jaaql-middleware-python 4.21.23__tar.gz → 4.21.25__tar.gz

{jaaql-middleware-python-4.21.23/jaaql_middleware_python.egg-info → jaaql-middleware-python-4.21.25}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: jaaql-middleware-python
-Version: 4.21.23
+Version: 4.21.25
 Summary: The jaaql package, allowing for rapid development and deployment of RESTful HTTP applications
 Home-page: https://github.com/JAAQL/JAAQL-middleware-python
 Author: Software Quality Measurement and Improvement bv

{jaaql-middleware-python-4.21.23 → jaaql-middleware-python-4.21.25}/jaaql/constants.py

@@ -3,7 +3,6 @@ import socket
 
 KEY__username = "username"
 KEY__password = "password"
-KEY__dbms_user = "dbms_user"
 KEY__remember_me = "remember_me"
 KEY__attach_as = "attach_as"
 KEY__ip_address = "ip_address"
@@ -38,6 +37,7 @@ KEY__query = "query"
 KEY__security_key = "security_key"
 KEY__id = "id"
 KEY__oauth_token = "oauth_token"
+KEY__accounts = "accounts"
 
 REGEX__dmbs_object_name = r'^[0-9a-zA-Z_]{1,32}$'
 
@@ -164,5 +164,5 @@ ROLE__postgres = "postgres"
 
 PROTOCOL__postgres = "postgresql://"
 
-VERSION = "4.21.23"
+VERSION = "4.21.25"
 

{jaaql-middleware-python-4.21.23 → jaaql-middleware-python-4.21.25}/jaaql/documentation/documentation_public.py

@@ -33,6 +33,31 @@ DOCUMENTATION__create_account = SwaggerDocumentation(
     )
 )
 
+DOCUMENTATION__create_account_batch = SwaggerDocumentation(
+    tags="Admin",
+    methods=SwaggerMethod(
+        method=REST__POST,
+        name="Create account batch",
+        description="Will create a batch of accounts, if you have privileges to do so",
+        body=SwaggerArgumentResponse(
+            name=KEY__accounts,
+            description="A list of the accounts",
+            arg_type=SwaggerList(
+                ARG_RES__username,
+                set_nullable(ARG_RES__password, "Whether the user is given a password"),
+                SwaggerArgumentResponse(
+                    name=KEY__attach_as,
+                    description="Whether the user will attach as a role",
+                    arg_type=str,
+                    required=False,
+                    condition="Defaults to false",
+                    example="my-role"
+                )
+            )
+        )
+    )
+)
+
 DOCUMENTATION__password = SwaggerDocumentation(
     tags="Account",
     methods=SwaggerMethod(
@@ -166,15 +191,6 @@ DOCUMENTATION__emails = SwaggerDocumentation(
     )
 )
 
-ARG_RES__dbms_user = SwaggerArgumentResponse(
-    name=KEY__dbms_user,
-    description="The id of the dmbs user",
-    arg_type=str,
-    lower=True,
-    strip=True,
-    example=[str(uuid.uuid4()), str(uuid.uuid4())]
-)
-
 DOCUMENTATION__sign_up = SwaggerDocumentation(
     tags="Signup",
     # Explicitly set sign up to true to enforce design decision. We use the attempted insert of the current user (which can be the public user) as security

{jaaql-middleware-python-4.21.23 → jaaql-middleware-python-4.21.25}/jaaql/email/email_manager_service.py

@@ -388,7 +388,7 @@ class EmailManagerService:
         if conn is None:
             raise Exception("Could not connect to email dispatcher '%s' with address '%s:%d'" % dispatcher_key, host, port)
 
-        context = ssl.SSLContext(ssl.PROTOCOL_TLS)
+        context = ssl.create_default_context()
 
         conn.starttls(context=context)
         conn.login(username, password)

{jaaql-middleware-python-4.21.23 → jaaql-middleware-python-4.21.25}/jaaql/mvc/controller.py

@@ -67,6 +67,10 @@ class JAAQLController(BaseJAAQLController):
         def accounts(connection: DBInterface, http_inputs: dict):
             self.model.create_account_with_potential_password(connection, **http_inputs)
 
