This commit also decouples testing regarding this feature
into several test functions.
Signed-off-by: Kevin Morris <kevr@0cost.org>
bump
Signed-off-by: Kevin Morris <kevr@0cost.org>
This commit changes several things about how we were handling
package requests.
Modifications (requests):
-------------
- `/requests/{id}/close` no longer provides an Accepted selection.
All manual request closures will cause a rejection.
- Relevent `pkgbase` actions now trigger request closures:
`/pkgbase/{name}/delete` (deletion), `/pkgbase/{name}/merge` (merge)
and `/pkgbase/{name}/disown` (orphan).
- Comment fields have been added to
`/pkgbase/{name}/{delete,merge,disown}`, which is used to set the
`PackageRequest.ClosureComment` on pending requests. If the comment
field is left blank, a closure comment is autogenerated.
- Autogenerated request notifications are only sent out once
as a closure notification.
- Some markup has been fixed.
Modifications (disown/orphan):
-----------------------------
- Orphan requests are now handled through the same path as
deletion/merge.
- We now check for due date when disowning as non-maintainer;
previously, this was only done for display and not functionally.
This check applies to Trusted Users' disowning of a package.
This style of notification flow does reduce our visibility, but
accounting can still be done via the close request; it includes
the action, pkgbase name and the user who accepted it.
Closes#204
Signed-off-by: Kevin Morris <kevr@0cost.org>
Previously, we were just relying on the cookie expiration
for sessions to expire. We were not cleaning up Session
records either.
Rework timing to depend on an AURREMEMBER cookie which is
now emitted on login during BasicAuthBackend processing.
If the SID does still have a session but it's expired,
we now delete the session record before returning.
Otherwise, we update the session's LastUpdateTS to
the current time.
In addition, stored the unauthenticated result value
in a variable to reduce redundancy.
Signed-off-by: Kevin Morris <kevr@0cost.org>
We've seen a bug in the past where unique SID generation fails and
still ends up raising an exception.
This commit reworks how we deal with database exceptions internally,
tries for 36 iterations to set a fresh unique SID, and raises a 500
HTTPException if we were unable to.
Signed-off-by: Kevin Morris <kevr@0cost.org>
This was missed during the initial porting of the /login route.
Modifications:
-------------
- A form is now used for the [Logout] link and some css was
needed to deal with positioning.
Closes#186
Signed-off-by: Kevin Morris <kevr@0cost.org>
We were running into data race issues where the `fn.is_file()`
check would occur twice before writing the file in the `else`
clause. For this reason, a new aurweb.lock.Lock class has been
added which doubles as a thread and process lock. We can use
this elsewhere in the future, but we are also able to use it
to solve this kind of data race issue.
That being said, we still need the lock file state to tell us
when the first caller acquired the lock.
Signed-off-by: Kevin Morris <kevr@0cost.org>
Changes:
- util/sendmail now populates email files in the 'test-emails' directory.
- util/sendmail does this in a serialized fashion based off of
the test suite and name retrieved from PYTEST_CURRENT_TEST
in the format: `<test_suite>_<test_function>.n.txt` where n
is increased by one every time sendmail is run.
- pytest conftest fixtures have been added for test email setup;
it wipes out old emails for the particular test function being run.
- New aurweb.testing.email.Email class allows developers to test
against emails stored by util/sendmail. Simple pass the serial
you want to test against, starting at serial = 1; e.g. Email(serial).
Signed-off-by: Kevin Morris <kevr@0cost.org>
