Try out servestatic again

.github/workflows/ci-docker.yml

@@ -149,16 +149,15 @@ jobs:
           mkdir -p /tmp/digests
           digest="${{ steps.build.outputs.digest }}"
           echo "digest=${digest}"
-          echo "${digest}" > "/tmp/digests/digest-${{ matrix.arch }}.txt"
+          touch "/tmp/digests/${digest#sha256:}"
       - name: Upload digest
         if: steps.check-push.outputs.should-push == 'true'
         uses: actions/upload-artifact@v7.0.0
         with:
           name: digests-${{ matrix.arch }}
-          path: /tmp/digests/digest-${{ matrix.arch }}.txt
+          path: /tmp/digests/*
           if-no-files-found: error
           retention-days: 1
-          archive: false
   merge-and-push:
     name: Merge and Push Manifest
     runs-on: ubuntu-24.04
@@ -172,7 +171,7 @@ jobs:
         uses: actions/download-artifact@v8.0.0
         with:
           path: /tmp/digests
-          pattern: digest-*.txt
+          pattern: digests-*
           merge-multiple: true
       - name: List digests
         run: |
@@ -218,9 +217,8 @@ jobs:
           tags=$(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "${DOCKER_METADATA_OUTPUT_JSON}")
 
           digests=""
-          for digest_file in digest-*.txt; do
-            digest=$(cat "${digest_file}")
-            digests+="${{ env.REGISTRY }}/${REPOSITORY}@${digest} "
+          for digest in *; do
+            digests+="${{ env.REGISTRY }}/${REPOSITORY}@sha256:${digest} "
           done
 
           echo "Creating manifest with tags: ${tags}"

.github/workflows/pr-bot.yml

@@ -2,24 +2,13 @@ name: PR Bot
 on:
   pull_request_target:
     types: [opened]
+permissions:
+  contents: read
+  pull-requests: write
 jobs:
-  anti-slop:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      issues: read
-      pull-requests: write
-    steps:
-      - uses: peakoss/anti-slop@v0.2.1
-        with:
-          max-failures: 4
-          failure-add-pr-labels: 'ai'
   pr-bot:
     name: Automated PR Bot
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      pull-requests: write
     steps:
       - name: Label PR by file path or branch name
         # see .github/labeler.yml for the labeler config

pyproject.toml

@@ -73,6 +73,7 @@ dependencies = [
   "regex>=2025.9.18",
   "scikit-learn~=1.7.0",
   "sentence-transformers>=4.1",
+  "servestatic>=4",
   "setproctitle~=1.3.4",
   "tika-client~=0.10.0",
   "torch~=2.10.0",

src/paperless/settings/__init__.py

@@ -335,7 +335,7 @@ SCRATCH_DIR = __get_path(
 env_apps = __get_list("PAPERLESS_APPS")
 
 INSTALLED_APPS = [
-    "whitenoise.runserver_nostatic",
+    "servestatic.runserver_nostatic",
     "django.contrib.auth",
     "django.contrib.contenttypes",
     "django.contrib.sessions",
@@ -391,7 +391,7 @@ if DEBUG:
 
 MIDDLEWARE = [
     "django.middleware.security.SecurityMiddleware",
-    "whitenoise.middleware.WhiteNoiseMiddleware",
+    "servestatic.middleware.ServeStaticMiddleware",
     "django.contrib.sessions.middleware.SessionMiddleware",
     "corsheaders.middleware.CorsMiddleware",
     "django.middleware.locale.LocaleMiddleware",
@@ -466,7 +466,7 @@ WHITENOISE_STATIC_PREFIX = "/static/"
 
 STORAGES = {
     "staticfiles": {
-        "BACKEND": "whitenoise.storage.CompressedStaticFilesStorage",
+        "BACKEND": "servestatic.storage.CompressedStaticFilesStorage",
     },
     "default": {"BACKEND": "django.core.files.storage.FileSystemStorage"},
 }

src/paperless/tests/test_adapter.py

@@ -1,100 +1,107 @@
-import logging
+from unittest import mock
 
-import pytest
 from allauth.account.adapter import get_adapter
 from allauth.core import context
 from allauth.socialaccount.adapter import get_adapter as get_social_adapter
+from django.conf import settings
 from django.contrib.auth.models import AnonymousUser
 from django.contrib.auth.models import Group
 from django.contrib.auth.models import User
 from django.forms import ValidationError
 from django.http import HttpRequest
+from django.test import TestCase
+from django.test import override_settings
 from django.urls import reverse
-from pytest_django.fixtures import SettingsWrapper
-from pytest_mock import MockerFixture
 from rest_framework.authtoken.models import Token
 
 from paperless.adapter import DrfTokenStrategy
 
 
-@pytest.mark.django_db
-class TestCustomAccountAdapter:
-    def test_is_open_for_signup(self, settings: SettingsWrapper) -> None:
+class TestCustomAccountAdapter(TestCase):
+    def test_is_open_for_signup(self) -> None:
         adapter = get_adapter()
 
         # With no accounts, signups should be allowed
-        assert adapter.is_open_for_signup(None)
+        self.assertTrue(adapter.is_open_for_signup(None))
 
         User.objects.create_user("testuser")
 
+        # Test when ACCOUNT_ALLOW_SIGNUPS is True
         settings.ACCOUNT_ALLOW_SIGNUPS = True
-        assert adapter.is_open_for_signup(None)
+        self.assertTrue(adapter.is_open_for_signup(None))
 
