Skip to content

Commit 24ccce0

Browse files
annashamrayannashamray
authored
Merge pull request #399 from maykinmedia/release/2.3.2
Release/2.3.2
2 parents 2080078 + 0376491 commit 24ccce0

21 files changed

+307
-29
lines changed

.bumpversion.cfg

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
[bumpversion]
22
commit = False
33
tag = False
4-
current_version = 2.3.1
4+
current_version = 2.3.2
55

66
[bumpversion:file:README.rst]
77

.github/workflows/quick-start.yml

+3-2
Original file line numberDiff line numberDiff line change
@@ -15,8 +15,9 @@ jobs:
1515
run: docker-compose -f docker-compose-qs.yml up -d
1616
- name: Wait until DB container starts
1717
run: sleep 10
18-
- name: Load fixtures
19-
run: docker-compose -f docker-compose-qs.yml exec -T web src/manage.py loaddata demodata
18+
# TODO uncomment when correct fixtures are uploaded into dockerhub inside docker image
19+
# - name: Load fixtures
20+
# run: docker-compose -f docker-compose-qs.yml exec -T web src/manage.py loaddata demodata
2021
- name: Create superuser
2122
run: docker-compose -f docker-compose-qs.yml exec -T web src/manage.py createsuperuser --username admin --email admin@admin.nl --no-input
2223
- name: Check main page

CHANGELOG.rst

+10
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,16 @@
22
Change history
33
==============
44

5+
2.3.2 (2024-05-03)
6+
------------------
7+
8+
Bugfix release
9+
10+
This release addresses a security weakness.
11+
12+
* [GHSA-3wcp-29hm-g82c] replaced PK for Token model.
13+
14+
515
2.3.1 (2024-03-22)
616
------------------
717

README.NL.rst

+5-5
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
Objecten API
33
============
44

5-
:Version: 2.3.1
5+
:Version: 2.3.2
66
:Source: https://github.com/maykinmedia/objecttypes-api
77
:Keywords: objecten, assets, zaakobjecten
88

@@ -38,10 +38,10 @@ Versie Release datum API specificatie
3838
============== ============== =============================
3939
latest n/a `ReDoc <https://redocly.github.io/redoc/?url=https://raw.githubusercontent.com/maykinmedia/objects-api/master/src/objects/api/v2/openapi.yaml>`_,
4040
`Swagger <https://petstore.swagger.io/?url=https://raw.githubusercontent.com/maykinmedia/objects-api/master/src/objects/api/v2/openapi.yaml>`_,
41-
(`verschillen <https://github.com/maykinmedia/objects-api/compare/2.3.1..master#diff-b9c28fec6c3f3fa5cff870d24601d6ab7027520f3b084cc767aefd258cb8c40a>`_)
42-
2.3.1 2024-03-22 `ReDoc <https://redocly.github.io/redoc/?url=https://raw.githubusercontent.com/maykinmedia/objects-api/2.3.1/src/objects/api/v2/openapi.yaml>`_,
43-
`Swagger <https://petstore.swagger.io/?url=https://raw.githubusercontent.com/maykinmedia/objects-api/2.3.1/src/objects/api/v2/openapi.yaml>`_
44-
(`verschillen <https://github.com/maykinmedia/objects-api/compare/2.3.0..2.3.1#diff-b9c28fec6c3f3fa5cff870d24601d6ab7027520f3b084cc767aefd258cb8c40a>`_)
41+
(`verschillen <https://github.com/maykinmedia/objects-api/compare/2.3.2..master#diff-b9c28fec6c3f3fa5cff870d24601d6ab7027520f3b084cc767aefd258cb8c40a>`_)
42+
2.3.2 2024-03-22 `ReDoc <https://redocly.github.io/redoc/?url=https://raw.githubusercontent.com/maykinmedia/objects-api/2.3.2/src/objects/api/v2/openapi.yaml>`_,
43+
`Swagger <https://petstore.swagger.io/?url=https://raw.githubusercontent.com/maykinmedia/objects-api/2.3.2/src/objects/api/v2/openapi.yaml>`_
44+
(`verschillen <https://github.com/maykinmedia/objects-api/compare/2.3.0..2.3.2#diff-b9c28fec6c3f3fa5cff870d24601d6ab7027520f3b084cc767aefd258cb8c40a>`_)
4545
2.3.0 2024-03-15 `ReDoc <https://redocly.github.io/redoc/?url=https://raw.githubusercontent.com/maykinmedia/objects-api/2.3.0/src/objects/api/v2/openapi.yaml>`_,
4646
`Swagger <https://petstore.swagger.io/?url=https://raw.githubusercontent.com/maykinmedia/objects-api/2.3.0/src/objects/api/v2/openapi.yaml>`_
4747
(`verschillen <https://github.com/maykinmedia/objects-api/compare/2.2.1..2.3.0#diff-b9c28fec6c3f3fa5cff870d24601d6ab7027520f3b084cc767aefd258cb8c40a>`_)

