WIP: Upgrade django-ninja

isic/core/tests/test_isic_oauth_app.py

@@ -1,11 +1,11 @@
 from datetime import timedelta
 
 from django.test import RequestFactory
-from django.urls import path
 from django.utils import timezone
 from ninja import NinjaAPI
 from oauth2_provider.models import get_access_token_model, get_application_model
 import pytest
+from resonant_utils.ninja import TestClient
 
 from isic import auth
 from isic.core.models.base import IsicOAuthApplication
@@ -59,11 +59,8 @@ def test_redirect_uri_allowed(user, uri, allowed_uris, allowed):
 
 
 @pytest.fixture
-def test_oauth_api_endpoints(request):
-    # this is pretty gross, but DOT requires a "more" real request object be created, meaning the
-    # ninja test client can't be used since it mocks it. using the django test client means we have
-    # to add real routes and then remove them.
-    api = NinjaAPI(urls_namespace=request.function.__name__, auth=auth.allow_any)
+def api_client(request):
+    api = NinjaAPI(urls_namespace=request.node.name, auth=auth.allow_any)
 
     @api.get("/allow-any")
     def allow_any_view(request):
@@ -77,16 +74,9 @@ def is_authenticated_view(request):
     def is_staff_view(request):
         return {}
 
-    urlpattern = path("test-oauth/", api.urls)
+    yield TestClient(api)
 
-    from isic.urls import urlpatterns
-
-    urlpatterns.append(urlpattern)
-
-    yield
-
-    urlpatterns.remove(urlpattern)
-    NinjaAPI._registry.remove(request.function.__name__)
+    NinjaAPI._registry.remove(request.node.name)
 
 
 def get_bearer_token(user, oauth_token_factory):
@@ -95,89 +85,72 @@ def get_bearer_token(user, oauth_token_factory):
 
 
 @pytest.mark.django_db
-@pytest.mark.usefixtures("test_oauth_api_endpoints")
-def test_allow_any_with_no_auth(client):
-    response = client.get("/test-oauth/allow-any")
+def test_allow_any_with_no_auth(api_client):
+    response = api_client.get("/allow-any")
     assert response.status_code == 200
 
 
 @pytest.mark.django_db
-@pytest.mark.usefixtures("test_oauth_api_endpoints")
-def test_allow_any_with_session_auth(client, user):
-    client.force_login(user)
-    response = client.get("/test-oauth/allow-any")
+def test_allow_any_with_session_auth(api_client, user):
+    response = api_client.get("/allow-any", user=user)
     assert response.status_code == 200
 
 
 @pytest.mark.django_db
-@pytest.mark.usefixtures("test_oauth_api_endpoints")
-def test_allow_any_with_bearer_token(client, user, oauth_token_factory):
+def test_allow_any_with_bearer_token(api_client, user, oauth_token_factory):
     token = get_bearer_token(user, oauth_token_factory)
-    response = client.get("/test-oauth/allow-any", headers={"Authorization": f"Bearer {token}"})
+    response = api_client.get("/allow-any", headers={"Authorization": f"Bearer {token}"})
     assert response.status_code == 200
 
 
 @pytest.mark.django_db
-@pytest.mark.usefixtures("test_oauth_api_endpoints")
-def test_is_authenticated_with_no_auth(client):
-    response = client.get("/test-oauth/is-authenticated")
+def test_is_authenticated_with_no_auth(api_client):
+    response = api_client.get("/is-authenticated")
     assert response.status_code == 401
 
 
 @pytest.mark.django_db
-@pytest.mark.usefixtures("test_oauth_api_endpoints")
-def test_is_authenticated_with_session_auth(client, user):
-    client.force_login(user)
-    response = client.get("/test-oauth/is-authenticated")
+def test_is_authenticated_with_session_auth(api_client, user):
+    response = api_client.get("/is-authenticated", user=user)
     assert response.status_code == 200
 
 
 @pytest.mark.django_db
-@pytest.mark.usefixtures("test_oauth_api_endpoints")
-def test_is_authenticated_with_bearer_token(client, user, oauth_token_factory):
+def test_is_authenticated_with_bearer_token(api_client, user, oauth_token_factory):
     token = get_bearer_token(user, oauth_token_factory)
-    response = client.get(
-        "/test-oauth/is-authenticated", headers={"Authorization": f"Bearer {token}"}
-    )
+    response = api_client.get("/is-authenticated", headers={"Authorization": f"Bearer {token}"})
     assert response.status_code == 200
 
