added staging & prod https support to core.settings

updated User creation method in functional_tests.management.commands.create_session
reenabled admin area; outfitted apps.lyric.models w. AbstractBaseUser instead of custom user class; many other fns & several models updated to accomodate, such as set_unusable_password() method to base user model; reset staging db to prepare for refreshed lyric migrations to accomodate for retrofitted pw field
2026-02-20 13:33:11 -05:00 · 2026-02-19 20:50:31 -05:00 · 2026-02-19 20:31:29 -05:00 · 2026-02-18 23:32:43 -05:00 · 2026-02-18 23:04:21 -05:00 · 2026-02-18 21:12:01 -05:00
35 changed files with 281 additions and 132 deletions
--- a/.woodpecker.yaml
+++ b/.woodpecker.yaml
@@ -1,6 +1,16 @@
+services:
+  - name: postgres
+    image: postgres:16
+    environment:
+      POSTGRES_DB: python_tdd_test
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: postgres
+
 steps:
-  - name: test-UTs
+  - name: test-UTs-n-ITs
    image: python:3.13-slim
+    environment:
+      DATABASE_URL: postgresql://postgres:postgres@postgres/python_tdd_test
    commands:
      - pip install -r requirements.txt
      - cd ./src
--- a/infra/deploy-playbook.yaml
+++ b/infra/deploy-playbook.yaml
@@ -50,37 +50,6 @@
    - name: Reset ssh connection to allow the user/group change to take effect
      ansible.builtin.meta: reset_connection

-    - name: Build container image locally
-      community.docker.docker_image:
-        name: gamearray
-        source: build
-        state: present
-        build:
-          path: /mnt/d/cosmovault/latticework/oreilly/percival/python-tdd
-          platform: linux/amd64
-        force_source: true
-      delegate_to: 127.0.0.1
-
-    - name: Export container image locally
-      community.docker.docker_image:
-        name: gamearray
-        archive_path: /tmp/gamearray-img.tar
-        source: local
-      delegate_to: 127.0.0.1
-
-    - name: Upload image to server
-      ansible.builtin.copy:
-        src: /tmp/gamearray-img.tar
-        dest: /tmp/gamearray-img.tar
-
-    - name: Import container image on server
-      community.docker.docker_image:
-        name: gamearray
-        load_path: /tmp/gamearray-img.tar
-        source: load
-        force_source: true
-        state: present
-
    - name: Ensure .secret-key files exists
      # the intention is that this only happens once per server
      ansible.builtin.copy:
@@ -120,27 +89,45 @@
        cmd: docker login gitea.earthmanrpg.me -u discoman -p {{ gitea_registry_token }}
      no_log: true

-    - name: Ensure db.sqlite3 file exists outside container
-      ansible.builtin.file:
-        path: "{{ ansible_env.HOME }}/db.sqlite3"
-        state: touch
-        owner: 1234 # so nonroot user can access it in container
-      become: true # needed for ownership change
+    - name: Create Docker network
+      community.docker.docker_network:
+        name: gamearray_net
+        state: present
+
+    - name: Create Postgres data volume
+      community.docker.docker_volume:
+        name: gamearray_postgres_data
+        state: present
+
+    - name: Start Postgres container
+      community.docker.docker_container:
+        name: gamearray_postgres
+        image: postgres:16
+        state: started
+        restart_policy: unless-stopped
+        networks:
+          - name: gamearray_net
+        volumes:
+          - gamearray_postgres_data:/var/lib/postgresql/data
+        env:
+          POSTGRES_DB: gamearray
+          POSTGRES_USER: gamearray
+          POSTGRES_PASSWORD: "{{ postgres_password }}"

    - name: Run container
      community.docker.docker_container:
        name: gamearray
-        image: gamearray
+        image: gitea.earthmanrpg.me/discoman/gamearray:latest
        state: started
        recreate: true
        env:
          DJANGO_DEBUG_FALSE: "1"
          DJANGO_SECRET_KEY: "{{ secret_key.content | b64decode }}"
          DJANGO_ALLOWED_HOST: "{{ django_allowed_host }}"
-          DJANGO_DB_PATH: "/home/nonroot/db.sqlite3"
-          EMAIL_HOST_USER: "{{ email_host_user }}"
-          EMAIL_HOST_PASSWORD: "{{ email_host_password }}"
+          DATABASE_URL: "postgresql://gamearray:{{ postgres_password }}@gamearray_postgres/gamearray"
          MAILGUN_API_KEY: "{{  mailgun_api_key }}"
+        networks:
+          - name: gamearray_net
        ports:
          127.0.0.1:8888:8888

