canaille-globuzma/canaille/app/flask.py

import logging
from functools import wraps
from urllib.parse import urlsplit
from urllib.parse import urlunsplit

from flask import abort
from flask import current_app
from flask import g
from flask import request
from flask import session
from werkzeug.routing import BaseConverter

from canaille.app import models
from canaille.app.i18n import gettext as _
from canaille.app.themes import render_template


def current_user():
    if "user" in g:
        return g.user

    for user_id in session.get("user_id", [])[::-1]:
        user = models.User.get(user_id)
        if user and (
            not current_app.backend.has_account_lockability() or not user.locked
        ):
            g.user = user
            return g.user

        session["user_id"].remove(user_id)

    if "user_id" in session and not session["user_id"]:
        del session["user_id"]

    return None


def login_user(user):
    """Opens a session for the user."""
    g.user = user
    try:
        previous = (
            session["user_id"]
            if isinstance(session["user_id"], list)
            else [session["user_id"]]
        )
        session["user_id"] = previous + [user.id]
    except KeyError:
        session["user_id"] = [user.id]


def logout_user():
    """Closes the user session."""
    try:
        session["user_id"].pop()
        del g.user
        if not session["user_id"]:
            del session["user_id"]
    except (IndexError, KeyError):
        pass


def user_needed():
    def wrapper(view_function):
        @wraps(view_function)
        def decorator(*args, **kwargs):
            user = current_user()
            if not user:
                abort(403)
            return view_function(*args, user=user, **kwargs)

        return decorator

    return wrapper


def permissions_needed(*args):
    permissions = set(args)

    def wrapper(view_function):
        @wraps(view_function)
        def decorator(*args, **kwargs):
            user = current_user()
            if not user or not user.can(*permissions):
                abort(403)
            return view_function(*args, user=user, **kwargs)

        return decorator

    return wrapper


def smtp_needed():
    def wrapper(view_function):
        @wraps(view_function)
        def decorator(*args, **kwargs):
            if "SMTP" in current_app.config["CANAILLE"]:
                return view_function(*args, **kwargs)

            message = _("No SMTP server has been configured")
            logging.warning(message)
            return (
                render_template(
                    "error.html",
                    error_code=500,
                    icon="tools",
                    description=message,
                ),
                500,
            )

        return decorator

    return wrapper


def set_parameter_in_url_query(url, **kwargs):
    split = list(urlsplit(url))
    pairs = split[3].split("&")
    parameters = {pair.split("=")[0]: pair.split("=")[1] for pair in pairs if pair}
    parameters = {**parameters, **kwargs}
    split[3] = "&".join(f"{key}={value}" for key, value in parameters.items())
    return urlunsplit(split)


def request_is_htmx():
    return request.headers.get("HX-Request", False) and not request.headers.get(
        "HX-Boosted", False
    )


def render_htmx_template(template, htmx_template=None, **kwargs):
    template = (
        (htmx_template or f"partial/{template}") if request_is_htmx() else template
    )
    return render_template(template, **kwargs)


def model_converter(model):
    class ModelConverter(BaseConverter):
        def __init__(self, *args, required=True, **kwargs):
            self.required = required
            super().__init__(self, *args, **kwargs)

        def to_url(self, instance):
            return instance.identifier

        def to_python(self, identifier):
            current_app.backend.setup()
            instance = model.get(identifier)
            if self.required and not instance:
                abort(404)

