ci: add sll support and enhance e2e workflow

backend/config/settings.py

@@ -19,12 +19,17 @@ import environ
 # Build paths inside the project like this: BASE_DIR / 'subdir'.
 BASE_DIR = Path(__file__).resolve().parent.parent
 
-# Load environment variables
+# Load dotenv files
 env = environ.Env()
-# Allow overriding the .env file path (useful for E2E testing/CI)
-env_file = os.environ.get("PIKU_ENV_FILE", os.path.join(BASE_DIR.parent, ".env"))
+env_file = os.path.join(BASE_DIR.parent, ".env")
 if os.path.exists(env_file):
-    environ.Env.read_env(env_file)
+    environ.Env.read_env(env_file, overwrite=False)
+
+
+SSL_ENABLED = env("SSL_ENABLED") == "true"
+FRONTEND_URL = f"https://{env('FRONTEND_DOMAIN')}" if SSL_ENABLED else f"http://{env('FRONTEND_DOMAIN')}"
+if env("FRONTEND_PORT"):
+    FRONTEND_URL += f":{env('FRONTEND_PORT')}"
 
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/6.0/howto/deployment/checklist/
@@ -35,7 +40,7 @@ SECRET_KEY = env("SECRET_KEY")
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = env("DEBUG")
 
-ALLOWED_HOSTS = env.list("ALLOWED_HOSTS") or []
+ALLOWED_HOSTS = [env("FRONTEND_DOMAIN")]
 
 
 # Application definition
@@ -50,6 +55,7 @@ INSTALLED_APPS = [
     "corsheaders",
     "users",
     "letters",
+    "scripts",
 ]
 
 MIDDLEWARE = [
@@ -82,7 +88,7 @@ DATABASES = {
     }
 }
 
-CORS_ALLOWED_ORIGINS = env.list("CORS_ALLOWED_ORIGINS")
+CORS_ALLOWED_ORIGINS = [FRONTEND_URL]
 CORS_ALLOW_CREDENTIALS = True
 
 AUTH_USER_MODEL = "users.User"
@@ -107,7 +113,7 @@ NOTE: COOKIE_SAMESITE:  Lax is used to allow cross-site redirection, like links
 AUTH_COOKIE = {
     "NAME": "refresh_token",
     "DOMAIN": None,
-    "SECURE": True,
+    "SECURE": SSL_ENABLED,
     "HTTPONLY": True,
     "SAMESITE": "Lax",
 }
@@ -117,12 +123,8 @@ EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend"
 EMAIL_HOST = env("EMAIL_HOST")
 EMAIL_PORT = env("EMAIL_PORT")
 EMAIL_USE_TLS = not DEBUG
-EMAIL_HOST_USER = env("EMAIL_HOST_USER")
-EMAIL_HOST_PASSWORD = env("EMAIL_HOST_PASSWORD")
 FROM_EMAIL = env("FROM_EMAIL")
 
-FRONTEND_URL = env("FRONTEND_URL")
-
 
 # Password validation
 # https://docs.djangoproject.com/en/6.0/ref/settings/#auth-password-validators

backend/scripts/management/commands/serve.py

@@ -0,0 +1,30 @@
+import os
+
+from django.conf import settings
+from django.core.management import call_command
+from django.core.management.base import BaseCommand
+
+
+class Command(BaseCommand):
+    def handle(self, *args, **options):
+        """
+        Check if SSL is enabled in the environment variables.
+        If SSL is enabled, use runserver_plus command.
+        If SSL is not enabled, use runserver command.
+        """
+        ssl_enabled = os.getenv("SSL_ENABLED", "false").lower() == "true"
+        domain = os.getenv("BACKEND_DOMAIN", "127.0.0.1")
+        port = os.getenv("BACKEND_PORT", "8000")
+        addrport = f"{domain}:{port}"
+
+        if ssl_enabled:
+            self.stdout.write(self.style.SUCCESS(f"Starting with SSL on {addrport}..."))
+            call_command(
+                "runserver_plus",
+                addrport,
+                cert_file=settings.BASE_DIR / "../certs/localhost.pem",
+                key_file=settings.BASE_DIR / "../certs/localhost-key.pem",
+            )
+        else:
+            self.stdout.write(self.style.WARNING(f"Starting without SSL on {addrport}..."))
+            call_command("runserver", addrport)

backend/users/tests.py

@@ -1,3 +1,5 @@
+from unittest.mock import _patch_dict
+
 from django.contrib.auth import get_user_model
 from django.contrib.auth.tokens import default_token_generator
 from django.urls import reverse
@@ -19,9 +21,10 @@ class AuthTests(APITestCase):
         self.refresh_url = reverse("token_refresh")
         self.logout_url = reverse("logout")
 
+    @_patch_dict("config.settings.AUTH_COOKIE", {"SECURE": True})
     def test_login_sets_secure_cookie(self):
         """
-        Tests if the Login API can generate access token and set secure cookie for refresh token.
+        Tests if the Login API can generate access token and set secure cookie (when ssl is enabled) for refresh token.
         """
         data = {"email": self.user.email, "password": self.password}
         cookie_name = "refresh_token"