cherrypy-foundation 1.0.0__py3-none-any.whl → 1.0.0a2__py3-none-any.whl

cherrypy_foundation/plugins/tests/test_smtp.py

@@ -1,5 +1,5 @@
 # SMTP Plugins for cherrypy
-# Copyright (C) 2022-2026 IKUS Software
+# Copyright (C) 2022-2025 IKUS Software
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -18,7 +18,6 @@ from unittest import mock, skipUnless
 
 import cherrypy
 from cherrypy.test import helper
-from parameterized import parameterized
 
 from .. import smtp  # noqa
 
@@ -109,32 +108,3 @@ Here is the link [1] you wanted.
         self.assertEqual(
             'test2@test.com, TEST3 <test3@test.com>', smtp._formataddr(['test2@test.com', ('TEST3', 'test3@test.com')])
         )
-
-    @parameterized.expand(
-        [
-            (None, None, None),
-            (None, 'test2@test.com', 'test2@test.com'),
-            ('test2@test.com', None, 'test2@test.com'),
-            ('test1@test.com', 'test2@test.com', 'test1@test.com, test2@test.com'),
-        ]
-    )
-    def test_with_bcc(self, smtp_bcc, bcc, expected_bcc):
-        # Given a valid smtp server
-        with mock.patch(smtp.__name__ + '.smtplib') as smtplib:
-            # Given bcc is defined at plugin level.
-            cherrypy.smtp.bcc = smtp_bcc
-            # When publishing a send_mail with Bcc
-            cherrypy.engine.publish(
-                'send_mail',
-                to=('A name', 'target@test.com'),
-                subject='subjet',
-                message='body',
-                bcc=bcc,
-            )
-            # Then message is sent
-            smtplib.SMTP.assert_called_once_with('__default__', 25)
-            smtplib.SMTP.return_value.send_message.assert_called_once_with(mock.ANY)
-            msg = smtplib.SMTP.return_value.send_message.call_args.args[0]
-            smtplib.SMTP.return_value.quit.assert_called_once_with()
-            # Message include our expected Bcc
-            self.assertEqual(expected_bcc, msg['Bcc'])

cherrypy_foundation/tests/__init__.py

@@ -1,72 +0,0 @@
-# Cherrypy-foundation
-# Copyright (C) 2026 IKUS Software
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-import os
-import tempfile
-import unittest
-from contextlib import contextmanager
-
-from selenium import webdriver
-
-
-class SeleniumUnitTest:
-
-    @property
-    def _session_id(self):
-        if hasattr(self, 'cookies') and self.cookies:
-            for unused, value in self.cookies:
-                for part in value.split(';'):
-                    key, unused, value = part.partition('=')
-                    if key == 'session_id':
-                        return value
-
-    @contextmanager
-    def selenium(self, headless=True, implicitly_wait=3):
-        """
-        Decorator to load selenium for a test.
-        """
-        # Skip selenium test is display is not available.
-        if not os.environ.get('DISPLAY', False):
-            raise unittest.SkipTest("selenium require a display")
-        # Start selenium driver
-        options = webdriver.ChromeOptions()
-        if headless:
-            options.add_argument('--headless')
-        options.add_argument('--disable-gpu')
-        options.add_argument('--window-size=1280,800')
-        options.add_argument('--no-sandbox')
-        options.add_argument('--disable-dev-shm-usage')
-        options.add_argument('--lang=en-US')
-        driver = webdriver.Chrome(options=options)
-        try:
-            # If logged in, reuse the same session id.
-            if self._session_id:
-                driver.get(f'{self.baseurl}/login/')
-                driver.add_cookie({"name": "session_id", "value": self.session_id})
-            # Configure download folder
-            download = os.path.join(os.path.expanduser('~'), 'Downloads')
-            os.makedirs(download, exist_ok=True)
-            self._selenium_download_dir = tempfile.mkdtemp(dir=download, prefix='selenium-download-')
-            driver.execute_cdp_cmd(
-                'Page.setDownloadBehavior', {'behavior': 'allow', 'downloadPath': self._selenium_download_dir}
-            )
-            # Set default wait.
-            driver.implicitly_wait(implicitly_wait)
-            yield driver
-        finally:
-            # Code to release resource, e.g.:
-            driver.close()
-            driver = None