@@ -160,7 +147,7 @@
    - name: Run migration inside container
      community.docker.docker_container_exec:
        container: gamearray
-        command: ./manage.py migrate
+        command: python manage.py migrate

  handlers:
    - name: Restart nginx
--- a/infra/deploy.sh.j2
+++ b/infra/deploy.sh.j2
@@ -13,6 +13,7 @@ docker rm gamearray 2>/dev/null || true
 echo "==> Starting new container..."
 docker run -d --name gamearray \
    --env-file /opt/gamearray/gamearray.env \
+    --network gamearray_net \
    -p 127.0.0.1:8888:8888 \
    "$IMAGE"

--- a/infra/gamearray.env.j2
+++ b/infra/gamearray.env.j2
@@ -1,7 +1,5 @@
 DJANGO_DEBUG_FALSE=1
 DJANGO_SECRET_KEY={{ secret_key.content | b64decode }}
 DJANGO_ALLOWED_HOST={{ django_allowed_host }}
-DJANGO_DB_PATH=/home/nonroot/db.sqlite3
-EMAIL_HOST_USER={{ email_host_user }}
-EMAIL_HOST_PASSWORD={{ email_host_password }}
+DATABASE_URL=postgresql://gamearray:{{ postgres_password }}@gamearray_postgres/gamearray
 MAILGUN_API_KEY={{ mailgun_api_key }}
--- a/infra/group_vars/staging/vault.yaml
+++ b/infra/group_vars/staging/vault.yaml
@@ -1,28 +1,23 @@
 $ANSIBLE_VAULT;1.1;AES256
-36653566363731653435616430626663303038623766663561363231333163336165623863613964
-6164383861643530366438623465613565373032396331350a666163636431636663353162383531
-34306534656430653533303530613764336438616536343534663236333665323837636337333334
-3432643436636265610a313465396435616263386631353336326464333930613865313934313032
-38353362623937643234333466323063336535623666613366633263623034616638653566666463
-66323032653034376663623933306162313832643038653764643864666433376236643163663637
-63626334393963343934666665373764393066383866616461333063633664363436613031663036
-61343939343633393138666637646137376537393335663032383839306365613764303833323338
-33343936333730373362393466373238636666343762373134633962383237623335373634656330
-37363039393261313034306166656563333461353034646234323462623631393338383461363961
-33356564633637333630663464613265666264393435363238383530333861636365616362316130
-38353464343064616463636535316339336430323866303161393065363830356431386430666534
-61353961666333313536616661636631643630373337633262653662393863336264636431366634
-32323533383963393435343935616135663262633634356631363632396233383839326365396333
-64333232626465643438313132323661386235313063303036303631376537353666313532323766
-63633834336631633364333334373461333836666630353363343365323033653234356536643939
-30316538663230653636316532393931333936613733336366326239633362353666636436636136
-64656134663733376630316536616138613234383838316138616433353531396363316462626133
-62383431396465333634623066333565643332613935653532613536646632346533383362393330
-38646562393762346434663666313431363037636463306435663263386336343461303839346365
-63326432643662353830383736613636643866363765366132653563363036316265646531623433
-30303131323165653564333331353233373731333539346163613564343331373931633365633631
-66396332653436376430626564316639623362383635633134343234626462333162336464656438
-65393062333631373836303662326436333265373033353339356334633666363065636164343239
-64623535663633653130643764656539643339633061646437643366376261383137613439323934
-37343338336130313339356531333038613334393736353365366662313262653737623533616366
-346430623266646464353639386266313339
+33616230376431343735626631623932393166343538653732383533323436326335343463646664
+6565373531623465613661613533376231373837326438300a393665613839646231633737313938
+64633035336663313163333634623732323537326363646132313136376131636666636538323066
+3037373930303537320a313062646166353862633836373466316261363939633433663039323866
+62333739303662343836306538393734343830366336323265393138343438363533353166383031
+32313461313137643039376237346633316466646136353038633861333031663164656233366634
+38303363383130376264373861393863623330623733643135643461383132613339376633353031
+32313863323039646534633733383661333361313832333830383066633130396239626661643264
+65636335303339613432326533343337366261356632313639623634386633383836333733663536
+39383361353530646166643531333535356636326535383534326237666638326137616162646261
+65316466323335653932636338653565383038313531383638393839313736643739363037353230
+35653632353531656435396663316537333133653632366437613339303033333536643937353166
+64363037653733303332643931343362303261643432366531326262383465313965633064356338
+31336333373665373035656533633864316139303934623030383934393434356334643962666163
+33343739366336613263333764306365333566363536616662383733616237396563346132336633
+38663239613339376335386233386330396634323033343332366130616162666339393861306336
+35383566383831356530633130313732356331616164646132626665646235396635386237313538
+38656631336261646530303761643334303937613036363766303637376262373466316431323731
+38666462313639353131303134646434646135366136343361353932326165626666306361393431
+62646238323265346263386363373462313766616333326366366461346436383064336535376339
+31356566356336386262393831616631666233633930393263623563386265343237323133313832
+3430363635363332303963316530663765613666306233376463
--- a/infra/nginx.conf.j2
+++ b/infra/nginx.conf.j2
@@ -1,6 +1,6 @@
 server {
    listen 80;
-    server_name {{ django_allowed_host }};
+    server_name {{ django_allowed_host | replace(',', ' ')}};

