Merge pull request #1164 from maykinmedia/fix/docker-setup

⬆️ [#2321] Upgrade several dependencies and fix docker setup

Dockerfile

@@ -28,13 +28,13 @@ WORKDIR /app
 RUN mkdir /app/src
 
 # Ensure we use the latest version of pip
-RUN pip install pip setuptools -U
+RUN pip install pip>=24 setuptools -U
 COPY ./requirements /app/requirements
 RUN pip install -r requirements/production.txt
 
 
 # Stage 2 - Install frontend deps and build assets
-FROM node:13-buster AS frontend-build
+FROM node:20-buster AS frontend-build
 
 RUN apt-get update && apt-get install -y --no-install-recommends \
         git \

docker-compose.yml

@@ -29,13 +29,12 @@ services:
     build: .
     environment:
       - DJANGO_SETTINGS_MODULE=open_inwoner.conf.docker
-      - SECRET_KEY=${SECRET_KEY:-7bk)w=_%lnm#68rc!c)h@gy&5+%^f$=okq17bv!)yv!l0udu2y}
+      - SECRET_KEY=${SECRET_KEY:-7bk)w=_%lnm#68rc!c)h@gy&5+%^fl=okq17bv!)yv!l0udu2y}
       - ALLOWED_HOSTS=*
       - CACHE_DEFAULT=redis:6379/0
       - CACHE_AXES=redis:6379/0
       - ES_HOST=elasticsearch
-      - TWO_FACTOR_FORCE_OTP_ADMIN=0
-      - TWO_FACTOR_PATCH_ADMIN=0
+      - DISABLE_2FA=${DISABLE_2FA:-True}
     ports:
       - 8000:8000
     depends_on:

requirements/base.txt

@@ -61,11 +61,12 @@ click-repl==0.2.0
     # via celery
 confusable-homoglyphs==3.2.0
     # via django-registration
-cryptography==41.0.7
+cryptography==42.0.4
     # via
     #   django-digid-eherkenning
     #   django-simple-certmanager
     #   josepy
+    #   maykin-python3-saml
     #   mozilla-django-oidc
     #   pyopenssl
     #   webauthn
@@ -346,7 +347,7 @@ html5lib==1.1
     #   weasyprint
 humanfriendly==10.0
     # via -r requirements/base.in
-idna==3.2
+idna==3.7
     # via
     #   email-validator
     #   requests
@@ -377,7 +378,7 @@ markuppy==1.14
     # via tablib
 maykin-2fa==1.0.0
     # via -r requirements/base.in
-maykin-python3-saml==1.16.0
+maykin-python3-saml==1.16.1
     # via
     #   -r requirements/base.in
     #   django-digid-eherkenning
@@ -403,7 +404,7 @@ phonenumbers==8.13.29
     # via -r requirements/base.in
 phonenumberslite==8.13.29
     # via django-two-factor-auth
-pillow==10.2.0
+pillow==10.3.0
     # via
     #   -r requirements/base.in
     #   djangocms-text-ckeditor
@@ -430,12 +431,11 @@ pyjwt==2.8.0
     # via
     #   gemma-zds-client
     #   messagebird
-pyopenssl==23.3.0
+pyopenssl==24.0.0
     # via
     #   -r requirements/base.in
     #   django-simple-certmanager
     #   josepy
-    #   maykin-python3-saml
     #   webauthn
     #   zgw-consumers
 pyphen==0.12.0
@@ -462,11 +462,10 @@ pyyaml==6.0
     # via
     #   drf-spectacular
     #   gemma-zds-client
-    #   responses
     #   tablib
 qrcode==6.1
     # via django-two-factor-auth
-redis==3.5.3
+redis==5.0.3
     # via django-redis
 reportlab==3.6.13
     # via
@@ -482,13 +481,7 @@ requests==2.31.0
     #   maykin-python3-saml
     #   messagebird
     #   mozilla-django-oidc
-    #   requests-mock
-    #   responses
     #   zgw-consumers
-requests-mock==1.12.1
-    # via maykin-python3-saml
-responses==0.25.0
-    # via maykin-python3-saml
 sentry-sdk==1.38.0
     # via -r requirements/base.in
 six==1.16.0
@@ -532,7 +525,6 @@ urllib3==1.26.18
     #   elastic-apm
     #   elasticsearch
     #   requests
-    #   responses
     #   sentry-sdk
 uwsgi==2.0.23
     # via -r requirements/base.in