+        # Test when ACCOUNT_ALLOW_SIGNUPS is False
         settings.ACCOUNT_ALLOW_SIGNUPS = False
-        assert not adapter.is_open_for_signup(None)
+        self.assertFalse(adapter.is_open_for_signup(None))
 
-    def test_is_safe_url(self, settings: SettingsWrapper) -> None:
+    def test_is_safe_url(self) -> None:
         request = HttpRequest()
-        request.get_host = lambda: "example.com"
+        request.get_host = mock.Mock(return_value="example.com")
         with context.request_context(request):
             adapter = get_adapter()
+            with override_settings(ALLOWED_HOSTS=["*"]):
+                # True because request host is same
+                url = "https://example.com"
+                self.assertTrue(adapter.is_safe_url(url))
 
-            settings.ALLOWED_HOSTS = ["*"]
-            # True because request host is same
-            assert adapter.is_safe_url("https://example.com")
+            url = "https://evil.com"
             # False despite wildcard because request host is different
-            assert not adapter.is_safe_url("https://evil.com")
+            self.assertFalse(adapter.is_safe_url(url))
 
             settings.ALLOWED_HOSTS = ["example.com"]
+            url = "https://example.com"
             # True because request host is same
-            assert adapter.is_safe_url("https://example.com")
+            self.assertTrue(adapter.is_safe_url(url))
 
             settings.ALLOWED_HOSTS = ["*", "example.com"]
+            url = "//evil.com"
             # False because request host is not in allowed hosts
-            assert not adapter.is_safe_url("//evil.com")
+            self.assertFalse(adapter.is_safe_url(url))
 
-    def test_pre_authenticate(
-        self,
-        settings: SettingsWrapper,
-        mocker: MockerFixture,
-    ) -> None:
-        mocker.patch("allauth.core.internal.ratelimit.consume", return_value=True)
+    @mock.patch("allauth.core.internal.ratelimit.consume", return_value=True)
+    def test_pre_authenticate(self, mock_consume) -> None:
         adapter = get_adapter()
         request = HttpRequest()
-        request.get_host = lambda: "example.com"
+        request.get_host = mock.Mock(return_value="example.com")
 
         settings.DISABLE_REGULAR_LOGIN = False
         adapter.pre_authenticate(request)
 
         settings.DISABLE_REGULAR_LOGIN = True
-        with pytest.raises(ValidationError):
+        with self.assertRaises(ValidationError):
             adapter.pre_authenticate(request)
 
-    def test_get_reset_password_from_key_url(self, settings: SettingsWrapper) -> None:
+    def test_get_reset_password_from_key_url(self) -> None:
         request = HttpRequest()
-        request.get_host = lambda: "foo.org"
+        request.get_host = mock.Mock(return_value="foo.org")
         with context.request_context(request):
             adapter = get_adapter()
 
-            settings.PAPERLESS_URL = None
-            settings.ACCOUNT_DEFAULT_HTTP_PROTOCOL = "https"
-            expected_url = f"https://foo.org{reverse('account_reset_password_from_key', kwargs={'uidb36': 'UID', 'key': 'KEY'})}"
-            assert adapter.get_reset_password_from_key_url("UID-KEY") == expected_url
+            # Test when PAPERLESS_URL is None
+            with override_settings(
+                PAPERLESS_URL=None,
+                ACCOUNT_DEFAULT_HTTP_PROTOCOL="https",
+            ):
+                expected_url = f"https://foo.org{reverse('account_reset_password_from_key', kwargs={'uidb36': 'UID', 'key': 'KEY'})}"
+                self.assertEqual(
+                    adapter.get_reset_password_from_key_url("UID-KEY"),
+                    expected_url,
+                )
 
-            settings.PAPERLESS_URL = "https://bar.com"
-            expected_url = f"https://bar.com{reverse('account_reset_password_from_key', kwargs={'uidb36': 'UID', 'key': 'KEY'})}"
-            assert adapter.get_reset_password_from_key_url("UID-KEY") == expected_url
+            # Test when PAPERLESS_URL is not None
+            with override_settings(PAPERLESS_URL="https://bar.com"):
+                expected_url = f"https://bar.com{reverse('account_reset_password_from_key', kwargs={'uidb36': 'UID', 'key': 'KEY'})}"
+                self.assertEqual(
+                    adapter.get_reset_password_from_key_url("UID-KEY"),
+                    expected_url,
+                )
 
-    def test_save_user_adds_groups(
-        self,
-        settings: SettingsWrapper,
-        mocker: MockerFixture,
-    ) -> None:
-        settings.ACCOUNT_DEFAULT_GROUPS = ["group1", "group2"]
+    @override_settings(ACCOUNT_DEFAULT_GROUPS=["group1", "group2"])
+    def test_save_user_adds_groups(self) -> None:
         Group.objects.create(name="group1")
         user = User.objects.create_user("testuser")
         adapter = get_adapter()
-        form = mocker.MagicMock(
+        form = mock.Mock(
             cleaned_data={
                 "username": "testuser",
                 "email": "user@example.com",
@@ -103,81 +110,88 @@ class TestCustomAccountAdapter:
 
         user = adapter.save_user(HttpRequest(), user, form, commit=True)
 
-        assert user.groups.count() == 1
-        assert user.groups.filter(name="group1").exists()
-        assert not user.groups.filter(name="group2").exists()
+        self.assertEqual(user.groups.count(), 1)
+        self.assertTrue(user.groups.filter(name="group1").exists())
+        self.assertFalse(user.groups.filter(name="group2").exists())
 
