Merge branch 'main' into dependabot/pip/python-slugify-8.0.4

.eslintrc.json

@@ -14,6 +14,7 @@
     "prettier/prettier": [
       "error",
       {
+        "trailingComma": "es5",
         "endOfLine": "auto"
       }
     ],

.flake8

@@ -1,4 +1,4 @@
 [flake8]
-extend-exclude=*migrations*,dockerpythonvenv/*,network-api/media/*,network-api/staticfiles/*
+extend-exclude=*migrations*,dockerpythonvenv/*,network-api/media/*,network-api/staticfiles/*,node_modules/*
 extend-ignore = E203
 max-line-length=119

.github/workflows/continous-integration.yml

@@ -16,7 +16,6 @@ jobs:
     env:
       ALLOWED_HOSTS: localhost,mozfest.localhost,default-site.com,secondary-site.com
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      NETWORK_SITE_URL: https://foundation.mozilla.org
       PULSE_API_DOMAIN: https://network-pulse-api-production.herokuapp.com
       PULSE_DOMAIN: https://www.mozillapulse.org
     steps:
@@ -54,7 +53,6 @@ jobs:
       DJANGO_SECRET_KEY: secret
       DOMAIN_REDIRECT_MIDDLEWARE_ENABLED: False
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      NETWORK_SITE_URL: http://localhost:8000
       PIPENV_VERBOSITY: -1
       PULSE_API_DOMAIN: https://network-pulse-api-production.herokuapp.com
       PULSE_DOMAIN: https://www.mozillapulse.org
@@ -132,7 +130,6 @@ jobs:
       DJANGO_SECRET_KEY: secret
       DOMAIN_REDIRECT_MIDDLEWARE_ENABLED: False
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      NETWORK_SITE_URL: http://localhost:8000
       PIPENV_VERBOSITY: -1
       PULSE_API_DOMAIN: https://network-pulse-api-production.herokuapp.com
       PULSE_DOMAIN: https://www.mozillapulse.org
@@ -144,10 +141,12 @@ jobs:
       X_FRAME_OPTIONS: DENY
       XSS_PROTECTION: True
       CSP_CONNECT_SRC: "*"
-      CSP_FONT_SRC: "'self' https://fonts.gstatic.com https://fonts.googleapis.com https://code.cdn.mozilla.net https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/ data:"
-      CSP_FRAME_SRC: "'self' https://www.google.com/recaptcha/"
-      CSP_SCRIPT_SRC: "'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js http://*.shpg.org/ https://comments.mozillafoundation.org/ https://airtable.com https://platform.twitter.com https://cdnjs.cloudflare.com/ajax/libs/gsap/3.8.0/gsap.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.8.0/ScrollTrigger.min.js https://*.googletagmanager.com https://*.fundraiseup.com https://mozillafoundation.tfaforms.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-eval'"
-      CSP_STYLE_SRC: "'self' 'unsafe-inline' https://code.cdn.mozilla.net https://fonts.googleapis.com https://platform.twitter.com https://mozillafoundation.tfaforms.net https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css"
+      CSP_FONT_SRC: "'self' https://code.cdn.mozilla.net https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/ data: https://static.fundraiseup.com/common-fonts/"
+      CSP_IMG_SRC: "* data: blob: https://*.fundraiseup.com https://ucarecdn.com https://pay.google.com https://*.paypalobjects.com"
+      CSP_FRAME_SRC: "'self' https://www.google.com/recaptcha/ https://*.stripe.com https://pay.google.com https://*.paypal.com https://*.fundraiseup.com"
+      CSP_SCRIPT_SRC: "'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js http://*.shpg.org/ https://comments.mozillafoundation.org/ https://airtable.com https://platform.twitter.com https://cdnjs.cloudflare.com/ajax/libs/gsap/3.8.0/gsap.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.8.0/ScrollTrigger.min.js https://*.googletagmanager.com https://*.fundraiseup.com https://mozillafoundation.tfaforms.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-eval' https://*.stripe.com https://m.stripe.network https://*.paypal.com https://*.paypalobjects.com https://pay.google.com"
+      CSP_STYLE_SRC: "'self' 'unsafe-inline' https://code.cdn.mozilla.net https://platform.twitter.com https://mozillafoundation.tfaforms.net https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css"
+      SECURE_CROSS_ORIGIN_OPENER_POLICY: "same-origin-allow-popups"
     steps:
       - uses: actions/checkout@v3
       - uses: actions/setup-python@v4

