| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
| |
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
| |
|
|
| |
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
| |
|
|
|
|
|
|
|
| |
This should resolve migration issues arising from PostgreSQL's inability
to mix data and schema migrations in a single transaction.
Signed-off-by: Stephen Finucane <stephen@that.guru>
Acked-by: Aaron Conole <aconole@bytheb.org>
Closes-bug: #104
|
| |
|
|
| |
Fixes: d1c605f ("views: Stop using Bundle.public_url")
|
| |
|
|
|
|
|
| |
Turns out 'prelude' sections can't be lists.
Signed-off-by: Stephen Finucane <stephen@that.guru>
Fixes: dd72ff6 ("docs: Add prelude section for v2.0.0")
|
| |
|
|
|
|
| |
This was missed in '5e3b234'.
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
| |
|
|
|
|
|
| |
Call out the two most important features in this release: the REST API
and series/cover letter support.
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
| |
|
|
|
|
|
| |
This means using the correct link for the cover mbox and not displaying
one for the non-existent diff.
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
| |
|
|
| |
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
| |
|
|
| |
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
| |
|
|
|
|
|
|
|
|
|
| |
Move filename generation to a mixin. This allows us to reuse the code
for other items like cover letters. Some unncessary 'strip' calls are
removed as their unnecessary.
This allows us to change the file extension for diffs to 'diff', which
is a little more accurate.
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
| |
|
|
|
|
| |
This is pretty simple but let's add this to prevent regressions.
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
It's possible to duplicate message headers multiple times. One common
case is the 'Received' header, but it appears that multiple
'In-Reply-To' and 'References' headers are also a thing.
Handle these cases through the use of the 'Message.get_all' function,
which returns all matching headers, instead of the 'Message.get'
function previously used.
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
| |
|
|
|
|
|
|
|
|
| |
Some mail, particularly those generated with older versions of
git-send-email or written by hand, include some extra whitespace in the
'References' and 'In-Reply-To' lines. Ensure we always strip this,
preventing mismatches between this and 'Message-ID', which is already
stripped of whitespace, when looking up SeriesReference's.
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Not every series will include the reference headers necessary to do
proper series-ification, particularly those generated without the help
of 'git-send-email' or similar.
Make life a little easier for these folks by attempting to match on
other heuristics of the series: submitter, version, number of patches,
project (mailing list) and date. The last of these is particularly
important to prevent duplicate series getting munged together.
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
| |
|
|
|
|
|
|
| |
As requested.
Signed-off-by: Stephen Finucane <stephen@that.guru>
Reported-by: Thomas Monjalon <thomas@monjalon.net>
Closes-bug: #77
|
| |
|
|
|
|
|
|
|
| |
api/rest.rst gives an example of how to POST parameters to the PatchDetail
view at api/patches/<patch_id>. However, the endpoint in question doesn't
support POST - you need to use PUT or PATCH. Change it to PATCH.
Signed-off-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
Reviewed-by: Stephen Finucane <stephen@that.guru>
|
| |
|
|
|
|
|
|
| |
Add some tests to check that owners can view their private bundles while
other authenticated users can't.
Signed-off-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 0b4f508a8438 ("views: Allow use of basic auth for bundle mboxes")
added support for using Django REST Framework's BasicAuthentication to
authenticate when accessing the bundle-mbox view.
To check the user's credentials, we call
BasicAuthentication.authenticate(), however, we don't check whether
the returned user is actually the bundle owner. This means that any user
can access any private bundle if they authenticate using basic
authentication.
Additionally, if invalid credentials are provided via a basic
authentication header, BasicAuthentication.authenticate() will throw an
AuthenticationFailed exception. We currently don't catch this, resulting in
an exception page being displayed rather than a 404.
Add a new helper, rest_auth(), that takes a request and returns a user.
Call this in bundle_mbox() and save the result into request.user before we
check whether request.user is actually the bundle owner.
Found by code inspection.
Fixes: 0b4f508a8438 ("views: Allow use of basic auth for bundle mboxes")
Signed-off-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
Reviewed-by: Stephen Finucane <stephen@that.guru>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When starting the Docker environment, if the web container can't see the
database immediately, it waits 5 seconds, tries again, then waits 15
seconds more to account for first-time start-ups where it takes a bit
longer for the database to be initialised.
Some of us, unfortunately, have slow computers with slow mechanical hard
drives which take just a bit longer. Increase the second timeout from 15
seconds to 60 seconds, testing every 5 seconds.
Signed-off-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
Acked-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Stephen Finucane <stephen@that.guru>
|
| |
|
|
|
|
|
| |
There's no dot before the rc version.