-    def test_fresh_install_save_creates_superuser(self, mocker: MockerFixture) -> None:
+    def test_fresh_install_save_creates_superuser(self) -> None:
         adapter = get_adapter()
-        form = mocker.MagicMock(
+        form = mock.Mock(
             cleaned_data={
                 "username": "testuser",
                 "email": "user@paperless-ngx.com",
             },
         )
         user = adapter.save_user(HttpRequest(), User(), form, commit=True)
-        assert user.is_superuser
+        self.assertTrue(user.is_superuser)
 
-        form = mocker.MagicMock(
+        # Next time, it should not create a superuser
+        form = mock.Mock(
             cleaned_data={
                 "username": "testuser2",
                 "email": "user2@paperless-ngx.com",
             },
         )
         user2 = adapter.save_user(HttpRequest(), User(), form, commit=True)
-        assert not user2.is_superuser
+        self.assertFalse(user2.is_superuser)
 
 
-class TestCustomSocialAccountAdapter:
-    @pytest.mark.django_db
-    def test_is_open_for_signup(self, settings: SettingsWrapper) -> None:
+class TestCustomSocialAccountAdapter(TestCase):
+    def test_is_open_for_signup(self) -> None:
         adapter = get_social_adapter()
 
+        # Test when SOCIALACCOUNT_ALLOW_SIGNUPS is True
         settings.SOCIALACCOUNT_ALLOW_SIGNUPS = True
-        assert adapter.is_open_for_signup(None, None)
+        self.assertTrue(adapter.is_open_for_signup(None, None))
 
+        # Test when SOCIALACCOUNT_ALLOW_SIGNUPS is False
         settings.SOCIALACCOUNT_ALLOW_SIGNUPS = False
-        assert not adapter.is_open_for_signup(None, None)
+        self.assertFalse(adapter.is_open_for_signup(None, None))
 
     def test_get_connect_redirect_url(self) -> None:
         adapter = get_social_adapter()
-        assert adapter.get_connect_redirect_url(None, None) == reverse("base")
+        request = None
+        socialaccount = None
 
-    @pytest.mark.django_db
-    def test_save_user_adds_groups(
-        self,
-        settings: SettingsWrapper,
-        mocker: MockerFixture,
-    ) -> None:
-        settings.SOCIAL_ACCOUNT_DEFAULT_GROUPS = ["group1", "group2"]
+        # Test the default URL
+        expected_url = reverse("base")
+        self.assertEqual(
+            adapter.get_connect_redirect_url(request, socialaccount),
+            expected_url,
+        )
+
+    @override_settings(SOCIAL_ACCOUNT_DEFAULT_GROUPS=["group1", "group2"])
+    def test_save_user_adds_groups(self) -> None:
         Group.objects.create(name="group1")
         adapter = get_social_adapter()
+        request = HttpRequest()
         user = User.objects.create_user("testuser")
-        sociallogin = mocker.MagicMock(user=user)
+        sociallogin = mock.Mock(
+            user=user,
+        )
 
-        user = adapter.save_user(HttpRequest(), sociallogin, None)
+        user = adapter.save_user(request, sociallogin, None)
 
-        assert user.groups.count() == 1
-        assert user.groups.filter(name="group1").exists()
-        assert not user.groups.filter(name="group2").exists()
+        self.assertEqual(user.groups.count(), 1)
+        self.assertTrue(user.groups.filter(name="group1").exists())
+        self.assertFalse(user.groups.filter(name="group2").exists())
 
-    def test_error_logged_on_authentication_error(
-        self,
-        caplog: pytest.LogCaptureFixture,
-    ) -> None:
+    def test_error_logged_on_authentication_error(self) -> None:
         adapter = get_social_adapter()
-        with caplog.at_level(logging.INFO, logger="paperless.auth"):
+        request = HttpRequest()
+        with self.assertLogs("paperless.auth", level="INFO") as log_cm:
             adapter.on_authentication_error(
-                HttpRequest(),
+                request,
                 provider="test-provider",
                 error="Error",
                 exception="Test authentication error",
             )
-        assert any("Test authentication error" in msg for msg in caplog.messages)
+        self.assertTrue(
+            any("Test authentication error" in message for message in log_cm.output),
+        )
 
 
-@pytest.mark.django_db
-class TestDrfTokenStrategy:
+class TestDrfTokenStrategy(TestCase):
     def test_create_access_token_creates_new_token(self) -> None:
         """
         GIVEN:
@@ -187,6 +201,7 @@ class TestDrfTokenStrategy:
         THEN:
             - A new token is created and its key is returned
         """
+
         user = User.objects.create_user("testuser")
         request = HttpRequest()
         request.user = user
@@ -194,9 +209,13 @@ class TestDrfTokenStrategy:
         strategy = DrfTokenStrategy()
         token_key = strategy.create_access_token(request)
 
-        assert token_key is not None
-        assert Token.objects.filter(user=user).exists()
-        assert token_key == Token.objects.get(user=user).key
+        # Verify a token was created
+        self.assertIsNotNone(token_key)
+        self.assertTrue(Token.objects.filter(user=user).exists())
+
+        # Verify the returned key matches the created token
+        token = Token.objects.get(user=user)
+        self.assertEqual(token_key, token.key)
 
     def test_create_access_token_returns_existing_token(self) -> None:
         """
@@ -207,6 +226,7 @@ class TestDrfTokenStrategy:
         THEN:
             - The same token key is returned (no new token created)
         """
+
         user = User.objects.create_user("testuser")
         existing_token = Token.objects.create(user=user)
 
