Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[7776] django upgrade to 4.2 (LTS) #1504

Merged
merged 9 commits into from
Dec 4, 2023
Merged

[7776] django upgrade to 4.2 (LTS) #1504

merged 9 commits into from
Dec 4, 2023

Conversation

m4ra
Copy link
Contributor

@m4ra m4ra commented Nov 7, 2023
edited
Loading

NOT merge until the other repos are ready

Django 4 has dropped support for sha1 hashes. The deprecation warning was there before Django v3.
From the release notes:

  • Support for the pre-Django 3.1 password reset tokens in the admin site (that use the SHA-1 hashing algorithm) will be removed.
  • Support for the pre-Django 3.1 django.core.signing.Signer signatures (encoded with the SHA-1 algorithm) will be removed.
  • Support for the pre-Django 3.1 django.core.signing.dumps() signatures (encoded with the SHA-1 algorithm) in django.core.signing.loads() will be removed.
  • Support for the pre-Django 3.1 user sessions (that use the SHA-1 algorithm) will be removed.

@goapunk will that affect existing passwords? or was it dealt previously while upgrading to 3.2? Cannot find if this is dealt by Django itself.
See transitional notes here, though is about updating multiple instances of same project.

Notes:
DONE: need to update django-allauth for 4.2

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 7, 2023
edited
Loading

Coverage report

Total coverage

Status Category Percentage Covered / Total
🔴 Statements 12.85% 141/1097
🔴 Branches 14.86% 103/693
🔴 Functions 12.57% 44/350
🔴 Lines 20.58% 725/3523

Status of coverage: 🟢 - ok, 🟡 - slightly more than threshold, 🔴 - under the threshold

Report generated by 🧪jest coverage report action from ec5c807

@m4ra m4ra force-pushed the mk-2023-11-django-upgrade-4.2 branch from fd5a4f2 to dbe2d4e Compare November 8, 2023 08:47
@goapunk
Copy link
Contributor

goapunk commented Nov 8, 2023
edited
Loading

Django 4 has dropped support for sha1 hashes. The deprecation warning was there before Django v3. From the release notes:

* Support for the pre-Django 3.1 password reset tokens in the admin site (that use the SHA-1 hashing algorithm) will be removed.

* Support for the pre-Django 3.1 django.core.signing.Signer signatures (encoded with the SHA-1 algorithm) will be removed.

* Support for the pre-Django 3.1 django.core.signing.dumps() signatures (encoded with the SHA-1 algorithm) in django.core.signing.loads() will be removed.

* Support for the pre-Django 3.1 user sessions (that use the SHA-1 algorithm) will be removed.

@goapunk will that affect existing passwords? or was it dealt previously while upgrading to 3.2? Cannot find if this is dealt by Django itself. See transitional notes here, though is about updating multiple instances of same project.

Notes: need to update django-allauth for 4.2

I'm not entirely sure, but worst case the very few affected users would have to request a new password via forgot password. So I think that's ok. I also vaguely remember checking for passwords with old hashes in the db and didn't find any.

@m4ra m4ra force-pushed the mk-2023-11-django-upgrade-4.2 branch from 29c6520 to 1aa189f Compare November 8, 2023 16:11
@m4ra m4ra requested review from goapunk, philli-m and hom3mad3 November 8, 2023 16:12
goapunk
goapunk requested changes Nov 27, 2023
View reviewed changes
Copy link
Contributor

@goapunk goapunk left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@m4ra there are some instances of index_together which should be replaced with indexes as described here: https://docs.djangoproject.com/en/4.2/releases/4.2/#index-together-option-is-deprecated-in-favor-of-indexes

@m4ra m4ra force-pushed the mk-2023-11-django-upgrade-4.2 branch 3 times, most recently from 28a41d5 to 384f584 Compare November 27, 2023 12:58
@m4ra m4ra requested a review from goapunk November 27, 2023 13:08
@m4ra
Copy link
Contributor Author

m4ra commented Nov 27, 2023

@m4ra there are some instances of index_together which should be replaced with indexes as described here: https://docs.djangoproject.com/en/4.2/releases/4.2/#index-together-option-is-deprecated-in-favor-of-indexes
@goapunk done, and rebased. Please have another look.

goapunk
goapunk approved these changes Nov 27, 2023
View reviewed changes
Copy link
Contributor

@goapunk goapunk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! One thing I missed previously, sorry: (but we can also fix this in a different PR). In tests/project/settings.py we can now also remove the USE_L10N option and get rid of the warning.

