Merge branch 'dev' into celery-tasks

src/paperless/auth.py

@@ -1,11 +1,17 @@
-from rest_framework.authentication import TokenAuthentication
+from django.conf import settings
+from django.contrib.auth.models import User
+from rest_framework import authentication
+
+
+class AngularApiAuthenticationOverride(authentication.BaseAuthentication):
+    """ This class is here to provide authentication to the angular dev server
+        during development. This is disabled in production.
+    """
 
-# This authentication method is required to serve documents and thumbnails for the front end.
-# https://stackoverflow.com/questions/29433416/token-in-query-string-with-django-rest-frameworks-tokenauthentication
-class QueryTokenAuthentication(TokenAuthentication):
     def authenticate(self, request):
-        # Check if 'token_auth' is in the request query params.
-        if 'auth_token' in request.query_params and 'HTTP_AUTHORIZATION' not in request.META:
-            return self.authenticate_credentials(request.query_params.get('auth_token'))
+        if settings.DEBUG and 'Referer' in request.headers and request.headers['Referer'].startswith('http://localhost:4200/'):
+            user = User.objects.filter(is_staff=True).first()
+            print("Auto-Login with user {}".format(user))
+            return (user, None)
         else:
             return None

src/paperless/middleware.py

@@ -1,14 +0,0 @@
-from django.utils.deprecation import MiddlewareMixin
-from .models import User
-
-
-class Middleware(MiddlewareMixin):
-    """
-      This is a dummy authentication middleware class that creates what
-      is roughly an Anonymous authenticated user so we can disable login
-      and not interfere with existing user ID's. It's only used if
-      login is disabled in paperless.conf (default is to require login)
-    """
-
-    def process_request(self, request):
-        request.user = User()

src/paperless/models.py

@@ -1,31 +0,0 @@
-from django.contrib.auth.models import User as DjangoUser
-
-
-class User:
-    """
-    This is a dummy django User used with our middleware to disable
-    login authentication if that is configured in paperless.conf
-    """
-
-    is_superuser = True
-    is_active = True
-    is_staff = True
-    is_authenticated = True
-
-    @property
-    def id(self):
-        return DjangoUser.objects.order_by("pk").first().pk
-
-    @property
-    def pk(self):
-        return self.id
-
-
-"""
-NOTE: These are here as a hack instead of being in the User definition
-NOTE: above due to the way pycodestyle handles lamdbdas.
-NOTE: See https://github.com/PyCQA/pycodestyle/issues/379 for more.
-"""
-
-User.has_module_perms = lambda *_: True
-User.has_perm = lambda *_: True

src/paperless/settings.py

@@ -21,6 +21,9 @@ def __get_boolean(key, default="NO"):
     """
     return bool(os.getenv(key, default).lower() in ("yes", "y", "1", "t", "true"))
 
+# NEVER RUN WITH DEBUG IN PRODUCTION.
+DEBUG = __get_boolean("PAPERLESS_DEBUG", "NO")
+
 ###############################################################################
 # Directories                                                                 #
 ###############################################################################
@@ -66,9 +69,10 @@ INSTALLED_APPS = [
     "django.contrib.admin",
 
     "rest_framework",
-    "rest_framework.authtoken",
     "django_filters",
 
+    "django_q",
+
     "channels",
 
 ]
@@ -76,11 +80,15 @@ INSTALLED_APPS = [
 REST_FRAMEWORK = {
     'DEFAULT_AUTHENTICATION_CLASSES': [
         'rest_framework.authentication.BasicAuthentication',
-        'rest_framework.authentication.TokenAuthentication',
-        'paperless.auth.QueryTokenAuthentication'
+        'rest_framework.authentication.SessionAuthentication'
     ]
 }
 
+if DEBUG:
+    REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'].append(
+        'paperless.auth.AngularApiAuthenticationOverride'
+    )
+
 MIDDLEWARE = [
     'django.middleware.security.SecurityMiddleware',
     'whitenoise.middleware.WhiteNoiseMiddleware',
@@ -95,8 +103,6 @@ MIDDLEWARE = [
 
 ROOT_URLCONF = 'paperless.urls'
 