README.rst

+5-5
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
Objects API
33
===========
44

5-
:Version: 2.3.1
5+
:Version: 2.3.2
66
:Source: https://github.com/maykinmedia/objects-api
77
:Keywords: objects, assets, zaakobjecten
88

@@ -36,10 +36,10 @@ Version Release date API specification
3636
============== ============== =============================
3737
latest n/a `ReDoc <https://redocly.github.io/redoc/?url=https://raw.githubusercontent.com/maykinmedia/objects-api/master/src/objects/api/v2/openapi.yaml>`_,
3838
`Swagger <https://petstore.swagger.io/?url=https://raw.githubusercontent.com/maykinmedia/objects-api/master/src/objects/api/v2/openapi.yaml>`_,
39-
(`diff <https://github.com/maykinmedia/objects-api/compare/2.3.1..master#diff-b9c28fec6c3f3fa5cff870d24601d6ab7027520f3b084cc767aefd258cb8c40a>`_)
40-
2.3.1 2024-03-22 `ReDoc <https://redocly.github.io/redoc/?url=https://raw.githubusercontent.com/maykinmedia/objects-api/2.3.1/src/objects/api/v2/openapi.yaml>`_,
41-
`Swagger <https://petstore.swagger.io/?url=https://raw.githubusercontent.com/maykinmedia/objects-api/2.3.1/src/objects/api/v2/openapi.yaml>`_
42-
(`diff <https://github.com/maykinmedia/objects-api/compare/2.3.0..2.3.1#diff-b9c28fec6c3f3fa5cff870d24601d6ab7027520f3b084cc767aefd258cb8c40a>`_)
39+
(`diff <https://github.com/maykinmedia/objects-api/compare/2.3.2..master#diff-b9c28fec6c3f3fa5cff870d24601d6ab7027520f3b084cc767aefd258cb8c40a>`_)
40+
2.3.2 2024-03-22 `ReDoc <https://redocly.github.io/redoc/?url=https://raw.githubusercontent.com/maykinmedia/objects-api/2.3.2/src/objects/api/v2/openapi.yaml>`_,
41+
`Swagger <https://petstore.swagger.io/?url=https://raw.githubusercontent.com/maykinmedia/objects-api/2.3.2/src/objects/api/v2/openapi.yaml>`_
42+
(`diff <https://github.com/maykinmedia/objects-api/compare/2.3.0..2.3.2#diff-b9c28fec6c3f3fa5cff870d24601d6ab7027520f3b084cc767aefd258cb8c40a>`_)
4343
2.3.0 2024-03-15 `ReDoc <https://redocly.github.io/redoc/?url=https://raw.githubusercontent.com/maykinmedia/objects-api/2.3.0/src/objects/api/v2/openapi.yaml>`_,
4444
`Swagger <https://petstore.swagger.io/?url=https://raw.githubusercontent.com/maykinmedia/objects-api/2.3.0/src/objects/api/v2/openapi.yaml>`_
4545
(`diff <https://github.com/maykinmedia/objects-api/compare/2.2.1..2.3.0#diff-b9c28fec6c3f3fa5cff870d24601d6ab7027520f3b084cc767aefd258cb8c40a>`_)

docs/api/index.rst

+3-3
Original file line numberDiff line numberDiff line change
@@ -14,9 +14,9 @@ API Specification version(s)
1414
`Redoc <https://redocly.github.io/redoc/?url=https://raw.githubusercontent.com/maykinmedia/objecttypes-api/2.0.0/src/objecttypes/api/v2/openapi.yaml>`__,
1515
`Swagger <https://petstore.swagger.io/?url=https://raw.githubusercontent.com/maykinmedia/objecttypes-api/2.0.0/src/objecttypes/api/v2/openapi.yaml>`__
1616
)
17-
`Objects API`_ 2.3.1 (
18-
`Redoc <https://redocly.github.io/redoc/?url=https://raw.githubusercontent.com/maykinmedia/objects-api/2.3.1/src/objects/api/v2/openapi.yaml>`__,
19-
`Swagger <https://petstore.swagger.io/?url=https://raw.githubusercontent.com/maykinmedia/objects-api/2.3.1/src/objects/api/v2/openapi.yaml>`__
17+
`Objects API`_ 2.3.2 (
18+
`Redoc <https://redocly.github.io/redoc/?url=https://raw.githubusercontent.com/maykinmedia/objects-api/2.3.2/src/objects/api/v2/openapi.yaml>`__,
19+
`Swagger <https://petstore.swagger.io/?url=https://raw.githubusercontent.com/maykinmedia/objects-api/2.3.2/src/objects/api/v2/openapi.yaml>`__
2020
)
2121
====================== ==========================================
2222

