PyPI - flask-appbuilder - Versions diffs - 3.2.1rc1__py3-none-any.whl → 5.0.2rc1__py3-none-any.whl - Mend

flask-appbuilder 3.2.1rc1py3-none-any.whl → 5.0.2rc1py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (228) hide show

flask_appbuilder/upload.py CHANGED Viewed

@@ -1,7 +1,8 @@
 from flask_babel import gettext
+from markupsafe import Markup
 from werkzeug.datastructures import FileStorage
 from wtforms import fields, ValidationError
-from wtforms.widgets import html_params, HTMLString
+from wtforms.widgets import html_params
 from .filemanager import FileManager, ImageManager
@@ -18,7 +19,6 @@ except ImportError:
 class BS3FileUploadFieldWidget(object):
     empty_template = (
         '<div class="input-group">'
         '<span class="input-group-addon"><i class="fa fa-upload"></i>'
@@ -45,7 +45,7 @@ class BS3FileUploadFieldWidget(object):
         template = self.data_template if field.data else self.empty_template
-        return HTMLString(
+        return Markup(
             template
             % {
                 "text": html_params(type="text", value=field.data),
@@ -56,7 +56,6 @@ class BS3FileUploadFieldWidget(object):
 class BS3ImageUploadFieldWidget(object):
     empty_template = (
         '<div class="input-group">'
         '<span class="input-group-addon"><span class="glyphicon glyphicon-upload"></span>'
@@ -94,7 +93,7 @@ class BS3ImageUploadFieldWidget(object):
         else:
             template = self.empty_template
-        return HTMLString(template % args)
+        return Markup(template % args)
     def get_url(self, field):
         im = ImageManager()
@@ -102,30 +101,30 @@ class BS3ImageUploadFieldWidget(object):
 # Fields
-class FileUploadField(fields.TextField):
+class FileUploadField(fields.StringField):
     """
-        Customizable file-upload field.
+    Customizable file-upload field.
-        Saves file to configured path, handles updates and deletions.
-        Inherits from `TextField`, resulting filename will be stored as string.
+    Saves file to configured path, handles updates and deletions.
+    Inherits from `StringField`, resulting filename will be stored as string.
     """
     widget = BS3FileUploadFieldWidget()
     def __init__(self, label=None, validators=None, filemanager=None, **kwargs):
         """
-            Constructor.
+        Constructor.
-            :param label:
-                Display label
-            :param validators:
-                Validators
+        :param label:
+            Display label
+        :param validators:
+            Validators
         """
         self.filemanager = filemanager or FileManager()
         self._should_delete = False
-        super(FileUploadField, self).__init__(label, validators, **kwargs)
+        super().__init__(label, validators, **kwargs)
     def process_on_delete(self, obj):
         """Override this method to make customised updates to the object
@@ -158,12 +157,12 @@ class FileUploadField(fields.TextField):
         ):
             raise ValidationError(gettext("Invalid file extension"))
-    def process(self, formdata, data=unset_value):
+    def process(self, formdata, data=unset_value, **kwargs):
         if formdata:
             marker = "_%s-delete" % self.name
             if marker in formdata:
                 self._should_delete = True
-        return super(FileUploadField, self).process(formdata, data)
+        return super().process(formdata, data, **kwargs)
     def populate_obj(self, obj, name):
         field = getattr(obj, name, None)
@@ -192,16 +191,15 @@ class FileUploadField(fields.TextField):
 class ImageUploadField(fields.StringField):
     """
-        Image upload field.
+    Image upload field.
     """
     widget = BS3ImageUploadFieldWidget()
     def __init__(self, label=None, validators=None, imagemanager=None, **kwargs):
         self.imagemanager = imagemanager or ImageManager()
         self._should_delete = False
-        super(ImageUploadField, self).__init__(label, validators, **kwargs)
+        super().__init__(label, validators, **kwargs)
     def pre_validate(self, form):
         if (
@@ -211,12 +209,12 @@ class ImageUploadField(fields.StringField):
         ):
             raise ValidationError(gettext("Invalid file extension"))
-    def process(self, formdata, data=unset_value):
+    def process(self, formdata, data=unset_value, **kwargs):
         if formdata:
             marker = "_%s-delete" % self.name
             if marker in formdata:
                 self._should_delete = True
-        return super(ImageUploadField, self).process(formdata, data)
+        return super().process(formdata, data, **kwargs)
     def populate_obj(self, obj, name):
         field = getattr(obj, name, None)

