From a1ed1b27e447b545d9e829a9e1faa32f3a0e3782 Mon Sep 17 00:00:00 2001
From: ShraddhaAg <shraddha.agrawal000@gmail.com>
Date: May 20 2019 20:52:12 +0000
Subject: [PATCH 1/2] Add WYSIWYG editor and solve urllib3/requests dependency error


This commit includes the following:

1. Adds a WYSIWYG text editor using django-ckeditor.
2. Resolve urllib3 dependency error for the suitable version needed
to support requests.
3. Adds bleach to sanitize HTML

---

diff --git a/happinesspackets/messaging/forms.py b/happinesspackets/messaging/forms.py
index 63f1192..0b632b5 100644
--- a/happinesspackets/messaging/forms.py
+++ b/happinesspackets/messaging/forms.py
@@ -12,6 +12,7 @@ from django.urls import reverse
 from django.db.models import Q
 from django.utils import timezone
 from email_normalize import normalize
+import bleach
 
 from .models import Message, strip_email
 
@@ -75,7 +76,37 @@ class MessageSendForm(forms.ModelForm):
             return True
         else:
             return False
-            
+    
+    def clean_message(self): 
+        """ Cleans given HTML with bleach.clean() """
+
+        allowed_tags = set(bleach.ALLOWED_TAGS + [ 
+            'a', 'blockquote', 'code', 'del', 'dd', 'dl', 'dt', 
+            'h1', 'h2', 'h3', 'h3', 'h4', 'h5', 'i', 'img', 'kbd', 
+            'li', 'ol', 'ul', 'p', 'pre', 's', 'sup', 'sub', 'em', 
+            'strong', 'strike', 'ul', 'br', 'hr', ]) 
+
+        allowed_styles = set(bleach.ALLOWED_STYLES + [ 
+            'color', 'background-color', 'font', 'font-weight', 
+            'height', 'max-height', 'min-height', 
+            'width', 'max-width', 'min-width', ]) 
+
+        allowed_attributes = {}   
+        allowed_attributes.update(bleach.ALLOWED_ATTRIBUTES) 
+        allowed_attributes.update({ 
+            '*': ['class', 'title'], 
+            'a': ['href', 'rel'], 
+            'img': ['alt', 'src', 'width', 'height', 'align', 'style', 'max-width'], 
+        }) 
+        html = self.cleaned_data['message']
+        return bleach.clean(
+            html, 
+            strip=True,
+            tags=allowed_tags, 
+            attributes=allowed_attributes, 
+            styles=allowed_styles
+        ) 
+    
     def clean(self):
         super(MessageSendForm, self).clean()
         isREEqualsSE = self.is_recipient_email_equals_sender_email()
diff --git a/happinesspackets/messaging/migrations/0007_message_field.py b/happinesspackets/messaging/migrations/0007_message_field.py
new file mode 100644
index 0000000..5450565
--- /dev/null
+++ b/happinesspackets/messaging/migrations/0007_message_field.py
@@ -0,0 +1,19 @@
+# Generated by Django 2.0 on 2019-05-08 11:53
+
+import ckeditor.fields
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('messaging', '0006_message_recipient_username'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='message',
+            name='message',
+            field=ckeditor.fields.RichTextField(),
+        ),
+    ]
\ No newline at end of file
diff --git a/happinesspackets/messaging/models.py b/happinesspackets/messaging/models.py
index 360e68f..612c843 100755
--- a/happinesspackets/messaging/models.py
+++ b/happinesspackets/messaging/models.py
@@ -10,6 +10,7 @@ from django.template.loader import render_to_string
 from django.utils.crypto import salted_hmac
 from model_utils import Choices
 from model_utils.models import TimeStampedModel
+from ckeditor.fields import RichTextField
 
 from happinesspackets.utils.misc import readable_random_token
 from happinesspackets.tasks import send_html_mail
@@ -40,7 +41,7 @@ class Message(TimeStampedModel):
     recipient_email_stripped = models.CharField(max_length=255)
     recipient_email_token = models.CharField(max_length=255, db_index=True)
 
-    message = models.TextField()
+    message = RichTextField()
 
     sender_named = models.BooleanField(default=False)
     sender_approved_public = models.BooleanField(default=False)
diff --git a/happinesspackets/settings/base.py b/happinesspackets/settings/base.py
index 130f906..6011b30 100644
--- a/happinesspackets/settings/base.py
+++ b/happinesspackets/settings/base.py
@@ -11,6 +11,18 @@ with open("config.yml", 'r') as ymlfile:
 
 PROJECT_DIR = Path(__file__).ancestor(3)
 
