cfl-common 7.4.3__py3-none-any.whl → 8.9.15__py3-none-any.whl

cfl_common-8.9.15.dist-info/METADATA

@@ -0,0 +1,47 @@
+Metadata-Version: 2.4
+Name: cfl-common
+Version: 8.9.15
+Classifier: Programming Language :: Python :: 3
+Classifier: Operating System :: OS Independent
+Requires-Dist: asgiref==3.11.0; python_version >= "3.9"
+Requires-Dist: certifi==2026.1.4; python_version >= "3.7"
+Requires-Dist: cffi==2.0.0; platform_python_implementation != "PyPy"
+Requires-Dist: charset-normalizer==3.4.4; python_version >= "3.7"
+Requires-Dist: cryptography==44.0.1; python_version >= "3.7" and python_full_version not in "3.9.0, 3.9.1"
+Requires-Dist: diff-match-patch==20241021; python_version >= "3.7"
+Requires-Dist: django==5.1.15; python_version >= "3.10"
+Requires-Dist: django-countries==7.6.1
+Requires-Dist: django-csp==3.8
+Requires-Dist: django-formtools==2.5.1; python_version >= "3.8"
+Requires-Dist: django-import-export==4.2.0; python_version >= "3.9"
+Requires-Dist: django-otp==1.7.0; python_version >= "3.8"
+Requires-Dist: django-phonenumber-field==8.4.0; python_version >= "3.10"
+Requires-Dist: django-pipeline==4.0.0; python_version >= "3.9"
+Requires-Dist: django-two-factor-auth==1.17.0; python_version >= "3.8"
+Requires-Dist: djangorestframework==3.16.0; python_version >= "3.9"
+Requires-Dist: idna==3.11; python_version >= "3.8"
+Requires-Dist: libsass==0.23.0; python_version >= "3.8"
+Requires-Dist: more-itertools==8.7.0; python_version >= "3.5"
+Requires-Dist: numpy==2.4.1; python_version >= "3.11"
+Requires-Dist: pandas==2.3.3; python_version >= "3.9"
+Requires-Dist: pgeocode==0.4.0; python_version >= "3.8"
+Requires-Dist: pycparser==2.23; implementation_name != "PyPy"
+Requires-Dist: pyjwt==2.6.0; python_version >= "3.7"
+Requires-Dist: pypng==0.20220715.0
+Requires-Dist: python-dateutil==2.9.0.post0; python_version >= "2.7" and python_version not in "3.0, 3.1, 3.2"
+Requires-Dist: pytz==2025.2
+Requires-Dist: qrcode==7.4.2; python_version >= "3.7"
+Requires-Dist: requests==2.32.5; python_version >= "3.9"
+Requires-Dist: setuptools==80.9.0; python_version >= "3.9"
+Requires-Dist: six==1.17.0; python_version >= "2.7" and python_version not in "3.0, 3.1, 3.2"
+Requires-Dist: sqlparse==0.5.5; python_version >= "3.8"
+Requires-Dist: tablib==3.7.0; python_version >= "3.9"
+Requires-Dist: typing-extensions==4.15.0; python_version >= "3.9"
+Requires-Dist: tzdata==2025.3; python_version >= "2"
+Requires-Dist: urllib3==2.6.3; python_version >= "3.9"
+Requires-Dist: wheel==0.45.1; python_version >= "3.8"
+Dynamic: classifier
+Dynamic: description
+Dynamic: requires-dist
+
+Common package for Code for Life

