Skip to content

Commit

Permalink
Merge eb26b81 into 584ccd2
Browse files Browse the repository at this point in the history
  • Loading branch information
@helllllllder
helllllllder committed May 24, 2022
2 parents 584ccd2 + eb26b81 commit 347c360
Show file tree
Hide file tree
Showing 4 changed files with 41 additions and 2 deletions.
2 changes: 2 additions & 0 deletions bothub/authentication/authorization.py
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import logging
import re

from django.utils.translation import ugettext_lazy as _
from bothub.utils import check_module_permission
Expand Down Expand Up @@ -95,6 +96,7 @@ def create_user(self, claims):
# Override existing create_user method in OIDCAuthenticationBackend
email = claims.get("email")
username = self.get_username(claims)[:16]
username = re.sub("[^A-Za-z0-9]+", "", username)
user = self.UserModel.objects.create_user(email, username)

user.name = claims.get("name", "")
Expand Down
19 changes: 18 additions & 1 deletion bothub/settings.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -146,12 +146,12 @@
"whitenoise.middleware.WhiteNoiseMiddleware",
"django.contrib.sessions.middleware.SessionMiddleware",
"django.middleware.locale.LocaleMiddleware",
"csp.middleware.CSPMiddleware",
"corsheaders.middleware.CorsMiddleware",
"django.middleware.common.CommonMiddleware",
"django.middleware.csrf.CsrfViewMiddleware",
"django.contrib.auth.middleware.AuthenticationMiddleware",
"django.contrib.messages.middleware.MessageMiddleware",
"django.middleware.clickjacking.XFrameOptionsMiddleware",
"bothub.api.v2.middleware.UserLanguageMiddleware",
]

Expand Down Expand Up @@ -301,6 +301,23 @@
CSRF_COOKIE_SECURE = env.bool("CSRF_COOKIE_SECURE")


# CSP headers

CSP_DEFAULT_SRC = env.tuple("CSP_DEFAULT_SRC", default=("'self'",))
CSP_FRAME_ANCESTORS = env.tuple("CSP_FRAME_ANCESTORS", default=("'self'", "*.weni.ai"))
CSP_FONT_SRC = env.tuple("CSP_FONT_SRC", default=CSP_DEFAULT_SRC)
CSP_STYLE_SRC = env.tuple(
"CSP_STYLE_SRC", default=("'self'", "'unsafe-inline'", "'unsafe-eval'")
)
CSP_STYLE_SRC_ELEM = env.tuple("CSP_STYLE_SRC_ELEM", default=CSP_STYLE_SRC)
CSP_SCRIPT_SRC = env.tuple(
"CSP_SCRIPT_SRC", default=("'self'", "'unsafe-inline'", "'unsafe-eval'")
)
CSP_SCRIPT_SRC_ELEM = env.tuple("CSP_SCRIPT_SRC_ELEM", default=CSP_SCRIPT_SRC)
CSP_FRAME_SRC = env.tuple("CSP_FRAME_SRC", default=CSP_DEFAULT_SRC)
CSP_CONNECT_SRC = env.tuple("CSP_CONNECT_SRC", default=CSP_DEFAULT_SRC)


# Logging

LOGGING = DEFAULT_LOGGING
Expand Down
21 changes: 20 additions & 1 deletion poetry.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions pyproject.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@ psycopg2-binary = "~=2.9.1"
weni-protobuffers = "~=1.2.1"
black = "21.7b0"
Pillow = "~=8.4.0"
django-csp = "^3.7"

[tool.poetry.dev-dependencies]
flake8 = "~=4.0.0"
Expand Down

0 comments on commit 347c360

Please sign in to comment.