canaille-globuzma/canaille/__init__.py

import datetime
import os
from logging.config import dictConfig

import toml
from flask import Flask
from flask import g
from flask import request
from flask import session
from flask_themer import FileSystemThemeLoader
from flask_themer import render_template
from flask_themer import Themer
from flask_wtf.csrf import CSRFProtect


csrf = CSRFProtect()


def setup_config(app, config=None, validate=True):
    import canaille.app.configuration

    app.config.from_mapping(
        {
            "SESSION_COOKIE_NAME": "canaille",
            "OAUTH2_REFRESH_TOKEN_GENERATOR": True,
            "OAUTH2_ACCESS_TOKEN_GENERATOR": "canaille.oidc.oauth.generate_access_token",
        }
    )
    if config:
        app.config.from_mapping(config)
    elif "CONFIG" in os.environ:
        app.config.from_mapping(toml.load(os.environ.get("CONFIG")))
    else:
        raise Exception(
            "No configuration file found. "
            "Either create conf/config.toml or set the 'CONFIG' variable environment."
        )

    if app.debug and "OIDC" in app.config:  # pragma: no cover
        import canaille.oidc.installation

        canaille.oidc.installation.setup_keypair(app.config)

    if validate:
        canaille.app.configuration.validate(app.config)


def setup_backend(app, backend):
    from .backends.ldap.backend import LDAPBackend

    if not backend:
        backend = LDAPBackend(app.config)
        backend.init_app(app)

    with app.app_context():
        g.backend = backend
        app.backend = backend


def setup_sentry(app):  # pragma: no cover
    if not app.config.get("SENTRY_DSN"):
        return None

    try:
        import sentry_sdk
        from sentry_sdk.integrations.flask import FlaskIntegration

    except Exception:
        return None

    sentry_sdk.init(dsn=app.config["SENTRY_DSN"], integrations=[FlaskIntegration()])
    return sentry_sdk


def setup_logging(app):
    log_level = app.config.get("LOGGING", {}).get("LEVEL", "WARNING")
    if not app.config.get("LOGGING", {}).get("PATH"):
        handler = {
            "class": "logging.StreamHandler",
            "stream": "ext://flask.logging.wsgi_errors_stream",
            "formatter": "default",
        }
    else:
        handler = {
            "class": "logging.handlers.WatchedFileHandler",
            "filename": app.config["LOGGING"]["PATH"],
            "formatter": "default",
        }

    dictConfig(
        {
            "version": 1,
            "formatters": {
                "default": {
                    "format": "[%(asctime)s] %(levelname)s in %(module)s: %(message)s",
                }
            },
            "handlers": {"wsgi": handler},
            "root": {"level": log_level, "handlers": ["wsgi"]},
            "disable_existing_loggers": False,
        }
    )


def setup_jinja(app):
    app.jinja_env.filters["len"] = len
    app.jinja_env.policies["ext.i18n.trimmed"] = True


def setup_themer(app):
    additional_themes_dir = (
        os.path.dirname(app.config["THEME"])
        if app.config.get("THEME") and os.path.exists(app.config["THEME"])
        else None
    )
    themer = Themer(
        app,
        loaders=[FileSystemThemeLoader(additional_themes_dir)]
        if additional_themes_dir
        else None,
    )

    @themer.current_theme_loader
    def get_current_theme():
        # if config['THEME'] may be a theme name or an absolute path
        return app.config.get("THEME", "default").split("/")[-1]


def setup_blueprints(app):
    import canaille.core.account
    import canaille.core.admin
    import canaille.core.groups
    import canaille.oidc.blueprints

    app.url_map.strict_slashes = False

    app.register_blueprint(canaille.core.account.bp)
    app.register_blueprint(canaille.core.admin.bp)
    app.register_blueprint(canaille.core.groups.bp)
    app.register_blueprint(canaille.oidc.blueprints.bp)


def setup_flask(app):
    csrf.init_app(app)

    @app.before_request
    def make_session_permanent():
        session.permanent = True
        app.permanent_session_lifetime = datetime.timedelta(days=365)

    @app.context_processor
    def global_processor():
        from canaille.app.flask import current_user

        return {
            "has_smtp": "SMTP" in app.config,
            "has_password_recovery": app.config.get("ENABLE_PASSWORD_RECOVERY", True),
            "logo_url": app.config.get("LOGO"),
            "favicon_url": app.config.get("FAVICON", app.config.get("LOGO")),
            "website_name": app.config.get("NAME", "Canaille"),
            "user": current_user(),
            "menu": True,
        }