+        @self.publish_route('/accounts/batch', DOCUMENTATION__create_account_batch)
+        def accounts(connection: DBInterface, http_inputs: dict):
+            self.model.create_account_batch_with_potential_password(connection, **http_inputs)
+
         @self.publish_route('/prepare', DOCUMENTATION__prepare)
         def prepare(http_inputs: dict, account_id: str):
             return self.model.prepare_queries(http_inputs, account_id)
@@ -88,16 +92,16 @@ class JAAQLController(BaseJAAQLController):
             self.model.attach_dispatcher_credentials(connection, http_inputs)
 
         @self.publish_route('/sign-up', DOCUMENTATION__sign_up)
-        def sign_up(http_inputs: dict, account_id: str):
-            return self.model.sign_up(http_inputs, account_id)
+        def sign_up(http_inputs: dict, account_id: str, is_the_anonymous_user: bool):
+            return self.model.sign_up(http_inputs, account_id, is_the_anonymous_user)
 
         @self.publish_route('/email', DOCUMENTATION__emails)
         def send_email(is_the_anonymous_user: bool, account_id: str, http_inputs: dict, username: str, auth_token: str):
             return self.model.send_email(is_the_anonymous_user, account_id, http_inputs, username, auth_token)
 
         @self.publish_route('/account/reset-password', DOCUMENTATION__reset_password)
-        def reset_password(http_inputs: dict):
-            return self.model.reset_password(http_inputs)
+        def reset_password(http_inputs: dict, is_the_anonymous_user: bool):
+            return self.model.reset_password(http_inputs, is_the_anonymous_user)
 
         @self.publish_route('/security-event', DOCUMENTATION__security_event)
         def security_event(http_inputs: dict):

{jaaql-middleware-python-4.21.23 → jaaql-middleware-python-4.21.25}/jaaql/mvc/exception_queries.py

@@ -1,5 +1,5 @@
 """
-This script was generated from jaaql.exceptions.fxls at 2023-11-02, 21:56:22
+This script was generated from jaaql.exceptions.fxls at 2024-02-11, 00:36:29
 """
 
 from jaaql.utilities.crypt_utils import get_repeatable_salt
@@ -11,8 +11,8 @@ def add_account_password(
     account__id, account_password__hash
 ):
     account_password__uuid = account_password__insert(
-        connection, encryption_key, account__id,
-        account_password__hash,
+        connection, encryption_key, account__id, 
+        account_password__hash, 
         encryption_salts={KG__account_password__hash: get_repeatable_salt(vault_repeatable_salt, account__id)}
     )[KG__account_password__uuid]
 
@@ -83,9 +83,10 @@ def fetch_account_from_username(
     )
 
 
-QUERY__create_account = "SELECT create_account(:username, :attach_as, :already_exists, :is_the_anonymous_user) as account_id"
+QUERY__create_account = "SELECT create_account(:username, :attach_as, :already_exists, :is_the_anonymous_user, :allow_already_exists) as account_id"
 KEY__attach_as = "attach_as"
 KEY__already_exists = "already_exists"
+KEY__allow_already_exists = "allow_already_exists"
 KEY__username = "username"
 KEY__is_the_anonymous_user = "is_the_anonymous_user"
 KEY__account_id = "account_id"
@@ -93,14 +94,16 @@ KEY__account_id = "account_id"
 
 def create_account(
     connection: DBInterface, encryption_key: bytes, vault_repeatable_salt: str,
-    username, attach_as=None, already_exists=False, is_the_anonymous_user=False
+    username, attach_as=None, already_exists=False, is_the_anonymous_user=False,
+    allow_already_exists=False
 ):
     return execute_supplied_statement_singleton(
         connection, QUERY__create_account, {
             KEY__username: username,
             KEY__attach_as: attach_as,
             KEY__already_exists: already_exists,
-            KEY__is_the_anonymous_user: is_the_anonymous_user
+            KEY__is_the_anonymous_user: is_the_anonymous_user,
+            KEY__allow_already_exists: allow_already_exists
         }, encryption_salts={
             KG__account__username: get_repeatable_salt(vault_repeatable_salt)
         }, as_objects=True, encryption_key=encryption_key, encrypt_parameters=[KG__account__username]