    location /static/ {
        alias /var/www/gamearray/static/;
--- a/requirements.dev.txt
+++ b/requirements.dev.txt
@@ -3,7 +3,9 @@ attrs==25.4.0
 certifi==2025.11.12
 cffi==2.0.0
 charset-normalizer==3.4.4
+coverage
 cssselect==1.3.0
+dj-database-url
 Django==6.0
 django-stubs==5.2.8
 django-stubs-ext==5.2.8
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,8 +1,10 @@
 cssselect==1.3.0
 Django==6.0
+dj-database-url
 django-stubs==5.2.8
 django-stubs-ext==5.2.8
 gunicorn==23.0.0
 lxml==6.0.2
+psycopg2-binary
 requests==2.31.0
 whitenoise==6.11.0
--- a/src/.coveragerc
+++ b/src/.coveragerc
@@ -0,0 +1,8 @@
+[run]
+source = apps
+omit =
+    */migrations/*
+    */tests/*
+
+[report]
+show_missing = true
--- a/src/apps/dashboard/tests/integrated/init.py
+++ b/src/apps/dashboard/tests/integrated/init.py
--- a/src/apps/dashboard/tests/integrated/test_forms.py
+++ b/src/apps/dashboard/tests/integrated/test_forms.py
@@ -1,18 +1,15 @@
 from django.test import TestCase
-from ..forms import (
+
+from apps.dashboard.forms import (
    DUPLICATE_ITEM_ERROR,
    EMPTY_ITEM_ERROR,
    ExistingListItemForm,
    ItemForm,
 )
-from ..models import Item, List
+from apps.dashboard.models import Item, List
+

 class ItemFormTest(TestCase):
-    def test_form_validation_for_blank_items(self):
-        form = ItemForm(data={"text": ""})
-        self.assertFalse(form.is_valid())
-        self.assertEqual(form.errors["text"], [EMPTY_ITEM_ERROR])
-
    def test_form_save_handles_saving_to_a_list(self):
        mylist = List.objects.create()
        form = ItemForm(data={"text": "do re mi"})
--- a/src/apps/dashboard/tests/integrated/test_models.py
+++ b/src/apps/dashboard/tests/integrated/test_models.py
@@ -1,14 +1,12 @@
 from django.core.exceptions import ValidationError
 from django.db.utils import IntegrityError
 from django.test import TestCase
-from ..models import Item, List
+
+from apps.dashboard.models import Item, List
 from apps.lyric.models import User

-class ItemModelTest(TestCase):
-    def test_default_text(self):
-        item = Item()
-        self.assertEqual(item.text, "")

+class ItemModelTest(TestCase):
    def test_item_is_related_to_list(self):
        mylist = List.objects.create()
        item = Item()
@@ -42,10 +40,6 @@ class ItemModelTest(TestCase):
        item = Item(list=list2, text="nojk")
        item.full_clean() # should not raise

