This rewrites the entire model base as declarative models.
This allows us to more easily customize overlay fields
in tables and is more common.
This effort also brought some DB violations to light which
this commit addresses.
Signed-off-by: Kevin Morris <kevr@0cost.org>
As per our regex and policies, usernames should consist of
ascii alphanumeric characters and possibly (-, _ or .).
gendummydata.py was creating unicode versions of some
usernames and adding them into the DB. With our newfound
collations, this becomes a problem as it treats them as
the same.
This should have never been the case here, and so,
gendummydata.py has been patched to normalize all of its
usernames and package names.
Signed-off-by: Kevin Morris <kevr@0cost.org>
`ci` in this context means "Case Insensitive".
`cs` in this context means "Case Sensitive".
New models created:
- OfficialProvider
This was required to write a test for checking that
OfficialProviders behaves as we expect, which was the starter
for the original aurblup bug.
New tests created:
- test_official_provider
Modified tests:
- test_package_base: add ci test
- test_package: add ci test
- test_session: add cs test
- test_ssh_pub_key: add cs test
Signed-off-by: Kevin Morris <kevr@0cost.org>
First off: This commit changes the default development database
backend to mysql. sqlite, however, is still completely supported
with the caveat that a user must now modify config.dev to use
the sqlite backend.
While looking into this, it was discovered that our SQLAlchemy
backend for mysql (mysql-connector) completely broke model
attributes when we switched to utf8mb4_bin (binary) -- it does
not correct the correct conversion to and from binary utf8mb4.
The new, replacement dependency mysqlclient does. mysqlclient
is also recommended in SQLAlchemy documentation as the "best"
one available.
The mysqlclient backend uses a different exception flow then
sqlite, and so tests expecting IntegrityError has to be modified
to expect OperationalError from sqlalchemy.exc.
So, for each model that we define, check keys that can't be
NULL and raise sqlalchemy.exc.IntegrityError if we have to.
This way we keep our exceptions uniform.
Signed-off-by: Kevin Morris <kevr@0cost.org>
This fixes SQLAlchemy warnings related to primary keys not
having an auto_increment or nullable.
We've done this by making all foreign primary keys nullable.
In ApiRateLimit's case, we can set a default str to act as
a null, which seems a bit more sensible.
Signed-off-by: Kevin Morris <kevr@0cost.org>
This solves an issue where DECIMAL is not native
to sqlite by using a string to store values and
converting them to float in user code.
Signed-off-by: Kevin Morris <kevr@0cost.org>
Some of these tests were written before some of our convenient
tooling existed. Additionally, some of the tests were not
cooperating with PEP-8 guidelines or isorted.
This commit does the following:
- Replaces all calls to make_(user|session) with
aurweb.db.create(Model, ...).
- Replace calls to session.add(...) + session.commit() with
aurweb.db.create.
- Removes the majority of calls to (session|aurweb.db).delete(...).
- Replaces session.query calls with aurweb.db.query.
- Initializes all mutable globals in pytest fixture setup().
- Makes mutable global declarations more concise:
`var1, var2 = None, None` -> `var1 = var2 = None`
- Defines a warning exclusion for test/test_ssh_pub_key.py.
- Removes the aurweb.testing.models module.
- Removes some useless pytest.fixture yielding.
As of this commit, developers should use the following guidelines
when writing tests:
- Always use aurweb.db.(create|delete|query) for database
operations, where possible.
- Always define mutable globals in the style: `var1 = var2 = None`.
- `yield` the most dependent model in pytest setup fixture **iff**
you must delete records after test runs to maintain database
integrity. Example: test/test_account_type.py.
This all makes the test code look and behave much cleaner.
Previously, aurweb.testing.setup_test_db was buggy and leaving
objects around in SQLAlchemy's IdentityMap.
Signed-off-by: Kevin Morris <kevr@0cost.org>
We no longer need to delete records like this; in fact, it causes
errors now. Fix this by removing the deletions and allow
setup_test_db to do it's job.
We'll need to do this for other tests as well.
Signed-off-by: Kevin Morris <kevr@0cost.org>
Additionally, add an optional **kwargs passing via make_relationship.
This allows us to use things like `uselist=False`, which was needed
for test/test_package.py.
Signed-off-by: Kevin Morris <kevr@0cost.org>
We don't want to do this on construction. We only want to do this
when we want to actually add the user to the database (or modify it).
Signed-off-by: Kevin Morris <kevr@0cost.org>
This is needed to avoid redundant objects in SQLAlchemy's
IdentityMap, since we pass a direct .execute to delete
the tables passed in. Additionally, remove our engine.connect()
call in favor of relying on the already-established Session.
Signed-off-by: Kevin Morris <kevr@0cost.org>
AUR renders its own 404 Not Found page when a bad route
is encountered. Introducing the previous verification
caused an error in this case when setting a language
while viewing the Not Found page. So, instead of checking
through routes, just make sure that the next parameter
starts with a '/' character, which removes the possibility
of any cross attacks.
+ Removed aurweb.asgi.routes; no longer needed.
Signed-off-by: Kevin Morris <kevr@0cost.org>
* Added account_url filter to jinja2 environment. This produces a path
to the user's account url (/account/{username}).
* Updated archdev-navbar to link to new edit route.
+ Added migrate_cookies(request, response) to aurweb.util, a function
that simply migrates the request cookies to response and returns it.
+ Added account_edit tests to test_accounts_routes.py.
Signed-off-by: Kevin Morris <kevr@0cost.org>
* Added /register get and post routes.
+ Added default attributes to AnonymousUser, including a new
AnonymousList which behaves like an sqlalchemy relationship
list.
+ aurweb.util: Added validation functions for various user fields
used throughout registration.
+ test_accounts_routes: Added get|post register route tests.
Signed-off-by: Kevin Morris <kevr@0cost.org>
This CAPTCHA workflow is the same workflow used by our current
PHP implementation of account registration.
Signed-off-by: Kevin Morris <kevr@0cost.org>
A new make_context wrapper which additionally includes either
query parameters (get) or form data (post) in the context.
Use this to simplify setting context variables for form data
in particular.
Signed-off-by: Kevin Morris <kevr@0cost.org>
This module includes timezone-based utilities for a FastAPI request.
This commit introduces use of the AURTZ cookie within get_request_timezone.
This cookie should be set to the user or session's timezone.
* `make_context` has been modified to parse the request's timezone
and include the "timezone" and "timezones" variables, along with
a timezone specified "now" date.
+ Added `Timezone` attribute to aurweb.testing.requests.Request.user.
Signed-off-by: Kevin Morris <kevr@0cost.org>
This clones the behavior already present in the PHP implementation,
but it uses a global dict with credential constant keys to
validation functions to determine if a given user has a credential.
Signed-off-by: Kevin Morris <kevr@0cost.org>
