From 5902fb5e2a7a5af87203ed97e5e40d7a1da1a3c9 Mon Sep 17 00:00:00 2001
From: Magnus Hagander <magnus@hagander.net>
Date: Wed, 1 Apr 2020 20:34:05 +0200
Subject: [PATCH] Mark all ForeignKeys as on_delete=CASCADE

---
 django/archives/auth.py                       | 35 +++++++++----------
 .../mailarchives/migrations/0001_initial.py   |  4 +--
 .../migrations/0002_list_permissions.py       |  2 +-
 django/archives/mailarchives/models.py        | 14 ++++----
 loader/lib/parser.py                          |  8 +++--
 5 files changed, 32 insertions(+), 31 deletions(-)

diff --git a/django/archives/auth.py b/django/archives/auth.py
index 6ccf131..4ae553b 100644
--- a/django/archives/auth.py
+++ b/django/archives/auth.py
@@ -29,10 +29,10 @@ import base64
 import json
 import socket
 from urllib.parse import urlparse, urlencode, parse_qs
-import urllib.request
-from Crypto.Cipher import AES
-from Crypto.Hash import SHA
-from Crypto import Random
+import requests
+from Cryptodome.Cipher import AES
+from Cryptodome.Hash import SHA
+from Cryptodome import Random
 import time
 
 
@@ -49,11 +49,6 @@ class AuthBackend(ModelBackend):
 
 # Handle login requests by sending them off to the main site
 def login(request):
-    if not hasattr(settings, 'PGAUTH_REDIRECT'):
-        # No pgauth installed, so allow local installs.
-        from django.contrib.auth.views import login
-        return login(request, template_name='admin.html')
-
     if 'next' in request.GET:
         # Put together an url-encoded dict of parameters we're getting back,
         # including a small nonce at the beginning to make sure it doesn't
@@ -63,7 +58,7 @@ def login(request):
         r = Random.new()
         iv = r.read(16)
         encryptor = AES.new(SHA.new(settings.SECRET_KEY.encode('ascii')).digest()[:16], AES.MODE_CBC, iv)
-        cipher = encryptor.encrypt(s + ' ' * (16 - (len(s) % 16)))  # pad to 16 bytes
+        cipher = encryptor.encrypt(s.encode('ascii') + b' ' * (16 - (len(s) % 16)))  # pad to 16 bytes
 
         return HttpResponseRedirect("%s?d=%s$%s" % (
             settings.PGAUTH_REDIRECT,
@@ -138,14 +133,14 @@ def auth_receive(request):
 a different username than %s.
 
 This is almost certainly caused by some legacy data in our database.
-Please send an email to webmaster@postgresql.eu, indicating the username
+Please send an email to webmaster@postgresql.org, indicating the username
 and email address from above, and we'll manually merge the two accounts
 for you.
 
 We apologize for the inconvenience.
 """ % (data['e'][0], data['u'][0]), content_type='text/plain')
 
-        if hasattr(settings, 'PGAUTH_CREATEUSER_CALLBACK'):
+        if getattr(settings, 'PGAUTH_CREATEUSER_CALLBACK', None):
             res = getattr(settings, 'PGAUTH_CREATEUSER_CALLBACK')(
                 data['u'][0],
                 data['e'][0],
@@ -208,18 +203,20 @@ def user_search(searchterm=None, userid=None):
     else:
         q = {'s': searchterm}
 
-    u = urllib.request.urlopen('%ssearch/?%s' % (
-        settings.PGAUTH_REDIRECT,
-        urlencode(q),
-    ))
-    (ivs, datas) = u.read().split('&')
-    u.close()
+    r = requests.get(
+        '{0}search/'.format(settings.PGAUTH_REDIRECT),
+        params=q,
+    )
+    if r.status_code != 200:
+        return []
+
+    (ivs, datas) = r.text.encode('utf8').split(b'&')
 
     # Decryption time
     decryptor = AES.new(base64.b64decode(settings.PGAUTH_KEY),
                         AES.MODE_CBC,
                         base64.b64decode(ivs, "-_"))
-    s = decryptor.decrypt(base64.b64decode(datas, "-_")).rstrip(' ')
+    s = decryptor.decrypt(base64.b64decode(datas, "-_")).rstrip(b' ').decode('utf8')
     j = json.loads(s)
 
