From dfc77637ea5c1aa81caa72b1cf900e6931d61b54 Mon Sep 17 00:00:00 2001 From: Simon Charette Date: Sat, 3 Feb 2024 10:54:51 -0500 Subject: [PATCH 001/316] Fixed #35162 -- Fixed crash when adding fields with db_default on MySQL. MySQL doesn't allow literal DEFAULT values to be used for BLOB, TEXT, GEOMETRY or JSON columns and requires expression to be used instead. Regression in 7414704e88d73dafbcfbb85f9bc54cb6111439d3. --- django/db/backends/base/schema.py | 6 +++++- docs/releases/5.0.2.txt | 4 ++++ tests/schema/tests.py | 13 +++++++++++++ 3 files changed, 22 insertions(+), 1 deletion(-) diff --git a/django/db/backends/base/schema.py b/django/db/backends/base/schema.py index 242083b850..dad3f8d916 100644 --- a/django/db/backends/base/schema.py +++ b/django/db/backends/base/schema.py @@ -412,7 +412,11 @@ class BaseDatabaseSchemaEditor: """Return the sql and params for the field's database default.""" from django.db.models.expressions import Value - sql = "%s" if isinstance(field.db_default, Value) else "(%s)" + sql = ( + self._column_default_sql(field) + if isinstance(field.db_default, Value) + else "(%s)" + ) query = Query(model=field.model) compiler = query.get_compiler(connection=self.connection) default_sql, params = compiler.compile(field.db_default) diff --git a/docs/releases/5.0.2.txt b/docs/releases/5.0.2.txt index 64ffcb88bd..a385fbd13e 100644 --- a/docs/releases/5.0.2.txt +++ b/docs/releases/5.0.2.txt @@ -32,3 +32,7 @@ Bugfixes * Fixed a regression in Django 5.0 that caused the ``request_finished`` signal to sometimes not be fired when running Django through an ASGI server, resulting in potential resource leaks (:ticket:`35059`). + +* Fixed a bug in Django 5.0 that caused a migration crash on MySQL when adding + a ``BinaryField``, ``TextField``, ``JSONField``, or ``GeometryField`` with a + ``db_default`` (:ticket:`35162`). diff --git a/tests/schema/tests.py b/tests/schema/tests.py index 3a026281bd..cde3d7f991 100644 --- a/tests/schema/tests.py +++ b/tests/schema/tests.py @@ -2303,6 +2303,19 @@ class SchemaTests(TransactionTestCase): columns = self.column_classes(Author) self.assertEqual(columns["birth_year"][1].default, "1988") + @isolate_apps("schema") + def test_add_text_field_with_db_default(self): + class Author(Model): + description = TextField(db_default="(missing)") + + class Meta: + app_label = "schema" + + with connection.schema_editor() as editor: + editor.create_model(Author) + columns = self.column_classes(Author) + self.assertIn("(missing)", columns["description"][1].default) + @skipUnlessDBFeature( "supports_column_check_constraints", "can_introspect_check_constraints" ) From fe1cb62f5c3f87fafc4a6b52fee2ccc6c80c41e2 Mon Sep 17 00:00:00 2001 From: Simon Charette Date: Sat, 3 Feb 2024 01:10:41 -0500 Subject: [PATCH 002/316] Refs #35149 -- Made equivalent db_default alterations noops. This allows for an easier transition of preserving the literal nature of non-compilable db_default. --- django/db/backends/base/schema.py | 8 ++++++++ tests/schema/tests.py | 17 +++++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/django/db/backends/base/schema.py b/django/db/backends/base/schema.py index dad3f8d916..ed91c6ab1b 100644 --- a/django/db/backends/base/schema.py +++ b/django/db/backends/base/schema.py @@ -1640,6 +1640,14 @@ class BaseDatabaseSchemaEditor: ): old_kwargs.pop("to", None) new_kwargs.pop("to", None) + # db_default can take many form but result in the same SQL. + if ( + old_kwargs.get("db_default") + and new_kwargs.get("db_default") + and self.db_default_sql(old_field) == self.db_default_sql(new_field) + ): + old_kwargs.pop("db_default") + new_kwargs.pop("db_default") return self.quote_name(old_field.column) != self.quote_name( new_field.column ) or (old_path, old_args, old_kwargs) != (new_path, new_args, new_kwargs) diff --git a/tests/schema/tests.py b/tests/schema/tests.py index cde3d7f991..04ad299aa6 100644 --- a/tests/schema/tests.py +++ b/tests/schema/tests.py @@ -2316,6 +2316,23 @@ class SchemaTests(TransactionTestCase): columns = self.column_classes(Author) self.assertIn("(missing)", columns["description"][1].default) + @isolate_apps("schema") + def test_db_default_equivalent_sql_noop(self): + class Author(Model): + name = TextField(db_default=Value("foo")) + + class Meta: + app_label = "schema" + + with connection.schema_editor() as editor: + editor.create_model(Author) + + new_field = TextField(db_default="foo") + new_field.set_attributes_from_name("name") + new_field.model = Author + with connection.schema_editor() as editor, self.assertNumQueries(0): + editor.alter_field(Author, Author._meta.get_field("name"), new_field) + @skipUnlessDBFeature( "supports_column_check_constraints", "can_introspect_check_constraints" ) From e67d7d70fa10c06aca36b9057f82054eda45269d Mon Sep 17 00:00:00 2001 From: Simon Charette Date: Sun, 28 Jan 2024 12:02:33 -0500 Subject: [PATCH 003/316] Fixed #35149 -- Fixed crashes of db_default with unresolvable output field. Field.db_default accepts either literal Python values or compilables (as_sql) and wrap the former ones in Value internally. While 1e38f11 added support for automatic resolving of output fields for types such as str, int, float, and other unambigous ones it's cannot do so for all types such as dict or even contrib.postgres and contrib.gis primitives. When a literal, non-compilable, value is provided it likely make the most sense to bind its output field to the field its attached to avoid forcing the user to provide an explicit `Value(output_field)`. Thanks David Sanders for the report. --- django/db/backends/base/schema.py | 7 +++---- django/db/models/fields/__init__.py | 21 +++++++++++++-------- docs/releases/5.0.2.txt | 5 +++++ tests/migrations/test_autodetector.py | 4 ++-- tests/migrations/test_operations.py | 12 ++++++------ tests/schema/tests.py | 21 +++++++++++++++++++++ 6 files changed, 50 insertions(+), 20 deletions(-) diff --git a/django/db/backends/base/schema.py b/django/db/backends/base/schema.py index ed91c6ab1b..f442d290a0 100644 --- a/django/db/backends/base/schema.py +++ b/django/db/backends/base/schema.py @@ -412,14 +412,13 @@ class BaseDatabaseSchemaEditor: """Return the sql and params for the field's database default.""" from django.db.models.expressions import Value + db_default = field._db_default_expression sql = ( - self._column_default_sql(field) - if isinstance(field.db_default, Value) - else "(%s)" + self._column_default_sql(field) if isinstance(db_default, Value) else "(%s)" ) query = Query(model=field.model) compiler = query.get_compiler(connection=self.connection) - default_sql, params = compiler.compile(field.db_default) + default_sql, params = compiler.compile(db_default) if self.connection.features.requires_literal_defaults: # Some databases doesn't support parameterized defaults (Oracle, # SQLite). If this is the case, the individual schema backend diff --git a/django/db/models/fields/__init__.py b/django/db/models/fields/__init__.py index 5186f0c414..cc5025af84 100644 --- a/django/db/models/fields/__init__.py +++ b/django/db/models/fields/__init__.py @@ -219,12 +219,6 @@ class Field(RegisterLookupMixin): self.remote_field = rel self.is_relation = self.remote_field is not None self.default = default - if db_default is not NOT_PROVIDED and not hasattr( - db_default, "resolve_expression" - ): - from django.db.models.expressions import Value - - db_default = Value(db_default) self.db_default = db_default self.editable = editable self.serialize = serialize @@ -408,7 +402,7 @@ class Field(RegisterLookupMixin): continue connection = connections[db] - if not getattr(self.db_default, "allowed_default", False) and ( + if not getattr(self._db_default_expression, "allowed_default", False) and ( connection.features.supports_expression_defaults ): msg = f"{self.db_default} cannot be used in db_default." @@ -994,7 +988,7 @@ class Field(RegisterLookupMixin): from django.db.models.expressions import DatabaseDefault if isinstance(value, DatabaseDefault): - return self.db_default + return self._db_default_expression return value def get_prep_value(self, value): @@ -1047,6 +1041,17 @@ class Field(RegisterLookupMixin): return return_None return str # return empty string + @cached_property + def _db_default_expression(self): + db_default = self.db_default + if db_default is not NOT_PROVIDED and not hasattr( + db_default, "resolve_expression" + ): + from django.db.models.expressions import Value + + db_default = Value(db_default, self) + return db_default + def get_choices( self, include_blank=True, diff --git a/docs/releases/5.0.2.txt b/docs/releases/5.0.2.txt index a385fbd13e..6312dee312 100644 --- a/docs/releases/5.0.2.txt +++ b/docs/releases/5.0.2.txt @@ -36,3 +36,8 @@ Bugfixes * Fixed a bug in Django 5.0 that caused a migration crash on MySQL when adding a ``BinaryField``, ``TextField``, ``JSONField``, or ``GeometryField`` with a ``db_default`` (:ticket:`35162`). + +* Fixed a bug in Django 5.0 that caused a migration crash on models with a + literal ``db_default`` of a complex type such as ``dict`` instance of a + ``JSONField``. Running ``makemigrations`` might generate no-op ``AlterField`` + operations for fields using ``db_default`` (:ticket:`35149`). diff --git a/tests/migrations/test_autodetector.py b/tests/migrations/test_autodetector.py index c54349313e..340805b259 100644 --- a/tests/migrations/test_autodetector.py +++ b/tests/migrations/test_autodetector.py @@ -1309,7 +1309,7 @@ class AutodetectorTests(BaseAutodetectorTests): changes, "testapp", 0, 0, name="name", preserve_default=True ) self.assertOperationFieldAttributes( - changes, "testapp", 0, 0, db_default=models.Value("Ada Lovelace") + changes, "testapp", 0, 0, db_default="Ada Lovelace" ) @mock.patch( @@ -1515,7 +1515,7 @@ class AutodetectorTests(BaseAutodetectorTests): changes, "testapp", 