From a1ed1b27e447b545d9e829a9e1faa32f3a0e3782 Mon Sep 17 00:00:00 2001
From: ShraddhaAg
Date: May 20 2019 20:52:12 +0000
Subject: [PATCH 1/2] Add WYSIWYG editor and solve urllib3/requests dependency error
This commit includes the following:
1. Adds a WYSIWYG text editor using django-ckeditor.
2. Resolve urllib3 dependency error for the suitable version needed
to support requests.
3. Adds bleach to sanitize HTML
---
diff --git a/happinesspackets/messaging/forms.py b/happinesspackets/messaging/forms.py
index 63f1192..0b632b5 100644
--- a/happinesspackets/messaging/forms.py
+++ b/happinesspackets/messaging/forms.py
@@ -12,6 +12,7 @@ from django.urls import reverse
from django.db.models import Q
from django.utils import timezone
from email_normalize import normalize
+import bleach
from .models import Message, strip_email
@@ -75,7 +76,37 @@ class MessageSendForm(forms.ModelForm):
return True
else:
return False
-
+
+ def clean_message(self):
+ """ Cleans given HTML with bleach.clean() """
+
+ allowed_tags = set(bleach.ALLOWED_TAGS + [
+ 'a', 'blockquote', 'code', 'del', 'dd', 'dl', 'dt',
+ 'h1', 'h2', 'h3', 'h3', 'h4', 'h5', 'i', 'img', 'kbd',
+ 'li', 'ol', 'ul', 'p', 'pre', 's', 'sup', 'sub', 'em',
+ 'strong', 'strike', 'ul', 'br', 'hr', ])
+
+ allowed_styles = set(bleach.ALLOWED_STYLES + [
+ 'color', 'background-color', 'font', 'font-weight',
+ 'height', 'max-height', 'min-height',
+ 'width', 'max-width', 'min-width', ])
+
+ allowed_attributes = {}
+ allowed_attributes.update(bleach.ALLOWED_ATTRIBUTES)
+ allowed_attributes.update({
+ '*': ['class', 'title'],
+ 'a': ['href', 'rel'],
+ 'img': ['alt', 'src', 'width', 'height', 'align', 'style', 'max-width'],
+ })
+ html = self.cleaned_data['message']
+ return bleach.clean(
+ html,
+ strip=True,
+ tags=allowed_tags,
+ attributes=allowed_attributes,
+ styles=allowed_styles
+ )
+
def clean(self):
super(MessageSendForm, self).clean()
isREEqualsSE = self.is_recipient_email_equals_sender_email()
diff --git a/happinesspackets/messaging/migrations/0007_message_field.py b/happinesspackets/messaging/migrations/0007_message_field.py
new file mode 100644
index 0000000..5450565
--- /dev/null
+++ b/happinesspackets/messaging/migrations/0007_message_field.py
@@ -0,0 +1,19 @@
+# Generated by Django 2.0 on 2019-05-08 11:53
+
+import ckeditor.fields
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+ dependencies = [
+ ('messaging', '0006_message_recipient_username'),
+ ]
+
+ operations = [
+ migrations.AlterField(
+ model_name='message',
+ name='message',
+ field=ckeditor.fields.RichTextField(),
+ ),
+ ]
\ No newline at end of file
diff --git a/happinesspackets/messaging/models.py b/happinesspackets/messaging/models.py
index 360e68f..612c843 100755
--- a/happinesspackets/messaging/models.py
+++ b/happinesspackets/messaging/models.py
@@ -10,6 +10,7 @@ from django.template.loader import render_to_string
from django.utils.crypto import salted_hmac
from model_utils import Choices
from model_utils.models import TimeStampedModel
+from ckeditor.fields import RichTextField
from happinesspackets.utils.misc import readable_random_token
from happinesspackets.tasks import send_html_mail
@@ -40,7 +41,7 @@ class Message(TimeStampedModel):
recipient_email_stripped = models.CharField(max_length=255)
recipient_email_token = models.CharField(max_length=255, db_index=True)
- message = models.TextField()
+ message = RichTextField()
sender_named = models.BooleanField(default=False)