-    def test_string_representation(self):
-        item = Item(text="sample text")
-        self.assertEqual(str(item), "sample text")
-
 class ListModelTest(TestCase):
        def test_get_absolute_url(self):
            mylist = List.objects.create()
--- a/src/apps/dashboard/tests/integrated/test_views.py
+++ b/src/apps/dashboard/tests/integrated/test_views.py
@@ -1,13 +1,14 @@
 import lxml.html
 from unittest import skip
+
 from django.test import TestCase
 from django.utils import html

-from ..forms import (
+from apps.dashboard.forms import (
    DUPLICATE_ITEM_ERROR,
    EMPTY_ITEM_ERROR,
 )
-from ..models import Item, List
+from apps.dashboard.models import Item, List
 from apps.lyric.models import User


--- a/src/apps/dashboard/tests/unit/init.py
+++ b/src/apps/dashboard/tests/unit/init.py
--- a/src/apps/dashboard/tests/unit/test_forms.py
+++ b/src/apps/dashboard/tests/unit/test_forms.py
@@ -0,0 +1,13 @@
+from django.test import SimpleTestCase
+
+from apps.dashboard.forms import (
+    EMPTY_ITEM_ERROR,
+    ItemForm,
+)
+
+
+class SimpleItemFormTest(SimpleTestCase):
+    def test_form_validation_for_blank_items(self):
+        form = ItemForm(data={"text": ""})
+        self.assertFalse(form.is_valid())
+        self.assertEqual(form.errors["text"], [EMPTY_ITEM_ERROR])
--- a/src/apps/dashboard/tests/unit/test_models.py
+++ b/src/apps/dashboard/tests/unit/test_models.py
@@ -0,0 +1,13 @@
+from django.test import SimpleTestCase
+
+from apps.dashboard.models import Item
+
+
+class SimpleItemModelTest(SimpleTestCase):
+    def test_default_text(self):
+        item = Item()
+        self.assertEqual(item.text, "")
+
+    def test_string_representation(self):
+        item = Item(text="sample text")
+        self.assertEqual(str(item), "sample text")
--- a/src/apps/lyric/admin.py
+++ b/src/apps/lyric/admin.py
@@ -1,3 +1,6 @@
 from django.contrib import admin
+from .models import Token, User

-# Register your models here.
+
+admin.site.register(User)
+admin.site.register(Token)
--- a/src/apps/lyric/authentication.py
+++ b/src/apps/lyric/authentication.py
@@ -13,7 +13,7 @@ class PasswordlessAuthenticationBackend:
        try:
            return User.objects.get(email=token.email)
        except User.DoesNotExist:
-            return User.objects.create(email=token.email)
+            return User.objects.create_user(email=token.email)

    def get_user(self, user_id):
        try:
--- a/src/apps/lyric/migrations/0001_initial.py
+++ b/src/apps/lyric/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 6.0 on 2026-02-08 01:19
+# Generated by Django 6.0 on 2026-02-20 00:48

 import uuid
 from django.db import migrations, models
@@ -15,9 +15,16 @@ class Migration(migrations.Migration):
        migrations.CreateModel(
            name='User',
            fields=[
+                ('password', models.CharField(max_length=128, verbose_name='password')),
+                ('last_login', models.DateTimeField(blank=True, null=True, verbose_name='last login')),
                ('id', models.UUIDField(default=uuid.uuid4, editable=False, primary_key=True, serialize=False)),
                ('email', models.EmailField(max_length=254, unique=True)),
+                ('is_staff', models.BooleanField(default=False)),
+                ('is_superuser', models.BooleanField(default=False)),
            ],
+            options={
+                'abstract': False,
+            },
        ),
        migrations.CreateModel(
            name='Token',
--- a/src/apps/lyric/models.py
+++ b/src/apps/lyric/models.py
@@ -1,16 +1,38 @@
 import uuid
+
+from django.contrib.auth.base_user import AbstractBaseUser, BaseUserManager
 from django.db import models

+
+class UserManager(BaseUserManager):
+    def create_user(self, email):
+        user = self.model(email=email)
+        user.set_unusable_password()
+        user.save(using=self._db)
+        return user
+
+    def create_superuser(self, email, password):
+        user = self.model(email=email, is_staff=True, is_superuser=True)
+        user.set_password(password)
+        user.save(using=self._db)
+        return user
+
 class Token(models.Model):
    email = models.EmailField()
    uid = models.UUIDField(primary_key=True, default=uuid.uuid4, editable=False)

