Some of these tests were written before some of our convenient
tooling existed. Additionally, some of the tests were not
cooperating with PEP-8 guidelines or isorted.
This commit does the following:
- Replaces all calls to make_(user|session) with
aurweb.db.create(Model, ...).
- Replace calls to session.add(...) + session.commit() with
aurweb.db.create.
- Removes the majority of calls to (session|aurweb.db).delete(...).
- Replaces session.query calls with aurweb.db.query.
- Initializes all mutable globals in pytest fixture setup().
- Makes mutable global declarations more concise:
`var1, var2 = None, None` -> `var1 = var2 = None`
- Defines a warning exclusion for test/test_ssh_pub_key.py.
- Removes the aurweb.testing.models module.
- Removes some useless pytest.fixture yielding.
As of this commit, developers should use the following guidelines
when writing tests:
- Always use aurweb.db.(create|delete|query) for database
operations, where possible.
- Always define mutable globals in the style: `var1 = var2 = None`.
- `yield` the most dependent model in pytest setup fixture **iff**
you must delete records after test runs to maintain database
integrity. Example: test/test_account_type.py.
This all makes the test code look and behave much cleaner.
Previously, aurweb.testing.setup_test_db was buggy and leaving
objects around in SQLAlchemy's IdentityMap.
Signed-off-by: Kevin Morris <kevr@0cost.org>
Additionally, add an optional **kwargs passing via make_relationship.
This allows us to use things like `uselist=False`, which was needed
for test/test_package.py.
Signed-off-by: Kevin Morris <kevr@0cost.org>
We don't want to do this on construction. We only want to do this
when we want to actually add the user to the database (or modify it).
Signed-off-by: Kevin Morris <kevr@0cost.org>
This is needed to avoid redundant objects in SQLAlchemy's
IdentityMap, since we pass a direct .execute to delete
the tables passed in. Additionally, remove our engine.connect()
call in favor of relying on the already-established Session.
Signed-off-by: Kevin Morris <kevr@0cost.org>
AUR renders its own 404 Not Found page when a bad route
is encountered. Introducing the previous verification
caused an error in this case when setting a language
while viewing the Not Found page. So, instead of checking
through routes, just make sure that the next parameter
starts with a '/' character, which removes the possibility
of any cross attacks.
+ Removed aurweb.asgi.routes; no longer needed.
Signed-off-by: Kevin Morris <kevr@0cost.org>
* Added account_url filter to jinja2 environment. This produces a path
to the user's account url (/account/{username}).
* Updated archdev-navbar to link to new edit route.
+ Added migrate_cookies(request, response) to aurweb.util, a function
that simply migrates the request cookies to response and returns it.
+ Added account_edit tests to test_accounts_routes.py.
Signed-off-by: Kevin Morris <kevr@0cost.org>
* Added /register get and post routes.
+ Added default attributes to AnonymousUser, including a new
AnonymousList which behaves like an sqlalchemy relationship
list.
+ aurweb.util: Added validation functions for various user fields
used throughout registration.
+ test_accounts_routes: Added get|post register route tests.
Signed-off-by: Kevin Morris <kevr@0cost.org>
This CAPTCHA workflow is the same workflow used by our current
PHP implementation of account registration.
Signed-off-by: Kevin Morris <kevr@0cost.org>
A new make_context wrapper which additionally includes either
query parameters (get) or form data (post) in the context.
Use this to simplify setting context variables for form data
in particular.
Signed-off-by: Kevin Morris <kevr@0cost.org>
This module includes timezone-based utilities for a FastAPI request.
This commit introduces use of the AURTZ cookie within get_request_timezone.
This cookie should be set to the user or session's timezone.
* `make_context` has been modified to parse the request's timezone
and include the "timezone" and "timezones" variables, along with
a timezone specified "now" date.
+ Added `Timezone` attribute to aurweb.testing.requests.Request.user.
Signed-off-by: Kevin Morris <kevr@0cost.org>
This clones the behavior already present in the PHP implementation,
but it uses a global dict with credential constant keys to
validation functions to determine if a given user has a credential.
Signed-off-by: Kevin Morris <kevr@0cost.org>
+ Use User.LangPreference when there is no set AURSID
if request.user.is_authenticated is true.
+ Updated post /language to update LangPreference when
request.user.is_authenticated.
+ Restore language during test where we change it.
+ Added the user attribute to aurweb.testing.requests.Request.
