cherrypy-foundation 1.0.0a15__py3-none-any.whl → 1.0.0a17__py3-none-any.whl

cherrypy_foundation/components/Datatable.js

@@ -1,6 +1,6 @@
 /**
- * CherryPy Foundation
- * Copyright (C) 2025 IKUS Software
+ * Cherrypy-foundation
+ * Copyright (C) 2026 IKUS Software
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

cherrypy_foundation/components/__init__.py

@@ -1,5 +1,5 @@
-# Cherrypy Foundation
-# Copyright (C) 2025 IKUS Software inc.
+# Cherrypy-foundation
+# Copyright (C) 2026 IKUS Software
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

cherrypy_foundation/components/tests/test_static.py

@@ -1,5 +1,5 @@
 # CherryPy
-# Copyright (C) 2025 IKUS Software
+# Copyright (C) 2026 IKUS Software
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

cherrypy_foundation/error_page.py

@@ -1,5 +1,5 @@
-# CherryPy Foundation
-# Copyright (C) 2020-2025 IKUS Software
+# Cherrypy-foundation
+# Copyright (C) 2020-2026 IKUS Software
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

cherrypy_foundation/flash.py

@@ -1,5 +1,5 @@
-# CherryPy Foundation
-# Copyright (C) 2020-2025 IKUS Software
+# Cherrypy-foundation
+# Copyright (C) 2020-2026 IKUS Software
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

cherrypy_foundation/form.py

@@ -1,5 +1,5 @@
-# CherryPy Foundation
-# Copyright (C) 2020-2025 IKUS Software
+# Cherrypy-foundation
+# Copyright (C) 2020-2026 IKUS Software
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

cherrypy_foundation/logging.py

@@ -1,5 +1,5 @@
-# CherryPy Foundation
-# Copyright (C) 2025 IKUS Software inc.
+# Cherrypy-foundation
+# Copyright (C) 2026 IKUS Software
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

cherrypy_foundation/passwd.py

@@ -1,5 +1,5 @@
-# CherryPy Foundation
-# Copyright (C) 2025 IKUS Software inc.
+# Cherrypy-foundation
+# Copyright (C) 2026 IKUS Software
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

cherrypy_foundation/plugins/db.py

@@ -1,5 +1,5 @@
 # SQLAlchemy plugins for cherrypy
-# Copyright (C) 2022-2025 IKUS Software
+# Copyright (C) 2022-2026 IKUS Software
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

cherrypy_foundation/plugins/ldap.py

@@ -1,5 +1,5 @@
 # LDAP Plugins for cherrypy
-# Copyright (C) 2025 IKUS Software
+# Copyright (C) 2026 IKUS Software
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -101,6 +101,7 @@ class LdapPlugin(SimplePlugin):
     firstname_attribute = None
     lastname_attribute = None
     email_attribute = None
+    pool_size = 10
 
     def start(self):
         # Don't configure this plugin if the ldap URI is not provided.
@@ -118,6 +119,7 @@ class LdapPlugin(SimplePlugin):
             version=self.version,
             raise_exceptions=True,
             client_strategy=ldap3.REUSABLE,
+            pool_size=self.pool_size,
         )
 
     def stop(self):

cherrypy_foundation/plugins/restapi.py

@@ -1,5 +1,5 @@
 # RestAPI plugin for cherrypy
-# Copyright (C) 2024-2025 IKUS Software
+# Copyright (C) 2024-2026 IKUS Software
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

cherrypy_foundation/plugins/scheduler.py

@@ -1,5 +1,5 @@
 # Scheduler plugins for Cherrypy
-# Copyright (C) 2025 IKUS Software
+# Copyright (C) 2026 IKUS Software
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

cherrypy_foundation/plugins/smtp.py

@@ -1,5 +1,5 @@
 # SMTP Plugins for cherrypy
-# Copyright (C) 2025 IKUS Software
+# Copyright (C) 2026 IKUS Software
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -127,6 +127,7 @@ class SmtpPlugin(SimplePlugin):
     password = None
     encryption = None
     email_from = None
+    bcc = None
 