flask_appbuilder/urltools.py CHANGED Viewed

@@ -1,12 +1,15 @@
+import logging
 import re
 from flask import request
+log = logging.getLogger(__name__)
 class Stack(object):
     """
-        Stack data structure will not insert
-        equal sequential data
+    Stack data structure will not insert
+    equal sequential data
     """
     def __init__(self, list=None, size=5):
@@ -33,7 +36,7 @@ class Stack(object):
 def get_group_by_args():
     """
-        Get page arguments for group by
+    Get page arguments for group by
     """
     group_by = request.args.get("group_by")
     if not group_by:
@@ -43,10 +46,10 @@ def get_group_by_args():
 def get_page_args():
     """
-        Get page arguments, returns a dictionary
-        { <VIEW_NAME>: PAGE_NUMBER }
+    Get page arguments, returns a dictionary
+    { <VIEW_NAME>: PAGE_NUMBER }
-        Arguments are passed: page_<VIEW_NAME>=<PAGE_NUMBER>
+    Arguments are passed: page_<VIEW_NAME>=<PAGE_NUMBER>
     """
     pages = {}
@@ -59,10 +62,10 @@ def get_page_args():
 def get_page_size_args():
     """
-        Get page size arguments, returns an int
-        { <VIEW_NAME>: PAGE_NUMBER }
+    Get page size arguments, returns an int
+    { <VIEW_NAME>: PAGE_NUMBER }
-        Arguments are passed: psize_<VIEW_NAME>=<PAGE_SIZE>
+    Arguments are passed: psize_<VIEW_NAME>=<PAGE_SIZE>
     """
     page_sizes = {}
@@ -75,10 +78,10 @@ def get_page_size_args():
 def get_order_args():
     """
-        Get order arguments, return a dictionary
-        { <VIEW_NAME>: (ORDER_COL, ORDER_DIRECTION) }
+    Get order arguments, return a dictionary
+    { <VIEW_NAME>: (ORDER_COL, ORDER_DIRECTION) }
-        Arguments are passed like: _oc_<VIEW_NAME>=<COL_NAME>&_od_<VIEW_NAME>='asc'|'desc'
+    Arguments are passed like: _oc_<VIEW_NAME>=<COL_NAME>&_od_<VIEW_NAME>='asc'|'desc'
     """
     orders = {}
@@ -91,11 +94,28 @@ def get_order_args():
     return orders
-def get_filter_args(filters):
+def get_filter_args(filters, disallow_if_not_in_search=True):
+    """
+    Sets filters with the given current request args
+    Request arg filters are of the form "_flt_<DECIMAL>_<VIEW_NAME>_<COL_NAME>"
+    :param filters: Filter instance to apply the request filters on
+    :param disallow_if_not_in_search: If True, disallow filters that are not in the search
+    :return:
+    """
     filters.clear_filters()
-    for arg in request.args:
-        re_match = re.findall("_flt_(\d)_(.*)", arg)
-        if re_match:
-            filters.add_filter_index(
-                re_match[0][1], int(re_match[0][0]), request.args.get(arg)
-            )
+    request_args = set(request.args)
+    for arg in request_args:
+        re_match = re.findall(r"_flt_(\d)_(.*)", arg)
+        if not re_match:
+            continue
+        filter_index = int(re_match[0][0])
+        filter_column = re_match[0][1]
+        if (
+            filter_column not in filters.get_search_filters().keys()
+            and disallow_if_not_in_search
+        ):
+            log.warning("Filter column not allowed")
+            continue
+        filters.add_filter_index(filter_column, filter_index, request.args.getlist(arg))

