Merge branch 'release-prep' into 'master'

Releasse-prep

See merge request buckinghamshire-council/bc!686

.gitlab-ci.yml

@@ -55,7 +55,7 @@ poetry:
   image: python:3.8-bullseye
   stage: build
   variables:
-    POETRY_VERSION: 1.5.1
+    POETRY_VERSION: 1.7.1
   script:
     - pip install poetry==$POETRY_VERSION
     - python -m venv venv

CHANGELOG.md

@@ -2,6 +2,10 @@
 
 ## Unreleased
 
+## 70.00 (2024-03-18)
+
+Wagtail 5.2 and Django 4.2 upgrade
+
 Compare: <https://git.torchbox.com/buckinghamshire-council/bc/compare/69.14...HEAD>
 
 ## 69.14 (2024-02-05)

Dockerfile

@@ -25,7 +25,7 @@ ARG POETRY_HOME=/opt/poetry
 ARG POETRY_INSTALL_ARGS="--no-dev"
 
 # IMPORTANT: Remember to review both of these when upgrading
-ARG POETRY_VERSION=1.5.1
+ARG POETRY_VERSION=1.7.1
 
 # Install dependencies in a virtualenv
 ENV VIRTUAL_ENV=/venv

bc/alerts/wagtail_hooks.py

@@ -1,4 +1,4 @@
-from wagtail.contrib.modeladmin.options import ModelAdmin, modeladmin_register
+from wagtail_modeladmin.options import ModelAdmin, modeladmin_register
 
 from bc.alerts.models import Alert
 

bc/blogs/wagtail_hooks.py

@@ -1,11 +1,8 @@
 from wagtail import hooks
-from wagtail.contrib.modeladmin.options import (
-    ModelAdmin,
-    ModelAdminGroup,
-    modeladmin_register,
-)
 from wagtail.models import PageLogEntry
 
+from wagtail_modeladmin.options import ModelAdmin, ModelAdminGroup, modeladmin_register
+
 from bc.blogs.models import BlogAlertSubscription, BlogPostPage, NotificationRecord
 
 

bc/cases/tests/test_models.py

@@ -144,7 +144,7 @@ def test_success_page(self, mock_get_form, mock_get_client):
         session.save()
         with self.assertTemplateUsed("patterns/pages/cases/form_page_landing.html"):
             resp = self.client.get(self.case_form_page.url)
-        self.assertNotIn("form", resp.context)
+        self.assertFalse(resp.context["case_reference"])
 
 
 class CaseNameFormattingTest(TestCase):

bc/feedback/wagtail_hooks.py

@@ -11,7 +11,7 @@ def register_usefulness_feedback_report_menu_item():
     return menu.MenuItem(
         UsefulnessFeedbackReportView.title,
         urls.reverse("usefuleness_feedback_report"),
-        classnames="icon icon-" + UsefulnessFeedbackReportView.header_icon,
+        classname="icon icon-" + UsefulnessFeedbackReportView.header_icon,
         order=300,
     )
 
@@ -32,7 +32,7 @@ def register_feedback_comment_report_menu_item():
     return menu.MenuItem(
         FeedbackCommentReportView.title,
         urls.reverse("feedback_comment_report"),
-        classnames="icon icon-" + FeedbackCommentReportView.header_icon,
+        classname="icon icon-" + FeedbackCommentReportView.header_icon,
         order=400,
     )
 

