Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Bootstrapped Django 5.0. #16432

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 35 commits into from
Jan 17, 2023
+979 −5,297
Merged

Bootstrapped Django 5.0. #16432

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
35 commits
Select commit Hold shift + click to select a range
a56dc90
Bumped version; master is now 5.0 pre-alpha.
felixxm Jan 6, 2023
f0cfdc0
Added stub release notes for 5.0.
felixxm Jan 6, 2023
6dce22b
Removed versionadded/changed annotations for 4.1.
felixxm Jan 6, 2023
b8448e9
Refs #32446 -- Removed SERIALIZE test database setting per deprecatio…
felixxm Jan 6, 2023
51c857b
Refs #32712 -- Removed django.utils.baseconv module per deprecation t…
felixxm Jan 6, 2023
e2b1478
Refs #32738 -- Removed django.utils.datetime_safe module per deprecat…
felixxm Jan 6, 2023
0036c04
Refs #32379 -- Changed default USE_TZ to True.
felixxm Jan 6, 2023
6f6c482
Refs #32375 -- Changed default sitemap protocol to https.
felixxm Jan 6, 2023
4e8311b
Refs #32655 -- Removed extra_tests argument for DiscoverRunner.build_…
felixxm Jan 6, 2023
9313fc1
Refs #10929 -- Stopped forcing empty result value by PostgreSQL aggre…
felixxm Jan 6, 2023
efa39c1
Refs #32873 -- Removed settings.USE_L10N per deprecation timeline.
felixxm Jan 6, 2023
75db618
Refs #32365 -- Removed support for pytz timezones per deprecation tim…
felixxm Jan 9, 2023
8d77225
Refs #32365 -- Removed is_dst argument for various methods and functi…
felixxm Jan 9, 2023
41ac74f
Refs #27674 -- Removed GeoModelAdmin and OSMGeoAdmin per deprecation …
felixxm Jan 10, 2023
db9a0c3
Refs #31026 -- Removed BaseForm._html_output() per deprecation timeline.
felixxm Jan 10, 2023
94bbb46
Refs #31026 -- Removed ability to return string when rendering ErrorD…
felixxm Jan 11, 2023
2013a15
Refs #25916 -- Removed SitemapIndexItem.__str__() per deprecation tim…
felixxm Jan 12, 2023
af29139
Refs #32800 -- Removed CSRF_COOKIE_MASKED transitional setting per de…
felixxm Jan 12, 2023
6eb714d
Refs #30127 -- Removed name argument for django.utils.functional.cach…
felixxm Jan 12, 2023
df743c9
Refs #33342 -- Removed ExclusionConstraint.opclasses per deprecation …
felixxm Jan 12, 2023
24e0416
Refs #33348 -- Removed support for passing errors=None to SimpleTestC…
felixxm Jan 12, 2023
5a0e5d5
Refs #29708 -- Removed PickleSerializer per deprecation timeline.
felixxm Jan 12, 2023
2e4d188
Refs #29984 -- Made QuerySet.iterator() without chunk_size raise Valu…
felixxm Jan 12, 2023
b76f446
Refs #31486 -- Removed ability to pass unsaved model instances to rel…
felixxm Jan 12, 2023
2e1aec2
Refs #33561 -- Made created=True required in signature of RemoteUserB…
felixxm Jan 13, 2023
6c57c08
Refs #15619 -- Removed support for logging out via GET requests.
felixxm Jan 13, 2023
8e98dac
Refs #32365 -- Removed django.utils.timezone.utc per deprecation time…
felixxm Jan 13, 2023
6840b6f
Refs #33348 -- Removed support for passing response object and form/f…
felixxm Jan 13, 2023
eaaa6d6
Refs #27674 -- Removed django.contrib.gis.admin.OpenLayersWidget per …
felixxm Jan 13, 2023
fd5af39
Refs #33691 -- Removed django.contrib.auth.hashers.CryptPasswordHashe…
felixxm Jan 13, 2023
b602ea6
Refs #32339 -- Changed default form and formset rendering style to di…
felixxm Jan 13, 2023
03589bd
Refs #33543 -- Made Expression.asc()/desc() and OrderBy raise ValueEr…
felixxm Jan 13, 2023
0996fb9
Refs #33263 -- Removed warning in BaseDeleteView when delete() method…
felixxm Jan 13, 2023
56947bc
Advanced deprecation warnings for Django 5.0.
felixxm Jan 13, 2023
ee83fae
Increased the default PBKDF2 iterations for Django 5.0.
felixxm Jan 13, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Refs #32800 -- Removed CSRF_COOKIE_MASKED transitional setting per de… 
…precation timeline.
  • Loading branch information
@felixxm
felixxm committed Jan 17, 2023
commit af29139a554546a4e75a06ad3fc30eef54dfad0c
13 changes: 1 addition & 12 deletions django/conf/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,19 +16,13 @@
import django
from django.conf import global_settings
from django.core.exceptions import ImproperlyConfigured
from django.utils.deprecation import RemovedInDjango50Warning, RemovedInDjango51Warning
from django.utils.deprecation import RemovedInDjango51Warning
from django.utils.functional import LazyObject, empty

