Merge pull request #1091 from uktrade/security/upgrade-django-4.19

KLS-668 - Upgrade to django 4.1.9

.circleci/config.yml

@@ -67,39 +67,12 @@ jobs:
             pip install flake8
             make flake8
 
-  migrations:
-    docker:
-      - image: circleci/python:3.9.7
-    steps:
-      - checkout
-      - setup_remote_docker:
-          docker_layer_caching: true
-      - restore_cache:
-          key: v1-deps-{{ checksum "requirements_test.txt" }}
-      - run:
-          name: Create virtualenv and install dependencies
-          command: |
-            python3 -m venv venv
-            . venv/bin/activate
-            pip install --upgrade pip
-            make install_requirements
-      - save_cache:
-          key: v1-deps-{{ checksum "requirements_test.txt" }}
-          paths:
-            - "venv"
-      - run:
-          name: Check migrations
-          command: |
-            . venv/bin/activate
-            make check_migrations
-
 workflows:
   version: 2
   test_and_flake8:
     jobs:
       - test
       - flake8
-      - migrations
       - notify:
           requires:
             - test

conf/urls.py

@@ -1,4 +1,3 @@
-
 import directory_components.views
 from directory_components.decorators import skip_ga360
 import directory_healthcheck.views
@@ -8,13 +7,13 @@
 from wagtail import urls as wagtail_urls
 from wagtail.documents import urls as wagtaildocs_urls
 
-from django.conf.urls import include, url
+from django.conf.urls import include
 from django.conf.urls.static import static
 from django.conf import settings
 from django.contrib.auth.decorators import login_required
 from django.views.decorators.csrf import csrf_exempt
 from django.views.generic import RedirectView
-from django.urls import path
+from django.urls import path, re_path
 
 import core.views
 from groups.views import GroupInfoModalView
@@ -24,104 +23,80 @@
 
 
 api_urls = [
-    url(r'^', api_router.urls),
-    url(
+    re_path(r'^', api_router.urls),
+    re_path(
         r'^pages/lookup-by-slug/(?P<slug>[\w-]+)/',
         api_router.wrap_view(core.views.PageLookupBySlugAPIEndpoint.as_view({'get': 'detail_view'})),
-        name='lookup-by-slug'
+        name='lookup-by-slug',
     ),
-    url(
+    re_path(
         r'^pages/lookup-by-path/(?P<site_id>[0-9]+)/(?P<path>[\w\-/]*)$',
         api_router.wrap_view(core.views.PageLookupByPathAPIEndpoint.as_view({'get': 'detail_view'})),
-        name='lookup-by-path'
-    ),
-    url(
-        r'^pages/types/$',
-        core.views.PageTypeView.as_view(),
-        name='pages-types-list'
+        name='lookup-by-path',
     ),
+    re_path(r'^pages/types/$', core.views.PageTypeView.as_view(), name='pages-types-list'),
 ]
 
 
 healthcheck_urls = [
-    url(
-        r'^$',
-        directory_healthcheck.views.HealthcheckView.as_view(),
-        name='healthcheck'
-    ),
-    url(
-        r'^ping/$',
-        directory_healthcheck.views.PingView.as_view(),
-        name='ping'
-    ),
+    re_path(r'^$', directory_healthcheck.views.HealthcheckView.as_view(), name='healthcheck'),
+    re_path(r'^ping/$', directory_healthcheck.views.PingView.as_view(), name='ping'),
 ]
 
