chore(): upgrade dependencies

- django fixes a bug where users without password cannot reset their
  password
- on_delete mandatory on all ForeignKeys (including old migrations!)
- djoser changed urls
- django's url reverse method moved
- added new djoser routes to urls and refactored import
- user is_authenticated became an attribute
- python 3.7

We can't upgrade djangorestframework right now because
djangorestframework-bulk is blocking it.

We can't fully upgrade djoser due to
https://github.com/sunscrapers/djoser/issues/312
https://github.com/sunscrapers/djoser/issues/308

api/Dockerfile

@@ -1,4 +1,4 @@
-FROM python:3.6
+FROM python:3.7
 
 RUN apt-get update && apt-get install -y \
 		gcc \

api/desecapi/migrations/0001_initial.py

@@ -36,7 +36,7 @@ class Migration(migrations.Migration):
                 ('arecord', models.CharField(max_length=255, blank=True)),
                 ('aaaarecord', models.CharField(max_length=1024, blank=True)),
                 ('dyn', models.BooleanField(default=False)),
-                ('owner', models.ForeignKey(related_name='domains', to=settings.AUTH_USER_MODEL)),
+                ('owner', models.ForeignKey(related_name='domains', on_delete=models.PROTECT, to=settings.AUTH_USER_MODEL)),
             ],
             options={
                 'ordering': ('created',),

api/desecapi/models.py

@@ -129,7 +129,7 @@ class User(AbstractBaseUser):
 class Domain(models.Model, mixins.SetterMixin):
     created = models.DateTimeField(auto_now_add=True)
     name = models.CharField(max_length=191, unique=True)
-    owner = models.ForeignKey(settings.AUTH_USER_MODEL, related_name='domains')
+    owner = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.PROTECT, related_name='domains')
     published = models.DateTimeField(null=True)
     _dirtyName = False
 

api/desecapi/settings.py

@@ -116,6 +116,7 @@ DJOSER = {
     'LOGIN_AFTER_ACTIVATION': True,
     'SEND_ACTIVATION_EMAIL': False,
     'SERIALIZERS': {
+        'current_user': 'desecapi.serializers.UserSerializer',
         'user': 'desecapi.serializers.UserSerializer',
         'user_create': 'desecapi.serializers.UserCreateSerializer',
     },

api/desecapi/tests/testdomains.py

@@ -1,4 +1,4 @@
-from django.core.urlresolvers import reverse
+from django.urls import reverse
 from rest_framework import status
 from rest_framework.test import APITestCase
 from .utils import utils

api/desecapi/tests/testdonations.py

@@ -1,5 +1,5 @@
 # coding: utf-8
-from django.core.urlresolvers import reverse
+from django.urls import reverse
 from rest_framework import status
 from rest_framework.test import APITestCase
 from .utils import utils

api/desecapi/tests/testdyndns12update.py

@@ -1,4 +1,4 @@
-from django.core.urlresolvers import reverse
+from django.urls import reverse
 from rest_framework import status
 from rest_framework.test import APITestCase
 from .utils import utils

api/desecapi/tests/testdynupdateauthentication.py

@@ -1,4 +1,4 @@
-from django.core.urlresolvers import reverse
+from django.urls import reverse
 from rest_framework import status
 from rest_framework.test import APITestCase
 from .utils import utils

api/desecapi/tests/testregistration.py

@@ -1,4 +1,4 @@
-from django.core.urlresolvers import reverse
+from django.urls import reverse
 from rest_framework import status
 from rest_framework.test import APITestCase
 from .utils import utils

api/desecapi/tests/testrrsets.py

@@ -1,4 +1,4 @@
-from django.core.urlresolvers import reverse
+from django.urls import reverse
 from rest_framework import status
 from rest_framework.test import APITestCase
 from .utils import utils

api/desecapi/urls.py

@@ -1,23 +1,22 @@
 from django.conf.urls import include, url
-from desecapi.views import *
 from rest_framework.urlpatterns import format_suffix_patterns
 from desecapi import views
 from rest_framework.routers import SimpleRouter
 
