[BB2-1283, BB2-1313] Django Upgrade 2.2.28 to 3.2.13 Python37 (#1027)

* first cut p37 django upgrade

* missed whl

* pip upgrade in CI docker.

* remove source dist for cryptography-37.0.2.tar.gz

* store the custom migration sql scripts to be handy on the target EC2

* pip upgrade on CI docker venv.

* pip install cryptography==37.0.2

* fix LGTM encoding warning in source code text.

* manually provision cryptography-37.0.2-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl(the binary used on CI docker) in vendor folder.

* added debugging and tracing..

* added debugging and tracing..

* fix dotenv import ...

* clean up.

* bump django to 3.2.14 to address C vuln CVE-2022-34265

* bump django_storages from 1.7.1 to 1.12.3 to resolve django.util.six reference.

* restore base settings DEBUG flag setting.

* change Django DEBUG flag default to False - to be safer.

Author: James Fuqian

Dockerfile.selenium

@@ -2,11 +2,13 @@ FROM selenium/standalone-chrome-debug
 
 ENV PYTHONUNBUFFERED 1
 USER root
-RUN apt-get update && apt-get install -yq python3.8 python3-pip git
-RUN pip3 install --upgrade pip
-RUN pip3 install selenium psycopg2-binary==2.8.6 pyyaml==5.4.1 Pillow==9.0.1
+# libpq-dev: ubuntu dev lib for psypsycopg2 sdist build
+RUN apt-get update && apt-get install -yq python3.7 python3-pip git libpq-dev libffi-dev
 RUN mkdir /code
 ADD . /code/
 WORKDIR /code
+RUN ln -s /usr/bin/python3 /usr/local/bin/python
+RUN pip install --upgrade pip
+RUN pip install selenium
+RUN pip install pyyaml==6.0 Pillow==9.0.1
 RUN make reqs-install-dev
-RUN ln -s /usr/bin/python3 /usr/local/bin/python

Dockerfiles/Dockerfile.selenium-jenkins

@@ -7,6 +7,8 @@ RUN mkdir /code
 ADD . /code/
 WORKDIR /code
 
+RUN pip install --upgrade pip
+
 RUN apt-get update && apt-get install -yq git unzip curl
 
 # Install Chrome for Selenium

Jenkinsfiles/Jenkinsfile.cbc-run-multi-pr-checks

@@ -36,6 +36,7 @@ pipeline {
         sh """
           python -m venv venv
           . venv/bin/activate
+          pip install --upgrade pip
           make reqs-install-dev
         """
       }

Jenkinsfiles/Jenkinsfile.cbc-run-multi-pr-checks-w-selenium

@@ -1,7 +1,7 @@
 pipeline {
   agent {
     kubernetes {
-      defaultContainer "bb2-cbc-build-selenium"
+      defaultContainer "bb2-cbc-build-selenium-django32"
       yamlFile "Jenkinsfiles/cbc-pod-deployment-config-w-selenium.yaml"
     }
   }
@@ -55,8 +55,9 @@ pipeline {
         sh """
           python -m venv venv
           . venv/bin/activate
-          make reqs-install-dev
           pip install selenium
+          pip install cryptography==37.0.2
+          make reqs-install-dev
         """
       }
     }

Jenkinsfiles/cbc-pod-deployment-config-w-selenium.yaml

@@ -2,8 +2,8 @@ apiVersion: v1
 kind: Pod
 spec:
   containers:
-    - name: bb2-cbc-build-selenium
-      image: "public.ecr.aws/f5g8o1y9/bb2-cbc-build-selenium:latest"
+    - name: bb2-cbc-build-selenium-django32
+      image: "public.ecr.aws/f5g8o1y9/bb2-cbc-build-selenium-django32:latest"
       tty: true
       command: ["tail", "-f"]
       imagePullPolicy: Always

apps/accounts/tests/test_case_ins_username.py

@@ -1,7 +1,9 @@
+from django.contrib.auth.models import User
+from django.http import HttpRequest
 from django.test import TestCase
 from django.test.client import Client
-from django.contrib.auth.models import User
 from django.urls import reverse
+
 from ..models import UserProfile
 
