kinto 23.2.1__py3-none-any.whl

kinto/plugins/admin/build/index.html

@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <meta charset="utf-8">
+    <title>Kinto Administration</title>
+    <meta name="viewport" content="width=device-width,initial-scale=1">
+    <link rel="icon" type="image/x-icon" href="../images/favicon.png">
+  <script type="module" crossorigin src="/v1/admin/assets/index-DJ0m93zA.js"></script>
+  <link rel="stylesheet" crossorigin href="/v1/admin/assets/index-CYFwtKtL.css">
+</head>
+
+<body>
+    <div id="app"></div>
+</body>
+
+
+</html>

kinto/plugins/admin/public/help.html

@@ -0,0 +1,25 @@
+<html>
+<body>
+    <h1>Kinto Admin</h1>
+    <section>
+        <h2>What's wrong?</h2>
+        The Kinto-Admin UI is a <a href="https://github.com/Kinto/kinto-admin/">JavaScript project</a>
+        which is not fully delivered with the server source code.
+    </section>
+    <section>
+        <h2>Build and run locally</h2>
+        <p>In order to get a local Kinto Admin running at this address, just run the
+        following command:
+        </p>
+        <code>make pull-kinto-admin</code>
+        <p>Restart the server and refresh!</p>
+    </section>
+    <section>
+        <h2>...or use our online version!</h2>
+        The Kinto Admin is a fully static Web application. That means you can use
+        the online version on your local server.
+        Just navigate to <a href="http://kinto.github.io/kinto-admin/">http://kinto.github.io/kinto-admin/</a>
+        and set the server address to <em>http://localhost:8888/v1</em>.
+    </section>
+</body>
+</html>

kinto/plugins/admin/views.py

@@ -0,0 +1,42 @@
+import os
+
+from kinto.core.decorators import cache_forever
+
+
+HERE = os.path.dirname(__file__)
+
+
+# Configured home page
+@cache_forever
+def admin_home_view(request):
+    """
+    This view reads the ``index.html`` file from the Admin assets path folder
+    and serves it.
+
+    This requires the Admin UI to be built with ``ASSET_PATH="/v1/admin/"``.
+    """
+    # Default location of the Admin UI is relative to this plugin source folder,
+    # as pulled with the ``make pull-kinto-admin`` command.
+    admin_assets_path = request.registry.settings["admin_assets_path"] or os.path.join(
+        HERE, "build"
+    )
+    try:
+        with open(os.path.join(admin_assets_path, "index.html")) as f:
+            page_content = f.read()
+    except FileNotFoundError:  # pragma: no cover
+        with open(os.path.join(HERE, "public", "help.html")) as f:
+            page_content = f.read()
+
+    # Add Content-Security-Policy HTTP response header to protect against XSS:
+    # only allow from local domain:
+    allow_local_only = "; ".join(
+        (
+            "default-src 'self'",
+            "img-src data: *",
+            "script-src 'self' 'unsafe-inline' 'unsafe-eval'",
+            "style-src 'self' 'unsafe-inline'",
+        )
+    )
+    request.response.headers["Content-Security-Policy"] = allow_local_only
+
+    return page_content