-class User(models.Model):
+class User(AbstractBaseUser):
    id = models.UUIDField(primary_key=True, default=uuid.uuid4, editable=False)
    email = models.EmailField(unique=True)
+    is_staff = models.BooleanField(default=False)
+    is_superuser = models.BooleanField(default=False)

+    objects = UserManager()
    REQUIRED_FIELDS = []
    USERNAME_FIELD = "email"

-    is_authenticated = True
-    is_anonymous =False
+    def has_perm(self, perm, obj=None):
+        return self.is_superuser
+    
+    def has_module_perms(self, app_label):
+        return self.is_superuser
--- a/src/apps/lyric/tests/integrated/init.py
+++ b/src/apps/lyric/tests/integrated/init.py
--- a/src/apps/lyric/tests/integrated/test_authentication.py
+++ b/src/apps/lyric/tests/integrated/test_authentication.py
@@ -2,17 +2,11 @@ import uuid
 from django.http import HttpRequest
 from django.test import TestCase

-from ..authentication import PasswordlessAuthenticationBackend
-from ..models import Token, User
+from apps.lyric.authentication import PasswordlessAuthenticationBackend
+from apps.lyric.models import Token, User


 class AuthenticateTest(TestCase):
-    def test_returns_None_if_token_is_invalid_uuid(self):
-        result = PasswordlessAuthenticationBackend().authenticate(
-            HttpRequest(), "no-such-token"
-        )
-        self.assertIsNone(result)
-
    def test_returns_None_if_token_uuid_not_found(self):
        uid = uuid.uuid4()
        result = PasswordlessAuthenticationBackend().authenticate(
--- a/src/apps/lyric/tests/integrated/test_models.py
+++ b/src/apps/lyric/tests/integrated/test_models.py
@@ -1,7 +1,9 @@
 import uuid
 from django.contrib import auth
 from django.test import TestCase
-from ..models import Token, User
+
+from apps.lyric.models import Token, User
+

 class UserModelTest(TestCase):
    def test_model_is_configured_for_django_auth(self):
@@ -9,6 +11,7 @@ class UserModelTest(TestCase):
    
    def test_user_is_valid_with_email_only(self):
        user = User(email="a@b.cde")
+        user.set_unusable_password()
        user.full_clean() # should not raise

    def test_id_is_primary_key(self):
@@ -21,3 +24,19 @@ class TokenModelTest(TestCase):
        token2 = Token.objects.create(email="v@w.xyz")
        self.assertNotEqual(token1.pk, token2.pk)
        self.assertIsInstance(token1.pk, uuid.UUID)
+
+class UserManagerTest(TestCase):
+    def test_create_superuser_sets_is_staff_and_is_superuser(self):
+        user = User.objects.create_superuser(
+            email="admin@example.com",
+            password="correct-password",
+        )
+        self.assertTrue(user.is_staff)
+        self.assertTrue(user.is_superuser)
+
+    def test_create_superuser_sets_usable_password(self):
+        user = User.objects.create_superuser(
+            email="admin@example.com",
+            password="correct-password",
+        )
+        self.assertTrue(user.check_password("correct-password"))
--- a/src/apps/lyric/tests/integrated/test_views.py
+++ b/src/apps/lyric/tests/integrated/test_views.py
@@ -1,7 +1,10 @@
 from django.contrib import auth
 from django.test import TestCase
 from unittest import mock
-from ..models import Token
+
+from apps.lyric.models import Token
+
+

 class SendLoginEmailViewTest(TestCase):
    def test_redirects_to_home_page(self):
@@ -19,7 +22,7 @@ class SendLoginEmailViewTest(TestCase):
        self.assertEqual(mock_post.called, True)
        data = mock_post.call_args.kwargs["data"]
        self.assertEqual(data["subject"], "A magic login link to your Dashboard")
-        self.assertEqual(data["from"], "adman@howdy.earthmanrpg.me")
+        self.assertEqual(data["from"], "adman@howdy.earthmanrpg.com")
        self.assertEqual(data["to"], "discoman@example.com")