 router = SimpleRouter()
-router.register(r'', TokenViewSet, base_name='token')
+router.register(r'', views.TokenViewSet, base_name='token')
 token_urls = router.urls
 
 apiurls = [
-    url(r'^$', Root.as_view(), name='root'),
-    url(r'^domains/$', DomainList.as_view(), name='domain-list'),
-    url(r'^domains/(?P<name>[a-zA-Z\.\-_0-9]+)/$', DomainDetail.as_view(), name='domain-detail'),
-    url(r'^domains/(?P<name>[a-zA-Z\.\-_0-9]+)/rrsets/$', RRsetList.as_view(), name='rrsets'),
-    url(r'^domains/(?P<name>[a-zA-Z\.\-_0-9]+)/rrsets/(?P<subname>(\*)?[a-zA-Z\.\-_0-9=]*)\.\.\./(?P<type>[A-Z][A-Z0-9]*)/$', RRsetDetail.as_view(), name='rrset'),
+    url(r'^$', views.Root.as_view(), name='root'),
+    url(r'^domains/$', views.DomainList.as_view(), name='domain-list'),
+    url(r'^domains/(?P<name>[a-zA-Z\.\-_0-9]+)/$', views.DomainDetail.as_view(), name='domain-detail'),
+    url(r'^domains/(?P<name>[a-zA-Z\.\-_0-9]+)/rrsets/$', views.RRsetList.as_view(), name='rrsets'),
+    url(r'^domains/(?P<name>[a-zA-Z\.\-_0-9]+)/rrsets/(?P<subname>(\*)?[a-zA-Z\.\-_0-9=]*)\.\.\./(?P<type>[A-Z][A-Z0-9]*)/$', views.RRsetDetail.as_view(), name='rrset'),
     url(r'^tokens/', include(token_urls)),
-    url(r'^dns$', DnsQuery.as_view(), name='dns-query'),
-    url(r'^dyndns/update$', DynDNS12Update.as_view(), name='dyndns12update'),
-    url(r'^donation/', DonationList.as_view(), name='donation'),
+    url(r'^dns$', views.DnsQuery.as_view(), name='dns-query'),
+    url(r'^dyndns/update$', views.DynDNS12Update.as_view(), name='dyndns12update'),
+    url(r'^donation/', views.DonationList.as_view(), name='donation'),
     url(r'^unlock/user/(?P<email>.+)$', views.unlock, name='unlock/byEmail'),
     url(r'^unlock/done', views.unlock_done, name='unlock/done'),
 ]
@@ -25,9 +24,12 @@ apiurls = [
 apiurls = format_suffix_patterns(apiurls)
 
 urlpatterns = [
-    url(r'^api/v1/auth/users/create/$', UserCreateView.as_view(), name='register'),
-    url(r'^api/v1/auth/token/create/$', TokenCreateView.as_view(), name='login'),
-    url(r'^api/v1/auth/token/destroy/$', TokenDestroyView.as_view(), name='logout'),
+    url(r'^api/v1/auth/users/create/$', views.UserCreateView.as_view(), name='user-create'),  # deprecated
+    url(r'^api/v1/auth/token/create/$', views.TokenCreateView.as_view(), name='token-create'),  # deprecated
+    url(r'^api/v1/auth/token/destroy/$', views.TokenDestroyView.as_view(), name='token-destroy'),  # deprecated
+    url(r'^api/v1/auth/users/$', views.UserCreateView.as_view(), name='register'),
+    url(r'^api/v1/auth/token/login/$', views.TokenCreateView.as_view(), name='login'),
+    url(r'^api/v1/auth/token/logout/$', views.TokenDestroyView.as_view(), name='logout'),
     url(r'^api/v1/auth/', include('djoser.urls')),
     url(r'^api/v1/auth/', include('djoser.urls.authtoken')),
     url(r'^api/v1/', include(apiurls)),

api/desecapi/views.py

@@ -284,7 +284,7 @@ class RRsetList(ListBulkCreateUpdateAPIView):
 