kinto/plugins/default_bucket/__init__.py

@@ -0,0 +1,191 @@
+import uuid
+
+from pyramid import httpexceptions
+from pyramid.authorization import Authenticated
+from pyramid.security import NO_PERMISSION_REQUIRED
+from pyramid.settings import asbool
+
+from kinto.authorization import RouteFactory
+from kinto.core import get_user_info as core_get_user_info
+from kinto.core.errors import raise_invalid
+from kinto.core.events import ACTIONS
+from kinto.core.storage.exceptions import UnicityError
+from kinto.core.utils import build_request, hmac_digest, instance_uri, reapply_cors, view_lookup
+from kinto.views.buckets import Bucket
+from kinto.views.collections import Collection
+
+
+def create_bucket(request, bucket_id):
+    """Create a bucket if it doesn't exists."""
+    bucket_put = request.method.lower() == "put" and request.path.endswith("buckets/default")
+    # Do nothing if current request will already create the bucket.
+    if bucket_put:
+        return
+
+    # Do not intent to create multiple times per request (e.g. in batch).
+    already_created = request.bound_data.setdefault("buckets", {})
+    if bucket_id in already_created:
+        return
+
+    bucket_uri = instance_uri(request, "bucket", id=bucket_id)
+    bucket = resource_create_object(request=request, resource_cls=Bucket, uri=bucket_uri)
+    already_created[bucket_id] = bucket
+
+
+def create_collection(request, bucket_id):
+    # Do nothing if current request does not involve a collection.
+    subpath = request.matchdict.get("subpath")
+    if not (subpath and subpath.rstrip("/").startswith("collections/")):
+        return
+
+    collection_id = subpath.split("/")[1]
+    collection_uri = instance_uri(request, "collection", bucket_id=bucket_id, id=collection_id)
+
+    # Do not intent to create multiple times per request (e.g. in batch).
+    already_created = request.bound_data.setdefault("collections", {})
+    if collection_uri in already_created:
+        return
+
+    # Do nothing if current request will already create the collection.
+    collection_put = request.method.lower() == "put" and request.path.endswith(collection_id)
+    if collection_put:
+        return
+
+    collection = resource_create_object(
+        request=request, resource_cls=Collection, uri=collection_uri
+    )
+    already_created[collection_uri] = collection
+
+
+def resource_create_object(request, resource_cls, uri):
+    """Implicitly create a resource (or fail silently).
+
+    In the default bucket, the bucket and collection are implicitly
+    created. This helper creates one of those resources using a
+    simulated request and context that is appropriate for the
+    resource. Also runs create events as though the resource were
+    created in a subrequest.
+
+    If the resource already exists, do nothing.
+
+    """
+    resource_name, matchdict = view_lookup(request, uri)
+
+    # Build a fake request, mainly used to populate the create events that
+    # will be triggered by the resource.
+    fakerequest = build_request(request, {"method": "PUT", "path": uri})
+    fakerequest.matchdict = matchdict
+    fakerequest.bound_data = request.bound_data
+    fakerequest.authn_type = request.authn_type
+    fakerequest.selected_userid = request.selected_userid
+    fakerequest.errors = request.errors
+    fakerequest.current_resource_name = resource_name
+
+    obj_id = matchdict["id"]
+
+    # Fake context, required to instantiate a resource.
+    context = RouteFactory(fakerequest)
+    context.resource_name = resource_name
+    resource = resource_cls(fakerequest, context)
+
+    # Check that provided id is valid for this resource.
+    if not resource.model.id_generator.match(obj_id):
+        error_details = {"location": "path", "description": f"Invalid {resource_name} id"}
+        raise_invalid(resource.request, **error_details)
+
+    data = {"id": obj_id}
+    try:
+        obj = resource.model.create_object(data)
+    except UnicityError:
+        # The record already exists; skip running events
+        return {}
+
+    # Since the current request is not a resource (but a straight Service),
+    # we simulate a request on a resource.
+    # This will be used in the resource event payload.
+    resource.postprocess(obj, action=ACTIONS.CREATE)
+    return obj
+
+
+def default_bucket(request):
+    if request.method.lower() == "options":
+        path = request.path.replace("default", "unknown")
+        subrequest = build_request(request, {"method": "OPTIONS", "path": path})
+        return request.invoke_subrequest(subrequest)
+
+    if Authenticated not in request.effective_principals:
+        # Pass through the forbidden_view_config
+        raise httpexceptions.HTTPForbidden()
+
+    settings = request.registry.settings
+
+    if asbool(settings["readonly"]):
+        raise httpexceptions.HTTPMethodNotAllowed()
+
+    bucket_id = request.default_bucket_id
+
+    # Implicit object creations.
+    # Make sure bucket exists
+    create_bucket(request, bucket_id)
+    # Make sure the collection exists
+    create_collection(request, bucket_id)
+
+    path = request.path.replace("/buckets/default", f"/buckets/{bucket_id}")
+    querystring = request.url[(request.url.index(request.path) + len(request.path)) :]
+    try:
+        # If 'id' is provided as 'default', replace with actual bucket id.
+        body = request.json
+        body["data"]["id"] = body["data"]["id"].replace("default", bucket_id)
+    except Exception:
+        body = request.body or {"data": {}}
+    subrequest = build_request(
+        request, {"method": request.method, "path": path + querystring, "body": body}
+    )
+    subrequest.bound_data = request.bound_data
+
+    try:
+        response = request.invoke_subrequest(subrequest)
+    except httpexceptions.HTTPException as error:
+        is_redirect = error.status_code < 400
+        if error.content_type == "application/json" or is_redirect:
+            response = reapply_cors(subrequest, error)
+        else:
+            # Ask the upper level to format the error.
+            raise error
+    return response
+
+
+def default_bucket_id(request):
+    settings = request.registry.settings
+    secret = settings.get("default_bucket_hmac_secret", settings["userid_hmac_secret"])
+    # Build the user unguessable bucket_id UUID from its user_id
+    digest = hmac_digest(secret, request.prefixed_userid)
+    return str(uuid.UUID(digest[:32]))
+
+
+def get_user_info(request):
+    user_info = {**core_get_user_info(request), "bucket": request.default_bucket_id}
+    return user_info
+
+
+def includeme(config):
+    # Redirect default to the right endpoint
+    config.add_view(default_bucket, route_name="default_bucket", permission=NO_PERMISSION_REQUIRED)
+    config.add_view(
+        default_bucket, route_name="default_bucket_collection", permission=NO_PERMISSION_REQUIRED
+    )
+
+    config.add_route("default_bucket_collection", "/buckets/default/{subpath:.*}")
+    config.add_route("default_bucket", "/buckets/default")
+
+    # Provide helpers
+    config.add_request_method(default_bucket_id, reify=True)
+    # Override kinto.core default user info
+    config.add_request_method(get_user_info)
+
+    config.add_api_capability(
+        "default_bucket",
+        description="The default bucket is an alias for a personal"
+        " bucket where collections are created implicitly.",
+        url="https://kinto.readthedocs.io/en/latest/api/1.x/buckets.html#personal-bucket-default",
+    )

