Django-polaris

Features

- Adds [SEP-10 Client Attribution](https://github.com/stellar/stellar-protocol/blob/master/ecosystem/sep-0010.md#verifying-the-client-domain) support
- Generates and verifies SEP-10 challenges including client domains
- Adds the following environment variables:
- `SEP10_CLIENT_ATTRIBUTION_REQUIRED`
- `SEP10_CLIENT_ATTRIBUTION_REQUEST_TIMEOUT`
- `SEP10_CLIENT_ATTRIBUTION_ALLOWLIST`
- `SEP10_CLIENT_ATTRIBUTION_DENYLIST`
- Makes the expiration for SEP-24's interactive flow customizable using the `INTERACTIVE_JWT_EXPIRATION` environment variable
- Makes SEP-6 `/deposit` and `/withdraw` `min_amount` and `max_amount` response attributes optional and overridable
- Streams Stellar transactions from the beginning of each distribution account's history if no transactions are present for that account

Database Migrations

- Adds the `client_domain` column to the `Transaction` model, and is present if provided by the client in SEP-10

Bug Fixes

- The fee and total displayed in the SEP-24 interactive flow's "Amount" page updates correctly on high-speed input
- Previously, adding or removing characters quickly could result in an incorrect fee and total displayed
- The amount input on the "Amount" page cannot be covered by the `Asset` symbol
- Previously, a symbol longer than 4 characters would cover the amount inputed by a user

Breaking Changes

- Polaris now re-queries `Transaction` objects returned from `DepositIntegration.poll_pending_deposits()`. If you make changes to a `Transaction` instance without saving those changes to the database, those changes will now be lost. Update your `poll_pending_deposits()` implementation to save all changes to `Transaction` objects returned.

Bug Fixes

- `Transaction.pending_execution_attempt` was not being set back to `False` in several cases. If a Stellar account did not have a trustline to the asset prior to `poll_pending_deposits` first polling the transaction's status, the transaction would not be submitted at all.

If either version `1.3.0` or `1.3.1` was deployed to production, you can ensure any affected transactions are processed normally by updating `Transaction.pending_execution_attempt` to `False` for transactions currently in the `pending_trust` status.

If you run multiple `check_trustlines` processes, you'll need to temporarily stop them and wait a moment before executing the query to ensure it does not cause transactions currently being submitted by one process to get submitted again by the other.

Bug Fixes

- A migration file would fail to execute if SEP-24 URLs were not included in the project's URL configuration. This patch ensures the migration will success regardless of the project's URL configuration.

Features

- SEP-10 v3.1 support
- Claimable Balance support for SEP-6
- Supports `on_change_callback` parameters for both SEP-6 & 24
- Adds `SEP6_USE_MORE_INFO_URL` environment variable, defaults to `False`
- Supports a `local-stellar.toml` static file for when `LOCAL_MODE` is `True`
- Supports setting `ACTIVE_SEPS` as an environment variable

SEP Updates

- Supports `sep12` objects in SEP-31 `/info` responses
- Allows SEP-12 `GET /customer` requests without `id` or `account` parameters
- Supports `type` parameter in SEP-12 `PUT /customer` requests
- Supports `amount` and `country_code` parameters to SEP-6 deposit & withdraw requests
- Supports SEP-12 `/customer/callback` endpoint and adds `CustomerIntegration.callback()` integration function
- Adds `id` response attribute to SEP-6 `/deposit` & `/withdraw` responses

Database Migrations

- Encrypts the `Transacation.channel_seed` column (bug fix)
- Adds `Transaction.more_info_url` column
- Adds `Transaction.on_change_callback` column
- Adds `Transaction.pending_execution_attempt` column

Bug Fixes

- Content from `DepositIntegration.instructions_for_pending_deposit()` no longer appears on withdraw `more_info.html` pages
- `WithdrawIntegration.content_for_template()` is now called for withdraw `more_info.html` requests instead of `DepositIntegration.content_for_template()`
- All SEP-24 endpoints now accept non-`application/x-www-form-encoded` request data (`/webapp` and `/complete` did not)
- SEP-31 `POST /transactions` endpoint now returns `201`, not `200`
- `callback` requests are only made once, instead of every time `more_info.html` page loads with the parameter included
- Converts UTC datetimes to local time in `more_info.html`
- It is now safe to run multiple concurrent processes of the `poll_pending_deposits`, `check_trustlines`, or `execute_outgoing_transactions` commands

**Bug Fix**

Introduced in v1.2, `watch_transactions` assigned `Keypair` objects to `Transaction.from_address` when the payment operation did not include a source account. This resulted in a string representation of the `Keypair` object being returned from `GET /transaction(s)`, instead of the public key string.

This release fixes this bug by ensuring the public key of the `Keypair` object is always assigned to `Transaction.from_address`.

The code for this release in in the `1.2.1` branch.

**Bug Fix**

The SEP-24 `/transactions/deposit/interactive/complete` endpoint used when the anchor uses a non-Polaris interactive flow did not have any `rest_framework.renderer` classes associated with it, causing requests to this endpoint to fail with a 500 response code. This bug was introduced in v1.2. _If you use Polaris' interactive flow (and form integrations), this bug fix does not affect you_.