sender_approved_public = models.BooleanField(default=False)
diff --git a/happinesspackets/settings/base.py b/happinesspackets/settings/base.py
index 130f906..6011b30 100644
--- a/happinesspackets/settings/base.py
+++ b/happinesspackets/settings/base.py
@@ -11,6 +11,18 @@ with open("config.yml", 'r') as ymlfile:
PROJECT_DIR = Path(__file__).ancestor(3)
+# CKEditor configurations
+CKEDITOR_ALLOW_NONIMAGE_FILES = False
+
+CKEDITOR_CONFIGS = {
+ 'default': {
+ 'removePlugins':'smiley',
+ 'extraPlugins': 'stylesheetparser',
+ 'width': 'auto',
+ 'contentsCss': 'html, iframe, body, img {max-width:100%;}',
+ },
+}
+
# For clean_pyc to work without complaining
BASE_DIR = PROJECT_DIR
@@ -118,6 +130,7 @@ INSTALLED_APPS = [
'haystack',
'happinesspackets.messaging',
'djcelery_email',
+ 'ckeditor',
]
diff --git a/happinesspackets/settings/dev.py b/happinesspackets/settings/dev.py
index f4d957d..2ff4cc7 100644
--- a/happinesspackets/settings/dev.py
+++ b/happinesspackets/settings/dev.py
@@ -88,3 +88,4 @@ with open("fas-admin-details.json") as f:
secrets = json.load(f)
ADMIN_USERNAME = secrets["ADMIN_USERNAME"]
ADMIN_PASSWORD = secrets["ADMIN_PASSWORD"]
+
diff --git a/requirements/base.txt b/requirements/base.txt
index a8b57a5..155792b 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -28,15 +28,17 @@ pyflakes==1.0.0
pep8==1.7.0
# Misc
+urllib3==1.24.2 # Dependency for requests
python-dateutil==2.5.0
factory-boy==2.9.2
opbeat==3.6.1
-mozilla-django-oidc==1.2.1
+mozilla-django-oidc==1.2.2
fedora-messaging>=1.4.0
happinesspacket-schema>=0.1.2
celery[redis]==4.2.1
django-celery-email==2.0.1
psycopg2==2.7.5 # PostgreSQL driver
+bleach>=3.1.0
# Search engine
Whoosh==2.7.4
@@ -50,3 +52,7 @@ email-normalize==0.2.1
# Dependency for YAML file
pyyaml==5.1
+
+# WYSIWYG addition
+django-ckeditor==5.7.0
+
diff --git a/templates/messaging/_message_list.html b/templates/messaging/_message_list.html
index 39b723d..2d08266 100644
--- a/templates/messaging/_message_list.html
+++ b/templates/messaging/_message_list.html
@@ -7,7 +7,7 @@
{% endif %}
- {{ message.message|linebreaksbr }}
+ {{ message.message|safe }}
{% endfor %} {% block pagination %} {% if is_paginated %}
{% include 'messaging/_pagination.html' %}
diff --git a/templates/messaging/message_recipient_form.html b/templates/messaging/message_recipient_form.html
index acd8137..d3c33c9 100644
--- a/templates/messaging/message_recipient_form.html
+++ b/templates/messaging/message_recipient_form.html
@@ -16,7 +16,7 @@
Your Happiness Packet contains:
- {{ message.message|linebreaksbr }}
+ {{ message.message|safe }}
{% crispy form %}
{% endblock content %}
diff --git a/templates/messaging/message_send_form.html b/templates/messaging/message_send_form.html
index c678e11..b5bac76 100644
--- a/templates/messaging/message_send_form.html
+++ b/templates/messaging/message_send_form.html
@@ -3,6 +3,9 @@
{% block extra_head %}Send a Happiness Packet {% endblock %}
{% load crispy_forms_tags %}
+{% load static %}
+
+
{% block content %}
@@ -13,4 +16,11 @@
{% crispy form %}
Search
+
+
{% endblock content %}
\ No newline at end of file
diff --git a/templates/messaging/received_messages.html b/templates/messaging/received_messages.html
index 2714194..0b5726b 100644
--- a/templates/messaging/received_messages.html
+++ b/templates/messaging/received_messages.html
@@ -20,7 +20,7 @@
{% endif %}
- {{ message.message|linebreaksbr }}
+ {{ message.message|safe }}
{% endfor %}
