Deleting application submissions + version bump

backend/Pipfile

@@ -1,3 +1,4 @@
+[[source]]
 name = "pypi"
 url = "https://pypi.org/simple"
 verify_ssl = true
@@ -35,7 +36,7 @@ drf-renderer-xlsx = "==0.3.9"
 python-dateutil = "*"
 psycopg2 = "*"
 django-simple-history = "*"
-channels = "<3"
+channels = "*"
 django-runtime-options = "*"
 social-auth-app-django = "*"
 django-redis = "*"
@@ -52,6 +53,9 @@ unittest-xml-reporting = "*"
 tblib = "*"
 pre-commit = "*"
 django-clone = "*"
+click = "==8.0.4"
+tinycss2 = "*"
+"backports.zoneinfo" = "*"
 
 [requires]
-python_version = "3"
+python_version = ">=3.0,<=3.9"

backend/clubs/management/commands/populate.py

@@ -36,8 +36,8 @@
     {
         "code": "pppjo",
         "name": "Penn Pre-Professional Juggling Organization",
-        "description": """The PPPJO is looking for intense jugglers seeking to juggle their way to the top.
-Come with your juggling equipment (and business formal attire) to
+        "description": """The PPPJO is looking for intense jugglers seeking to juggle
+their way to the top. Come with your juggling equipment (and business formal attire) to
 hone your skills in time for recruiting season!""",
         "image": "https://i.imgur.com/WwUKiHP.png",
         "email": "[email protected]",
@@ -100,8 +100,8 @@
     {
         "code": "lorem-ipsum",
         "name": "Penn Lorem Ipsum Club",
-        "description": """<i>Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod
-tempor incididunt ut labore et dolore magna aliqua.</i>""",
+        "description": """<i>Lorem ipsum dolor sit amet, consectetur adipiscing elit,
+sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.</i>""",
         "tags": [{"name": "Undergraduate"}],
         "founded": "2003-01-01",
         "size": Club.SIZE_LARGE,
@@ -185,8 +185,9 @@
         "name": "Empty Club",
         "description": "A club without any members.",
         "email": "[email protected]",
-        "how_to_get_involved": """Anyone can join this club, just send us a membership request!
- See www.google.com for more details. Alternatively, contact [email protected].""",
+        "how_to_get_involved": """Anyone can join this club, just send us a membership
+request! See www.google.com for more details. Alternatively, contact
+[email protected].""",
         "active": True,
         "approved": True,
         "accepting_members": True,

backend/clubs/management/commands/rank.py

@@ -109,7 +109,7 @@ def rank(self):
 
             # points for longer descriptions
             cleaned_description = bleach.clean(
-                club.description, tags=[], attributes={}, styles=[], strip=True
+                club.description, tags=[], attributes={}, strip=True
             ).strip()
 
             if len(cleaned_description) > 25:

backend/clubs/routing.py

@@ -1,10 +1,10 @@
 from django.urls import path
 
-from . import consumers
+from clubs import consumers
 
 
 websocket_urlpatterns = [
-    path(r"api/ws/chat/<slug:club_code>/", consumers.ChatConsumer),
-    path(r"api/ws/event/<slug:event_id>/", consumers.LiveEventConsumer),
-    path(r"api/ws/script/", consumers.ExecuteScriptConsumer),
+    path(r"api/ws/chat/<slug:club_code>/", consumers.ChatConsumer.as_asgi()),
+    path(r"api/ws/event/<slug:event_id>/", consumers.LiveEventConsumer.as_asgi()),
+    path(r"api/ws/script/", consumers.ExecuteScriptConsumer.as_asgi()),
 ]

backend/clubs/utils.py

@@ -4,6 +4,7 @@
 
 import bleach
 import requests
+from bleach.css_sanitizer import CSSSanitizer
 from bs4 import BeautifulSoup, Comment, NavigableString
 from django.conf import settings
 from django.core.files.images import ImageFile
@@ -128,6 +129,15 @@ def clean(text):
     """
     Uses bleach to sanitize HTML input with a larger group of exceptions.
     """
+    css_sanitizer = CSSSanitizer(
+        allowed_css_properties=[
+            "color",
+            "background-color",
+            "text-align",
+            "font-size",
+            "font-family",
+        ]
+    )
     return bleach.clean(
         text,
         tags=bleach.sanitizer.ALLOWED_TAGS
@@ -159,7 +169,7 @@ def clean(text):
             **bleach.sanitizer.ALLOWED_ATTRIBUTES,
             **{"*": ["style"], "img": ["src", "alt"], "iframe": allow_iframe},
         },
-        styles=["color", "background-color", "text-align", "font-size", "font-family"],
+        css_sanitizer=css_sanitizer,
     )
 