-LOGIN_URL = "admin:login"
-
 FORCE_SCRIPT_NAME = os.getenv("PAPERLESS_FORCE_SCRIPT_NAME")
 
 WSGI_APPLICATION = 'paperless.wsgi.application'
@@ -125,9 +131,6 @@ TEMPLATES = [
 # Security                                                                    #
 ###############################################################################
 
-# NEVER RUN WITH DEBUG IN PRODUCTION.
-DEBUG = __get_boolean("PAPERLESS_DEBUG", "NO")
-
 if DEBUG:
     X_FRAME_OPTIONS = ''
     # this should really be 'allow-from uri' but its not supported in any mayor
@@ -142,11 +145,6 @@ if DEBUG:
     # Allow access from the angular development server during debugging
     CORS_ORIGIN_WHITELIST += ('http://localhost:4200',)
 
-# If auth is disabled, we just use our "bypass" authentication middleware
-if bool(os.getenv("PAPERLESS_DISABLE_LOGIN", "false").lower() in ("yes", "y", "1", "t", "true")):
-    _index = MIDDLEWARE.index("django.contrib.auth.middleware.AuthenticationMiddleware")
-    MIDDLEWARE[_index] = "paperless.middleware.Middleware"
-
 # The secret key has a default that should be fine so long as you're hosting
 # Paperless on a closed network.  However, if you're putting this anywhere
 # public, you should change the key to something unique and verbose.
@@ -249,6 +247,16 @@ LOGGING = {
     },
 }
 
+###############################################################################
+# Task queue                                                                  #
+###############################################################################
+
+Q_CLUSTER = {
+    'name': 'paperless',
+    'catch_up': False,
+    'redis': os.getenv("PAPERLESS_REDIS", "redis://localhost:6379")
+}
+
 ###############################################################################
 # Paperless Specific Settings                                                 #
 ###############################################################################
@@ -303,6 +311,9 @@ FILENAME_PARSE_TRANSFORMS = []
 for t in json.loads(os.getenv("PAPERLESS_FILENAME_PARSE_TRANSFORMS", "[]")):
     FILENAME_PARSE_TRANSFORMS.append((re.compile(t["pattern"]), t["repl"]))
 
+# Specify the filename format for out files
+PAPERLESS_FILENAME_FORMAT = os.getenv("PAPERLESS_FILENAME_FORMAT")
+
 CHANNEL_LAYERS = {
     "default": {
         "BACKEND": "channels_redis.core.RedisChannelLayer",

src/paperless/urls.py

@@ -1,9 +1,9 @@
 from django.conf.urls import include, url
 from django.contrib import admin
+from django.contrib.auth.decorators import login_required
 from django.urls import path, re_path
 from django.views.decorators.csrf import csrf_exempt
 from django.views.generic import RedirectView
-from rest_framework.authtoken import views
 from rest_framework.routers import DefaultRouter
 
 from paperless.consumers import StatusConsumer
@@ -35,7 +35,7 @@ urlpatterns = [
     url(r"^api/search/autocomplete/", SearchAutoCompleteView.as_view(), name="autocomplete"),
     url(r"^api/search/", SearchView.as_view(), name="search"),
     url(r"^api/statistics/", StatisticsView.as_view(), name="statistics"),
-    url(r"^api/token/", views.obtain_auth_token), url(r"^api/", include((api_router.urls, 'drf'), namespace="drf")),
+    url(r"^api/", include((api_router.urls, 'drf'), namespace="drf")),
 
     # Favicon
     url(r"^favicon.ico$", FaviconView.as_view(), name="favicon"),
@@ -59,10 +59,12 @@ urlpatterns = [
     url(r"^push$", csrf_exempt(RedirectView.as_view(url='/api/documents/post_document/'))),
 
     # Frontend assets TODO: this is pretty bad.
-    path('assets/<path:path>', RedirectView.as_view(url='/static/assets/%(path)s')),
+    path('assets/<path:path>', RedirectView.as_view(url='/static/frontend/assets/%(path)s')),
+
+    path('accounts/', include('django.contrib.auth.urls')),
 
     # Root of the Frontent
-    url(r".*", IndexView.as_view()),
+    url(r".*", login_required(IndexView.as_view())),
 
 ]