Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace django-fernet-fields dependency #1

Closed
jmbowman opened this issue Jul 15, 2021 · 10 comments
Closed

Replace django-fernet-fields dependency #1

jmbowman opened this issue Jul 15, 2021 · 10 comments
Assignees
@regisb
Labels
outdated dependency A dependency needs to be updated or replaced to support an upgrade initiative
Milestone
Django 3.2 deprec...

Comments

@jmbowman
Copy link

We use the django-fernet-fields package in edx/edx-enterprise, edx/edx-enterprise-data, edx/edx-platform, edx/edx-val, edx/event-routing-backends, and edx/video-encode-manager, but it was abandoned in January; details and a potentially upcoming fork can be found in orcasgit/django-fernet-fields#28 . Please follow the guidance in https://openedx.atlassian.net/wiki/spaces/AC/pages/3036972032/Handling+Outdated+Dependencies to resolve the problem this poses for the Open edX Django 3.2 upgrade.
@jmbowman jmbowman added the outdated dependency A dependency needs to be updated or replaced to support an upgrade initiative label Jul 15, 2021
@regisb
Copy link

regisb commented Aug 30, 2021
edited
Loading

django-fernet-fields is compatible with django 3.2, but it triggers the following warning:

RemovedInDjango40Warning: force_text() is deprecated in favor of force_str().

I propose the following:

  1. Fork the original project from https://github.com/orcasgit/django-fernet-fields/ to https://github.com/edx/django-fernet-fields/
  2. Replace force_text by force_str in fernet_fields/fields.py
  3. Bump the version number to 0.6.1
  4. Tag 0.6.1 in the forked repo
  5. Install from source

Let me know if the approach above works for you. If yes, I can take care of it.

EDIT: to reproduce the issue, I did the following steps:

git clone https://github.com/orcasgit/django-fernet-fields
cd django-fernet-fields
pip install -r requirements.txt
tox -e py38-djangolatest-sqlite

@jmbowman you can assign the issue to me.

@natabene
Copy link

natabene commented Sep 2, 2021

@regisb Thank you for looking into this, I appreciate! I have assigned this to you.
@jmbowman Do you agree with the proposed?

@jmbowman
Copy link
Author

Sorry for the delayed response, I tried and failed to delegate this and a few other tasks. If the current PyPI release works with 3.2 and we just need to put up with the deprecation warnings for 4.0, I'm inclined to stick with that for now and offer assistance on orcasgit/django-fernet-fields#28 . The https://github.com/dstarner/django-fernet-fields fork has already been created with some updates, and there's also a recent proposal to move the project to Jazzband. @regisb , does this sound reasonable to you? If so, I think we can just close this.

@regisb
Copy link

regisb commented Sep 16, 2021

Given the urgency of the Django 3.2 upgrade, I agree that we can live with a simple deprecation warning. Feel free to close this.

@DawoudSheraz DawoudSheraz mentioned this issue Jan 10, 2022
Closed
@johnnagro
Copy link

johnnagro commented Apr 28, 2022
edited
Loading

leaving a note here for future django 4 upgrade work. a new fork of django-fernet-fields called djfernet supports django 4, is backwards compatible with existing settings/data (>= 0.8.0), and is published in pypi

orcasgit/django-fernet-fields#28 (comment)

I may be able to help execute upgrading/migrating to this library as part of our upcoming edx-enterprise work where we want to make use of encrypted columns.

@awais786
Copy link

awais786 commented Jun 6, 2023

@johnnagro our team is working on django4.2 upgrade and this package needs upgrade. Are you still interested to work on this ?

@awais786
Copy link

awais786 commented Aug 7, 2023

@jmbowman We need to update this package in edx-enterprise.
djfernet supports django 4.0 but it has no update for last 1 year. So it does not make sense to replaced abandoned package with another abandoned one.

I think we can fork django-fernet-fields and add support of django42.

@jmbowman
Copy link
Author

It looks like some usage of django-fernet-fields has already been replaced with djferent (and some repos like edx-platform use both for some reason): https://github.com/search?q=user%3Aopenedx+django-fernet-fields&type=code . And the djfernet maintainer did test against Django 4.1 6 months ago: https://yourlabs.io/oss/djfernet/-/issues/3 . Could we try submitting a PR for the usual CI, Trove classifier, etc. updates and see if it gets merged and released? We could still fork ourselves or try migrating to https://pypi.org/project/django-fernet-encrypted-fields/ if there isn't a timely response. If it's truly a drop-in replacement, I'd rather consolidate onto one of the 2 packages we already use and then follow up on the topic of long-term maintenance after the Django 4.2 upgrade is complete.

@feanil
Copy link

feanil commented Sep 14, 2023

@jmbowman it looks like we're using django-fernet-fields-v2 in edx-platform which is an updated version of the original and seems to be fairly up-to-date with a new release last month. https://pypi.org/project/djfernet/ seems to be less up-to-date than https://pypi.org/project/django-fernet-fields-v2/

@pshiu pshiu mentioned this issue Sep 14, 2023
Open
@jmbowman
Copy link
Author

Yes, Arbi-BOM ultimately settled on django-fernet-fields-v2 and has been switching to that in the course of preparing for the Django 4.2 upgrade: #215 .

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@regisb regisb

Labels
outdated dependency A dependency needs to be updated or replaced to support an upgrade initiative
Projects
None yet
Milestone
Django 3.2 deprecation warnings fixed
Development

No branches or pull requests
6 participants
@johnnagro @regisb @awais786 @feanil @jmbowman @natabene