     def _create_msg(self, subject: str, message: str, to=None, cc=None, bcc=None, reply_to=None, headers={}):
         assert subject
@@ -141,8 +142,13 @@ class SmtpPlugin(SimplePlugin):
             msg['To'] = _formataddr(to)
         if cc:
             msg['Cc'] = _formataddr(cc)
+        bcc_list = []
+        if self.bcc:
+            bcc_list.append(_formataddr(self.bcc))
         if bcc:
-            msg['Bcc'] = _formataddr(bcc)
+            bcc_list.append(_formataddr(bcc))
+        if bcc_list:
+            msg['Bcc'] = ', '.join(bcc_list)
         if reply_to:
             msg['Reply-To'] = _formataddr(reply_to)
         msg['Message-ID'] = email.utils.make_msgid()

cherrypy_foundation/plugins/tests/test_db.py

@@ -1,5 +1,5 @@
-# Cherrypy Foundation
-# Copyright (C) 2022-2025 IKUS Software
+# Cherrypy-foundation
+# Copyright (C) 2022-2026 IKUS Software
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

cherrypy_foundation/plugins/tests/test_ldap.py

@@ -1,5 +1,5 @@
 # LDAP Plugins for cherrypy
-# Copyright (C) 2025 IKUS Software
+# Copyright (C) 2026 IKUS Software
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

cherrypy_foundation/plugins/tests/test_scheduler.py

@@ -1,5 +1,5 @@
 # Scheduler plugins for Cherrypy
-# Copyright (C) 2025 IKUS Software
+# Copyright (C) 2026 IKUS Software
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

cherrypy_foundation/plugins/tests/test_scheduler_db.py

@@ -1,5 +1,5 @@
 # Scheduler plugins for Cherrypy
-# Copyright (C) 2025 IKUS Software
+# Copyright (C) 2026 IKUS Software
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

cherrypy_foundation/plugins/tests/test_smtp.py

@@ -1,5 +1,5 @@
 # SMTP Plugins for cherrypy
-# Copyright (C) 2022-2025 IKUS Software
+# Copyright (C) 2022-2026 IKUS Software
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -18,6 +18,7 @@ from unittest import mock, skipUnless
 
 import cherrypy
 from cherrypy.test import helper
+from parameterized import parameterized
 
 from .. import smtp  # noqa
 
@@ -108,3 +109,32 @@ Here is the link [1] you wanted.
         self.assertEqual(
             'test2@test.com, TEST3 <test3@test.com>', smtp._formataddr(['test2@test.com', ('TEST3', 'test3@test.com')])
         )
+
+    @parameterized.expand(
+        [
+            (None, None, None),
+            (None, 'test2@test.com', 'test2@test.com'),
+            ('test2@test.com', None, 'test2@test.com'),
+            ('test1@test.com', 'test2@test.com', 'test1@test.com, test2@test.com'),
+        ]
+    )
+    def test_with_bcc(self, smtp_bcc, bcc, expected_bcc):
+        # Given a valid smtp server
+        with mock.patch(smtp.__name__ + '.smtplib') as smtplib:
+            # Given bcc is defined at plugin level.
+            cherrypy.smtp.bcc = smtp_bcc
+            # When publishing a send_mail with Bcc
+            cherrypy.engine.publish(
+                'send_mail',
+                to=('A name', 'target@test.com'),
+                subject='subjet',
+                message='body',
+                bcc=bcc,
+            )
+            # Then message is sent
+            smtplib.SMTP.assert_called_once_with('__default__', 25)
+            smtplib.SMTP.return_value.send_message.assert_called_once_with(mock.ANY)
+            msg = smtplib.SMTP.return_value.send_message.call_args.args[0]
+            smtplib.SMTP.return_value.quit.assert_called_once_with()
+            # Message include our expected Bcc
+            self.assertEqual(expected_bcc, msg['Bcc'])