            return instance

    return ModelConverter
Disabled invitation and password reset when no smtp server has been configured 2021-12-07 15:39:18 +00:00			`import logging`
Admin login 2020-08-19 14:20:57 +00:00			`from functools import wraps`
unit tests: improved flaskutils coverage 2022-12-11 21:49:32 +00:00			`from urllib.parse import urlsplit`
			`from urllib.parse import urlunsplit`
pre-commit tox test 2021-12-20 22:57:27 +00:00
			`from flask import abort`
			`from flask import current_app`
refactor: store user profile in g.user 2023-08-13 20:08:28 +00:00			`from flask import g`
Dynamic tables with htmx - Search is triggered with user inputs - Page changes are triggered with clicks 2023-03-09 16:41:26 +00:00			`from flask import request`
pre-commit tox test 2021-12-20 22:57:27 +00:00			`from flask import session`
Implements a flask User converter 2023-06-28 15:56:49 +00:00			`from werkzeug.routing import BaseConverter`
Admin login 2020-08-19 14:20:57 +00:00
chore: use isort instead of reoder-python-imports 2024-03-15 18:58:06 +00:00			`from canaille.app import models`
			`from canaille.app.i18n import gettext as _`
			`from canaille.app.themes import render_template`

Admin login 2020-08-19 14:20:57 +00:00
			`def current_user():`
refactor: store user profile in g.user 2023-08-13 20:08:28 +00:00			`if "user" in g:`
			`return g.user`

Used 'id' instead of 'dn' 2023-02-05 18:08:25 +00:00			`for user_id in session.get("user_id", [])[::-1]:`
fix: compatibility with old session IDs 2024-04-09 13:45:47 +00:00			`user = models.User.get(user_id)`
Implemented LDAP ppolicy support. 2022-11-01 11:25:21 +00:00			`if user and (`
			`not current_app.backend.has_account_lockability() or not user.locked`
			`):`
refactor: store user profile in g.user 2023-08-13 20:08:28 +00:00			`g.user = user`
			`return g.user`
Fixed a bug happening when a user is deleted during his session 2020-11-25 16:41:03 +00:00
Used 'id' instead of 'dn' 2023-02-05 18:08:25 +00:00			`session["user_id"].remove(user_id)`
Fixed a bug happening when a user is deleted during his session 2020-11-25 16:41:03 +00:00
fix: clean the session cookie after logout 2024-04-09 09:56:51 +00:00			`if "user_id" in session and not session["user_id"]:`
			`del session["user_id"]`

Session vars are always lists 2022-12-10 19:47:47 +00:00			`return None`
Admin login 2020-08-19 14:20:57 +00:00

refactor: User.login and User.logout methods moved to app.flask module 2023-08-23 12:56:56 +00:00			`def login_user(user):`
chore: add docformatter pre-commit 2023-12-28 17:31:57 +00:00			`"""Opens a session for the user."""`
refactor: User.login and User.logout methods moved to app.flask module 2023-08-23 12:56:56 +00:00			`g.user = user`
			`try:`
			`previous = (`
			`session["user_id"]`
			`if isinstance(session["user_id"], list)`
			`else [session["user_id"]]`
			`)`
			`session["user_id"] = previous + [user.id]`
			`except KeyError:`
			`session["user_id"] = [user.id]`


			`def logout_user():`
chore: add docformatter pre-commit 2023-12-28 17:31:57 +00:00			`"""Closes the user session."""`
refactor: User.login and User.logout methods moved to app.flask module 2023-08-23 12:56:56 +00:00			`try:`
			`session["user_id"].pop()`
			`del g.user`
			`if not session["user_id"]:`
			`del session["user_id"]`
			`except (IndexError, KeyError):`
			`pass`


Admin login 2020-08-19 14:20:57 +00:00			`def user_needed():`
			`def wrapper(view_function):`
			`@wraps(view_function)`
			`def decorator(args, *kwargs):`
User token list view 2020-08-27 08:50:50 +00:00			`user = current_user()`
			`if not user:`
Admin login 2020-08-19 14:20:57 +00:00			`abort(403)`
User token list view 2020-08-27 08:50:50 +00:00			`return view_function(args, user=user, *kwargs)`
Admin login 2020-08-19 14:20:57 +00:00
			`return decorator`

