Add deprecation warning messages to Credential Manager and Stub Findings UI pages

Maffooch · claude · Maffooch · commit 3ec44616786b · 2026-04-01T14:10:03.000-06:00
Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/dojo/cred/views.py b/dojo/cred/views.py
@@ -9,6 +9,7 @@
 from dojo.authorization.authorization_decorators import user_is_authorized, user_is_configuration_authorized
 from dojo.authorization.roles_permissions import Permissions
 from dojo.cred.queries import get_authorized_cred_mappings_for_queryset
+from dojo.decorators import deprecated_view
 from dojo.forms import CredMappingForm, CredMappingFormProd, CredUserForm, NoteForm
 from dojo.models import Cred_Mapping, Cred_User, Engagement, Finding, Product, Test
 from dojo.utils import Product_Tab, add_breadcrumb, dojo_crypto_encrypt, prepare_for_view
@@ -17,6 +18,7 @@
 
 
 @user_is_configuration_authorized(Permissions.Credential_Add)
+@deprecated_view("Credential Manager")
 def new_cred(request):
     if request.method == "POST":
         tform = CredUserForm(request.POST)
@@ -39,6 +41,7 @@ def new_cred(request):
 
 
 @user_is_authorized(Product, Permissions.Product_Edit, "pid")
+@deprecated_view("Credential Manager")
 def all_cred_product(request, pid):
     prod = get_object_or_404(Product, id=pid)
     creds = Cred_Mapping.objects.filter(product=prod).order_by("cred_id__name")
@@ -48,6 +51,7 @@ def all_cred_product(request, pid):
 
 
 @user_is_configuration_authorized(Permissions.Credential_Edit)
+@deprecated_view("Credential Manager")
 def edit_cred(request, ttid):
     tool_config = Cred_User.objects.get(pk=ttid)
     if request.method == "POST":
@@ -80,6 +84,7 @@ def edit_cred(request, ttid):
 
 
 @user_is_configuration_authorized(Permissions.Credential_View)
+@deprecated_view("Credential Manager")
 def view_cred_details(request, ttid):
     cred = Cred_User.objects.get(pk=ttid)
     notes = cred.notes.all()
@@ -118,6 +123,7 @@ def view_cred_details(request, ttid):
 
 
 @user_is_configuration_authorized(Permissions.Credential_View)
+@deprecated_view("Credential Manager")
 def cred(request):
     confs = Cred_User.objects.all().order_by("name", "environment", "username")
     add_breadcrumb(title="Credential Manager", top_level=True, request=request)
@@ -128,6 +134,7 @@ def cred(request):
 
 @user_is_authorized(Product, Permissions.Product_View, "pid")
 @user_is_authorized(Cred_Mapping, Permissions.Credential_View, "ttid")
+@deprecated_view("Credential Manager")
 def view_cred_product(request, pid, ttid):
     cred = get_object_or_404(
         Cred_Mapping.objects.select_related("cred_id"), id=ttid)
@@ -184,6 +191,7 @@ def view_cred_product(request, pid, ttid):
 
 @user_is_authorized(Engagement, Permissions.Engagement_View, "eid")
 @user_is_authorized(Cred_Mapping, Permissions.Credential_View, "ttid")
+@deprecated_view("Credential Manager")
 def view_cred_product_engagement(request, eid, ttid):
     cred = get_object_or_404(
         Cred_Mapping.objects.select_related("cred_id"), id=ttid)
@@ -233,6 +241,7 @@ def view_cred_product_engagement(request, eid, ttid):
 
 @user_is_authorized(Test, Permissions.Test_View, "tid")
 @user_is_authorized(Cred_Mapping, Permissions.Credential_View, "ttid")
+@deprecated_view("Credential Manager")
 def view_cred_engagement_test(request, tid, ttid):
     cred = get_object_or_404(
         Cred_Mapping.objects.select_related("cred_id"), id=ttid)
@@ -284,6 +293,7 @@ def view_cred_engagement_test(request, tid, ttid):
 
 @user_is_authorized(Finding, Permissions.Finding_View, "fid")
 @user_is_authorized(Cred_Mapping, Permissions.Credential_View, "ttid")
+@deprecated_view("Credential Manager")
 def view_cred_finding(request, fid, ttid):
     cred = get_object_or_404(
         Cred_Mapping.objects.select_related("cred_id"), id=ttid)
@@ -335,6 +345,7 @@ def view_cred_finding(request, fid, ttid):
 
 @user_is_authorized(Product, Permissions.Product_Edit, "pid")
 @user_is_authorized(Cred_Mapping, Permissions.Credential_Edit, "ttid")
+@deprecated_view("Credential Manager")
 def edit_cred_product(request, pid, ttid):
     cred = get_object_or_404(
         Cred_Mapping.objects.select_related("cred_id"), id=ttid)
@@ -363,6 +374,7 @@ def edit_cred_product(request, pid, ttid):
 
 @user_is_authorized(Engagement, Permissions.Engagement_Edit, "eid")
 @user_is_authorized(Cred_Mapping, Permissions.Credential_Edit, "ttid")
+@deprecated_view("Credential Manager")
 def edit_cred_product_engagement(request, eid, ttid):
     cred = get_object_or_404(
         Cred_Mapping.objects.select_related("cred_id"), id=ttid)
@@ -396,6 +408,7 @@ def edit_cred_product_engagement(request, eid, ttid):
 