@@ -216,8 +236,11 @@ class TestDrfTokenStrategy:
         strategy = DrfTokenStrategy()
         token_key = strategy.create_access_token(request)
 
-        assert token_key == existing_token.key
-        assert Token.objects.filter(user=user).count() == 1
+        # Verify the existing token key is returned
+        self.assertEqual(token_key, existing_token.key)
+
+        # Verify only one token exists (no duplicate created)
+        self.assertEqual(Token.objects.filter(user=user).count(), 1)
 
     def test_create_access_token_returns_none_for_unauthenticated_user(self) -> None:
         """
@@ -228,11 +251,12 @@ class TestDrfTokenStrategy:
         THEN:
             - None is returned and no token is created
         """
+
         request = HttpRequest()
         request.user = AnonymousUser()
 
         strategy = DrfTokenStrategy()
         token_key = strategy.create_access_token(request)
 
-        assert token_key is None
-        assert Token.objects.count() == 0
+        self.assertIsNone(token_key)
+        self.assertEqual(Token.objects.count(), 0)

src/paperless/tests/test_checks.py

@@ -1,15 +1,16 @@
 import os
-from collections.abc import Callable
-from dataclasses import dataclass
 from pathlib import Path
 from unittest import mock
 
 import pytest
 from django.core.checks import Error
 from django.core.checks import Warning
-from pytest_django.fixtures import SettingsWrapper
+from django.test import TestCase
+from django.test import override_settings
 from pytest_mock import MockerFixture
 
+from documents.tests.utils import DirectoriesMixin
+from documents.tests.utils import FileSystemAssertsMixin
 from paperless.checks import audit_log_check
 from paperless.checks import binaries_check
 from paperless.checks import check_deprecated_db_settings
@@ -19,84 +20,54 @@ from paperless.checks import paths_check
 from paperless.checks import settings_values_check
 
 
-@dataclass(frozen=True, slots=True)
-class PaperlessTestDirs:
-    data_dir: Path
-    media_dir: Path
-    consumption_dir: Path
-
-
-# TODO: consolidate with documents/tests/conftest.py PaperlessDirs/paperless_dirs
-#       once the paperless and documents test suites are ready to share fixtures.
-@pytest.fixture()
-def directories(tmp_path: Path, settings: SettingsWrapper) -> PaperlessTestDirs:
-    data_dir = tmp_path / "data"
-    media_dir = tmp_path / "media"
-    consumption_dir = tmp_path / "consumption"
-
-    for d in (data_dir, media_dir, consumption_dir):
-        d.mkdir()
-
-    settings.DATA_DIR = data_dir
-    settings.MEDIA_ROOT = media_dir
-    settings.CONSUMPTION_DIR = consumption_dir
-
-    return PaperlessTestDirs(
-        data_dir=data_dir,
-        media_dir=media_dir,
-        consumption_dir=consumption_dir,
-    )
-
-
-class TestChecks:
+class TestChecks(DirectoriesMixin, TestCase):
     def test_binaries(self) -> None:
-        assert binaries_check(None) == []
+        self.assertEqual(binaries_check(None), [])
 
-    def test_binaries_fail(self, settings: SettingsWrapper) -> None:
-        settings.CONVERT_BINARY = "uuuhh"
-        assert len(binaries_check(None)) == 1
+    @override_settings(CONVERT_BINARY="uuuhh")
+    def test_binaries_fail(self) -> None:
+        self.assertEqual(len(binaries_check(None)), 1)
 
-    @pytest.mark.usefixtures("directories")
     def test_paths_check(self) -> None:
-        assert paths_check(None) == []
+        self.assertEqual(paths_check(None), [])
 
-    def test_paths_check_dont_exist(self, settings: SettingsWrapper) -> None:
-        settings.MEDIA_ROOT = Path("uuh")
-        settings.DATA_DIR = Path("whatever")
-        settings.CONSUMPTION_DIR = Path("idontcare")
+    @override_settings(
+        MEDIA_ROOT=Path("uuh"),
+        DATA_DIR=Path("whatever"),
+        CONSUMPTION_DIR=Path("idontcare"),
+    )
+    def test_paths_check_dont_exist(self) -> None:
+        msgs = paths_check(None)
+        self.assertEqual(len(msgs), 3, str(msgs))
+
+        for msg in msgs:
+            self.assertTrue(msg.msg.endswith("is set but doesn't exist."))
+
+    def test_paths_check_no_access(self) -> None:
+        Path(self.dirs.data_dir).chmod(0o000)
+        Path(self.dirs.media_dir).chmod(0o000)
+        Path(self.dirs.consumption_dir).chmod(0o000)
+
+        self.addCleanup(os.chmod, self.dirs.data_dir, 0o777)
+        self.addCleanup(os.chmod, self.dirs.media_dir, 0o777)
+        self.addCleanup(os.chmod, self.dirs.consumption_dir, 0o777)
 
         msgs = paths_check(None)
+        self.assertEqual(len(msgs), 3)
 
-        assert len(msgs) == 3, str(msgs)
         for msg in msgs:
-            assert msg.msg.endswith("is set but doesn't exist.")
+            self.assertTrue(msg.msg.endswith("is not writeable"))
 
-    def test_paths_check_no_access(self, directories: PaperlessTestDirs) -> None:
-        directories.data_dir.chmod(0o000)
-        directories.media_dir.chmod(0o000)
-        directories.consumption_dir.chmod(0o000)
+    @override_settings(DEBUG=False)
+    def test_debug_disabled(self) -> None:
+        self.assertEqual(debug_mode_check(None), [])
 