    def test_adds_success_message(self):
--- a/src/apps/lyric/tests/unit/init.py
+++ b/src/apps/lyric/tests/unit/init.py
--- a/src/apps/lyric/tests/unit/test_authentication.py
+++ b/src/apps/lyric/tests/unit/test_authentication.py
@@ -0,0 +1,31 @@
+from django.http import HttpRequest
+from django.test import SimpleTestCase
+
+from apps.lyric.authentication import PasswordlessAuthenticationBackend
+from apps.lyric.models import User
+
+
+class SimpleAuthenticateTest(SimpleTestCase):
+    def test_returns_None_if_token_is_invalid_uuid(self):
+        result = PasswordlessAuthenticationBackend().authenticate(
+            HttpRequest(), "no-such-token"
+        )
+        self.assertIsNone(result)
+
+    def test_returns_None_if_no_uuid(self):
+        result = PasswordlessAuthenticationBackend().authenticate(HttpRequest())
+        self.assertIsNone(result)
+
+class UserPermissionsTest(SimpleTestCase):
+    def test_superuser_has_perm(self):
+        user = User(is_superuser=True)
+        self.assertTrue(user.has_perm("any.permission"))
+
+    def test_superuser_has_module_perms(self):
+        user = User(is_superuser=True)
+        self.assertTrue(user.has_module_perms("any_app"))
+
+    def test_non_superuser_has_no_perm(self):
+        user = User(is_superuser=False)
+        self.assertFalse(user.has_perm("any.permission"))
+
--- a/src/apps/lyric/views.py
+++ b/src/apps/lyric/views.py
@@ -18,7 +18,7 @@ def send_login_email(request):
        f"https://api.mailgun.net/v3/{settings.MAILGUN_DOMAIN}/messages",
        auth=("api", settings.MAILGUN_API_KEY),
        data={
-            "from": "adman@howdy.earthmanrpg.me",
+            "from": "adman@howdy.earthmanrpg.com",
            "to": email,
            "subject": "A magic login link to your Dashboard",
            "text": message_body,
--- a/src/core/settings.py
+++ b/src/core/settings.py
@@ -12,6 +12,7 @@ https://docs.djangoproject.com/en/6.0/ref/settings/

 from pathlib import Path
 import os
+import dj_database_url

 # Build paths inside the project like this: BASE_DIR / 'subdir'.
 BASE_DIR = Path(__file__).resolve().parent.parent
@@ -26,20 +27,25 @@ if 'DJANGO_DEBUG_FALSE' in os.environ:
    DEBUG = False
    SECRET_KEY = os.environ['DJANGO_SECRET_KEY']
    ALLOWED_HOSTS = [host.strip() for host in os.environ['DJANGO_ALLOWED_HOST'].split(',')]
-    db_path = os.environ['DJANGO_DB_PATH']
+    CSRF_TRUSTED_ORIGINS = [f'https://{host.strip()}' for host in os.environ['DJANGO_ALLOWED_HOST'].split(',')]
+    SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+    SESSION_COOKIE_SECURE = True
+    CSRF_COOKIE_SECURE = True
+    SECURE_HSTS_SECONDS = 60
+    SECURE_HSTS_INCLUDE_SUBDOMAINS = True
+    SECURE_HSTS_PRELOAD = True
 else:
    DEBUG = True
    # SECURITY WARNING: keep the secret key used in production secret!
    SECRET_KEY = 'django-insecure-&9b_h=qpjy=sshhnsyg98&jp7(t6*v78__y%h2l$b#_@6z$-9r'
    ALLOWED_HOSTS = []
-    db_path = BASE_DIR / 'db.sqlite3'


 # Application definition

 INSTALLED_APPS = [
    # Django apps
-    # 'django.contrib.admin',
+    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
@@ -90,12 +96,16 @@ ASGI_APPLICATION = 'core.asgi.application'
 # Database
 # https://docs.djangoproject.com/en/6.0/ref/settings/#databases

-DATABASES = {
+DATABASE_URL = os.environ.get('DATABASE_URL')
+if DATABASE_URL:
+    DATABASES = {'default': dj_database_url.config(conn_max_age=600)}
+else:
+    DATABASES = {
        'default': {
            'ENGINE': 'django.db.backends.sqlite3',
-        'NAME': db_path,
+            'NAME': BASE_DIR / 'db.sqlite3',
+        }
    }
-}