0, 0, name="name", preserve_default=True ) self.assertOperationFieldAttributes( - changes, "testapp", 0, 0, db_default=models.Value("Ada Lovelace") + changes, "testapp", 0, 0, db_default="Ada Lovelace" ) @mock.patch( diff --git a/tests/migrations/test_operations.py b/tests/migrations/test_operations.py index 5733ba7618..f25bb290a5 100644 --- a/tests/migrations/test_operations.py +++ b/tests/migrations/test_operations.py @@ -1581,7 +1581,7 @@ class OperationTests(OperationTestBase): self.assertEqual(len(new_state.models[app_label, "pony"].fields), 6) field = new_state.models[app_label, "pony"].fields["height"] self.assertEqual(field.default, models.NOT_PROVIDED) - self.assertEqual(field.db_default, Value(4)) + self.assertEqual(field.db_default, 4) project_state.apps.get_model(app_label, "pony").objects.create(weight=4) self.assertColumnNotExists(table_name, "height") # Add field. @@ -1632,7 +1632,7 @@ class OperationTests(OperationTestBase): self.assertEqual(len(new_state.models[app_label, "pony"].fields), 6) field = new_state.models[app_label, "pony"].fields["special_char"] self.assertEqual(field.default, models.NOT_PROVIDED) - self.assertEqual(field.db_default, Value(db_default)) + self.assertEqual(field.db_default, db_default) self.assertColumnNotExists(table_name, "special_char") with connection.schema_editor() as editor: operation.database_forwards( @@ -1700,7 +1700,7 @@ class OperationTests(OperationTestBase): self.assertEqual(len(new_state.models[app_label, "pony"].fields), 6) field = new_state.models[app_label, "pony"].fields["height"] self.assertEqual(field.default, 3) - self.assertEqual(field.db_default, Value(4)) + self.assertEqual(field.db_default, 4) pre_pony_pk = ( project_state.apps.get_model(app_label, "pony").objects.create(weight=4).pk ) @@ -2145,7 +2145,7 @@ class OperationTests(OperationTestBase): old_weight = project_state.models[app_label, "pony"].fields["weight"] self.assertIs(old_weight.db_default, models.NOT_PROVIDED) new_weight = new_state.models[app_label, "pony"].fields["weight"] - self.assertEqual(new_weight.db_default, Value(4.5)) + self.assertEqual(new_weight.db_default, 4.5) with self.assertRaises(IntegrityError), transaction.atomic(): project_state.apps.get_model(app_label, "pony").objects.create() # Alter field. @@ -2187,7 +2187,7 @@ class OperationTests(OperationTestBase): self.assertIs(old_pink.db_default, models.NOT_PROVIDED) new_pink = new_state.models[app_label, "pony"].fields["pink"] self.assertIs(new_pink.default, models.NOT_PROVIDED) - self.assertEqual(new_pink.db_default, Value(4)) + self.assertEqual(new_pink.db_default, 4) pony = project_state.apps.get_model(app_label, "pony").objects.create(weight=1) self.assertEqual(pony.pink, 3) # Alter field. @@ -2217,7 +2217,7 @@ class OperationTests(OperationTestBase): old_green = project_state.models[app_label, "pony"].fields["green"] self.assertIs(old_green.db_default, models.NOT_PROVIDED) new_green = new_state.models[app_label, "pony"].fields["green"] - self.assertEqual(new_green.db_default, Value(4)) + self.assertEqual(new_green.db_default, 4) old_pony = project_state.apps.get_model(app_label, "pony").objects.create( weight=1 ) diff --git a/tests/schema/tests.py b/tests/schema/tests.py index 04ad299aa6..ced3367f00 100644 --- a/tests/schema/tests.py +++ b/tests/schema/tests.py @@ -7,6 +7,7 @@ from unittest import mock from django.core.exceptions import FieldError from django.core.management.color import no_style +from django.core.serializers.json import DjangoJSONEncoder from django.db import ( DatabaseError, DataError, @@ -2333,6 +2334,26 @@ class SchemaTests(TransactionTestCase): with connection.schema_editor() as editor, self.assertNumQueries(0): editor.alter_field(Author, Author._meta.get_field("name"), new_field) + @isolate_apps("schema") + def test_db_default_output_field_resolving(self): + class Author(Model): + data = JSONField( + encoder=DjangoJSONEncoder, + db_default={ + "epoch": datetime.datetime(1970, 1, 1, tzinfo=datetime.timezone.utc) + }, + ) + + class Meta: + app_label = "schema" + + with connection.schema_editor() as editor: + editor.create_model(Author) + + author = Author.objects.create() + author.refresh_from_db() + self.assertEqual(author.data, {"epoch": "1970-01-01T00:00:00Z"}) + @skipUnlessDBFeature( "supports_column_check_constraints", "can_introspect_check_constraints" ) From a47de0d6cd440d4515ede48df8335d91d7ac7793 Mon Sep 17 00:00:00 2001 From: shivaramkumar Date: Mon, 5 Feb 2024 05:36:32 +0100 Subject: [PATCH 004/316] Changed severity levels to list in security policy docs. --- docs/internals/security.txt | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/docs/internals/security.txt b/docs/internals/security.txt index 373012b707..55300b01e1 100644 --- a/docs/internals/security.txt +++ b/docs/internals/security.txt @@ -84,24 +84,24 @@ upcoming security release, as well as the severity of the issues. This