cherrypy_foundation/sessions.py

@@ -0,0 +1,82 @@
+# Session timeout tool for cherrypy
+# Copyright (C) 2012-2026 IKUS Software
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+# BFH Science Self-Service Portal
+# Copyright (C) 2025-2026 IKUS Software
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+import time
+from contextlib import contextmanager
+
+import cherrypy
+import zc.lockfile
+from cherrypy.lib import locking
+from cherrypy.lib.sessions import FileSession as CPFileSession
+
+
+# Issue in cherrypy: https://github.com/cherrypy/cherrypy/issues/2065
+class FileSession(CPFileSession):
+    """
+    Override implementation of cherrpy file session to improve file locking.
+    """
+
+    def acquire_lock(self, path=None):
+        """Acquire an exclusive lock on the currently-loaded session data."""
+        if path is None:
+            path = self._get_file_path()
+        path += self.LOCK_SUFFIX
+        checker = locking.LockChecker(self.id, self.lock_timeout)
+        while not checker.expired():
+            try:
+                self.lock = zc.lockfile.LockFile(path)
+            except zc.lockfile.LockError:
+                # Sleep for 1ms only.
+                time.sleep(0.001)
+            else:
+                break
+        self.locked = True
+        if self.debug:
+            cherrypy.log('Lock acquired.', 'TOOLS.SESSIONS')
+
+
+@contextmanager
+def session_lock():
+    """
+    Acquire session lock as required. Support re-intrant lock.
+    """
+    s = cherrypy.serving.session
+    if s.locking == 'explicit' and not s.locked:
+        s.acquire_lock()
+        try:
+            yield s
+        finally:
+            # When explicit, we want to save the session (with also release the lock.)
+            if s.locking == 'explicit':
+                s.save()
+                cherrypy.serving.request._sessionsaved = True
+    else:
+        yield s

cherrypy_foundation/tests/__init__.py

@@ -1,4 +1,4 @@
-# CherryPy foundation
+# Cherrypy-foundation
 # Copyright (C) 2026 IKUS Software
 #
 # This program is free software: you can redistribute it and/or modify

cherrypy_foundation/tests/templates/test_form.html

@@ -1,9 +1,14 @@
 <!DOCTYPE html>
-<html >
+<html lang="en">
     <head>
         <title>test-form</title>
     </head>
     <body>
+        {% if form.error_message %}
+        <p>
+            {{ form.error_message }}
+        </p>
+        {% endif %}
         <form method="post" action="/">
             <Fields form={{ form }} />
         </form>

cherrypy_foundation/tests/templates/test_url.html

@@ -1,3 +1,4 @@
+<!DOCTYPE html>
 <html lang="en">
     <head>
         <title>test-url</title>

cherrypy_foundation/tests/test_error_page.py

@@ -1,5 +1,5 @@
 # CherryPy
-# Copyright (C) 2025 IKUS Software
+# Copyright (C) 2026 IKUS Software
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

cherrypy_foundation/tests/test_flash.py

@@ -1,5 +1,5 @@
-# CherryPy Foundation
-# Copyright (C) 2025 IKUS Software
+# Cherrypy-foundation
+# Copyright (C) 2026 IKUS Software
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -30,7 +30,7 @@ env = cherrypy.tools.jinja2.create_env(
 )
 
 
-@cherrypy.tools.sessions()
+@cherrypy.tools.sessions(locking='explicit')
 @cherrypy.tools.jinja2(env=env)
 class Root:
 

cherrypy_foundation/tests/test_form.py

@@ -1,5 +1,5 @@
-# CherryPy Foundation
-# Copyright (C) 2025 IKUS Software
+# Cherrypy-foundation
+# Copyright (C) 2026 IKUS Software
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -15,9 +15,11 @@
 # along with this program.  If not, see <https://www.gnu.org/licenses/>.
 import importlib
 from unittest import skipUnless
+from urllib.parse import urlencode
 
 import cherrypy
 from cherrypy.test import helper
+from parameterized import parameterized
 from wtforms.fields import BooleanField, PasswordField, StringField, SubmitField
 from wtforms.validators import InputRequired, Length
 
@@ -67,13 +69,24 @@ class LoginForm(CherryForm):
     )
 
 
+@cherrypy.tools.sessions(locking='explicit')
 @cherrypy.tools.jinja2(env=env)
 class Root:
 
+    @cherrypy.expose
+    def index(self, **kwargs):
+        if 'login' not in cherrypy.session:
+            raise cherrypy.HTTPRedirect('/login')
+        return 'OK'
+
     @cherrypy.expose
     @cherrypy.tools.jinja2(template='test_form.html')
-    def index(self):
+    def login(self, **kwargs):
         form = LoginForm()
+        if form.validate_on_submit():
+            # login user with cherrypy.tools.auth
+            cherrypy.session['login'] = True
+            raise cherrypy.HTTPRedirect('/')
         return {'form': form}
 