cherrypy_foundation/tests/templates/test_form.html

@@ -1,14 +1,8 @@
-<!DOCTYPE html>
-<html lang="en">
+<html>
     <head>
         <title>test-form</title>
     </head>
     <body>
-        {% if form.error_message %}
-        <p>
-            {{ form.error_message }}
-        </p>
-        {% endif %}
         <form method="post" action="/">
             <Fields form={{ form }} />
         </form>

cherrypy_foundation/tests/test_error_page.py

@@ -1,5 +1,5 @@
 # CherryPy
-# Copyright (C) 2026 IKUS Software
+# Copyright (C) 2025 IKUS Software
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -29,10 +29,6 @@ class Root:
 
     @cherrypy.expose
     def not_found(self):
-        raise cherrypy.NotFound()
-
-    @cherrypy.expose
-    def not_found_custom(self):
         raise cherrypy.HTTPError(404, message='My error message')
 
     @cherrypy.expose
@@ -64,8 +60,6 @@ class ErrorPageTest(helper.CPWebCase):
 
     @parameterized.expand(
         [
-            ('/not_found', '<p>Nothing matches the given URI</p>'),
-            ('/not_found_custom', '<p>My error message</p>'),
             ('/html_error', '<p>My error message</p>'),
             ('/json_error', '{"message": "json error message", "status": "400 Bad Request"}'),
             ('/text_error', 'text error message'),

cherrypy_foundation/tests/test_form.py

@@ -1,5 +1,5 @@
-# Cherrypy-foundation
-# Copyright (C) 2026 IKUS Software
+# CherryPy Foundation
+# Copyright (C) 2025 IKUS Software
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -15,11 +15,9 @@
 # along with this program.  If not, see <https://www.gnu.org/licenses/>.
 import importlib
 from unittest import skipUnless
-from urllib.parse import urlencode
 
 import cherrypy
 from cherrypy.test import helper
-from parameterized import parameterized
 from wtforms.fields import BooleanField, PasswordField, StringField, SubmitField
 from wtforms.validators import InputRequired, Length
 
@@ -31,6 +29,9 @@ HAS_JINJAX = importlib.util.find_spec("jinjax") is not None
 
 env = cherrypy.tools.jinja2.create_env(
     package_name=__package__,
+    globals={
+        'const1': 'STATIC VALUE',
+    },
 )
 
 
@@ -69,24 +70,13 @@ class LoginForm(CherryForm):
     )
 
 
-@cherrypy.tools.sessions()
 @cherrypy.tools.jinja2(env=env)
 class Root:
 
-    @cherrypy.expose
-    def index(self, **kwargs):
-        if 'login' not in cherrypy.session:
-            raise cherrypy.HTTPRedirect('/login')
-        return 'OK'
-
     @cherrypy.expose
     @cherrypy.tools.jinja2(template='test_form.html')
-    def login(self, **kwargs):
+    def index(self):
         form = LoginForm()
-        if form.validate_on_submit():
-            # login user with cherrypy.tools.auth
-            cherrypy.session['login'] = True
-            raise cherrypy.HTTPRedirect('/')
         return {'form': form}
 