 
@@ -22,13 +24,15 @@ def setUp(self):
         self.client = Client()
 
     def test_page_loads(self):
-        self.client.login(username="fred@example.com", password="foobar")
+        request = HttpRequest()
+        self.client.login(request=request, username="fred@example.com", password="foobar")
         url = reverse('account_settings')
         response = self.client.get(url, follow=True)
         self.assertEqual(response.status_code, 200)
 
     def test_all_fields_required(self):
-        self.client.login(username="fred@example.com", password="foobar")
+        request = HttpRequest()
+        self.client.login(request=request, username="fred@example.com", password="foobar")
         url = reverse('account_settings')
         form_data = {'username': '',
                      'email': 'fred@example.com',
@@ -41,7 +45,8 @@ def test_all_fields_required(self):
         self.assertContains(response, 'This field is required.')
 
     def test_username_forced_to_lower(self):
-        self.client.login(username="fred@example.com", password="foobar")
+        request = HttpRequest()
+        self.client.login(request=request, username="fred@example.com", password="foobar")
         url = reverse('account_settings')
         form_data = {'username': 'FRED@Example.com',
                      'email': 'fred@example.com',

apps/accounts/tests/test_create_account.py

@@ -42,6 +42,7 @@ def test_valid_account_create(self):
             'last_name': 'Rubble',
             'identification_choice': str(ident_choice.pk),
         }
+
         response = self.client.post(self.url, form_data, follow=True)
 
         self.assertEqual(response.status_code, 200)

apps/accounts/tests/test_enduser_cannot_reach_standard_admin_login.py

@@ -1,3 +1,4 @@
+from django.http import HttpRequest
 from django.test import TestCase
 from django.contrib.auth.models import User
 from django.test.client import Client
@@ -27,7 +28,8 @@ def setUp(self):
         user = User.objects.get(username='fred')
         UserProfile.objects.create(user=user)
         self.client = Client()
-        self.client.login(username='fred', password='bedrocks')
+        request = HttpRequest()
+        self.client.login(request=request, username='fred', password='bedrocks')
         self.url = reverse('admin:login')
 
     def test_standard_user_cannot_reach_admin_login(self):

apps/accounts/tests/test_login.py

@@ -67,6 +67,11 @@ def test_valid_login_case_insensitive_username(self):
     def test_invalid_login(self):
         """
         Invalid user cannot login
+        Django upgrade 3.2:
+        Now AXES gives warning as shown below:
+        AXES: New login failure by
+        {username: "fred", ip_address: "127.0.0.1", user_agent: "<unknown>", path_info: "/v1/accounts/login"}.
+        Created new record in the database
         """
         form_data = {'username': 'fred', 'password': 'dino'}
         response = self.client.post(self.url, form_data, follow=True)

apps/accounts/tests/test_password_reset_while_authenticated.py

@@ -1,5 +1,6 @@
 import time
 from django.contrib.auth.models import User
+from django.http import HttpRequest
 from django.test import TestCase
 from django.test.client import Client
 from django.urls import reverse
@@ -50,7 +51,8 @@ def setUp(self):
 
     @override_switch('login', active=True)
     def test_page_loads(self):
-        self.client.login(username="fred", password="foobarfoobarfoobar")
+        request = HttpRequest()
+        self.client.login(request=request, username="fred", password="foobarfoobarfoobar")
         url = reverse('password_change')
         response = self.client.get(url, follow=True)
         self.assertEqual(response.status_code, 200)
@@ -63,7 +65,8 @@ def test_page_requires_authentication(self):
 
     @override_switch('login', active=True)
     def test_password_ischanged(self):
-        self.client.login(username="fred", password="foobarfoobarfoobar")
+        request = HttpRequest()
+        self.client.login(request=request, username="fred", password="foobarfoobarfoobar")
         url = reverse('password_change')
         form_data = {'old_password': 'foobarfoobarfoobar',
                      'new_password1': 'IchangedTHEpassword#123',
@@ -78,7 +81,8 @@ def test_password_ischanged(self):
 
     @override_switch('login', active=True)
     def test_password_change_complexity_and_min_age_validation(self):
-        self.client.login(username="fred", password="foobarfoobarfoobar")
+        request = HttpRequest()
+        self.client.login(request=request, username="fred", password="foobarfoobarfoobar")
         url = reverse('password_change')
         # sleep 3 sec to let min password age of 3 sec elapse
         time.sleep(3)
@@ -115,7 +119,8 @@ def test_password_change_complexity_and_min_age_validation(self):
 
     @override_switch('login', active=True)
     def test_password_change_reuse_validation(self):
-        self.client.login(username="fred", password="foobarfoobarfoobar")
+        request = HttpRequest()
+        self.client.login(request=request, username="fred", password="foobarfoobarfoobar")
         url = reverse('password_change')
 
         # first password change