     return j
diff --git a/django/archives/mailarchives/migrations/0001_initial.py b/django/archives/mailarchives/migrations/0001_initial.py
index 8c8da29..8008ba6 100644
--- a/django/archives/mailarchives/migrations/0001_initial.py
+++ b/django/archives/mailarchives/migrations/0001_initial.py
@@ -69,11 +69,11 @@ class Migration(migrations.Migration):
         migrations.AddField(
             model_name='list',
             name='group',
-            field=models.ForeignKey(to='mailarchives.ListGroup', db_column='groupid'),
+            field=models.ForeignKey(to='mailarchives.ListGroup', db_column='groupid', on_delete=models.CASCADE),
         ),
         migrations.AddField(
             model_name='attachment',
             name='message',
-            field=models.ForeignKey(to='mailarchives.Message', db_column='message'),
+            field=models.ForeignKey(to='mailarchives.Message', db_column='message', on_delete=models.CASCADE),
         ),
     ]
diff --git a/django/archives/mailarchives/migrations/0002_list_permissions.py b/django/archives/mailarchives/migrations/0002_list_permissions.py
index 4f2abbb..58c4030 100644
--- a/django/archives/mailarchives/migrations/0002_list_permissions.py
+++ b/django/archives/mailarchives/migrations/0002_list_permissions.py
@@ -29,7 +29,7 @@ class Migration(migrations.Migration):
         migrations.AddField(
             model_name='listsubscriber',
             name='list',
-            field=models.ForeignKey(to='mailarchives.List'),
+            field=models.ForeignKey(to='mailarchives.List', on_delete=models.CASCADE),
         ),
         migrations.AlterUniqueTogether(
             name='listsubscriber',
diff --git a/django/archives/mailarchives/models.py b/django/archives/mailarchives/models.py
index 0affa3b..5ffa4a4 100644
--- a/django/archives/mailarchives/models.py
+++ b/django/archives/mailarchives/models.py
@@ -76,7 +76,7 @@ class List(models.Model):
     shortdesc = models.TextField(null=False, blank=False)
     description = models.TextField(null=False, blank=False)
     active = models.BooleanField(null=False, blank=False)
-    group = models.ForeignKey(ListGroup, db_column='groupid')
+    group = models.ForeignKey(ListGroup, db_column='groupid', on_delete=models.CASCADE)
     subscriber_access = models.BooleanField(null=False, blank=False, default=False, help_text="Subscribers can access contents (default is admins only)")
 
     @property
@@ -90,7 +90,7 @@ class List(models.Model):
 
 
 class Attachment(models.Model):
-    message = models.ForeignKey(Message, null=False, blank=False, db_column='message')
+    message = models.ForeignKey(Message, null=False, blank=False, db_column='message', on_delete=models.CASCADE)
     filename = models.CharField(max_length=1000, null=False, blank=False)
     contenttype = models.CharField(max_length=1000, null=False, blank=False)
     # attachment = bytea, not supported by django at this point
@@ -113,7 +113,7 @@ class ListSubscriber(models.Model):
     # Only used when public access is not allowed.
     # We set the username of the community account instead of a
     # foreign key, because the user might not exist.
-    list = models.ForeignKey(List, null=False, blank=False)
+    list = models.ForeignKey(List, null=False, blank=False, on_delete=models.CASCADE)
     username = models.CharField(max_length=30, null=False, blank=False)
 
     class Meta:
@@ -122,8 +122,8 @@ class ListSubscriber(models.Model):
 
 
 class ResendMessage(models.Model):
-    message = models.ForeignKey(Message, null=False, blank=False)
-    sendto = models.ForeignKey(User, null=False, blank=False)
+    message = models.ForeignKey(Message, null=False, blank=False, on_delete=models.CASCADE)
+    sendto = models.ForeignKey(User, null=False, blank=False, on_delete=models.CASCADE)
     registeredat = models.DateTimeField(null=False, blank=False)
 
     class Meta:
@@ -131,7 +131,7 @@ class ResendMessage(models.Model):
 
 
 class LastResentMessage(models.Model):
-    sentto = models.ForeignKey(User, null=False, blank=False, primary_key=True)
+    sentto = models.ForeignKey(User, null=False, blank=False, primary_key=True, on_delete=models.CASCADE)
     sentat = models.DateTimeField(null=False, blank=False)
 
 
@@ -144,7 +144,7 @@ class ApiClient(models.Model):
 
 
 class ThreadSubscription(models.Model):
-    apiclient = models.ForeignKey(ApiClient, null=False, blank=False)
+    apiclient = models.ForeignKey(ApiClient, null=False, blank=False, on_delete=models.CASCADE)
     threadid = models.IntegerField(null=False, blank=False)
 
     class Meta:
diff --git a/loader/lib/parser.py b/loader/lib/parser.py
index c6ee98f..b9caace 100644
--- a/loader/lib/parser.py
+++ b/loader/lib/parser.py
@@ -258,12 +258,16 @@ class ArchivesParser(object):
                 # Don't include it if it looks like an attachment
                 if 'Content-Disposition' in p and p['Content-Disposition'].startswith('attachment'):
                     continue
-                return self.get_payload_as_unicode(p)
+                t = self.get_payload_as_unicode(p)
+                if t:
+                    return t
             if html_instead and p.get_params()[0][0].lower() == 'text/html':
                 # Don't include it if it looks like an attachment
                 if 'Content-Disposition' in p and p['Content-Disposition'].startswith('attachment'):
                     continue
-                return self.get_payload_as_unicode(p)
+                t = self.get_payload_as_unicode(p)
+                if t:
+                    return t
             if p.is_multipart():
                 b = self.recursive_first_plaintext(p, html_instead)
                 if b or b == '':
-- 
2.39.5