    @app.errorhandler(400)
    def bad_request(e):
        return render_template("error.html", error=400), 400

    @app.errorhandler(403)
    def unauthorized(e):
        return render_template("error.html", error=403), 403

    @app.errorhandler(404)
    def page_not_found(e):
        return render_template("error.html", error=404), 404

    @app.errorhandler(500)
    def server_error(e):  # pragma: no cover
        return render_template("error.html", error=500), 500


def create_app(config=None, validate=True, backend=None):
    app = Flask(__name__)
    setup_config(app, config, validate)

    sentry_sdk = setup_sentry(app)
    try:
        from .oidc.oauth import setup_oauth
        from .app.i18n import setup_i18n

        setup_logging(app)
        setup_backend(app, backend)
        setup_oauth(app)
        setup_blueprints(app)
        setup_jinja(app)
        setup_i18n(app)
        setup_themer(app)
        setup_flask(app)

    except Exception as exc:  # pragma: no cover
        if sentry_sdk:
            sentry_sdk.capture_exception(exc)
        raise

    return app
default session is one year long 2021-07-01 09:04:57 +00:00			`import datetime`
Client forms 2020-08-17 13:49:48 +00:00			`import os`
pre-commit tox test 2021-12-20 22:57:27 +00:00			`from logging.config import dictConfig`
Client forms 2020-08-17 13:49:48 +00:00
pre-commit tox test 2021-12-20 22:57:27 +00:00			`import toml`
			`from flask import Flask`
			`from flask import g`
			`from flask import request`
			`from flask import session`
			`from flask_themer import FileSystemThemeLoader`
			`from flask_themer import render_template`
			`from flask_themer import Themer`
CSRF protection everywhere 2023-03-28 18:30:29 +00:00			`from flask_wtf.csrf import CSRFProtect`
USER_BASE configuration parameter 2020-09-01 15:11:30 +00:00
CSRF protection everywhere 2023-03-28 18:30:29 +00:00
			`csrf = CSRFProtect()`
Client forms 2020-08-17 13:49:48 +00:00

Better error messages when LDAP server is unreachable, or authentication has failed 2021-12-06 20:49:38 +00:00			`def setup_config(app, config=None, validate=True):`
'app' submodule 2023-04-09 13:52:55 +00:00			`import canaille.app.configuration`
flask app delayed imports 2022-01-05 15:30:46 +00:00
Use a custom session cookie name 2020-08-26 07:41:53 +00:00			`app.config.from_mapping(`
better error messages 2021-10-11 23:06:25 +00:00			`{`
			`"SESSION_COOKIE_NAME": "canaille",`
			`"OAUTH2_REFRESH_TOKEN_GENERATOR": True,`
Refactoring: file renaming 2022-10-06 11:32:41 +00:00			`"OAUTH2_ACCESS_TOKEN_GENERATOR": "canaille.oidc.oauth.generate_access_token",`
better error messages 2021-10-11 23:06:25 +00:00			`}`
Use a custom session cookie name 2020-08-26 07:41:53 +00:00			`)`
tests workflow 2020-08-18 15:39:34 +00:00			`if config:`
			`app.config.from_mapping(config)`
			`elif "CONFIG" in os.environ:`
			`app.config.from_mapping(toml.load(os.environ.get("CONFIG")))`
Configuration in its own dir 2020-08-27 13:30:21 +00:00			`else:`
Serve server metadata files 2020-08-27 14:08:26 +00:00			`raise Exception(`
			`"No configuration file found. "`
			`"Either create conf/config.toml or set the 'CONFIG' variable environment."`
			`)`
Client forms 2020-08-17 13:49:48 +00:00
Creates a OIDC configuration section for all the OIDC related entries 2023-04-10 14:24:43 +00:00			`if app.debug and "OIDC" in app.config: # pragma: no cover`
debug environment only creates keypair if needed 2022-12-29 01:14:40 +00:00			`import canaille.oidc.installation`