 # Password validation
@@ -119,6 +129,7 @@ AUTH_PASSWORD_VALIDATORS = [
 AUTH_USER_MODEL = "lyric.User"

 AUTHENTICATION_BACKENDS = [
+    "django.contrib.auth.backends.ModelBackend",
    "apps.lyric.authentication.PasswordlessAuthenticationBackend",
 ]

@@ -155,12 +166,6 @@ LOGGING = {
    },
 }

-# Email Settings
-EMAIL_HOST = "smtp.mailgun.org"
-EMAIL_HOST_USER = os.environ.get("EMAIL_HOST_USER") # switch back to .environ[] when collectstatic moved outside docker build process
-EMAIL_HOST_PASSWORD = os.environ.get("EMAIL_HOST_PASSWORD") # switch back to .environ[]
-EMAIL_PORT = 587
-EMAIL_USE_TLS = True
 # Mailgun API settings (for HTTP API instead of SMTP)
 MAILGUN_API_KEY = os.environ.get("MAILGUN_API_KEY")
-MAILGUN_DOMAIN = "howdy.earthmanrpg.me" # Your Mailgun domain
+MAILGUN_DOMAIN = "howdy.earthmanrpg.com" # Your Mailgun domain
--- a/src/core/urls.py
+++ b/src/core/urls.py
@@ -1,10 +1,10 @@
-# from django.contrib import admin
+from django.contrib import admin
 from django.http import HttpResponse
 from django.urls import include, path
 from apps.dashboard import views as dash_views

 urlpatterns = [
-    # path('admin/', admin.site.urls),
+    path('admin/', admin.site.urls),
    path('', dash_views.home_page, name='home'),
    path('apps/dashboard/', include('apps.dashboard.urls')),
    path('apps/lyric/', include('apps.lyric.urls')),
--- a/src/functional_tests/container_commands.py
+++ b/src/functional_tests/container_commands.py
@@ -1,5 +1,6 @@
 import subprocess

+
 USER = "discoman"


--- a/src/functional_tests/management/commands/create_session.py
+++ b/src/functional_tests/management/commands/create_session.py
@@ -1,5 +1,10 @@
 from django.conf import settings
-from django.contrib.auth import BACKEND_SESSION_KEY, SESSION_KEY, get_user_model
+from django.contrib.auth import (
+    BACKEND_SESSION_KEY,
+    HASH_SESSION_KEY,
+    SESSION_KEY,
+    get_user_model,
+)
 from django.contrib.sessions.backends.db import SessionStore
 from django.core.management.base import BaseCommand

@@ -15,9 +20,10 @@ class Command(BaseCommand):
        self.stdout.write(session_key)

 def create_pre_authenticated_session(email):
-    user = User.objects.create(email=email)
+    user = User.objects.create_user(email=email)
    session = SessionStore()
    session[SESSION_KEY] = str(user.pk)  # Convert UUID to string for JSON serialization
-    session[BACKEND_SESSION_KEY] = settings.AUTHENTICATION_BACKENDS[0]
+    session[BACKEND_SESSION_KEY] = "apps.lyric.authentication.PasswordlessAuthenticationBackend"
+    session[HASH_SESSION_KEY] = user.get_session_auth_hash()
    session.save()
    return session.session_key
--- a/src/functional_tests/test_admin.py
+++ b/src/functional_tests/test_admin.py
@@ -0,0 +1,28 @@
+from selenium.webdriver.common.by import By
+
+from .base import FunctionalTest
+from apps.lyric.models import User
+
+
+class AdminLoginTest(FunctionalTest):
+    def setUp(self):
+        super().setUp()
+        self.superuser = User.objects.create_superuser(
+            email="admin@example.com",
+            password="correct-password",
+        )
+
+    def test_can_access_admin(self):
+        self.browser.get(self.live_server_url + "/admin/")
+
+        self.wait_for(lambda: self.browser.find_element(By.ID, "id_username"))
+        self.browser.find_element(By.ID, "id_username").send_keys("admin@example.com")
+        self.browser.find_element(By.ID, "id_password").send_keys("correct-password")
+        self.browser.find_element(By.CSS_SELECTOR, "input[type=submit]").click()
+
+        body = self.wait_for(
+            lambda: self.browser.find_element(By.TAG_NAME, "body")
+        )
+        self.assertIn("Site administration", body.text)
+        self.assertIn("Users", body.text)
+        self.assertIn("Tokens", body.text)
--- a/src/functional_tests/test_layout_and_styling.py
+++ b/src/functional_tests/test_layout_and_styling.py
@@ -4,6 +4,7 @@ from selenium.webdriver.common.keys import Keys
 from .base import FunctionalTest
 from .list_page import ListPage