 
 @user_is_authorized(Product, Permissions.Product_Edit, "pid")
+@deprecated_view("Credential Manager")
 def new_cred_product(request, pid):
     prod = get_object_or_404(Product, pk=pid)
     if request.method == "POST":
@@ -431,6 +444,7 @@ def new_cred_product(request, pid):
 
 
 @user_is_authorized(Engagement, Permissions.Engagement_Edit, "eid")
+@deprecated_view("Credential Manager")
 def new_cred_product_engagement(request, eid):
     eng = get_object_or_404(Engagement, pk=eid)
 
@@ -482,6 +496,7 @@ def new_cred_product_engagement(request, eid):
 
 
 @user_is_authorized(Test, Permissions.Test_Edit, "tid")
+@deprecated_view("Credential Manager")
 def new_cred_engagement_test(request, tid):
     test = get_object_or_404(Test, pk=tid)
 
@@ -532,6 +547,7 @@ def new_cred_engagement_test(request, tid):
 
 
 @user_is_authorized(Finding, Permissions.Finding_Edit, "fid")
+@deprecated_view("Credential Manager")
 def new_cred_finding(request, fid):
     finding = get_object_or_404(Finding, pk=fid)
 
@@ -662,29 +678,34 @@ def delete_cred_controller(request, destination_url, elem_id, ttid):
 
 
 @user_is_configuration_authorized(Permissions.Credential_Delete)
+@deprecated_view("Credential Manager")
 def delete_cred(request, ttid):
     return delete_cred_controller(request, "cred", 0, ttid=ttid)
 
 
 @user_is_authorized(Product, Permissions.Product_Edit, "pid")
 @user_is_authorized(Cred_Mapping, Permissions.Credential_Delete, "ttid")
+@deprecated_view("Credential Manager")
 def delete_cred_product(request, pid, ttid):
     return delete_cred_controller(request, "all_cred_product", pid, ttid)
 
 
 @user_is_authorized(Engagement, Permissions.Engagement_Edit, "eid")
 @user_is_authorized(Cred_Mapping, Permissions.Credential_Delete, "ttid")
+@deprecated_view("Credential Manager")
 def delete_cred_engagement(request, eid, ttid):
     return delete_cred_controller(request, "view_engagement", eid, ttid)
 
 
 @user_is_authorized(Test, Permissions.Test_Edit, "tid")
 @user_is_authorized(Cred_Mapping, Permissions.Credential_Delete, "ttid")
+@deprecated_view("Credential Manager")
 def delete_cred_test(request, tid, ttid):
     return delete_cred_controller(request, "view_test", tid, ttid)
 
 
 @user_is_authorized(Finding, Permissions.Finding_Edit, "fid")
 @user_is_authorized(Cred_Mapping, Permissions.Credential_Delete, "ttid")
+@deprecated_view("Credential Manager")
 def delete_cred_finding(request, fid, ttid):
     return delete_cred_controller(request, "view_finding", fid, ttid)
diff --git a/dojo/decorators.py b/dojo/decorators.py
@@ -3,6 +3,7 @@
 from functools import wraps
 
 from django.conf import settings
+from django.contrib import messages
 from django.http import Http404
 from django_ratelimit import UNSAFE
 from django_ratelimit.core import is_ratelimited
@@ -162,6 +163,29 @@ def _wrapped(request, *args, **kw):
     return decorator
 
 
+def deprecated_view(feature_name, removal_version="2.59.0", removal_date="June 1, 2026"):
+    """
+    Decorator that adds a deprecation warning message to a view.
+
+    Only adds the message on GET requests to avoid duplicate warnings
+    when POST requests redirect.
+    """
+    def decorator(func):
+        @wraps(func)
+        def _wrapped(request, *args, **kwargs):
+            if request.method == "GET":
+                messages.add_message(
+                    request,
+                    messages.WARNING,
+                    f"{feature_name} is deprecated and will be removed in DefectDojo v{removal_version} "
+                    f"({removal_date}). Please plan to migrate away from this feature.",
+                    extra_tags="alert-warning",
+                )
+            return func(request, *args, **kwargs)
+        return _wrapped
+    return decorator
+
+
 def require_v3_feature_set():
     """Decorator that raises 404 if the V3_FEATURE_LOCATIONS is False."""
 
diff --git a/dojo/finding/views.py b/dojo/finding/views.py
@@ -39,6 +39,7 @@
 )
 from dojo.authorization.roles_permissions import Permissions
 from dojo.celery_dispatch import dojo_dispatch_task
+from dojo.decorators import deprecated_view
 from dojo.filters import (
     AcceptedFindingFilter,
     AcceptedFindingFilterWithoutObjectLookups,
@@ -2000,6 +2001,7 @@ def add_stub_finding(request, tid):
 
 
 @user_is_authorized(Stub_Finding, Permissions.Finding_Delete, "fid")
+@deprecated_view("Stub Findings")
 def delete_stub_finding(request, fid):
     finding = get_object_or_404(Stub_Finding, id=fid)
 
@@ -2026,6 +2028,7 @@ def delete_stub_finding(request, fid):
 
 
 @user_is_authorized(Stub_Finding, Permissions.Finding_Edit, "fid")
+@deprecated_view("Stub Findings")
 def promote_to_finding(request, fid):
     finding = get_object_or_404(Stub_Finding, id=fid)
     test = finding.test