+# CKEditor configurations
+CKEDITOR_ALLOW_NONIMAGE_FILES = False
+
+CKEDITOR_CONFIGS = {
+    'default': {
+        'removePlugins':'smiley',
+        'extraPlugins': 'stylesheetparser',
+        'width': 'auto',
+        'contentsCss': 'html, iframe, body, img {max-width:100%;}',
+    },
+}
+
 # For clean_pyc to work without complaining
 BASE_DIR = PROJECT_DIR
 
@@ -118,6 +130,7 @@ INSTALLED_APPS = [
     'haystack',
     'happinesspackets.messaging',
     'djcelery_email',
+    'ckeditor',
 ]
 
 
diff --git a/happinesspackets/settings/dev.py b/happinesspackets/settings/dev.py
index f4d957d..2ff4cc7 100644
--- a/happinesspackets/settings/dev.py
+++ b/happinesspackets/settings/dev.py
@@ -88,3 +88,4 @@ with open("fas-admin-details.json") as f:
     secrets = json.load(f)
     ADMIN_USERNAME = secrets["ADMIN_USERNAME"]
     ADMIN_PASSWORD =  secrets["ADMIN_PASSWORD"]
+
diff --git a/requirements/base.txt b/requirements/base.txt
index a8b57a5..155792b 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -28,15 +28,17 @@ pyflakes==1.0.0
 pep8==1.7.0
 
 # Misc
+urllib3==1.24.2       # Dependency for requests 
 python-dateutil==2.5.0
 factory-boy==2.9.2
 opbeat==3.6.1
-mozilla-django-oidc==1.2.1
+mozilla-django-oidc==1.2.2
 fedora-messaging>=1.4.0
 happinesspacket-schema>=0.1.2
 celery[redis]==4.2.1
 django-celery-email==2.0.1
 psycopg2==2.7.5 # PostgreSQL driver
+bleach>=3.1.0
 
 # Search engine
 Whoosh==2.7.4
@@ -50,3 +52,7 @@ email-normalize==0.2.1
 
 # Dependency for YAML file
 pyyaml==5.1
+
+# WYSIWYG addition
+django-ckeditor==5.7.0
+
diff --git a/templates/messaging/_message_list.html b/templates/messaging/_message_list.html
index 39b723d..2d08266 100644
--- a/templates/messaging/_message_list.html
+++ b/templates/messaging/_message_list.html
@@ -7,7 +7,7 @@
         {% endif %}
     </h4>
 <blockquote>
-  {{ message.message|linebreaksbr }}
+  {{ message.message|safe }}
 </blockquote>
 {% endfor %} {% block pagination %} {% if is_paginated %}
 {% include 'messaging/_pagination.html' %}
diff --git a/templates/messaging/message_recipient_form.html b/templates/messaging/message_recipient_form.html
index acd8137..d3c33c9 100644
--- a/templates/messaging/message_recipient_form.html
+++ b/templates/messaging/message_recipient_form.html
@@ -16,7 +16,7 @@
         Your Happiness Packet contains:
         </p>
 
-    <blockquote>{{ message.message|linebreaksbr }}</blockquote>
+    <blockquote>{{ message.message|safe }}</blockquote>
 
     {% crispy form %}
 {% endblock content %}
diff --git a/templates/messaging/message_send_form.html b/templates/messaging/message_send_form.html
index c678e11..b5bac76 100644
--- a/templates/messaging/message_send_form.html
+++ b/templates/messaging/message_send_form.html
@@ -3,6 +3,9 @@
 {% block extra_head %}<title>Send a Happiness Packet</title>{% endblock %}
 
 {% load crispy_forms_tags %}
+{% load static %}
+<script type="text/javascript" src="{% static "ckeditor/ckeditor-init.js" %}"></script>
+<script type="text/javascript" src="{% static "ckeditor/ckeditor/ckeditor.js" %}"></script>
 
 {% block content %}
 
@@ -13,4 +16,11 @@
 {% crispy form %}
 
 <button id="search_fasid">Search</button>
+
+<script> 
+$("#submit-id-submit").click(function() {
+                $(".cke_wysiwyg_frame").contents().find("img")
+                    .css({"max-width": "100%", "height": "auto"});
+});
+</script>
 {% endblock content %}
\ No newline at end of file
diff --git a/templates/messaging/received_messages.html b/templates/messaging/received_messages.html
index 2714194..0b5726b 100644
--- a/templates/messaging/received_messages.html
+++ b/templates/messaging/received_messages.html
@@ -20,7 +20,7 @@
         {% endif %}
     </h4>
     <blockquote>
-      {{ message.message|linebreaksbr }}
+      {{ message.message|safe }}
     </blockquote>
     {% endfor %}
 
diff --git a/templates/messaging/recipient_mail.html b/templates/messaging/recipient_mail.html
index 9675e5a..8d0c417 100644
--- a/templates/messaging/recipient_mail.html
+++ b/templates/messaging/recipient_mail.html
@@ -19,7 +19,7 @@
 