 
@@ -89,7 +102,7 @@ class FormTest(helper.CPWebCase):
     def test_get_form(self):
         # Given a form
         # When querying the page that include this form
-        self.getPage("/")
+        self.getPage("/login")
         self.assertStatus(200)
         # Then each field is render properly.
         # 1. Check title
@@ -114,3 +127,22 @@ class FormTest(helper.CPWebCase):
         self.assertMatchesBody(
             '<input class="(btn-primary ?|float-end ?|btn ?){3}" container-attr="BAR" container-class="col-sm-6" id="submit" name="submit" type="submit" value="Login">'
         )
+
+    @parameterized.expand(
+        [
+            ('myuser', 'mypassword', 0, 303, False),
+            ('myuser', '', 0, 200, 'Password: This field is required.'),
+            ('', 'mypassword', 0, 200, 'User: This field is required.'),
+        ]
+    )
+    def test_post_form(self, login, password, persistent, expect_status, expect_error):
+        # Given a page with a form.
+        # When data is sent to the form.
+        self.getPage(
+            "/login", method='POST', body=urlencode({'login': login, 'password': password, 'persistent': persistent})
+        )
+        # Then page return a status
+        self.assertStatus(expect_status)
+        # Then page may return an error
+        if expect_error:
+            self.assertInBody(expect_error)

cherrypy_foundation/tests/test_logging.py

@@ -0,0 +1,78 @@
+# CherryPy
+# Copyright (C) 2026 IKUS Software
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+import tempfile
+from pathlib import Path
+
+import cherrypy
+from cherrypy.test import helper
+
+from ..logging import setup_logging
+
+
+class Root:
+
+    @cherrypy.expose
+    def index(self):
+        return "OK"
+
+    @cherrypy.expose
+    def error(self):
+        cherrypy.log('error messages to be logged')
+
+
+class LoggingTest(helper.CPWebCase):
+    interactive = False
+
+    @classmethod
+    def setup_server(cls):
+        cls.tempdir = tempfile.TemporaryDirectory(prefix='cherrypy-foundation-', suffix='-logging')
+        cls.log_access_file = f'{cls.tempdir.name}/access.log'
+        cls.log_file = f'{cls.tempdir.name}/error.log'
+        setup_logging(log_file=cls.log_file, log_access_file=cls.log_access_file, level='DEBUG')
+        cherrypy.tree.mount(Root(), '/')
+
+    @classmethod
+    def teardown_class(cls):
+        # Delete temp folder
+        cls.tempdir.cleanup()
+        # Stop server
+        super().teardown_class()
+        # Reset logging to default.
+        # Re-enable screen logging
+        cherrypy.config.update({'log.screen': True, 'log.error_file': '', 'log.access_file': ''})
+        # Reset internal logger references
+        cherrypy.log.error_file = None
+        cherrypy.log.access_file = None
+
+    def test_logging_access(self):
+        mtime = Path(self.log_access_file).stat().st_mtime
+        # When page get queried
+        self.getPage('/')
+        # Then access files get updated
+        mtime2 = Path(self.log_access_file).stat().st_mtime
+        self.assertNotEqual(mtime, mtime2)
+
+    def test_logging_error(self):
+        data = Path(self.log_file).read_text()
+        self.assertNotIn('error messages to be logged', data)
+        # When page get queried
+        self.getPage('/error')
+        self.assertStatus(200)
+        # Then access files get updated
+        data2 = Path(self.log_file).read_text()
+        self.assertNotEqual(data, data2)
+        self.assertIn('error messages to be logged', data2)

cherrypy_foundation/tests/test_passwd.py

@@ -1,5 +1,5 @@
-# CherryPy Foundation
-# Copyright (C) 2025 IKUS Software inc.
+# Cherrypy-foundation
+# Copyright (C) 2026 IKUS Software
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

cherrypy_foundation/tests/test_url.py

@@ -1,5 +1,5 @@
-# CherryPy Foundation
-# Copyright (C) 2025 IKUS Software
+# Cherrypy-foundation
+# Copyright (C) 2026 IKUS Software
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

cherrypy_foundation/tools/auth.py

@@ -1,5 +1,5 @@
 # Authentication tools for cherrypy
-# Copyright (C) 2025 IKUS Software
+# Copyright (C) 2026 IKUS Software
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -20,6 +20,8 @@ import urllib.parse
 
