c2cgeoportal-commons 2.5.0.100__py3-none-any.whl → 2.9rc44__py3-none-any.whl

c2cgeoportal_commons/models/sqlalchemy.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
-
-# Copyright (c) 2012-2020, Camptocamp SA
+# Copyright (c) 2012-2024, Camptocamp SA
 # All rights reserved.
 
 # Redistribution and use in source and binary forms, with or without
@@ -27,7 +25,7 @@
 # of the authors and should not be interpreted as representing official policies,
 # either expressed or implied, of the FreeBSD Project.
 import json
-from typing import Any, Optional, Type
+from typing import Any
 
 from sqlalchemy.engine import Dialect
 from sqlalchemy.types import VARCHAR, TypeDecorator, UserDefinedType
@@ -35,37 +33,35 @@ from sqlalchemy.types import VARCHAR, TypeDecorator, UserDefinedType
 
 # get from https://docs.sqlalchemy.org/en/latest/orm/extensions/
 # mutable.html#establishing-mutability-on-scalar-column-values
-class JSONEncodedDict(TypeDecorator):
-    """
-    Represents an immutable structure as a json-encoded string.
-    """
+class JSONEncodedDict(TypeDecorator[Any]):
+    """Represent an immutable structure as a json-encoded string."""
 
     impl = VARCHAR
 
-    @staticmethod
-    def process_bind_param(value: Optional[dict], _: Dialect) -> Optional[str]:
+    def process_bind_param(self, value: dict[str, Any] | None, _: Dialect) -> str | None:
         return json.dumps(value) if value is not None else None
 
-    @staticmethod
-    def process_result_value(value: Optional[str], _: Dialect) -> Optional[dict]:
+    def process_result_value(self, value: str | None, _: Dialect) -> dict[str, Any] | None:
         return json.loads(value) if value is not None else None
 
     @property
-    def python_type(self) -> Type:
+    def python_type(self) -> type[Any]:
         return dict
 
-    @staticmethod
-    def process_literal_param(value: str, dialect: Any) -> str:
+    def process_literal_param(self, value: Any | None, dialect: Any) -> str:
+        assert isinstance(value, str)
         del dialect
         return json.dumps(value)
 
 
-class TsVector(UserDefinedType):
-    """ A custom type for PostgreSQL's tsvector type. """
+class TsVector(UserDefinedType[dict[str, str]]):  # pylint: disable=abstract-method
+    """A custom type for PostgreSQL's tsvector type."""
+
+    cache_ok = True
 
-    def get_col_spec(self) -> str:  # pylint: disable=no-self-use
+    def get_col_spec(self) -> str:
         return "TSVECTOR"
 
     @property
-    def python_type(self) -> Type:
+    def python_type(self) -> type[Any]:
         return dict

c2cgeoportal_commons/models/static.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
-
-# Copyright (c) 2011-2020, Camptocamp SA
+# Copyright (c) 2011-2024, Camptocamp SA
 # All rights reserved.
 
 # Redistribution and use in source and binary forms, with or without
@@ -29,31 +27,35 @@
 
 
 import crypt
-from datetime import datetime
+import logging
+import os
+from datetime import datetime, timezone
 from hashlib import sha1
 from hmac import compare_digest as compare_hash
-import logging
-from typing import Any, List
+from typing import Any
 
+import sqlalchemy.schema
 from c2c.template.config import config
-import pytz
 from sqlalchemy import Column, ForeignKey, Table
 from sqlalchemy.dialects.postgresql import HSTORE
 from sqlalchemy.ext.mutable import MutableDict
-from sqlalchemy.orm import backref, relationship
+from sqlalchemy.orm import Mapped, backref, mapped_column, relationship
 from sqlalchemy.types import Boolean, DateTime, Integer, String, Unicode
 