Signed-off-by: Stephen Finucane <stephen@that.guru>
Fixes: b02c43d ("docs: Add pre-release regex")
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On python 2, the reference implementation of the XML-RPC unmarshaller
decodes strings to unicode with the selected encoding (utf-8 by default)
but it tries to re-encode the unicode strings to ascii bytes before
returning the values. If it fails, it leaves the value as unicode.
See these links for more details:
https://hg.python.org/cpython/file/2.7/Lib/xmlrpclib.py#l878
https://hg.python.org/cpython/file/2.7/Lib/xmlrpclib.py#l180
https://hg.python.org/cpython/file/3.6/Lib/xmlrpc/client.py#l753
Monkey-patch the internal xmlrpclib._stringify() function only on python
2 to force it to preserve unicode strings. This allows to have similar
behaviour in both python 2 and python 3.
Signed-off-by: Robin Jarry <robin.jarry@6wind.com>
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
| |
|
|
|
|
|
|
| |
In hindsight, it's a bit odd that we would filter project by linkname by
everything else by ID. Simply support both.
Signed-off-by: Stephen Finucane <stephen@that.guru>
Fixes: e27b68a ("REST: Filter on Project.linkname - not Project.pk")
|
| |
|
|
| |
Reviewed-by: Stephen Finucane <stephen@that.guru>
|
| |
|
|
|
|
|
|
| |
It seems Django uses deprecated items in Python 3.x, meaning we can't
use this.
Signed-off-by: Stephen Finucane <stephen@that.guru>
Fixes: 9db5cd0 ("tox: Turn deprecation notices into warnings")
|
| |
|
|
|
|
|
| |
We missed this previously and now it's breaking Django 1.6.
Signed-off-by: Stephen Finucane <stephen@that.guru>
Fixes: 8ae7705 ("templates: Resolve cycle issues with Django 1.10")
|
| |
|
|
|
|
|
|
| |
This was causing a deprecation warning. Clearly we don't need to special
case Django 1.6 here.
Signed-off-by: Stephen Finucane <stephen@that.guru>
Fixes: 9db5cd0 ("tox: Turn deprecation notices into warnings")
|
| |
|
|
|
| |
Signed-off-by: Stephen Finucane <stephen@that.guru>
Fixes: 8585ea5 ("models: Use 'base_manager_name'")
|
| |
|
|
|
|
|
| |
This provides basic click jacking protection. This was identified using
'manage.py check --deploy'.
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Turns out filtering patches using a series string wasn't as easy as we
thought. We need to slugify State.name, but unfortunately that isn't
stored in the database. The tests were hiding this fact as State objects
created by 'tests.utils.create_state' don't have spaces in them.
Override custom versions of both django-filter's 'Filter' class and
the Django 'Form' required by this, and update the tests to prevent a
regression.
Signed-off-by: Stephen Finucane <stephen@that.guru>
Fixes: 6222574 ("REST: filter patches by state name")
Tested-by: Philippe Pepiot <philippe.pepiot@logilab.fr>
|
| |
|
|
|
|
| |
This is what we expect based on the web UI.
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In developing a client for the Patchwork REST API, git-pw, it was noted
that it should be possible to embed some information about nested
resources in order to prevent the need for additional requests [1]. It
was seen that this would be particularly beneficial for list operations,
where each element in the N sized list could theoretically require an
additional request for each of the M nested fields, resulting in N * (M
+ 1) total requests.
Upon experimenting with the 2.0 RC1 API, this optimization was found to
be less of a nice-to-have (and possibly something for the 2.1 release)
and more of a must-have, particularly once one took network latency for
each request into account. During testing with 'git-pw', simple list
operations were found to take an average of 31 requests per operation,
of which only one for was the resource endpoint itself ('GET
/api/series'). As each of these requests took ~2 seconds a piece,
listing was essentially broken.
While local caching could be used to offset some of this demand, this
will result in (a) significantly larger, more complex clients or (b)
instances that strain under the load of dumb clients making multiple
requests per operation. Instead, the server should be smarter about
embedding the data that would actually be required by clients.
Resolve the issue by embedding summarized versions of various nested
fields instead of merely linking to them. Nesting is only a single level
deep, to avoid large/complex database queries and with the expectation
that only these basic fields (resource names, dates, etc.) would be
required. These summary serializers are kept in their own module, to
encourage consistent results throughout the API and to prevent circular
import errors.