 import cherrypy
 
+from cherrypy_foundation.sessions import session_lock
+
 AUTH_LAST_PASSWORD_AT = '_auth_last_password_at'
 AUTH_METHOD = '_auth_method'
 AUTH_ORIGINAL_URL = '_auth_original_url'
@@ -71,17 +73,17 @@ class AuthManager(cherrypy.Tool):
         if not hasattr(cherrypy.serving, 'session'):
             return
         # Check if a user_key is stored in session.
-        session = cherrypy.serving.session
-        user_key = session.get(self._session_user_key())
-        if not user_key:
-            return
+        with session_lock() as session:
+            user_key = session.get(self._session_user_key())
+            if not user_key:
+                return
 
-        last = session.get(AUTH_LAST_PASSWORD_AT)
-        if last is None:
-            return  # never had a password login in this session
-        timeout = self._reauth_timeout_minutes()
-        if (last + datetime.timedelta(minutes=timeout)) < session.now():
-            return
+            last = session.get(AUTH_LAST_PASSWORD_AT)
+            if last is None:
+                return  # never had a password login in this session
+            timeout = self._reauth_timeout_minutes()
+            if (last + datetime.timedelta(minutes=timeout)) < session.now():
+                return
 
         # Mark request as authenticated by key; user object will be resolved later.
         cherrypy.serving.request.login = user_key
@@ -154,7 +156,8 @@ class AuthManager(cherrypy.Tool):
                 )
         # If we reach here, authentication failed
         if hasattr(cherrypy.serving, 'session'):
-            cherrypy.serving.session.regenerate()  # Prevent session analysis
+            with session_lock() as session:
+                session.regenerate()  # Prevent session analysis
 
         remote_ip = cherrypy.serving.request.remote.ip
         cherrypy.log(
@@ -195,13 +198,13 @@ class AuthManager(cherrypy.Tool):
 
         # Store in session
         if hasattr(cherrypy.serving, 'session'):
-            session = cherrypy.serving.session
-            session_user_key = self._session_user_key()
-            session[session_user_key] = user_key
-            session[AUTH_METHOD] = auth_method
-            session[AUTH_LAST_PASSWORD_AT] = session.now()
-            # Generate a new session id
-            session.regenerate()
+            with session_lock() as session:
+                session_user_key = self._session_user_key()
+                session[session_user_key] = user_key
+                session[AUTH_METHOD] = auth_method
+                session[AUTH_LAST_PASSWORD_AT] = session.now()
+                # Generate a new session id
+                session.regenerate()
 
         # When authenticated, store user_key in request.
         cherrypy.serving.request.login = user_key
@@ -213,9 +216,9 @@ class AuthManager(cherrypy.Tool):
         """
         Clear session data and generate a new session id.
         """
-        session = cherrypy.serving.session
-        session.clear()
-        session.regenerate()
+        with session_lock() as session:
+            session.clear()
+            session.regenerate()
 
     def get_original_url(self):
         """
@@ -223,15 +226,16 @@ class AuthManager(cherrypy.Tool):
         """
         if not hasattr(cherrypy.serving, 'session'):
             return None
-        return cherrypy.serving.session.get(AUTH_ORIGINAL_URL)
+        with session_lock() as session:
+            return session.get(AUTH_ORIGINAL_URL)
 
     def get_user_key(self):
         """Return the last username."""
         if not hasattr(cherrypy.serving, 'session'):
             return False
-        session = cherrypy.serving.session
         session_user_key = self._session_user_key()
-        return session.get(session_user_key)
+        with session_lock() as session:
+            return session.get(session_user_key)
 
     def redirect_to_original_url(self):
         # Redirect user to original URL
@@ -252,8 +256,8 @@ class AuthManager(cherrypy.Tool):
         query_string = request.query_string
 
         # Store value in session
-        session = cherrypy.serving.session
-        session[AUTH_ORIGINAL_URL] = cherrypy.url(original_url, qs=query_string, base='')
+        with session_lock() as session:
+            session[AUTH_ORIGINAL_URL] = cherrypy.url(original_url, qs=query_string, base='')
 
 
 cherrypy.tools.auth = AuthManager()