+from c2cgeoportal_commons.lib.literal import Literal
 from c2cgeoportal_commons.models import Base, _
-from c2cgeoportal_commons.models.main import Role
+from c2cgeoportal_commons.models.main import AbstractLog, Role
 
 try:
-    from colander import drop, Email
-    from deform.widget import HiddenWidget, DateTimeInputWidget
     from c2cgeoform.ext.deform_ext import RelationSelect2Widget
+    from colander import Email, drop
+    from deform.widget import DateTimeInputWidget, HiddenWidget
 except ModuleNotFoundError:
-    drop = None
+    drop = None  # pylint: disable=invalid-name
 
     class GenericClass:
+        """Generic class."""
+
         def __init__(self, *args: Any, **kwargs: Any):
             pass
 
@@ -61,10 +63,11 @@ except ModuleNotFoundError:
     HiddenWidget = GenericClass
     DateTimeInputWidget = GenericClass
     CollenderGeometry = GenericClass
-    RelationSelect2Widget = GenericClass
+    RelationSelect2Widget = GenericClass  # type: ignore[misc,assignment]
 
 
-LOG = logging.getLogger(__name__)
+_LOG = logging.getLogger(__name__)
+_OPENID_CONNECT_ENABLED = os.environ.get("OPENID_CONNECT_ENABLED", "false").lower() in ("true", "yes", "1")
 
 _schema: str = config["schema_static"] or "static"
 
@@ -72,44 +75,130 @@ _schema: str = config["schema_static"] or "static"
 user_role = Table(
     "user_role",
     Base.metadata,
-    Column("user_id", Integer, ForeignKey(_schema + ".user.id"), primary_key=True),
+    Column("user_id", Integer, ForeignKey(_schema + ".user.id", ondelete="CASCADE"), primary_key=True),
     Column("role_id", Integer, primary_key=True),
     schema=_schema,
 )
 
 
-class User(Base):
+class User(Base):  # type: ignore
+    """The user table representation."""
+
     __tablename__ = "user"
     __table_args__ = {"schema": _schema}
-    __colanderalchemy_config__ = {"title": _("User"), "plural": _("Users")}
+    __colanderalchemy_config__ = {
+        "title": _("User"),
+        "plural": _("Users"),
+        "description": Literal(
+            _(
+                """
+            <div class="help-block">
+                <p>Each user may have from 1 to n roles, but each user has a default role from
+                    which are taken some settings. The default role (defined through the
+                    "Settings from role" selection) has an influence on the role extent and on some
+                    functionalities regarding their configuration.</p>
+
+                <p>Role extents for users can only be set in one role, because the application
+                    is currently not able to check multiple extents for one user, thus it is the
+                    default role which defines this unique extent.</p>
+
+                <p>Any functionality specified as <b>single</b> can be defined only once per user.
+                    Hence, these functionalities have to be defined in the default role.</p>
+
+                <p>By default, functionalities are not specified as <b>single</b>. Currently, the
+                    following functionalities are of <b>single</b> type:</p>
+
+                <ul>
+                    <li><code>default_basemap</code></li>
+                    <li><code>default_theme</code></li>
+                    <li><code>preset_layer_filter</code></li>
+                    <li><code>open_panel</code></li>
+                </ul>
+
+                <p>Any other functionality (with <b>single</b> not set or set to <code>false</code>) can
+                    be defined in any role linked to the user.</p>
+                <hr>
+            </div>
+                """
+            )
+        ),
+    }
     __c2cgeoform_config__ = {"duplicate": True}
-    item_type = Column(
+    item_type: Mapped[str] = mapped_column(
         "type", String(10), nullable=False, info={"colanderalchemy": {"widget": HiddenWidget()}}
     )
     __mapper_args__ = {"polymorphic_on": item_type, "polymorphic_identity": "user"}
 
