Add _legacy_get_session_auth_hash to fix Django 3.1 support

Author: codingjoe

.github/workflows/ci.yml

@@ -4,8 +4,8 @@ jobs:
   docs:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/setup-python@v1.1.1
-      - uses: actions/checkout@v2.0.0
+      - uses: actions/setup-python@v2
+      - uses: actions/checkout@v2
       - run: python -m pip install -r requirements.txt
       - run: python setup.py develop
       - run: python setup.py build_sphinx -W
@@ -18,16 +18,37 @@ jobs:
         python-version: [3.6, 3.7, 3.8]
     steps:
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v1.1.1
+        uses: actions/setup-python@v2
         with:
           python-version: ${{ matrix.python-version }}
-      - uses: actions/checkout@v2.0.0
+      - uses: actions/checkout@v2
       - run: python setup.py test
       - name: Codecov
         run: |
           python -m pip install codecov
           codecov -t ${{secrets.CODECOV_TOKEN}}
 
+  extras:
+    needs: [docs]
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        extras:
+          - wagtail
+        python-version: [3.8]
+    steps:
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v2
+        with:
+          python-version: ${{ matrix.python-version }}
+      - uses: actions/checkout@v2
+      - run: python -m pip install -e ".[${{ matrix.extras }}]"
+      - run: python setup.py test
+      - name: Codecov
+        run: |
+          python -m pip install codecov
+          codecov -t ${{ secrets.CODECOV_TOKEN }}
+
 
   PostgreSQL:
     needs: [docs]
@@ -50,10 +71,10 @@ jobs:
         options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
     steps:
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v1.1.1
+        uses: actions/setup-python@v2
         with:
           python-version: ${{ matrix.python-version }}
-      - uses: actions/checkout@v2.0.0
+      - uses: actions/checkout@v2
       - run: python -m pip install psycopg2-binary Django==${{ matrix.django-version }}
       - run: python setup.py test
         env:

mailauth/contrib/admin/views.py

@@ -1,6 +1,6 @@
 from django.contrib.auth import REDIRECT_FIELD_NAME
 from django.urls import reverse
-from django.utils.translation import ugettext_lazy as _
+from django.utils.translation import gettext_lazy as _
 
 from mailauth.views import LoginView
 

mailauth/contrib/user/migrations/0002_emailuser_session_salt.py

@@ -1,8 +1,9 @@
 # Generated by Django 2.2.1 on 2019-05-27 10:39
 
-import django.utils.crypto
 from django.db import migrations, models
 
+import mailauth
+
 
 class Migration(migrations.Migration):
 
@@ -14,6 +15,6 @@ class Migration(migrations.Migration):
         migrations.AddField(
             model_name='emailuser',
             name='session_salt',
-            field=models.CharField(default=django.utils.crypto.get_random_string, editable=False, max_length=12),
+            field=models.CharField(default=mailauth.contrib.user.models._get_session_salt, editable=False, max_length=12),
         ),
     ]

mailauth/contrib/user/migrations/0004_auto_20200812_0722.py

@@ -0,0 +1,21 @@
+# Generated by Django 3.1 on 2020-08-12 07:22
+
+import django
+from django.db import migrations, models
+
+import mailauth.contrib.user.models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('mailauth_user', '0003_ci_unique_index'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='emailuser',
+            name='first_name',
+            field=models.CharField(blank=True, max_length=150, verbose_name='first name'),
+        ),
+    ]

mailauth/contrib/user/models.py

@@ -1,3 +1,4 @@
+from django.conf import settings
 from django.contrib.auth.base_user import BaseUserManager
 from django.contrib.auth.models import AbstractUser
 from django.db import models
@@ -37,6 +38,10 @@ def create_superuser(self, email, **extra_fields):
         return self._create_user(email, **extra_fields)
 
 
+def _get_session_salt():
+    return get_random_string(12)
+
+
 class AbstractEmailUser(AbstractUser):
     EMAIL_FIELD = 'email'
     USERNAME_FIELD = 'email'
@@ -51,7 +56,7 @@ class AbstractEmailUser(AbstractUser):
     # Salt for the session hash replacing the password in this function.
     session_salt = models.CharField(
         max_length=12, editable=False,
-        default=get_random_string,
+        default=_get_session_salt,
     )
 
     def has_usable_password(self):
@@ -62,12 +67,29 @@ def has_usable_password(self):
     class Meta(AbstractUser.Meta):
         abstract = True
 
