+ Added aurweb.auth.AnonymousUser
* An instance of this model is returned as the request user
when the request is not authenticated
+ Added aurweb.auth.BasicAuthBackend
+ Add starlette's AuthenticationMiddleware to app middleware,
which uses our BasicAuthBackend facility
+ Added User.is_authenticated()
+ Added User.authenticate(password)
+ Added User.login(request, password)
+ Added User.logout(request)
+ Added repr(User(...)) representation
+ Added aurweb.auth.auth_required decorator.
This change uses the same AURSID logic in the PHP implementation.
Additionally, introduce a few helpers for authentication,
one of which being `User.update_password(password, rounds = 12)`
where `rounds` is a configurable number of salt rounds.
Signed-off-by: Kevin Morris <kevr@0cost.org>
+ Added aurweb.util module.
- Added make_random_string function.
+ Added aurweb.db.make_random_value function.
- Takes a model and a column and introspects them to figure out the
proper column length to create a random string for; then creates
a unique string for that column.
Signed-off-by: Kevin Morris <kevr@0cost.org>
Takes sqlalchemy kwargs or stanzas:
query(Model, Model.Column == value)
query(Model, and_(Model.Column == value, Model.Column != "BAD!"))
Updated tests to reflect the new utility and a comment about upcoming
function deprecation is added to get_account_type().
From here on, phase out the use of get_account_type().
+ aurweb.db: Added create utility function
+ aurweb.db: Added delete utility function
The `delete` function can be used to delete a record by search
kwargs directly.
Example:
delete(User, User.ID == 6)
All three functions added in this commit are typically useful to
perform these operations without having to import aurweb.db.session.
Removes a bit of redundancy overall.
Signed-off-by: Kevin Morris <kevr@0cost.org>
MySql defaults to `utf8` and case insensitive collation so migrate these to case sensitive and `utf8mb4`
Closes#21
Signed-off-by: Leonidas Spyropoulos <artafinde@gmail.com>
IMPORTANT: This test completely wipes out the database it's using.
Make sure you've got AUR_CONFIG set to a test database configuration!
Signed-off-by: Kevin Morris <kevr@0cost.org>
+ Added aurweb.models.user.User class. This is the first example
of an sqlalchemy ORM model. We can search for users via for example:
`session.query(User).filter(User.ID==1).first()`, where `session` is
a configured `aurweb.db.session` object.
+ Along with the User class, defined the AccountType class.
Each User maintains a relationship to its AccountType via User.AccountType.
+ Added AccountType.users backref.
Signed-off-by: Kevin Morris <kevr@0cost.org>
+ Added Session class and global session object to aurweb.db,
these are sessions created by sqlalchemy ORM's sessionmaker
and will allow us to use declarative/imperative models.
Signed-off-by: Kevin Morris <kevr@0cost.org>
* Moved migrations/env.py's logging initialization and migration execution
into a `__name__ == "__main__"` stanza so it doesn't immediately happen
when imported by another module.
Signed-off-by: Kevin Morris <kevr@0cost.org>
+ Mounted static files (at web/html) to /static.
+ Added AURWEB_VERSION to aurweb.config (this is used around HTML
to refer back to aurweb's release on git.archlinux.org), so we
need it easily accessible in the Python codebase.
+ Implemented basic Jinja2 partials to put together whole aurweb
pages. This may be missing some things currently and is a WIP
until this set is ready to be merged.
+ Added config [options] aurwebdir = YOUR_AUR_ROOT; this configuration
option should specify the root directory of the aurweb project.
It is used by various parts of the FastAPI codebase to target
project directories.
Added routes via aurweb.routers.html:
* POST /language: Set your session language.
* GET /favicon.ico: Redirect to /static/images/favicon.ico.
* Some browsers always look for $ROOT/favicon.ico to get an icon
for the page being loaded, regardless of a specified "shortcut
icon" given in a <link> directive.
* GET /: Home page; WIP.
* Updated aurweb.routers.html.language passes query parameters to
its next redirection.
When calling aurweb.templates.render_template, the context passed should
be formed via the aurweb.templates.make_context. See
aurweb.routers.html.index for an example of this.
Signed-off-by: Kevin Morris <kevr@0cost.org>
The Document.execCommand API is deprecated and no longer recommended to
be used. It's replacement is the much simpler navigator.clipboard API
which is supported in all browsers except internet explorer.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
+ Added SUPPORTED_LANGUAGES, a global constant dictionary of
language => display pairs for languages we support.
+ Add Translator.get_translator, a function used to retrieve a
translator after initializing it (if needed). Use `fallback=True`
while creating languages, in case we setup a language that we
don't have a translation for, it will noop the translation.