 
 @pytest.mark.django_db
-@pytest.mark.usefixtures("test_oauth_api_endpoints")
-def test_is_staff_with_no_auth(client):
-    response = client.get("/test-oauth/is-staff")
+def test_is_staff_with_no_auth(api_client):
+    response = api_client.get("/is-staff")
     assert response.status_code == 401
 
 
 @pytest.mark.django_db
-@pytest.mark.usefixtures("test_oauth_api_endpoints")
-def test_is_staff_with_session_auth(client, staff_user):
-    client.force_login(staff_user)
-    response = client.get("/test-oauth/is-staff")
+def test_is_staff_with_session_auth(api_client, staff_user):
+    response = api_client.get("/is-staff", user=staff_user)
     assert response.status_code == 200
 
 
 @pytest.mark.django_db
-@pytest.mark.usefixtures("test_oauth_api_endpoints")
-def test_is_staff_with_bearer_token(client, staff_user, oauth_token_factory):
+def test_is_staff_with_bearer_token(api_client, staff_user, oauth_token_factory):
     token = get_bearer_token(staff_user, oauth_token_factory)
-    response = client.get("/test-oauth/is-staff", headers={"Authorization": f"Bearer {token}"})
+    response = api_client.get("/is-staff", headers={"Authorization": f"Bearer {token}"})
     assert response.status_code == 200
 
 
 @pytest.mark.django_db
-@pytest.mark.usefixtures("test_oauth_api_endpoints")
-def test_is_staff_with_nonstaff_user_session(client, nonstaff_user):
-    client.force_login(nonstaff_user)
-    response = client.get("/test-oauth/is-staff")
+def test_is_staff_with_nonstaff_user_session(api_client, nonstaff_user):
+    response = api_client.get("/is-staff", user=nonstaff_user)
     assert response.status_code == 401
 
 
 @pytest.mark.django_db
-@pytest.mark.usefixtures("test_oauth_api_endpoints")
-def test_is_staff_with_nonstaff_bearer_token(client, nonstaff_user, oauth_token_factory):
+def test_is_staff_with_nonstaff_bearer_token(api_client, nonstaff_user, oauth_token_factory):
     token = get_bearer_token(nonstaff_user, oauth_token_factory)
-    response = client.get("/test-oauth/is-staff", headers={"Authorization": f"Bearer {token}"})
+    response = api_client.get("/is-staff", headers={"Authorization": f"Bearer {token}"})
     assert response.status_code == 401
 
 

isic/urls.py

@@ -34,7 +34,6 @@
     version="v2",
     docs_url=None,  # we want to serve the docs next to the ninja root rather than under it
     auth=allow_any,
-    csrf=True,
     urls_namespace="api",
 )
 swagger_view = partial(openapi_view, api=api)

pyproject.toml

@@ -25,11 +25,11 @@ dependencies = [
   "django-filter==25.2",
   "django-json-widget==2.1.1",
   "django-markdownify==0.9.7",
-  "django-ninja==1.4.5",
+  "django-ninja==1.6.2",
   "django-oauth-toolkit==1.7.1",
   "django-redis==6.0.0",
   "django-resonant-settings[allauth,celery]==0.51.0",
-  "django-resonant-utils[allauth,s3_storage]==0.19.0",
+  "django-resonant-utils[allauth,ninja,s3_storage]==0.19.0",
   "django-stubs-ext==5.2.9",
   "django-widget-tweaks==1.5.1",
   "gdal==3.11.0",
@@ -265,9 +265,6 @@ filterwarnings = [
   "error",
   # pytest often causes unclosed socket warnings
   'ignore:unclosed <socket\.socket:ResourceWarning',
-  # https://github.com/vitalik/django-ninja/issues/1245
-  "ignore:Support for class-based `config` is deprecated:pydantic.warnings.PydanticDeprecatedSince20",
-  "ignore:csrf argument is deprecated:DeprecationWarning:isic.urls",
   # In test_publish_copies_default_attribution
   'ignore:Unclosed file <tempfile\.SpooledTemporaryFile:ResourceWarning',
 ]