 
@@ -102,7 +92,7 @@ class FormTest(helper.CPWebCase):
     def test_get_form(self):
         # Given a form
         # When querying the page that include this form
-        self.getPage("/login")
+        self.getPage("/")
         self.assertStatus(200)
         # Then each field is render properly.
         # 1. Check title
@@ -122,27 +112,8 @@ class FormTest(helper.CPWebCase):
             '<input class="form-check-input" container-class="col-sm-6" id="persistent" label-attr="FOO" name="persistent" type="checkbox" value="y">'
         )
         self.assertInBody('<label attr="FOO" class="form-check-label" for="persistent">Remember me</label>')
-        # 5. check submit button (regex matches because class could have different order with jinjax<=0.57)
-        self.assertInBody('<div  attr="BAR"')
-        self.assertMatchesBody(
-            '<input class="(btn-primary ?|float-end ?|btn ?){3}" container-attr="BAR" container-class="col-sm-6" id="submit" name="submit" type="submit" value="Login">'
-        )
-
-    @parameterized.expand(
-        [
-            ('myuser', 'mypassword', 0, 303, False),
-            ('myuser', '', 0, 200, 'Password: This field is required.'),
-            ('', 'mypassword', 0, 200, 'User: This field is required.'),
-        ]
-    )
-    def test_post_form(self, login, password, persistent, expect_status, expect_error):
-        # Given a page with a form.
-        # When data is sent to the form.
-        self.getPage(
-            "/login", method='POST', body=urlencode({'login': login, 'password': password, 'persistent': persistent})
+        # 5. check submit button
+        self.assertInBody('<div  attr="BAR" class="mb-2 form-field col-sm-6">')
+        self.assertInBody(
+            '<input class="btn-primary float-end btn" container-attr="BAR" container-class="col-sm-6" id="submit" name="submit" type="submit" value="Login">'
         )
-        # Then page return a status
-        self.assertStatus(expect_status)
-        # Then page may return an error
-        if expect_error:
-            self.assertInBody(expect_error)

cherrypy_foundation/tests/test_passwd.py

@@ -1,5 +1,5 @@
-# Cherrypy-foundation
-# Copyright (C) 2026 IKUS Software
+# CherryPy Foundation
+# Copyright (C) 2025 IKUS Software inc.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

cherrypy_foundation/tools/auth.py

@@ -1,5 +1,5 @@
 # Authentication tools for cherrypy
-# Copyright (C) 2026 IKUS Software
+# Copyright (C) 2025 IKUS Software
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -20,8 +20,6 @@ import urllib.parse
 
 import cherrypy
 
-from cherrypy_foundation.sessions import session_lock
-
 AUTH_LAST_PASSWORD_AT = '_auth_last_password_at'
 AUTH_METHOD = '_auth_method'
 AUTH_ORIGINAL_URL = '_auth_original_url'
@@ -73,17 +71,17 @@ class AuthManager(cherrypy.Tool):
         if not hasattr(cherrypy.serving, 'session'):
             return
         # Check if a user_key is stored in session.
-        with session_lock() as session:
-            user_key = session.get(self._session_user_key())
-            if not user_key:
-                return
+        session = cherrypy.serving.session
+        user_key = session.get(self._session_user_key())
+        if not user_key:
+            return
 
-            last = session.get(AUTH_LAST_PASSWORD_AT)
-            if last is None:
-                return  # never had a password login in this session
-            timeout = self._reauth_timeout_minutes()
-            if (last + datetime.timedelta(minutes=timeout)) < session.now():
-                return
+        last = session.get(AUTH_LAST_PASSWORD_AT)
+        if last is None:
+            return  # never had a password login in this session
+        timeout = self._reauth_timeout_minutes()
+        if (last + datetime.timedelta(minutes=timeout)) < session.now():
+            return
 
         # Mark request as authenticated by key; user object will be resolved later.
         cherrypy.serving.request.login = user_key
@@ -156,8 +154,7 @@ class AuthManager(cherrypy.Tool):
                 )
         # If we reach here, authentication failed
         if hasattr(cherrypy.serving, 'session'):
-            with session_lock() as session:
-                session.regenerate()  # Prevent session analysis
+            cherrypy.serving.session.regenerate()  # Prevent session analysis
 
         remote_ip = cherrypy.serving.request.remote.ip
         cherrypy.log(
@@ -198,13 +195,13 @@ class AuthManager(cherrypy.Tool):
 