-        try:
-            msgs = paths_check(None)
-        finally:
-            directories.data_dir.chmod(0o777)
-            directories.media_dir.chmod(0o777)
-            directories.consumption_dir.chmod(0o777)
-
-        assert len(msgs) == 3
-        for msg in msgs:
-            assert msg.msg.endswith("is not writeable")
-
-    def test_debug_disabled(self, settings: SettingsWrapper) -> None:
-        settings.DEBUG = False
-        assert debug_mode_check(None) == []
-
-    def test_debug_enabled(self, settings: SettingsWrapper) -> None:
-        settings.DEBUG = True
-        assert len(debug_mode_check(None)) == 1
+    @override_settings(DEBUG=True)
+    def test_debug_enabled(self) -> None:
+        self.assertEqual(len(debug_mode_check(None)), 1)
 
 
-class TestSettingsChecksAgainstDefaults:
+class TestSettingsChecksAgainstDefaults(DirectoriesMixin, TestCase):
     def test_all_valid(self) -> None:
         """
         GIVEN:
@@ -107,71 +78,104 @@ class TestSettingsChecksAgainstDefaults:
             - No system check errors reported
         """
         msgs = settings_values_check(None)
-        assert len(msgs) == 0
+        self.assertEqual(len(msgs), 0)
 
 
-class TestOcrSettingsChecks:
-    @pytest.mark.parametrize(
-        ("setting", "value", "expected_msg"),
-        [
-            pytest.param(
-                "OCR_OUTPUT_TYPE",
-                "notapdf",
-                'OCR output type "notapdf"',
-                id="invalid-output-type",
-            ),
-            pytest.param(
-                "OCR_MODE",
-                "makeitso",
-                'OCR output mode "makeitso"',
-                id="invalid-mode",
-            ),
-            pytest.param(
-                "OCR_MODE",
-                "skip_noarchive",
-                "deprecated",
-                id="deprecated-mode",
-            ),
-            pytest.param(
-                "OCR_SKIP_ARCHIVE_FILE",
-                "invalid",
-                'OCR_SKIP_ARCHIVE_FILE setting "invalid"',
-                id="invalid-skip-archive-file",
-            ),
-            pytest.param(
-                "OCR_CLEAN",
-                "cleanme",
-                'OCR clean mode "cleanme"',
-                id="invalid-clean",
-            ),
-        ],
-    )
-    def test_invalid_setting_produces_one_error(
-        self,
-        settings: SettingsWrapper,
-        setting: str,
-        value: str,
-        expected_msg: str,
-    ) -> None:
+class TestOcrSettingsChecks(DirectoriesMixin, TestCase):
+    @override_settings(OCR_OUTPUT_TYPE="notapdf")
+    def test_invalid_output_type(self) -> None:
         """
         GIVEN:
             - Default settings
-            - One OCR setting is set to an invalid value
+            - OCR output type is invalid
         WHEN:
             - Settings are validated
         THEN:
-            - Exactly one system check error is reported containing the expected message
+            - system check error reported for OCR output type
         """
-        setattr(settings, setting, value)
-
         msgs = settings_values_check(None)
+        self.assertEqual(len(msgs), 1)
 
-        assert len(msgs) == 1
-        assert expected_msg in msgs[0].msg
+        msg = msgs[0]
+
+        self.assertIn('OCR output type "notapdf"', msg.msg)
+
+    @override_settings(OCR_MODE="makeitso")
+    def test_invalid_ocr_type(self) -> None:
+        """
+        GIVEN:
+            - Default settings
+            - OCR type is invalid
+        WHEN:
+            - Settings are validated
+        THEN:
+            - system check error reported for OCR type
+        """
+        msgs = settings_values_check(None)
+        self.assertEqual(len(msgs), 1)
+
+        msg = msgs[0]
+
+        self.assertIn('OCR output mode "makeitso"', msg.msg)
+
+    @override_settings(OCR_MODE="skip_noarchive")
+    def test_deprecated_ocr_type(self) -> None:
+        """
+        GIVEN:
+            - Default settings
+            - OCR type is deprecated
+        WHEN:
+            - Settings are validated
+        THEN:
+            - deprecation warning reported for OCR type
+        """
+        msgs = settings_values_check(None)
+        self.assertEqual(len(msgs), 1)
+
+        msg = msgs[0]
+
+        self.assertIn("deprecated", msg.msg)
+
+    @override_settings(OCR_SKIP_ARCHIVE_FILE="invalid")
+    def test_invalid_ocr_skip_archive_file(self) -> None:
+        """
+        GIVEN:
+            - Default settings
+            - OCR_SKIP_ARCHIVE_FILE is invalid
+        WHEN:
+            - Settings are validated
+        THEN:
+            - system check error reported for OCR_SKIP_ARCHIVE_FILE
+        """
+        msgs = settings_values_check(None)
+        self.assertEqual(len(msgs), 1)
+
+        msg = msgs[0]
+
+        self.assertIn('OCR_SKIP_ARCHIVE_FILE setting "invalid"', msg.msg)
+
+    @override_settings(OCR_CLEAN="cleanme")
+    def test_invalid_ocr_clean(self) -> None:
+        """
+        GIVEN:
+            - Default settings
+            - OCR cleaning type is invalid
+        WHEN:
+            - Settings are validated
+        THEN:
+            - system check error reported for OCR cleaning type
+        """
+        msgs = settings_values_check(None)
+        self.assertEqual(len(msgs), 1)
+
+        msg = msgs[0]
+
+        self.assertIn('OCR clean mode "cleanme"', msg.msg)
 
