feat: Bulk fixes (#1195)

remove ckeditor - not in use add more strict default password validators set Django admin as configurable URL add nginx HSTS and CSP headers enable moving from private to unlisted in the PORTAL_WORKFLOW private on default comments listing, show only comments for public media in case of a private media, dont expose any unneeded metadata
2025-07-25 15:03:31 +00:00 · 2025-02-13 13:41:53 +02:00
parent 5402ee7bc5
commit 3a8cacc847
13 changed files with 151 additions and 120 deletions
--- a/cms/settings.py
+++ b/cms/settings.py
@ -232,7 +232,7 @@ CANNOT_ADD_MEDIA_MESSAGE = ""
 MP4HLS_COMMAND = "/home/mediacms.io/mediacms/Bento4-SDK-1-6-0-637.x86_64-unknown-linux/bin/mp4hls"

 # highly experimental, related with remote workers
-ADMIN_TOKEN = "c2b8e1838b6128asd333ddc5e24"
+ADMIN_TOKEN = ""
 # this is used by remote workers to push
 # encodings once they are done
 # USE_BASIC_HTTP = True
@ -247,35 +247,6 @@ ADMIN_TOKEN = "c2b8e1838b6128asd333ddc5e24"
 # uncomment the two lines related to htpasswd


-CKEDITOR_CONFIGS = {
-    "default": {
-        "toolbar": "Custom",
-        "width": "100%",
-        "toolbar_Custom": [
-            ["Styles"],
-            ["Format"],
-            ["Bold", "Italic", "Underline"],
-            ["HorizontalRule"],
-            [
-                "NumberedList",
-                "BulletedList",
-                "-",
-                "Outdent",
-                "Indent",
-                "-",
-                "JustifyLeft",
-                "JustifyCenter",
-                "JustifyRight",
-                "JustifyBlock",
-            ],
-            ["Link", "Unlink"],
-            ["Image"],
-            ["RemoveFormat", "Source"],
-        ],
-    }
-}
-
-
 AUTH_USER_MODEL = "users.User"
 LOGIN_REDIRECT_URL = "/"

@ -307,7 +278,6 @@ INSTALLED_APPS = [
    "crispy_bootstrap5",
    "uploader.apps.UploaderConfig",
    "djcelery_email",
-    "ckeditor",
    "drf_yasg",
 ]

@ -349,11 +319,15 @@ WSGI_APPLICATION = "cms.wsgi.application"
 AUTH_PASSWORD_VALIDATORS = [
    {
        "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
+        "OPTIONS": {
+            "user_attributes": ("username", "email", "first_name", "last_name"),
+            "max_similarity": 0.7,
+        },
    },
    {
        "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
        "OPTIONS": {
-            "min_length": 5,
+            "min_length": 7,
        },
    },
    {
@ -547,3 +521,10 @@ CALCULATE_MD5SUM = False

 CRISPY_ALLOWED_TEMPLATE_PACKS = "bootstrap5"
 CRISPY_TEMPLATE_PACK = "bootstrap5"
+
+# allow option to override the default admin url
+# keep the trailing slash
+DJANGO_ADMIN_URL = "admin/"
+
+# CSRF_COOKIE_SECURE = True
+# SESSION_COOKIE_SECURE = True