ci: merge main to release (#9123)

Author: rjsparks

.devcontainer/devcontainer.json

@@ -23,7 +23,8 @@
                 "dbaeumer.vscode-eslint",
                 "eamodio.gitlens",
                 "editorconfig.editorconfig",
-                "vue.volar",
+                // Newer volar >=3.0.0 causes crashes in devcontainers
+                "[email protected]",
                 "mrmlnc.vscode-duplicate",
                 "ms-azuretools.vscode-docker",
                 "ms-playwright.playwright",

client/agenda/AgendaScheduleList.vue

@@ -302,7 +302,7 @@ const meetingEvents = computed(() => {
           icon: 'collection',
           href: undefined,
           click: () => showMaterials(item.id),
-          color: 'black'
+          color: 'darkgray'
         })
         links.push({
           id: `lnk-${item.id}-tar`,
@@ -1155,7 +1155,7 @@ onBeforeUnmount(() => {
       .agenda-table-cell-links-buttons {
         white-space: nowrap;
 
-        > a, > i {
+        > a, > i, > button {
           margin-left: 3px;
           color: #666;
           cursor: pointer;
@@ -1197,6 +1197,18 @@ onBeforeUnmount(() => {
               background-color: rgba($orange-500, .3);
             }
           }
+          &.text-darkgray {
+            color: $gray-900;
+            background-color: rgba($gray-700, .1);
+
+            @at-root .theme-dark & {
+              color: $gray-100;
+            }
+
+            &:hover, &:focus {
+              background-color: rgba($gray-700, .3);
+            }
+          }
           &.text-blue {
             color: $blue-600;
             background-color: rgba($blue-300, .1);

client/shared/xslugify.js

@@ -1,5 +1,5 @@
 import slugify from 'slugify'
 
 export default (str) => {
-  return slugify(str.replaceAll('/', '-'), { lower: true })
+  return slugify(str.replaceAll('/', '-').replaceAll(/['&]/g, ''), { lower: true })
 }

dev/build/celery-start.sh

@@ -5,10 +5,29 @@
 echo "Running Datatracker checks..."
 ./ietf/manage.py check
 
-if ! ietf/manage.py migrate --check ; then
+# Check whether the blobdb database exists - inspectdb will return a false
+# status if not.
+if ietf/manage.py inspectdb --database blobdb > /dev/null 2>&1; then
+    HAVE_BLOBDB="yes"
+fi
+
+migrations_applied_for () {
+    local DATABASE=${1:-default}
+    ietf/manage.py migrate --check --database "$DATABASE"
+}
+
+migrations_all_applied () {
+    if [[ "$HAVE_BLOBDB" == "yes" ]]; then
+        migrations_applied_for default && migrations_applied_for blobdb
+    else
+        migrations_applied_for default
+    fi
+}
+
+if ! migrations_all_applied; then
     echo "Unapplied migrations found, waiting to start..."
     sleep 5
-    while ! ietf/manage.py migrate --check ; do
+    while ! migrations_all_applied ; do 
         echo "... still waiting for migrations..."
         sleep 5
     done

dev/build/datatracker-start.sh

@@ -3,10 +3,29 @@
 echo "Running Datatracker checks..."
 ./ietf/manage.py check
 
-if ! ietf/manage.py migrate --check ; then
+# Check whether the blobdb database exists - inspectdb will return a false
+# status if not.
+if ietf/manage.py inspectdb --database blobdb > /dev/null 2>&1; then
+    HAVE_BLOBDB="yes"
+fi
+
+migrations_applied_for () {
+    local DATABASE=${1:-default}
+    ietf/manage.py migrate --check --database "$DATABASE"
+}
+
+migrations_all_applied () {
+    if [[ "$HAVE_BLOBDB" == "yes" ]]; then
+        migrations_applied_for default && migrations_applied_for blobdb
+    else
+        migrations_applied_for default
+    fi
+}
+
+if ! migrations_all_applied; then
     echo "Unapplied migrations found, waiting to start..."
     sleep 5
-    while ! ietf/manage.py migrate --check ; do 
+    while ! migrations_all_applied ; do 
         echo "... still waiting for migrations..."
         sleep 5
     done

ietf/api/tests.py

@@ -1582,16 +1582,17 @@ def test_bad_post(self):
             data = self.response_data(r)
             self.assertEqual(data["result"], "failure")
             self.assertEqual(data["reason"], "invalid post")
-        
+
         bad = dict(authtoken=self.valid_token, username=self.valid_person.user.username, password=self.valid_password)
         r = self.client.post(self.url, bad)
         self.assertEqual(r.status_code, 200)
         data = self.response_data(r)
         self.assertEqual(data["result"], "failure")
         self.assertEqual(data["reason"], "invalid post")       
 