 
-class TestTimezoneSettingsChecks:
-    def test_invalid_timezone(self, settings: SettingsWrapper) -> None:
+class TestTimezoneSettingsChecks(DirectoriesMixin, TestCase):
+    @override_settings(TIME_ZONE="TheMoon\\MyCrater")
+    def test_invalid_timezone(self) -> None:
         """
         GIVEN:
             - Default settings
@@ -181,16 +185,17 @@ class TestTimezoneSettingsChecks:
         THEN:
             - system check error reported for timezone
         """
-        settings.TIME_ZONE = "TheMoon\\MyCrater"
-
         msgs = settings_values_check(None)
+        self.assertEqual(len(msgs), 1)
 
-        assert len(msgs) == 1
-        assert 'Timezone "TheMoon\\MyCrater"' in msgs[0].msg
+        msg = msgs[0]
+
+        self.assertIn('Timezone "TheMoon\\MyCrater"', msg.msg)
 
 
-class TestEmailCertSettingsChecks:
-    def test_not_valid_file(self, settings: SettingsWrapper) -> None:
+class TestEmailCertSettingsChecks(DirectoriesMixin, FileSystemAssertsMixin, TestCase):
+    @override_settings(EMAIL_CERTIFICATE_FILE=Path("/tmp/not_actually_here.pem"))
+    def test_not_valid_file(self) -> None:
         """
         GIVEN:
             - Default settings
@@ -200,22 +205,19 @@ class TestEmailCertSettingsChecks:
         THEN:
             - system check error reported for email certificate
         """
-        cert_path = Path("/tmp/not_actually_here.pem")
-        assert not cert_path.is_file()
-        settings.EMAIL_CERTIFICATE_FILE = cert_path
+        self.assertIsNotFile("/tmp/not_actually_here.pem")
 
         msgs = settings_values_check(None)
 
-        assert len(msgs) == 1
-        assert "Email cert /tmp/not_actually_here.pem is not a file" in msgs[0].msg
+        self.assertEqual(len(msgs), 1)
+
+        msg = msgs[0]
+
+        self.assertIn("Email cert /tmp/not_actually_here.pem is not a file", msg.msg)
 
 
-class TestAuditLogChecks:
-    def test_was_enabled_once(
-        self,
-        settings: SettingsWrapper,
-        mocker: MockerFixture,
-    ) -> None:
+class TestAuditLogChecks(TestCase):
+    def test_was_enabled_once(self) -> None:
         """
         GIVEN:
             - Audit log is not enabled
@@ -224,18 +226,23 @@ class TestAuditLogChecks:
         THEN:
             - system check error reported for disabling audit log
         """
-        settings.AUDIT_LOG_ENABLED = False
-        introspect_mock = mocker.MagicMock()
+        introspect_mock = mock.MagicMock()
         introspect_mock.introspection.table_names.return_value = ["auditlog_logentry"]
-        mocker.patch.dict(
-            "paperless.checks.connections",
-            {"default": introspect_mock},
-        )
+        with override_settings(AUDIT_LOG_ENABLED=False):
+            with mock.patch.dict(
+                "paperless.checks.connections",
+                {"default": introspect_mock},
+            ):
+                msgs = audit_log_check(None)
 
-        msgs = audit_log_check(None)
+                self.assertEqual(len(msgs), 1)
 
-        assert len(msgs) == 1
-        assert "auditlog table was found but audit log is disabled." in msgs[0].msg
+                msg = msgs[0]
+
+                self.assertIn(
+                    ("auditlog table was found but audit log is disabled."),
+                    msg.msg,
+                )
 
 
 DEPRECATED_VARS: dict[str, str] = {
@@ -264,16 +271,20 @@ class TestDeprecatedDbSettings:
     @pytest.mark.parametrize(
         ("env_var", "db_option_key"),
         [
-            pytest.param("PAPERLESS_DB_TIMEOUT", "timeout", id="db-timeout"),
-            pytest.param(
-                "PAPERLESS_DB_POOLSIZE",
-                "pool.min_size / pool.max_size",
-                id="db-poolsize",
-            ),
-            pytest.param("PAPERLESS_DBSSLMODE", "sslmode", id="ssl-mode"),
-            pytest.param("PAPERLESS_DBSSLROOTCERT", "sslrootcert", id="ssl-rootcert"),
-            pytest.param("PAPERLESS_DBSSLCERT", "sslcert", id="ssl-cert"),
-            pytest.param("PAPERLESS_DBSSLKEY", "sslkey", id="ssl-key"),
+            ("PAPERLESS_DB_TIMEOUT", "timeout"),
+            ("PAPERLESS_DB_POOLSIZE", "pool.min_size / pool.max_size"),
+            ("PAPERLESS_DBSSLMODE", "sslmode"),
+            ("PAPERLESS_DBSSLROOTCERT", "sslrootcert"),
+            ("PAPERLESS_DBSSLCERT", "sslcert"),
+            ("PAPERLESS_DBSSLKEY", "sslkey"),
+        ],
+        ids=[
+            "db-timeout",
+            "db-poolsize",
+            "ssl-mode",
+            "ssl-rootcert",
+            "ssl-cert",
+            "ssl-key",
         ],
     )
     def test_single_deprecated_var_produces_one_warning(
@@ -392,10 +403,7 @@ class TestV3MinimumUpgradeVersionCheck:
     """Test suite for check_v3_minimum_upgrade_version system check."""
 