is to aid organizations that need to ensure they have staff available to handle triaging our announcement and upgrade Django as needed. Severity levels are: -**High**: +* **High** -* Remote code execution -* SQL injection + * Remote code execution + * SQL injection -**Moderate**: +* **Moderate** -* Cross site scripting (XSS) -* Cross site request forgery (CSRF) -* Denial-of-service attacks -* Broken authentication + * Cross site scripting (XSS) + * Cross site request forgery (CSRF) + * Denial-of-service attacks + * Broken authentication -**Low**: +* **Low** -* Sensitive data exposure -* Broken session management -* Unvalidated redirects/forwards -* Issues requiring an uncommon configuration option + * Sensitive data exposure + * Broken session management + * Unvalidated redirects/forwards + * Issues requiring an uncommon configuration option Second, we notify a list of :ref:`people and organizations `, primarily composed of operating-system vendors and From 02a600ff67f7b106cdcab22310bacea98c1a26ba Mon Sep 17 00:00:00 2001 From: Ben Cail Date: Wed, 15 Nov 2023 14:32:03 -0500 Subject: [PATCH 005/316] Fixed #16281 -- Fixed ContentType.get_object_for_this_type() in a multiple database setup. --- django/contrib/contenttypes/fields.py | 4 +- django/contrib/contenttypes/models.py | 6 +-- docs/ref/contrib/contenttypes.txt | 9 ++++- tests/admin_views/models.py | 3 ++ tests/admin_views/test_multidb.py | 53 +++++++++++++++++++++++++++ tests/multiple_database/tests.py | 28 ++++++++++++++ 6 files changed, 97 insertions(+), 6 deletions(-) diff --git a/django/contrib/contenttypes/fields.py b/django/contrib/contenttypes/fields.py index 1b6abb9818..ce731bf2dd 100644 --- a/django/contrib/contenttypes/fields.py +++ b/django/contrib/contenttypes/fields.py @@ -280,7 +280,9 @@ class GenericForeignKey(FieldCacheMixin): if ct_id is not None: ct = self.get_content_type(id=ct_id, using=instance._state.db) try: - rel_obj = ct.get_object_for_this_type(pk=pk_val) + rel_obj = ct.get_object_for_this_type( + using=instance._state.db, pk=pk_val + ) except ObjectDoesNotExist: pass self.set_cached_value(instance, rel_obj) diff --git a/django/contrib/contenttypes/models.py b/django/contrib/contenttypes/models.py index 0d98ed3a4d..4f16e6eb69 100644 --- a/django/contrib/contenttypes/models.py +++ b/django/contrib/contenttypes/models.py @@ -174,20 +174,20 @@ class ContentType(models.Model): except LookupError: return None - def get_object_for_this_type(self, **kwargs): + def get_object_for_this_type(self, using=None, **kwargs): """ Return an object of this type for the keyword arguments given. Basically, this is a proxy around this object_type's get_object() model method. The ObjectNotExist exception, if thrown, will not be caught, so code that calls this method should catch it. """ - return self.model_class()._base_manager.using(self._state.db).get(**kwargs) + return self.model_class()._base_manager.using(using).get(**kwargs) def get_all_objects_for_this_type(self, **kwargs): """ Return all objects of this type for the keyword arguments given. """ - return self.model_class()._base_manager.using(self._state.db).filter(**kwargs) + return self.model_class()._base_manager.filter(**kwargs) def natural_key(self): return (self.app_label, self.model) diff --git a/docs/ref/contrib/contenttypes.txt b/docs/ref/contrib/contenttypes.txt index 71feee63e0..fa44679659 100644 --- a/docs/ref/contrib/contenttypes.txt +++ b/docs/ref/contrib/contenttypes.txt @@ -106,13 +106,18 @@ methods that allow you to get from a :class:`~django.contrib.contenttypes.models.ContentType` instance to the model it represents, or to retrieve objects from that model: -.. method:: ContentType.get_object_for_this_type(**kwargs) +.. method:: ContentType.get_object_for_this_type(using=None, **kwargs) Takes a set of valid :ref:`lookup arguments ` for the model the :class:`~django.contrib.contenttypes.models.ContentType` represents, and does :meth:`a get() lookup ` - on that model, returning the corresponding object. + on that model, returning the corresponding object. The ``using`` argument + can be used to specify a different database than the default one. + + .. versionchanged:: 5.1 + + The ``using`` argument was added. .. method:: ContentType.model_class() diff --git a/tests/admin_views/models.py b/tests/admin_views/models.py index bd2dc65d2e..341e5aaed0 100644 --- a/tests/admin_views/models.py +++ b/tests/admin_views/models.py @@ -83,6 +83,9 @@ class Book(models.Model): def __str__(self): return self.name + def get_absolute_url(self): + return f"/books/{self.id}/" + class Promo(models.Model): name = models.CharField(max_length=100, verbose_name="¿Name?") diff --git a/tests/admin_views/test_multidb.py b/tests/admin_views/test_multidb.py index d868321a4b..654161e11d 100644 --- a/tests/admin_views/test_multidb.py +++ b/tests/admin_views/test_multidb.py @@ -2,6 +2,8 @@ from unittest import mock from