Merge pull request #114 from sei-vsarvepalli/version-2.1.2

Version 2.1.2 upgrade

CHANGELOG.md

@@ -1,5 +1,14 @@
 # VINCE Changelog
 
+Version 2.1.2  2023-06-09
+
+* VinceTrack CaseView,VinceCommUserView updated for Asynchronous calls for tab-based browsing.
+* Fixed GH Issue #111 PDF Links not working
+* Updated Vendor approval workflow with time lapse of 2 weeks of no-response from Vendor Admin
+* Fix bounce issues of creating tickets for dead/disabled users.
+* Dependabot security recommendations PyPi `cryptography` 39.0.1 to 41.0.0, `requests` 2.281 to 2.31.0, `django-ses` from 3.2.2 to 3.5.0
+* Fixed vincepubviews multiple choice field Years to be dynamic
+
 Version 2.1.1  2023-05-02
 
 * Security updates fixing a number of dependencies - sqlparse, redis (GHSA-rrm6-wvj7-cwh2,CVE-2023-28859,CVE-2023-28858)

bigvince/settings.py

@@ -57,7 +57,7 @@
 ROOT_DIR = environ.Path(__file__) - 3
 
 # any change that requires database migrations is a minor release
-VERSION = "2.1.1"
+VERSION = "2.1.2"
 
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/2.1/howto/deployment/checklist/

bigvince/settings_.py

@@ -56,7 +56,7 @@
 ROOT_DIR = environ.Path(__file__) - 3
 
 # any change that requires database migrations is a minor release
-VERSION = "2.0.8"
+VERSION = "2.1.2"
 
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/2.1/howto/deployment/checklist/

cogauth/backend.py

@@ -74,7 +74,10 @@ class CognitoUser(Cognito):
     def get_user_obj(self, username=None, attribute_list=[], metadata={}, attr_map={}):
         user_attrs = cognito_to_dict(attribute_list,CognitoUser.COGNITO_ATTRS)
         django_fields = [f.name for f in CognitoUser.user_class._meta.get_fields()]
-        logger.debug(f"User attributes in Cognito is {user_attrs}")
+        log_attrs = user_attrs.copy()
+        if 'api_key' in user_attrs:
+            log_attrs['api_key'] = "RESERVED"
+        logger.debug(f"User attributes in Cognito is {log_attrs}")
         extra_attrs = {}
         # need to iterate over a copy
         for k, v in user_attrs.copy().items():

cogauth/forms.py

@@ -136,6 +136,9 @@ def clean(self):
         newpassword1 = cleaned_data.get('new_password1')
         newpassword2 = cleaned_data.get('new_password2')
 
+        if newpassword1 is None or newpassword2 is None:
+            raise forms.ValidationError("Password is required")
+
         if len(newpassword1) < 8:
             raise forms.ValidationError("Password does not meet length requirements")
 

cogauth/views.py

@@ -1088,7 +1088,7 @@ def form_valid(self, form):
                 return super().form_invalid(form)
         except Exception as e:
             logger.warning(f"Failed for recaptcha exception raised {e} from IP {ip}")
-        dup = User.objects.using('vincecomm').filter(email__iexact = email)
+        dup = User.objects.using('vincecomm').filter(email__iexact=email)
         if dup:
             reset_url = reverse('cogauth:init_password_reset')
             form._errors.setdefault("email", ErrorList([
@@ -1097,8 +1097,7 @@ def form_valid(self, form):
             logger.warning(f"Attempt to register duplicate user {email} from IP {ip}")
             return super().form_invalid(form)
 
-        reserved = VinceCommEmail.objects.filter(email__iexact = form.cleaned_data['email'])
-
+        reserved = VinceCommEmail.objects.filter(email__iexact=form.cleaned_data['email'],email_list=True)
         if reserved:
             form._errors.setdefault("email", ErrorList(["Email already exists. Usernames are <b>CASE SENSITIVE</b>. This email is reserved, please use your personal email address for accounts."]))
             logger.warning(f"Attempt to register duplicate user {email} which is notification onlyfrom IP {ip}")

requirements.txt

@@ -19,7 +19,7 @@ chardet==5.0.0
 charset-normalizer==2.1.1
 click==8.1.3
 colorama==0.4.4
-cryptography==39.0.1
+cryptography==41.0.0
 cvelib==1.1.0
 Deprecated==1.2.13
 dictdiffer==0.9.0
@@ -29,7 +29,7 @@ django-countries==7.4.2
 django-environ==0.9.0
 django-extensions==3.2.1
 django-qr-code==3.1.1
-django-ses==3.2.2
+django-ses==3.5.0
 django-storages==1.13.1
 django-widget-tweaks==1.4.12
 djangorestframework==3.14.0
@@ -66,7 +66,7 @@ pytz==2022.6
 PyYAML==5.4.1
 qrcode==7.3.1
 redis==4.5.4
-requests==2.28.1
+requests==2.31.0
 rsa==4.7.2
 s3transfer==0.6.0
 segno==1.5.2

vince/lib.py

@@ -1857,18 +1857,30 @@ def create_bounce_record(email_to, bounce_type, subject, ticket=None):
 
 def create_bounce_ticket(headers, bounce_info):
     subject = headers.get("subject")
-    email_to = headers.get("to")
+    #email_to = headers.get("to")
+    email_to = bounce_info.get("bouncedRecipients")
     email_to_str = ", ".join(email_to)
     email_from = headers.get("from")
     email_from_str = ", ".join(email_from)
     bounce_type = bounce_info.get('bounceType')
     date = headers.get("date")
 
-
-    if (bounce_type == "Transient") and VINCE_IGNORE_TRANSIENT_BOUNCES:
-        for email in email_to:
+    dead_users = []
+    for email in email_to:
+        if User.objects.filter(username=bemail,is_active=False):
+            logger.debug(f"Ignoring {email} as this user is inactive")
+            dead_users.append(email)
+        elif (bounce_type == "Transient") and VINCE_IGNORE_TRANSIENT_BOUNCES:
             create_bounce_record(email, bounce_type, subject)
-        return
+
+    if dead_users:
+        email_to = list(set(email_to) - set(dead_users))
+        email_to_str = ", ".join(email_to)
+        if not email_to:
+            logger(f"No valid bounced recipients found all recipients are inactive")
+            return
+
+
 
     ticket = None
     case = None

vince/static/vince/js/addvuls.js

@@ -126,7 +126,6 @@ function del_tag(taggle, tag, modal){
 
 }
 
-
 $(document).ready(function() {
 
     if($('#largemodal').length < 1) {