flask-appbuilder 3.2.1__py3-none-any.whl → 5.0.2__py3-none-any.whl

flask_appbuilder/security/registerviews.py

@@ -2,10 +2,10 @@ __author__ = "Daniel Gaspar"
 
 import logging
 
-from flask import flash, redirect, request, session, url_for
+from flask import current_app, flash, redirect, request, url_for
 from flask_babel import lazy_gettext
 
-from .forms import LoginForm_oid, RegisterUserDBForm, RegisterUserOIDForm
+from .forms import RegisterUserDBForm
 from .. import const as c
 from .._compat import as_unicode
 from ..validators import Unique
@@ -24,29 +24,29 @@ def get_first_last_name(fullname):
 
 class BaseRegisterUser(PublicFormView):
     """
-        Make your own user registration view and inherit from this class if you
-        want to implement a completely different registration process. If not,
-        just inherit from RegisterUserDBView or RegisterUserOIDView depending on
-        your authentication method.
-        then override SecurityManager property that defines the class to use::
+    Make your own user registration view and inherit from this class if you
+    want to implement a completely different registration process. If not,
+    just inherit from RegisterUserDBView or RegisterUserOAuthView depending on
+    your authentication method.
+    then override SecurityManager property that defines the class to use::
 
-            from flask_appbuilder.security.registerviews import RegisterUserDBView
+        from flask_appbuilder.security.registerviews import RegisterUserDBView
 
-            class MyRegisterUserDBView(BaseRegisterUser):
-                email_template = 'register_mail.html'
-                ...
+        class MyRegisterUserDBView(BaseRegisterUser):
+            email_template = 'register_mail.html'
+            ...
 
 
-            class MySecurityManager(SecurityManager):
-                registeruserdbview = MyRegisterUserDBView
+        class MySecurityManager(SecurityManager):
+            registeruserdbview = MyRegisterUserDBView
 
-        When instantiating AppBuilder set your own SecurityManager class::
+    When instantiating AppBuilder set your own SecurityManager class::
 
-            appbuilder = AppBuilder(
-                app,
-                db.session,
-                 security_manager_class=MySecurityManager
-            )
+        appbuilder = AppBuilder(
+            app,
+            db.session,
+             security_manager_class=MySecurityManager
+        )
     """
 
     route_base = "/register"
@@ -69,14 +69,14 @@ class BaseRegisterUser(PublicFormView):
 
     def send_email(self, register_user):
         """
-            Method for sending the registration Email to the user
+        Method for sending the registration Email to the user
         """
         try:
             from flask_mail import Mail, Message
         except Exception:
             log.error("Install Flask-Mail to use User registration")
             return False
-        mail = Mail(self.appbuilder.get_app)
+        mail = Mail(current_app)
         msg = Message()
         msg.subject = self.email_subject
         url = url_for(
@@ -95,7 +95,7 @@ class BaseRegisterUser(PublicFormView):
         try:
             mail.send(msg)
         except Exception as e:
-            log.error("Send email exception: {0}".format(str(e)))
+            log.error("Send email exception: %s", e)
             return False
         return True
 
@@ -120,13 +120,13 @@ class BaseRegisterUser(PublicFormView):
     @expose("/activation/<string:activation_hash>")
     def activation(self, activation_hash):
         """
-            Endpoint to expose an activation url, this url
-            is sent to the user by email, when accessed the user is inserted
-            and activated
+        Endpoint to expose an activation url, this url
+        is sent to the user by email, when accessed the user is inserted
+        and activated
         """
         reg = self.appbuilder.sm.find_register_user(activation_hash)
         if not reg:
-            log.error(c.LOGMSG_ERR_SEC_NO_REGISTER_HASH.format(activation_hash))
+            log.error(c.LOGMSG_ERR_SEC_NO_REGISTER_HASH, activation_hash)
             flash(as_unicode(self.false_error_message), "danger")
             return redirect(self.appbuilder.get_url_for_index)
         if not self.appbuilder.sm.add_user(
@@ -164,7 +164,7 @@ class BaseRegisterUser(PublicFormView):
 
 class RegisterUserDBView(BaseRegisterUser):
     """
-        View for Registering a new user, auth db mode
+    View for Registering a new user, auth db mode
     """
 
     form = RegisterUserDBForm
@@ -185,95 +185,12 @@ class RegisterUserDBView(BaseRegisterUser):
         )
 