{cfl_common-7.4.3.dist-info → cfl_common-8.9.15.dist-info}/RECORD

@@ -1,10 +1,10 @@
 common/__init__.py,sha256=XlncBOpKp_gekbKH7Y_i6yu1qy5tJc3Y8sn8cDy-Vgk,48
-common/app_settings.py,sha256=Bw1DXkZpNIdwUJ-cIOjZnngH5_NbMXC0koW7NgQ0pKY,2495
+common/app_settings.py,sha256=br31aXMTs48oyxkvGmCSoGb94Ir8imONuD2uNO3k7-k,2763
 common/apps.py,sha256=49UXZ3bSkFKvIEOL4zM7y1sAhccQJyRtsoOg5XVd_8Y,129
 common/context_processors.py,sha256=X0iuX5qu9kMWa7q8osE9CJ2LgM7pPOYQFGdjm8X3rk0,236
-common/csp_config.py,sha256=9ECOLnp60ENRFAYEEIoYOMhqQzLgfKA-wkWxeUBwDrQ,2824
+common/csp_config.py,sha256=saeg9LbRr5xw7NDJPlt6fqi8Zz0vI8Rpc4VCS6oJNe8,2976
 common/mail.py,sha256=pIRfUMVoJWxdv74UqToj_0_pTVTC51z6QlFVLI3QBOw,6874
-common/models.py,sha256=yAULJtzuF4loEt6mPrgZjwHGiQH6Hqm82etE7Sofvys,15989
+common/models.py,sha256=Qm-UHUR4Qbjn407HbA-YPFHQQk0qOZAsylukptnBXq0,19149
 common/permissions.py,sha256=gC6RQGZI2QDBbglx-xr_V4Hl2C2nf1V2_uPmEuoEcJo,2416
 common/utils.py,sha256=Nn2Npao9Uqad5Js_IdHwF-ow6wrPNpBLW4AO1LxoEBc,1727
 common/fixtures/aimmo_characters.json,sha256=LqjwI05-H4heSBxl6_hS-nb3gMN_4SNVlDnDRT6qNZ8,1234
@@ -12,7 +12,7 @@ common/fixtures/aimmo_characters2.json,sha256=R-23mbjLrvpH4G9khXKcu7PTDK86xf9eHf
 common/fixtures/aimmo_characters3.json,sha256=7Pv_6DFastPzmM86sPx6D60Y8Biq84GLL5pWz5NGSUA,1392
 common/helpers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 common/helpers/data_migration_loader.py,sha256=_BhS5lPmhcuVUbryBmJytlWdHyT02KYyxPkHar32mOE,1748
-common/helpers/emails.py,sha256=KyXIudPRgetggOnlNUohArF7cPBuazQI2V6dtMfKnrM,12368
+common/helpers/emails.py,sha256=wBgwTsOQSDIEFGZ3SS4N5XZO9nlwuCVzsjvgH4NNUkc,12060
 common/helpers/generators.py,sha256=kTL5e91I8wgmjJ-mu4jr9vIacjccUZ5pZSAz5cUNhdM,1505
 common/helpers/organisation.py,sha256=e-JKumKoXrkMTzZPv0H4ViWL8vtCt7oXJjn_zZ1ec00,427
 common/migrations/0001_initial.py,sha256=Y2kt2xmdCbrmDXCgqmhXeacicNg26Zj7L7SANSsgAAI,9664
@@ -70,6 +70,9 @@ common/migrations/0052_add_cse_fields.py,sha256=NhUkkcu2EBzJFhewCTccQ63AoANkGq1C
 common/migrations/0053_clean_class_data.py,sha256=lBKlDa49YwT660o-Ot6IYe4I1KfervTn4uAijda0nyw,584
 common/migrations/0054_delete_aimmo_models.py,sha256=fmn4mDdlHr5DhPbIl_ygvGwWVFD8TZHAgQ6VUQQgCx8,415
 common/migrations/0055_alter_schoolteacherinvitation_token.py,sha256=lzPAMaI3zU_q25RuIos_LV97NXOa3MIn_eWaEL71Y4I,403
+common/migrations/0056_set_non_school_teachers_as_non_admins.py,sha256=_BrC9yfSYpP-c7EGFZmz8a4Kx_SxnRhpLMxJ70RVFOY,603
+common/migrations/0057_teacher_teacher__is_admin.py,sha256=4pinm9T3JF3PRNLnbXI6mdFiNyxg1MnRs8lMKC4S5Bc,511
+common/migrations/0058_userprofile_google_refresh_token_and_more.py,sha256=xHBv29aWKGkISxhQd_ao5RcZPg5UkirsVf9sqajkk_8,656
 common/migrations/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 common/static/common/img/RR_logo.svg,sha256=DjbNHUHWrYkyuefTsg3uSHFI9-kVHBndpaeznfPPcTw,557149
 common/static/common/img/brain.svg,sha256=689wY5b7E40oKlGumLoHBRpV5z6zCcCp0sGrxjXToXU,16332
@@ -87,10 +90,10 @@ common/tests/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuF
 common/tests/utils/classes.py,sha256=ZA2pp9Pyx3rwi0VFwtuUA2Pys9xQJ-L_zE0u2tpwEH4,1094
 common/tests/utils/email.py,sha256=RljsVjIob4Uqi3O5YhP2ifqfc4cMcdP4Gv0EaL-sHXo,1780
 common/tests/utils/organisation.py,sha256=vNgKFtU3VPcWRnZfh82yCS90PLAK1XTYJNIxGwfgUI4,966
-common/tests/utils/student.py,sha256=PLd980iSlxmMoB8J3C2pVjNC5xHdVxfAkJXzhv_dRhg,3814
-common/tests/utils/teacher.py,sha256=bJAYLzZdksCIHNxUJJYGZNLHj-axYro4pd3_sXvXbno,2625
+common/tests/utils/student.py,sha256=GYOyd2VH6QXjjLzjCh4hpT86U5si2URlJJWZwlCVLrU,3846
+common/tests/utils/teacher.py,sha256=KQ_NAl4yQqiX_zwcULQjkovc29JPhnkLR5Nk3Ljzbpg,2661
 common/tests/utils/user.py,sha256=NvLzZLVP4jy5Hn1iztOYF_BTQ9WsbSmuWMEzGzhAsRU,919
-cfl_common-7.4.3.dist-info/METADATA,sha256=N06HG7Ihe70MKhpKcv7F0VgbVV8HnQghxV7EjYNMzBo,400
-cfl_common-7.4.3.dist-info/WHEEL,sha256=UvcQYKBHoFqaQd6LKyqHw9fxEolWLQnlzP0h_LgJAfI,91
-cfl_common-7.4.3.dist-info/top_level.txt,sha256=LOtYx8KZTmnxM_zLK4rwrcI3PRc40Ihwp5rgaQ-ceaI,7
-cfl_common-7.4.3.dist-info/RECORD,,
+cfl_common-8.9.15.dist-info/METADATA,sha256=T3AlBNWQDjp7QKxJHCviAKmbqjc5uclhdg0b9XF32Wk,2486
+cfl_common-8.9.15.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+cfl_common-8.9.15.dist-info/top_level.txt,sha256=LOtYx8KZTmnxM_zLK4rwrcI3PRc40Ihwp5rgaQ-ceaI,7
+cfl_common-8.9.15.dist-info/RECORD,,

