This should match more closely the expectation of a user.
A session cookie should vanish on browser close
and you thus they need to authenticate again.
There is no need to bump the expiration of AURSID either,
so we can remove that part.
Signed-off-by: moson-mo <mo-son@mailbox.org>
This patch does not include a javascript implementating, but
provides a pure HTML/HTTP method of paging through these lists.
Also fixes erroneous limiting. We now use a hardcoded limit of 20
by default.
Signed-off-by: Kevin Morris <kevr@0cost.org>
Introduces:
- aurweb.testing.alpm.AlpmDatabase
- Used to mock up and manage a remote repository.
- templates/testing/alpm_package.j2
- Used to generate a single ALPM package desc.
- Removed aurblup sharness test
Signed-off-by: Kevin Morris <kevr@0cost.org>
This change removes cookie re-emission of AURLANG and AURTZ,
adds the AURREMEMBER cookie (the state of the "Remember Me"
checkbox on login), and re-emits AURSID based on the AURREMEMBER
cookie.
Previously, re-emission of AURSID was forcefully modifying
the expiration of the AURSID cookie. The introduction of
AURREMEMBER allows us to deduct the correct cookie expiration
timing based on configuration variables. With this addition,
we now re-emit the AURSID cookie with an updated expiration
based on the "Remember Me" checkbox on login.
Signed-off-by: Kevin Morris <kevr@0cost.org>
Two new options have been added:
- [devel] commit_url
- URL including an %s format specifier that can be used to link
to a webpage for the commit.
- [devel] commit_hash
- HEAD's commit hash (produced via `git rev-parse HEAD`)
If a `[devel] commit_hash` is configured, a link to the commit based on
`[devel] commit_url` will be displayed in the aurweb footer in
the form: `HEAD@<commit_hash>`. If no `[devel] commit_url` is
configured, a non-linked hash will be displayed.
Signed-off-by: Kevin Morris <kevr@0cost.org>
Introduces `aurweb.defaults` and `aurweb.filters`.
`aurweb.filters` is a location developers can put their additional
Jinja2 filters and/or functions. We should slowly move all of our
filters over here, where it makes sense.
`aurweb.defaults` is a new module which hosts some default constants
and utility functions, starting with offsets (O) and per page values
(PP).
As far as the new GET /requests is concerned, we match up here to
PHP's implementation, with some minor improvements:
Improvements:
* PP on this page is now configurable: 50 (default), 100, or 250.
* Example: `https://localhost:8444/requests?PP=250`
Modifications:
* The pagination is a bit different, but serves the exact same purpose.
* "Last" no longer goes to an empty page.
* Closes: https://gitlab.archlinux.org/archlinux/aurweb/-/issues/14
Signed-off-by: Kevin Morris <kevr@0cost.org>
This function is now used as `render_template`'s underlying
implementation of rendering a template, and uses that render
in its HTMLResponse path.
This separation allows users to directly render a template
without producing a Response object.
Signed-off-by: Kevin Morris <kevr@0cost.org>
In terms of performance, most queries on this page win over
PHP in query times, with the exception of sorting by Voted or
Notify (https://gitlab.archlinux.org/archlinux/aurweb/-/issues/102).
Otherwise, there are a few modifications: described below.
* Pagination
* The `paginate` Python module has been used in the FastAPI
project
here to implement paging on the packages search page. This
changes how pagination is displayed, however it serves the
same purpose. We'll take advantage of this module in other
places as well.
* Form action
* The form action for actions now use `POST /packages` to
perform. This is currently implemented and will be
addressed in a follow-up commit.
* Input names and values
* Input names and values have been modified to satisfy the
snake_case naming convention we'd like to use as much as
possible.
* Some input names and values were modified to comply with
FastAPI Forms: (IDs[<id>]) -> (IDs, <id>).
Signed-off-by: Kevin Morris <kevr@0cost.org>
The new `extend_query` and `urlencode` filters are way cleaner ways
to achieve what we did with `dedupe_qs`.
Signed-off-by: Kevin Morris <kevr@0cost.org>
urlencode does more than just a quote_plus. Using urlencode
was not sensible, so this commit addresses that.
Signed-off-by: Kevin Morris <kevr@0cost.org>
These are module local globals and we don't want to expose
global functionality to users, so privatize them with a
leading `_` prefix.
These things should **really** not be accessible by users.
The possibly plural version of `tr`, `tn` provides a way to translate
strings into singular or plural form based on a given integer
being 1 or not 1.