{jaaql-middleware-python-4.21.23 → jaaql-middleware-python-4.21.25}/jaaql/mvc/generated_queries.py

@@ -1,5 +1,5 @@
 """
-This script was generated from jaaql.fxli at 09/05/2023, 23:01:02
+This script was generated from jaaql.fxli at 2024-02-11, 00:36:29
 """
 
 from jaaql.db.db_interface import DBInterface
@@ -453,6 +453,7 @@ KG__email_template__name = "name"
 KG__email_template__type = "type"
 KG__email_template__content_url = "content_url"
 KG__email_template__validation_schema = "validation_schema"
+KG__email_template__dbms_user_column_name = "dbms_user_column_name"
 KG__email_template__data_validation_table = "data_validation_table"
 KG__email_template__data_validation_view = "data_validation_view"
 KG__email_template__dispatcher_domain_recipient = "dispatcher_domain_recipient"
@@ -463,12 +464,12 @@ QG__email_template_delete = "DELETE FROM email_template WHERE application = :app
 QG__email_template_insert = """
     INSERT INTO email_template (application, dispatcher, name,
         type, content_url, validation_schema,
-        data_validation_table, data_validation_view, dispatcher_domain_recipient,
-        can_be_sent_anonymously)
+        dbms_user_column_name, data_validation_table, data_validation_view,
+        dispatcher_domain_recipient, can_be_sent_anonymously)
     VALUES (:application, :dispatcher, :name,
         :type, :content_url, :validation_schema,
-        :data_validation_table, :data_validation_view, :dispatcher_domain_recipient,
-        :can_be_sent_anonymously)
+        :dbms_user_column_name, :data_validation_table, :data_validation_view,
+        :dispatcher_domain_recipient, :can_be_sent_anonymously)
 """
 QG__email_template_select_all = "SELECT * FROM email_template"
 QG__email_template_select = "SELECT * FROM email_template WHERE application = :application AND name = :name"
@@ -480,6 +481,7 @@ QG__email_template_update = """
         type = COALESCE(:type, type),
         content_url = COALESCE(:content_url, content_url),
         validation_schema = COALESCE(:validation_schema, validation_schema),
+        dbms_user_column_name = COALESCE(:dbms_user_column_name, dbms_user_column_name),
         data_validation_table = COALESCE(:data_validation_table, data_validation_table),
         data_validation_view = COALESCE(:data_validation_view, data_validation_view),
         dispatcher_domain_recipient = COALESCE(:dispatcher_domain_recipient, dispatcher_domain_recipient),
@@ -508,8 +510,8 @@ def email_template__update(
     connection: DBInterface,
     application, name,
     dispatcher=None, type=None, content_url=None,
-    validation_schema=None, data_validation_table=None, data_validation_view=None,
-    dispatcher_domain_recipient=None, can_be_sent_anonymously=None
+    validation_schema=None, dbms_user_column_name=None, data_validation_table=None,
+    data_validation_view=None, dispatcher_domain_recipient=None, can_be_sent_anonymously=None
 ):
     execute_supplied_statement(
         connection, QG__email_template_update,
@@ -523,6 +525,7 @@ def email_template__update(
             KG__email_template__type: type,
             KG__email_template__content_url: content_url,
             KG__email_template__validation_schema: validation_schema,
+            KG__email_template__dbms_user_column_name: dbms_user_column_name,
             KG__email_template__data_validation_table: data_validation_table,
             KG__email_template__data_validation_view: data_validation_view,
             KG__email_template__dispatcher_domain_recipient: dispatcher_domain_recipient,
@@ -560,8 +563,8 @@ def email_template__insert(
     connection: DBInterface,
     application, dispatcher, name,
     type, content_url,
-    validation_schema=None, data_validation_table=None, data_validation_view=None,
-    dispatcher_domain_recipient=None, can_be_sent_anonymously=None
+    validation_schema=None, dbms_user_column_name=None, data_validation_table=None,
+    data_validation_view=None, dispatcher_domain_recipient=None, can_be_sent_anonymously=None
 ):
     execute_supplied_statement(
         connection, QG__email_template_insert,
@@ -572,6 +575,7 @@ def email_template__insert(
             KG__email_template__type: type,
             KG__email_template__content_url: content_url,
             KG__email_template__validation_schema: validation_schema,
+            KG__email_template__dbms_user_column_name: dbms_user_column_name,
             KG__email_template__data_validation_table: data_validation_table,
             KG__email_template__data_validation_view: data_validation_view,
             KG__email_template__dispatcher_domain_recipient: dispatcher_domain_recipient,