.github/workflows/visual-regression-testing.yml

@@ -30,24 +30,24 @@ jobs:
       CSP_CHILD_SRC: " 'self' https://www.youtube.com https://www.youtube-nocookie.com "
       CSP_CONNECT_SRC: " * "
       CSP_DEFAULT_SRC: " 'none' "
-      CSP_FONT_SRC: " 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://code.cdn.mozilla.net https://static.fundraiseup.com/fonts/ https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/"
-      CSP_FRAME_ANCESTORS: " 'none' "
-      CSP_FRAME_SRC: " 'self' https://www.youtube.com https://comments.mozillafoundation.org/ https://airtable.com https://docs.google.com/ https://platform.twitter.com https://public.zenkit.com https://calendar.google.com https://www.youtube-nocookie.com https://form.typeform.com https://js.tito.io https://datawrapper.dwcdn.net https://www.google.com/recaptcha/"
-      CSP_IMG_SRC: " * data: "
+      CSP_FONT_SRC: " 'self' https://code.cdn.mozilla.net https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/ data: https://static.fundraiseup.com/common-fonts/ https://*.fundraiseup.com https://*.stripe.com "
+      CSP_FRAME_ANCESTORS: " 'self' "
+      CSP_FRAME_SRC: " 'self' https://www.youtube.com https://comments.mozillafoundation.org/ https://airtable.com https://docs.google.com/ https://platform.twitter.com https://public.zenkit.com https://calendar.google.com https://www.youtube-nocookie.com https://form.typeform.com https://js.tito.io https://datawrapper.dwcdn.net https://www.google.com/recaptcha/ https://*.stripe.com https://pay.google.com https://*.paypal.com https://*.fundraiseup.com "
+      CSP_IMG_SRC: " * data: blob: https://*.fundraiseup.com https://ucarecdn.com https://pay.google.com https://*.paypalobjects.com "
       CSP_MEDIA_SRC: " 'self' data: https://s3.amazonaws.com/mofo-assets/foundation/video/ "
-      CSP_SCRIPT_SRC: " 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js http://*.shpg.org/ https://comments.mozillafoundation.org/ https://airtable.com https://platform.twitter.com https://cdn.syndication.twimg.com https://embed.typeform.com https://js.tito.io https://js-plugins.tito.io/gtm.js https://tagmanager.google.com *.googletagmanager.com https://*.fundraiseup.com https://mozillafoundation.tfaforms.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-eval'"
-      CSP_STYLE_SRC: " 'self' 'unsafe-inline' https://code.cdn.mozilla.net https://fonts.googleapis.com https://platform.twitter.com https://js.tito.io https://tagmanager.google.com https://mozillafoundation.tfaforms.net https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css"
+      CSP_SCRIPT_SRC: " 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js http://*.shpg.org/ https://comments.mozillafoundation.org/ https://airtable.com https://platform.twitter.com https://cdn.syndication.twimg.com https://embed.typeform.com https://js.tito.io https://js-plugins.tito.io/gtm.js https://tagmanager.google.com https://*.googletagmanager.com https://*.fundraiseup.com https://mozillafoundation.tfaforms.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-eval' https://*.stripe.com https://m.stripe.network https://*.paypal.com https://*.paypalobjects.com https://pay.google.com "
+      CSP_STYLE_SRC: " 'self' 'unsafe-inline' https://code.cdn.mozilla.net https://platform.twitter.com https://js.tito.io https://tagmanager.google.com https://mozillafoundation.tfaforms.net https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css "
       CSP_INCLUDE_NONCE_IN: "script-src"
       DATABASE_URL: postgres://postgres:postgres@localhost:5432/network
       DEBUG: True
       DJANGO_SECRET_KEY: secret
       DOMAIN_REDIRECT_MIDDLEWARE_ENABLED: False
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      NETWORK_SITE_URL: http://localhost:8000
       PIPENV_VERBOSITY: -1
       PULSE_API_DOMAIN: https://network-pulse-api-production.herokuapp.com
       PULSE_DOMAIN: https://www.mozillapulse.org
       RANDOM_SEED: 530910203
+      SECURE_CROSS_ORIGIN_OPENER_POLICY: "same-origin-allow-popups"
       SET_HSTS: False
       SSL_REDIRECT: False
       TARGET_DOMAINS: foundation.mozilla.org