+    def _legacy_get_session_auth_hash(self):
+        # RemovedInDjango40Warning: pre-Django 3.1 hashes will be invalid.
+        key_salt = "mailauth.contrib.user.models.EmailUserManager.get_session_auth_hash"
+        if not self.session_salt:
+            raise ValueError("'session_salt' must be set")
+        return salted_hmac(key_salt, self.session_salt, algorithm='sha1').hexdigest()
+
     def get_session_auth_hash(self):
         """Return an HMAC of the :attr:`.session_salt` field."""
         key_salt = "mailauth.contrib.user.models.EmailUserManager.get_session_auth_hash"
         if not self.session_salt:
             raise ValueError("'session_salt' must be set")
-        return salted_hmac(key_salt, self.session_salt).hexdigest()
+        algorithm = getattr(settings, 'DEFAULT_HASHING_ALGORITHM', None)
+        if algorithm is None:
+            return salted_hmac(key_salt, self.session_salt).hexdigest()
+        return salted_hmac(
+            key_salt,
+            self.session_salt,
+            # RemovedInDjango40Warning: when the deprecation ends, replace
+            # with:
+            # algorithm='sha256',
+            algorithm=algorithm,
+        ).hexdigest()
 
 
 delattr(AbstractEmailUser, 'password')

setup.cfg

@@ -38,7 +38,6 @@ tests_require =
     pytest
     pytest-django
     pytest-cov
-    wagtail
 
 [options.package_data]
 * = *.txt, *.rst, *.html, *.po

tests/conftest.py

@@ -1,3 +1,4 @@
+import django
 import pytest
 from django.contrib.auth import get_user_model
 from django.utils import timezone
@@ -36,7 +37,9 @@ def admin_user(db):
 @pytest.fixture()
 def signature():
     """Return a signature matching the user fixture."""
-    return 'LZ.173QUS.1Hjptg.lf2hFgOXQtjQsFypS2ItRG2hkpA'
+    if django.VERSION < (3, 1):
+        return 'LZ.173QUS.1Hjptg.lf2hFgOXQtjQsFypS2ItRG2hkpA'
+    return 'LZ.173QUS.1Hjptg.UtFdkTPoyrSA0IB6AUEhtz_hMyFZY0kcREE1HnWdFq4'
 
 
 @pytest.fixture()

tests/contrib/auth/test_models.py

@@ -1,3 +1,4 @@
+import django
 import pytest
 from django.core.exceptions import FieldDoesNotExist
 
@@ -28,6 +29,32 @@ def test_get_session_auth_hash__unique(self, db):
 
         assert spiderman.get_session_auth_hash() != ironman.get_session_auth_hash()
 
+    @pytest.mark.skipif(django.VERSION < (3, 1), reason="requires Django 3.1 or higher")
+    def test_legacy_get_session_auth_hash__default(self, db):
+        user = EmailUser(email='spiderman@avengers.com')
+
+        assert user.session_salt
+        assert user._legacy_get_session_auth_hash()
+
+    @pytest.mark.skipif(django.VERSION < (3, 1), reason="requires Django 3.1 or higher")
+    def test_legacy_get_session_auth_hash__value_error(self, db):
+        user = EmailUser(email='spiderman@avengers.com', session_salt=None)
+
+        with pytest.raises(ValueError) as e:
+            user._legacy_get_session_auth_hash()
+
+        assert "'session_salt' must be set" in str(e.value)
+
+    @pytest.mark.skipif(django.VERSION < (3, 1), reason="requires Django 3.1 or higher")
+    def test_legacy_get_session_auth_hash__unique(self, db):
+        spiderman = EmailUser(email='spiderman@avengers.com')
+        ironman = EmailUser(email='ironman@avengers.com')
+
+        assert (
+            spiderman._legacy_get_session_auth_hash() !=
+            ironman._legacy_get_session_auth_hash()
+        )
+
     def test_password_field(self):
         user = EmailUser(email='spiderman@avengers.com')
         with pytest.raises(FieldDoesNotExist):

tests/contrib/wagtail/test_views.py

@@ -1,12 +1,17 @@
-from mailauth.contrib.wagtail.views import LoginView
+import pytest
+
 from mailauth.forms import EmailLoginForm
 
 
 class TestLoginView:
     def test_get_from_class(self):
+        pytest.importorskip('wagtail')
+        from mailauth.contrib.wagtail.views import LoginView
         assert issubclass(LoginView().get_form_class(), EmailLoginForm)
 
     def test_form_valid(self, rf, db):
+        pytest.importorskip('wagtail')
+        from mailauth.contrib.wagtail.views import LoginView
         view = LoginView()
         request = rf.get('/')
 

tests/test_backends.py

@@ -62,5 +62,5 @@ def test_get_login_url(self, signer, signature):
         backend = MailAuthBackend()
         MailAuthBackend.signer = signer
         assert backend.get_login_url(signature) == (
-            "/accounts/login/LZ.173QUS.1Hjptg.lf2hFgOXQtjQsFypS2ItRG2hkpA"
+            f"/accounts/login/{signature}"
         )