{cfl_common-7.4.3.dist-info → cfl_common-8.9.15.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (74.0.0)
+Generator: setuptools (80.9.0)
 Root-Is-Purelib: true
 Tag: py3-none-any
 

common/app_settings.py

@@ -44,6 +44,9 @@ DOTMAILER_SEND_CAMPAIGN_URL = getattr(settings, "DOTMAILER_SEND_CAMPAIGN_URL", "
 # ID of the "Thanks for staying!" campaign in Dotmailer
 DOTMAILER_THANKS_FOR_STAYING_CAMPAIGN_ID = getattr(settings, "DOTMAILER_THANKS_FOR_STAYING_CAMPAIGN_ID", "")
 
+# Fernet encryption for OAuth2 sign in
+ENCRYPTION_KEY = getattr(settings, "ENCRYPTION_KEY", "")
+
 # The name of the google app engine service the application is running on, local otherwise
 MODULE_NAME = getattr(settings, "MODULE_NAME", "local")
 
@@ -51,12 +54,15 @@ MODULE_NAME = getattr(settings, "MODULE_NAME", "local")
 COOKIE_MANAGEMENT_ENABLED = getattr(settings, "COOKIE_MANAGEMENT_ENABLED", True)
 
 
-def domain():
+def domain(request=None):
     """Returns the full domain depending on whether it's local, dev, staging or prod."""
+    if hasattr(settings, "SERVICE_BASE_URL"):
+        return getattr(settings, "SERVICE_BASE_URL")
+
     domain = "https://www.codeforlife.education"
 
     if MODULE_NAME == "local":
-        domain = "localhost:8000"
+        domain = f"http://{request.get_host()}" if request is not None else "localhost:8000"
     elif MODULE_NAME == "staging" or MODULE_NAME == "dev":
         domain = f"https://{MODULE_NAME}-dot-decent-digit-629.appspot.com"
 