bc/fixtures/wagtailcore/demo_data.json

@@ -741,36 +741,56 @@
   {
     "model": "wagtailcore.grouppagepermission",
     "pk": 1,
-    "fields": { "group": ["Moderators"], "page": 1, "permission_type": "add" }
+    "fields": {
+      "group": ["Moderators"],
+      "page": 1,
+      "permission": ["add_page", "wagtailcore", "page"]
+    }
   },
   {
     "model": "wagtailcore.grouppagepermission",
     "pk": 2,
-    "fields": { "group": ["Moderators"], "page": 1, "permission_type": "edit" }
+    "fields": {
+      "group": ["Moderators"],
+      "page": 1,
+      "permission": ["change_page", "wagtailcore", "page"]
+    }
   },
   {
     "model": "wagtailcore.grouppagepermission",
     "pk": 3,
     "fields": {
       "group": ["Moderators"],
       "page": 1,
-      "permission_type": "publish"
+      "permission": ["publish_page", "wagtailcore", "page"]
     }
   },
   {
     "model": "wagtailcore.grouppagepermission",
     "pk": 4,
-    "fields": { "group": ["Editors"], "page": 1, "permission_type": "add" }
+    "fields": {
+      "group": ["Editors"],
+      "page": 1,
+      "permission": ["add_page", "wagtailcore", "page"]
+    }
   },
   {
     "model": "wagtailcore.grouppagepermission",
     "pk": 5,
-    "fields": { "group": ["Editors"], "page": 1, "permission_type": "edit" }
+    "fields": {
+      "group": ["Editors"],
+      "page": 1,
+      "permission": ["change_page", "wagtailcore", "page"]
+    }
   },
   {
     "model": "wagtailcore.grouppagepermission",
     "pk": 6,
-    "fields": { "group": ["Moderators"], "page": 1, "permission_type": "lock" }
+    "fields": {
+      "group": ["Moderators"],
+      "page": 1,
+      "permission": ["lock_page", "wagtailcore", "page"]
+    }
   },
   {
     "model": "wagtailcore.collection",

bc/images/migrations/0006_django_42_upgrade.py

@@ -0,0 +1,25 @@
+# Generated by Django 4.2.10 on 2024-02-23 07:34
+
+from django.db import migrations
+
+import wagtail.images.models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("images", "0005_wagtail42_image"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="rendition",
+            name="file",
+            field=wagtail.images.models.WagtailImageField(
+                height_field="height",
+                storage=wagtail.images.models.get_rendition_storage,
+                upload_to=wagtail.images.models.get_rendition_upload_to,
+                width_field="width",
+            ),
+        ),
+    ]

bc/news/migrations/0033_django_40_upgrade.py

@@ -0,0 +1,23 @@
+# Generated by Django 4.0.10 on 2024-02-23 07:21
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("news", "0032_tableblock_help_text"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="newspagenewstype",
+            name="news_type",
+            field=models.ForeignKey(
+                on_delete=django.db.models.deletion.CASCADE,
+                related_name="+",
+                to="news.newstype",
+            ),
+        ),
+    ]

bc/recruitment/tests/test_views.py

@@ -53,7 +53,7 @@ def test_internal_key_var(self):
             title="lock picker", homepage=self.homepage_internal
         )
         resp = self.client.get(
-            job.application_url, HTTP_HOST=self.site_internal.hostname + ":80"
+            job.application_url, headers={"host": self.site_internal.hostname + ":80"}
         )
 
         self.assertEqual(resp.status_code, 200)
@@ -77,7 +77,7 @@ def test_external_key_var(self):
             title="sausage stuffer", homepage=self.homepage
         )
         resp = self.client.get(
-            job.application_url, HTTP_HOST=self.site.hostname + ":80"
+            job.application_url, headers={"host": self.site.hostname + ":80"}
         )
 
         self.assertEqual(resp.status_code, 200)
@@ -108,7 +108,7 @@ def test_404_when_job_id_is_badly_formatted(self):
                     + self.homepage.reverse_subpage("apply")
                     + "?jobId="
                     + str(job_id),
-                    HTTP_HOST=self.site.hostname + ":80",
+                    headers={"host": self.site.hostname + ":80"},
                 )
                 self.assertEqual(resp.status_code, 404)
 
@@ -132,7 +132,7 @@ def test_view_when_job_id_does_not_exist(self):
                     + self.homepage.reverse_subpage("apply")
                     + "?jobId="
                     + str(job_id),
-                    HTTP_HOST=self.site.hostname + ":80",
+                    headers={"host": self.site.hostname + ":80"},
                 )
                 self.assertEqual(resp.status_code, 200)
 
