when urlconf is generated. Oddly the reload trick didn't work here
* Update bedrock/base/templates/403_csrf.html
Co-authored-by: Alex Gibson <alexgibson@users.noreply.github.com>
* Make translation tagging consistent on new login templates
* Move new CSRF view to use a CSS bundle, not inline CSS
* Remove old, redundant CSRF view
It looks like this was no longer in use. It wasn't specified as settings.CSRF_FAILURE_VIEW so wouldn't have been used/found by Django I believe
* Drop translation markup from login templates to simplify
* Don't count the test 404 and 500 views as nonlocaled, because we do localize them
* Update bedrock/admin/templates/wagtailadmin/login.html
* Tweak wording re SSO for login pages
---------
Co-authored-by: Alex Gibson <alexgibson@users.noreply.github.com>
* Allow disabling Markus when DEBUG=True (default: keep it enabled)
* Add Wagtail 5.2 LTS as a dependency
* Hook in Wagtail Admin, while also keeping jinja-template rendering happy
* Support user-uploaded images into the CMS, both with local and cloud storage options
Of course, the cloud storage option is the only one we'll use when deployed.
Note that this also disables CSP for any routes inside the Wagtail admin
(but not pages rendered by Wagtail)
* Drop in wagtail-localize, ready for i18n/l10n
Also fix up some test regressions as a result of this change, including
changing how Careers renders a custom 404-page message
* Lay in intial 'cms' app as home for our Wagtail-related modelling.
* Support detection of CMS-based pages so that we don't falsely redirect away from pages managed by wagtail-localize
* Wrap simple CMS test page in a Protocol-based base template to confirm we load the right strings and get the lang picker
* Ensure that pages fall back (in their enriety) if we don't have a page with the matching lang code in the CMS
* Exclude the cms-admin path from the sitemap - doesn't need to be discoverable
* Remove now-redundant print statement from a data migration
* Add tests to show locales from page models are used as translations for pages
* Add tests to show that pages with restrictions (e.g. passwords) should not be cached downstream
* Add tests for StructuralPage, confirming it redirects to its parent if accessed directly
* Expand test coverage to include serve_preview for our base page model
* Fixup accidentally-commented-out app in INSTALLED_APPS
Co-authored-by: Ryan Johnson <escattone@gmail.com>
* Improve comment related to local GCS credentials, clarifying who will/won't need them and why
* Disable use of Gravatar URLs for Wagtail users
Low benefit to us, because they need CSP tweaks and also would need scrubbing before the DB export.
* Fix labelling of Wagtail's homepage
* We don't want wagtailforms enabled in our setup: public bedrock is read only
* Back out hack to 404.html for careers-related 404 -- unnecessary following i18n/routing refactor
* Back out unnecessary follow=True on the 404 test
* Ensure that demos run migrations on their local DB, so that any new Wagtail tables get made ASAP, preventing 500s
* Add a fake spec for WAGTAIL_CONTENT_LANGUAGES in Pocket mode, so that it'll boot.
We won't be using wagtail for Pocket mode
* Rename MEDIA_URL from user-media to custom-media, to make it easier to grasp
---------
Co-authored-by: Ryan Johnson <escattone@gmail.com>
Steve Jalim
Paul McLanahan
Heather Booker