ENVIRONMENT_VARIABLE = "DJANGO_SETTINGS_MODULE"
DEFAULT_STORAGE_ALIAS = "default"
STATICFILES_STORAGE_ALIAS = "staticfiles"

# RemovedInDjango50Warning
CSRF_COOKIE_MASKED_DEPRECATED_MSG = (
"The CSRF_COOKIE_MASKED transitional setting is deprecated. Support for "
"it will be removed in Django 5.0."
)

DEFAULT_FILE_STORAGE_DEPRECATED_MSG = (
"The DEFAULT_FILE_STORAGE setting is deprecated. Use STORAGES instead."
)
Expand Down Expand Up @@ -211,9 +205,6 @@ def __init__(self, settings_module):
setattr(self, setting, setting_value)
self._explicit_settings.add(setting)

if self.is_overridden("CSRF_COOKIE_MASKED"):
warnings.warn(CSRF_COOKIE_MASKED_DEPRECATED_MSG, RemovedInDjango50Warning)

if hasattr(time, "tzset") and self.TIME_ZONE:
# When we can, attempt to validate the timezone. If we can't find
# this file, no check happens and it's harmless.
Expand Down Expand Up @@ -272,8 +263,6 @@ def __getattr__(self, name):

def __setattr__(self, name, value):
self._deleted.discard(name)
if name == "CSRF_COOKIE_MASKED":
warnings.warn(CSRF_COOKIE_MASKED_DEPRECATED_MSG, RemovedInDjango50Warning)
if name == "DEFAULT_FILE_STORAGE":
self.STORAGES[DEFAULT_STORAGE_ALIAS] = {
"BACKEND": self.DEFAULT_FILE_STORAGE
Expand Down
4 changes: 0 additions & 4 deletions django/conf/global_settings.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -568,10 +568,6 @@ def gettext_noop(s):
CSRF_TRUSTED_ORIGINS = []
CSRF_USE_SESSIONS = False

# Whether to mask CSRF cookie value. It's a transitional setting helpful in
# migrating multiple instance of the same project to Django 4.1+.
CSRF_COOKIE_MASKED = False

############
# MESSAGES #
############
Expand Down
8 changes: 1 addition & 7 deletions django/middleware/csrf.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,13 +85,7 @@ def _add_new_csrf_cookie(request):
csrf_secret = _get_new_csrf_string()
request.META.update(
{
# RemovedInDjango50Warning: when the deprecation ends, replace
# with: 'CSRF_COOKIE': csrf_secret
"CSRF_COOKIE": (
_mask_cipher_secret(csrf_secret)
if settings.CSRF_COOKIE_MASKED
else csrf_secret
),
"CSRF_COOKIE": csrf_secret,
"CSRF_COOKIE_NEEDS_UPDATE": True,
}
)
Expand Down
14 changes: 0 additions & 14 deletions docs/ref/settings.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -343,20 +343,6 @@ form input <acquiring-csrf-token-from-html>` instead of :ref:`from the cookie

See :setting:`SESSION_COOKIE_HTTPONLY` for details on ``HttpOnly``.

.. setting:: CSRF_COOKIE_MASKED

``CSRF_COOKIE_MASKED``
----------------------

Default: ``False``

Whether to mask the CSRF cookie. See
:ref:`release notes <csrf-cookie-masked-usage>` for usage details.

