canaille-globuzma/canaille/__init__.py

import datetime
import os
from logging.config import dictConfig

from flask import Flask
from flask import g
from flask import request
from flask import session
from flask_themer import FileSystemThemeLoader
from flask_themer import render_template
from flask_themer import Themer
from flask_wtf.csrf import CSRFProtect


csrf = CSRFProtect()


def setup_backend(app, backend):
    from .backends.ldap.backend import Backend

    if not backend:
        backend = Backend(app.config)
        backend.init_app(app)

    with app.app_context():
        g.backend = backend
        app.backend = backend

    if app.debug:  # pragma: no cover
        backend.install(app.config)


def setup_sentry(app):  # pragma: no cover
    if not app.config.get("SENTRY_DSN"):
        return None

    try:
        import sentry_sdk
        from sentry_sdk.integrations.flask import FlaskIntegration

    except Exception:
        return None

    sentry_sdk.init(dsn=app.config["SENTRY_DSN"], integrations=[FlaskIntegration()])
    return sentry_sdk


def setup_logging(app):
    log_level = app.config.get("LOGGING", {}).get("LEVEL", "WARNING")
    if not app.config.get("LOGGING", {}).get("PATH"):
        handler = {
            "class": "logging.StreamHandler",
            "stream": "ext://flask.logging.wsgi_errors_stream",
            "formatter": "default",
        }
    else:
        handler = {
            "class": "logging.handlers.WatchedFileHandler",
            "filename": app.config["LOGGING"]["PATH"],
            "formatter": "default",
        }

    dictConfig(
        {
            "version": 1,
            "formatters": {
                "default": {
                    "format": "[%(asctime)s] %(levelname)s in %(module)s: %(message)s",
                }
            },
            "handlers": {"wsgi": handler},
            "root": {"level": log_level, "handlers": ["wsgi"]},
            "disable_existing_loggers": False,
        }
    )


def setup_jinja(app):
    app.jinja_env.filters["len"] = len
    app.jinja_env.policies["ext.i18n.trimmed"] = True


def setup_themer(app):
    additional_themes_dir = (
        os.path.dirname(app.config["THEME"])
        if app.config.get("THEME") and os.path.exists(app.config["THEME"])
        else None
    )
    themer = Themer(
        app,
        loaders=[FileSystemThemeLoader(additional_themes_dir)]
        if additional_themes_dir
        else None,
    )

    @themer.current_theme_loader
    def get_current_theme():
        # if config['THEME'] may be a theme name or an absolute path
        return app.config.get("THEME", "default").split("/")[-1]


def setup_blueprints(app):
    import canaille.core.account
    import canaille.core.admin
    import canaille.core.groups
    import canaille.oidc.blueprints

    app.url_map.strict_slashes = False

    app.register_blueprint(canaille.core.account.bp)
    app.register_blueprint(canaille.core.admin.bp)
    app.register_blueprint(canaille.core.groups.bp)
    app.register_blueprint(canaille.oidc.blueprints.bp)


def setup_flask(app):
    csrf.init_app(app)

    @app.before_request
    def make_session_permanent():
        session.permanent = True
        app.permanent_session_lifetime = datetime.timedelta(days=365)

    @app.context_processor
    def global_processor():
        from canaille.app.flask import current_user

        return {
            "debug": app.config.get("DEBUG", False) or app.config.get("TESTING", False),
            "has_smtp": "SMTP" in app.config,
            "has_password_recovery": app.config.get("ENABLE_PASSWORD_RECOVERY", True),
            "has_account_lockability": app.backend.get().has_account_lockability(),
            "logo_url": app.config.get("LOGO"),
            "favicon_url": app.config.get("FAVICON", app.config.get("LOGO")),
            "website_name": app.config.get("NAME", "Canaille"),
            "user": current_user(),
            "menu": True,
            "is_boosted": request.headers.get("HX-Boosted", False),
        }

    @app.errorhandler(400)
    def bad_request(error):
        return render_template("error.html", description=error, error_code=400), 400

    @app.errorhandler(403)
    def unauthorized(error):
        return render_template("error.html", description=error, error_code=403), 403

    @app.errorhandler(404)
    def page_not_found(error):
        return render_template("error.html", description=error, error_code=404), 404