 class Root(APIView):
     def get(self, request, format=None):
-        if self.request.user and self.request.user.is_authenticated():
+        if self.request.user and self.request.user.is_authenticated:
             return Response({
                 'domains': reverse('domain-list'),
                 'user': reverse('user'),

api/requirements.txt

@@ -1,11 +1,11 @@
-Django==1.11.*
+Django==2.1.*
 mysqlclient==1.3.*
-djangorestframework==3.7.*
-djoser==1.1.*
+djangorestframework==3.7.*  # djangorestframework-bulk 0.2.0 stops us from upgrading to 3.8
+djoser==1.2.*  # https://github.com/sunscrapers/djoser/issues/312 stops us from upgrading to 1.3.*
 dnspython==1.15.*
-httpretty==0.8.*
-requests==2.18.*
+httpretty==0.9.*
+requests==2.19.*
 uwsgi==2.0.*
-django-nocaptcha-recaptcha==0.0.19  # updated manually
+django-nocaptcha-recaptcha==0.0.20  # updated manually
 sqlparse==0.2.*
 djangorestframework-bulk==0.2.*

docs/authentication.rst

@@ -9,7 +9,7 @@ can register free of charge through the API, providing an email address and a
 password. To register an user account, issue a request like this::
 
     http POST \
-        https://desec.io/api/v1/auth/users/create/ \
+        https://desec.io/api/v1/auth/users/ \
         email:='"anemailaddress@example.com"' \
         password:='"yourpassword"'
 
@@ -25,10 +25,10 @@ choose a weak one.
 Once a user account has been registered, you will be able to log in. Log in is
 done by asking the API for a token that can be used to authorize subsequent DNS
 management requests. To obtain such a token, send your email address and password to the
-``/auth/token/create/`` endpoint::
+``/auth/token/login/`` endpoint::
 
     http POST \
-        https://desec.io/api/v1/auth/token/create/ \
+        https://desec.io/api/v1/auth/token/login/ \
         email:='"anemailaddress@example.com"' \
         password:='"yourpassword"'
 
@@ -104,7 +104,7 @@ To obtain an authentication token, log in by sending your email address and
 password to the token create endpoint of the API::
 
     http POST \
-        https://desec.io/api/v1/auth/token/create/ \
+        https://desec.io/api/v1/auth/token/login/ \
         email:='"anemailaddress@example.com"' \
         password:='"yourpassword"'
 
@@ -134,7 +134,7 @@ the token destroy endpoint, using the token in question in the ``Authorization``
 header::
 
     http POST \
-        https://desec.io/api/v1/auth/token/destroy/ \
+        https://desec.io/api/v1/auth/token/logout/ \
         Authorization:"Token i+T3b1h/OI+H9ab8tRS98stGtURe"
 
 The server will delete the token and respond with ``204 No Content``.

docs/endpoint-reference.rst

@@ -11,15 +11,15 @@ for `User Registration and Management`_.
 |                                                +------------+---------------------------------------------+
 |                                                | ``PUT``    | Change account email address                |
 +------------------------------------------------+------------+---------------------------------------------+
-| ...\ ``/auth/users/create/``                   | ``POST``   | Create user account                         |
+| ...\ ``/auth/users/``                          | ``POST``   | Create user account                         |
 +------------------------------------------------+------------+---------------------------------------------+
 | ...\ ``/auth/password/reset/``                 | ``POST``   | Request password reset                      |
 +------------------------------------------------+------------+---------------------------------------------+
 | ...\ ``/auth/password/reset/confirm/``         | ``POST``   | Confirm password reset                      |
 +------------------------------------------------+------------+---------------------------------------------+
-| ...\ ``/auth/token/create/``                   | ``POST``   | Log in and request authentication token     |
+| ...\ ``/auth/token/login/``                    | ``POST``   | Log in and request authentication token     |
 +------------------------------------------------+------------+---------------------------------------------+
-| ...\ ``/auth/token/destroy/``                  | ``POST``   | Log out and destroy authentication token    |
+| ...\ ``/auth/token/logout/``                   | ``POST``   | Log out and destroy authentication token    |
 +------------------------------------------------+------------+---------------------------------------------+
 | ...\ ``/tokens/``                              | ``GET``    | Retrieve all current tokens                 |
 |                                                +------------+---------------------------------------------+

test/e2e/spec/api_spec.js

@@ -30,7 +30,7 @@ describe("API", function () {
             email = require("uuid").v4() + '@e2etest.local';
             password = require("uuid").v4();
 