         # Store in session
         if hasattr(cherrypy.serving, 'session'):
-            with session_lock() as session:
-                session_user_key = self._session_user_key()
-                session[session_user_key] = user_key
-                session[AUTH_METHOD] = auth_method
-                session[AUTH_LAST_PASSWORD_AT] = session.now()
-                # Generate a new session id
-                session.regenerate()
+            session = cherrypy.serving.session
+            session_user_key = self._session_user_key()
+            session[session_user_key] = user_key
+            session[AUTH_METHOD] = auth_method
+            session[AUTH_LAST_PASSWORD_AT] = session.now()
+            # Generate a new session id
+            session.regenerate()
 
         # When authenticated, store user_key in request.
         cherrypy.serving.request.login = user_key
@@ -216,9 +213,9 @@ class AuthManager(cherrypy.Tool):
         """
         Clear session data and generate a new session id.
         """
-        with session_lock() as session:
-            session.clear()
-            session.regenerate()
+        session = cherrypy.serving.session
+        session.clear()
+        session.regenerate()
 
     def get_original_url(self):
         """
@@ -226,16 +223,15 @@ class AuthManager(cherrypy.Tool):
         """
         if not hasattr(cherrypy.serving, 'session'):
             return None
-        with session_lock() as session:
-            return session.get(AUTH_ORIGINAL_URL)
+        return cherrypy.serving.session.get(AUTH_ORIGINAL_URL)
 
     def get_user_key(self):
         """Return the last username."""
         if not hasattr(cherrypy.serving, 'session'):
             return False
+        session = cherrypy.serving.session
         session_user_key = self._session_user_key()
-        with session_lock() as session:
-            return session.get(session_user_key)
+        return session.get(session_user_key)
 
     def redirect_to_original_url(self):
         # Redirect user to original URL
@@ -256,8 +252,8 @@ class AuthManager(cherrypy.Tool):
         query_string = request.query_string
 
         # Store value in session
-        with session_lock() as session:
-            session[AUTH_ORIGINAL_URL] = cherrypy.url(original_url, qs=query_string, base='')
+        session = cherrypy.serving.session
+        session[AUTH_ORIGINAL_URL] = cherrypy.url(original_url, qs=query_string, base='')
 
 
 cherrypy.tools.auth = AuthManager()

cherrypy_foundation/tools/auth_mfa.py

@@ -1,5 +1,5 @@
 # MFA tool for cherrypy
-# Copyright (C) 2022-2026 IKUS Software
+# Copyright (C) 2022-2025 Patrik Dufresne
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -21,8 +21,6 @@ from typing import Optional
 
 import cherrypy
 
-from cherrypy_foundation.sessions import session_lock
-
 from ..passwd import check_password, hash_password
 
 MFA_CODE = '_auth_mfa_code'
@@ -85,11 +83,11 @@ class CheckAuthMfa(cherrypy.Tool):
 
         length = self._code_length()
         code = ''.join(secrets.choice(string.digits) for _ in range(length))
-        with session_lock() as session:
-            session[MFA_USER_KEY] = cherrypy.request.login
-            session[MFA_CODE] = hash_password(code)
-            session[MFA_CODE_TIME] = session.now()
-            session[MFA_CODE_ATTEMPT] = 0
+        session = cherrypy.serving.session
+        session[MFA_USER_KEY] = cherrypy.request.login
+        session[MFA_CODE] = hash_password(code)
+        session[MFA_CODE_TIME] = session.now()
+        session[MFA_CODE_ATTEMPT] = 0
         return code
 
     def _is_verified(self) -> bool:
@@ -98,24 +96,24 @@ class CheckAuthMfa(cherrypy.Tool):
             return False
 