@@ -150,7 +150,7 @@ def test_sidebar_normally_shown(self):
             title="puncture patcher", homepage=self.homepage
         )
         resp = self.client.get(
-            job.application_url, HTTP_HOST=self.site.hostname + ":80"
+            job.application_url, headers={"host": self.site.hostname + ":80"}
         )
 
         self.assertEqual(resp.status_code, 200)
@@ -170,7 +170,7 @@ def test_sidebar_not_shown_when_job_id_does_not_exist(self):
             self.homepage.full_url
             + self.homepage.reverse_subpage("apply")
             + "?jobId=abc-123",
-            HTTP_HOST=self.site.hostname + ":80",
+            headers={"host": self.site.hostname + ":80"},
         )
         self.assertEqual(resp.status_code, 200)
         self.assertEqual(resp.context["show_sidebar"], False)

bc/recruitment/wagtail_hooks.py

@@ -1,12 +1,9 @@
 from django.utils.html import format_html
 
-from wagtail.contrib.modeladmin.options import (
-    ModelAdmin,
-    ModelAdminGroup,
-    modeladmin_register,
-)
 from wagtail.search.utils import OR
 
+from wagtail_modeladmin.options import ModelAdmin, ModelAdminGroup, modeladmin_register
+
 from bc.recruitment.models import JobAlertSubscription, TalentLinkJob
 
 

bc/settings/base.py

@@ -43,6 +43,15 @@
 if "NONINDEXED_HOSTS" in env:
     NONINDEXED_HOSTS = env["NONINDEXED_HOSTS"].split(",")
 
+# A list of trusted origins for unsafe requests (e.g. POST).
+# For requests that include the Origin header,
+# Django’s CSRF protection requires that header match
+# the origin present in the Host header.
+# Important: values must include the scheme (e.g. https://) and the hostname
+# https://docs.djangoproject.com/en/stable/ref/settings/#csrf-trusted-origins
+if "CSRF_TRUSTED_ORIGINS" in env:
+    CSRF_TRUSTED_ORIGINS = env["CSRF_TRUSTED_ORIGINS"].split(",")
+
 
 # Application definition
 
@@ -84,7 +93,7 @@
     "wagtail_transfer",
     "rest_framework",
     "wagtailorderable",
-    "wagtail.contrib.modeladmin",
+    "wagtail_modeladmin",
     "wagtail.contrib.settings",
     "wagtail.contrib.search_promotions",
     "wagtail.contrib.forms",
@@ -104,7 +113,7 @@
     "wagtail",
     "modelcluster",
     "taggit",
-    "captcha",
+    "django_recaptcha",
     "wagtailcaptcha",
     "django.contrib.admin",
     "django.contrib.auth",
@@ -277,7 +286,6 @@
 
 USE_I18N = True
 
-USE_L10N = True
 
 USE_TZ = True
 
@@ -292,8 +300,13 @@
 # The static files with this backend are generated when you run
 # "django-admin collectstatic".
 # http://whitenoise.evans.io/en/stable/#quickstart-for-django-apps
-# https://docs.djangoproject.com/en/stable/ref/settings/#staticfiles-storage
-STATICFILES_STORAGE = "whitenoise.storage.CompressedManifestStaticFilesStorage"
+# https://docs.djangoproject.com/en/stable/ref/settings/#std-setting-STORAGES
+STORAGES = {
+    "default": {"BACKEND": "django.core.files.storage.FileSystemStorage"},
+    "staticfiles": {
+        "BACKEND": "whitenoise.storage.CompressedManifestStaticFilesStorage"
+    },
+}
 
 # Place static files that need a specific URL (such as robots.txt and favicon.ico) in the "public" folder
 WHITENOISE_ROOT = os.path.join(BASE_DIR, "public")
@@ -354,8 +367,8 @@
     # Add django-storages to the installed apps
     INSTALLED_APPS.append("storages")
 
