Merge pull request #516 from ThomasWaldmann/django32

upgrade to django 3.2 LTS

.pylintrc

@@ -0,0 +1,14 @@
+[MAIN]
+# In error mode, messages with a category besides ERROR or FATAL are
+# suppressed, and no reports are done by default. Error mode is compatible with
+# disabling specific errors.
+errors-only=yes
+
+# List of plugins (as comma separated values of python module names) to load,
+# usually to register additional checkers.
+load-plugins=pylint_django
+
+django-settings-module=nsupdate.settings.dev
+
+[MASTER]
+init-hook='import sys; sys.path.append(".")'

Pipfile

@@ -0,0 +1,28 @@
+[[source]]
+url = "https://pypi.org/simple"
+verify_ssl = true
+name = "pypi"
+
+[packages]
+dnspython = "*"
+netaddr = "*"
+django = "~=3.2.0"
+django-bootstrap-form = "*"
+django-referrer-policy = "*"
+django-registration-redux = "*"
+django-extensions = "*"
+social-auth-app-django = "*"
+requests = "*"
+setuptools-scm = "*"
+
+[dev-packages]
+django-debug-toolbar = "*"
+pytest = ">=3.6"
+pytest-django = "*"
+pytest-pep8 = "*"
+sphinx = "*"
+pylint = "*"
+pylint-django = "*"
+
+[requires]
+python_version = "3.7"

docs/project.rst

@@ -64,3 +64,93 @@ Or even better: if you use git, fork our repo, make your changes and submit a pu
 
 For small fixes, you can even just edit the files on github (github will then fork, change and submit a pull request
 automatically).
+
+
+Dependency management
+=====================
+
+Get `Pipenv <https://pipenv.pypa.io/en/latest/installation/>`_ and checkout the
+`Pipenv Command Reference <https://pipenv.pypa.io/en/latest/commands/>`_.
+
+Install new dependencies
+------------------------
+
+See `the pipenv docs <https://pipenv.pypa.io/en/latest/commands/#install>`_.
+
+::
+
+    pipenv install mypkg
+
+
+Spawn a shell with correct python paths
+---------------------------------------
+
+::
+
+    pipenv shell
+
+Exit the shell with ``exit``.
+
+Dependency maintenance
+----------------------
+
+Update requirements.txt files including transitive dependencies
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+::
+
+    pipenv update
+
+NOTE: This is not done today and only a suggestion.
+
+::
+
+    pipenv requirements --exclude-markers > requirements.d/all.txt
+    pipenv requirements --exclude-markers --dev-only > requirements.d/dev.txt
+
+Verify the updated dependencies don't include any security vulnerabilities:
+
+::
+
+    pipenv check
+
+
+Build locally
+=============
+
+1. Install `build` (see `its docs <https://packaging.python.org/en/latest/tutorials/packaging-projects/#generating-distribution-archives>`_
+   for example), e.g. via ``pacman -S python-build`` on ArchLinux.
+2. Afterwards, run the command to generate pip packages in ``dist/``::
+
+    pyproject-build
+
+NOTE: This is also needed before development because the command generates ``./src/nsupdate/_version.py``.
+
+Run locally
+===========
+
+#. Install dependencies ``pipenv install --dev``
+#. Generate ``src/nsupdate/_version.py`` file by running ``pyproject-build``
+#. Create database using ``pipenv run ./manage.py migrate``
+#. Create a superuser with ``pipenv run ./manage.py createsuperuser``
+#. Run the server with ``pipenv run ./manage.py runserver``
+
+Lint
+====
+
+Run `pylint <https://pylint.readthedocs.io/en/stable/>`_ in
+error-only mode to check any problems::
+
+    pipenv run pylint src/nsupdate
+
+NOTE: The project does not use pylint for formatting.
+      Disabling the ``errors-only`` mode in ``.pylintrc`` will show a lot of warnings.
+
+Run tests
+=========
+
+Tests need to run inside Docker because they depend on a ``bind9`` nameserver
+running a specific configuration on ``127.0.0.1:53``.
+
+#. Build the docker image once, using: ``docker build -t nsupdate scripts/docker/``
+#. Then run tests via ``docker run --dns 127.0.0.1 -v $PWD:/app nsupdate``

requirements.d/all.txt

@@ -1,7 +1,7 @@
 # packages always needed
 dnspython
 netaddr
-django~=2.2.0
+django~=3.2.0
 django-bootstrap-form
 django-referrer-policy
 django-registration-redux

requirements.d/dev.txt

@@ -6,4 +6,6 @@ pytest-django
 pytest-cov
 tox
 wheel
+pylint
+pylint-django
 Sphinx