-    id = Column(Integer, primary_key=True, info={"colanderalchemy": {"widget": HiddenWidget()}})
-    username = Column(
-        Unicode, unique=True, nullable=False, info={"colanderalchemy": {"title": _("Username")}}
+    id: Mapped[int] = mapped_column(
+        Integer, primary_key=True, info={"colanderalchemy": {"widget": HiddenWidget()}}
+    )
+    username: Mapped[str] = mapped_column(
+        Unicode,
+        unique=True,
+        nullable=False,
+        info={
+            "colanderalchemy": (
+                {
+                    "title": _("Username"),
+                    "description": _("Name used for authentication (must be unique)."),
+                }
+                if not _OPENID_CONNECT_ENABLED
+                else {"widget": HiddenWidget()}
+            )
+        },
+    )
+    display_name: Mapped[str] = mapped_column(
+        Unicode,
+        info={
+            "colanderalchemy": {
+                "title": _("Display name"),
+                "description": _("Name displayed in the application."),
+            }
+        },
+    )
+    _password: Mapped[str] = mapped_column(
+        "password", Unicode, nullable=False, info={"colanderalchemy": {"exclude": True}}
     )
-    _password = Column("password", Unicode, nullable=False, info={"colanderalchemy": {"exclude": True}})
-    temp_password = Column(
+    temp_password: Mapped[str | None] = mapped_column(
         "temp_password", Unicode, nullable=True, info={"colanderalchemy": {"exclude": True}}
     )
-    tech_data = Column(MutableDict.as_mutable(HSTORE), info={"colanderalchemy": {"exclude": True}})
-    email = Column(
-        Unicode, nullable=False, info={"colanderalchemy": {"title": _("Email"), "validator": Email()}}
+    tech_data = mapped_column(MutableDict.as_mutable(HSTORE), info={"colanderalchemy": {"exclude": True}})  # type: ignore[arg-type]
+    email: Mapped[str] = mapped_column(
+        Unicode,
+        nullable=False,
+        index=True,
+        info={
+            "colanderalchemy": {
+                "title": _("Email"),
+                "description": _(
+                    "Used to send emails to the user, for example in case of password recovery."
+                ),
+                "validator": Email(),
+            }
+        },
     )
-    is_password_changed = Column(
-        Boolean, default=False, info={"colanderalchemy": {"title": _("The user changed his password")}}
+    is_password_changed: Mapped[bool] = mapped_column(
+        Boolean,
+        default=False,
+        info={
+            "colanderalchemy": (
+                {
+                    "title": _("The user changed his password"),
+                    "description": _("Indicates if user has changed his password."),
+                }
+                if not _OPENID_CONNECT_ENABLED
+                else {"exclude": True}
+            )
+        },
     )
 
-    settings_role_id = Column(
-        Integer,
+    settings_role_id: Mapped[int] = mapped_column(
+        Integer(),
+        nullable=True,
         info={
             "colanderalchemy": {
                 "title": _("Settings from role"),
-                "description": "Only used for settings not for permissions",
+                "description": _("Used to get some settings for the user (not for permissions)."),
                 "widget": RelationSelect2Widget(
                     Role, "id", "name", order_by="name", default_value=("", _("- Select -"))
                 ),
@@ -128,37 +217,86 @@ class User(Base):
         Role,
         secondary=user_role,
         secondaryjoin=Role.id == user_role.c.role_id,
-        backref=backref("users", info={"colanderalchemy": {"exclude": True}}),
-        info={"colanderalchemy": {"title": _("Roles"), "exclude": True}},
+        backref=backref(
+            "users",
+            order_by="User.username",
+            info={
+                "colanderalchemy": {
+                    "title": _("Users"),
+                    "description": _("Users granted with this role."),
+                    "exclude": True,
+                }
+            },
+        ),
+        info={
+            "colanderalchemy": {
+                "title": _("Roles"),
+                "description": _("Roles granted to the user."),
+                "exclude": True,
+            }
+        },
     )
 
-    last_login = Column(
+    last_login: Mapped[datetime] = mapped_column(
         DateTime(timezone=True),
+        nullable=True,
         info={
-            "colanderalchemy": {
-                "title": _("Last login"),
-                "missing": drop,
-                "widget": DateTimeInputWidget(readonly=True),
-            }
+            "colanderalchemy": (
+                {
+                    "title": _("Last login"),
+                    "description": _("Date of the user's last login."),
+                    "missing": drop,
+                    "widget": DateTimeInputWidget(readonly=True),
+                }
+                if not _OPENID_CONNECT_ENABLED
+                else {"exclude": True}
+            )
         },
     )
 