 <p>Your Happiness Packet contains:</p>
 
-<p><em>{{ message.message|linebreaksbr }}</em></p>
+<p><em>{{ message.message|safe }}</em></p>
 
 <p>
     If you and the sender of the Happiness Packet both agree, we'd love to publish the message to our
diff --git a/templates/messaging/sender_confirmation_mail.html b/templates/messaging/sender_confirmation_mail.html
index 6a20d9a..65d76a8 100644
--- a/templates/messaging/sender_confirmation_mail.html
+++ b/templates/messaging/sender_confirmation_mail.html
@@ -12,7 +12,7 @@
     Your message reads:
 </p>
 
-<p><em>{{ message.message|linebreaksbr }}</em></p>
+<p><em>{{ message.message|safe }}</em></p>
 
 <p>
     To confirm and send your message, click or copy this link to a web browser:
diff --git a/templates/messaging/sender_confirmation_mail.txt b/templates/messaging/sender_confirmation_mail.txt
index 63f8224..a33b84e 100644
--- a/templates/messaging/sender_confirmation_mail.txt
+++ b/templates/messaging/sender_confirmation_mail.txt
@@ -5,7 +5,7 @@ You just requested to send a Happiness Packet to {{ message.recipient_name }}.
 Your message reads: 
 
 ---------------------
-{{ message.message }}
+{{ message.message|safe }}
 ---------------------
 
 To confirm and send your message, click or copy this link to a web browser:
diff --git a/templates/messaging/sent_messages.html b/templates/messaging/sent_messages.html
index b1bb03e..153f35d 100644
--- a/templates/messaging/sent_messages.html
+++ b/templates/messaging/sent_messages.html
@@ -17,7 +17,7 @@
             Sent to {{ message.recipient_name }}
     </h4>
     <blockquote>
-      {{ message.message|linebreaksbr }}
+      {{ message.message|safe }}
     </blockquote>
     {% endfor %}
 

From 83a0ebb8a4a423d9ced78aa0d8a12d015402667e Mon Sep 17 00:00:00 2001
From: Shraddha Agrawal <shraddha.agrawal000@gmail.com>
Date: May 21 2019 03:52:26 +0000
Subject: [PATCH 2/2] Remove opbeat as a requirement


---

diff --git a/happinesspackets/settings/base.py b/happinesspackets/settings/base.py
index 6011b30..ee43ff9 100644
--- a/happinesspackets/settings/base.py
+++ b/happinesspackets/settings/base.py
@@ -76,7 +76,6 @@ STATICFILES_DIRS = (
 MIDDLEWARE = [
     'django.contrib.sessions.middleware.SessionMiddleware',
     'happinesspackets.utils.middleware.SetRemoteAddrFromForwardedFor',
-    'opbeat.contrib.django.middleware.OpbeatAPMMiddleware',
     'dogslow.WatchdogMiddleware',
     'django.middleware.common.CommonMiddleware',
     'django.middleware.csrf.CsrfViewMiddleware',
diff --git a/happinesspackets/settings/deployment.py b/happinesspackets/settings/deployment.py
index a537634..cc0db2a 100644
--- a/happinesspackets/settings/deployment.py
+++ b/happinesspackets/settings/deployment.py
@@ -20,8 +20,6 @@ DATABASES = {
     }
 }
 
-INSTALLED_APPS.append('opbeat.contrib.django')
-
 TEMPLATES[0]['OPTIONS']['loaders'] = (
     ('django.template.loaders.cached.Loader', (
         'django.template.loaders.filesystem.Loader',
diff --git a/requirements/base.txt b/requirements/base.txt
index 155792b..ac66553 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -31,7 +31,6 @@ pep8==1.7.0
 urllib3==1.24.2       # Dependency for requests 
 python-dateutil==2.5.0
 factory-boy==2.9.2
-opbeat==3.6.1
 mozilla-django-oidc==1.2.2
 fedora-messaging>=1.4.0
 happinesspacket-schema>=0.1.2
diff --git a/t b/t
index 4799d63..ae3ee29 100755
--- a/t
+++ b/t
@@ -1,3 +1,2 @@
 export DJANGO_SETTINGS_MODULE=happinesspackets.settings.tsting &&
-OPBEAT_DISABLE_SEND=true coverage run ./manage.py test $@ &&
 coverage report --fail-under=100