scripts/docker/Dockerfile

@@ -0,0 +1,9 @@
+FROM python:3.11-alpine
+WORKDIR /app
+
+RUN apk add bind git
+COPY bind/named.conf.local /etc/bind/named.conf.local
+COPY bind/zones/ /var/lib/bind/pri/
+RUN chown named -R /var/lib/bind/pri/
+
+CMD /app/scripts/docker/test.sh

scripts/docker/bind/named.conf.local

@@ -0,0 +1,49 @@
+//
+// Do any local configuration here
+//
+
+key "nsupdate.info." {
+        algorithm hmac-sha512;
+        secret "YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYQ==";
+};
+
+key "tests.nsupdate.info." {
+        algorithm hmac-sha512;
+        secret "YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYQ==";
+};
+
+zone "nsupdate.info" {
+        type master;
+        file "/var/lib/bind/pri/nsupdate.info";
+        update-policy {
+            // these "deny" entries are needed for the service domain,
+            // if you add another domain, you may want to check the need
+            // for other "deny" entries if the zone is not fully available.
+            // we don't allow updates to the infrastructure hosts:
+            deny  nsupdate.info.      name      nsupdate.info;
+            deny  nsupdate.info.      name  www.nsupdate.info;
+            deny  nsupdate.info.      name ipv4.nsupdate.info;
+            deny  nsupdate.info.      name ipv6.nsupdate.info;
+            // this host is for testing if the nameserver is configured correctly and reachable
+            grant nsupdate.info.      name connectivity-test.nsupdate.info A;
+            // but we allow updates to any other host:
+            grant nsupdate.info. subdomain nsupdate.info;
+        };
+};
+
+zone "tests.nsupdate.info" {
+        type master;
+        file "/var/lib/bind/pri/tests.nsupdate.info";
+        update-policy {
+            // these "deny" entries are needed for the service domain,
+            // if you add another domain, you may want to check the need
+            // for other "deny" entries if the zone is not fully available.
+            // we don't allow updates to the infrastructure hosts:
+            deny  tests.nsupdate.info.      name      tests.nsupdate.info;
+            deny  tests.nsupdate.info.      name  www.tests.nsupdate.info;
+            deny  tests.nsupdate.info.      name ipv4.tests.nsupdate.info;
+            deny  tests.nsupdate.info.      name ipv6.tests.nsupdate.info;
+            // but we allow updates to any other host:
+            grant tests.nsupdate.info. subdomain tests.nsupdate.info;
+        };
+};

scripts/docker/bind/zones/nsupdate.info

@@ -0,0 +1,20 @@
+$ORIGIN .
+$TTL 3600	; 1 hour
+nsupdate.info		IN SOA	ns1.nsupdate.info. root.nsupdate.info. (
+				2016081401 ; serial
+				7200       ; refresh (2 hours)
+				1800       ; retry (30 minutes)
+				604800     ; expire (1 week)
+				60         ; minimum (1 minute)
+				)
+			NS	127.0.0.1.
+			A	127.0.0.1
+			AAAA	::1
+
+$ORIGIN nsupdate.info.
+$TTL 3600	; 1 hour
+ipv4			A	127.0.0.1
+ipv6			AAAA	::1
+www	    		A	127.0.0.1
+		    	AAAA	::1
+		    	A 127.0.0.1

scripts/docker/bind/zones/tests.nsupdate.info

@@ -0,0 +1,18 @@
+$ORIGIN .
+$TTL 3600	; 1 hour
+tests.nsupdate.info	IN SOA	ns1.tests.nsupdate.info. root.tests.nsupdate.info. (
+				2016081401 ; serial
+				7200       ; refresh (2 hours)
+				1800       ; retry (30 minutes)
+				604800     ; expire (1 week)
+				60         ; minimum (1 minute)
+				)
+			NS	127.0.0.1.
+			A	127.0.0.1
+			AAAA	::1
+
+$ORIGIN tests.nsupdate.info.
+ipv4			A	1.2.3.4
+ipv6			AAAA	::1
+www	    		A	1.2.3.4
+		    	AAAA	::1

scripts/docker/test.sh

@@ -0,0 +1,12 @@
+#!/bin/sh
+
+set -euxo pipefail
+
+cd /tmp && named -g -u named -c /etc/bind/named.conf.local &
+
+cd /app
+pip install -e .
+pip install -r requirements.txt
+
+pylint src/nsupdate
+pytest src/nsupdate

setup.py

@@ -32,15 +32,14 @@
     install_requires=[
         'dnspython',
         'netaddr',
-        'django>=2.2.0',
+        'django>=3.2.0',
         'django-bootstrap-form',
         'django-referrer-policy',
         'django-registration-redux',
         'django-extensions',
         'social-auth-app-django',
         'requests',  # for our ddns_client
         'setuptools_scm',
-        'six',
     ],
     classifiers=[
         'Development Status :: 5 - Production/Stable',

src/nsupdate/accounts/models.py

@@ -9,11 +9,8 @@
 from django.contrib.auth.signals import user_logged_in
 from django.utils.translation import ugettext_lazy as _
 from django.utils.translation import LANGUAGE_SESSION_KEY
-from django.utils.encoding import python_2_unicode_compatible
-from django.utils.six import text_type
 