    @app.errorhandler(500)
    def server_error(error):  # pragma: no cover
        return render_template("error.html", description=error, error_code=500), 500


def setup_flask_converters(app):
    from canaille.app.flask import model_converter
    from canaille.app import models

    app.url_map.converters["user"] = model_converter(models.User)
    app.url_map.converters["group"] = model_converter(models.Group)


def create_app(config=None, validate=True, backend=None):
    from .oidc.oauth import setup_oauth
    from .app.i18n import setup_i18n
    from .app.configuration import setup_config

    app = Flask(__name__)
    setup_config(app, config, validate)

    sentry_sdk = setup_sentry(app)
    try:
        setup_logging(app)
        setup_backend(app, backend)
        setup_oauth(app)
        setup_flask_converters(app)
        setup_blueprints(app)
        setup_jinja(app)
        setup_i18n(app)
        setup_themer(app)
        setup_flask(app)

    except Exception as exc:  # pragma: no cover
        if sentry_sdk:
            sentry_sdk.capture_exception(exc)
        raise

    return app
default session is one year long 2021-07-01 09:04:57 +00:00			`import datetime`
Client forms 2020-08-17 13:49:48 +00:00			`import os`
pre-commit tox test 2021-12-20 22:57:27 +00:00			`from logging.config import dictConfig`
Client forms 2020-08-17 13:49:48 +00:00
pre-commit tox test 2021-12-20 22:57:27 +00:00			`from flask import Flask`
			`from flask import g`
Boosts webpages with HTMX Fixes #144 Fixes #145 2023-06-23 14:26:38 +00:00			`from flask import request`
pre-commit tox test 2021-12-20 22:57:27 +00:00			`from flask import session`
			`from flask_themer import FileSystemThemeLoader`
			`from flask_themer import render_template`
			`from flask_themer import Themer`
CSRF protection everywhere 2023-03-28 18:30:29 +00:00			`from flask_wtf.csrf import CSRFProtect`
USER_BASE configuration parameter 2020-09-01 15:11:30 +00:00
CSRF protection everywhere 2023-03-28 18:30:29 +00:00
			`csrf = CSRFProtect()`
Client forms 2020-08-17 13:49:48 +00:00

Refactored the unit test backend fixtures 2023-05-20 15:17:46 +00:00			`def setup_backend(app, backend):`
Renamed Backend in BaseBackend 2023-06-05 16:10:37 +00:00			`from .backends.ldap.backend import Backend`
Refactored the unit test backend fixtures 2023-05-20 15:17:46 +00:00
			`if not backend:`
Renamed Backend in BaseBackend 2023-06-05 16:10:37 +00:00			`backend = Backend(app.config)`
Refactored the unit test backend fixtures 2023-05-20 15:17:46 +00:00			`backend.init_app(app)`

			`with app.app_context():`
			`g.backend = backend`
			`app.backend = backend`

OIDC keypair generation fix 2023-06-01 15:41:17 +00:00			`if app.debug: # pragma: no cover`
			`backend.install(app.config)`

Refactored the unit test backend fixtures 2023-05-20 15:17:46 +00:00
unit tests: ignore sentry blocks in coverage 2022-11-20 21:34:05 +00:00			`def setup_sentry(app): # pragma: no cover`
do not import sentry if not needed 2022-01-11 17:02:23 +00:00			`if not app.config.get("SENTRY_DSN"):`
			`return None`

unit tests: ignore sentry blocks in coverage 2022-11-20 21:34:05 +00:00			`try:`
do not import sentry if not needed 2022-01-11 17:02:23 +00:00			`import sentry_sdk`
			`from sentry_sdk.integrations.flask import FlaskIntegration`

			`except Exception:`
			`return None`

			`sentry_sdk.init(dsn=app.config["SENTRY_DSN"], integrations=[FlaskIntegration()])`
			`return sentry_sdk`


Logging is configurable 2021-10-31 13:40:12 +00:00			`def setup_logging(app):`
			`log_level = app.config.get("LOGGING", {}).get("LEVEL", "WARNING")`
			`if not app.config.get("LOGGING", {}).get("PATH"):`
			`handler = {`
			`"class": "logging.StreamHandler",`
			`"stream": "ext://flask.logging.wsgi_errors_stream",`
			`"formatter": "default",`
			`}`
			`else:`
			`handler = {`
			`"class": "logging.handlers.WatchedFileHandler",`
			`"filename": app.config["LOGGING"]["PATH"],`
			`"formatter": "default",`
			`}`