common/csp_config.py

@@ -29,7 +29,6 @@ CSP_SCRIPT_SRC = (
     "https://cdn-ukwest.onetrust.com/",
     "https://code.iconify.design/2/2.0.3/iconify.min.js",
     "https://www.googletagmanager.com/",
-    "https://cdn.mouseflow.com/",
     "https://www.recaptcha.net/",
     "https://www.google.com/recaptcha/",
     "https://www.gstatic.com/recaptcha/",
@@ -50,7 +49,8 @@ CSP_STYLE_SRC = (
 )
 CSP_FRAME_SRC = (
     "https://storage.googleapis.com/",
-    "https://www.youtube-nocookie.com/",
+    "https://2662351606-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/",
+    "https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/",
     "https://www.recaptcha.net/",
     "https://www.google.com/recaptcha/",
     "https://crowdin.com/",
@@ -78,4 +78,8 @@ CSP_IMG_SRC = (
     f"{domain()}/static/icons/",
 )
 CSP_OBJECT_SRC = (f"{domain()}/static/common/img/", f"{domain()}/static/game/image/")
-CSP_MEDIA_SRC = (f"{domain()}/static/game/sound/", f"{domain()}/static/game/js/blockly/media/")
+CSP_MEDIA_SRC = (
+    "https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/",
+    f"{domain()}/static/game/sound/",
+    f"{domain()}/static/game/js/blockly/media/",
+)

common/helpers/emails.py

@@ -20,15 +20,9 @@ from django.utils import timezone
 from requests import delete, get, post, put
 from requests.exceptions import RequestException
 
-NOTIFICATION_EMAIL = (
-    "Code For Life Notification <" + app_settings.EMAIL_ADDRESS + ">"
-)
-VERIFICATION_EMAIL = (
-    "Code For Life Verification <" + app_settings.EMAIL_ADDRESS + ">"
-)
-PASSWORD_RESET_EMAIL = (
-    "Code For Life Password Reset <" + app_settings.EMAIL_ADDRESS + ">"
-)
+NOTIFICATION_EMAIL = "Code For Life Notification <" + app_settings.EMAIL_ADDRESS + ">"
+VERIFICATION_EMAIL = "Code For Life Verification <" + app_settings.EMAIL_ADDRESS + ">"
+PASSWORD_RESET_EMAIL = "Code For Life Password Reset <" + app_settings.EMAIL_ADDRESS + ">"
 INVITE_FROM = "Code For Life Invitation <" + app_settings.EMAIL_ADDRESS + ">"
 
 
@@ -52,9 +46,7 @@ def generate_token_for_email(email: str, new_email: str = ""):
             "email": email,
             "new_email": new_email,
             "email_verification_token": uuid4().hex[:30],
-            "expires": (
-                timezone.now() + datetime.timedelta(hours=1)
-            ).timestamp(),
+            "expires": (timezone.now() + datetime.timedelta(hours=1)).timestamp(),
         },
         settings.SECRET_KEY,
         algorithm="HS256",
@@ -87,9 +79,7 @@ def send_email(
     )
 
 
-def send_verification_email(
-    request, user, data, new_email=None, age=None, school=None
-):
+def send_verification_email(request, user, data, new_email=None, age=None, school=None):
     """
     Sends emails relating to email address verification.
 
@@ -119,7 +109,7 @@ def send_verification_email(
         if age is None:
             # if the user is a released student
             if hasattr(user, "new_student") and school is not None:
-                url = f"{request.build_absolute_uri(reverse('verify_email', kwargs={'token': verification}))}"
+                url = f"{app_settings.domain(request)}{reverse('verify_email', kwargs={'token': verification})}"
 
                 send_dotdigital_email(
                     campaign_ids["verify_released_student"],
@@ -130,7 +120,7 @@ def send_verification_email(
                     },
                 )
             else:
-                url = f"{request.build_absolute_uri(reverse('verify_email', kwargs={'token': verification}))}"
+                url = f"{app_settings.domain(request)}{reverse('verify_email', kwargs={'token': verification})}"
 
