836 Django 2.0 Upgrade

[tbaxter-18f]

Description

Upgrades to Django 2.0.

A few things to note:

• URL routing is all different, which has implications.
• is_anonymous and is_authenticated are no longer called as methods
• DRF had to be upgraded also, which also had some implications

[tbaxter-18f]

Also worth noting: some tests are currently commented out, just so I can reduce the noise. They'll be back operational once I figure out what's up with the serializers.

Edit: you shouldn't see any commented-out tests any more.

[tbaxter-18f]

Worth noting: we don't actually have a 400.html, so we're not really testing this properly right now. I'm going to log a separate issue to sort that out.

[codecov-io]

Codecov Report

Merging #840 into master will increase coverage by 0.22%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master     #840      +/-   ##
==========================================
+ Coverage   90.99%   91.22%   +0.22%     
==========================================
  Files          39       39              
  Lines        1754     1754              
==========================================
+ Hits         1596     1600       +4     
+ Misses        158      154       -4

Impacted Files	Coverage Δ
hours/views.py	87.65% <0%> (ø)	⬆️
hours/urls/reports.py	100% <0%> (ø)	⬆️
api/views.py	98.55% <0%> (ø)	⬆️
hours/urls/timesheets.py	100% <0%> (ø)	⬆️
tock/urls.py	92.3% <0%> (ø)	⬆️
api/urls.py	100% <0%> (ø)	⬆️
employees/urls.py	100% <0%> (ø)	⬆️
employees/views.py	100% <0%> (ø)	⬆️
projects/models.py	99.15% <0%> (ø)	⬆️
tock/views.py	82.14% <0%> (+10.26%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 703507c...823af32. Read the comment docs.

[amymok]

Paths are no longer trying to match a pattern here. Is that no longer necessary? If so, use re_path would be necessary

[tbaxter-18f]

Yeah, the new path stuff is pretty interesting, and quite a bit cleaner. Underneath there's still a lot of regex stuff happening, but in urls.py you can ignore all that. You can pass arguments to path, no problem, and it's quite a bit cleaner to do so. In this particular case, we're just capturing username and passing it on to the view. Spiffy!

In my ideal world, I'd limit this to slug matches with slug:username but we allow characters in usernames that aren't allowed in slugs (like periods) so that won't work.

You should only need to dip down into re_path if you've got a full-on regex to match against or -- and I suspect this is the more common case) you've got an older URL that feels messy to match up to the new path style.

[amymok]

I see, I was worrying that we are allowing more additional characters than we needed to. Just want to make sure that would be okay.

But sounds like it may not be a problem.

[tbaxter-18f]

That's a valid concern. We are leaving username pretty open here, but they should be validated when the user is created, and if an invalid character comes in it'll just 404.

[amymok]

Looks great to me.