Fix invocation of celery command for Celery 5.0+ Previous versions of the EDD code were launching Celery with a command like `celery worker -A edd [...]`. Starting with Celery 5.0, this command must be run as `celery -A edd worker [...]` instead. Fixing the invoke script in the Docker image to use the updated command.

Fix typos revealed during non-testing deploy Oops. Default auth settings had an extra 's' at end of `auth_backend`. The ManualVerification* `authenticate` method was enforcing receiving username and password arguments, when the method did not need to use those and should just be passing along all keyword arguments.

Send email to approval contact when set 

Merge pull request #622 in EDD/edd-django from ~MARK.FORRER/edd-djang… …o:hotfix/EDD-1245-submit-broken to release/20200206 Squashed commit of the following: commit b12f0f04785821489fdd76b2db408b7399fa21fd Author: Mark Forrer <mark.forrer@lbl.gov> Date: Tue Feb 25 14:02:11 2020 -0800 Fixed legacy import submit button

Explicitly load TinyMCE theme styles The default behavior of TinyMCE v5.x is to have the tinymce.init() function dynamically load in styles for the editor. These files will not be in place when using webpack, so we must explicitly load the relevant styles in Webpack, and pass in options to tinymce.init() to disable the dynamic loading behavior in favor of the bundled-and-minified Webpack stylesheet.

Replace raw query with QuerySet iterator() Streaming exports were attempting to manually create a server-side cursor, then yield the results in a loop. Django supports doing this natively, however, so the previous hack is no longer necessary.

Add immediate timeout to import submit Some cases allowed an import to be submitted without units set, causing an error. Adding an immediate timeout ensures that if the submit occurs contemporaneous with an autocomplete edit, the edit can complete and set units for the import.

Replace non-test assert statements with Exceptions Fix for EDD-1214, should clear up some of the unhandled exceptions revealed from security scans.

Merge pull request #588 in EDD/edd-django from ~WCMORRELL/edd:release… …-login-issues to release/20190909 Squashed commit of the following: commit 09a3bd6eaab1fa1f7ae2309ae11107895919bbc2 Author: William Morrell <WCMorrell@lbl.gov> Date: Thu Dec 5 14:49:54 2019 -0800 Merge pull request #587 in EDD/edd-django from ~WCMORRELL/edd:local-acct-issues to master Squashed commit of the following: commit 654d44dcf9e5e5d62cbcf8d7f399d20e4bf43e9f Author: William Morrell <WCMorrell@lbl.gov> Date: Thu Dec 5 12:49:19 2019 -0800 Better display of user in base template commit 4e11d0a42fe780a830495c0401d523e086766606 Author: William Morrell <WCMorrell@lbl.gov> Date: Thu Dec 5 11:48:38 2019 -0800 Fix invalid redirect after login The login page template was rendering a literal string "None" for the redirect URL following successful login, which resulted in the invalid URL /accounts/login/None. Changed template to render an empty string if no specific redirect is requested. commit 948299460baa7bf3af6a0a9f19271cbf4b07e2d2 Author: William Morrell <WCMorrell@lbl.gov> Date: Wed Dec 4 16:14:55 2019 -0800 Change local username default to email When creating a local db account, the current forms only ask for an email and a desired password (with second confirm). From this, a username is generated, but it's very easy to miss if your username ends up differing from what is expected; e.g. jsmith@example.com could easily be assigned a username of jsmith666, with only the email verification message stating that the username differs from what was given to EDD. This changes things to default the username to the email disclosed in the signup form, and tweaks a bug exposed in the notification code where the username was always expected to be a valid notification group name. Channels expects only alnum+hyphen+period in group names, which an email @ breaks. commit e9fe91bba1f11d67da2bf449677b0d5954b15541 Author: William Morrell <WCMorrell@lbl.gov> Date: Wed Nov 20 14:41:25 2019 -0800 Adds admin tools to handle local-db auth accounts Actions to deactivate accounts in bulk, migrate accounts from having the ability to login via local-db to only allowing login via LDAP, and filters to see which accounts have local-db login as an option. commit 8dac90fd21ea8cef128e8f754bd7cd06dc364ed0 Author: William Morrell <WCMorrell@lbl.gov> Date: Mon Nov 18 16:12:00 2019 -0800 Fix failed call syncing ICE experiment link labels