 

backend/clubs/views.py

@@ -45,7 +45,7 @@
 from django.utils.text import slugify
 from ics import Calendar as ICSCal
 from ics import Event as ICSEvent
-from ics import parse as ICSParse
+from ics.grammar.parse import ContentLine as ICSParse
 from options.models import Option
 from rest_framework import filters, generics, parsers, serializers, status, viewsets
 from rest_framework.decorators import action
@@ -3284,9 +3284,7 @@ def get(self, request, *args, **kwargs):
             creator=f"{settings.BRANDING_SITE_NAME} ({settings.DOMAINS[0]})"
         )
         calendar.extra.append(
-            ICSParse.ContentLine(
-                name="X-WR-CALNAME", value=f"{settings.BRANDING_SITE_NAME} Events"
-            )
+            ICSParse(name="X-WR-CALNAME", value=f"{settings.BRANDING_SITE_NAME} Events")
         )
 
         # only fetch events newer than the past month
@@ -4417,9 +4415,10 @@ def question_response(self, *args, **kwargs):
             return Response(
                 {
                     "success": False,
-                    "detail": """You cannot submit to more than two committees for any particular club application.
-                    In case you'd like to change the committees you applied to,
-                    you can delete submissions on the submissions page""",
+                    "detail": """You cannot submit to more than two committees for any
+                    particular club application. In case you'd like to change the
+                    committees you applied to, you can delete submissions on the
+                    submissions page""",
                 }
             )
         submission = ApplicationSubmission.objects.create(
@@ -4849,10 +4848,11 @@ def perform_destroy(self, instance):
         appears to have been deleted
         """
 
-        instance.archived = True
-        instance.archived_by = self.request.user
-        instance.archived_on = timezone.now()
-        instance.save()
+        ApplicationSubmission.objects.filter(
+            user=instance.user,
+            application=instance.application,
+            committee=instance.committee,
+        ).update(archived=True)
 
 
 class ApplicationQuestionViewSet(viewsets.ModelViewSet):

backend/pennclubs/settings/base.py

@@ -217,6 +217,7 @@
 
 # Django Channels settings
 
+LANGUAGE_SESSION_KEY = "_language"
 ASGI_APPLICATION = "pennclubs.routing.application"
 
 

backend/pennclubs/settings/development.py

@@ -10,6 +10,9 @@
 MIDDLEWARE = ["debug_toolbar.middleware.DebugToolbarMiddleware"] + MIDDLEWARE
 INTERNAL_IPS = ["127.0.0.1"]
 
+# Trust frontend (http://localhost:3000) on development
+CSRF_TRUSTED_ORIGINS = ["http://**", "http://localhost:3000"]
+
 # Allow http callback for DLA
 os.environ["OAUTHLIB_INSECURE_TRANSPORT"] = "1"
 

backend/tests/clubs/test_views.py

@@ -1061,8 +1061,8 @@ def test_club_create_description_sanitize_good(self):
         """
         Ensure that descriptions are properly sanitized.
         """
-        test_good_string = """<p>Here\'s some <b>bold</b>, <i>italic</i>, <u>underline</u>,
-        and a <a href=\"http://example.com\">link</a>.<br></p>
+        test_good_string = """<p>Here\'s some <b>bold</b>, <i>italic</i>,
+        <u>underline</u>, and a <a href=\"http://example.com\">link</a>.<br></p>
 <ul>
     <li>One</li>
     <li>Two</li>

frontend/yarn.lock

@@ -4515,9 +4515,9 @@ camelize@^1.0.0:
   integrity sha1-FkpUg+Yw+kMh5a8HAg5TGDGyYJs=
 
 caniuse-lite@^1.0.30001109, caniuse-lite@^1.0.30001125, caniuse-lite@^1.0.30001173, caniuse-lite@^1.0.30001179, caniuse-lite@^1.0.30001181:
-  version "1.0.30001192"
-  resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001192.tgz#b848ebc0ab230cf313d194a4775a30155d50ae40"
-  integrity sha512-63OrUnwJj5T1rUmoyqYTdRWBqFFxZFlyZnRRjDR8NSUQFB6A+j/uBORU/SyJ5WzDLg4SPiZH40hQCBNdZ/jmAw==
+  version "1.0.30001390"
+  resolved "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001390.tgz"
+  integrity sha512-sS4CaUM+/+vqQUlCvCJ2WtDlV81aWtHhqeEVkLokVJJa3ViN4zDxAGfq9R8i1m90uGHxo99cy10Od+lvn3hf0g==
 
 capture-exit@^2.0.0:
   version "2.0.0"