Site access updates (#6731)

* Throw error on invalid site access policy

- If ALLOWED_HOSTS is empty, exit
- If CSRF_TRUSTED_ORIGINS is empty, exit
- Closes https://github.com/inventree/InvenTree/issues/6730

* Set parameters for devcontainer

* Update documentation

* Ignore server exit in testing mode

* Add INVENTREE_SITE_URL to CI

* Further CI updates

* Update settings.py

* Unit test updates

* More unit test updates

* Bump API version

* Re-introduce checks in settings.py

- Allow more lenient behaviour in TESTING mode

.devcontainer/docker-compose.yml

@@ -31,6 +31,8 @@ services:
       INVENTREE_DB_USER: inventree_user
       INVENTREE_DB_PASSWORD: inventree_password
       INVENTREE_PLUGINS_ENABLED: True
+      INVENTREE_SITE_URL: http://localhost:8000
+      INVENTREE_CORS_ORIGIN_ALLOW_ALL: True
       INVENTREE_PY_ENV: /home/inventree/dev/venv
 
     depends_on:

.github/workflows/qc_checks.yaml

@@ -20,6 +20,7 @@ env:
   INVENTREE_MEDIA_ROOT: ../test_inventree_media
   INVENTREE_STATIC_ROOT: ../test_inventree_static
   INVENTREE_BACKUP_DIR: ../test_inventree_backup
+  INVENTREE_SITE_URL: http://localhost:8000
 
 jobs:
   paths-filter:
@@ -132,6 +133,7 @@ jobs:
       INVENTREE_PYTHON_TEST_SERVER: http://localhost:12345
       INVENTREE_PYTHON_TEST_USERNAME: testuser
       INVENTREE_PYTHON_TEST_PASSWORD: testpassword
+      INVENTREE_SITE_URL: http://localhost:8000
     outputs:
       version: ${{ steps.version.outputs.version }}
 

.github/workflows/translations.yml

@@ -22,6 +22,7 @@ jobs:
       INVENTREE_MEDIA_ROOT: ./media
       INVENTREE_STATIC_ROOT: ./static
       INVENTREE_BACKUP_DIR: ./backup
+      INVENTREE_SITE_URL: http://localhost:8000
 
     steps:
       - name: Checkout Code

InvenTree/InvenTree/api_version.py

@@ -1,11 +1,14 @@
 """InvenTree API version information."""
 
 # InvenTree API version
-INVENTREE_API_VERSION = 184
+INVENTREE_API_VERSION = 185
 """Increment this API version number whenever there is a significant change to the API that any clients need to know about."""
 
 INVENTREE_API_TEXT = """
 
+v185 - 2024-03-18 : https://github.com/inventree/InvenTree/pull/6731
+    - Adds a default URL to the generated API schema (http://localhost:8000)
+
 v184 - 2024-03-17 : https://github.com/inventree/InvenTree/pull/10464
     - Add additional fields for tests (start/end datetime, test station)
 

InvenTree/InvenTree/settings.py

@@ -1002,10 +1002,11 @@ if not ALLOWED_HOSTS:
             'No ALLOWED_HOSTS specified. Defaulting to ["*"] for debug mode. This is not recommended for production use'
         )
         ALLOWED_HOSTS = ['*']
-    else:
+    elif not TESTING:
         logger.error(
             'No ALLOWED_HOSTS specified. Please provide a list of allowed hosts, or specify INVENTREE_SITE_URL'
         )
+        sys.exit(-1)
 
 # Ensure that the ALLOWED_HOSTS do not contain any scheme info
 for i, host in enumerate(ALLOWED_HOSTS):
@@ -1025,6 +1026,12 @@ CSRF_TRUSTED_ORIGINS = get_setting(
 if SITE_URL and SITE_URL not in CSRF_TRUSTED_ORIGINS:
     CSRF_TRUSTED_ORIGINS.append(SITE_URL)
 
+if not TESTING and len(CSRF_TRUSTED_ORIGINS) == 0:
+    logger.error(
+        'No CSRF_TRUSTED_ORIGINS specified. Please provide a list of trusted origins, or specify INVENTREE_SITE_URL'
+    )
+    sys.exit(-1)
+
 USE_X_FORWARDED_HOST = get_boolean_setting(
     'INVENTREE_USE_X_FORWARDED_HOST',
     config_key='use_x_forwarded_host',
@@ -1265,5 +1272,5 @@ SPECTACULAR_SETTINGS = {
     'SCHEMA_PATH_PREFIX': '/api/',
 }
 
-if SITE_URL:
+if SITE_URL and not TESTING:
     SPECTACULAR_SETTINGS['SERVERS'] = [{'url': SITE_URL}]

InvenTree/InvenTree/tests.py

@@ -574,6 +574,7 @@ class FormatTest(TestCase):
 class TestHelpers(TestCase):
     """Tests for InvenTree helper functions."""
 