 
-class RegisterUserOIDView(BaseRegisterUser):
-    """
-        View for Registering a new user, auth OID mode
-    """
-
-    route_base = "/register"
-
-    form = RegisterUserOIDForm
-    default_view = "form_oid_post"
-
-    @expose("/formoidone", methods=["GET", "POST"])
-    def form_oid_post(self, flag=True):
-        if flag:
-            self.oid_login_handler(self.form_oid_post, self.appbuilder.sm.oid)
-        form = LoginForm_oid()
-        if form.validate_on_submit():
-            session["remember_me"] = form.remember_me.data
-            return self.appbuilder.sm.oid.try_login(
-                form.openid.data, ask_for=["email", "fullname"]
-            )
-        resp = session.pop("oid_resp", None)
-        if resp:
-            self._init_vars()
-            form = self.form.refresh()
-            self.form_get(form)
-            form.username.data = resp.email
-            first_name, last_name = get_first_last_name(resp.fullname)
-            form.first_name.data = first_name
-            form.last_name.data = last_name
-            form.email.data = resp.email
-            widgets = self._get_edit_widget(form=form)
-            # self.update_redirect()
-            return self.render_template(
-                self.form_template,
-                title=self.form_title,
-                widgets=widgets,
-                form_action="form",
-                appbuilder=self.appbuilder,
-            )
-        else:
-            flash(as_unicode(self.error_message), "warning")
-            return redirect(self.get_redirect())
-
-    def oid_login_handler(self, f, oid):
-        """
-            Hackish method to make use of oid.login_handler decorator.
-        """
-        from flask_openid import OpenIDResponse, SessionWrapper
-        from openid.consumer.consumer import CANCEL, Consumer, SUCCESS
-
-        if request.args.get("openid_complete") != u"yes":
-            return f(False)
-        consumer = Consumer(SessionWrapper(self), oid.store_factory())
-        openid_response = consumer.complete(
-            request.args.to_dict(), oid.get_current_url()
-        )
-        if openid_response.status == SUCCESS:
-            return self.after_login(OpenIDResponse(openid_response, []))
-        elif openid_response.status == CANCEL:
-            oid.signal_error(u"The request was cancelled")
-            return redirect(oid.get_current_url())
-        oid.signal_error(u"OpenID authentication error")
-        return redirect(oid.get_current_url())
-
-    def after_login(self, resp):
-        """
-            Method that adds the return OpenID response object on the session
-            this session key will be deleted
-        """
-        session["oid_resp"] = resp
-
-    def form_get(self, form):
-        self.add_form_unique_validations(form)
-
-    def form_post(self, form):
-        self.add_registration(
-            username=form.username.data,
-            first_name=form.first_name.data,
-            last_name=form.last_name.data,
-            email=form.email.data,
-        )
-
-
 class RegisterUserOAuthView(BaseRegisterUser):
     """
-        View for Registering a new user, auth OID mode
+    View for Registering a new user, auth OAuth mode
     """
 
-    form = RegisterUserOIDForm
+    form = RegisterUserDBForm
 
     def form_get(self, form):
         self.add_form_unique_validations(form)