Merge pull request #584 in EDD/edd-django from ~WCMORRELL/edd:eslint-… …release to release/20190909 Squashed commit of the following: commit ba611a0472c8568cb2a48cb4c738ec0efdd84a6f Author: William Morrell <WCMorrell@lbl.gov> Date: Thu Nov 14 13:33:27 2019 -0800 Fix errors on Data page when only one timepoint Code generating the SVG numberline cells would do a division-by-zero when only one timepoint exists, rendering invalid SVG and throwing errors. Added in more type information to make it clear what is happening, and fix the division by zero to fall back to a default value when only one timepoint exists. commit 33760ff1ad3e20cc5861ac0319968c9b1eed974c Author: William Morrell <WCMorrell@lbl.gov> Date: Thu Nov 14 12:01:20 2019 -0800 Fix error on load of Import preventing Step 2 Ticket submitted by CJPetzold, EDD-1204. Looks like some code dating to around when the TypeScript conversion was done is at fault. Adding an event listener on window load, using a non-function object, and using a this variable outside the context of a class or function. It appears using webpack3 to build this would just drop the code as not making sense, or wrap it in a context with a this resulting in an undefined callback getting registered. It throws an error under webpack4 / newer tsc. commit 30159de47c19996846e910e5f0c9a53e5c00dc95 Author: William Morrell <WCMorrell@lbl.gov> Date: Tue Nov 12 12:41:00 2019 -0800 Add prettier formatter Applies the prettier auto-formatter to all TypeScript code, consistent with the ESLint/TSLint rules. Also uses prettier plugins to format YAML, JSON, CSS, Markdown. For the moment, ignoring HTML, as the bulk of EDD HTML is instead Django Template files rendering to HTML, and there is no plugin for Django Template syntax. commit d6332ace72da0fde963a3c634c7581e812146209 Author: William Morrell <WCMorrell@lbl.gov> Date: Mon Nov 11 17:09:07 2019 -0800 Fix eslint/tslint warnings after plugin enable commit 64ac6588e885e7c08e1e7c1b32318a4c78416198 Author: William Morrell <WCMorrell@lbl.gov> Date: Mon Nov 11 11:22:53 2019 -0800 Exclude react from vendors module The only entrypoint using react is the Import2 module. Including the react modules with everything else was generating warnings around inconsistent ordering of stylesheet imports. Since we do not need react styles everywhere, it's simpler to just use a vendors module that includes everything except react, and bundle the react code with Import2. commit e716949ef1c31bbc033dfc9f62360dddd6bc209c Author: William Morrell <WCMorrell@lbl.gov> Date: Wed Nov 6 14:05:49 2019 -0800 Apply auto-fix option to TypeScript build commit 9ad17763855baa0b02fe11ff92c7a6842d26ac42 Author: William Morrell <WCMorrell@lbl.gov> Date: Wed Nov 6 14:00:18 2019 -0800 Include eslint in webpack build commit 8b8199f0b3c218028a63afa1e696b37fe3b4c9a5 Author: Mark Forrer <mark.forrer@lbl.gov> Date: Mon Nov 4 14:42:22 2019 -0800 Fixed bad error message construction commit 9e86e95e853dfcaf9d35c47e6650d96ea1221e93 Author: William Morrell <WCMorrell@lbl.gov> Date: Wed Oct 30 12:29:40 2019 -0700 Fix auto-validation of emails from LDAP The LDAP backend code has a hook so that any email address coming from LDAP gets auto-verified, so that users do not need to receive an email and click on a verification link. This code was using update_or_create() to add an entry in the database for the email, but because it was using a filter of email__iexact, it would end up always trying to insert an empty email address. The documentation on update_or_create() points to get_or_create() to describe how filters are handled, and the algorithm described excludes any filters that are not direct fields. The change here modifies the validation hook to properly set the email from LDAP, and cleans up edge-cases.