     @pytest.fixture
-    def build_conn_mock(
-        self,
-        mocker: MockerFixture,
-    ) -> Callable[[list[str], list[str]], mock.MagicMock]:
+    def build_conn_mock(self, mocker: MockerFixture):
         """Factory fixture that builds a connections['default'] mock.
 
         Usage::
@@ -415,7 +423,7 @@ class TestV3MinimumUpgradeVersionCheck:
     def test_no_migrations_table_fresh_install(
         self,
         mocker: MockerFixture,
-        build_conn_mock: Callable[[list[str], list[str]], mock.MagicMock],
+        build_conn_mock,
     ) -> None:
         """
         GIVEN:
@@ -434,7 +442,7 @@ class TestV3MinimumUpgradeVersionCheck:
     def test_no_documents_migrations_fresh_install(
         self,
         mocker: MockerFixture,
-        build_conn_mock: Callable[[list[str], list[str]], mock.MagicMock],
+        build_conn_mock,
     ) -> None:
         """
         GIVEN:
@@ -453,7 +461,7 @@ class TestV3MinimumUpgradeVersionCheck:
     def test_v3_state_with_0001_squashed(
         self,
         mocker: MockerFixture,
-        build_conn_mock: Callable[[list[str], list[str]], mock.MagicMock],
+        build_conn_mock,
     ) -> None:
         """
         GIVEN:
@@ -477,7 +485,7 @@ class TestV3MinimumUpgradeVersionCheck:
     def test_v3_state_with_0002_squashed_only(
         self,
         mocker: MockerFixture,
-        build_conn_mock: Callable[[list[str], list[str]], mock.MagicMock],
+        build_conn_mock,
     ) -> None:
         """
         GIVEN:
@@ -496,7 +504,7 @@ class TestV3MinimumUpgradeVersionCheck:
     def test_v2_20_9_state_ready_to_upgrade(
         self,
         mocker: MockerFixture,
-        build_conn_mock: Callable[[list[str], list[str]], mock.MagicMock],
+        build_conn_mock,
     ) -> None:
         """
         GIVEN:
@@ -523,7 +531,7 @@ class TestV3MinimumUpgradeVersionCheck:
     def test_v2_20_8_raises_error(
         self,
         mocker: MockerFixture,
-        build_conn_mock: Callable[[list[str], list[str]], mock.MagicMock],
+        build_conn_mock,
     ) -> None:
         """
         GIVEN:
@@ -550,7 +558,7 @@ class TestV3MinimumUpgradeVersionCheck:
     def test_very_old_version_raises_error(
         self,
         mocker: MockerFixture,
-        build_conn_mock: Callable[[list[str], list[str]], mock.MagicMock],
+        build_conn_mock,
     ) -> None:
         """
         GIVEN:
@@ -577,7 +585,7 @@ class TestV3MinimumUpgradeVersionCheck:
     def test_error_hint_mentions_v2_20_9(
         self,
         mocker: MockerFixture,
-        build_conn_mock: Callable[[list[str], list[str]], mock.MagicMock],
+        build_conn_mock,
     ) -> None:
         """
         GIVEN:

src/paperless/tests/test_utils.py

@@ -9,50 +9,35 @@ from paperless.utils import ocr_to_dateparser_languages
 @pytest.mark.parametrize(
     ("ocr_language", "expected"),
     [
-        pytest.param("eng", ["en"], id="single-language"),
-        pytest.param("fra+ita+lao", ["fr", "it", "lo"], id="multiple-languages"),
-        pytest.param("fil", ["fil"], id="no-two-letter-equivalent"),
-        pytest.param(
-            "aze_cyrl+srp_latn",
-            ["az-Cyrl", "sr-Latn"],
-            id="script-supported-by-dateparser",
-        ),
-        pytest.param(
-            "deu_frak",
-            ["de"],
-            id="script-not-supported-falls-back-to-language",
-        ),
-        pytest.param(
-            "chi_tra+chi_sim",
-            ["zh"],
-            id="chinese-variants-collapse-to-general",
-        ),
-        pytest.param(
-            "eng+unsupported_language+por",
-            ["en", "pt"],
-            id="unsupported-language-skipped",
-        ),
-        pytest.param(
-            "unsupported1+unsupported2",
-            [],
-            id="all-unsupported-returns-empty",
-        ),
-        pytest.param("eng+eng", ["en"], id="duplicates-deduplicated"),
-        pytest.param(
-            "ita_unknownscript",
-            ["it"],
-            id="unknown-script-falls-back-to-language",
-        ),
+        # One language
+        ("eng", ["en"]),
+        # Multiple languages
+        ("fra+ita+lao", ["fr", "it", "lo"]),
+        # Languages that don't have a two-letter equivalent
+        ("fil", ["fil"]),
+        # Languages with a script part supported by dateparser
+        ("aze_cyrl+srp_latn", ["az-Cyrl", "sr-Latn"]),
+        # Languages with a script part not supported by dateparser
+        # In this case, default to the language without script
+        ("deu_frak", ["de"]),
+        # Traditional and simplified chinese don't have the same name in dateparser,
+        # so they're converted to the general chinese language
+        ("chi_tra+chi_sim", ["zh"]),
+        # If a language is not supported by dateparser, fallback to the supported ones
+        ("eng+unsupported_language+por", ["en", "pt"]),
+        # If no language is supported, fallback to default
+        ("unsupported1+unsupported2", []),
+        # Duplicate languages, should not duplicate in result
+        ("eng+eng", ["en"]),
+        # Language with script, but script is not mapped
+        ("ita_unknownscript", ["it"]),
     ],
 )
-def test_ocr_to_dateparser_languages(ocr_language: str, expected: list[str]) -> None:
+def test_ocr_to_dateparser_languages(ocr_language, expected):
     assert sorted(ocr_to_dateparser_languages(ocr_language)) == sorted(expected)
 