			`dictConfig(`
			`{`
			`"version": 1,`
			`"formatters": {`
			`"default": {`
			`"format": "[%(asctime)s] %(levelname)s in %(module)s: %(message)s",`
			`}`
			`},`
			`"handlers": {"wsgi": handler},`
			`"root": {"level": log_level, "handlers": ["wsgi"]},`
unit tests: first login mail success and error 2022-12-21 20:52:01 +00:00			`"disable_existing_loggers": False,`
Logging is configurable 2021-10-31 13:40:12 +00:00			`}`
			`)`


jpegPhoto profile form 2021-12-08 17:06:50 +00:00			`def setup_jinja(app):`
Group description 2021-12-10 16:08:43 +00:00			`app.jinja_env.filters["len"] = len`
Fixed some jinja translation with {% trans %} blocks and new lines. 2023-03-22 18:29:28 +00:00			`app.jinja_env.policies["ext.i18n.trimmed"] = True`
jpegPhoto profile form 2021-12-08 17:06:50 +00:00

application setup refactoring 2021-12-08 15:10:01 +00:00			`def setup_themer(app):`
			`additional_themes_dir = (`
			`os.path.dirname(app.config["THEME"])`
			`if app.config.get("THEME") and os.path.exists(app.config["THEME"])`
			`else None`
			`)`
			`themer = Themer(`
			`app,`
			`loaders=[FileSystemThemeLoader(additional_themes_dir)]`
			`if additional_themes_dir`
			`else None,`
			`)`
use flask-themer to allow theme customization 2021-10-28 13:24:34 +00:00
application setup refactoring 2021-12-08 15:10:01 +00:00			`@themer.current_theme_loader`
			`def get_current_theme():`
			`# if config['THEME'] may be a theme name or an absolute path`
			`return app.config.get("THEME", "default").split("/")[-1]`
Initialization improvement 2020-09-27 15:32:23 +00:00

application setup refactoring 2021-12-08 15:10:01 +00:00			`def setup_blueprints(app):`
Moved user and group management in the core submodule 2023-04-09 11:34:38 +00:00			`import canaille.core.account`
			`import canaille.core.admin`
			`import canaille.core.groups`
Moved oidc blueprints in a dedicated file 2023-04-09 09:31:23 +00:00			`import canaille.oidc.blueprints`
flask app delayed imports 2022-01-05 15:30:46 +00:00
application setup refactoring 2021-12-08 15:10:01 +00:00			`app.url_map.strict_slashes = False`

Moved user and group management in the core submodule 2023-04-09 11:34:38 +00:00			`app.register_blueprint(canaille.core.account.bp)`
			`app.register_blueprint(canaille.core.admin.bp)`
			`app.register_blueprint(canaille.core.groups.bp)`
Moved oidc blueprints in a dedicated file 2023-04-09 09:31:23 +00:00			`app.register_blueprint(canaille.oidc.blueprints.bp)`
Initialization improvement 2020-09-27 15:32:23 +00:00

CSRF protection everywhere 2023-03-28 18:30:29 +00:00			`def setup_flask(app):`
			`csrf.init_app(app)`

			`@app.before_request`
			`def make_session_permanent():`
			`session.permanent = True`
			`app.permanent_session_lifetime = datetime.timedelta(days=365)`

			`@app.context_processor`
			`def global_processor():`
'app' submodule 2023-04-09 13:52:55 +00:00			`from canaille.app.flask import current_user`
CSRF protection everywhere 2023-03-28 18:30:29 +00:00
			`return {`
debug template variable is available everywhere 2023-06-20 12:22:15 +00:00			`"debug": app.config.get("DEBUG", False) or app.config.get("TESTING", False),`
CSRF protection everywhere 2023-03-28 18:30:29 +00:00			`"has_smtp": "SMTP" in app.config,`
Display password recovery button on OIDC login page 2023-05-15 16:06:22 +00:00			`"has_password_recovery": app.config.get("ENABLE_PASSWORD_RECOVERY", True),`
Implemented LDAP ppolicy support. 2022-11-01 11:25:21 +00:00			`"has_account_lockability": app.backend.get().has_account_lockability(),`
CSRF protection everywhere 2023-03-28 18:30:29 +00:00			`"logo_url": app.config.get("LOGO"),`
			`"favicon_url": app.config.get("FAVICON", app.config.get("LOGO")),`
			`"website_name": app.config.get("NAME", "Canaille"),`
			`"user": current_user(),`
			`"menu": True,`
Boosts webpages with HTMX Fixes #144 Fixes #145 2023-06-23 14:26:38 +00:00			`"is_boosted": request.headers.get("HX-Boosted", False),`
CSRF protection everywhere 2023-03-28 18:30:29 +00:00			`}`