                 send_dotdigital_email(
                     campaign_ids["verify_new_user"],
@@ -149,7 +139,7 @@ def send_verification_email(
         # if the user is an independent student
         else:
             if age < 13:
-                url = f"{request.build_absolute_uri(reverse('verify_email', kwargs={'token': verification}))}"
+                url = f"{app_settings.domain(request)}{reverse('verify_email', kwargs={'token': verification})}"
                 send_dotdigital_email(
                     campaign_ids["verify_new_user_via_parent"],
                     [user.email],
@@ -159,7 +149,7 @@ def send_verification_email(
                     },
                 )
             else:
-                url = f"{request.build_absolute_uri(reverse('verify_email', kwargs={'token': verification}))}"
+                url = f"{app_settings.domain(request)}{reverse('verify_email', kwargs={'token': verification})}"
                 send_dotdigital_email(
                     campaign_ids["verify_new_user"],
                     [user.email],
@@ -177,7 +167,7 @@ def send_verification_email(
     # verifying change of email address.
     else:
         verification = generate_token(user, new_email)
-        url = f"{request.build_absolute_uri(reverse('verify_email', kwargs={'token': verification}))}"
+        url = f"{app_settings.domain(request)}{reverse('verify_email', kwargs={'token': verification})}"
         send_dotdigital_email(
             campaign_ids["email_change_verification"],
             [new_email],
@@ -194,9 +184,7 @@ def add_to_dotmailer(
 ):
     try:
         create_contact(first_name, last_name, email)
-        add_contact_to_address_book(
-            first_name, last_name, email, address_book_id, user_type
-        )
+        add_contact_to_address_book(first_name, last_name, email, address_book_id, user_type)
     except RequestException:
         return HttpResponse(status=404)
 
@@ -261,18 +249,12 @@ def add_contact_to_address_book(
     )
 
     if user_type is not None:
-        specific_address_book_url = (
-            app_settings.DOTMAILER_NO_ACCOUNT_ADDRESS_BOOK_URL
-        )
+        specific_address_book_url = app_settings.DOTMAILER_NO_ACCOUNT_ADDRESS_BOOK_URL
 
         if user_type == DotmailerUserType.TEACHER:
-            specific_address_book_url = (
-                app_settings.DOTMAILER_TEACHER_ADDRESS_BOOK_URL
-            )
+            specific_address_book_url = app_settings.DOTMAILER_TEACHER_ADDRESS_BOOK_URL
         elif user_type == DotmailerUserType.STUDENT:
-            specific_address_book_url = (
-                app_settings.DOTMAILER_STUDENT_ADDRESS_BOOK_URL
-            )
+            specific_address_book_url = app_settings.DOTMAILER_STUDENT_ADDRESS_BOOK_URL
 
         post(
             specific_address_book_url,
@@ -286,9 +268,7 @@ def delete_contact(email: str):
         user = get_dotmailer_user_by_email(email)
         user_id = user.get("id")
         if user_id:
-            url = app_settings.DOTMAILER_DELETE_USER_BY_ID_URL.replace(
-                "ID", str(user_id)
-            )
+            url = app_settings.DOTMAILER_DELETE_USER_BY_ID_URL.replace("ID", str(user_id))
             delete(
                 url,
                 auth=(
@@ -303,9 +283,7 @@ def delete_contact(email: str):
 def get_dotmailer_user_by_email(email):
     url = app_settings.DOTMAILER_GET_USER_BY_EMAIL_URL.replace("EMAIL", email)
 
-    response = get(
-        url, auth=(app_settings.DOTMAILER_USER, app_settings.DOTMAILER_PASSWORD)
-    )
+    response = get(url, auth=(app_settings.DOTMAILER_USER, app_settings.DOTMAILER_PASSWORD))
 
     return json.loads(response.content)
 
@@ -313,9 +291,7 @@ def get_dotmailer_user_by_email(email):
 def add_consent_record_to_dotmailer_user(user):
     consent_date_time = datetime.datetime.now().__str__()
 
-    url = app_settings.DOTMAILER_PUT_CONSENT_DATA_URL.replace(
-        "USER_ID", str(user["id"])
-    )
+    url = app_settings.DOTMAILER_PUT_CONSENT_DATA_URL.replace("USER_ID", str(user["id"]))
     body = {
         "contact": {
             "email": user["email"],
@@ -323,13 +299,7 @@ def add_consent_record_to_dotmailer_user(user):
             "emailType": user["emailType"],
             "dataFields": user["dataFields"],
         },
-        "consentFields": [
-            {
-                "fields": [
-                    {"key": "DATETIMECONSENTED", "value": consent_date_time}
-                ]
-            }
-        ],
+        "consentFields": [{"fields": [{"key": "DATETIMECONSENTED", "value": consent_date_time}]}],
     }
 