Signed-off-by: Kevin Morris <kevr@0cost.org>
Introduced `get|post` `/passreset` routes. These routes mimic the
behavior of the existing PHP implementation, with the exception of
HTTP status code returns.
Routes added:
GET /passreset
POST /passreset
Routers added:
aurweb.routers.accounts
* On an unknown user or mismatched resetkey (where resetkey must ==
user.resetkey), return HTTP status NOT_FOUND (404).
* On another error in the request, return HTTP status BAD_REQUEST (400).
Both `get|post` routes requires that the current user is **not**
authenticated, hence `@auth_required(False, redirect="/")`.
+ Added auth_required decorator to aurweb.auth.
+ Added some more utility to aurweb.models.user.User.
+ Added `partials/error.html` template.
+ Added `passreset.html` template.
+ Added aurweb.db.ConnectionExecutor functor for paramstyle logic.
Decoupling the executor logic from the database connection logic
is needed for us to easily use the same logic with a fastapi
database session, when we need to use aurweb.scripts modules.
At this point, notification configuration is now required to complete
tests involved with notifications properly, like passreset.
`conf/config.dev` has been modified to include [notifications] sendmail,
sender and reply-to overrides. Dockerfile and .gitlab-ci.yml have been
updated to setup /etc/hosts and start postfix before running tests.
* setup.cfg: ignore E741, C901 in aurweb.routers.accounts
These two warnings (shown in the commit) are not dangerous and a bi-product
of maintaining compatibility with our current code flow.
Signed-off-by: Kevin Morris <kevr@0cost.org>
This allows us to inspect things about the request we're rendering from.
* Use render_template(request, ...) in aurweb.routers.auth
Signed-off-by: Kevin Morris <kevr@0cost.org>
+ Added route: GET `/login` via `aurweb.routers.auth.login_get`
+ Added route: POST `/login` via `aurweb.routers.auth.login_post`
+ Added route: GET `/logout` via `aurweb.routers.auth.logout`
+ Added route: POST `/logout` via `aurweb.routers.auth.logout_post`
* Modify archdev-navbar.html template to toggle displays on auth state
+ Added login.html template
Signed-off-by: Kevin Morris <kevr@0cost.org>
+ Added aurweb.auth.AnonymousUser
* An instance of this model is returned as the request user
when the request is not authenticated
+ Added aurweb.auth.BasicAuthBackend
+ Add starlette's AuthenticationMiddleware to app middleware,
which uses our BasicAuthBackend facility
+ Added User.is_authenticated()
+ Added User.authenticate(password)
+ Added User.login(request, password)
+ Added User.logout(request)
+ Added repr(User(...)) representation
+ Added aurweb.auth.auth_required decorator.
This change uses the same AURSID logic in the PHP implementation.
Additionally, introduce a few helpers for authentication,
one of which being `User.update_password(password, rounds = 12)`
where `rounds` is a configurable number of salt rounds.
Signed-off-by: Kevin Morris <kevr@0cost.org>
+ Added aurweb.util module.
- Added make_random_string function.
+ Added aurweb.db.make_random_value function.
- Takes a model and a column and introspects them to figure out the
proper column length to create a random string for; then creates
a unique string for that column.
Signed-off-by: Kevin Morris <kevr@0cost.org>
Takes sqlalchemy kwargs or stanzas:
query(Model, Model.Column == value)
query(Model, and_(Model.Column == value, Model.Column != "BAD!"))
Updated tests to reflect the new utility and a comment about upcoming
function deprecation is added to get_account_type().
From here on, phase out the use of get_account_type().
+ aurweb.db: Added create utility function
+ aurweb.db: Added delete utility function
The `delete` function can be used to delete a record by search
kwargs directly.
Example:
delete(User, User.ID == 6)
All three functions added in this commit are typically useful to
perform these operations without having to import aurweb.db.session.
Removes a bit of redundancy overall.
Signed-off-by: Kevin Morris <kevr@0cost.org>
+ Added aurweb.models.user.User class. This is the first example
of an sqlalchemy ORM model. We can search for users via for example:
`session.query(User).filter(User.ID==1).first()`, where `session` is
a configured `aurweb.db.session` object.
+ Along with the User class, defined the AccountType class.
Each User maintains a relationship to its AccountType via User.AccountType.
+ Added AccountType.users backref.