flask_appbuilder/utils/base.py CHANGED Viewed

@@ -1,3 +1,52 @@
+from fnmatch import fnmatch
+import logging
+from typing import Any, Callable
+import unicodedata
+from urllib.parse import urlparse
+from flask import current_app, request
+from flask_babel import gettext
+from flask_babel.speaklater import LazyString
+log = logging.getLogger(__name__)
+def is_safe_redirect_url(url: str) -> bool:
+    if url.startswith("///"):
+        return False
+    try:
+        url_info = urlparse(url)
+    except ValueError:
+        return False
+    if not url_info.netloc and url_info.scheme:
+        return False
+    if unicodedata.category(url[0])[0] == "C":
+        return False
+    scheme = url_info.scheme
+    # Consider URLs without a scheme (e.g. //example.com/p) to be http.
+    if not url_info.scheme and url_info.netloc:
+        scheme = "http"
+    valid_schemes = ["http", "https"]
+    safe_hosts = current_app.config.get("FAB_SAFE_REDIRECT_HOSTS", [])
+    if not safe_hosts:
+        safe_hosts = [urlparse(request.host_url).netloc]
+    is_host_allowed = not url_info.netloc or any(
+        fnmatch(url_info.netloc, pattern) for pattern in safe_hosts
+    )
+    return is_host_allowed and (not scheme or scheme in valid_schemes)
+def get_safe_redirect(url):
+    if url and is_safe_redirect_url(url):
+        return url
+    log.warning("Invalid redirect detected, falling back to index")
+    return current_app.appbuilder.get_url_for_index
 def get_column_root_relation(column: str) -> str:
     if "." in column:
         return column.split(".")[0]
@@ -12,3 +61,30 @@ def get_column_leaf(column: str) -> str:
 def is_column_dotted(column: str) -> bool:
     return "." in column
+def _wrap_lazy_formatter_gettext(
+    string: str, lazy_formater: Callable[[str], str], **variables: Any
+) -> str:
+    return gettext(lazy_formater(string), **variables)
+def lazy_formatter_gettext(
+    string: str, lazy_formatter: Callable[[str], str], **variables: Any
+) -> LazyString:
+    """Formats a lazy_gettext string with a custom function
+    Example::
+        def custom_formatter(string: str) -> str:
+            if current_app.config["CONDITIONAL_KEY"]:
+                string += " . Condition key is on"
+            return string
+        hello = lazy_formatter_gettext(u'Hello World', custom_formatter)
+        @app.route('/')
+        def index():
+            return unicode(hello)
+    """
+    return LazyString(_wrap_lazy_formatter_gettext, string, lazy_formatter, **variables)

flask_appbuilder/utils/legacy.py ADDED Viewed

@@ -0,0 +1,33 @@
+from importlib.metadata import PackageNotFoundError, version
+from typing import Type, TYPE_CHECKING, Union
+if TYPE_CHECKING:
+    from flask_appbuilder.models.sqla.base import SQLA as SQLA
+    from flask_appbuilder.models.sqla.base_legacy import SQLA as SQLALegacy
+else:
+    SQLA = None  # type: ignore
+    SQLALegacy = None  # type: ignore
+def is_flask_sqlalchemy_2() -> bool:
+    """
+    Check if the installed version of flask-sqlalchemy is 2.x.x.
+    """
+    try:
+        fsqla_version = version("flask-sqlalchemy")
+    except PackageNotFoundError:
+        return False
+    major_version = int(fsqla_version.split(".")[0])
+    return major_version == 2
+def get_sqla_class() -> Union[Type[SQLA], Type[SQLALegacy]]:
+    """
+    Returns the SQLA class based on the version of flask-sqlalchemy installed.
+    """
+    if is_flask_sqlalchemy_2():
+        from flask_appbuilder.models.sqla.base_legacy import SQLA
+    else:
+        from flask_appbuilder.models.sqla.base import SQLA
+    return SQLA

flask_appbuilder/utils/limit.py ADDED Viewed

@@ -0,0 +1,20 @@
+import dataclasses
+from typing import Callable, Optional, Tuple, Union
+from flask import Response
+from flask_limiter import RequestLimit
+@dataclasses.dataclass
+class Limit:
+    limit_value: Union[Callable[[], str], str]
+    key_func: Callable[[], str]
+    scope: Optional[Union[str, Callable[[str], str]]] = None
+    methods: Optional[Tuple[str, ...]] = None
+    error_message: Optional[str] = None
+    exempt_when: Optional[Callable[[], bool]] = None
+    override_defaults: Optional[bool] = False
+    deduct_when: Optional[Callable[[Response], bool]] = None
+    on_breach: Optional[Callable[[RequestLimit], Optional[Response]]] = None
+    per_method: bool = False
+    cost: Optional[Union[Callable[[], int], int]] = None

