fix: validate timezone before use

Signed-off-by: Leonidas Spyropoulos <artafinde@archlinux.org>

aurweb/templates.py

@@ -3,6 +3,7 @@ import functools
 import os
 from http import HTTPStatus
 from typing import Callable
+from zoneinfo import ZoneInfoNotFoundError
 
 import jinja2
 from fastapi import Request
@@ -19,6 +20,8 @@ _env = jinja2.Environment(
     loader=_loader, autoescape=True, extensions=["jinja2.ext.i18n"]
 )
 
+DEFAULT_TIMEZONE = aurweb.config.get("options", "default_timezone")
+
 
 def register_filter(name: str) -> Callable:
     """A decorator that can be used to register a filter.
@@ -72,7 +75,10 @@ def make_context(request: Request, title: str, next: str = None):
         # Shorten commit_hash to a short Git hash.
         commit_hash = commit_hash[:7]
 
+    try:
         timezone = time.get_request_timezone(request)
+    except ZoneInfoNotFoundError:
+        timezone = DEFAULT_TIMEZONE
     language = l10n.get_request_language(request)
     return {
         "request": request,
@@ -104,8 +110,10 @@ async def make_variable_context(request: Request, title: str, next: str = None):
     )
 
     for k, v in to_copy.items():
+        if k == "timezone":
+            context[k] = v if v in time.SUPPORTED_TIMEZONES else DEFAULT_TIMEZONE
+        else:
             context[k] = v
-
     context["q"] = dict(request.query_params)
 
     return context

aurweb/testing/requests.py

@@ -23,7 +23,10 @@ class Client:
 
 
 class URL:
-    path = "/"
+    path: str
+
+    def __init__(self, path: str = "/"):
+        self.path = path
 
 
 class Request:
@@ -39,6 +42,8 @@ class Request:
         method: str = "GET",
         headers: dict[str, str] = dict(),
         cookies: dict[str, str] = dict(),
+        url: str = "/",
+        query_params: dict[str, str] = dict(),
     ) -> "Request":
         self.user = user
         self.user.authenticated = authenticated
@@ -46,3 +51,5 @@ class Request:
         self.method = method.upper()
         self.headers = headers
         self.cookies = cookies
+        self.url = URL(path=url)
+        self.query_params = query_params

test/setup.sh

@@ -34,6 +34,7 @@ aurwebdir = $TOPLEVEL
 aur_location = https://aur.archlinux.org
 aur_request_ml = aur-requests@lists.archlinux.org
 enable-maintenance = 0
+default_timezone = UTC
 maintenance-exceptions = 127.0.0.1
 commit_uri = https://aur.archlinux.org/cgit/aur.git/log/?h=%s&id=%s
 localedir = $TOPLEVEL/web/locale/

test/test_templates.py

@@ -16,6 +16,7 @@ from aurweb.models.relation_type import PROVIDES_ID, REPLACES_ID
 from aurweb.templates import (
     base_template,
     make_context,
+    make_variable_context,
     register_filter,
     register_function,
 )
@@ -348,3 +349,22 @@ def test_package_details_filled(user: User, package: Package):
     base = base_template("partials/packages/details.html")
     body = base.render(context, show_package_details=True)
     check_package_details(body, package)
+
+
+def test_make_context_timezone(user: User, package: Package):
+    request = Request(
+        user=user, authenticated=True, url="/packages/test?timezone=foobar"
+    )
+    context = make_context(request, "Test Details")
+    assert context["timezone"] in time.SUPPORTED_TIMEZONES
+
+
+@pytest.mark.asyncio
+async def test_make_variable_context_timezone(user: User, package: Package):
+    request = Request(
+        user=user, authenticated=True, url="/packages/test?timezone=foobar"
+    )
+    context = await make_variable_context(
+        request, "Test Details", next="/packages/test"
+    )
+    assert context["timezone"] in time.SUPPORTED_TIMEZONES