     put(

common/migrations/0056_set_non_school_teachers_as_non_admins.py

@@ -0,0 +1,25 @@
+from django.apps.registry import Apps
+from django.db import migrations
+
+
+def set_non_school_teachers_as_non_admins(apps: Apps, *args):
+    Teacher = apps.get_model("common", "Teacher")
+
+    Teacher.objects.filter(
+        is_admin=True,
+        school__isnull=True,
+    ).update(is_admin=False)
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("common", "0055_alter_schoolteacherinvitation_token"),
+    ]
+
+    operations = [
+        migrations.RunPython(
+            code=set_non_school_teachers_as_non_admins,
+            reverse_code=migrations.RunPython.noop,
+        ),
+    ]

common/migrations/0057_teacher_teacher__is_admin.py

@@ -0,0 +1,19 @@
+# Generated by Django 4.2.17 on 2025-01-13 17:34
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("common", "0056_set_non_school_teachers_as_non_admins"),
+    ]
+
+    operations = [
+        migrations.AddConstraint(
+            model_name="teacher",
+            constraint=models.CheckConstraint(
+                check=models.Q(("is_admin", True), ("school__isnull", True), _negated=True), name="teacher__is_admin"
+            ),
+        ),
+    ]

common/migrations/0058_userprofile_google_refresh_token_and_more.py

@@ -0,0 +1,24 @@
+# Generated by Django 5.1.10 on 2025-08-12 12:51
+
+import common.models
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("common", "0057_teacher_teacher__is_admin"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="userprofile",
+            name="google_refresh_token",
+            field=common.models.EncryptedCharField(blank=True, max_length=1004, null=True),
+        ),
+        migrations.AddField(
+            model_name="userprofile",
+            name="google_sub",
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+    ]

common/models.py

@@ -1,12 +1,77 @@
 import re
+import typing as t
 from datetime import timedelta
 from uuid import uuid4
 
+from cryptography.fernet import Fernet
+from django.conf import settings
 from django.contrib.auth.models import User
 from django.db import models
 from django.utils import timezone
 from django_countries.fields import CountryField
 
+if t.TYPE_CHECKING:
+    from django.db.models import ManyToManyField
+    from game.models import Worksheet
+
+
+class EncryptedCharField(models.CharField):
+    """
+    A custom CharField that encrypts data before saving and decrypts it when
+    retrieved.
+    """
+
+    _fernet = Fernet(settings.ENCRYPTION_KEY)
+    _prefix = "ENC:"
+
+    # pylint: disable-next=unused-argument
+    def from_db_value(self, value: t.Optional[str], expression, connection):
+        """
+        Converts a value as returned by the database to a Python object. It is
+        the reverse of get_prep_value().
+
+        https://docs.djangoproject.com/en/5.1/howto/custom-model-fields/#converting-values-to-python-objects
+        """
+        if isinstance(value, str):
+            return self.decrypt_value(value)
+        return value
+
+    def to_python(self, value: t.Optional[str]):
+        """
+        Converts the value into the correct Python object. It acts as the
+        reverse of value_to_string(), and is also called in clean().
+
+        https://docs.djangoproject.com/en/5.1/howto/custom-model-fields/#converting-values-to-python-objects
+        """
+        if isinstance(value, str):
+            return self.decrypt_value(value)
+        return value
+
+    def get_prep_value(self, value: t.Optional[str]):
+        """
+        'value' is the current value of the model's attribute, and the method
+        should return data in a format that has been prepared for use as a
+        parameter in a query.
+
+        https://docs.djangoproject.com/en/5.1/howto/custom-model-fields/#converting-python-objects-to-query-values
+        """
+        if isinstance(value, str):
+            return self.encrypt_value(value)
+        return value
+
+    def encrypt_value(self, value: str):
+        """Encrypt the value if it's not encrypted."""
+        if not value.startswith(self._prefix):
+            return self._prefix + self._fernet.encrypt(value.encode()).decode()
+        return value
+
+    def decrypt_value(self, value: str):
+        """Decrpyt the value if it's encrypted.."""
+        if value.startswith(self._prefix):
+            value = value[len(self._prefix) :]
+            return self._fernet.decrypt(value).decode()
+        return value
+
 
 class UserProfile(models.Model):
     user = models.OneToOneField(User, on_delete=models.CASCADE)
@@ -27,6 +92,12 @@ class UserProfile(models.Model):
     username = models.CharField(max_length=200, null=True, blank=True)
     _username = models.BinaryField(null=True, blank=True)
 
