Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update to Django 1.10 #4319

Merged
merged 3 commits into from Oct 23, 2018
Merged

Update to Django 1.10 #4319

merged 3 commits into from Oct 23, 2018

Conversation

@stsewd
Copy link
Member

@stsewd stsewd commented Jul 2, 2018

Closes #4174

Things we need to check:

@stsewd
Copy link
Member Author

@stsewd stsewd commented Jul 2, 2018

Looks like some changes were made to the BaseCommand class too. option_list was deprecated in django 1.8 https://docs.djangoproject.com/en/1.9/howto/custom-management-commands/#django.core.management.BaseCommand.option_list we can fix that in another PR.

@davidfischer
Copy link
Contributor

@davidfischer davidfischer commented Jul 2, 2018

we are using a salted sha1 to hash the user passwords (at least in our tests fixtures)

Just to clarify in case anybody comes by and reads this, we are not using this in production. We are using PBKDF2 with 20k iterations. By upgrading to Django 1.10, this will change to 30k iterations whenever somebody logs in.

@ericholscher
Copy link
Member

@ericholscher ericholscher commented Jul 3, 2018

we need to upgrade tastypie, because of https://docs.djangoproject.com/en/2.0/releases/1.10/#features-removed-in-1-10 (tastpie 0.13.1 uses get_all_field_names() we need to update to 0.13.2/3) This is blocked because of #3570 (comment)

I wonder if we can just make the API read-only using the ReadOnlyAuthorization, and remove our fancy Django-based authorization? That might be a way to upgrade it. I don't believe there are any "logged in only" features of it, so we should be safe to just make it read-only for anyone.

This also feels like a nice way to slowly deprecate it.

@stsewd stsewd force-pushed the update-django-10x branch from 740412d to e433bd1 Jul 3, 2018
@stsewd
Copy link
Member Author

@stsewd stsewd commented Jul 3, 2018

I'm trying that right now, seems to work.

@stsewd
Copy link
Member Author

@stsewd stsewd commented Jul 3, 2018

@ericholscher we only have this test for creating a project (for superusers only), I'm not sure if that is something we use https://github.com/rtfd/readthedocs.org/blob/d413341097466f90ca10eabadc347d35970847df/readthedocs/rtd_tests/tests/test_api.py#L420-L432

@stsewd stsewd mentioned this pull request Jul 3, 2018
@ericholscher
Copy link
Member

@ericholscher ericholscher commented Jul 5, 2018

@ericholscher we only have this test for creating a project (for superusers only), I'm not sure if that is something we use

Don't believe so -- it is likely from when we used it from the builders in the past.

@agjohnson agjohnson added this to the 3.0 milestone Jul 9, 2018
@agjohnson
Copy link
Contributor

@agjohnson agjohnson commented Jul 9, 2018

Just noting here that we're targeting django 1.10 for our version 3.0, so i think we should probably back burner this project for right now. Our version 3.0 is probably a couple months out realistically, once we've wrapped up the yaml and search feature changes.

@stsewd stsewd force-pushed the update-django-10x branch from e433bd1 to e1e23ba Aug 20, 2018
@stsewd stsewd force-pushed the update-django-10x branch from e1e23ba to 3fcaade Sep 12, 2018
@stsewd stsewd force-pushed the update-django-10x branch from 3fcaade to c4dff93 Sep 13, 2018
@ericholscher ericholscher merged commit c4dff93 into readthedocs:master Oct 23, 2018
1 check failed
@stsewd stsewd deleted the update-django-10x branch Oct 23, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

4 participants