-    expire_on = Column(DateTime(timezone=True), info={"colanderalchemy": {"title": _("Expiration date")}})
+    expire_on: Mapped[datetime | None] = mapped_column(
+        DateTime(timezone=True),
+        info={
+            "colanderalchemy": (
+                {
+                    "title": _("Expiration date"),
+                    "description": _("After this date the user will not be able to login anymore."),
+                }
+                if not _OPENID_CONNECT_ENABLED
+                else {"exclude": True}
+            )
+        },
+    )
 
-    deactivated = Column(Boolean, default=False, info={"colanderalchemy": {"title": _("Deactivated")}})
+    deactivated: Mapped[bool] = mapped_column(
+        Boolean,
+        default=False,
+        info={
+            "colanderalchemy": (
+                {
+                    "title": _("Deactivated"),
+                    "description": _("Deactivate a user without removing it completely."),
+                }
+                if not _OPENID_CONNECT_ENABLED
+                else {"exclude": True}
+            )
+        },
+    )
 
-    def __init__(
+    def __init__(  # nosec
         self,
         username: str = "",
         password: str = "",
         email: str = "",
         is_password_changed: bool = False,
-        settings_role: Role = None,
-        roles: List[Role] = None,
-        expire_on: datetime = None,
+        settings_role: Role | None = None,
+        roles: list[Role] | None = None,
+        expire_on: datetime | None = None,
         deactivated: bool = False,
+        display_name: str | None = None,
     ) -> None:
         self.username = username
+        self.display_name = display_name or username
         self.password = password
         self.tech_data = {}
         self.email = email
@@ -171,16 +309,16 @@ class User(Base):
 
     @property
     def password(self) -> str:
-        """returns password"""
-        return self._password  # pragma: no cover
+        """Get the password."""
+        return self._password
 
     @password.setter
     def password(self, password: str) -> None:
-        """encrypts password on the fly."""
+        """Encrypt password on the fly."""
         self._password = self.__encrypt_password(password)
 
     def set_temp_password(self, password: str) -> None:
-        """encrypts password on the fly."""
+        """Encrypt password on the fly."""
         self.temp_password = self.__encrypt_password(password)
 
     @staticmethod
@@ -193,8 +331,8 @@ class User(Base):
         return crypt.crypt(password, crypt.METHOD_SHA512)
 
     def validate_password(self, passwd: str) -> bool:
-        """Check the password against existing credentials.
-        this method _MUST_ return a boolean.
+        """
+        Check the password against existing credentials. this method _MUST_ return a boolean.
 
         @param passwd: the password that was provided by the user to
         try and authenticate. This is the clear text version that we will
@@ -213,7 +351,7 @@ class User(Base):
 
         if (
             self.temp_password is not None
-            and self.temp_password != ""
+            and self.temp_password != ""  # nosec
             and compare_hash(self.temp_password, crypt.crypt(passwd, self.temp_password))
         ):
             self._password = self.temp_password
@@ -223,22 +361,159 @@ class User(Base):
         return False
 
     def expired(self) -> bool:
-        return self.expire_on is not None and self.expire_on < datetime.now(pytz.utc)
+        return self.expire_on is not None and self.expire_on < datetime.now(timezone.utc)
 
     def update_last_login(self) -> None:
-        self.last_login = datetime.now(pytz.utc)
+        self.last_login = datetime.now(timezone.utc)
 
     def __str__(self) -> str:
-        return self.username or ""  # pragma: no cover
+        return self.username or ""
+
 
+class Shorturl(Base):  # type: ignore
+    """The shorturl table representation."""
 