package-lock.json

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "objects",
3-
"version": "2.3.1",
3+
"version": "2.3.2",
44
"description": "objects project",
55
"main": "src/objects/static/bundles/objects-js.js",
66
"directories": {

publiccode.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ publiccodeYmlVersion: '0.2'
77
name: Objects API
88
url: 'http://github.com/maykinmedia/objects-api.git'
99
softwareType: standalone/backend
10-
softwareVersion: 2.3.1
10+
softwareVersion: 2.3.2
1111
releaseDate: '2021-01-13'
1212
logo: 'https://github.com/maykinmedia/objects-api/blob/master/docs/logo.png'
1313
platforms:

src/objects/__init__.py

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
from .celery import app as celery_app
22

33
__all__ = ("celery_app",)
4-
__version__ = "2.3.1"
4+
__version__ = "2.3.2"
55
__author__ = "Maykin Media"
66
__homepage__ = "https://github.com/maykinmedia/objects-api"

src/objects/api/v2/openapi.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
openapi: 3.0.3
22
info:
33
title: Objects API
4-
version: 2.3.1 (v2)
4+
version: 2.3.2 (v2)
55
description: |
66
An API to manage Objects.
77

src/objects/conf/api.py

+2-2
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
from vng_api_common.conf.api import * # noqa - imports white-listed
22

3-
API_VERSION = "2.3.1"
4-
VERSIONS = {"v1": "1.3.0", "v2": "2.3.1"}
3+
API_VERSION = "2.3.2"
4+
VERSIONS = {"v1": "1.3.0", "v2": "2.3.2"}
55

66
# api settings
77
REST_FRAMEWORK = {

src/objects/fixtures/demodata.json

+5-4
Original file line numberDiff line numberDiff line change
@@ -772,20 +772,21 @@
772772
},
773773
{
774774
"model": "token.tokenauth",
775-
"pk": "cd63e158f3aca276ef284e3033d020a22899c728",
775+
"pk": 1,
776776
"fields": {
777777
"contact_person": "test",
778778
"email": "let@me.test",
779779
"organization": "",
780780
"last_modified": "2020-12-23T11:43:16.820Z",
781-
"created": "2020-12-22T16:27:00.751Z"
781+
"created": "2020-12-22T16:27:00.751Z",
782+
"token": "cd63e158f3aca276ef284e3033d020a22899c728"
782783
}
783784
},
784785
{
785786
"model": "token.permission",
786787
"pk": 1,
787788
"fields": {
788-
"token_auth": "cd63e158f3aca276ef284e3033d020a22899c728",
789+
"token_auth": 1,
789790
"object_type": 2,
790791
"mode": "read_and_write"
791792
}
@@ -794,7 +795,7 @@
794795
"model": "token.permission",
795796
"pk": 2,
796797
"fields": {
797-
"token_auth": "cd63e158f3aca276ef284e3033d020a22899c728",
798+
"token_auth": 1,
798799
"object_type": 1,
799800
"mode": "read_and_write"
800801
}

src/objects/token/admin.py

-1
Original file line numberDiff line numberDiff line change
@@ -103,7 +103,6 @@ def add_view(self, request, form_url="", extra_context=None):
103103

104104
class PermissionInline(EditInlineAdminMixin, admin.TabularInline):
105105
model = Permission
106-
fk_name = "token_auth"
107106
fields = ("object_type", "mode", "use_fields", "fields")
108107

109108

src/objects/token/migrations/0011_rename_tokenauth_oldtokenauth_and_more.py

+26
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
# Generated by Django 4.2.11 on 2024-05-02 09:14
2+
3+
from django.db import migrations
4+
5+
6+
class Migration(migrations.Migration):
7+
dependencies = [
8+
("core", "0028_alter_objectrecord_data"),
9+
("token", "0009_alter_permission_fields"),
10+
]
11+
12+
operations = [
13+
migrations.RenameModel(
14+
old_name="TokenAuth",
15+
new_name="OldTokenAuth",
16+
),
17+
migrations.RenameField(
18+
model_name="permission",
19+
old_name="token_auth",
20+
new_name="old_token_auth",
21+
),
22+
migrations.AlterUniqueTogether(
23+
name="permission",
24+
unique_together={("old_token_auth", "object_type")},
25+
),
26+
]