django.contrib import admin from django.contrib.auth.models import User +from django.contrib.contenttypes.models import ContentType +from django.http import HttpResponse from django.test import TestCase, override_settings from django.urls import path, reverse @@ -23,8 +25,15 @@ class Router: site = admin.AdminSite(name="test_adminsite") site.register(Book) + +def book(request, book_id): + b = Book.objects.get(id=book_id) + return HttpResponse(b.title) + + urlpatterns = [ path("admin/", site.urls), + path("books//", book), ] @@ -88,3 +97,47 @@ class MultiDatabaseTests(TestCase): {"post": "yes"}, ) mock.atomic.assert_called_with(using=db) + + +class ViewOnSiteRouter: + def db_for_read(self, model, instance=None, **hints): + if model._meta.app_label in {"auth", "sessions", "contenttypes"}: + return "default" + return "other" + + def db_for_write(self, model, **hints): + if model._meta.app_label in {"auth", "sessions", "contenttypes"}: + return "default" + return "other" + + def allow_relation(self, obj1, obj2, **hints): + return obj1._state.db in {"default", "other"} and obj2._state.db in { + "default", + "other", + } + + def allow_migrate(self, db, app_label, **hints): + return True + + +@override_settings(ROOT_URLCONF=__name__, DATABASE_ROUTERS=[ViewOnSiteRouter()]) +class ViewOnSiteTests(TestCase): + databases = {"default", "other"} + + def test_contenttype_in_separate_db(self): + ContentType.objects.using("other").all().delete() + book = Book.objects.using("other").create(name="other book") + user = User.objects.create_superuser( + username="super", password="secret", email="super@example.com" + ) + + book_type = ContentType.objects.get(app_label="admin_views", model="book") + + self.client.force_login(user) + + shortcut_url = reverse("admin:view_on_site", args=(book_type.pk, book.id)) + response = self.client.get(shortcut_url, follow=False) + self.assertEqual(response.status_code, 302) + self.assertRegex( + response.url, f"http://(testserver|example.com)/books/{book.id}/" + ) diff --git a/tests/multiple_database/tests.py b/tests/multiple_database/tests.py index 337ebae75e..9587030a46 100644 --- a/tests/multiple_database/tests.py +++ b/tests/multiple_database/tests.py @@ -1302,6 +1302,34 @@ class QueryTestCase(TestCase): title="Dive into Water", published=datetime.date(2009, 5, 4), extra_arg=True ) + @override_settings(DATABASE_ROUTERS=["multiple_database.tests.TestRouter"]) + def test_contenttype_in_separate_db(self): + ContentType.objects.using("other").all().delete() + book_other = Book.objects.using("other").create( + title="Test title other", published=datetime.date(2009, 5, 4) + ) + book_default = Book.objects.using("default").create( + title="Test title default", published=datetime.date(2009, 5, 4) + ) + book_type = ContentType.objects.using("default").get( + app_label="multiple_database", model="book" + ) + + book = book_type.get_object_for_this_type(title=book_other.title) + self.assertEqual(book, book_other) + book = book_type.get_object_for_this_type(using="other", title=book_other.title) + self.assertEqual(book, book_other) + + with self.assertRaises(Book.DoesNotExist): + book_type.get_object_for_this_type(title=book_default.title) + book = book_type.get_object_for_this_type( + using="default", title=book_default.title + ) + self.assertEqual(book, book_default) + + all_books = book_type.get_all_objects_for_this_type() + self.assertCountEqual(all_books, [book_other]) + class ConnectionRouterTestCase(SimpleTestCase): @override_settings( From d70b79c6b90c8a9657c6bf7f6eca6f3f9424bb45 Mon Sep 17 00:00:00 2001 From: Tim Graham Date: Mon, 5 Feb 2024 07:18:53 -0500 Subject: [PATCH 006/316] Replaced "Django test runner" with DiscoverRunner in release notes. Removed mention of options supported only by runtests.py. --- docs/releases/3.0.txt | 10 ++-------- docs/releases/3.1.txt | 4 ++-- docs/releases/4.0.txt | 7 +++---- docs/releases/4.1.txt | 5 +++-- docs/releases/5.0.txt | 5 +++-- docs/releases/5.1.txt | 3 --- 6 files changed, 13 insertions(+), 21 deletions(-) diff --git a/docs/releases/3.0.txt b/docs/releases/3.0.txt index 4dfb6aae5a..eb043710c1 100644 --- a/docs/releases/3.0.txt +++ b/docs/releases/3.0.txt @@ -362,14 +362,8 @@ Tests references, and entity references that refer to the same character as equivalent. -* Django test runner now supports headless mode for selenium tests on supported - browsers. Add the ``--headless`` option to enable this mode. - -* Django test runner now supports ``--start-at`` and ``--start-after`` options - to run tests starting from a specific top-level module. - -* Django test runner now supports a ``--pdb`` option to spawn a debugger at - each error or failure. +* :class:`~django.test.runner.DiscoverRunner` can now spawn a debugger at each + error or failure using the :option:`test --pdb` option. .. _backwards-incompatible-3.0: diff --git a/docs/releases/3.1.txt b/docs/releases/3.1.txt