flask_appbuilder/security/schemas.py

@@ -0,0 +1,43 @@
+from typing import Union
+
+from flask import current_app
+from flask_appbuilder.const import (
+    API_SECURITY_PROVIDER_DB,
+    API_SECURITY_PROVIDER_LDAP,
+    AUTH_DB,
+    AUTH_LDAP,
+)
+from marshmallow import fields, Schema, ValidationError
+from marshmallow.validate import Length, OneOf
+
+
+provider_to_auth_type = {"db": AUTH_DB, "ldap": AUTH_LDAP}
+
+
+def validate_password(value: Union[bytes, bytearray, str]) -> None:
+    if value and sum(value.encode()) == 0:
+        raise ValidationError("Password null is not allowed")
+
+
+def validate_provider(value: Union[bytes, bytearray, str]) -> None:
+    if not current_app.appbuilder.sm.api_login_allow_multiple_providers:
+        provider_name = current_app.appbuilder.sm.auth_type_provider_name
+        if provider_name and provider_name != value:
+            raise ValidationError("Alternative authentication provider is not allowed")
+
+
+class LoginPost(Schema):
+    username = fields.String(required=True, allow_none=False, validate=Length(min=1))
+    password = fields.String(
+        validate=[Length(min=1), validate_password], required=True, allow_none=False
+    )
+    provider = fields.String(
+        validate=[
+            OneOf([API_SECURITY_PROVIDER_DB, API_SECURITY_PROVIDER_LDAP]),
+            validate_provider,
+        ]
+    )
+    refresh = fields.Boolean(required=False)
+
+
+login_post = LoginPost()

flask_appbuilder/security/sqla/apis/__init__.py

@@ -0,0 +1,8 @@
+from flask_appbuilder.security.sqla.apis.group import GroupApi  # noqa: F401
+from flask_appbuilder.security.sqla.apis.permission import PermissionApi  # noqa: F401
+from flask_appbuilder.security.sqla.apis.permission_view_menu import (  # noqa: F401
+    PermissionViewMenuApi,
+)
+from flask_appbuilder.security.sqla.apis.role import RoleApi  # noqa: F401
+from flask_appbuilder.security.sqla.apis.user import UserApi  # noqa: F401
+from flask_appbuilder.security.sqla.apis.view_menu import ViewMenuApi  # noqa: F401