+    @override_settings()
     def test_notokenstore(self):
-        self.assertFalse(hasattr(settings, "APP_API_TOKENS"))
+        del settings.APP_API_TOKENS  # only affects overridden copy of settings!
         r = self.client.post(self.url,self.valid_body_with_good_password)
         self.assertEqual(r.status_code, 200)
         data = self.response_data(r)

ietf/doc/templatetags/ietf_filters.py

@@ -285,7 +285,7 @@ def urlize_related_source_list(related, document_html=False):
                                                                       url=url)
         ))
     return links
-        
+
 @register.filter(name='urlize_related_target_list', is_safe=True, document_html=False)
 def urlize_related_target_list(related, document_html=False):
     """Convert a list of RelatedDocuments into list of links using the target document's canonical name"""
@@ -302,7 +302,7 @@ def urlize_related_target_list(related, document_html=False):
                                                                       url=url)
         ))
     return links
-        
+
 @register.filter(name='dashify')
 def dashify(string):
     """
@@ -521,10 +521,52 @@ def plural(text, seq, arg='s'):
     else:
         return text + pluralize(len(seq), arg)
 
+
+# Translation table to escape ICS characters. The {} | {} construction builds up a dict
+# mapping characters to arbitrary-length strings or None. Values in later dicts override
+# earlier ones prior to conversion to a translation table, so excluding a char and then
+# mapping it to an escape sequence results in its being escaped, not dropped.
+rfc5545_text_escapes = str.maketrans(
+    # text       = *(TSAFE-CHAR / ":" / DQUOTE / ESCAPED-CHAR)
+    # TSAFE-CHAR = WSP / %x21 / %x23-2B / %x2D-39 / %x3C-5B /
+    #                    %x5D-7E / NON-US-ASCII
+    {chr(c): None for c in range(0x00, 0x20)}  # strip 0x00-0x20
+    | {
+        # ESCAPED-CHAR = ("\\" / "\;" / "\," / "\N" / "\n")
+        "\n": r"\n",
+        ";": r"\;",
+        ",": r"\,",
+        "\\": r"\\",  # rhs is two backslashes!
+        "\t": "\t",  # htab ok (0x09)
+        " ": " ",  # space ok (0x20)
+    }
+)
+
+
 @register.filter
 def ics_esc(text):
-    text = re.sub(r"([\n,;\\])", r"\\\1", text)
-    return text
+    """Escape a string to use in an iCalendar text context
+    
+    >>> ics_esc('simple')
+    'simple'
+    
+    For the next tests, it helps to know:
+      chr(0x09) = "\t"
+      chr(0x0a) = "\n"
+      chr(0x0d) = "\r"
+      chr(0x5c) = "\\"
+    
+    >>> ics_esc(f'strips{chr(0x0d)}out{chr(0x0d)}LFs')
+    'stripsoutLFs'
+    
+    
+    >>> ics_esc(f'escapes;and,and{chr(0x5c)}and{chr(0x0a)}')
+    'escapes\\\\;and\\\\,and\\\\\\\\and\\\\n'
+    
+    >>> ics_esc(f"keeps spaces : and{chr(0x09)}tabs")
+    'keeps spaces : and\\ttabs'
+    """
+    return text.translate(rfc5545_text_escapes)
 
 
 @register.simple_tag
@@ -557,7 +599,7 @@ def ics_date_time(dt, tzname):
         return f':{timestamp}Z'
     else:
         return f';TZID={ics_esc(tzname)}:{timestamp}'
-    
+
 @register.filter
 def next_day(value):
     return value + datetime.timedelta(days=1)
@@ -676,7 +718,7 @@ def rfcbis(s):
 @stringfilter
 def urlize(value):
     raise RuntimeError("Use linkify from textfilters instead of urlize")
-    
+
 @register.filter
 @stringfilter
 def charter_major_rev(rev):