			`canaille.oidc.installation.setup_keypair(app.config)`
install command creates jwt keypair 2021-11-13 18:11:56 +00:00
			`if validate:`
'app' submodule 2023-04-09 13:52:55 +00:00			`canaille.app.configuration.validate(app.config)`
better error messages 2021-10-11 23:06:25 +00:00
Added a command to clean tokens and codes. Fixes #17 2020-10-23 09:31:16 +00:00
Refactored the unit test backend fixtures 2023-05-20 15:17:46 +00:00			`def setup_backend(app, backend):`
			`from .backends.ldap.backend import LDAPBackend`

			`if not backend:`
			`backend = LDAPBackend(app.config)`
			`backend.init_app(app)`

			`with app.app_context():`
			`g.backend = backend`
			`app.backend = backend`


unit tests: ignore sentry blocks in coverage 2022-11-20 21:34:05 +00:00			`def setup_sentry(app): # pragma: no cover`
do not import sentry if not needed 2022-01-11 17:02:23 +00:00			`if not app.config.get("SENTRY_DSN"):`
			`return None`

unit tests: ignore sentry blocks in coverage 2022-11-20 21:34:05 +00:00			`try:`
do not import sentry if not needed 2022-01-11 17:02:23 +00:00			`import sentry_sdk`
			`from sentry_sdk.integrations.flask import FlaskIntegration`

			`except Exception:`
			`return None`

			`sentry_sdk.init(dsn=app.config["SENTRY_DSN"], integrations=[FlaskIntegration()])`
			`return sentry_sdk`


Logging is configurable 2021-10-31 13:40:12 +00:00			`def setup_logging(app):`
			`log_level = app.config.get("LOGGING", {}).get("LEVEL", "WARNING")`
			`if not app.config.get("LOGGING", {}).get("PATH"):`
			`handler = {`
			`"class": "logging.StreamHandler",`
			`"stream": "ext://flask.logging.wsgi_errors_stream",`
			`"formatter": "default",`
			`}`
			`else:`
			`handler = {`
			`"class": "logging.handlers.WatchedFileHandler",`
			`"filename": app.config["LOGGING"]["PATH"],`
			`"formatter": "default",`
			`}`

			`dictConfig(`
			`{`
			`"version": 1,`
			`"formatters": {`
			`"default": {`
			`"format": "[%(asctime)s] %(levelname)s in %(module)s: %(message)s",`
			`}`
			`},`
			`"handlers": {"wsgi": handler},`
			`"root": {"level": log_level, "handlers": ["wsgi"]},`
unit tests: first login mail success and error 2022-12-21 20:52:01 +00:00			`"disable_existing_loggers": False,`
Logging is configurable 2021-10-31 13:40:12 +00:00			`}`
			`)`


jpegPhoto profile form 2021-12-08 17:06:50 +00:00			`def setup_jinja(app):`
Group description 2021-12-10 16:08:43 +00:00			`app.jinja_env.filters["len"] = len`
Fixed some jinja translation with {% trans %} blocks and new lines. 2023-03-22 18:29:28 +00:00			`app.jinja_env.policies["ext.i18n.trimmed"] = True`
jpegPhoto profile form 2021-12-08 17:06:50 +00:00

application setup refactoring 2021-12-08 15:10:01 +00:00			`def setup_themer(app):`
			`additional_themes_dir = (`
			`os.path.dirname(app.config["THEME"])`
			`if app.config.get("THEME") and os.path.exists(app.config["THEME"])`
			`else None`
			`)`
			`themer = Themer(`
			`app,`
			`loaders=[FileSystemThemeLoader(additional_themes_dir)]`
			`if additional_themes_dir`
			`else None,`
			`)`
use flask-themer to allow theme customization 2021-10-28 13:24:34 +00:00
application setup refactoring 2021-12-08 15:10:01 +00:00			`@themer.current_theme_loader`
			`def get_current_theme():`
			`# if config['THEME'] may be a theme name or an absolute path`
			`return app.config.get("THEME", "default").split("/")[-1]`
Initialization improvement 2020-09-27 15:32:23 +00:00

application setup refactoring 2021-12-08 15:10:01 +00:00			`def setup_blueprints(app):`
Moved user and group management in the core submodule 2023-04-09 11:34:38 +00:00			`import canaille.core.account`
			`import canaille.core.admin`
			`import canaille.core.groups`
Moved oidc blueprints in a dedicated file 2023-04-09 09:31:23 +00:00			`import canaille.oidc.blueprints`
flask app delayed imports 2022-01-05 15:30:46 +00:00
application setup refactoring 2021-12-08 15:10:01 +00:00			`app.url_map.strict_slashes = False`

