Upgrade to Django 5.2 LTS and align stack with current stable releases#5
Closed
Upgrade to Django 5.2 LTS and align stack with current stable releases#5
Conversation
- Django 4.2 → 5.2.12 (LTS) - DRF 3.14 → 3.17.0 - django-storages 1.12 → 1.14.6 - psycopg2-binary: relax upper-bound pin to >=2.9 - Python 3.11 → 3.12 in Dockerfile Compatibility fixes required by Django 5.0+: - custom_storage.py: replace removed settings.DEFAULT_FILE_STORAGE with settings.STORAGES['default']['BACKEND'] - settings.py: remove USE_L10N (setting was removed in Django 5.0) - settings.py: drop stale Django 3.2 docstring header `python -m django check` passes with 0 issues. https://claude.ai/code/session_01Q1ZEFV4NGrYwHJKHzjdbNx
…plementation-9bpgq Upgrade to Django 5.2 LTS and align stack with current stable releases
Documents the Django 5.2 tech stack, podman compose workflow, ruff code style, test writing guidance, and flags kaplan library integration and REST API backwards compatibility as sensitive areas. https://claude.ai/code/session_01GRea2urZwCp8eJksC68LgF
Add CLAUDE.md with project overview, dev setup, and coding conventions
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…E722, F841, E701) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Set up ruff linting and formatting
Replace random.choices() (Mersenne Twister) with secrets.token_urlsafe() for cryptographically secure tokens. Increase token length from 8 to 64 chars (~192 bits entropy). Add created_at field with 48-hour expiry validation and reject already-used tokens during registration. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Clearing the user field would allow a used token to be reused for a new registration, bypassing the one-time-use check. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds a list filter to distinguish used vs available tokens, so admins can quickly find unused tokens without losing the audit trail of used ones. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Prevents admins from overriding the securely generated token with a weak or predictable value. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Show only the first 8 characters and the usage status (username or "available") to reduce token exposure in admin breadcrumbs, logs, and debugging output. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…tokens Fix insecure registration token generation
Covers models, forms, views, utilities, and management commands: - GenerateRandomToken: url-safe output, uniqueness - UserRegistrationToken model: defaults, __str__ with truncated token and status, created_at auto-set, SET_NULL on user delete, unique constraint - UserRegistrationForm: validation, password mismatch, invalid/used/expired token, weak password, user creation, token linking, PM group/staff assignment - Signin/Signout/Signup views: GET/POST, auth, redirects, session handling - ChangePassword view: login required, valid/invalid password changes - createtokens/deletetokenanduser management commands https://claude.ai/code/session_01H3gcMoc2HSX5wQx2rG3EbJ
…s-9j8IP Add comprehensive tests for kaplancloudaccounts app
- pyproject.toml: ruff config targeting Python 3.12, with E/F/I/DJ/RUF rules - .github/workflows/ci.yml: lint (ruff) + test jobs on pull_request https://claude.ai/code/session_017CDiU3SWhkyENDdPpVnR2d
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Compatibility fixes required by Django 5.0+:
with settings.STORAGES['default']['BACKEND']
python -m django checkpasses with 0 issues.https://claude.ai/code/session_01Q1ZEFV4NGrYwHJKHzjdbNx