fix #593

misago/categories/signals.py

@@ -1,10 +1,8 @@
 from django.dispatch import Signal, receiver
 
-from misago.core import serializer
-from misago.core.signals import secret_key_changed
 from misago.users.signals import username_changed
 
-from .models import Category, CategoryRole
+from .models import Category
 
 
 delete_category_content = Signal()
@@ -14,15 +12,6 @@ move_category_content = Signal(providing_args=["new_category"])
 """
 Signal handlers
 """
-@receiver(secret_key_changed)
-def update_roles_pickles(sender, **kwargs):
-    for role in CategoryRole.objects.iterator():
-        if role.pickled_permissions:
-            role.pickled_permissions = serializer.regenerate_checksum(
-                role.pickled_permissions)
-            role.save(update_fields=['pickled_permissions'])
-
-
 @receiver(username_changed)
 def update_usernames(sender, **kwargs):
     Category.objects.filter(last_poster=sender).update(

misago/core/management/commands/remakemisagochecksums.py

@@ -1,30 +0,0 @@
-from django.core.management.base import BaseCommand
-from django.utils.encoding import force_str
-from django.utils.six.moves import input
-
-from ...signals import secret_key_changed
-
-
-class Command(BaseCommand):
-    help = 'Regenerates Misago checksums after SECRET_KEY changed.'
-
-    def add_arguments(self, parser):
-        parser.add_argument(
-            '--force',
-            action='store_true',
-            dest='force',
-            default=False,
-            help='Do not ask for confirmation',
-        )
-
-    def handle(self, *args, **options):
-        message = force_str("This will replace all checksums "
-                            "in database with new ones, marking "
-                            "all data as trusted. Are you sure "
-                            "you wish to continue? [Y/n]")
-        if options['force'] or input(message).strip().lower() == "y":
-            self.stdout.write("\nRegenerating checksums...")
-            secret_key_changed.send(self)
-            self.stdout.write("\nDone!")
-        else:
-            self.stdout.write("\nAborted!")

misago/core/serializer.py

@@ -1,39 +0,0 @@
-import base64
-from hashlib import sha256
-
-from django.conf import settings
-
-
-try:
-    import cPickle as pickle
-except ImportError:
-    import pickle
-
-
-
-def _checksum(base):
-    return sha256(('%s+%s' % (settings.SECRET_KEY, base)).encode()).hexdigest()[:14]
-
-
-def loads(dry):
-    checksum = dry[:14]
-    base = dry[14:]
-
-    if _checksum(base) == checksum:
-        return pickle.loads(base64.decodestring(base.encode()))
-    else:
-        raise ValueError("pickle checksum is invalid")
-
-
-def dumps(wet):
-    from misago.core.deprecations import warn
-    warn('misago.core.serializer is being replaced with json')
-    base = base64.encodestring(pickle.dumps(wet, pickle.HIGHEST_PROTOCOL)).decode()
-    checksum = _checksum(base)
-    return '%s%s' % (checksum, base)
-
-
-def regenerate_checksum(dry):
-    base = dry[14:]
-    checksum = _checksum(base)
-    return '%s%s' % (checksum, base)

misago/core/signals.py

@@ -1,4 +0,0 @@
-import django.dispatch
-
-
-secret_key_changed = django.dispatch.Signal()

misago/core/tests/test_remakemisagochecksums.py

@@ -1,16 +0,0 @@
-from django.core.management import call_command
-from django.test import TestCase
-from django.utils.six import StringIO
-
-from ..management.commands import remakemisagochecksums
-
-
-class RemakeMisagoChecksumsTests(TestCase):
-    def test_remake_checksums(self):
-        """command raises no errors"""
-        command = remakemisagochecksums.Command()
-
-        out = StringIO()
-        call_command(command, "--force", stdout=out)
-        command_output = out.getvalue().splitlines()[-1].strip()
-        self.assertEqual(command_output, "Done!")

misago/core/tests/test_serializer.py

@@ -1,25 +0,0 @@
-from django.test import TestCase
-from django.utils.six.moves import range
-
-from .. import serializer
-
-
-class SerializerTests(TestCase):
-    def test_serializer(self):
-        """serializer dehydrates and hydrates values of different types"""
-        TEST_CASES = (
-            'LoremIpsum', 123, [1, 2, '4d'], {'bawww': 'zong', 23: True}
-        )
-
-        for wet in TEST_CASES:
-            dry = serializer.dumps(wet)
-            self.assertFalse(dry.endswith('='))
-            self.assertEqual(wet, serializer.loads(dry))
-
-    def test_serializer_handles_paddings(self):
-        """serializer handles missing paddings"""
-        for i in range(100):
-            wet = 'Lorem ipsum %s' % ('a' * i)
-            dry = serializer.dumps(wet)
-            self.assertFalse(dry.endswith('='))
-            self.assertEqual(wet, serializer.loads(dry))

misago/markup/checksums.py

@@ -22,14 +22,12 @@ in char fields with max_length=64
 """
 from hashlib import sha256
 
-from django.conf import settings
 from django.utils import six
 
 
 def make_checksum(parsed, unique_values=None):
     unique_values = unique_values or []
-    seeds = [parsed, settings.SECRET_KEY]
-    seeds.extend([six.text_type(v) for v in unique_values])
+    seeds = [parsed] + [six.text_type(v) for v in unique_values]
 
     return sha256('+'.join(seeds).encode("utf-8")).hexdigest()
 

misago/users/credentialchange.py

@@ -9,8 +9,6 @@ from django.conf import settings
 from django.utils import six
 from django.utils.encoding import force_bytes
 
-from misago.core import serializer
-
 
 __all__ = ['create_change_token', 'read_token']
 

misago/users/signals.py

@@ -1,8 +1,5 @@
-from django.contrib.auth import get_user_model
 from django.dispatch import Signal, receiver
 
-from misago.core.signals import secret_key_changed
-
 
 delete_user_content = Signal()
 username_changed = Signal()
@@ -13,19 +10,14 @@ Signal handlers
 """
 @receiver(username_changed)
 def handle_name_change(sender, **kwargs):
-    sender.user_renames.update(changed_by_username=sender.username)
-    sender.warnings_given.update(giver_username=sender.username,
-                                 giver_slug=sender.slug)
-    sender.warnings_canceled.update(canceler_username=sender.username,
-                                    canceler_slug=sender.slug)
-
-
-@receiver(secret_key_changed)
-def update_signatures_checksums(sender, **kwargs):
-    User = get_user_model()
-
-    for user in User.objects.iterator():
-        if user.signature:
-            new_checksum = make_signature_checksum(user.signature_parsed, user)
-            user.signature_checksum = new_checksum
-            user.save(update_fields=['signature_checksum'])
+    sender.user_renames.update(
+        changed_by_username=sender.username
+    )
+    sender.warnings_given.update(
+        giver_username=sender.username,
+        giver_slug=sender.slug
+    )
+    sender.warnings_canceled.update(
+        canceler_username=sender.username,
+        canceler_slug=sender.slug
+    )