app.json

@@ -27,15 +27,17 @@
     "CSP_CHILD_SRC": "'self' https://www.youtube.com https://www.youtube-nocookie.com",
     "CSP_CONNECT_SRC": "*",
     "CSP_DEFAULT_SRC": "'none'",
-    "CSP_FRAME_ANCESTORS": "'none'",
-    "CSP_FRAME_SRC": "'self' https://js.tito.io https://www.google.com/recaptcha/",
-    "CSP_FONT_SRC": "'self' https://fonts.gstatic.com https://fonts.googleapis.com https://code.cdn.mozilla.net https://static.fundraiseup.com/fonts/ https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/",
-    "CSP_IMG_SRC": "* data:",
+    "CSP_FRAME_ANCESTORS": "'self'",
+    "CSP_FRAME_SRC": "'self' https://js.tito.io https://www.google.com/recaptcha/ https://*.stripe.com https://pay.google.com https://*.paypal.com https://*.fundraiseup.com",
+    "CSP_FONT_SRC": "'self' https://code.cdn.mozilla.net https://*.fundraiseup.com https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/",
+    "CSP_IMG_SRC": "* data: blob: https://*.fundraiseup.com https://ucarecdn.com https://pay.google.com https://*.paypalobjects.com",
     "CSP_MEDIA_SRC": "'self' https://s3.amazonaws.com/mofo-assets/foundation/video/",
-    "CSP_SCRIPT_SRC": "'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js http://*.shpg.org/ https://comments.mozillafoundation.org/ https://airtable.com https://platform.twitter.com https://cdn.syndication.twimg.com https://js.tito.io https://js-plugins.tito.io/gtm.js https://*.fundraiseup.com *.googletagmanager.com https://mozillafoundation.tfaforms.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-eval'",
-    "CSP_STYLE_SRC": "'self' 'unsafe-inline' https://code.cdn.mozilla.net https://fonts.googleapis.com  https://platform.twitter.com https://js.tito.io https://mozillafoundation.tfaforms.net https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css",
+    "CSP_SCRIPT_SRC": "'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js http://*.shpg.org/ https://comments.mozillafoundation.org/ https://airtable.com https://platform.twitter.com https://cdn.syndication.twimg.com https://js.tito.io https://js-plugins.tito.io/gtm.js https://*.fundraiseup.com https://*.googletagmanager.com https://mozillafoundation.tfaforms.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-eval' https://*.stripe.com https://m.stripe.network https://*.paypal.com https://pay.google.com",
+    "CSP_STYLE_SRC": "'self' 'unsafe-inline' https://code.cdn.mozilla.net  https://platform.twitter.com https://js.tito.io https://mozillafoundation.tfaforms.net https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css",
     "NPM_CONFIG_PRODUCTION": "true",
     "REVIEW_APP": "True",
+    "SECURE_CROSS_ORIGIN_OPENER_POLICY": "same-origin-allow-popups",
+    "SECURE_REFERRER_POLICY": "strict-origin-when-cross-origin",
     "XROBOTSTAG_ENABLED": "True"
   },
   "buildpacks": [

cleanup.sql

@@ -0,0 +1,59 @@
+-- noinspection SqlNoDataSourceInspectionForFile
+
+CREATE EXTENSION IF NOT EXISTS pgcrypto;
+
+CREATE OR REPLACE FUNCTION clean_user_data()
+RETURNS VOID AS $$
+DECLARE
+    user_row RECORD;
+    new_email varchar;
+    new_hash varchar;
+    new_username varchar;
+    counter integer := 1;
+BEGIN
+--     scrub the user table
+    TRUNCATE django_session;
+
+--     clean up non-staff social auth data
+    DELETE FROM social_auth_usersocialauth
+    WHERE uid NOT LIKE '%@mozillafoundation.org';
+
+--     Update the site domain
+    UPDATE django_site
+    SET domain = '{DOMAIN}.mofostaging.net'
+    WHERE domain = 'foundation.mofostaging.net';
+
+    UPDATE wagtailcore_site
+    SET hostname = '{HOSTNAME}.mofostaging.net'
+    WHERE hostname = 'foundation.mofostaging.net';
+
+    UPDATE wagtailcore_site
+    SET hostname = 'mozfest-{HOSTNAME}.mofostaging.net'
+    WHERE hostname = 'mozillafestival.mofostaging.net';
+
+--     Iterate over each non-staff user and remove any PII
+    FOR user_row IN
+        SELECT id
+        FROM auth_user
+        WHERE email NOT LIKE '%@mozillafoundation.org'
+    LOOP
+        new_email := concat(encode(gen_random_bytes(12), 'base64'), '@example.com');
+        new_hash := crypt(encode(gen_random_bytes(32), 'base64'), gen_salt('bf', 6));
+        new_username := concat('anonymouse', counter::varchar);
+
+        UPDATE auth_user
+        SET
+          email = new_email,
+          password = new_hash,
+          username = new_username,
+          first_name = 'anony',
+          last_name = 'mouse'
+        Where id = user_row.id;
+
+--         Increase the counter
+        counter := counter + 1;
+    END LOOP;
+END;
+$$ LANGUAGE plpgsql;
+
+SELECT clean_user_data();