 
-def test_ocr_to_dateparser_languages_exception(
-    monkeypatch: pytest.MonkeyPatch,
-    caplog: pytest.LogCaptureFixture,
-) -> None:
+def test_ocr_to_dateparser_languages_exception(monkeypatch, caplog):
     # Patch LocaleDataLoader.get_locale_map to raise an exception
     class DummyLoader:
         def get_locale_map(self, locales=None):

src/paperless/tests/test_views.py

@@ -1,31 +1,24 @@
+import tempfile
 from pathlib import Path
 
-from django.test import Client
-from pytest_django.fixtures import SettingsWrapper
+from django.test import override_settings
 
 
-def test_favicon_view(
-    client: Client,
-    tmp_path: Path,
-    settings: SettingsWrapper,
-) -> None:
-    favicon_path = tmp_path / "paperless" / "img" / "favicon.ico"
-    favicon_path.parent.mkdir(parents=True)
-    favicon_path.write_bytes(b"FAKE ICON DATA")
+def test_favicon_view(client):
+    with tempfile.TemporaryDirectory() as tmpdir:
+        static_dir = Path(tmpdir)
+        favicon_path = static_dir / "paperless" / "img" / "favicon.ico"
+        favicon_path.parent.mkdir(parents=True, exist_ok=True)
+        favicon_path.write_bytes(b"FAKE ICON DATA")
 
-    settings.STATIC_ROOT = tmp_path
-
-    response = client.get("/favicon.ico")
-    assert response.status_code == 200
-    assert response["Content-Type"] == "image/x-icon"
-    assert b"".join(response.streaming_content) == b"FAKE ICON DATA"
+        with override_settings(STATIC_ROOT=static_dir):
+            response = client.get("/favicon.ico")
+            assert response.status_code == 200
+            assert response["Content-Type"] == "image/x-icon"
+            assert b"".join(response.streaming_content) == b"FAKE ICON DATA"
 
 
-def test_favicon_view_missing_file(
-    client: Client,
-    tmp_path: Path,
-    settings: SettingsWrapper,
-) -> None:
-    settings.STATIC_ROOT = tmp_path
-    response = client.get("/favicon.ico")
-    assert response.status_code == 404
+def test_favicon_view_missing_file(client):
+    with override_settings(STATIC_ROOT=Path(tempfile.mkdtemp())):
+        response = client.get("/favicon.ico")
+        assert response.status_code == 404

uv.lock

@@ -2775,6 +2775,7 @@ dependencies = [
     { name = "regex", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
     { name = "scikit-learn", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
     { name = "sentence-transformers", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
+    { name = "servestatic", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
     { name = "setproctitle", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
     { name = "tika-client", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
     { name = "torch", version = "2.10.0", source = { registry = "https://download.pytorch.org/whl/cpu" }, marker = "sys_platform == 'darwin'" },
@@ -2928,6 +2929,7 @@ requires-dist = [
     { name = "regex", specifier = ">=2025.9.18" },
     { name = "scikit-learn", specifier = "~=1.7.0" },
     { name = "sentence-transformers", specifier = ">=4.1" },
+    { name = "servestatic", specifier = ">=4.0.0" },
     { name = "setproctitle", specifier = "~=1.3.4" },
     { name = "tika-client", specifier = "~=0.10.0" },
     { name = "torch", specifier = "~=2.10.0", index = "https://download.pytorch.org/whl/cpu" },
@@ -4325,6 +4327,18 @@ wheels = [
     { url = "https://files.pythonhosted.org/packages/46/9f/dba4b3e18ebbe1eaa29d9f1764fbc7da0cd91937b83f2b7928d15c5d2d36/sentence_transformers-5.2.3-py3-none-any.whl", hash = "sha256:6437c62d4112b615ddebda362dfc16a4308d604c5b68125ed586e3e95d5b2e30", size = 494225, upload-time = "2026-02-17T14:05:18.596Z" },
 ]
 
+[[package]]
+name = "servestatic"
+version = "4.0.0"
+source = { registry = "https://pypi.org/simple" }
+dependencies = [
+    { name = "asgiref", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
+]
+sdist = { url = "https://files.pythonhosted.org/packages/6b/e6/cba9e145d41408d67e73eacdd3dc606317132c66bc536eb336bb3aea504d/servestatic-4.0.0.tar.gz", hash = "sha256:212b80d4b0d07b2ab10e2e4419ed984f5e6ec2fee61b64e9ed1d7740b3c367a5", size = 27495, upload-time = "2026-03-06T00:08:36.51Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/3f/37/b9a329c6fb8c77c7ff8b3119b64fcd8ee91a668fd66b24d4924ed84386d0/servestatic-4.0.0-py3-none-any.whl", hash = "sha256:78756de57908f75a08e5838306f515924c4257434bc72596b8a5c95bc7396b2b", size = 32498, upload-time = "2026-03-06T00:08:35.419Z" },
+]
+
 [[package]]
 name = "service-identity"
 version = "24.2.0"