-class Shorturl(Base):
     __tablename__ = "shorturl"
     __table_args__ = {"schema": _schema}
-    id = Column(Integer, primary_key=True)
-    url = Column(Unicode)
-    ref = Column(String(20), index=True, unique=True, nullable=False)
-    creator_email = Column(Unicode(200))
-    creation = Column(DateTime)
-    last_hit = Column(DateTime)
-    nb_hits = Column(Integer)
+    id: Mapped[int] = mapped_column(Integer, primary_key=True)
+    url: Mapped[str] = mapped_column(Unicode)
+    ref: Mapped[str] = mapped_column(String(20), index=True, unique=True, nullable=False)
+    creator_email: Mapped[str | None] = mapped_column(Unicode(200), nullable=True)
+    creation: Mapped[datetime] = mapped_column(DateTime)
+    last_hit: Mapped[datetime] = mapped_column(DateTime, nullable=True)
+    nb_hits: Mapped[int] = mapped_column(Integer)
+
+
+class OAuth2Client(Base):  # type: ignore
+    """The oauth2_client table representation."""
+
+    __tablename__ = "oauth2_client"
+    __table_args__ = {"schema": _schema}
+    __colanderalchemy_config__ = {"title": _("OAuth2 Client"), "plural": _("OAuth2 Clients")}
+    __c2cgeoform_config__ = {"duplicate": True}
+    id: Mapped[int] = mapped_column(
+        Integer, primary_key=True, info={"colanderalchemy": {"widget": HiddenWidget()}}
+    )
+    client_id: Mapped[str] = mapped_column(
+        Unicode,
+        unique=True,
+        info={
+            "colanderalchemy": {
+                "title": _("Client ID"),
+                "description": _("The client identifier as e.-g. 'qgis'."),
+            }
+        },
+    )
+    secret: Mapped[str] = mapped_column(
+        Unicode,
+        info={
+            "colanderalchemy": {
+                "title": _("Secret"),
+                "description": _("The secret."),
+            }
+        },
+    )
+    redirect_uri: Mapped[str] = mapped_column(
+        Unicode,
+        info={
+            "colanderalchemy": {
+                "title": _("Redirect URI"),
+                "description": _(
+                    """
+                    URI where user should be redirected after authentication
+                    as e.-g. 'http://127.0.0.1:7070/' in case of QGIS desktop.
+                    """
+                ),
+            }
+        },
+    )
+    state_required: Mapped[bool] = mapped_column(
+        Boolean,
+        default=False,
+        info={
+            "colanderalchemy": {
+                "title": _("State required"),
+                "description": _(
+                    "The state is required for this client (see: "
+                    "https://auth0.com/docs/secure/attack-protection/state-parameters)."
+                ),
+            }
+        },
+    )
+    pkce_required: Mapped[bool] = mapped_column(
+        Boolean,
+        default=False,
+        info={
+            "colanderalchemy": {
+                "title": _("PKCE required"),
+                "description": _(
+                    "PKCE is required for this client (see: "
+                    "https://auth0.com/docs/get-started/authentication-and-authorization-flow/"
+                    "authorization-code-flow-with-proof-key-for-code-exchange-pkce)."
+                ),
+            }
+        },
+    )
+
+
+class OAuth2BearerToken(Base):  # type: ignore
+    """The oauth2_bearertoken table representation."""
+
+    __tablename__ = "oauth2_bearertoken"
+    __table_args__ = (
+        sqlalchemy.schema.UniqueConstraint("client_id", "user_id"),
+        {
+            "schema": _schema,
+        },
+    )
+    id: Mapped[int] = mapped_column(Integer, primary_key=True)
+    client_id: Mapped[int] = mapped_column(
+        Integer, ForeignKey(_schema + ".oauth2_client.id", ondelete="CASCADE"), nullable=False
+    )
+    client = relationship(OAuth2Client)
+    user_id: Mapped[int] = mapped_column(
+        Integer, ForeignKey(_schema + ".user.id", ondelete="CASCADE"), nullable=False
+    )
+    user = relationship(User)
+    access_token: Mapped[str] = mapped_column(Unicode(100), unique=True)
+    refresh_token: Mapped[str] = mapped_column(Unicode(100), unique=True)
+    expire_at: Mapped[datetime] = mapped_column(DateTime(timezone=True))  # in one hour
+    state = mapped_column(String, nullable=True)
+
+
+class OAuth2AuthorizationCode(Base):  # type: ignore
+    """The oauth2_authorizationcode table representation."""
+
+    __tablename__ = "oauth2_authorizationcode"
+    __table_args__ = (
+        sqlalchemy.schema.UniqueConstraint("client_id", "user_id"),
+        {
+            "schema": _schema,
+        },
+    )
+    id: Mapped[int] = mapped_column(Integer, primary_key=True)
+    client_id: Mapped[int] = mapped_column(
+        Integer, ForeignKey(_schema + ".oauth2_client.id", ondelete="CASCADE"), nullable=False
+    )
+    client = relationship(OAuth2Client)
+    user_id: Mapped[int] = mapped_column(
+        Integer, ForeignKey(_schema + ".user.id", ondelete="CASCADE"), nullable=False
+    )
+    user = relationship(User)
+    redirect_uri: Mapped[str] = mapped_column(Unicode)
+    code: Mapped[str] = mapped_column(Unicode(100), unique=True, nullable=True)
+    state: Mapped[str | None] = mapped_column(String, nullable=True)
+    challenge: Mapped[str] = mapped_column(String(128), nullable=True)
+    challenge_method: Mapped[str] = mapped_column(String(6), nullable=True)
+    expire_at: Mapped[datetime] = mapped_column(DateTime(timezone=True))  # in 10 minutes
+
+
+class Log(AbstractLog):
+    """The static log table representation."""
+
+    __tablename__ = "log"
+    __table_args__ = {"schema": _schema}
+    __mapper_args__ = {
+        "polymorphic_identity": "static",
+        "concrete": True,
+    }