Signed-off-by: Kevin Morris <kevr@0cost.org>
+ Added Session class and global session object to aurweb.db,
these are sessions created by sqlalchemy ORM's sessionmaker
and will allow us to use declarative/imperative models.
Signed-off-by: Kevin Morris <kevr@0cost.org>
+ Mounted static files (at web/html) to /static.
+ Added AURWEB_VERSION to aurweb.config (this is used around HTML
to refer back to aurweb's release on git.archlinux.org), so we
need it easily accessible in the Python codebase.
+ Implemented basic Jinja2 partials to put together whole aurweb
pages. This may be missing some things currently and is a WIP
until this set is ready to be merged.
+ Added config [options] aurwebdir = YOUR_AUR_ROOT; this configuration
option should specify the root directory of the aurweb project.
It is used by various parts of the FastAPI codebase to target
project directories.
Added routes via aurweb.routers.html:
* POST /language: Set your session language.
* GET /favicon.ico: Redirect to /static/images/favicon.ico.
* Some browsers always look for $ROOT/favicon.ico to get an icon
for the page being loaded, regardless of a specified "shortcut
icon" given in a <link> directive.
* GET /: Home page; WIP.
* Updated aurweb.routers.html.language passes query parameters to
its next redirection.
When calling aurweb.templates.render_template, the context passed should
be formed via the aurweb.templates.make_context. See
aurweb.routers.html.index for an example of this.
Signed-off-by: Kevin Morris <kevr@0cost.org>
+ Added SUPPORTED_LANGUAGES, a global constant dictionary of
language => display pairs for languages we support.
+ Add Translator.get_translator, a function used to retrieve a
translator after initializing it (if needed). Use `fallback=True`
while creating languages, in case we setup a language that we
don't have a translation for, it will noop the translation.
This is particularly useful for "en," since we do not translate
it, but doing this will allow us to go through our normal translation
flow in any case.
+ Added typing.
+ Added get_request_language, a function that grabs the language for
a request session, defaulting to aurweb.config [options] default_lang.
+ Added get_raw_translator_for_request, a function that retrieves
the concrete translation object for a given language.
+ Added tr, a jinja2 contextfilter that can be used to inline translate
strings in jinja2 templates.
+ Added `python-jinja` dep to .gitlab-ci.yml. This needs to be
included in documentation before this set is merged in.
+ Introduce pytest units (test_l10n.py) in `test` along with
__init__.py, which marks `test` as a test package.
+ Additionally, fix up notify.py to use the global translator. Also
reduce its source width to <= 80 by newlining some code.
+ Additionally, prepare locale in .gitlab-ci.yml and add
aurweb.config [options] localedir to config.dev with YOUR_AUR_ROOT
like others.
Signed-off-by: Kevin Morris <kevr@0cost.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Some of the columns that were changed still want to be
case insensitive. Good thing our tables have nice
separation.
Signed-off-by: Kevin Morris <kevr@0cost.org>
MySql defaults to `utf8` and case insensitive collation so migrate these to case sensitive and `utf8mb4`
Closes#21
Signed-off-by: Leonidas Spyropoulos <artafinde@gmail.com>
I've seen this happen a bunch of times now. Someone cannot push to the
AUR, and the error report is some traceback with a KeyError which is
difficult to understand without context:
remote: Traceback (most recent call last):
remote: File "/srv/http/aurweb/aur.git/hooks/update", line 33, in <module>
remote: sys.exit(load_entry_point('aurweb==5.0.0', 'console_scripts', 'aurweb-git-update')())
remote: File "/usr/lib/python3.9/site-packages/aurweb-5.0.0-py3.9.egg/aurweb/git/update.py", line 306, in main
remote: KeyError: 'pkgbase'
Eventually it turns out that their .SRCINFO file is... badly corrupted.
Generally, they managed to accidentally commit an *empty* file instead
of a .SRCINFO, and in all cases, the problem was on the very first
lookup for 'pkgbase'.
Point people to the actual failing commit, and have a nicely formatted
message indicating that the .SRCINFO is completely invalid.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
uvicorn is subjectively nicer to play with for local dev work, but
hypercorn is required in order to do HTTP/2 which is fairly
performance-important.
Signed-off-by: Kevin Morris <kevr@0cost.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Co-authored-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
This allows using a relative path for the config. PHP didn't play well
with it.
Signed-off-by: Filipe Laíns <lains@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