requirements/ci.txt

@@ -127,13 +127,14 @@ confusable-homoglyphs==3.2.0
     #   django-registration
 coverage==4.5.4
     # via -r requirements/test-tools.in
-cryptography==41.0.7
+cryptography==42.0.4
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
     #   django-digid-eherkenning
     #   django-simple-certmanager
     #   josepy
+    #   maykin-python3-saml
     #   mozilla-django-oidc
     #   pyopenssl
     #   webauthn
@@ -604,7 +605,7 @@ humanfriendly==10.0
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
-idna==3.2
+idna==3.7
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
@@ -673,7 +674,7 @@ maykin-2fa==1.0.0
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
-maykin-python3-saml==1.16.0
+maykin-python3-saml==1.16.1
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
@@ -738,7 +739,7 @@ phonenumberslite==8.13.29
     #   -c requirements/base.txt
     #   -r requirements/base.txt
     #   django-two-factor-auth
-pillow==10.2.0
+pillow==10.3.0
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
@@ -804,14 +805,13 @@ pyjwt==2.8.0
     #   messagebird
 pylint==2.17.7
     # via -r requirements/test-tools.in
-pyopenssl==23.3.0
+pyopenssl==24.0.0
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
     #   -r requirements/test-tools.in
     #   django-simple-certmanager
     #   josepy
-    #   maykin-python3-saml
     #   webauthn
     #   zgw-consumers
 pyphen==0.12.0
@@ -860,14 +860,13 @@ pyyaml==6.0
     #   -r requirements/base.txt
     #   drf-spectacular
     #   gemma-zds-client
-    #   responses
     #   tablib
 qrcode==6.1
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
     #   django-two-factor-auth
-redis==3.5.3
+redis==5.0.3
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
@@ -891,19 +890,9 @@ requests==2.31.0
     #   messagebird
     #   mozilla-django-oidc
     #   requests-mock
-    #   responses
     #   zgw-consumers
 requests-mock==1.12.1
-    # via
-    #   -c requirements/base.txt
-    #   -r requirements/base.txt
-    #   -r requirements/test-tools.in
-    #   maykin-python3-saml
-responses==0.25.0
-    # via
-    #   -c requirements/base.txt
-    #   -r requirements/base.txt
-    #   maykin-python3-saml
+    # via -r requirements/test-tools.in
 sentry-sdk==1.38.0
     # via
     #   -c requirements/base.txt
@@ -976,7 +965,6 @@ urllib3==1.26.18
     #   elastic-apm
     #   elasticsearch
     #   requests
-    #   responses
     #   sentry-sdk
 uwsgi==2.0.23
     # via

requirements/dev.txt

@@ -154,13 +154,14 @@ coverage==4.5.4
     # via
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
-cryptography==41.0.7
+cryptography==42.0.4
     # via
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
     #   django-digid-eherkenning
     #   django-simple-certmanager
     #   josepy
+    #   maykin-python3-saml
     #   mozilla-django-oidc
     #   pyopenssl
     #   webauthn
@@ -682,7 +683,7 @@ humanfriendly==10.0
     # via
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
-idna==3.2
+idna==3.7
     # via
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
@@ -769,7 +770,7 @@ maykin-2fa==1.0.0
     # via
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
-maykin-python3-saml==1.16.0
+maykin-python3-saml==1.16.1
     # via
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
@@ -852,7 +853,7 @@ phonenumberslite==8.13.29
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
     #   django-two-factor-auth
-pillow==10.2.0
+pillow==10.3.0
     # via
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
@@ -936,13 +937,12 @@ pylint==2.17.7
     # via
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
-pyopenssl==23.3.0
+pyopenssl==24.0.0
     # via
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
     #   django-simple-certmanager
     #   josepy
-    #   maykin-python3-saml
     #   webauthn
     #   zgw-consumers
 pyphen==0.12.0
@@ -995,7 +995,6 @@ pyyaml==6.0
     #   bandit
     #   drf-spectacular
     #   gemma-zds-client
-    #   responses
     #   tablib
 pyzmq==25.1.2
     # via locust
@@ -1004,7 +1003,7 @@ qrcode==6.1
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
     #   django-two-factor-auth
-redis==3.5.3
+redis==5.0.3
     # via
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
@@ -1029,19 +1028,12 @@ requests==2.31.0
     #   messagebird
     #   mozilla-django-oidc
     #   requests-mock
-    #   responses
     #   sphinx
     #   zgw-consumers
 requests-mock==1.12.1
     # via
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
-    #   maykin-python3-saml
-responses==0.25.0
-    # via
-    #   -c requirements/ci.txt
-    #   -r requirements/ci.txt
-    #   maykin-python3-saml
 roundrobin==0.0.4
     # via locust
 sentry-sdk==1.38.0
@@ -1155,7 +1147,6 @@ urllib3==1.26.18
     #   elastic-apm
     #   elasticsearch
     #   requests
-    #   responses
     #   sentry-sdk
 uwsgi==2.0.23
     # via

src/open_inwoner/conf/dev.py

@@ -144,7 +144,7 @@
 TWO_FACTOR_PATCH_ADMIN = False
 
 # Disable two-factor authentication by default for development
-if config("DISABLE_2FA", default=True):
+if config("DISABLE_2FA", default=True, cast=bool):
     MAYKIN_2FA_ALLOW_MFA_BYPASS_BACKENDS = AUTHENTICATION_BACKENDS
 
 # playwright multi browser

src/open_inwoner/conf/docker.py

@@ -13,3 +13,6 @@
 # os.environ.setdefault("ALLOWED_HOSTS", "*")
 
 from .production import *  # noqa isort:skip
+
+if config("DISABLE_2FA", default=False, cast=bool):
+    MAYKIN_2FA_ALLOW_MFA_BYPASS_BACKENDS = AUTHENTICATION_BACKENDS