ietf/ietfauth/forms.py

@@ -33,21 +33,56 @@ def clean_email(self):
         return email
 
 
+class PasswordStrengthField(forms.CharField):
+    widget = PasswordStrengthInput(
+        attrs={
+            "class": "password_strength",
+            "data-disable-strength-enforcement": "",  # usually removed in init
+        }
+    )
+
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        for pwval in password_validation.get_default_password_validators():
+            if isinstance(pwval, password_validation.MinimumLengthValidator):
+                self.widget.attrs["minlength"] = pwval.min_length
+            elif isinstance(pwval, StrongPasswordValidator):
+                self.widget.attrs.pop(
+                    "data-disable-strength-enforcement", None
+                )
+
+    
+
 class PasswordForm(forms.Form):
-    password = forms.CharField(widget=PasswordStrengthInput(attrs={'class':'password_strength'}))
+    password = PasswordStrengthField()
     password_confirmation = forms.CharField(widget=PasswordConfirmationInput(
                                                         confirm_with='password',
                                                         attrs={'class':'password_confirmation'}),
                                             help_text="Enter the same password as above, for verification.",)
-                                            
+
+    def __init__(self, *args, user=None, **kwargs):
+        # user is a kw-only argument to avoid interfering with the signature
+        # when this class is mixed with ModelForm in PersonPasswordForm
+        self.user = user
+        super().__init__(*args, **kwargs)
 
     def clean_password_confirmation(self):
-        password = self.cleaned_data.get("password", "")
-        password_confirmation = self.cleaned_data["password_confirmation"]
+        # clean fields here rather than a clean() method so validation is
+        # still enforced in PersonPasswordForm without having to override its
+        # clean() method
+        password = self.cleaned_data.get("password")
+        password_confirmation = self.cleaned_data.get("password_confirmation")
         if password != password_confirmation:
-            raise forms.ValidationError("The two password fields didn't match.")
+            raise ValidationError(
+                "The password confirmation is different than the new password" 
+            )
+        try:
+            password_validation.validate_password(password_confirmation, self.user)
+        except ValidationError as err:
+            self.add_error("password", err)
         return password_confirmation
 
+
 def ascii_cleaner(supposedly_ascii):
     outside_printable_ascii_pattern = r'[^\x20-\x7F]'
     if re.search(outside_printable_ascii_pattern, supposedly_ascii):
@@ -174,35 +209,13 @@ class Meta:
         exclude = ['by', 'time' ]
 
 
-class ChangePasswordForm(forms.Form):
+class ChangePasswordForm(PasswordForm):
     current_password = forms.CharField(widget=forms.PasswordInput)
+    field_order = ["current_password", "password", "password_confirmation"]
 
-    new_password = forms.CharField(
-        widget=PasswordStrengthInput(
-            attrs={
-                "class": "password_strength",
-                "data-disable-strength-enforcement": "",  # usually removed in init
-            }
-        ),
-    )
-    new_password_confirmation = forms.CharField(
-        widget=PasswordConfirmationInput(
-            confirm_with="new_password", attrs={"class": "password_confirmation"}
-        )
-    )
-
-    def __init__(self, user, data=None):
-        self.user = user
-        super().__init__(data)
-        # Check whether we have validators to enforce
-        new_password_field = self.fields["new_password"]
-        for pwval in password_validation.get_default_password_validators():
-            if isinstance(pwval, password_validation.MinimumLengthValidator):
-                new_password_field.widget.attrs["minlength"] = pwval.min_length
-            elif isinstance(pwval, StrongPasswordValidator):
-                new_password_field.widget.attrs.pop(
-                    "data-disable-strength-enforcement", None
-                )
+    def __init__(self, user, *args, **kwargs):
+        # user arg is optional in superclass, but required for this form
+        super().__init__(*args, user=user, **kwargs)
 
     def clean_current_password(self):
         # n.b., password = None is handled by check_password and results in a failed check
@@ -211,15 +224,6 @@ def clean_current_password(self):
             raise ValidationError("Invalid password")
         return password
 
-    def clean(self):
-        new_password = self.cleaned_data.get("new_password", "")
-        conf_password = self.cleaned_data.get("new_password_confirmation", "")
-        if new_password != conf_password:
-            raise ValidationError(
-                "The password confirmation is different than the new password"
-            )
-        password_validation.validate_password(conf_password, self.user)
-
 
 class ChangeUsernameForm(forms.Form):
     username = forms.ChoiceField(choices=[('-','--------')])