.. deprecated:: 4.1

This transitional setting is deprecated and will be removed in Django 5.0.

.. setting:: CSRF_COOKIE_NAME

``CSRF_COOKIE_NAME``
Expand Down
11 changes: 5 additions & 6 deletions docs/releases/4.1.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,16 +98,15 @@ See :ref:`the Forms section (below)<forms-4.1>` for full details.
``CSRF_COOKIE_MASKED`` setting
------------------------------

The new :setting:`CSRF_COOKIE_MASKED` transitional setting allows specifying
whether to mask the CSRF cookie.
The new ``CSRF_COOKIE_MASKED`` transitional setting allows specifying whether
to mask the CSRF cookie.

:class:`~django.middleware.csrf.CsrfViewMiddleware` no longer masks the CSRF
cookie like it does the CSRF token in the DOM. If you are upgrading multiple
instances of the same project to Django 4.1, you should set
:setting:`CSRF_COOKIE_MASKED` to ``True`` during the transition, in
order to allow compatibility with the older versions of Django. Once the
transition to 4.1 is complete you can stop overriding
:setting:`CSRF_COOKIE_MASKED`.
``CSRF_COOKIE_MASKED`` to ``True`` during the transition, in order to allow
compatibility with the older versions of Django. Once the transition to 4.1 is
complete you can stop overriding ``CSRF_COOKIE_MASKED``.

This setting is deprecated as of this release and will be removed in Django
5.0.
Expand Down
2 changes: 2 additions & 0 deletions docs/releases/5.0.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -306,3 +306,5 @@ See :ref:`deprecated-features-4.1` for details on these changes, including how
to remove usage of these features.

* The ``SitemapIndexItem.__str__()`` method is removed.

* The ``CSRF_COOKIE_MASKED`` transitional setting is removed.
30 changes: 0 additions & 30 deletions tests/csrf_tests/tests.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,6 @@
rotate_token,
)
from django.test import SimpleTestCase, override_settings
from django.test.utils import ignore_warnings
from django.utils.deprecation import RemovedInDjango50Warning
from django.views.decorators.csrf import csrf_exempt, requires_csrf_token

from .views import (
Expand Down Expand Up @@ -1494,31 +1492,3 @@ def test_csrf_token_on_404_stays_constant(self):
token2 = response.content.decode("ascii")
secret2 = _unmask_cipher_token(token2)
self.assertMaskedSecretCorrect(token1, secret2)


@ignore_warnings(category=RemovedInDjango50Warning)
class CsrfCookieMaskedTests(CsrfFunctionTestMixin, SimpleTestCase):
@override_settings(CSRF_COOKIE_MASKED=True)
def test_get_token_csrf_cookie_not_set(self):
request = HttpRequest()
self.assertNotIn("CSRF_COOKIE", request.META)
self.assertNotIn("CSRF_COOKIE_NEEDS_UPDATE", request.META)
token = get_token(request)
cookie = request.META["CSRF_COOKIE"]
self.assertEqual(len(cookie), CSRF_TOKEN_LENGTH)
unmasked_cookie = _unmask_cipher_token(cookie)
self.assertMaskedSecretCorrect(token, unmasked_cookie)
self.assertIs(request.META["CSRF_COOKIE_NEEDS_UPDATE"], True)

@override_settings(CSRF_COOKIE_MASKED=True)
def test_rotate_token(self):
request = HttpRequest()
request.META["CSRF_COOKIE"] = MASKED_TEST_SECRET1
self.assertNotIn("CSRF_COOKIE_NEEDS_UPDATE", request.META)
rotate_token(request)
# The underlying secret was changed.
cookie = request.META["CSRF_COOKIE"]
self.assertEqual(len(cookie), CSRF_TOKEN_LENGTH)
unmasked_cookie = _unmask_cipher_token(cookie)
self.assertNotEqual(unmasked_cookie, TEST_SECRET)
self.assertIs(request.META["CSRF_COOKIE_NEEDS_UPDATE"], True)
30 changes: 0 additions & 30 deletions tests/deprecation/test_csrf_cookie_masked.py
View file
Open in desktop

This file was deleted.