search

civictechindex / CTI-website-frontend

Join a worldwide movement to catalog 
every open source 
civic tech project.
https://civictechindex.org
MIT License
31 stars 29 forks source link

Fix "removed in Django41Warning" #1232

Open cnk opened 2 years ago

cnk commented 2 years ago

Overview

After the upgrade to Django 4.0, we are now seeing the following warning when running tests:

/usr/local/lib/python3.8/site-packages/django/apps/registry.py:91: RemovedInDjango41Warning: 'allauth.account' defines default_app_config = 'allauth.account.apps.AccountConfig'. Django now detects this configuration automatically. You can remove default_app_config. app_config = AppConfig.create(entry)

Action Items

We are not currently using AllAuth to use social authentication. One perfectly valid option would be to remove the package and leave only a local user model. Changing the user model on an existing project without losing the user information can be tricky. So another equally reasonable option would be to upgrade the allauth package to a version that has the changes needed to get rid of this warning.

deserat commented 2 years ago

Is it worth moving up to Django 4? It will be supported for less time than the current LTS (3.2).

That said, removing Django allauth will remove a fair amount of runtime overhead from the Django gunicorn workers, reducing memory, allocation and attack footprint.

Should we investigate what other packages can be removed?

While we are at this should we also pull the routes, templates, and other cruft that the application does not appear to be using? Doing so will make it easier to remove django.allauth

:+1:

cnk commented 2 years ago

For a small project like this, minor version upgrades are unlikely to be difficult so I don't have any problem with the move to Django 4.

If someone has the time to remove all-auth, I think it would be a good move. I would suggest leaving the users app with the users model. I think we can remove the views, forms, and API and manage users through the Django admin (as we have been doing).

I think the following apps dependencies are possible candidates for removal:

django-allauth==0.44.0 django-anymail==8.2 django-crispy-forms==1.11.2 django-heroku==0.3.1 oauthlib==3.1.0 -- I think these are for building docs but might be needed by swagger. PyYAML==5.4.1 Sphinx==3.5.3

deserat commented 2 years ago

pyyaml is the only one used by Swagger.

Sphinx is a documentation tool that uses ReStructedText. It is heavily used at readthedocs.org. Not necessary in this project since we are using the wiki for documentation and the docs folder appears to have nothing beyond what was created by django-cookiecutter. Removing Sphinx should be followed by rm -rf docs

It'll take a bit of effort to get allauth out.

If we are going live in the next 2 months I'd strongly suggest sticking with the LTS. Particularly since there isn't alot of BE support and the version we were running kept being used 4 months after it was End of Lifed. But I'm new here, and that decision is really up to those who have been here longer and are more invested. @smsada @cnk ya'lls call.

If nobody picks this up I'll hop on it after I figure out the github organization integration.