@m4ra m4ra changed the title WIP [7776] django upgrade to 4.2 (LTS) [7776] django upgrade to 4.2 (LTS) Nov 27, 2023
@m4ra m4ra force-pushed the mk-2023-11-django-upgrade-4.2 branch from 384f584 to 2c77b8c Compare November 27, 2023 14:58
m4ra
m4ra commented Nov 28, 2023
View reviewed changes
adhocracy4/modules/models.py
@@ -95,7 +93,7 @@ class Module(models.Model):

objects = ModulesQuerySet.as_manager()

blueprint_type = BlueprintTypeField(
blueprint_type = models.CharField(
max_length=255,
blank=True,
)
Copy link
Contributor Author

@m4ra m4ra Nov 28, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

then we delete the fields.py with the custom BlueprintType?
Also the new migration cancels the 0008. If we remove 0008, it won't generate 0009 here
@goapunk

@m4ra m4ra force-pushed the mk-2023-11-django-upgrade-4.2 branch 2 times, most recently from 8e2b873 to 59fb1f8 Compare November 29, 2023 17:59
@m4ra m4ra requested a review from goapunk November 29, 2023 18:11
@m4ra m4ra force-pushed the mk-2023-11-django-upgrade-4.2 branch from 59fb1f8 to 0735f13 Compare November 29, 2023 18:18
goapunk
goapunk reviewed Nov 30, 2023
View reviewed changes
Makefile Outdated
@@ -45,15 +45,11 @@ lint:
$(VIRTUAL_ENV)/bin/isort --diff -c $(SOURCE_DIRS) || EXIT_STATUS=$$?; \
$(VIRTUAL_ENV)/bin/flake8 $(SOURCE_DIRS) --exclude migrations,settings || EXIT_STATUS=$$?; \
npm run lint || EXIT_STATUS=$$?; \
$(VIRTUAL_ENV)/bin/python manage.py makemigrations --dry-run --check --noinput || EXIT_STATUS=$$?; \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we don't need to remove these anymore, right?

goapunk
goapunk reviewed Nov 30, 2023
View reviewed changes
adhocracy4/categories/form_fields.py

from adhocracy4.categories import get_category_icon_url


class CategoryIconDict(abc.Mapping):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not really sure why this was needed so I removed it, I think we should point out to testers to verify everything still works as intended with the icons

goapunk
goapunk reviewed Nov 30, 2023
View reviewed changes
adhocracy4/projects/migrations/0043_migrate_topics_to_m2m_topics.py
for topic_code in project.topics:
project.m2mtopics.create(
code=topic_code,
name=[item[1] for item in topicsenum if item[0] == topic_code][0],
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

topicsenum -> topicenum

@m4ra m4ra force-pushed the mk-2023-11-django-upgrade-4.2 branch from 90b1927 to e7313f9 Compare December 4, 2023 12:22
@m4ra m4ra requested a review from goapunk December 4, 2023 12:36
goapunk
goapunk requested changes Dec 4, 2023
View reviewed changes
Copy link
Contributor

@goapunk goapunk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, we only need changelogs for the latest changes (topics, categories?, blueprint_types?) and maybe some of my commits should be squashed

@m4ra m4ra force-pushed the mk-2023-11-django-upgrade-4.2 branch from e7313f9 to ec5c807 Compare December 4, 2023 15:43
@m4ra m4ra requested a review from goapunk December 4, 2023 15:44
@m4ra
Copy link
Contributor Author

m4ra commented Dec 4, 2023

Looks good to me, we only need changelogs for the latest changes (topics, categories?, blueprint_types?) and maybe some of my commits should be squashed

@goapunk done, have another look please.
FYI I kept the models changes related to choices in separate commits in case we need to revert.

goapunk
goapunk approved these changes Dec 4, 2023
View reviewed changes
Copy link
Contributor

@goapunk goapunk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

really nice!

@goapunk goapunk merged commit b3d2580 into main Dec 4, 2023
2 of 3 checks passed
@goapunk goapunk deleted the mk-2023-11-django-upgrade-4.2 branch December 4, 2023 16:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@goapunk goapunk goapunk approved these changes

@philli-m philli-m Awaiting requested review from philli-m

@hom3mad3 hom3mad3 Awaiting requested review from hom3mad3

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@m4ra @goapunk