			`@app.errorhandler(400)`
Display error description on debug environments 2023-06-20 12:14:35 +00:00			`def bad_request(error):`
			`return render_template("error.html", description=error, error_code=400), 400`
CSRF protection everywhere 2023-03-28 18:30:29 +00:00
			`@app.errorhandler(403)`
Display error description on debug environments 2023-06-20 12:14:35 +00:00			`def unauthorized(error):`
			`return render_template("error.html", description=error, error_code=403), 403`
CSRF protection everywhere 2023-03-28 18:30:29 +00:00
			`@app.errorhandler(404)`
Display error description on debug environments 2023-06-20 12:14:35 +00:00			`def page_not_found(error):`
			`return render_template("error.html", description=error, error_code=404), 404`
CSRF protection everywhere 2023-03-28 18:30:29 +00:00
			`@app.errorhandler(500)`
Display error description on debug environments 2023-06-20 12:14:35 +00:00			`def server_error(error): # pragma: no cover`
			`return render_template("error.html", description=error, error_code=500), 500`
CSRF protection everywhere 2023-03-28 18:30:29 +00:00

Implements a flask User converter 2023-06-28 15:56:49 +00:00			`def setup_flask_converters(app):`
			`from canaille.app.flask import model_converter`
			`from canaille.app import models`

			`app.url_map.converters["user"] = model_converter(models.User)`
Implements a flask Group converter 2023-06-28 16:09:25 +00:00			`app.url_map.converters["group"] = model_converter(models.Group)`
Implements a flask User converter 2023-06-28 15:56:49 +00:00

Refactored the unit test backend fixtures 2023-05-20 15:17:46 +00:00			`def create_app(config=None, validate=True, backend=None):`
Configuration entries can be loaded from files. Co-authored-by: Sofi <sofi+git@mailbox.org> 2023-06-15 16:29:12 +00:00			`from .oidc.oauth import setup_oauth`
			`from .app.i18n import setup_i18n`
			`from .app.configuration import setup_config`

application setup refactoring 2021-12-08 15:10:01 +00:00			`app = Flask(__name__)`
			`setup_config(app, config, validate)`

do not import sentry if not needed 2022-01-11 17:02:23 +00:00			`sentry_sdk = setup_sentry(app)`
application setup refactoring 2021-12-08 15:10:01 +00:00			`try:`
			`setup_logging(app)`
Refactored the unit test backend fixtures 2023-05-20 15:17:46 +00:00			`setup_backend(app, backend)`
application setup refactoring 2021-12-08 15:10:01 +00:00			`setup_oauth(app)`
Implements a flask User converter 2023-06-28 15:56:49 +00:00			`setup_flask_converters(app)`
application setup refactoring 2021-12-08 15:10:01 +00:00			`setup_blueprints(app)`
jpegPhoto profile form 2021-12-08 17:06:50 +00:00			`setup_jinja(app)`
LDAP 'preferredLanguage' attribute support 2022-11-20 21:12:18 +00:00			`setup_i18n(app)`
application setup refactoring 2021-12-08 15:10:01 +00:00			`setup_themer(app)`
CSRF protection everywhere 2023-03-28 18:30:29 +00:00			`setup_flask(app)`
Initialization improvement 2020-09-27 15:32:23 +00:00
unit tests: ignore sentry blocks in coverage 2022-11-20 21:34:05 +00:00			`except Exception as exc: # pragma: no cover`
do not import sentry if not needed 2022-01-11 17:02:23 +00:00			`if sentry_sdk:`
Fixed sentry configuration 2020-09-29 16:21:41 +00:00			`sentry_sdk.capture_exception(exc)`
			`raise`
Better error messages when LDAP server is unreachable, or authentication has failed 2021-12-06 20:49:38 +00:00
			`return app`