flask_appbuilder/validators.py CHANGED Viewed

@@ -1,26 +1,46 @@
-from wtforms import ValidationError
+import re
+from typing import Optional
+from flask import current_app
+from flask_appbuilder.exceptions import PasswordComplexityValidationError
+from flask_appbuilder.models.base import BaseInterface
+from flask_babel import gettext
+from wtforms import Field, Form, ValidationError
-class Unique(object):
+password_complexity_regex = re.compile(
+    r"""(
+    ^(?=.*[A-Z].*[A-Z])                # at least two capital letters
+    (?=.*[^0-9a-zA-Z])                 # at least one of these special characters
+    (?=.*[0-9].*[0-9])                 # at least two numeric digits
+    (?=.*[a-z].*[a-z].*[a-z])          # at least three lower case letters
+    .{10,}                             # at least 10 total characters
+    $
+    )""",
+    re.VERBOSE,
+)
+class Unique:
     """
-        Checks field value unicity against specified table field.
-        :param datamodel:
-            The datamodel class, abstract layer for backend
-        :param col_name:
-            The unique column name.
-        :param message:
-            The error message.
+    WTForm field validator. Checks if field value is unique against
+    a specified table field.
     """
-    field_flags = ("unique",)
+    field_flags = {"unique": True}
-    def __init__(self, datamodel, col_name, message=None):
+    def __init__(
+        self, datamodel: BaseInterface, col_name: str, message: Optional[str] = None
+    ) -> None:
+        """
+        :param datamodel: The datamodel class, abstract layer for backend
+        :param col_name: The unique column name.
+        :param message: The error message.
+        """
         self.datamodel = datamodel
         self.col_name = col_name
         self.message = message
-    def __call__(self, form, field):
+    def __call__(self, form: Form, field: Field) -> None:
         filters = self.datamodel.get_filters().add_filter(
             self.col_name, self.datamodel.FilterEqual, field.data
         )
@@ -29,5 +49,44 @@ class Unique(object):
             # only test if Unique, if pk value is different on update.
             if not hasattr(form, "_id") or form._id != self.datamodel.get_keys(obj)[0]:
                 if self.message is None:
-                    self.message = field.gettext(u"Already exists.")
+                    self.message = field.gettext("Already exists.")
                 raise ValidationError(self.message)
+class PasswordComplexityValidator:
+    """
+    WTForm field validator. Calls a custom password validator, useful for imposing
+    password complexity for database Auth users.
+    """
+    def __call__(self, form: Form, field: Field) -> None:
+        if current_app.config.get("FAB_PASSWORD_COMPLEXITY_ENABLED", False):
+            password_complexity_validator = current_app.config.get(
+                "FAB_PASSWORD_COMPLEXITY_VALIDATOR", None
+            )
+            if password_complexity_validator is not None:
+                try:
+                    password_complexity_validator(field.data)
+                except PasswordComplexityValidationError as exc:
+                    raise ValidationError(str(exc))
+            else:
+                try:
+                    default_password_complexity(field.data)
+                except PasswordComplexityValidationError as exc:
+                    raise ValidationError(str(exc))
+def default_password_complexity(password: str) -> None:
+    """
+    FAB's default password complexity validator, set FAB_PASSWORD_COMPLEXITY_ENABLED
+    to True to enable it
+    """
+    match = re.search(password_complexity_regex, password)
+    if not match:
+        raise PasswordComplexityValidationError(
+            gettext(
+                "Must have at least two capital letters,"
+                " one special character, two digits, three lower case letters and"
+                " a minimal length of 10."
+            )
+        )

flask-appbuilder 3.2.1rc1__py3-none-any.whl → 5.0.2rc1__py3-none-any.whl

flask-appbuilder 3.2.1rc1py3-none-any.whl → 5.0.2rc1py3-none-any.whl