+    @override_settings(SITE_URL=None)
     def test_absolute_url(self):
         """Test helper function for generating an absolute URL."""
         base = 'https://demo.inventree.org:12345'
@@ -1347,6 +1348,7 @@ class TestInstanceName(InvenTreeTestCase):
         site_obj = Site.objects.all().order_by('id').first()
         self.assertEqual(site_obj.name, 'Testing title')
 
+    @override_settings(SITE_URL=None)
     def test_instance_url(self):
         """Test instance url settings."""
         # Set up required setting

InvenTree/common/tests.py

@@ -12,6 +12,7 @@ from django.core.cache import cache
 from django.core.exceptions import ValidationError
 from django.core.files.uploadedfile import SimpleUploadedFile
 from django.test import Client, TestCase
+from django.test.utils import override_settings
 from django.urls import reverse
 
 import PIL
@@ -271,6 +272,7 @@ class SettingsTest(InvenTreeTestCase):
                 print(f"run_settings_check failed for user setting '{key}'")
                 raise exc
 
+    @override_settings(SITE_URL=None)
     def test_defaults(self):
         """Populate the settings with default values."""
         for key in InvenTreeSetting.SETTINGS.keys():

InvenTree/part/test_part.py

@@ -6,6 +6,7 @@ from django.conf import settings
 from django.core.cache import cache
 from django.core.exceptions import ValidationError
 from django.test import TestCase
+from django.test.utils import override_settings
 
 from allauth.account.models import EmailAddress
 
@@ -63,6 +64,7 @@ class TemplateTagTest(InvenTreeTestCase):
         """Test the 'instance name' setting."""
         self.assertEqual(inventree_extras.inventree_instance_name(), 'InvenTree')
 
+    @override_settings(SITE_URL=None)
     def test_inventree_base_url(self):
         """Test that the base URL tag returns correctly."""
         self.assertEqual(inventree_extras.inventree_base_url(), '')

docs/docs/start/config.md

@@ -59,9 +59,12 @@ The following basic options are available:
 | INVENTREE_BASE_URL | base_url | Server base URL | *Not specified* |
 | INVENTREE_AUTO_UPDATE | auto_update | Database migrations will be run automatically | False |
 
+!!! tip "INVENTREE_SITE_URL"
+    The *INVENTREE_SITE_URL* option defines the base URL for the InvenTree server. This is a critical setting, and it is required for correct operation of the server. If not specified, the server will attempt to determine the site URL automatically - but this may not always be correct!
+
 ## Server Access
 
-Depending on how your InvenTree installation is configured, you will need to pay careful attention to the following settings. If you are running your server behind a proxy, or want to adjust support for CORS requests, one or more of the following settings may need to be adjusted.
+Depending on how your InvenTree installation is configured, you will need to pay careful attention to the following settings. If you are running your server behind a proxy, or want to adjust support for [CORS requests](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS), one or more of the following settings may need to be adjusted.
 
 !!! warning "Advanced Users"
     The following settings require a certain assumed level of knowledge. You should also refer to the [django documentation]({% include "django.html" %}/ref/settings/) for more information.
@@ -86,6 +89,10 @@ Depending on how your InvenTree installation is configured, you will need to pay
 | INVENTREE_USE_X_FORWARDED_PORT | use_x_forwarded_port | Use forwarded port header | False |
 | INVENTREE_CORS_ALLOW_CREDENTIALS | cors.allow_credentials | Allow cookies in cross-site requests | True |
 
+### Proxy Settings
+
+If you are running InvenTree behind another proxy, you will need to ensure that the InvenTree server is configured to listen on the correct host and port. You will likely have to adjust the `INVENTREE_ALLOWED_HOSTS` setting to ensure that the server will accept requests from the proxy.
+
 ## Admin Site
 
 Django provides a powerful [administrator interface]({% include "django.html" %}/ref/contrib/admin/) which can be used to manage the InvenTree database. This interface is enabled by default, and available at the `/admin/` URL.