         # Check if our username match current login user.
-        with session_lock() as session:
-            if session.get(MFA_USER_KEY) != cherrypy.request.login:
-                return False
+        session = cherrypy.serving.session
+        if session.get(MFA_USER_KEY) != cherrypy.request.login:
+            return False
 
-            # Check if the current IP is trusted
-            ip_list = session.get(MFA_TRUSTED_IP_LIST) or []
-            if cherrypy.request.remote.ip not in ip_list:
-                return False
+        # Check if the current IP is trusted
+        ip_list = session.get(MFA_TRUSTED_IP_LIST) or []
+        if cherrypy.request.remote.ip not in ip_list:
+            return False
 
-            # Check if user ever pass the verification.
-            verified_at: Optional[datetime.datetime] = session.get(MFA_VERIFICATION_TIME)
-            if not verified_at:
-                return False
+        # Check if user ever pass the verification.
+        verified_at: Optional[datetime.datetime] = session.get(MFA_VERIFICATION_TIME)
+        if not verified_at:
+            return False
 
-            # Check trusted duration time
-            trust_minutes = self._trust_duration_minutes()
-            if (verified_at + datetime.timedelta(minutes=trust_minutes)) <= session.now():
-                return False
+        # Check trusted duration time
+        trust_minutes = self._trust_duration_minutes()
+        if (verified_at + datetime.timedelta(minutes=trust_minutes)) <= session.now():
+            return False
 
         return True
 
@@ -127,26 +125,24 @@ class CheckAuthMfa(cherrypy.Tool):
         if not hasattr(cherrypy.serving, 'session'):
             return True
 
-        with session_lock() as session:
-            if session.get(MFA_USER_KEY) != cherrypy.request.login:
-                return True
+        session = cherrypy.serving.session
+        if session.get(MFA_USER_KEY) != cherrypy.request.login:
+            return True
 
-            # Check if code is defined.
-            hash_ = session.get(MFA_CODE)
-            if not hash_:
-                return True
+        # Check if code is defined.
+        hash_ = session.get(MFA_CODE)
+        if not hash_:
+            return True
 
-            # Check issued time.
-            issued_at: Optional[datetime.datetime] = session.get(MFA_CODE_TIME)
-            if not issued_at or (
-                (issued_at + datetime.timedelta(minutes=self._code_timeout_minutes())) < session.now()
-            ):
-                return True
+        # Check issued time.
+        issued_at: Optional[datetime.datetime] = session.get(MFA_CODE_TIME)
+        if not issued_at or ((issued_at + datetime.timedelta(minutes=self._code_timeout_minutes())) < session.now()):
+            return True
 
-            # Check number of attempt.
-            attempts = int(session.get(MFA_CODE_ATTEMPT, 0))
-            if attempts >= self._max_attempts():
-                return True
+        # Check number of attempt.
+        attempts = int(session.get(MFA_CODE_ATTEMPT, 0))
+        if attempts >= self._max_attempts():
+            return True
 
         return False
 
@@ -194,55 +190,55 @@ class CheckAuthMfa(cherrypy.Tool):
         if not hasattr(cherrypy.serving, 'session'):
             return False
 