copy-db.js

@@ -13,6 +13,13 @@ if (APP === STAGE_APP) {
   );
 }
 
+if (!isLoggedInToHeroku()) {
+  console.log(
+    "You are not logged into Heroku. Make sure you have the Heroku CLI installed. Run `heroku login` and try again."
+  );
+  process.exit(1);
+}
+
 const HEROKU_OUTPUT = run(`heroku config:get DATABASE_URL -a ${APP}`);
 const HEROKU_TEXT = HEROKU_OUTPUT.toString().replaceAll(`\n`, ` `);
 const URL_START = HEROKU_TEXT.indexOf(`postgres://`);
@@ -71,6 +78,15 @@ function stopContainers() {
   }
 }
 
+function isLoggedInToHeroku() {
+  try {
+    execSync("heroku whoami");
+    return true;
+  } catch (error) {
+    return false;
+  }
+}
+
 // ======================== //
 //  Our script starts here  //
 // ======================== //

copy_staging_db_to_review_app.py

@@ -0,0 +1,107 @@
+import tempfile
+from time import sleep
+
+from tasks import PLATFORM_ARG
+
+STAGING_APP = "foundation-mofostaging-net"
+
+
+def execute_command(ctx, command: str, custom_error: str = ""):
+    try:
+        result = ctx.run(command, hide=False, warn=True, **PLATFORM_ARG)
+        if result.failed:
+            raise Exception(f"{custom_error}: {result.stderr}")
+        return result.stdout.strip()
+    except Exception as e:
+        raise Exception(f"{custom_error}: {e}") from e
+
+
+def log_step(message: str):
+    print(f"--> {message}\n", flush=True)
+
+
+def log_step_completed(message: str):
+    print(f"✔️  {message} completed.\n", flush=True)
+
+
+def replace_placeholders_in_sql(review_app_name: str, input_file: str) -> str:
+    with open(input_file, "r") as file:
+        sql_content = file.read()
+
+    sql_content = sql_content.replace("{DOMAIN}", review_app_name)
+    sql_content = sql_content.replace("{HOSTNAME}", review_app_name)
+
+    return sql_content
+
+
+def main(ctx, review_app_name):
+    log_step(f"The review app name is: {review_app_name}, if not, please cancel now...")
+    sleep(5)
+
+    log_step("Verifying if logged in Heroku")
+    heroku_user = execute_command(ctx, "heroku whoami", "Verify that you are logged in Heroku CLI")
+    print(f"Heroku user: {heroku_user}\n", flush=True)
+    log_step_completed("Heroku login verification")
+
+    log_step("Verifying if psql is installed")
+    execute_command(ctx, "psql --version", "Verify that you have 'psql' installed")
+    log_step_completed("psql installation verification")
+
+    try:
+        log_step("Enabling maintenance mode on the Review App")
+        execute_command(ctx, f"heroku maintenance:on -a {review_app_name}")
+        log_step_completed("Maintenance mode enabling")
+
+        log_step("Scaling web dynos on Review App to 0")
+        execute_command(ctx, f"heroku ps:scale -a {review_app_name} web=0")
+        log_step_completed("Web dynos scaling to 0")
+
+        log_step("Backing up Staging DB")
+        execute_command(ctx, f"heroku pg:backups:capture -a {STAGING_APP}")
+        log_step_completed("Staging DB backup")
+
+        log_step("Backing up Review App DB")
+        execute_command(ctx, f"heroku pg:backups:capture -a {review_app_name}")
+        log_step_completed("Review App DB backup")
+
+        log_step("Reset Review App DB")
+        execute_command(ctx, f"heroku pg:reset -a '{review_app_name}' --confirm '{review_app_name}'")
+        log_step_completed("Review App DB has been reset")
+
+        log_step("Restoring the latest Staging backup to Review App")
+        backup_staging_url = execute_command(ctx, f"heroku pg:backups:url -a {STAGING_APP}")
+        execute_command(
+            ctx, f"heroku pg:backups:restore --confirm {review_app_name} -a {review_app_name} '{backup_staging_url}'"
+        )
+        log_step_completed("Staging backup restoration to Review App")
+
+        log_step("Executing cleanup SQL script")
+        review_app_db_url = execute_command(ctx, f"heroku config:get -a {review_app_name} DATABASE_URL")
+
+        # Replace placeholders and write to a temporary file
+        sql_content = replace_placeholders_in_sql(review_app_name, "./cleanup.sql")
+        with tempfile.NamedTemporaryFile(suffix=".sql", mode="w", delete=True) as temp_sql_file:
+            temp_sql_file.write(sql_content)
+            temp_sql_file.flush()
+            execute_command(ctx, f"psql {review_app_db_url} -f {temp_sql_file.name}")
+
+        log_step_completed("Cleanup SQL script execution")
+
+        log_step("Running migrations")
+        execute_command(ctx, f"heroku run -a {review_app_name} -- python network-api/manage.py migrate --no-input")
+        log_step_completed("Migrations running")
+
+    except Exception as e:
+        log_step("Rolling back Review App")
+        execute_command(ctx, f"heroku pg:backups:restore -a {review_app_name} --confirm {review_app_name}")
+        print(e, flush=True)
+        log_step_completed("Review App rollback")
+
+    finally:
+        log_step("Scaling web dynos on Review App to 1")
+        execute_command(ctx, f"heroku ps:scale -a {review_app_name} web=1")
+        log_step_completed("Web dynos scaling to 1")
+
+        log_step("Disabling maintenance mode on Review App")
+        execute_command(ctx, f"heroku maintenance:off -a {review_app_name}")
+        log_step_completed("Maintenance mode disabling")