-    # https://docs.djangoproject.com/en/stable/ref/settings/#default-file-storage
-    DEFAULT_FILE_STORAGE = "storages.backends.s3boto3.S3Boto3Storage"
+    # https://docs.djangoproject.com/en/stable/ref/settings/#std-setting-STORAGES
+    STORAGES["default"]["BACKEND"] = "storages.backends.s3boto3.S3Boto3Storage"
 
     AWS_STORAGE_BUCKET_NAME = env["AWS_STORAGE_BUCKET_NAME"]
 
@@ -368,6 +381,11 @@
     # Not having this setting may have consequences in losing files.
     AWS_S3_FILE_OVERWRITE = False
 
+    # Default ACL for new files should be "private" - not accessible to the
+    # public. Images should be made available to public via the bucket policy,
+    # where the documents should use wagtail-storages.
+    AWS_DEFAULT_ACL = "private"
+
     # We generally use this setting in the production to put the S3 bucket
     # behind a CDN using a custom domain, e.g. media.llamasavers.com.
     # https://django-storages.readthedocs.io/en/latest/backends/amazon-S3.html#cloudfront
@@ -614,17 +632,14 @@
     SECURE_HSTS_SECONDS = int(env["SECURE_HSTS_SECONDS"])
 
 
-# https://docs.djangoproject.com/en/stable/ref/settings/#secure-browser-xss-filter
-if env.get("SECURE_BROWSER_XSS_FILTER", "true").lower().strip() == "true":
-    SECURE_BROWSER_XSS_FILTER = True
-
-
 # https://docs.djangoproject.com/en/stable/ref/settings/#secure-content-type-nosniff
 if env.get("SECURE_CONTENT_TYPE_NOSNIFF", "true").lower().strip() == "true":
     SECURE_CONTENT_TYPE_NOSNIFF = True
 
 
 # Content Security policy settings
+# Most modern browsers don’t honor the X-XSS-Protection HTTP header.
+# You can use Content-Security-Policy without allowing 'unsafe-inline' scripts instead.
 # http://django-csp.readthedocs.io/en/latest/configuration.html
 if "CSP_DEFAULT_SRC" in env:
     MIDDLEWARE.append("csp.middleware.CSPMiddleware")
@@ -891,3 +906,9 @@
     "bc.blogs.birdbath.DeleteAllBlogAlertSubscriptionProcessor",
     "bc.recruitment.birdbath.DeleteAllRecruitmentAlertSubscriptionProcessor",
 ]
+
+# Isolates the browsing context exclusively to same-origin documents.
+# Cross-origin documents are not loaded in the same browsing context.
+# Set to "same-origin-allow-popups" to allow popups
+# from third-party applications like PayPal or Zoom as needed
+SECURE_CROSS_ORIGIN_OPENER_POLICY = "same-origin"

bc/settings/dev.py

@@ -14,7 +14,7 @@
 ALLOWED_HOSTS = ["*"]
 
 # Silence recapcha key warning
-SILENCED_SYSTEM_CHECKS = ["captcha.recaptcha_test_key_error"]
+SILENCED_SYSTEM_CHECKS = ["django_recaptcha.recaptcha_test_key_error"]
 
 # Allow requests from the local IPs to see more debug information.
 INTERNAL_IPS = ("127.0.0.1", "10.0.2.2")

bc/urls.py

@@ -1,7 +1,7 @@
 from django.apps import apps
 from django.conf import settings
 from django.contrib import admin
-from django.urls import include, path, re_path
+from django.urls import include, path
 from django.views.decorators.vary import vary_on_headers
 from django.views.generic import TemplateView
 
@@ -37,7 +37,7 @@
         JobAlertUnsubscribeView.as_view(),
         name="unsubscribe_job_alert",
     ),
-    re_path(r"^wagtail-transfer/", include(wagtailtransfer_urls)),
+    path("wagtail-transfer/", include(wagtailtransfer_urls)),
 ]
 
 

bc/users/__init__.py

@@ -1 +0,0 @@
-default_app_config = "bc.users.apps.UsersConfig"