flask_appbuilder/security/sqla/apis/group/__init__.py

@@ -0,0 +1 @@
+from .api import GroupApi  # noqa: F401

flask_appbuilder/security/sqla/apis/group/api.py

@@ -0,0 +1,227 @@
+from flask import request
+from flask_appbuilder import ModelRestApi
+from flask_appbuilder.api import expose, safe
+from flask_appbuilder.const import API_RESULT_RES_KEY
+from flask_appbuilder.models.sqla.interface import SQLAInterface
+from flask_appbuilder.security.decorators import permission_name, protect
+from flask_appbuilder.security.sqla.apis.group.schema import (
+    GroupPostSchema,
+    GroupPutSchema,
+)
+from flask_appbuilder.security.sqla.models import Group, Role, User
+from marshmallow import ValidationError
+from sqlalchemy.exc import IntegrityError
+
+
+class GroupApi(ModelRestApi):
+    resource_name = "security/groups"
+    openapi_spec_tag = "Security Groups"
+    class_permission_name = "Group"
+    datamodel = SQLAInterface(Group)
+    allow_browser_login = True
+
+    list_columns = [
+        "id",
+        "name",
+        "label",
+        "description",
+        "roles.name",
+        "roles.id",
+        "users.id",
+        "users.username",
+    ]
+    show_columns = list_columns
+    edit_columns = ["name", "label", "description", "users", "roles"]
+    add_columns = edit_columns
+    search_columns = list_columns
+
+    add_model_schema = GroupPostSchema()
+    edit_model_schema = GroupPutSchema()
+
+    openapi_spec_component_schemas = (
+        GroupPostSchema,
+        GroupPutSchema,
+    )
+
+    @expose("/", methods=["POST"])
+    @protect()
+    @safe
+    @permission_name("post")
+    def post(self):
+        """Create new group
+        ---
+        post:
+          requestBody:
+            description: Model schema
+            required: true
+            content:
+              application/json:
+                schema:
+                  $ref: '#/components/schemas/GroupPostSchema'
+          responses:
+            201:
+              description: Group created
+              content:
+                application/json:
+                  schema:
+                    type: object
+                    properties:
+                      result:
+                        $ref: '#/components/schemas/GroupPostSchema'
+            400:
+              $ref: '#/components/responses/400'
+            401:
+              $ref: '#/components/responses/401'
+            422:
+              $ref: '#/components/responses/422'
+            500:
+              $ref: '#/components/responses/500'
+        """
+        try:
+            item = self.add_model_schema.load(request.json)
+            model = Group()
+            roles = []
+            users = []
+
+            for key, value in item.items():
+                if key == "roles":
+                    roles = self._fetch_entities(Role, value)
+                    missing_role_ids = set(item["roles"]) - {r.id for r in roles}
+                    if missing_role_ids:
+                        return self.response_400(
+                            message={
+                                "roles": [
+                                    (
+                                        f"Role(s) with ID(s) {sorted(missing_role_ids)} "
+                                        "do not exist."
+                                    )
+                                ]
+                            }
+                        )
+                elif key == "users":
+                    users = self._fetch_entities(User, value)
+                    missing_user_ids = set(item["users"]) - {u.id for u in users}
+                    if missing_user_ids:
+                        return self.response_400(
+                            message={
+                                "users": [
+                                    (
+                                        f"User(s) with ID(s) {sorted(missing_user_ids)} "
+                                        "do not exist."
+                                    )
+                                ]
+                            }
+                        )
+                else:
+                    setattr(model, key, value)
+
+            model.roles = roles
+            model.users = users
+
+            self.pre_add(model)
+            self.datamodel.add(model)
+
+            return self.response(201, id=model.id)
+
+        except ValidationError as error:
+            return self.response_400(message=error.messages)
+        except IntegrityError as e:
+            return self.response_422(message=str(e.orig))
+
+    @expose("/<pk>", methods=["PUT"])
+    @protect()
+    @safe
+    @permission_name("put")
+    def put(self, pk):
+        """Edit group
+        ---
+        put:
+          parameters:
+          - in: path
+            schema:
+              type: integer
+            name: pk
+          requestBody:
+            description: Model schema
+            required: true
+            content:
+              application/json:
+                schema:
+                  $ref: '#/components/schemas/GroupPutSchema'
+          responses:
+            200:
+              description: Group updated
+              content:
+                application/json:
+                  schema:
+                    type: object
+                    properties:
+                      result:
+                        $ref: '#/components/schemas/GroupPutSchema'
+            400:
+              $ref: '#/components/responses/400'
+            401:
+              $ref: '#/components/responses/401'
+            404:
+              $ref: '#/components/responses/404'
+            422:
+              $ref: '#/components/responses/422'
+            500:
+              $ref: '#/components/responses/500'
+        """
+        try:
+            item = self.edit_model_schema.load(request.json)
+            model = self.datamodel.get(pk, self._base_filters)
+            if not model:
+                return self.response_404()
+
+            roles = []
+            users = []
+
+            for key, value in item.items():
+                if key == "roles":
+                    roles = self._fetch_entities(Role, value)
+                    missing_role_ids = set(value) - {r.id for r in roles}
+                    if missing_role_ids:
+                        return self.response_400(
+                            message={
+                                "roles": [
+                                    (
+                                        f"Role(s) with ID(s) {sorted(missing_role_ids)} "
+                                        "do not exist."
+                                    )
+                                ]
+                            }
+                        )
+                elif key == "users":
+                    users = self._fetch_entities(User, value)
+                    missing_user_ids = set(value) - {u.id for u in users}
+                    if missing_user_ids:
+                        return self.response_400(
+                            message={
+                                "users": [
+                                    (
+                                        f"User(s) with ID(s) {sorted(missing_user_ids)} "
+                                        "do not exist."
+                                    )
+                                ]
+                            }
+                        )
+                else:
+                    setattr(model, key, value)
+
+            if "roles" in item.keys():
+                model.roles = roles
+            if "users" in item.keys():
+                model.users = users
+            self.pre_update(model)
+            self.datamodel.edit(model)
+            return self.response(
+                200,
+                **{API_RESULT_RES_KEY: self.edit_model_schema.dump(item, many=False)},
+            )
+
+        except ValidationError as e:
+            return self.response_400(message=e.messages)
+        except IntegrityError as e:
+            return self.response_422(message=str(e.orig))