{jaaql-middleware-python-4.21.23 → jaaql-middleware-python-4.21.25}/jaaql/mvc/model.py

@@ -93,8 +93,6 @@ SIGNUP__started = 1
 SIGNUP__already_registered = 2
 SIGNUP__completed = 3
 
-SPECIAL_COLUMN_DBMS_USER = "dbms_user"
-
 
 class JAAQLModel(BaseJAAQLModel):
     VERIFICATION_QUEUE = None
@@ -106,16 +104,24 @@ class JAAQLModel(BaseJAAQLModel):
         raise HttpStatusException("Not yet implemented", response_code=HTTPStatus.NOT_IMPLEMENTED)
 
     def create_account_with_potential_password(self, connection: DBInterface, username: str, attach_as: str = None, password: str = None,
-                                               already_exists: bool = False, is_the_anonymous_user: bool = False):
+                                               already_exists: bool = False, is_the_anonymous_user: bool = False, allow_already_exists: bool = False):
         account_id = create_account(connection, self.get_db_crypt_key(), self.get_vault_repeatable_salt(),
                                     username, attach_as, already_exists,
-                                    is_the_anonymous_user)
+                                    is_the_anonymous_user, allow_already_exists)
 
-        if password:
+        if password and account_id != "account_already_existed":
             self.add_account_password(account_id, password)
 
+        if account_id == "account_already_existed":
+            account_id = attach_as
+
         return account_id
 
+    def create_account_batch_with_potential_password(self, connection: DBInterface, accounts: list):
+        for cur_input in accounts:
+            self.create_account_with_potential_password(connection, cur_input[KEY__username], cur_input[KEY__attach_as], cur_input[KEY__password],
+                                                        allow_already_exists=True)
+
     def validate_query(self, queries: list, query, allow_list=True):
         if isinstance(query, list) and allow_list:
             for sub_query in query:
@@ -328,15 +334,15 @@ WHERE
         if self.is_container:
             if not self.vault.get_obj(VAULT_KEY__allow_jaaql_uninstall):
                 raise HttpStatusException("JAAQL not permitted to uninstall itself")
-
+            DBPGInterface.close_all_pools()
             subprocess.call("./pg_reboot.sh", cwd="/")
         else:
             subprocess.call("docker kill jaaql_pg")
             subprocess.call("docker rm jaaql_pg")
             subprocess.Popen("docker run --name jaaql_pg -p 5434:5432 jaaql/jaaql_pg", start_new_session=True, creationflags=0x00000008)
             time.sleep(7.5)
+            DBPGInterface.close_all_pools()
 
-        DBPGInterface.close_all_pools()
         self.jaaql_lookup_connection = None
         self.install_key = str(uuid.uuid4())
         self.install(
@@ -637,20 +643,23 @@ WHERE
 
         self.mark_security_event_unlocked(sec_evt)
 
