Re: Fellow Reports - June 2020

2020-06-29 Thread Mariusz Felisiak 
Week ending June 28, 2020.

*Triaged:*
https://code.djangoproject.com/ticket/31721 - Allow ModelForm meta to 
specify formfield_callback. (accepted)
https://code.djangoproject.com/ticket/31732 - Cache function signatures in 
django.utils.inspect. (accepted)
https://code.djangoproject.com/ticket/31733 - Some translation doesn't 
work. (duplicate)
https://code.djangoproject.com/ticket/31735 - Migration crash when adding 
inline foreign key to different schema on PostgreSQL. (accepted)
https://code.djangoproject.com/ticket/31736 - PostgreSQL InspectDB test 
fails on Windows. (accepted)
https://code.djangoproject.com/ticket/31738 - invalid exception thrown 
"django.core.exceptions.ImproperlyConfigured: settings.FIXTURE_DIRS 
contains duplicates." (invalid)
https://code.djangoproject.com/ticket/31737 - Strange admin behaviour on 
Django 3.1b1 with Firefox. (needsinfo)
https://code.djangoproject.com/ticket/31740 - Part 4 of the tutorial 
incorrectly uses a namespaced url (invalid)
https://code.djangoproject.com/ticket/31741 - Admin site applies 
formfield_overrides for parent field class to instance of a child class 
(wontfix)
https://code.djangoproject.com/ticket/26761 - Add 'help_text' property to 
methods in ModelAdmin.list_display. (wontfix)
https://code.djangoproject.com/ticket/31742 - makemigrations crashes for 
ForeignKey with mixed-case app name. (accepted)
https://code.djangoproject.com/ticket/29232 - Add title option for admin 
filter when providing a field name (wontfix)
https://code.djangoproject.com/ticket/31743 - Note that managed=false 
prevents modifications. (accepted)
https://code.djangoproject.com/ticket/27708 - Relation between tables in 
different schemas with big names (fixed)
https://code.djangoproject.com/ticket/17157 - CSRF fails in cross-domain 
iframes on IE (wontfix)

*Reviewed/committed:*
https://github.com/django/django/pull/13089 - Fixed #31728 -- Fixed cache 
culling when no key is found for deletion.
https://github.com/django/django/pull/13085 - Fixed #31692 -- Prevented 
unneeded .po file compilation.
https://github.com/django/django/pull/13091 - Combined MySQL backend server 
info queries.
https://github.com/django/django/pull/12954 - Refs #5691 -- Made cache keys 
independent of USE_L10N.
https://github.com/django/django/pull/13087 - Fixed #16300 -- Improved 
singlehtml docs formatting with headers CSS.
https://github.com/django/django/pull/12675 - Refs #31358 -- Added decode() 
to password hashers.
https://github.com/django/django/pull/12692 - Fixed #31443 -- Fixed login 
redirection in auth mixins when LOGIN_URL is off-site URL.
https://github.com/django/django/pull/12872 - Refs #31541 -- Updated 
Redirect.new_path.help_text.
https://github.com/django/django/pull/13102 - Fixed #31736 -- Fixed 
InspectDBTransactionalTests.test_foreign_data_wrapper crash on Windows.
https://github.com/django/django/pull/13062 - Fixed #31703 -- Made 
makemigrations name all initial migrations "initial".
https://github.com/django/django/pull/13104 - Fixed #31735 -- Fixed 
migrations crash on namespaced inline FK addition on PostgreSQL.
https://github.com/django/django/pull/13097 - Fixed #9061 -- Allowed 
FormSets to disable deleting extra forms.
https://github.com/django/django/pull/12839 - Fixed #31529 -- Added support 
for serialization of pathlib.Path/PurePath and os.PathLike in migrations.
https://github.com/django/django/pull/13074 - Fixed #31743 -- Doc't that 
managed=False prevents Django from managing tables modifications.
https://github.com/django/django/pull/13111 - Fixed #31620 -- Added support 
for %V format to WeekMixin/WeekArchiveView.

*Reviewed:*
https://github.com/django/django/pull/12309 - Fixed #26761 -- Made admin 
changelist and readonly fields display help_text.

*Authored:*
https://github.com/django/django/pull/13112 - Fixed #31742 -- Fixed 
makemigrations crash on ForeignKey to an app with mixed case label.

Best,
Mariusz

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/786d1237-849a-4665-b4dd-2c8e5d60431fo%40googlegroups.com.

[contrib.auth] Separating tightly coupled User model and auth processes implementations

2020-06-29 Thread Maciej Gol 
Hey!

I've been recently working on my small project where I'm trying to keep the 
domain as separated as possible from Django and other libs/frameworks. 
Unfortunately, implementing the auth processes using django's machinery 
turned out to be a bit difficult.

The django auth module depends on the `User.pk` attribute, "silently" 
supports `User.get_session_auth_hash()` method, uses the model reflection 
to serialize ids into the session object and forces the usage of 
AnonymousUser without an easy way out.

It looks like the contrib.auth module does way more than just being a 
simple glue code that re-uses already existing mechanisms: session backends 
and auth backends.

I have a proposal of implementation of auth processes in such a way that 
the old API remains, but it gives Django users way more control over the 
auth system whilst providing the same security guarantees.
Before going out with my proposal, I would like to know your opinion 
whether this attempt actually makes sense?

To give you more context:

I have a domain object called `User` which contains id, {first,last}_name, 
password. And a model `UserModel` which is a subclass of Django's 
`AbstractUser`. The model is just a mean of persistence for the domain 
object, handled via `DatabaseRepository`.
My User does not implement the `pk` attribute, nor the 
`get_session_auth_hash()`. I'm not interested in transforming the 
`UserModel` model and the `AnonymousUser` django object into my own `User` 
domain object, either, because that's just taping over leaking 
implementations.

In the end, I would like to have a way to make sure 
authenticate/login/logout and other contrib.auth methods use my own auth 
backend and return the instances of my own domain object.

What do you think?

Best,
Maciej

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/7ba4fbb5-d7b5-4a3d-8b33-bec2a3bc761eo%40googlegroups.com.