kinto/plugins/flush.py

@@ -0,0 +1,28 @@
+from pyramid.security import NO_PERMISSION_REQUIRED
+
+from kinto.core import Service
+from kinto.events import ServerFlushed
+
+
+flush = Service(name="flush", description="Clear database content", path="/__flush__")
+
+
+@flush.post(permission=NO_PERMISSION_REQUIRED)
+def flush_post(request):
+    request.registry.storage.flush()
+    request.registry.permission.flush()
+    request.registry.cache.flush()
+    event = ServerFlushed(request)
+    request.registry.notify(event)
+
+    request.response.status = 202
+    return {}
+
+
+def includeme(config):
+    config.add_api_capability(
+        "flush_endpoint",
+        description="The __flush__ endpoint can be used to remove all data from all backends.",
+        url="https://kinto.readthedocs.io/en/latest/api/1.x/flush.html",
+    )
+    config.add_cornice_service(flush)

kinto/plugins/history/__init__.py

@@ -0,0 +1,65 @@
+from pyramid.settings import aslist
+
+from kinto.authorization import PERMISSIONS_INHERITANCE_TREE
+from kinto.core import metrics
+from kinto.core.events import ResourceChanged
+
+from .listener import on_resource_changed
+
+
+def uri_to_dict(uri):
+    """
+    Convert a resource URI to a dictionary with its components.
+    We don't use `kinto.core.view_lookup_registry()` here because it requires
+    a request context or an initialized registry, which is not available at
+    this point.
+    """
+    parts = uri.split("/")
+    if len(parts) == 3:
+        _, _buckets, bid = parts
+        return {"bucket": bid}
+    if len(parts) == 5:
+        _, _buckets, bid, resource, rid = parts
+        if resource == "collections":
+            return {"bucket": bid, "collection": rid}
+        return {"bucket": bid, "group": rid}
+    if len(parts) == 7:
+        _, _buckets, bid, _collections, cid, _records, rid = parts
+        return {"bucket": bid, "collection": cid, "record": rid}
+    raise ValueError(f"Invalid URI: {uri}")  # pragma: no cover
+
+
+def includeme(config):
+    settings = config.get_settings()
+    exposed_settings = {}
+    if (trim_history_max := int(settings.get("history.auto_trim_max_count", "-1"))) > 0:
+        exposed_settings["auto_trim_max_count"] = trim_history_max
+    if trim_user_ids := aslist(settings.get("history.auto_trim_user_ids", "")):
+        exposed_settings["auto_trim_user_ids"] = trim_user_ids
+    if excluded_resources := aslist(settings.get("history.exclude_resources", "")):
+        exposed_settings["excluded_resources"] = [uri_to_dict(uri) for uri in excluded_resources]
+
+    config.add_api_capability(
+        "history",
+        description="Track changes on data.",
+        url="http://kinto.readthedocs.io/en/latest/api/1.x/history.html",
+        **exposed_settings,
+    )
+
+    # Activate end-points.
+    config.scan("kinto.plugins.history.views")
+
+    wrapped_listener = metrics.listener_with_timer(config, "plugins.history", on_resource_changed)
+
+    # Listen to every resources (except history)
+    config.add_subscriber(
+        wrapped_listener,
+        ResourceChanged,
+        for_resources=("bucket", "group", "collection", "record"),
+    )
+
+    # Register the permission inheritance for history entries.
+    PERMISSIONS_INHERITANCE_TREE["history"] = {
+        "read": {"bucket": ["write", "read"], "history": ["write", "read"]},
+        "write": {"bucket": ["write"], "history": ["write"]},
+    }