-        if template[KG__email_template__type] == EMAIL_TYPE__signup:
-            data_relation = template[KG__email_template__data_validation_view]
-            submit_data = {
-                KEY__schema: template[KG__email_template__validation_schema],
-                KEY__application: template[KEY__application],
-                KEY_parameters: {
-                    "signed_up_at": datetime.now(),
-                    "dbms_user": sec_evt[KG__security_event__account]
-                },
-                KEY_query: f'UPDATE {data_relation} SET signed_up_at = :signed_up_at WHERE dbms_user = :dbms_user AND signed_up_at is null'  # Ignore pycharm PEP issue
-            }
-            # We now get the data that can be shown in the email
-            submit(self.vault, self.config, self.get_db_crypt_key(), self.jaaql_lookup_connection, submit_data,
-                   self.jaaql_lookup_connection.role, None, self.cached_canned_query_service)
+        # TODO maybe someday we'll add this back in
+        # if template[KG__email_template__type] == EMAIL_TYPE__signup:
+        #     data_relation = template[KG__email_template__data_validation_view]
+        #     dbms_user_column_name = template[KG__email_template__dbms_user_column_name]
+        #     submit_data = {
+        #         KEY__schema: template[KG__email_template__validation_schema],
+        #         KEY__application: template[KEY__application],
+        #         KEY_parameters: {
+        #             "signed_up_at": datetime.now(),
+        #             dbms_user_column_name: sec_evt[KG__security_event__account]
+        #         },
+        #         KEY_query: f'UPDATE {data_relation} SET signed_up_at = :signed_up_at WHERE {dbms_user_column_name} = :{dbms_user_column_name} AND signed_up_at is null'
+        #         # Ignore pycharm PEP issue
+        #     }
+        #     # We now get the data that can be shown in the email
+        #     submit(self.vault, self.config, self.get_db_crypt_key(), self.jaaql_lookup_connection, submit_data,
+        #            self.jaaql_lookup_connection.role, None, self.cached_canned_query_service)
 
         return {
             KEY__parameters: parameters,
@@ -715,7 +724,10 @@ WHERE
                                                     attachments=attachments, attachment_access_token=auth_token,
                                                     attachment_base_url=attachment_base_url)
 
-    def reset_password(self, inputs: dict):
+    def reset_password(self, inputs: dict, is_the_anonymous_user: bool):
+        if is_the_anonymous_user:
+            raise HttpStatusException("Cannot change this user's password")
+
         app = application__select(self.jaaql_lookup_connection, inputs[KG__security_event__application])
         if inputs[KEY__reset_password_template] is None:
             inputs[KEY__reset_password_template] = app[KG__application__default_r_et]
@@ -785,8 +797,9 @@ WHERE
             KG__security_event__event_lock: reg_env_ins[KG__security_event__event_lock]
         }
 
-    def sign_up(self, inputs: dict, account_id: str):
+    def sign_up(self, inputs: dict, account_id: str, is_the_anonymous_user: bool):
         app = application__select(self.jaaql_lookup_connection, inputs[KG__security_event__application])
+
         if inputs[KEY__sign_up_template] is None:
             inputs[KEY__sign_up_template] = app[KG__application__default_s_et]
         if inputs[KEY__already_signed_up_template] is None:
@@ -803,11 +816,17 @@ WHERE
         if sign_up_template[KG__email_template__type] != EMAIL_TYPE__signup:
             raise HttpStatusException(ERR__template_not_signup)
 
+        dbms_user_column_name = sign_up_template[KG__email_template__dbms_user_column_name]
+
         already_signed_up_template = email_template__select(self.jaaql_lookup_connection, inputs[KG__security_event__application],
                                                             inputs[KEY__already_signed_up_template])
         if already_signed_up_template[KG__email_template__type] != EMAIL_TYPE__already_signed_up:
             raise HttpStatusException(ERR__template_not_already)
 
+        if is_the_anonymous_user and (not already_signed_up_template[KG__email_template__can_be_sent_anonymously] or
+                                      not sign_up_template[KG__email_template__can_be_sent_anonymously]):
+            raise HttpStatusException("Cannot sign up publicly using this route")
+
         conn = None
         account_db_interface = None
 
