We've seen a bug in the past where unique SID generation fails and
still ends up raising an exception.
This commit reworks how we deal with database exceptions internally,
tries for 36 iterations to set a fresh unique SID, and raises a 500
HTTPException if we were unable to.
Signed-off-by: Kevin Morris <kevr@0cost.org>
This change utilizes pytest-xdist to perform a multiproc test
run and reworks aurweb.db's code. We no longer use a global
engine, session or Session, but we now use a memo of engines
and sessions as they are requested, based on the PYTEST_CURRENT_TEST
environment variable, which is available during testing.
Additionally, this change strips several SQLite components
out of the Python code-base.
SQLite is still compatible with PHP and sharness tests, but
not with our FastAPI implementation.
More changes:
------------
- Remove use of aurweb.db.session global in other code.
- Use new aurweb.db.name() dynamic db name function in env.py.
- Added 'addopts' to pytest.ini which utilizes multiprocessing.
- Highly recommended to leave this be or modify `-n auto` to
`-n {cpu_threads}` where cpu_threads is at least 2.
Signed-off-by: Kevin Morris <kevr@0cost.org>
For SQLAlchemy to automatically understand updates from the
external world, it must use an `autocommit=True` in its session.
This change breaks how we were using commit previously, as
`autocommit=True` causes SQLAlchemy to commit when a
SessionTransaction context hits __exit__.
So, a refactoring was required of our tests: All usage of
any `db.{create,delete}` must be called **within** a
SessionTransaction context, created via new `db.begin()`.
From this point forward, we're going to require:
```
with db.begin():
db.create(...)
db.delete(...)
db.session.delete(object)
```
With this, we now get external DB modifications automatically
without reloading or restarting the FastAPI server, which we
absolutely need for production.
Signed-off-by: Kevin Morris <kevr@0cost.org>
Added:
- User.voted_for(package)
- Has a user voted for a particular package?
- User.notified(package)
- Is a user being notified about a particular package?
- User.packages()
- Entire collection of Package objects related to User.
Signed-off-by: Kevin Morris <kevr@0cost.org>
Two utility functions for all of our ORM models that will
allow us to easily convert them to Python structures and
JSON data.
Signed-off-by: Kevin Morris <kevr@0cost.org>
Some of these tests were written before some of our convenient
tooling existed. Additionally, some of the tests were not
cooperating with PEP-8 guidelines or isorted.
This commit does the following:
- Replaces all calls to make_(user|session) with
aurweb.db.create(Model, ...).
- Replace calls to session.add(...) + session.commit() with
aurweb.db.create.
- Removes the majority of calls to (session|aurweb.db).delete(...).
- Replaces session.query calls with aurweb.db.query.
- Initializes all mutable globals in pytest fixture setup().
- Makes mutable global declarations more concise:
`var1, var2 = None, None` -> `var1 = var2 = None`
- Defines a warning exclusion for test/test_ssh_pub_key.py.
- Removes the aurweb.testing.models module.
- Removes some useless pytest.fixture yielding.
As of this commit, developers should use the following guidelines
when writing tests:
- Always use aurweb.db.(create|delete|query) for database
operations, where possible.
- Always define mutable globals in the style: `var1 = var2 = None`.
- `yield` the most dependent model in pytest setup fixture **iff**
you must delete records after test runs to maintain database
integrity. Example: test/test_account_type.py.
This all makes the test code look and behave much cleaner.
Previously, aurweb.testing.setup_test_db was buggy and leaving
objects around in SQLAlchemy's IdentityMap.
Signed-off-by: Kevin Morris <kevr@0cost.org>
This clones the behavior already present in the PHP implementation,
but it uses a global dict with credential constant keys to
validation functions to determine if a given user has a credential.
Signed-off-by: Kevin Morris <kevr@0cost.org>
Introduced `get|post` `/passreset` routes. These routes mimic the
behavior of the existing PHP implementation, with the exception of
HTTP status code returns.
Routes added:
GET /passreset
POST /passreset
Routers added:
aurweb.routers.accounts
* On an unknown user or mismatched resetkey (where resetkey must ==
user.resetkey), return HTTP status NOT_FOUND (404).
* On another error in the request, return HTTP status BAD_REQUEST (400).
Both `get|post` routes requires that the current user is **not**
authenticated, hence `@auth_required(False, redirect="/")`.
+ Added auth_required decorator to aurweb.auth.
+ Added some more utility to aurweb.models.user.User.
+ Added `partials/error.html` template.
+ Added `passreset.html` template.
+ Added aurweb.db.ConnectionExecutor functor for paramstyle logic.
Decoupling the executor logic from the database connection logic
is needed for us to easily use the same logic with a fastapi
database session, when we need to use aurweb.scripts modules.
At this point, notification configuration is now required to complete
tests involved with notifications properly, like passreset.
`conf/config.dev` has been modified to include [notifications] sendmail,
sender and reply-to overrides. Dockerfile and .gitlab-ci.yml have been
updated to setup /etc/hosts and start postfix before running tests.
* setup.cfg: ignore E741, C901 in aurweb.routers.accounts
These two warnings (shown in the commit) are not dangerous and a bi-product
of maintaining compatibility with our current code flow.
Signed-off-by: Kevin Morris <kevr@0cost.org>
+ Added aurweb.auth.AnonymousUser
* An instance of this model is returned as the request user
when the request is not authenticated
+ Added aurweb.auth.BasicAuthBackend
+ Add starlette's AuthenticationMiddleware to app middleware,
which uses our BasicAuthBackend facility
+ Added User.is_authenticated()
+ Added User.authenticate(password)
+ Added User.login(request, password)
+ Added User.logout(request)
+ Added repr(User(...)) representation
+ Added aurweb.auth.auth_required decorator.
This change uses the same AURSID logic in the PHP implementation.
Additionally, introduce a few helpers for authentication,
one of which being `User.update_password(password, rounds = 12)`
where `rounds` is a configurable number of salt rounds.
Signed-off-by: Kevin Morris <kevr@0cost.org>
Takes sqlalchemy kwargs or stanzas:
query(Model, Model.Column == value)
query(Model, and_(Model.Column == value, Model.Column != "BAD!"))
Updated tests to reflect the new utility and a comment about upcoming
function deprecation is added to get_account_type().
From here on, phase out the use of get_account_type().
+ aurweb.db: Added create utility function
+ aurweb.db: Added delete utility function
The `delete` function can be used to delete a record by search
kwargs directly.
Example:
delete(User, User.ID == 6)
All three functions added in this commit are typically useful to
perform these operations without having to import aurweb.db.session.
Removes a bit of redundancy overall.
Signed-off-by: Kevin Morris <kevr@0cost.org>
+ Added aurweb.models.user.User class. This is the first example
of an sqlalchemy ORM model. We can search for users via for example:
`session.query(User).filter(User.ID==1).first()`, where `session` is
a configured `aurweb.db.session` object.
+ Along with the User class, defined the AccountType class.
Each User maintains a relationship to its AccountType via User.AccountType.
+ Added AccountType.users backref.
Signed-off-by: Kevin Morris <kevr@0cost.org>