c2cgeoportal_commons/testing/__init__.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
-
-# Copyright (c) 2018-2020, Camptocamp SA
+# Copyright (c) 2018-2024, Camptocamp SA
 # All rights reserved.
 
 # Redistribution and use in source and binary forms, with or without
@@ -28,24 +26,31 @@
 # either expressed or implied, of the FreeBSD Project.
 
 
+from typing import Any
+
+import zope.sqlalchemy
 from sqlalchemy import engine_from_config
 from sqlalchemy.engine import Engine
 from sqlalchemy.orm import Session, configure_mappers, sessionmaker
 from transaction import TransactionManager
-import zope.sqlalchemy
 
 
-def get_engine(settings: dict, prefix: str = "sqlalchemy.") -> Engine:
+def get_engine(settings: dict[str, Any], prefix: str = "sqlalchemy.") -> Engine:
+    """Get the engine."""
     return engine_from_config(settings, prefix)
 
 
-def get_session_factory(engine: Engine) -> sessionmaker:
+def get_session_factory(engine: Engine) -> sessionmaker[Session]:  # pylint: disable=unsubscriptable-object
+    """Get the session factory."""
     factory = sessionmaker()
     factory.configure(bind=engine)
     return factory
 
 
-def get_tm_session(session_factory: sessionmaker, transaction_manager: TransactionManager) -> Session:
+def get_tm_session(
+    session_factory: sessionmaker[Session],  # pylint: disable=unsubscriptable-object
+    transaction_manager: TransactionManager,
+) -> Session:
     """
     Get a ``sqlalchemy.orm.Session`` instance backed by a transaction.
 
@@ -64,21 +69,20 @@ def get_tm_session(session_factory: sessionmaker, transaction_manager: Transacti
           session_factory = get_session_factory(engine)
           with transaction.manager:
               dbsession = get_tm_session(session_factory, transaction.manager)
-
     """
     dbsession = session_factory()
+    assert isinstance(dbsession, Session)
     zope.sqlalchemy.register(dbsession, transaction_manager=transaction_manager)
     return dbsession
 
 
 def generate_mappers() -> None:
-    """
-    Initialize the model for a Pyramid app.
-    """
+    """Initialize the model for a Pyramid app."""
 
     # import or define all models here to ensure they are attached to the
     # Base.metadata prior to any initialization routines
-    import c2cgeoportal_commons.models.main  # noqa: F401
+    import c2cgeoportal_commons.models.main  # pylint: disable=unused-import,import-outside-toplevel
+    import c2cgeoportal_commons.models.static  # pylint: disable=import-outside-toplevel
 
     # run configure_mappers after defining all of the models to ensure
     # all relationships can be setup
@@ -86,8 +90,9 @@ def generate_mappers() -> None:
 
 
 def get_session(
-    settings: dict, transaction_manager: TransactionManager, prefix: str = "sqlalchemy."
+    settings: dict[str, Any], transaction_manager: TransactionManager, prefix: str = "sqlalchemy."
 ) -> Session:
+    """Get the session."""
     configure_mappers()
     engine = get_engine(settings, prefix)
     session_factory = get_session_factory(engine)