src/objects/token/migrations/0012_tokenauth_permission_token_auth.py

+110
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,110 @@
1+
# Generated by Django 4.2.11 on 2024-05-02 09:16
2+
3+
from django.db import migrations, models
4+
import django.db.models.deletion
5+
6+
7+
class Migration(migrations.Migration):
8+
dependencies = [
9+
("core", "0028_alter_objectrecord_data"),
10+
("token", "0011_rename_tokenauth_oldtokenauth_and_more"),
11+
]
12+
13+
operations = [
14+
migrations.CreateModel(
15+
name="TokenAuth",
16+
fields=[
17+
(
18+
"id",
19+
models.AutoField(
20+
auto_created=True,
21+
primary_key=True,
22+
serialize=False,
23+
verbose_name="ID",
24+
),
25+
),
26+
("token", models.CharField(max_length=40, verbose_name="token")),
27+
(
28+
"contact_person",
29+
models.CharField(
30+
help_text="Name of the person in the organization who can access the API",
31+
max_length=200,
32+
verbose_name="contact person",
33+
),
34+
),
35+
(
36+
"email",
37+
models.EmailField(
38+
help_text="Email of the person, who can access the API",
39+
max_length=254,
40+
verbose_name="email",
41+
),
42+
),
43+
(
44+
"organization",
45+
models.CharField(
46+
blank=True,
47+
help_text="Organization which has access to the API",
48+
max_length=200,
49+
verbose_name="organization",
50+
),
51+
),
52+
(
53+
"last_modified",
54+
models.DateTimeField(
55+
auto_now=True,
56+
help_text="Last date when the token was modified",
57+
verbose_name="last modified",
58+
),
59+
),
60+
(
61+
"created",
62+
models.DateTimeField(
63+
auto_now_add=True,
64+
help_text="Date when the token was created",
65+
verbose_name="created",
66+
),
67+
),
68+
(
69+
"application",
70+
models.CharField(
71+
blank=True,
72+
help_text="Application which has access to the API",
73+
max_length=200,
74+
verbose_name="application",
75+
),
76+
),
77+
(
78+
"administration",
79+
models.CharField(
80+
blank=True,
81+
help_text="Administration which has access to the API",
82+
max_length=200,
83+
verbose_name="administration",
84+
),
85+
),
86+
(
87+
"object_types",
88+
models.ManyToManyField(
89+
help_text="Object types which can be accessed",
90+
through="token.Permission",
91+
to="core.objecttype",
92+
),
93+
),
94+
],
95+
options={
96+
"verbose_name": "token authorization",
97+
"verbose_name_plural": "token authorizations",
98+
},
99+
),
100+
migrations.AddField(
101+
model_name="permission",
102+
name="new_token_auth",
103+
field=models.ForeignKey(
104+
null=True,
105+
on_delete=django.db.models.deletion.SET_NULL,
106+
related_name="permissions",
107+
to="token.tokenauth",
108+
),
109+
),
110+
]

src/objects/token/migrations/0013_copy_token_auth.py

+58
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,58 @@
1+
from django.db import migrations
2+
3+
4+
def switch_to_new_token_model(apps, _):
5+
OldTokenAuth = apps.get_model("token", "OldTokenAuth")
6+
TokenAuth = apps.get_model("token", "TokenAuth")
7+
8+
for old_token in OldTokenAuth.objects.all():
9+
token, created = TokenAuth.objects.get_or_create(
10+
token=old_token.token,
11+
defaults={
12+
"contact_person": old_token.contact_person,
13+
"email": old_token.email,
14+
"organization": old_token.organization,
15+
"last_modified": old_token.last_modified,
16+
"created": old_token.created,
17+
"application": old_token.application,
18+
"administration": old_token.administration,
19+
},
20+
)
21+
22+
# add fk relations to new model
23+
if created:
24+
old_token.permissions.all().update(new_token_auth=token)
25+
26+
27+
def switch_to_old_token_model(apps, _):
28+
OldTokenAuth = apps.get_model("token", "OldTokenAuth")
29+
TokenAuth = apps.get_model("token", "TokenAuth")
30+
31+
# copy tokens to old model
32+
for token in TokenAuth.objects.all():
33+
old_token, created = OldTokenAuth.objects.get_or_create(
34+
token=token.token,
35+
defaults={
36+
"contact_person": token.contact_person,
37+
"email": token.email,
38+
"organization": token.organization,
39+
"last_modified": token.last_modified,
40+
"created": token.created,
41+
"application": token.application,
42+
"administration": token.administration,
43+
},
44+
)
45+
46+
# add fk relations to old model
47+
if created:
48+
token.permissions.all().update(old_token_auth=old_token)
49+
50+
51+
class Migration(migrations.Migration):
52+
dependencies = [
53+
("token", "0012_tokenauth_permission_token_auth"),
54+
]
55+
56+
operations = [
57+
migrations.RunPython(switch_to_new_token_model, switch_to_old_token_model),
58+
]

0 commit comments

Comments
 (0)