index 0b13fc37d2..a872326200 100644 --- a/docs/releases/3.1.txt +++ b/docs/releases/3.1.txt @@ -475,8 +475,8 @@ Tests * The new :setting:`MIGRATE ` test database setting allows disabling of migrations during a test database creation. -* Django test runner now supports a :option:`test --buffer` option to discard - output for passing tests. +* :class:`~django.test.runner.DiscoverRunner` can now discard output for + passing tests using the :option:`test --buffer` option. * :class:`~django.test.runner.DiscoverRunner` now skips running the system checks on databases not :ref:`referenced by tests`. diff --git a/docs/releases/4.0.txt b/docs/releases/4.0.txt index 05f199e4fe..8fb11451a6 100644 --- a/docs/releases/4.0.txt +++ b/docs/releases/4.0.txt @@ -367,8 +367,7 @@ Tests serialized to allow usage of the :ref:`serialized_rollback ` feature. -* Django test runner now supports a :option:`--buffer ` option - with parallel tests. +* The :option:`test --buffer` option now supports parallel tests. * The new ``logger`` argument to :class:`~django.test.runner.DiscoverRunner` allows a Python :py:ref:`logger ` to be used for logging. @@ -376,8 +375,8 @@ Tests * The new :meth:`.DiscoverRunner.log` method provides a way to log messages that uses the ``DiscoverRunner.logger``, or prints to the console if not set. -* Django test runner now supports a :option:`--shuffle ` option - to execute tests in a random order. +* :class:`~django.test.runner.DiscoverRunner` can now execute tests in a random + order using the :option:`test --shuffle` option. * The :option:`test --parallel` option now supports the value ``auto`` to run one test process for each processor core. diff --git a/docs/releases/4.1.txt b/docs/releases/4.1.txt index c840db4a7f..3986774013 100644 --- a/docs/releases/4.1.txt +++ b/docs/releases/4.1.txt @@ -534,8 +534,9 @@ Miscellaneous on the :class:`~django.db.models.Model` instance to which they belong. *This change was reverted in Django 4.1.2.* -* The Django test runner now returns a non-zero error code for unexpected - successes from tests marked with :py:func:`unittest.expectedFailure`. +* :class:`~django.test.runner.DiscoverRunner` now returns a non-zero error code + for unexpected successes from tests marked with + :py:func:`unittest.expectedFailure`. * :class:`~django.middleware.csrf.CsrfViewMiddleware` no longer masks the CSRF cookie like it does the CSRF token in the DOM. diff --git a/docs/releases/5.0.txt b/docs/releases/5.0.txt index a10c9d280a..303ee88078 100644 --- a/docs/releases/5.0.txt +++ b/docs/releases/5.0.txt @@ -432,8 +432,9 @@ Tests * :class:`~django.test.AsyncClient` now supports the ``follow`` parameter. -* The new :option:`test --durations` option allows showing the duration of the - slowest tests on Python 3.12+. +* :class:`~django.test.runner.DiscoverRunner` now allows showing the duration + of the slowest tests using the :option:`test --durations` option (available + on Python 3.12+). Validators ~~~~~~~~~~ diff --git a/docs/releases/5.1.txt b/docs/releases/5.1.txt index 3fefaa9f0e..1d014ceb21 100644 --- a/docs/releases/5.1.txt +++ b/docs/releases/5.1.txt @@ -280,9 +280,6 @@ Tests :meth:`~django.test.SimpleTestCase.assertInHTML` assertions now add haystacks to assertion error messages. -* The Django test runner now supports a ``--screenshots`` option to save - screenshots for Selenium tests. - * The :class:`~django.test.RequestFactory`, :class:`~django.test.AsyncRequestFactory`, :class:`~django.test.Client`, and :class:`~django.test.AsyncClient` classes now support the ``query_params`` From 4b1cd8edc10bb6c3da3a270180d028670a6f2110 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexander=20Lazarevi=C4=87?= Date: Mon, 5 Feb 2024 13:25:44 +0100 Subject: [PATCH 007/316] Corrected cache_page()'s timeout value in tests.generic_views.urls. --- tests/generic_views/urls.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/generic_views/urls.py b/tests/generic_views/urls.py index 2d5301d15e..277b2c4c1b 100644 --- a/tests/generic_views/urls.py +++ b/tests/generic_views/urls.py @@ -27,7 +27,7 @@ urlpatterns = [ ), path( "template/cached//", - cache_page(2.0)(TemplateView.as_view(template_name="generic_views/about.html")), + cache_page(2)(TemplateView.as_view(template_name="generic_views/about.html")), ), path( "template/extra_context/", From 3580b47ed31ec85ae89b13618f36bb463e97acc8 Mon Sep 17 00:00:00 2001 From: Rinat Khabibiev Date: Thu, 15 Sep 2016 08:41:07 +0300 Subject: [PATCH 008/316] Fixed #27225 -- Added "Age" header when fetching cached responses. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Author: Alexander Lazarević --- django/middleware/cache.py | 12 ++++++++++++ tests/cache/tests.py | 31 +++++++++++++++++++++++++++++++ 2 files changed, 43 insertions(+) diff --git a/django/middleware/cache.py b/django/middleware/cache.py index 0fdffe1bbe..196b1995ff 100644 --- a/django/middleware/cache.py +++ b/django/middleware/cache.py @@ -43,6 +43,8 @@ More details about how the caching works: """ +import time + from django.conf import settings from django.core.cache import DEFAULT_CACHE_ALIAS, caches from django.utils.cache import ( @@ -53,6 +55,7 @@ from django.utils.cache import ( patch_response_headers, ) from django.utils.deprecation import MiddlewareMixin +from django.utils.http import parse_http_date_safe class UpdateCacheMiddleware(MiddlewareMixin): @@ -171,6 +174,15 @@ class FetchFromCacheMiddleware(MiddlewareMixin): request._cache_update_cache = True return None # No cache information available, need to rebuild. + # Derive the age estimation of the cached response. + if (max_age_seconds := get_max_age(response)) is not None and ( + expires_timestamp := parse_http_date_safe(response["Expires"]) + ) is not None: + now_timestamp = int(time.time()) + remaining_seconds = expires_timestamp - now_timestamp + # Use Age: 0 if local clock got turned back. + response["Age"] = max(0, max_age_seconds - remaining_seconds) + # hit, return cached response request._cache_update_cache = False return response diff --git a/tests/cache/tests.py b/tests/cache/tests.py index e6ebb718f1..978efdd9d3 100644 --- a/tests/cache/tests.py +++ b/tests/cache/tests.py @@ -2752,6 +2752,37 @@ class CacheMiddlewareTest(SimpleTestCase): self.assertIsNot(thread_caches[0], thread_caches[1]) + def test_cache_control_max_age(self): + view = cache_page(2)(hello_world_view) + request = self.factory.get("/view/") + + # First request. Freshly created response gets returned with no Age + # header. + with mock.patch.object( + time, "time", return_value=1468749600 + ): # Sun, 17 Jul 2016 10:00:00 GMT + response = view(request, 1) + response.close() + self.assertIn("Expires", response) + self.assertEqual(response["Expires"], "Sun, 17 Jul 2016 10:00:02 GMT") + self.assertIn("Cache-Control", response) + self.assertEqual(response["Cache-Control"], "max-age=2") + self.assertNotIn("Age", response) + + # Second request one second later. Response from the cache gets + # returned with an Age header set to 1 (second). + with mock.patch.object( + time, "time", return_value=1468749601 + ): # Sun, 17 Jul 2016 10:00:01 GMT + response = view(request, 1) + response.close() + self.assertIn("Expires", response) + self.assertEqual(response["Expires"], "Sun, 17 Jul 2016 10:00:02 GMT") + self.assertIn("Cache-Control", response) + self.assertEqual(response["Cache-Control"], "max-age=2") + self.assertIn("Age", response) + self.assertEqual(response["Age"], "1") + @override_settings( CACHE_MIDDLEWARE_KEY_PREFIX="settingsprefix", From 4ade8386ebfeb7a781dc2b62542c1cf5f8b9ddaf Mon Sep 17 00:00:00 2001 From: Tom Carrick Date: Tue, 4 Apr 2023 15:11:11 +0100 Subject: [PATCH 009/316] Fixed #10743 -- Allowed lookups for related fields in ModelAdmin.list_display. Co-authored-by: Alex Garcia Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> Co-authored-by: Nina Menezes --- AUTHORS | 2 ++ django/contrib/admin/checks.py | 28 +++++++-------- django/contrib/admin/utils.py | 38 ++++++++++++-------- django/contrib/admin/views/main.py | 14 +++++--- docs/ref/checks.txt | 6 ++-- docs/ref/contrib/admin/index.txt | 20 ++++++++--- docs/releases/5.1.txt | 3 +- tests/admin_changelist/admin.py | 4 +++ tests/admin_changelist/models.py | 5 +++ tests/admin_changelist/tests.py | 58 ++++++++++++++++++++++++++++++ tests/admin_checks/tests.py | 23 ++++++++++++ tests/admin_utils/tests.py | 12 +++++++ tests/modeladmin/test_checks.py | 19 ++++++++-- 13 files changed, 186 insertions(+), 46 deletions(-) diff --git a/AUTHORS b/AUTHORS index 8c903ff6c5..26cfe71138 100644 --- a/AUTHORS +++ b/AUTHORS @@ -44,6 +44,7 @@ answer newbie questions, and generally made Django that much better: Albert Wang Alcides Fonseca Aldian Fazrihady + Alejandro García Ruiz de Oteiza Aleksandra Sendecka Aleksi Häkli Alex Dutton @@ -760,6 +761,7 @@ answer newbie questions, and generally made Django that much better: Nicolas Noé Nikita Marchant Nikita Sobolev + Nina Menezes Niran Babalola Nis Jørgensen Nowell Strite diff --git a/django/contrib/admin/checks.py b/django/contrib/admin/checks.py index aa43718cd6..c1a17af076 100644 --- a/django/contrib/admin/checks.py +++ b/django/contrib/admin/checks.py @@ -915,21 +915,19 @@ class ModelAdminChecks(BaseModelAdminChecks): try: field = getattr(obj.model, item) except AttributeError: - return [ - checks.Error( - "The value of '%s' refers to '%s', which is not a " - "callable, an attribute of '%s', or an attribute or " - "method on '%s'." - % ( - label, - item, - obj.__class__.__name__, - obj.model._meta.label, - ), - obj=obj.__class__, - id="admin.E108", - ) - ] + try: + field = get_fields_from_path(obj.model, item)[-1] + except (FieldDoesNotExist, NotRelationField): + return [ + checks.Error( + f"The value of '{label}' refers to '{item}', which is not " + f"a callable or attribute of '{obj.__class__.