This will have the side effect of slightly increasing load on the server
due to the additional serialization required. However, this load is
largely mitigated through the avoidance of deeper nesting as noted
above. In addition, any increase in load seen will be a fraction of the
demand that repeat requests will incur. While it would be possible to
make nesting optional (by way of an 'embed' or 'expand' parameter), it
is expected that this would be an atypical request and would result in
far more complicated serialization code.
[1] https://github.com/stephenfin/git-pw/blob/21e0e593/git_pw/patch.py#L88-L89
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
| |
|
|
|
|
|
| |
This wasn't added in '6deedfb7' but it should have been.
Signed-off-by: Stephen Finucane <stephen@that.guru>
Fixes: 6deedfb7 ("views: Expose Series mbox")
|
| |
|
|
|
|
|
|
|
| |
While this is a very helpful field to include, doing so significantly
increases the number of DB queries necessary for listing patches (from
~14 to ~46). Stop including this information until the model itself is
reworked to prevent this issue.
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There were two issues here:
- The 'get_queryset' function, rather than the 'queryset' attribute,
must be overriden when using either the 'prefetch_related' or
'select_related' functions
- A couple of endpoints contained a 'project' attribute, but this wasn't
being prefetched. This didn't cause issues in a single-project
deployment, as used in testing, but will for larger deployments
Resolve both issues.
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
| |
|
|
|
|
|
|
|
|
|
| |
Django does an excellent job of marking what features are going to
change in upcoming releases through extensive use of the 'warnings' module.
Pass the '-Werror' flag to 'manage.py' in tests, ensuring that any
warnings will result in exceptions instead. This should make upgrades a
mostly painless process going forward.
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
| |
|
|
|
|
|
|
| |
This raises a warning in Django 1.10 and will cause an error in 2.0.
This resolves all issues with Django 1.9.
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
| |
|
|
|
|
| |
This raises warnings in Django 1.10 and will be mandatory in Django 2.0.
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
| |
|
|
|
|
| |
This raises a warning in Django 1.10 and will cause an error in 2.0.
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
| |
|
|
|
|
|
|
|
| |
This raises warnings in Django 1.10 and will be required in Django 1.11.
We also set 'silence_use_for_related_fields_deprecation' to allow us to
retain the current behavior on versions of Django < 1.10.
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This raises a warning in Django 1.9 and will cause an error in Django
2.0. Per the documentation [1] it is not even necessary so it can simply
be removed.
This resolves all issues with Django 1.9.
[1] https://docs.djangoproject.com/en/1.11/ref/contrib/admin/\
#hooking-adminsite-instances-into-your-urlconf
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
| |
|
|
|
|
| |
This raises warnings for Django 1.9 and will be mandatory in Django 2.0.
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
| |
|
|
|
|
| |
This raises warnings in Django 1.9 and will be mandatory in Django 2.0.
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
| |
|
|
|
|
|
|
|
|
| |
This raises warnings for Django 1.8 and is mandatory in Django 1.10. It
provides a helpful feature, invalidating a user's session when their
password is changed, and can/should be enabled.
This resolves all issues with Django 1.8.
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The deployment guide currently suggests using the 'default_project'
fixture when deploying a production installation of Patchwork. While one
_could_ use this, it's generally unnecessary given that most people care
about their own projects and not Patchwork.
Resolve this by simply removing any references. The references are
retained for the development installation guide, as they're likely
useful here.
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
| |
|
|
|
|
|
|
|
|
|
| |
Commit 8fe68d96f18e ("wsgi: Move wsgi file to expected location")
relocated lib/apache2/patchwork.wsgi to patchwork/wsgi.py but did not
update the Apache2 example configuration file under
lib/apache2/patchwork.wsgi.conf.
Fixes: 8fe68d96f18e ("wsgi: Move wsgi file to expected location")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Reviewed-by: Stephen Finucane <stephen@that.guru>
|
| |
|
|
|
|
| |
Check contexts must now be slugs. Document this in the release notes.
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
| |
|
|
|
|
|
| |
The release notes say this is already the case. As the API is now
functionally complete, there's no reason not to toggle this. Make it so.
Signed-off-by: Stephen Finucane <stephen@that.guru>
|
| |
|
|
|
|
| |
Signed-off-by: Stephen Finucane <stephen@that.guru>
Reported-by: Philippe Pepiot <philippe.pepiot@logilab.fr>
Fixes: 150f6150 ("lib: Update uWSGI, nginx config files")
|
| |
|
|
|
|
|
| |
The reno extension doesn't seem to trigger an environment rebuild. Force
this.
Signed-off-by: Stephen Finucane <stephen@that.guru>
|