This is particularly useful for "en," since we do not translate
it, but doing this will allow us to go through our normal translation
flow in any case.
+ Added typing.
+ Added get_request_language, a function that grabs the language for
a request session, defaulting to aurweb.config [options] default_lang.
+ Added get_raw_translator_for_request, a function that retrieves
the concrete translation object for a given language.
+ Added tr, a jinja2 contextfilter that can be used to inline translate
strings in jinja2 templates.
+ Added `python-jinja` dep to .gitlab-ci.yml. This needs to be
included in documentation before this set is merged in.
+ Introduce pytest units (test_l10n.py) in `test` along with
__init__.py, which marks `test` as a test package.
+ Additionally, fix up notify.py to use the global translator. Also
reduce its source width to <= 80 by newlining some code.
+ Additionally, prepare locale in .gitlab-ci.yml and add
aurweb.config [options] localedir to config.dev with YOUR_AUR_ROOT
like others.
Signed-off-by: Kevin Morris <kevr@0cost.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
This docker file downloads deps, sets up some things beforehand and
finishes with running our entire collection of tests.
Signed-off-by: Kevin Morris <kevr@0cost.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Additionally, we now ask for two more favors from contributors:
1. All source modified or added within a patchset **must** maintain
equivalent or increased coverage by providing tests that use the
functionality.
2. Please keep your source within an 80 column width.
PS: Sneak a few test Makefile and gitlab fixes.
Signed-off-by: Kevin Morris <kevr@0cost.org>
Important note: Python tests will repeatedly clear out tables
that they test against; for this reason, one should always run
the shell tests first. The __init__.py file is necessary for
coverage to collect data from the tests being run.
At this point in FastAPI development, I'd like to encourage a
few things going forward:
1. Any time you contribute to the FastAPI codebase, you **must**
maintain equal or increased coverage on the overall source.
Developers are highly appreciated for adding tests in your
specific domain of addition or modification that may be missing
coverage. Our goal is 100% coverage, and all newly added files
**must** have 100% coverage through tests.
2. All source should be formatted with the autopep8 tool and
kept within an 80 column width, with the exception of HTML
templates.
Signed-off-by: Kevin Morris <kevr@0cost.org>
Now, .coveragerc enforces a minimum overall 82% coverage, as is
the current standing. Providing less than 100% coverage for added
code should reduce the overall coverage and eventually reach 81%
or below, causing coverage report to fail on execution.
Developers should increase the failure minimum as they increase
coverage across the uncovered code.
Signed-off-by: Kevin Morris <kevr@0cost.org>
Some of the columns that were changed still want to be
case insensitive. Good thing our tables have nice
separation.
Signed-off-by: Kevin Morris <kevr@0cost.org>
MySql defaults to `utf8` and case insensitive collation so migrate these to case sensitive and `utf8mb4`
Closes#21
Signed-off-by: Leonidas Spyropoulos <artafinde@gmail.com>
op.drop_constraint requires a valid field to drop the constraint on.
Without this, downgrade cannot occur.
Signed-off-by: Kevin Morris <kevr@0cost.org>
I've seen this happen a bunch of times now. Someone cannot push to the
AUR, and the error report is some traceback with a KeyError which is
difficult to understand without context:
remote: Traceback (most recent call last):
remote: File "/srv/http/aurweb/aur.git/hooks/update", line 33, in <module>
remote: sys.exit(load_entry_point('aurweb==5.0.0', 'console_scripts', 'aurweb-git-update')())
remote: File "/usr/lib/python3.9/site-packages/aurweb-5.0.0-py3.9.egg/aurweb/git/update.py", line 306, in main
remote: KeyError: 'pkgbase'
Eventually it turns out that their .SRCINFO file is... badly corrupted.
Generally, they managed to accidentally commit an *empty* file instead
of a .SRCINFO, and in all cases, the problem was on the very first
lookup for 'pkgbase'.
Point people to the actual failing commit, and have a nicely formatted
message indicating that the .SRCINFO is completely invalid.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
uvicorn is subjectively nicer to play with for local dev work, but
hypercorn is required in order to do HTTP/2 which is fairly
performance-important.
Signed-off-by: Kevin Morris <kevr@0cost.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Co-authored-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Mostly here to make sure people continue to use tabbed indents for php
and the TAP tests, since that is what they are currently using.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
The account deletion code tries to remove user from PackageNotifications
using the wrong column UsersID to identify the user by id. In the
PackagePackageNotifications table the foreign key is called UserID. In
the future ideally this would be unified into UserID for all tables.
Closes: #12
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
jsdelivr is another free CDN service for open source projects.
The main motivation for this change is that it is the only one that works fairly
well across the globe. The Google CDN service is known to be hardly
accessible in mainland China, unfortunately.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
