TEXT   33

Upgrading code from older versions of Quixote

Guest on 27th June 2022 05:38:43 AM

  1. Upgrading code from older versions of Quixote
  2. =============================================
  3.  
  4. This document lists backward-incompatible changes in Quixote, and
  5. explains how to update application code to work with the newer
  6. version.
  7.  
  8. Changes from 3.1 to 3.2
  9. -----------------------
  10.  
  11. Quixote 3.2 adds support for a new style of PTL code.  This new style is
  12. valid Python syntax.  The advantage of using valid Python syntax is that
  13. you may use linters and code formatting tools (like flake8 and black).
  14. Instead of using the [html] and [plain] annotation on functions, you can
  15. use decorators.  E.g.
  16.  
  17.     from quixote.ptl import ptl_html, ptl_plain
  18.  
  19.     @ptl_html
  20.     def foo():
  21.         F'this is an HTML string'
  22.  
  23.     @ptl_plain
  24.     def bar():
  25.         f'this is a plain text string'
  26.  
  27. You can use the script tools/ptl_to_decorator.py to convert code to use
  28. the new style.  The script will fix the function definitions and change
  29. h-strings to HTML F-strings.  It will not add imports for the decorators
  30. however.
  31.  
  32.  
  33. Changes from 3.0 to 3.1
  34. -----------------------
  35.  
  36. Quixote 3.1 requires at minumum Python 3.6.  The syntax of PTL modules
  37. has changed to use "h-strings".  In contrast to old versions of PTL,
  38. only strings marked with the "h" prefix will become 'htmltext' string
  39. literals.  To convert your .ptl modules, the script
  40. 'tools/hstring_convert.py' should do a nearly complete job.
  41.  
  42. The 'quixote.session' module has been refactored and the 'SessionStore'
  43. class has been introduced.  Backwards compatibility with the old
  44. 'SessionManager' and 'Session' APIs should be quite good.  However, if
  45. you are using an SQL database to store sessions, using a subclass of
  46. 'SessionStore' will likely make things simpler.
  47.  
  48.  
  49. Changes from 2.8 to 2.9
  50. -----------------------
  51.  
  52. util.randbytes() returns a URL-safe base64 encoded token rather than
  53. a hex encoded token.  The session module now uses 128-bit random tokens
  54. rather than 64-bit.
  55.  
  56. Changes from 2.7 to 2.8
  57. -----------------------
  58.  
  59. Stricter handling of HTTP request methods has been enabled.  By default
  60. only the GET, HEAD, and POST methods are allowed.  To enable more
  61. methods, change the ``ALLOWED_METHODS`` attribute of the config.  To
  62. disable method checking (i.e. pre-2.8 behavior), set ``ALLOWED_METHODS``
  63. to ``None``.
  64.  
  65.  
  66. Changes from 1.0 to 2.0
  67. -------------------------
  68.  
  69. Change any imports you have from quixote.form to be from quixote.form1.
  70.  
  71. Change any imports you have from quixote.form2 to be from quixote.form.
  72.  
  73. Replace calls to HTTPRequest.get_form_var() with calls to get_field().
  74.  
  75. Define a create_publisher() function to get the publisher you need
  76. and figure out how you want to connect it to web server.
  77. See files in demo and server for examples.  Note that publish1.py
  78. contains a publisher that works more like the Quixote1 Publisher,
  79. and does not require the changes listed below.
  80.  
  81. Make every namespace be an instance of quixote.directory.Directory.
  82. Update namespaces that are modules (or in the init.py of a package) by
  83. defining a new class in the module that inherits from Directory and
  84. moving your _q_exports and _q_* functions onto the class.  Replace
  85. "request" parameters with "self" parameters on the new methods.  If
  86. you have a _q_resolve method, include Resolving in the bases of your
  87. new class.
  88.  
  89. Remove request from calls to _q_ functions.  If request, session,
  90. user, path, or redirect is used in these new methods, replace as
  91. needed with calls to get_request(), get_session(), get_user(),
  92. get_path(), and/or redirect(), imported from quixote.
  93.  