			`return wrapper`


Permissions overhaul 2021-12-02 17:23:14 +00:00			`def permissions_needed(*args):`
			`permissions = set(args)`
Moderators group. #12 2020-11-02 11:13:03 +00:00
Admin login 2020-08-19 14:20:57 +00:00			`def wrapper(view_function):`
			`@wraps(view_function)`
			`def decorator(args, *kwargs):`
			`user = current_user()`
refactor: user permissions lazy loading 2024-04-07 13:21:32 +00:00			`if not user or not user.can(*permissions):`
Admin login 2020-08-19 14:20:57 +00:00			`abort(403)`
admin_needed passes the user 2020-10-29 10:09:31 +00:00			`return view_function(args, user=user, *kwargs)`
Admin login 2020-08-19 14:20:57 +00:00
			`return decorator`

			`return wrapper`
Disabled invitation and password reset when no smtp server has been configured 2021-12-07 15:39:18 +00:00

			`def smtp_needed():`
			`def wrapper(view_function):`
			`@wraps(view_function)`
			`def decorator(args, *kwargs):`
feat: use pydantic to validate the configuration 2023-12-18 17:06:03 +00:00			`if "SMTP" in current_app.config["CANAILLE"]:`
Disabled invitation and password reset when no smtp server has been configured 2021-12-07 15:39:18 +00:00			`return view_function(args, *kwargs)`

			`message = _("No SMTP server has been configured")`
			`logging.warning(message)`
			`return (`
			`render_template(`
			`"error.html",`
debug template variable is available everywhere 2023-06-20 12:22:15 +00:00			`error_code=500,`
Disabled invitation and password reset when no smtp server has been configured 2021-12-07 15:39:18 +00:00			`icon="tools",`
			`description=message,`
			`),`
			`500,`
			`)`

			`return decorator`

			`return wrapper`
Improved admin token list and code list templates 2022-02-19 16:53:05 +00:00

unit tests: improved flaskutils coverage 2022-12-11 21:49:32 +00:00			`def set_parameter_in_url_query(url, **kwargs):`
			`split = list(urlsplit(url))`
			`pairs = split[3].split("&")`
			`parameters = {pair.split("=")[0]: pair.split("=")[1] for pair in pairs if pair}`
			`parameters = {parameters, kwargs}`
			`split[3] = "&".join(f"{key}={value}" for key, value in parameters.items())`
			`return urlunsplit(split)`
Dynamic tables with htmx - Search is triggered with user inputs - Page changes are triggered with clicks 2023-03-09 16:41:26 +00:00

Dynamic form validation with htmx 2023-03-30 21:14:39 +00:00			`def request_is_htmx():`
Boosts webpages with HTMX Fixes #144 Fixes #145 2023-06-23 14:26:38 +00:00			`return request.headers.get("HX-Request", False) and not request.headers.get(`
			`"HX-Boosted", False`
			`)`
Dynamic form validation with htmx 2023-03-30 21:14:39 +00:00

Dynamic tables with htmx - Search is triggered with user inputs - Page changes are triggered with clicks 2023-03-09 16:41:26 +00:00			`def render_htmx_template(template, htmx_template=None, **kwargs):`
			`template = (`
Dynamic form validation with htmx 2023-03-30 21:14:39 +00:00			`(htmx_template or f"partial/{template}") if request_is_htmx() else template`
Dynamic tables with htmx - Search is triggered with user inputs - Page changes are triggered with clicks 2023-03-09 16:41:26 +00:00			`)`
			`return render_template(template, **kwargs)`
Implements a flask User converter 2023-06-28 15:56:49 +00:00

			`def model_converter(model):`
			`class ModelConverter(BaseConverter):`
Implements flask OIDC converters 2023-06-29 10:15:12 +00:00			`def __init__(self, args, required=True, *kwargs):`
			`self.required = required`
			`super().__init__(self, args, *kwargs)`

Implements a flask User converter 2023-06-28 15:56:49 +00:00			`def to_url(self, instance):`
			`return instance.identifier`

			`def to_python(self, identifier):`
			`current_app.backend.setup()`
			`instance = model.get(identifier)`
Implements flask OIDC converters 2023-06-29 10:15:12 +00:00			`if self.required and not instance:`
Implements a flask User converter 2023-06-28 15:56:49 +00:00			`abort(404)`

			`return instance`

			`return ModelConverter`