diff --git a/templates/messaging/recipient_mail.html b/templates/messaging/recipient_mail.html
index 9675e5a..8d0c417 100644
--- a/templates/messaging/recipient_mail.html
+++ b/templates/messaging/recipient_mail.html
@@ -19,7 +19,7 @@
Your Happiness Packet contains:
-{{ message.message|linebreaksbr }}
+{{ message.message|safe }}
If you and the sender of the Happiness Packet both agree, we'd love to publish the message to our
diff --git a/templates/messaging/sender_confirmation_mail.html b/templates/messaging/sender_confirmation_mail.html
index 6a20d9a..65d76a8 100644
--- a/templates/messaging/sender_confirmation_mail.html
+++ b/templates/messaging/sender_confirmation_mail.html
@@ -12,7 +12,7 @@
Your message reads:
-{{ message.message|linebreaksbr }}
+{{ message.message|safe }}
To confirm and send your message, click or copy this link to a web browser:
diff --git a/templates/messaging/sender_confirmation_mail.txt b/templates/messaging/sender_confirmation_mail.txt
index 63f8224..a33b84e 100644
--- a/templates/messaging/sender_confirmation_mail.txt
+++ b/templates/messaging/sender_confirmation_mail.txt
@@ -5,7 +5,7 @@ You just requested to send a Happiness Packet to {{ message.recipient_name }}.
Your message reads:
---------------------
-{{ message.message }}
+{{ message.message|safe }}
---------------------
To confirm and send your message, click or copy this link to a web browser:
diff --git a/templates/messaging/sent_messages.html b/templates/messaging/sent_messages.html
index b1bb03e..153f35d 100644
--- a/templates/messaging/sent_messages.html
+++ b/templates/messaging/sent_messages.html
@@ -17,7 +17,7 @@
Sent to {{ message.recipient_name }}
- {{ message.message|linebreaksbr }}
+ {{ message.message|safe }}
{% endfor %}
From 83a0ebb8a4a423d9ced78aa0d8a12d015402667e Mon Sep 17 00:00:00 2001
From: Shraddha Agrawal
Date: May 21 2019 03:52:26 +0000
Subject: [PATCH 2/2] Remove opbeat as a requirement
---
diff --git a/happinesspackets/settings/base.py b/happinesspackets/settings/base.py
index 6011b30..ee43ff9 100644
--- a/happinesspackets/settings/base.py
+++ b/happinesspackets/settings/base.py
@@ -76,7 +76,6 @@ STATICFILES_DIRS = (
MIDDLEWARE = [
'django.contrib.sessions.middleware.SessionMiddleware',
'happinesspackets.utils.middleware.SetRemoteAddrFromForwardedFor',
- 'opbeat.contrib.django.middleware.OpbeatAPMMiddleware',
'dogslow.WatchdogMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
diff --git a/happinesspackets/settings/deployment.py b/happinesspackets/settings/deployment.py
index a537634..cc0db2a 100644
--- a/happinesspackets/settings/deployment.py
+++ b/happinesspackets/settings/deployment.py
@@ -20,8 +20,6 @@ DATABASES = {
}
}
-INSTALLED_APPS.append('opbeat.contrib.django')
-
TEMPLATES[0]['OPTIONS']['loaders'] = (
('django.template.loaders.cached.Loader', (
'django.template.loaders.filesystem.Loader',
diff --git a/requirements/base.txt b/requirements/base.txt
index 155792b..ac66553 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -31,7 +31,6 @@ pep8==1.7.0
urllib3==1.24.2 # Dependency for requests
python-dateutil==2.5.0
factory-boy==2.9.2
-opbeat==3.6.1
mozilla-django-oidc==1.2.2
fedora-messaging>=1.4.0
happinesspacket-schema>=0.1.2
diff --git a/t b/t
index 4799d63..ae3ee29 100755
--- a/t
+++ b/t
@@ -1,3 +1,2 @@
export DJANGO_SETTINGS_MODULE=happinesspackets.settings.tsting &&
-OPBEAT_DISABLE_SEND=true coverage run ./manage.py test $@ &&
coverage report --fail-under=100