Moved user and group management in the core submodule 2023-04-09 11:34:38 +00:00			`app.register_blueprint(canaille.core.account.bp)`
			`app.register_blueprint(canaille.core.admin.bp)`
			`app.register_blueprint(canaille.core.groups.bp)`
Moved oidc blueprints in a dedicated file 2023-04-09 09:31:23 +00:00			`app.register_blueprint(canaille.oidc.blueprints.bp)`
Initialization improvement 2020-09-27 15:32:23 +00:00

CSRF protection everywhere 2023-03-28 18:30:29 +00:00			`def setup_flask(app):`
			`csrf.init_app(app)`

			`@app.before_request`
			`def make_session_permanent():`
			`session.permanent = True`
			`app.permanent_session_lifetime = datetime.timedelta(days=365)`

			`@app.context_processor`
			`def global_processor():`
'app' submodule 2023-04-09 13:52:55 +00:00			`from canaille.app.flask import current_user`
CSRF protection everywhere 2023-03-28 18:30:29 +00:00
			`return {`
			`"has_smtp": "SMTP" in app.config,`
Display password recovery button on OIDC login page 2023-05-15 16:06:22 +00:00			`"has_password_recovery": app.config.get("ENABLE_PASSWORD_RECOVERY", True),`
CSRF protection everywhere 2023-03-28 18:30:29 +00:00			`"logo_url": app.config.get("LOGO"),`
			`"favicon_url": app.config.get("FAVICON", app.config.get("LOGO")),`
			`"website_name": app.config.get("NAME", "Canaille"),`
			`"user": current_user(),`
			`"menu": True,`
			`}`

			`@app.errorhandler(400)`
			`def bad_request(e):`
			`return render_template("error.html", error=400), 400`

			`@app.errorhandler(403)`
			`def unauthorized(e):`
			`return render_template("error.html", error=403), 403`

			`@app.errorhandler(404)`
			`def page_not_found(e):`
			`return render_template("error.html", error=404), 404`

			`@app.errorhandler(500)`
			`def server_error(e): # pragma: no cover`
			`return render_template("error.html", error=500), 500`


Refactored the unit test backend fixtures 2023-05-20 15:17:46 +00:00			`def create_app(config=None, validate=True, backend=None):`
application setup refactoring 2021-12-08 15:10:01 +00:00			`app = Flask(__name__)`
			`setup_config(app, config, validate)`

do not import sentry if not needed 2022-01-11 17:02:23 +00:00			`sentry_sdk = setup_sentry(app)`
application setup refactoring 2021-12-08 15:10:01 +00:00			`try:`
CSRF protection everywhere 2023-03-28 18:30:29 +00:00			`from .oidc.oauth import setup_oauth`
'app' submodule 2023-04-09 13:52:55 +00:00			`from .app.i18n import setup_i18n`
CSRF protection everywhere 2023-03-28 18:30:29 +00:00
application setup refactoring 2021-12-08 15:10:01 +00:00			`setup_logging(app)`
Refactored the unit test backend fixtures 2023-05-20 15:17:46 +00:00			`setup_backend(app, backend)`
application setup refactoring 2021-12-08 15:10:01 +00:00			`setup_oauth(app)`
			`setup_blueprints(app)`
jpegPhoto profile form 2021-12-08 17:06:50 +00:00			`setup_jinja(app)`
LDAP 'preferredLanguage' attribute support 2022-11-20 21:12:18 +00:00			`setup_i18n(app)`
application setup refactoring 2021-12-08 15:10:01 +00:00			`setup_themer(app)`
CSRF protection everywhere 2023-03-28 18:30:29 +00:00			`setup_flask(app)`
Initialization improvement 2020-09-27 15:32:23 +00:00
unit tests: ignore sentry blocks in coverage 2022-11-20 21:34:05 +00:00			`except Exception as exc: # pragma: no cover`
do not import sentry if not needed 2022-01-11 17:02:23 +00:00			`if sentry_sdk:`
Fixed sentry configuration 2020-09-29 16:21:41 +00:00			`sentry_sdk.capture_exception(exc)`
			`raise`
Better error messages when LDAP server is unreachable, or authentication has failed 2021-12-06 20:49:38 +00:00
			`return app`