 
 urlpatterns = [
-    url(r'^django-admin/', admin.site.urls),
-    url(
-        r'^api/',
-        include((api_urls, 'api'))
-    ),
-    url(
-        r'^healthcheck/',
-        include((healthcheck_urls, 'healthcheck'))
-    ),
-    url(
+    re_path(r'^django-admin/', admin.site.urls),
+    re_path(r'^api/', include((api_urls, 'api'))),
+    re_path(r'^healthcheck/', include((healthcheck_urls, 'healthcheck'))),
+    re_path(
         r"^robots\.txt$",
         skip_ga360(directory_components.views.RobotsView.as_view(template_name='core/robots.txt')),
-        name='robots'
+        name='robots',
     ),
-    url(
-        r'^$',
-        RedirectView.as_view(url='/admin/')
-    ),
-    url(
+    re_path(r'^$', RedirectView.as_view(url='/admin/')),
+    re_path(
         r'^admin/pages/(?P<pk>[0-9]+)/copy-upstream/$',
         login_required(core.views.CopyUpstreamView.as_view(is_edit=False)),
         name='copy-upstream',
     ),
-    url(
+    re_path(
         r'^admin/pages/(?P<pk>[0-9]+)/update-upstream/$',
         login_required(core.views.UpdateUpstreamView.as_view(is_edit=True)),
         name='update-upstream',
     ),
-    url(
+    re_path(
         r'^admin/pages/preload/',
         login_required(csrf_exempt(core.views.PreloadPageView.as_view())),
         name='preload-add-page',
     ),
-    url(r'^admin/group-info/$', login_required(GroupInfoModalView.as_view()), name='group-info'),
-
+    re_path(r'^admin/group-info/$', login_required(GroupInfoModalView.as_view()), name='group-info'),
     # Prevent users from changing their email address
-    url(r'^admin/account/change_email/$', RedirectView.as_view(url='/admin/')),
-
-    url(r'^admin/', include(wagtailadmin_urls)),
-    url(r'^documents/', include(wagtaildocs_urls)),
-    url(r'^auth/request-access/', include('users.urls_sso')),
-
+    re_path(r'^admin/account/change_email/$', RedirectView.as_view(url='/admin/')),
+    re_path(r'^admin/', include(wagtailadmin_urls)),
+    re_path(r'^documents/', include(wagtaildocs_urls)),
+    re_path(r'^auth/request-access/', include('users.urls_sso')),
     # For anything not caught by a more specific rule above, hand over to
     # Wagtail's page serving mechanism. This should be the last pattern in
     # the list:
-    url(r'', include(wagtail_urls)),
+    re_path(r'', include(wagtail_urls)),
     path(
         'subtitles/<int:great_media_id>/<str:language>/content.vtt',
         core.views.serve_subtitles,
         name='subtitles-serve',
     ),
-
 ] + static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
 
 
 if settings.FEATURE_FLAGS['ENFORCE_STAFF_SSO_ON']:
     urlpatterns = [
-        url('^auth/', include('authbroker_client.urls')),
-        url(r'^admin/login/$', RedirectView.as_view(url='/auth/login/', query_string=True)),
+        re_path('^auth/', include('authbroker_client.urls')),
+        re_path(r'^admin/login/$', RedirectView.as_view(url='/auth/login/', query_string=True)),
     ] + urlpatterns
 
 
 if settings.FEATURE_FLAGS['DEBUG_TOOLBAR_ON']:
     import debug_toolbar
+
     urlpatterns = [
-        url(r'^__debug__/', include(debug_toolbar.urls)),
+        re_path(r'^__debug__/', include(debug_toolbar.urls)),
     ] + urlpatterns

core/models.py

@@ -14,9 +14,7 @@
 
 from django.core import signing
 from django.conf import settings
-from django.contrib.contenttypes.fields import (
-    GenericForeignKey, GenericRelation
-)
+from django.contrib.contenttypes.fields import GenericForeignKey, GenericRelation
 from django.contrib.contenttypes.models import ContentType
 from django.db import models, transaction
 from django.shortcuts import redirect
@@ -26,12 +24,11 @@
 from core.helpers import get_page_full_url
 from core.wagtail_fields import FormHelpTextField, FormLabelField
 from wagtailmedia.models import Media
-from django.utils.translation import ugettext_lazy as _
+from django.utils.translation import gettext_lazy as _
 from django.urls import reverse
 
 
 class GreatMedia(Media):
-
     transcript = models.TextField(
         verbose_name=_('Transcript'), blank=True, null=True  # left null because was an existing field
     )
@@ -75,12 +72,7 @@ def subtitles(self):
 
 
 class Breadcrumb(models.Model):
-    service_name = models.CharField(
-        max_length=50,
-        choices=choices.CMS_APP_CHOICES,
-        null=True,
-        db_index=True
-    )
+    service_name = models.CharField(max_length=50, choices=choices.CMS_APP_CHOICES, null=True, db_index=True)
     label = models.CharField(max_length=50)
     slug = models.SlugField()
 
@@ -133,8 +125,7 @@ class BasePage(Page):
         default=False,
         verbose_name="tree-based routing enabled",
         help_text=(
-            "Allow this page's URL to be determined by its slug, and "
-            "the slugs of its ancestors in the page tree."
+            "Allow this page's URL to be determined by its slug, and " "the slugs of its ancestors in the page tree."
         ),
     )
 
@@ -273,17 +264,14 @@ def get_url(self, is_draft=False, language_code=settings.LANGUAGE_CODE):
     @property
     def ancestors_in_app(self):
         """
-            Used by `full_path` and `get_tree_based_breadcrumbs`
-            in BasePageSerializer.
-            Starts at 2 to exclude the root page and the app page.
-            Ignores 'folder' pages.
+        Used by `full_path` and `get_tree_based_breadcrumbs`
+        in BasePageSerializer.
+        Starts at 2 to exclude the root page and the app page.
+        Ignores 'folder' pages.
         """
         ancestors = self.get_ancestors()[2:]
 
-        return [
-            page for page in ancestors
-            if page.specific_class and not page.specific_class.folder_page
-        ]
+        return [page for page in ancestors if page.specific_class and not page.specific_class.folder_page]
 