-        with session_lock() as session:
-            stored_hash = session.get(MFA_CODE)
-            is_expired = self.is_code_expired()
-            if self.is_code_expired():
-                return False
-
-            # Always perform the hash check regardless of expiration
-            # to prevent timing attacks
-            code_valid = False
-            if stored_hash:
-                code_valid = check_password(code, stored_hash)
-
-            # Check all conditions after hash verification
-            if is_expired or not code_valid:
-                if not is_expired:  # Only increment if not expired
-                    session[MFA_CODE_ATTEMPT] = attempts = int(session.get(MFA_CODE_ATTEMPT, 0)) + 1
-                cherrypy.log(
-                    f'verification failed user={cherrypy.request.login} ip={cherrypy.request.remote.ip} attempts={attempts}',
-                    context='MFA',
-                    severity=logging.WARNING,
-                )
-                return False
-
-            # Success: trust this device/IP for the configured duration
-            session[MFA_VERIFICATION_TIME] = session.now()
-            ip_list = list({*(session.get(MFA_TRUSTED_IP_LIST) or []), cherrypy.request.remote.ip})
-            # Cap the list to avoid unbounded growth (keep most recent N)
-            max_ips = self._max_trusted_ips()
-            if len(ip_list) > max_ips:
-                ip_list = ip_list[-max_ips:]
-            session[MFA_TRUSTED_IP_LIST] = ip_list
-
-            # Clear the one-time code
-            session[MFA_CODE] = None
-            session[MFA_CODE_TIME] = None
-            session[MFA_CODE_ATTEMPT] = 0
-
-            # Honor “remember this device” option by making the session persistent
-            if hasattr(cherrypy.tools, 'sessions_timeout'):
-                try:
-                    cherrypy.tools.sessions_timeout.set_persistent(bool(persistent))
-                except Exception:
-                    pass
-
-            # Rotate session id to prevent fixation
-            session.regenerate()
+        session = cherrypy.serving.session
+        stored_hash = session.get(MFA_CODE)
+        is_expired = self.is_code_expired()
+        if self.is_code_expired():
+            return False
+
+        # Always perform the hash check regardless of expiration
+        # to prevent timing attacks
+        code_valid = False
+        if stored_hash:
+            code_valid = check_password(code, stored_hash)
+
+        # Check all conditions after hash verification
+        if is_expired or not code_valid:
+            if not is_expired:  # Only increment if not expired
+                session[MFA_CODE_ATTEMPT] = attempts = int(session.get(MFA_CODE_ATTEMPT, 0)) + 1
             cherrypy.log(
-                f'verification successful user={cherrypy.request.login} ip={cherrypy.request.remote.ip}', context='MFA'
+                f'verification failed user={cherrypy.request.login} ip={cherrypy.request.remote.ip} attempts={attempts}',
+                context='MFA',
+                severity=logging.WARNING,
             )
+            return False
+
+        # Success: trust this device/IP for the configured duration
+        session[MFA_VERIFICATION_TIME] = session.now()
+        ip_list = list({*(session.get(MFA_TRUSTED_IP_LIST) or []), cherrypy.request.remote.ip})
+        # Cap the list to avoid unbounded growth (keep most recent N)
+        max_ips = self._max_trusted_ips()
+        if len(ip_list) > max_ips:
+            ip_list = ip_list[-max_ips:]
+        session[MFA_TRUSTED_IP_LIST] = ip_list
+
+        # Clear the one-time code
+        session[MFA_CODE] = None
+        session[MFA_CODE_TIME] = None
+        session[MFA_CODE_ATTEMPT] = 0
+
+        # Honor “remember this device” option by making the session persistent
+        if hasattr(cherrypy.tools, 'sessions_timeout'):
+            try:
+                cherrypy.tools.sessions_timeout.set_persistent(bool(persistent))
+            except Exception:
+                pass
+
+        # Rotate session id to prevent fixation
+        session.regenerate()
+        cherrypy.log(
+            f'verification successful user={cherrypy.request.login} ip={cherrypy.request.remote.ip}', context='MFA'
+        )
         return True
 
 

cherrypy_foundation/tools/errors.py

@@ -0,0 +1,27 @@
+# Cherrypy Foundation
+# Copyright (C) 2025 IKUS Software inc.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+import sys
+
+import cherrypy
+
+
+def handle_exception(error_table):
+    t = sys.exc_info()[0]
+    code = error_table.get(t, 500)
+    cherrypy.serving.request.error_response = cherrypy.HTTPError(code).set_response
+
+
+cherrypy.tools.errors = cherrypy.Tool('before_error_response', handle_exception, priority=90)