dev-requirements.txt

@@ -8,7 +8,7 @@ asgiref==3.7.2
     # via
     #   -c requirements.txt
     #   django
-black==24.1.1
+black==24.8.0
     # via -r dev-requirements.in
 click==8.1.3
     # via
@@ -17,16 +17,14 @@ click==8.1.3
 colorama==0.4.6
     # via djlint
 coverage[toml]==7.4.1
-    # via
-    #   coverage
-    #   pytest-cov
+    # via pytest-cov
 cssbeautifier==1.14.7
     # via djlint
-django==4.2.10
+django==4.2.15
     # via
     #   -c requirements.txt
     #   django-debug-toolbar
-django-debug-toolbar==4.3.0
+django-debug-toolbar==4.4.2
     # via -r dev-requirements.in
 djhtml==3.0.6
     # via -r dev-requirements.in
@@ -38,7 +36,7 @@ editorconfig==0.12.3
     #   jsbeautifier
 execnet==1.9.0
     # via pytest-xdist
-flake8==7.0.0
+flake8==7.1.1
     # via -r dev-requirements.in
 honcho==1.1.0
     # via -r dev-requirements.in
@@ -56,7 +54,7 @@ jsbeautifier==1.14.7
     #   djlint
 mccabe==0.7.0
     # via flake8
-mypy==1.8.0
+mypy==1.9.0
     # via -r dev-requirements.in
 mypy-extensions==1.0.0
     # via
@@ -74,15 +72,15 @@ pathspec==0.11.1
     #   djlint
 platformdirs==2.5.3
     # via black
-pluggy==1.4.0
+pluggy==1.5.0
     # via pytest
 ptvsd==4.3.2
     # via -r dev-requirements.in
-pycodestyle==2.11.0
+pycodestyle==2.12.1
     # via flake8
 pyflakes==3.2.0
     # via flake8
-pytest==8.0.1
+pytest==8.2.2
     # via
     #   -r dev-requirements.in
     #   pytest-cov
@@ -108,7 +106,7 @@ six==1.16.0
     #   -c requirements.txt
     #   cssbeautifier
     #   jsbeautifier
-sqlparse==0.4.4
+sqlparse==0.5.0
     # via
     #   -c requirements.txt
     #   django
@@ -119,7 +117,7 @@ tqdm==4.63.0
     # via
     #   -c requirements.txt
     #   djlint
-types-python-slugify==8.0.2.20240127
+types-python-slugify==8.0.2.20240310
     # via -r dev-requirements.in
 types-requests==2.31.0.6
     # via -r dev-requirements.in