     @property
     def full_path(self):
@@ -333,8 +321,7 @@ def get_localized_urls(self):
         # available languages, so there should be no need to expose the draft
         # url
         return [
-            (language_code, self.get_url(language_code=language_code))
-            for language_code in self.translated_languages
+            (language_code, self.get_url(language_code=language_code)) for language_code in self.translated_languages
         ]
 
     def serve(self, request, *args, **kwargs):
@@ -343,8 +330,7 @@ def serve(self, request, *args, **kwargs):
     def get_latest_nested_revision_as_page(self):
         revision = self.get_latest_revision_as_object()
         foreign_key_names = [
-            field.name for field in revision._meta.get_fields()
-            if isinstance(field, models.ForeignKey)
+            field.name for field in revision._meta.get_fields() if isinstance(field, models.ForeignKey)
         ]
         for name in foreign_key_names:
             field = getattr(revision, name)
@@ -360,19 +346,15 @@ def get_translatable_fields(cls):
     def get_translatable_string_fields(cls):
         text_fields = ['TextField', 'CharField']
         return [
-            name for name in cls.get_translatable_fields()
+            name
+            for name in cls.get_translatable_fields()
             if cls._meta.get_field(name).get_internal_type() in text_fields
         ]
 
     @classmethod
     def get_required_translatable_fields(cls):
-        fields = [
-            cls._meta.get_field(name) for name in cls.get_translatable_fields()
-        ]
-        return [
-            field.name for field in fields
-            if not field.blank and field.model is cls
-        ]
+        fields = [cls._meta.get_field(name) for name in cls.get_translatable_fields()]
+        return [field.name for field in fields if not field.blank and field.model is cls]
 
     @property
     def translated_languages(self):
@@ -406,7 +388,8 @@ def translated_languages(self):
     def language_names(self):
         if len(self.translated_languages) > 1:
             names = [
-                label for code, label, _ in settings.LANGUAGES_DETAILS
+                label
+                for code, label, _ in settings.LANGUAGES_DETAILS
                 if code in self.translated_languages and code != settings.LANGUAGE_CODE
             ]
             return 'Translated to {}'.format(', '.join(names))
@@ -440,22 +423,12 @@ def generate_content_hash(field_file):
 
 class DocumentHash(AbstractObjectHash):
     document = models.ForeignKey(
-        'wagtaildocs.Document',
-        null=True,
-        blank=True,
-        on_delete=models.CASCADE,
-        related_name='+'
+        'wagtaildocs.Document', null=True, blank=True, on_delete=models.CASCADE, related_name='+'
     )
 
 
 class ImageHash(AbstractObjectHash):
-    image = models.ForeignKey(
-        'wagtailimages.Image',
-        null=True,
-        blank=True,
-        on_delete=models.CASCADE,
-        related_name='+'
-    )
+    image = models.ForeignKey('wagtailimages.Image', null=True, blank=True, on_delete=models.CASCADE, related_name='+')
 
 
 class WagtailAdminExclusivePageMixin:
@@ -479,6 +452,7 @@ class ExclusivePageMixin(WagtailAdminExclusivePageMixin):
     prevents anything other than the `slug_identity` class attribute
     value being used as the `slug` when creating new pages.
     """
+
     read_only_fields = ['slug']
 
     def save(self, *args, **kwargs):
@@ -530,13 +504,12 @@ class Meta:
     def allowed_subpage_models(cls):
         allowed_name = getattr(cls, 'service_name_value', None)
         return [
-            model for model in Page.allowed_subpage_models()
+            model
+            for model in Page.allowed_subpage_models()
             if getattr(model, 'service_name_value', None) == allowed_name
         ]
 
-    settings_panels = [
-        FieldPanel('title_en_gb')
-    ]
+    settings_panels = [FieldPanel('title_en_gb')]
     content_panels = []
     promote_panels = []
 
@@ -545,6 +518,7 @@ class FormPageMetaClass(PageBase):
     """Metaclass that adds <field_name>_label and <field_name>_help_text to a
     Page when given a list of form_field_names.
     """
+
     def __new__(mcls, name, bases, attrs):
         form_field_names = attrs['form_field_names']
         for field_name in form_field_names:
@@ -557,11 +531,10 @@ def __new__(mcls, name, bases, attrs):
                 children=[
                     FieldPanel(name + '_label'),
                     FieldPanel(name + '_help_text'),
-                ]
-            ) for name in form_field_names
+                ],
+            )
+            for name in form_field_names
         ]
-        attrs['content_panels'] = (
-            attrs['content_panels_before_form'] + form_panels + attrs['content_panels_after_form']
-        )
+        attrs['content_panels'] = attrs['content_panels_before_form'] + form_panels + attrs['content_panels_after_form']
 
         return super().__new__(mcls, name, bases, attrs)