 
-@python_2_unicode_compatible
 class UserProfile(models.Model):
     """
     stuff we need additionally to what Django stores in User model
@@ -25,7 +22,7 @@ class UserProfile(models.Model):
                                 verbose_name=_('language'))
 
     def __str__(self):
-        return u"profile for %s" % text_type(self.user)
+        return u"profile for %s" % str(self.user)
 
     class Meta:
         verbose_name = _('user profile')

src/nsupdate/main/models.py

@@ -18,8 +18,6 @@
 from django.contrib.auth.hashers import make_password
 from django.utils.timezone import now
 from django.utils.translation import ugettext_lazy as _
-from django.utils.encoding import python_2_unicode_compatible
-from django.utils.six import text_type
 
 from . import dnstools
 
@@ -34,7 +32,6 @@ def result_fmt(msg):
     return msg[:RESULT_MSG_LEN]
 
 
-@python_2_unicode_compatible
 class BlacklistedHost(models.Model):
     name_re = models.CharField(
         _('name RegEx'),
@@ -81,7 +78,6 @@ def host_blacklist_validator(value):
 UPDATE_ALGORITHM_CHOICES = [(k, k) for k in UPDATE_ALGORITHMS]
 
 
-@python_2_unicode_compatible
 class Domain(models.Model):
     name = models.CharField(
         _("name"),
@@ -154,7 +150,6 @@ class Meta:
         ordering = ('name',)
 
 
-@python_2_unicode_compatible
 class Host(models.Model):
     name = models.CharField(
         _("name"),
@@ -373,7 +368,6 @@ def post_save_host(sender, **kwargs):
 post_save.connect(post_save_host, sender=Host)
 
 
-@python_2_unicode_compatible
 class RelatedHost(models.Model):
     # host addr = network_of_main_host + interface_id
     name = models.CharField(
@@ -414,7 +408,7 @@ class RelatedHost(models.Model):
         verbose_name=_("main host"))
 
     def __str__(self):
-        return u"%s.%s" % (self.name, text_type(self.main_host))
+        return u"%s.%s" % (self.name, str(self.main_host))
 
     class Meta(object):
         unique_together = (('name', 'main_host'),)
@@ -447,7 +441,6 @@ def get_ipv6(self):
 pre_delete.connect(pre_delete_host, sender=RelatedHost)
 
 
-@python_2_unicode_compatible
 class ServiceUpdater(models.Model):
     name = models.CharField(
         _("name"),
@@ -491,7 +484,6 @@ class Meta(object):
         verbose_name_plural = _('service updaters')
 
 
-@python_2_unicode_compatible
 class ServiceUpdaterHostConfig(models.Model):
     service = models.ForeignKey(ServiceUpdater, on_delete=models.CASCADE, verbose_name=_("service"))
 

src/nsupdate/settings/base.py

@@ -308,7 +308,7 @@
     # 'social_core.backends.amazon.AmazonOAuth2',
     # 'social_core.backends.bitbucket.BitbucketOAuth',
     # 'social_core.backends.disqus.DisqusOAuth2',
-    # 'social_core.backends.dropbox.DropboxOAuth',
+    # 'social_core.backends.dropbox.DropboxOAuth2V2',
     # 'social_core.backends.github.GithubOAuth2',
     # 'social_core.backends.google.GoogleOAuth2',
     # 'social_core.backends.reddit.RedditOAuth2',

src/nsupdate/templates/base.html

@@ -10,7 +10,7 @@
         <title>{% block title %}{{ WWW_HOST }}{% endblock %}</title>
 
         <link href="https://stackpath.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-HSMxcRTRxnN+Bdg0JdbxYKrThecOKuH5zCYotlSAcp1+c8xmyTe9GYg1l9a69psu" crossorigin="anonymous">
-        <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.11.2/css/all.min.css" rel="stylesheet" integrity="sha256-+N4/V/SbAFiW1MPBCXnfnP9QSN3+Keu+NlB+0ev/YKQ=" crossorigin="anonymous" />
+        <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.3.0/css/all.min.css" rel="stylesheet" integrity="sha512-SzlrxWUlpfuzQ+pcUCosxcglQRNAq/DZjVsC0lE40xsADsfeQoEypE+enwcOiGjk/bSuGGKHEyjSoQ1zVisanQ==" crossorigin="anonymous" />
         <link href="{% static 'css/nsupdate.css' %}" rel="stylesheet">
         <link rel="icon" type="image/svg+xml" sizes="any" href="{% static "img/favicon.svg" %}">
         <link rel="icon" type="image/png" href="{% static "img/favicon_32.png" %}" sizes="32x32">