flask_appbuilder/security/sqla/apis/group/schema.py

@@ -0,0 +1,73 @@
+from flask_appbuilder.security.sqla.models import Group
+from marshmallow import fields, Schema
+from marshmallow.validate import Length
+
+name_description = "Group name"
+label_description = "Group label"
+description_description = "Group description"
+roles_description = "Group roles"
+users_description = "Group users"
+
+
+class GroupPostSchema(Schema):
+    model_cls = Group
+
+    name = fields.String(
+        required=True,
+        validate=[Length(1, 100)],
+        metadata={"description": name_description},
+    )
+    label = fields.String(
+        required=False,
+        allow_none=True,
+        validate=[Length(0, 150)],
+        metadata={"description": label_description},
+    )
+    description = fields.String(
+        required=False,
+        allow_none=True,
+        validate=[Length(0, 512)],
+        metadata={"description": description_description},
+    )
+    roles = fields.List(
+        fields.Integer,
+        required=False,
+        metadata={"description": roles_description},
+    )
+    users = fields.List(
+        fields.Integer,
+        required=False,
+        metadata={"description": users_description},
+    )
+
+
+class GroupPutSchema(Schema):
+    model_cls = Group
+
+    name = fields.String(
+        required=False,
+        validate=[Length(1, 100)],
+        metadata={"description": name_description},
+    )
+    label = fields.String(
+        required=False,
+        allow_none=True,
+        validate=[Length(0, 150)],
+        metadata={"description": label_description},
+    )
+    description = fields.String(
+        required=False,
+        allow_none=True,
+        validate=[Length(0, 512)],
+        metadata={"description": description_description},
+    )
+    roles = fields.List(
+        fields.Integer,
+        required=False,
+        metadata={"description": roles_description},
+    )
+    users = fields.List(
+        fields.Integer,
+        required=False,
+        metadata={"description": users_description},
+    )

flask_appbuilder/security/sqla/apis/permission/__init__.py

@@ -0,0 +1 @@
+from .api import PermissionApi  # noqa: F401

flask_appbuilder/security/sqla/apis/permission/api.py

@@ -0,0 +1,19 @@
+from flask_appbuilder import ModelRestApi
+from flask_appbuilder.models.sqla.interface import SQLAInterface
+from flask_appbuilder.security.sqla.models import Permission
+
+
+class PermissionApi(ModelRestApi):
+    resource_name = "security/permissions"
+    openapi_spec_tag = "Security Permissions"
+
+    class_permission_name = "Permission"
+    datamodel = SQLAInterface(Permission)
+    allow_browser_login = True
+    include_route_methods = {"info", "get", "get_list"}
+
+    list_columns = ["id", "name"]
+    show_columns = list_columns
+    add_columns = ["name"]
+    edit_columns = add_columns
+    search_columns = list_columns

flask_appbuilder/security/sqla/apis/permission_view_menu/__init__.py

@@ -0,0 +1 @@
+from .api import PermissionViewMenuApi  # noqa: F401

flask_appbuilder/security/sqla/apis/permission_view_menu/api.py

@@ -0,0 +1,16 @@
+from flask_appbuilder import ModelRestApi
+from flask_appbuilder.models.sqla.interface import SQLAInterface
+from flask_appbuilder.security.sqla.models import PermissionView
+
+
+class PermissionViewMenuApi(ModelRestApi):
+    resource_name = "security/permissions-resources"
+    openapi_spec_tag = "Security Permissions on Resources (View Menus)"
+    class_permission_name = "PermissionViewMenu"
+    datamodel = SQLAInterface(PermissionView)
+    allow_browser_login = True
+
+    list_columns = ["id", "permission.name", "view_menu.name"]
+    show_columns = list_columns
+    add_columns = ["permission_id", "view_menu_id"]
+    edit_columns = add_columns

flask_appbuilder/security/sqla/apis/role/__init__.py

@@ -0,0 +1 @@
+from .api import RoleApi  # noqa: F401