+
 class LayoutAndStylingTest(FunctionalTest):
    def test_layout_and_styling(self):
        self.browser.get(self.live_server_url)
--- a/src/functional_tests/test_login.py
+++ b/src/functional_tests/test_login.py
@@ -2,11 +2,14 @@ import re
 from unittest.mock import patch
 from selenium.webdriver.common.by import By
 from selenium.webdriver.common.keys import Keys
+
 from .base import FunctionalTest

+
 TEST_EMAIL = "discoman@example.com"
 SUBJECT = "A magic login link to your Dashboard"

+
 class LoginTest(FunctionalTest):
    @patch('apps.lyric.views.requests.post')
    def test_login_using_magic_link(self, mock_post):
--- a/src/functional_tests/test_sharing.py
+++ b/src/functional_tests/test_sharing.py
@@ -1,3 +1,5 @@
+import os
+
 from selenium import webdriver
 from selenium.webdriver.common.by import By

@@ -21,7 +23,10 @@ class SharingTest(FunctionalTest):
        disco_browser = self.browser
        self.addCleanup(lambda: quit_if_possible(disco_browser))

-        ali_browser = webdriver.Firefox()
+        options = webdriver.FirefoxOptions()
+        if os.environ.get("HEADLESS"):
+            options.add_argument("--headless")
+        ali_browser = webdriver.Firefox(options=options)
        self.addCleanup(lambda: quit_if_possible(ali_browser))
        self.browser = ali_browser
        self.create_pre_authenticated_session("alice@example.com")
Author	SHA1	Message	Date
Disco DeDisco	4b558020af	added staging & prod https support to core.settings All checks were successful ci/woodpecker/push/woodpecker Pipeline was successful Details	2026-02-20 13:33:11 -05:00
Disco DeDisco	5106b04175	updated User creation method in functional_tests.management.commands.create_session All checks were successful ci/woodpecker/push/woodpecker Pipeline was successful Details	2026-02-19 20:50:31 -05:00
Disco DeDisco	025a59938b	reenabled admin area; outfitted apps.lyric.models w. AbstractBaseUser instead of custom user class; many other fns & several models updated to accomodate, such as set_unusable_password() method to base user model; reset staging db to prepare for refreshed lyric migrations to accomodate for retrofitted pw field All checks were successful ci/woodpecker/push/woodpecker Pipeline was successful Details	2026-02-19 20:31:29 -05:00
Disco DeDisco	d26196a7f1	added CSRF_TRUSTED_ORIGINS to core.settings, now that https added All checks were successful ci/woodpecker/push/woodpecker Pipeline was successful Details	2026-02-18 23:32:43 -05:00
Disco DeDisco	84fd0554bd	moved adman magic link to howdy.earthmanrpg.com, in anticipation of having to mirror the prod server location; staging server preserved, along w. gitea & woodpecker, on earthmanrpg.me Some checks failed ci/woodpecker/push/woodpecker Pipeline failed Details	2026-02-18 23:04:21 -05:00
Disco DeDisco	55f2a043c6	postgres integration complete thru woodpecker pipeline All checks were successful ci/woodpecker/push/woodpecker Pipeline was successful Details	2026-02-18 21:12:01 -05:00
Disco DeDisco	a1e7ae8071	added coverage dependency; 99 percent test coverage (only lacking admin, currently by design); commenced postgresql db integration All checks were successful ci/woodpecker/push/woodpecker Pipeline was successful Details	2026-02-18 20:18:56 -05:00
Disco DeDisco	a06fce26ef	reorganized and reclassified old 'unit tests' for ea. app into dirs for UTs & ITs; abandoning effort to refactor any test_views into UTs; all tests passing All checks were successful ci/woodpecker/push/woodpecker Pipeline was successful Details	2026-02-18 19:07:02 -05:00
Disco DeDisco	c41624152a	added headless option to .test_sharing for woodpecker FT run All checks were successful ci/woodpecker/push/woodpecker Pipeline was successful Details	2026-02-18 15:24:55 -05:00