+    # Google.
+    google_refresh_token = EncryptedCharField(
+        max_length=1000 + len(EncryptedCharField._prefix), null=True, blank=True
+    )
+    google_sub = models.CharField(max_length=255, null=True, blank=True)
+
     def __str__(self):
         return f"{self.user.first_name} {self.user.last_name}"
 
@@ -36,6 +107,9 @@ class UserProfile(models.Model):
 
 
 class SchoolModelManager(models.Manager):
+    def get_original_queryset(self):
+        return super().get_queryset()
+
     # Filter out inactive schools by default
     def get_queryset(self):
         return super().get_queryset().filter(is_active=True)
@@ -94,6 +168,9 @@ class TeacherModelManager(models.Manager):
 
         return Teacher.objects.create(user=user_profile, new_user=user)
 
+    def get_original_queryset(self):
+        return super().get_queryset()
+
     # Filter out non active teachers by default
     def get_queryset(self):
         return super().get_queryset().filter(new_user__is_active=True)
@@ -127,6 +204,17 @@ class Teacher(models.Model):
 
     objects = TeacherModelManager()
 
+    class Meta:
+        constraints = [
+            models.CheckConstraint(
+                check=~models.Q(
+                    school__isnull=True,
+                    is_admin=True,
+                ),
+                name="teacher__is_admin",
+            )
+        ]
+
     def teaches(self, userprofile):
         if hasattr(userprofile, "student"):
             student = userprofile.student
@@ -146,6 +234,9 @@ class Teacher(models.Model):
 
 
 class SchoolTeacherInvitationModelManager(models.Manager):
+    def get_original_queryset(self):
+        return super().get_queryset()
+
     # Filter out inactive invitations by default
     def get_queryset(self):
         return super().get_queryset().filter(is_active=True)
@@ -216,12 +307,17 @@ class ClassModelManager(models.Manager):
             members.extend(c.students.all())
         return members
 
+    def get_original_queryset(self):
+        return super().get_queryset()
+
     # Filter out non active classes by default
     def get_queryset(self):
         return super().get_queryset().filter(is_active=True)
 
 
 class Class(models.Model):
+    locked_worksheets: "ManyToManyField[Worksheet]"
+
     name = models.CharField(max_length=200)
     teacher = models.ForeignKey(
         Teacher, related_name="class_teacher", on_delete=models.CASCADE

common/tests/utils/student.py

@@ -91,7 +91,7 @@ def generate_independent_student_details():
     name = "Independent Student %d" % generate_independent_student_details.next_id
     email_address = "student%d@codeforlife.com" % generate_independent_student_details.next_id
     username = email_address
-    password = "$RFVBGT%^YHNmju7"
+    password = "$RFVBGT%^YHNmju7$RFVBGT%^YHNmju7$RFVBGT%^YHNmju7"
 
     generate_independent_student_details.next_id += 1
 

common/tests/utils/teacher.py

@@ -13,7 +13,7 @@ def generate_details(**kwargs):
     first_name = kwargs.get("first_name", "Test")
     last_name = kwargs.get("last_name", f"Teacher {random_int}")
     email_address = kwargs.get("email_address", f"testteacher{random_int}@codeforlife.com")
-    password = kwargs.get("password", "$RFVBGT%6yhn")
+    password = kwargs.get("password", "$RFVBGT%6yhn$RFVBGT%6yhn$RFVBGT%6yhn$RFVBGT%6yhn")
 
     return first_name, last_name, email_address, password
 

cfl_common-7.4.3.dist-info/METADATA

@@ -1,13 +0,0 @@
-Metadata-Version: 2.1
-Name: cfl-common
-Version: 7.4.3
-Classifier: Programming Language :: Python :: 3
-Classifier: Operating System :: OS Independent
-Requires-Dist: django==3.2.25
-Requires-Dist: djangorestframework==3.13.1
-Requires-Dist: django-two-factor-auth==1.13.2
-Requires-Dist: django-countries==7.3.1
-Requires-Dist: pyjwt==2.6.0
-Requires-Dist: pgeocode==0.4.0
-
-Common package for Code for Life