-            var response = chakram.post('/auth/users/create/', {
+            var response = chakram.post('/auth/users/', {
                 "email": email,
                 "password": password,
             });
@@ -51,7 +51,7 @@ describe("API", function () {
             email = require("uuid").v4() + '@e2etest.local';
             password = require("uuid").v4();
 
-            var response = chakram.post('/auth/users/create/', {
+            var response = chakram.post('/auth/users/', {
                 "email": email,
                 "password": password,
             });
@@ -60,7 +60,7 @@ describe("API", function () {
         });
 
         it("returns a token when logging in", function () {
-            return chakram.post('/auth/token/create/', {
+            return chakram.post('/auth/token/login/', {
                 "email": email,
                 "password": password,
             }).then(function (loginResponse) {
@@ -76,11 +76,11 @@ describe("API", function () {
                 email2 = require("uuid").v4() + '@e2etest.local';
                 password2 = require("uuid").v4();
 
-                return chakram.post('/auth/users/create/', {
+                return chakram.post('/auth/users/', {
                     "email": email2,
                     "password": password2,
                 }).then(function () {
-                    return chakram.post('/auth/token/create/', {
+                    return chakram.post('/auth/token/login/', {
                         "email": email2,
                         "password": password2,
                     }).then(function (response) {
@@ -118,7 +118,7 @@ describe("API", function () {
 
             function createTwoTokens() {
                 return chakram.waitFor([
-                    chakram.post('/auth/token/create/', {
+                    chakram.post('/auth/token/login/', {
                         "email": email,
                         "password": password,
                     }).then(function (loginResponse) {
@@ -127,7 +127,7 @@ describe("API", function () {
                         token1 = loginResponse.body.auth_token;
                         expect(token1).to.not.equal(token2);
                     }),
-                    chakram.post('/auth/token/create/', {
+                    chakram.post('/auth/token/login/', {
                         "email": email,
                         "password": password,
                     }).then(function (loginResponse) {
@@ -140,7 +140,7 @@ describe("API", function () {
             }
 
             function deleteToken(token) {
-                var response = chakram.post('/auth/token/destroy/', null, {
+                var response = chakram.post('/auth/token/logout/', null, {
                     headers: {'Authorization': 'Token ' + token}
                 });
 
@@ -168,7 +168,7 @@ describe("API", function () {
                 describe("and one deleted", function () {
 
                     before(function () {
-                        var response = chakram.post('/auth/token/destroy/', undefined,
+                        var response = chakram.post('/auth/token/logout/', undefined,
                             { headers: {'Authorization': 'Token ' + token1 } }
                         );
 
@@ -215,11 +215,11 @@ describe("API", function () {
             // register a user that we can login and work with
             password = require("uuid").v4();
 
-            return chakram.post('/auth/users/create/', {
+            return chakram.post('/auth/users/', {
                 "email": email,
                 "password": password,
             }).then(function () {
-                return chakram.post('/auth/token/create/', {
+                return chakram.post('/auth/token/login/', {
                     "email": email,
                     "password": password,
                 }).then(function (loginResponse) {

test/e2e/spec/dyndns_spec.js

@@ -24,11 +24,11 @@ describe("dyndns service", function () {
             // register a user that we can login and work with
             password = require("uuid").v4();
 
-            return chakram.post('/auth/users/create/', {
+            return chakram.post('/auth/users/', {
                 "email": email,
                 "password": password,
             }).then(function () {
-                return chakram.post('/auth/token/create/', {
+                return chakram.post('/auth/token/login/', {
                     "email": email,
                     "password": password,
                 }).then(function (loginResponse) {