@@ -825,17 +844,16 @@ WHERE
             ret = submit(self.vault, self.config, self.get_db_crypt_key(), self.jaaql_lookup_connection, submit_data, account_id, None,
                          self.cached_canned_query_service, as_objects=False, singleton=True, keep_alive_conn=True, conn=conn, interface=account_db_interface)
             ret = objectify(ret[list(ret.keys())[-1]], singleton=True)
-
             # This is the permissions check. It is an update that returns something that is ignored
             # An exception will be triggered here if the user does not have permissions
             where_clause = " AND ".join(['"' + key + '" = :' + key for key in ret.keys() if re.match(REGEX__dmbs_object_name, key) is not None])
             if len(where_clause) != 0:
                 where_clause = " AND " + where_clause
             sign_up_table = sign_up_template[KG__email_template__data_validation_table]
-            upt_query = f'UPDATE "{sign_up_table}" SET dbms_user = :dbms_user WHERE dbms_user is null{where_clause}'  # Ignore pycharm pep issue
+            upt_query = f'UPDATE "{sign_up_table}" SET "{dbms_user_column_name}" = :{dbms_user_column_name} WHERE {dbms_user_column_name} is null{where_clause}'  # Ignore pycharm pep issue
             submit_data[KEY_query] = upt_query
             submit_data[KEY_parameters] = ret
-            submit_data[KEY_parameters][SPECIAL_COLUMN_DBMS_USER] = None
+            submit_data[KEY_parameters][dbms_user_column_name] = None
             submit(self.vault, self.config, self.get_db_crypt_key(), self.jaaql_lookup_connection, submit_data, account_id,
                    None, self.cached_canned_query_service, keep_alive_conn=True, conn=conn, interface=account_db_interface)
 
@@ -848,7 +866,7 @@ WHERE
                     KEY__application: inputs[KG__security_event__application],
                     KEY__schema: sign_up_template[KG__email_template__validation_schema],
                     KEY_parameters: inputs[KEY__parameters],
-                    KEY_query: f'SELECT dbms_user FROM {data_relation} WHERE {where_clause[5:]}'  # Ignore pycharm PEP issue
+                    KEY_query: f'SELECT {dbms_user_column_name} FROM {data_relation} WHERE {where_clause[5:]}'  # Ignore pycharm PEP issue
                 }
 
                 try:
@@ -856,7 +874,7 @@ WHERE
                                        self.jaaql_lookup_connection, get_user_data,
                                        self.jaaql_lookup_connection.role, None,
                                        self.cached_canned_query_service, as_objects=True,
-                                       singleton=True)["dbms_user"]
+                                       singleton=True)[dbms_user_column_name]
 
                     account = account__select(self.jaaql_lookup_connection, self.get_db_crypt_key(), dbms_user)
                     inputs[KEY__username] = account[KG__account__username]
@@ -879,7 +897,7 @@ WHERE
 
             # We set the dbms user in the application. This can potentially cause an index clash due to a unique index on the dbms_user column
             # This is desirable in many situations but will allow username enumeration
-            submit_data[KEY__parameters][SPECIAL_COLUMN_DBMS_USER] = new_account_id
+            submit_data[KEY__parameters][dbms_user_column_name] = new_account_id
             submit(self.vault, self.config, self.get_db_crypt_key(), self.jaaql_lookup_connection, submit_data, account_id,
                    None, self.cached_canned_query_service, keep_alive_conn=True, conn=conn, interface=account_db_interface)
 
@@ -903,11 +921,16 @@ WHERE
             # We will change the model in the future when time allows that we have a single sign up and reset template with alternatives attached
             if re.match(REGEX__dmbs_object_name, data_relation) is None:
                 raise HttpStatusException("Unsafe data relation specified for sign up")
-            submit_data[KEY_query] = f'SELECT * FROM {data_relation} WHERE dbms_user = :dbms_user{where_clause}'  # Ignore pycharm PEP issue
+            submit_data[KEY_query] = f'SELECT * FROM {data_relation} WHERE "{dbms_user_column_name}" = :{dbms_user_column_name}{where_clause}'  # Ignore pycharm PEP issue
             # We now get the data that can be shown in the email
-            email_replacement_data = submit(self.vault, self.config, self.get_db_crypt_key(), self.jaaql_lookup_connection, submit_data,
-                                            self.jaaql_lookup_connection.role, None, self.cached_canned_query_service, as_objects=True,
-                                            singleton=True)
+            try:
+                email_replacement_data = submit(self.vault, self.config, self.get_db_crypt_key(), self.jaaql_lookup_connection, submit_data,
+                                                self.jaaql_lookup_connection.role, None, self.cached_canned_query_service, as_objects=True,
+                                                singleton=True)
+            except HttpSingletonStatusException:
+                del submit_data[KEY__parameters][dbms_user_column_name]
+                raise HttpSingletonStatusException(f'Unable to locate email data. Please check that the data returned from your input query (do _not_ include {
+                    dbms_user_column_name}) matches an entry in {data_relation}: ' + json.dumps(submit_data, indent=4))
 
             template = already_signed_up_template if account_existed else sign_up_template
             unlock_code = self.gen_security_event_unlock_code(CODE__letters, CODE__invite_length)

