Fixed #28041 -- Added prefix matching for PostgreSQL full text search

[kaedroho]

This pull request is based on an earlier one: #8313

I've rebased it on the latest master and made the following tweaks:

• Added some tests and docs
• Added escaping for quotes and backslashes
• Added support for the ~ operator on Lexemes
• Replaced the RawSearchQuery with the new SearchQuery(search_type='raw')

[jacobtylerwalls]

Hi Karl, thanks for the patch. Although I'm not able to offer a substantive review, I left some comments on your docs to ensure CI will pass. I also updated the flags on the ticket so that this will be more visible for reviewers who can give you a substantive review. Cheers

[jacobtylerwalls]

"escaped"

[jacobtylerwalls]

also plural "the contents of each lexeme are escaped"
and "so cannot contain" is not clear, sounds like it's missing a word.

[jacobtylerwalls]

"recognize" for American English, don't blame me, it's CI that will complain :-)

[kaedroho]

Thanks! I think changing "contents" to singular sounds a bit better, but I'm not sure!

"the content of each lexeme is escaped"

[kaedroho]

I've had a go at rewriting this paragraph, let me know what you think! I'm not sure about the wording of first sentence in particular

[alextatarinov]

I am not 100% certain, but it may require to escape more than a single quote and backslash, specifically, all to_tsquery operators like & and |. The following should fail Lexeme('red!'). Here is the code I used to implement the escaping some time ago.

_SEARCH_SPEC_CHARS = r"['\0\[\]()|&:*!@<>\\]"
_spec_chars_re = re.compile(_SEARCH_SPEC_CHARS)
multiple_spaces_re = re.compile(r'\s{2,}')


def normalize_spaces(val):
    """Converts multiple spaces to single and strips from both sides"""
    if not val:
        return None
    return multiple_spaces_re.sub(' ', val.strip())

def psql_escape(query: str):
    # replace unsafe chars with space
    query = _spec_chars_re.sub(' ', query)
    query = normalize_spaces(query)  # convert multiple spaces to single 
    return query

[alextatarinov]

It looks like it should be handled by 'raw' search type, but it's not, and since quote and backslash are escaped, I assumed it should also handle other special characters.

On the other hand, it was probably omitted intentionally in 'raw' query implementation, so probably we shouldn't try to do it here also.

[kaedroho]

Thanks! I've updated it to use your code snippet for escaping

This did change to how some words are indexed though. For example: L'amour was previously indexed as L''amour, and now it is L amour. I'm not that familiar with French, so I'm not sure what impact that has.

[kaedroho]

I've applied the suggestion from #12727 (comment) which bought back the quotes, but it also doesn't escape !.

I think this is fine because the whole lexeme is surrounded by quotes, so your previous example would be escaped as 'red!' and those quotes should prevent it from interpreting the ! (I guess!).

[felixxm]

@kaedroho Thanks for this patch 👍 I left initial comments.

[felixxm]

I would use negated.

Suggested change

	self.invert = invert
	self.negated = negated

[kaedroho]

The existing SearchQuery class also uses invert: https://github.com/django/django/blob/master/django/contrib/postgres/search.py#L169

[felixxm]

This creates a diamond-shape inheritance

             Expression
              /      \
LexemeCombinable     Value
              \      /
               Lexeme

which is not necessary. I think we should use:

class LexemeCombinable:
     ...

class Lexeme(LexemeCombinable, Value):
    ...

class CombinedLexeme(LexemeCombinable, CombinedExpression):
    ...

[kaedroho]

Done, thanks!

[felixxm]

Low-level tests are not necessary, it should be feasible to test using Lexeme() with special characters in a query.

[kaedroho]

Ahh, so I should change this to make real queries? that makes sense!

[felixxm]

Using psycopg2's adapt() should be sufficient in all cases:

Suggested change

	param = "'%s'" % self.value.replace("'", "''").replace("\\", "\\\\")
	param = psycopg2.extensions.adapt(self.value).getquoted().decode()

[kaedroho]

Done, thanks!

[kaedroho]

Getting a crash when using this with unicode characters:

>>> psycopg2.extensions.adapt("L'amour piqué par une abeille").getquoted().decode()

UnicodeDecodeError: 'utf-8' codec can't decode byte 0xe9 in position 14: invalid continuation byte

[felixxm]

As far as I'm aware weight and prefix are mutually exclusive, we should raise a ValueError in such case:

raise ValueError('prefix and weight are mutually exclusive')

[kaedroho]

https://www.postgresql.org/docs/10/textsearch-controls.html under section "12.3.2. Parsing Queries" there are some examples that appear to combine weights and prefix queries (and there's currently a test for this in postgres_tests.test_search.TestLexemes.test_as_sql)

[jacobtylerwalls]

Rewrite sounds good to my ear! If you want fine-tuning suggestions:

• "so that any operators that may exist in the string itself"

First sentence sounds fine to me too, but if you're looking for an alternative:

• "Lexeme objects allow for safely applying search operators to strings from untrusted sources."

[kaedroho]

Thanks for the reviews! I'll get back to this on the weekend to update tests, fix the CI errors and address any other comments

[felixxm]

Closing due to inactivity.