  94. In every namespace that formerly traversed into a module, import the
  95. new Directory class from the module and create an instance of the
  96. Directory in a variable whose name is the name of the module.
  97.  
  98. In every namespace with a _q_exports and a _q_index, either add "" to
  99. _q_exports or make sure that _q_lookup handles "" by returning the result
  100. of a call to _q_index.
  101.  
  102. If your code depends on the Publisher's namespace_stack attribute,
  103. try using quixote.util.get_directory_path() instead.  If you need the
  104. namespace stack after the traversal, override Directory._q_traverse()
  105. to call get_directory_path() when the end of the path is reached, and
  106. record the result somewhere for later reference.
  107.  
  108. If your code depends on _q_exception_handler, override the _q_traverse
  109. on your root namespace or on your own Directory class to catch exceptions
  110. and handle them the way you want.  If you just want a general customization
  111. for exception responses, you can change or override
  112. Publisher.format_publish_error().
  113.  
  114. If your code depended on _q_access, include the AccessControlled with
  115. the bases of your Directory classes as needed.
  116.  
  117. Provide imports as needed to htmltext, TemplateIO, get_field,
  118. get_request, get_session, get_user, get_path, redirect, ?.  You may
  119. find dulcinea/bin/unknown.py useful for identifying missing imports.
  120.  
  121. Quixote 1's secure_errors configuration variable is not present in Quixote 2.
  122.  
  123. Form.__init__ no longer has name or attrs keywords.  If your existing
  124. code calls Form.__init__ with 'attrs=foo', you'll need to change it to
  125. '**foo'.  Form instances no longer have a name attribute.  If your code
  126. looks for form.name, you can find it with form.attrs.get('name').
  127. The Form.__init__ keyword parameter (and attribute) 'action_url' is now
  128. named 'action'.
  129.  
  130. The SessionPublisher class is gone.  Use the Publisher class instead.
  131. Also, the 'session_mgr' keyword has been renamed to 'session_manager'.
  132.  
  133.  
  134. Changes from 0.6.1 to 1.0
  135. -------------------------
  136.  
  137. Sessions
  138. ********
  139.  
  140. A leading underscore was removed from the ``Session`` attributes
  141. ``__remote_address``, ``__creation_time``, and ``__access_time``.  If
  142. you have pickled ``Session`` objects you will need to upgrade them
  143. somehow.  Our preferred method is to write a script that unpickles each
  144. object, renames the attributes and then re-pickles it.
  145.  
  146.  
  147.  
  148. Changes from 0.6 to 0.6.1
  149. -------------------------
  150.  
  151. ``_q_exception_handler`` now called if exception while traversing
  152. *****************************************************************
  153.  
  154. ``_q_exception_handler`` hooks will now be called if an exception is
  155. raised during the traversal process.  Quixote 0.6 had a bug that caused
  156. ``_q_exception_handler`` hooks to only be called if an exception was
  157. raised after the traversal completed.
  158.  
  159.  
  160.  
  161. Changes from 0.5 to 0.6
  162. -----------------------
  163.  
  164. ``_q_getname`` renamed to ``_q_lookup``
  165. ***************************************
  166.  
  167. The ``_q_getname`` special function was renamed to ``_q_lookup``,
  168. because that name gives a clearer impression of the function's
  169. purpose.  In 0.6, ``_q_getname`` still works but will trigger a
  170. warning.
  171.  
  172.  
  173. Form Framework Changes
  174. **********************
  175.  
  176. The ``quixote.form.form`` module was changed from a .ptl file to a .py
  177. file.  You should delete or move the existing ``quixote/`` directory
  178. in ``site-packages`` before running ``setup.py``, or at least delete
  179. the old ``form.ptl`` and ``form.ptlc`` files.
  180.  
  181. The widget and form classes in the ``quixote.form`` package now return
  182. ``htmltext`` instances.  Applications that use forms and widgets will
  183. likely have to be changed to use the ``[html]`` template type to avoid
  184. over-escaping of HTML special characters.
  185.  
  186. Also, the constructor arguments to ``SelectWidget`` and its subclasses have
  187. changed.  This only affects applications that use the form framework
  188. located in the ``quixote.form`` package.
  189.  