Example use:
```
{{ 1 | tn("%d package found.", "%d packages found.") | format(1) }}
```
Signed-off-by: Kevin Morris <kevr@0cost.org>
A few things added with this commit:
- aurweb.packages.util
- A module providing package and pkgbase helpers.
- aurweb.template.register_filter
- A decorator that can be used to register a filter:
@register_filter("some_filter") def f(): pass
Additionally, template partials have been split off a bit
differently. Changes:
- /packages/{name} is defined in packages/show.html.
- partials/packages/package_actions.html is now
partials/packages/actions.html.
- partials/packages/details.html has been added.
- partials/packages/comments.html has been added.
- partials/packages/comment.html has been added.
- models.dependency_type additions: name and id constants.
- models.relation_type additions: name and id constants.
- models.official_provider additions: base official url constant.
Signed-off-by: Kevin Morris <kevr@0cost.org>
This filter gets a vote of a request's user toward a voteinfo.
Example: {% set vote = (voteinfo | get_vote(request)) %}
Signed-off-by: Kevin Morris <kevr@0cost.org>
This function adds f"SameSite={value}" to each cookie's header
stored in response.
This is needed because starlette does not currently support
the `samesite` argument in Response.set_cookie. It is merged,
however, and waiting for next release.
Signed-off-by: Kevin Morris <kevr@0cost.org>
We'll piggyback off of the current existing configuration item,
`disable_http_login`, to decide how we should submit cookies to
an HTTP response.
Previously, in `sso.py`, the http schema was used to make this
decision. There is an issue with that, however: We cannot actually
test properly if we depend on the https schema.
This change allows us to toggle `disable_http_login` to modify
the behavior of cookies sent with an http response to be secure.
We test this behavior in test/test_auth_routes.py#L81:
`test_secure_login(mock)`.
Signed-off-by: Kevin Morris <kevr@0cost.org>
This will automate a lot of conversion that happens
around the codebase in terms of status_code.
As of this commit, we should improve usage and remove
int(status_code) casts wherever we can.
Signed-off-by: Kevin Morris <kevr@0cost.org>
* Added account_url filter to jinja2 environment. This produces a path
to the user's account url (/account/{username}).
* Updated archdev-navbar to link to new edit route.
+ Added migrate_cookies(request, response) to aurweb.util, a function
that simply migrates the request cookies to response and returns it.
+ Added account_edit tests to test_accounts_routes.py.
Signed-off-by: Kevin Morris <kevr@0cost.org>
This CAPTCHA workflow is the same workflow used by our current
PHP implementation of account registration.
Signed-off-by: Kevin Morris <kevr@0cost.org>
A new make_context wrapper which additionally includes either
query parameters (get) or form data (post) in the context.
Use this to simplify setting context variables for form data
in particular.
Signed-off-by: Kevin Morris <kevr@0cost.org>
This module includes timezone-based utilities for a FastAPI request.
This commit introduces use of the AURTZ cookie within get_request_timezone.
This cookie should be set to the user or session's timezone.
* `make_context` has been modified to parse the request's timezone
and include the "timezone" and "timezones" variables, along with
a timezone specified "now" date.
+ Added `Timezone` attribute to aurweb.testing.requests.Request.user.
Signed-off-by: Kevin Morris <kevr@0cost.org>
This allows us to inspect things about the request we're rendering from.
* Use render_template(request, ...) in aurweb.routers.auth
Signed-off-by: Kevin Morris <kevr@0cost.org>
+ Mounted static files (at web/html) to /static.
+ Added AURWEB_VERSION to aurweb.config (this is used around HTML
to refer back to aurweb's release on git.archlinux.org), so we
need it easily accessible in the Python codebase.
+ Implemented basic Jinja2 partials to put together whole aurweb
pages. This may be missing some things currently and is a WIP
until this set is ready to be merged.
+ Added config [options] aurwebdir = YOUR_AUR_ROOT; this configuration
option should specify the root directory of the aurweb project.
It is used by various parts of the FastAPI codebase to target
project directories.
Added routes via aurweb.routers.html:
* POST /language: Set your session language.
* GET /favicon.ico: Redirect to /static/images/favicon.ico.
* Some browsers always look for $ROOT/favicon.ico to get an icon
for the page being loaded, regardless of a specified "shortcut
icon" given in a <link> directive.
* GET /: Home page; WIP.
* Updated aurweb.routers.html.language passes query parameters to
its next redirection.
When calling aurweb.templates.render_template, the context passed should
be formed via the aurweb.templates.make_context. See
aurweb.routers.html.index for an example of this.
Signed-off-by: Kevin Morris <kevr@0cost.org>
