Skip to content

A lot of work with django-hijack #197

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Mogost wants to merge 3 commits into from
Closed

A lot of work with django-hijack #197

Mogost wants to merge 3 commits into from

Conversation

@Mogost
Copy link
Member

@Mogost Mogost commented Dec 27, 2019
edited
Loading

@philippeowagner We should probably discuss the changes outside of Github. I wrote you in KeyBase.
My package on test.pypi https://test.pypi.org/project/django-hijack/

=== (3.0.0) ===

  • Drop support for python<3.5
  • Drop support for Django<2.2
  • Big code refactoring
  • CI improvements, automatically pypi deploy
  • Added wheel for pypi build

Mogost
Mogost commented Dec 27, 2019
View reviewed changes
.travis.yml
Comment on lines +13 to +23
# TODO: Remove server section
server: https://test.pypi.org/legacy/
# TODO: Generate token for original pypi package
user: __token__
# TODO: Fix password
password:
secure: Q91+VRoflP/BwHjXBxCjmEz55cldwaL6X9ARpnzAThKELNlAmakKY1m77+AnF5Yf9AdVnBQN0XVMJFig0Voa7h/hMFD40JbKv+PTz8gRdQzVUYwNnRFdixpA3MBTcQRhsDfVwcL6BAxX9iAlY8tM+oZY6okEh9aFXUQ7d18ZHvcqTrnX/Keh5K8bpNmjli8EKN8qPPz3OK6+/68qfY4oD+JRZW5Q66fRJYumxCiwWcZ/kIvOQSBzGk6HYs6/CqC+biTkeis5z2BXyJWvDc97v/slZwKxEl1h1mtfzqO/LF6RERvGIYjqwJKww1qOnk4rmTzdsn/nDUA/9qZmbBh8dFRrae6DwutyykVsuLahP5g2bfhlOSQQMoOq7jnetp6BW2SapORzD+rRKwI0NsO2ZhOtM85zpUtc7CpuSphI50hMfbJRLpqGKgyjMQeqzWMNMuUnAn3wa0GTu3FNsALnMw+HxIkP5U38cORgaXeG7vFu9EtcOBHPCH0Y7DQVrcyU6djqHDQSFULeu2yWQzX0EHhF0xjAf3rUEZvC6bZWUDEIs1+pGYSujkQJQg+tLI5ncOVih7qDMunPGMIABkj0FTH502ekU/ym6hRzaRp4I9Na6QCVXBTkXdudPEpcakZnxg8B2lxMSVhTsLcV4fV4lbwGhV67hucyWybjShXO1t4=
on:
tags: true
# TODO: Fix Github repo identifier
repo: Mogost/django-hijack
Copy link
Member Author

@Mogost Mogost Dec 27, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here we need updating from the pypi owner.

@philippeowagner
Copy link
Contributor

philippeowagner commented Dec 27, 2019

@Mogost I got your message. I will get in touch ASAP.

@maxmorlocke
Copy link

maxmorlocke commented Feb 25, 2020

Since conversations are happening off platform, is there anything a community contributor can do to help get this merged? We're using a fork of this fork live in production without issues and would like to help mainline it if possible.

@Mogost
Copy link
Member Author

Mogost commented Feb 26, 2020
edited
Loading

I've been waiting for a long time for my PR to be reviewed.
It would be advisable to do the same work for the django-hijack-admin package.
(Actually, I don’t understand why django-hijack-admin is not integrated into django-hijack).
I am ready to devote some time to supporting the project. And this is one of the reasons why I automated the release process. Doing this automatically is the easiest way.
But now we need some help from the project maitners. @philippeowagner

@maxmorlocke
Copy link

maxmorlocke commented Feb 26, 2020
edited
Loading

From what I've read, hijack admin exists in a separate package because the default implementation for admin relies on switching to use a HTTP GET for the admin switch user button. That's insecure as it exposes CSRF vulnerabilities. The solution is a really simple hack proposed a long time ago which is to use form actions. This was not accepted into the mainline because of browser compatibility issues. I don't think this is much of a problem in 2020, and frankly would be more concerned about the security implications of the older browser.

I'm happy to help as a contributor/maintainer as well if this project is updated along the lines Alexandr has outlined.

@Mogost
Copy link
Member Author

Mogost commented Oct 7, 2020

Any progress here? @philippeowagner

@coveralls
Copy link

coveralls commented Oct 7, 2020

Coverage Status

Coverage decreased (-0.1%) to 96.109% when pulling de89816 on Mogost:fork into 70ebdbe on arteria:master.

1 similar comment
@coveralls
Copy link

coveralls commented Oct 7, 2020

Coverage Status

Coverage decreased (-0.1%) to 96.109% when pulling de89816 on Mogost:fork into 70ebdbe on arteria:master.

@Mogost
Copy link
Member Author

Mogost commented Jan 15, 2021

@philippeowagner Is there any progress with this?
I'm almost ready to just fork it.

@Mogost Mogost mentioned this pull request Jan 15, 2021
Closed
@codingjoe
Copy link
Collaborator

codingjoe commented Jan 30, 2021

@Mogost I think there are still a log of good changes in here. Would you mind rebasing this and maybe extract your changes into separate PRs? If you need anything, let me know. I will close the PR. Just open it, if you prefer to keep your work in a single PR, works for me too.

@codingjoe codingjoe closed this Jan 30, 2021
@Mogost
Copy link
Member Author

Mogost commented Jan 31, 2021
edited
Loading

@codingjoe I will concentrate more on reviewing at your code for now. In fact, you've already pulled most of my changes into separate Pull Requests.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@Mogost Mogost

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@Mogost @philippeowagner @maxmorlocke @coveralls @codingjoe