  190. In Quixote 0.5, the ``SelectWidget`` constructor had this signature::
  191.  
  192.      def __init__ (self, name, value=None,
  193.                    allowed_values=None,
  194.                    descriptions=None,
  195.                    size=None,
  196.                    sort=0):
  197.  
  198. ``allowed_values`` was the list of objects that the user could choose,
  199. and ``descriptions`` was a list of strings that would actually be
  200. shown to the user in the generated HTML.
  201.  
  202. In Quixote 0.6, the signature has changed slightly::
  203.  
  204.      def __init__ (self, name, value=None,
  205.                    allowed_values=None,
  206.                    descriptions=None,
  207.                    options=None,
  208.                    size=None,
  209.                    sort=0):
  210.  
  211. The ``quote`` argument is gone, and the ``options`` argument has been
  212. added.  If an ``options`` argument is provided, ``allowed_values``
  213. and ``descriptions`` must not be supplied.
  214.  
  215. The ``options`` argument, if present, must be a list of tuples with
  216. 1,2, or 3 elements, of the form ``(value:any, description:any,
  217. key:string)``.
  218.  
  219.     * ``value`` is the object that will be returned if the user chooses
  220.       this item, and must always be supplied.
  221.  
  222.     * ``description`` is a string or htmltext instance which will be
  223.       shown to the user in the generated HTML.  It will be passed
  224.       through the htmlescape() functions, so for an ordinary string
  225.       special characters such as '&' will be converted to '&'.
  226.       htmltext instances will be left as they are.
  227.  
  228.     * If supplied, ``key`` will be used in the value attribute
  229.       of the option element (``<option value="...">``).  
  230.       If not supplied, keys will be generated; ``value`` is checked for a
  231.       ``_p_oid`` attribute and if present, that string is used;
  232.       otherwise the description is used.
  233.  
  234. In the common case, most applications won't have to change anything,
  235. though the ordering of selection items may change due to the
  236. difference in how keys are generated.
  237.  
  238.  
  239. File Upload Changes
  240. *******************
  241.  
  242. Quixote 0.6 introduces new support for HTTP upload requests.  Any HTTP
  243. request with a Content-Type of "multipart/form-data" -- which is
  244. generally only used for uploads -- is now represented by
  245. HTTPUploadRequest, a subclass of HTTPRequest, and the uploaded files
  246. themselves are represented by Upload objects.  
  247.  
  248. Whenever an HTTP request has a Content-Type of "multipart/form-data",
  249. an instance of HTTPUploadRequest is created instead of HTTPRequest.
  250. Some of the fields in the request are presumably uploaded files and
  251. might be quite large, so HTTPUploadRequest will read all of the fields
  252. supplied in the request body and write them out to temporary files;
  253. the temporary files are written in the directory specified by the
  254. UPLOAD_DIR configuration variable.
  255.  
  256. Once the temporary files have been written, the HTTPUploadRequest
  257. object is passed to a function or PTL template, just like an ordinary
  258. request.  The difference between HTTPRequest and HTTPUploadRequest
  259. is that all of the form variables are represented as Upload objects.
  260. Upload objects have three attributes:
  261.  
  262. ``orig_filename``
  263.   the filename supplied by the browser.
  264. ``base_filename``
  265.   a stripped-down version of orig_filename with unsafe characters removed.
  266.   This could be used when writing uploaded data to a permanent location.
  267. ``tmp_filename``
  268.   the path of the temporary file containing the uploaded data for this field.
  269.  
  270. Consult upload.txt for more information about handling file uploads.
  271.  
  272.  
  273. Refactored `Publisher` Class
  274. ****************************
  275.  
  276. Various methods in the `Publisher` class were rearranged.  If your
  277. application subclasses Publisher, you may need to change your code
  278. accordingly.
  279.  
  280.   * ``parse_request()`` no longer creates the HTTPRequest object;
  281.     instead a new method, ``create_request()``,  handles this,
  282.     and can be overridden as required.
  283.  
  284.     As a result, the method signature has changed from
  285.     ``parse_request(stdin, env)`` to ``parse_request(request)``.
  286.  
  287.   * The ``Publisher.publish()`` method now catches exceptions raised
  288.     by ``parse_request()``.