{jaaql-middleware-python-4.21.23 → jaaql-middleware-python-4.21.25}/jaaql/openapi/swagger_documentation.py

@@ -144,7 +144,7 @@ TYPE__exceptions = Optional[Union[List[SwaggerResponseException], SwaggerRespons
 class SwaggerSimpleList:
 
     def __init__(self, arg_type: type, description: str, example: Optional[TYPE__example] = None,
-                 required: bool = False, condition: str = None):
+                 required: bool = True, condition: str = None):
         self.arg_type = arg_type
         self.description = description
         self.example = example

{jaaql-middleware-python-4.21.23 → jaaql-middleware-python-4.21.25}/jaaql/scripts/01.install_domains.generated.sql

@@ -11,16 +11,16 @@ CREATE DOMAIN internet_name AS character varying(63) CHECK (VALUE ~* '^[a-z0-9\-
 CREATE DOMAIN url AS character varying(256);
 CREATE DOMAIN location AS character varying(256);
 CREATE DOMAIN object_name AS character varying(63) CHECK (VALUE ~* '^[a-z0-9_]*$');
-CREATE DOMAIN validity_period AS integer;
-CREATE DOMAIN short_validity_period AS integer;
+CREATE DOMAIN validity_period AS integer CHECK (VALUE between 15 and 9999999);
+CREATE DOMAIN short_validity_period AS integer CHECK (VALUE between 15 and 86400);
 CREATE DOMAIN person_name AS character varying(64);
 CREATE DOMAIN email_dispatch_protocol AS character varying(8);
-CREATE DOMAIN internet_port AS integer;
+CREATE DOMAIN internet_port AS integer CHECK (VALUE between 1 and 65536);
 CREATE DOMAIN email_server_username AS character varying(255);
 CREATE DOMAIN postgres_role AS character varying(63);
-CREATE DOMAIN attempt_count AS smallint;
+CREATE DOMAIN attempt_count AS smallint CHECK (VALUE between 1 and 3);
 CREATE DOMAIN email_template_type AS character varying(1);
 CREATE DOMAIN safe_path AS character varying(255) CHECK (VALUE ~* '^[a-z$0-9_\-\/]+(\.[a-zA-Z0-9]+)?$');
 CREATE DOMAIN email_account_username AS character varying(64) CHECK (VALUE ~* '^[a-zA-Z0-9_\-\.]+$');
-CREATE DOMAIN current_attempt_count AS smallint;
+CREATE DOMAIN current_attempt_count AS smallint CHECK (VALUE between 0 and 3);
 CREATE DOMAIN unlock_code AS character varying(10);

{jaaql-middleware-python-4.21.23 → jaaql-middleware-python-4.21.25}/jaaql/scripts/02.install_super_user.exceptions.sql

@@ -1,11 +1,18 @@
-create function create_account(username text, attach_as postgres_role = null, already_exists boolean = false, is_the_anonymous_user boolean = false) returns postgres_role as
+create function create_account(username text, attach_as postgres_role = null, already_exists boolean = false, is_the_anonymous_user boolean = false, allow_already_exists boolean = false) returns postgres_role as
 $$
 DECLARE
     account_id postgres_role;
 BEGIN
     if attach_as is not null then
         if not already_exists then
-            EXECUTE 'CREATE ROLE ' || quote_ident(attach_as);
+            BEGIN
+                EXECUTE 'CREATE ROLE ' || quote_ident(attach_as);
+            EXCEPTION WHEN duplicate_object THEN
+                IF NOT allow_already_exists THEN
+                    RAISE;
+                END IF;
+                return 'account_already_existed';
+            END;
         end if;
         INSERT INTO account (id, username) VALUES (attach_as, create_account.username) RETURNING id INTO account_id;
     else