__name__}', " + "or an attribute, method, or field on " + f"'{obj.model._meta.label}'.", + obj=obj.__class__, + id="admin.E108", + ) + ] if ( getattr(field, "is_relation", False) and (field.many_to_many or field.one_to_many) diff --git a/django/contrib/admin/utils.py b/django/contrib/admin/utils.py index 0bcf99ae85..c8e722bcc8 100644 --- a/django/contrib/admin/utils.py +++ b/django/contrib/admin/utils.py @@ -289,8 +289,8 @@ def lookup_field(name, obj, model_admin=None): try: f = _get_non_gfk_field(opts, name) except (FieldDoesNotExist, FieldIsAForeignKeyColumnName): - # For non-field values, the value is either a method, property or - # returned via a callable. + # For non-regular field values, the value is either a method, + # property, related field, or returned via a callable. if callable(name): attr = name value = attr(obj) @@ -298,10 +298,17 @@ def lookup_field(name, obj, model_admin=None): attr = getattr(model_admin, name) value = attr(obj) else: - attr = getattr(obj, name) + sentinel = object() + attr = getattr(obj, name, sentinel) if callable(attr): value = attr() else: + if attr is sentinel: + attr = obj + for part in name.split(LOOKUP_SEP): + attr = getattr(attr, part, sentinel) + if attr is sentinel: + return None, None, None value = attr if hasattr(model_admin, "model") and hasattr(model_admin.model, name): attr = getattr(model_admin.model, name) @@ -345,9 +352,10 @@ def label_for_field(name, model, model_admin=None, return_attr=False, form=None) """ Return a sensible label for a field name. The name can be a callable, property (but not created with @property decorator), or the name of an - object's attribute, as well as a model field. If return_attr is True, also - return the resolved attribute (which could be a callable). This will be - None if (and only if) the name refers to a field. + object's attribute, as well as a model field, including across related + objects. If return_attr is True, also return the resolved attribute + (which could be a callable). This will be None if (and only if) the name + refers to a field. """ attr = None try: @@ -371,15 +379,15 @@ def label_for_field(name, model, model_admin=None, return_attr=False, form=None) elif form and name in form.fields: attr = form.fields[name] else: - message = "Unable to lookup '%s' on %s" % ( - name, - model._meta.object_name, - ) - if model_admin: - message += " or %s" % model_admin.__class__.__name__ - if form: - message += " or %s" % form.__class__.__name__ - raise AttributeError(message) + try: + attr = get_fields_from_path(model, name)[-1] + except (FieldDoesNotExist, NotRelationField): + message = f"Unable to lookup '{name}' on {model._meta.object_name}" + if model_admin: + message += f" or {model_admin.__class__.__name__}" + if form: + message += f" or {form.__class__.__name__}" + raise AttributeError(message) if hasattr(attr, "short_description"): label = attr.short_description diff --git a/django/contrib/admin/views/main.py b/django/contrib/admin/views/main.py index 44001f00f9..d8fff50d18 100644 --- a/django/contrib/admin/views/main.py +++ b/django/contrib/admin/views/main.py @@ -30,6 +30,7 @@ from django.core.exceptions import ( ) from django.core.paginator import InvalidPage from django.db.models import F, Field, ManyToOneRel, OrderBy +from django.db.models.constants import LOOKUP_SEP from django.db.models.expressions import Combinable from django.urls import reverse from django.utils.deprecation import RemovedInDjango60Warning @@ -356,9 +357,9 @@ class ChangeList: """ Return the proper model field name corresponding to the given field_name to use for ordering. field_name may either be the name of a - proper model field or the name of a method (on the admin or model) or a - callable with the 'admin_order_field' attribute. Return None if no - proper model field name can be matched. + proper model field, possibly across relations, or the name of a method + (on the admin or model) or a callable with the 'admin_order_field' + attribute. Return None if no proper model field name can be matched. """ try: field = self.lookup_opts.get_field(field_name) @@ -371,7 +372,12 @@ class ChangeList: elif hasattr(self.model_admin, field_name): attr = getattr(self.model_admin, field_name) else: - attr = getattr(self.model, field_name) + try: + attr = getattr(self.model, field_name) + except AttributeError: + if LOOKUP_SEP in field_name: + return field_name + raise if isinstance(attr, property) and hasattr(attr, "fget"): attr = attr.fget return getattr(attr, "admin_order_field", None) diff --git a/docs/ref/checks.txt b/docs/ref/checks.txt index f0eeaca268..cf0ab32efa 100644 --- a/docs/ref/checks.txt +++ b/docs/ref/checks.txt @@ -726,9 +726,9 @@ with the admin site: * **admin.E106**: The value of ``.model`` must be a ``Model``. * **admin.E107**: The value of ``list_display`` must be a list or tuple. -* **admin.E108**: The value of ``list_display[n]`` refers to ``