  289.  
  290.  
  291. Changes from 0.4 to 0.5
  292. -----------------------
  293.  
  294. Session Management Changes
  295. **************************
  296.  
  297. The Quixote session management interface underwent lots of change and
  298. cleanup with Quixote 0.5.  It was previously undocumented (apart from
  299. docstrings in the code), so we thought that this was a good opportunity
  300. to clean up the interface.  Nevertheless, those brave souls who got
  301. session management working just by reading the code are in for a bit of
  302. suffering; this brief note should help clarify things.  The definitive
  303. documentation for session management is session-mgmt.txt -- you should
  304. start there.
  305.  
  306.  
  307. Attribute renamings and pickled objects
  308. +++++++++++++++++++++++++++++++++++++++
  309.  
  310. Most attributes of the standard Session class were made private in order
  311. to reduce collisions with subclasses.  The downside is that pickled
  312. Session objects will break.  You might want to (temporarily) modify
  313. session.py and add this method to Session::
  314.  
  315.     def __setstate__ (self, dict):
  316.         # Update for attribute renamings made in rev. 1.51.2.3
  317.         # (between Quixote 0.4.7 and 0.5).
  318.         self.__dict__.update(dict)
  319.         if hasattr(self, 'remote_address'):
  320.             self.__remote_address = self.remote_address
  321.             del self.remote_address
  322.         if hasattr(self, 'creation_time'):
  323.             self.__creation_time = self.creation_time
  324.             del self.creation_time
  325.         if hasattr(self, 'access_time'):
  326.             self.__access_time = self.access_time
  327.             del self.access_time
  328.         if hasattr(self, 'form_tokens'):
  329.             self._form_tokens = self.form_tokens
  330.             del self.form_tokens
  331.  
  332. However, if your sessions were pickled via ZODB, this may not work.  (It
  333. didn't work for us.)  In that case, you'll have to add something like
  334. this to your class that inherits from both ZODB's Persistent and
  335. Quixote's Session::
  336.  
  337.     def __setstate__ (self, dict):
  338.         # Blechhh!  This doesn't work if I put it in Quixote's
  339.         # session.py, so I have to second-guess how Python
  340.         # treats "__" attribute names.
  341.         self.__dict__.update(dict)
  342.         if hasattr(self, 'remote_address'):
  343.             self._Session__remote_address = self.remote_address
  344.             del self.remote_address
  345.         if hasattr(self, 'creation_time'):
  346.             self._Session__creation_time = self.creation_time
  347.             del self.creation_time
  348.         if hasattr(self, 'access_time'):
  349.             self._Session__access_time = self.access_time
  350.             del self.access_time
  351.         if hasattr(self, 'form_tokens'):
  352.             self._form_tokens = self.form_tokens
  353.             del self.form_tokens
  354.  
  355. It's not pretty, but it worked for us.
  356.  
  357.  
  358. Cookie domains and paths
  359. ++++++++++++++++++++++++
  360.  
  361. The session cookie config variables -- ``COOKIE_NAME``,
  362. ``COOKIE_DOMAIN``, and ``COOKIE_PATH`` -- have been renamed to
  363. ``SESSION_COOKIE_*`` for clarity.
  364.  
  365. If you previously set the config variable ``COOKIE_DOMAIN`` to the name
  366. of your server, this is most likely no longer necessary -- it's now fine
  367. to leave ``SESSION_COOKIE_DOMAIN`` unset (ie. ``None``), which
  368. ultimately means browsers will only include the session cookie in
  369. requests to the same server that sent it to them in the first place.
  370.  
  371. If you previously set ``COOKIE_PATH``, then you should probably preserve
  372. your setting as ``SESSION_COOKIE_PATH``.  The default of ``None`` means
  373. that browsers will only send session cookies with requests for URIs
  374. under the URI that originally resulted in the session cookie being sent.
  375. See session-mgmt.txt and RFCs 2109 and 2965.
  376.  
  377. If you previously set ``COOKIE_NAME``, change it to
  378. ``SESSION_COOKIE_NAME``.

Raw Paste


Login or Register to edit or fork this paste. It's free.