kinto/plugins/history/listener.py

@@ -0,0 +1,181 @@
+import logging
+from datetime import datetime, timezone
+
+from pyramid.settings import asbool, aslist
+
+from kinto.core.storage import Filter
+from kinto.core.utils import COMPARISON, instance_uri
+
+
+logger = logging.getLogger(__name__)
+
+
+def on_resource_changed(event):
+    """
+    Everytime an object is created/changed/deleted, we create an entry in the
+    ``history`` resource. The entries are served as read-only in the
+    :mod:`kinto.plugins.history.views` module.
+    """
+    payload = event.payload
+    resource_name = payload["resource_name"]
+    event_uri = payload["uri"]
+    user_id = payload["user_id"]
+
+    storage = event.request.registry.storage
+    permission = event.request.registry.permission
+    settings = event.request.registry.settings
+
+    excluded_user_ids = aslist(settings.get("history.exclude_user_ids", ""))
+    if user_id in excluded_user_ids:
+        logger.info(f"History entries for user {user_id!r} are disabled in config")
+        return
+
+    trim_history_max = int(settings.get("history.auto_trim_max_count", "-1"))
+    is_trim_enabled = trim_history_max > 0
+    trim_user_ids = aslist(settings.get("history.auto_trim_user_ids", ""))
+    is_trim_by_user_enabled = len(trim_user_ids) > 0
+
+    bucket_id = None
+    bucket_uri = None
+    collection_uri = None
+
+    excluded_resources = aslist(settings.get("history.exclude_resources", ""))
+
+    targets = []
+    for impacted in event.impacted_objects:
+        target = impacted["new"]
+        obj_id = target["id"]
+
+        try:
+            bucket_id = payload["bucket_id"]
+        except KeyError:
+            # e.g. DELETE /buckets
+            bucket_id = obj_id
+        bucket_uri = instance_uri(event.request, "bucket", id=bucket_id)
+
+        if bucket_uri in excluded_resources:
+            logger.info(f"History entries for bucket {bucket_uri!r} are disabled in config")
+            continue
+
+        if "collection_id" in payload:
+            collection_id = payload["collection_id"]
+            collection_uri = instance_uri(
+                event.request, "collection", bucket_id=bucket_id, id=collection_id
+            )
+            if collection_uri in excluded_resources:
+                logger.info(
+                    f"History entries for collection {collection_uri!r} are disabled in config"
+                )
+                continue
+
+        # On POST .../records, the URI does not contain the newly created
+        # record id.
+        parts = event_uri.split("/")
+        if resource_name in parts[-1]:
+            parts.append(obj_id)
+        else:
+            # Make sure the id is correct on grouped events.
+            parts[-1] = obj_id
+        uri = "/".join(parts)
+
+        if uri in excluded_resources:
+            logger.info(f"History entries for record {uri!r} are disabled in config")
+            continue
+
+        targets.append((uri, target))
+
+    if not targets:
+        return  # Nothing to do.
+
+    # Prepare a list of object ids to be fetched from permission backend,
+    # and fetch them all at once. Use a mapping for later convenience.
+    all_perms_objects_ids = [oid for (oid, _) in targets]
+    all_perms_objects_ids.append(bucket_uri)
+    if collection_uri is not None:
+        all_perms_objects_ids.append(collection_uri)
+    all_perms_objects_ids = list(set(all_perms_objects_ids))
+    all_permissions = permission.get_objects_permissions(all_perms_objects_ids)
+    perms_by_object_id = dict(zip(all_perms_objects_ids, all_permissions))
+
+    bucket_perms = perms_by_object_id[bucket_uri]
+    collection_perms = {}
+    if collection_uri is not None:
+        collection_perms = perms_by_object_id[collection_uri]
+
+    # The principals allowed to read the bucket and collection.
+    # (Note: ``write`` means ``read``)
+    read_principals = set(bucket_perms.get("read", []))
+    read_principals.update(bucket_perms.get("write", []))
+    read_principals.update(collection_perms.get("read", []))
+    read_principals.update(collection_perms.get("write", []))
+
+    # Create a history entry for each impacted object.
+    for uri, target in targets:
+        obj_id = target["id"]
+        # Prepare the history entry attributes.
+        perms = {k: list(v) for k, v in perms_by_object_id[uri].items()}
+        eventattrs = dict(**payload)
+        eventattrs.pop("timestamp", None)  # Already in target `last_modified`.
+        eventattrs.pop("bucket_id", None)
+        eventattrs[f"{resource_name}_id"] = obj_id
+        eventattrs["uri"] = uri
+        attrs = dict(
+            date=datetime.now(timezone.utc).isoformat(),
+            target={"data": target, "permissions": perms},
+            **eventattrs,
+        )
+
+        # Create an entry for the 'history' resource, whose parent_id is
+        # the bucket URI (c.f. views.py).
+        # Note: this will be rolledback if the transaction is rolledback.
+        entry = storage.create(parent_id=bucket_uri, resource_name="history", obj=attrs)
+
+        # If enabled, we trim history by resource.
+        # This means that we will only keep the last `auto_trim_max_count` history entries
+        # for this same type of object (eg. `collection`, `record`).
+        #
+        # If trim by user is enabled, we only trim if the user matches the config
+        # and we only delete the history entries of this user.
+        # This means that if a user touches X different types of objects, we will keep
+        # ``(X * auto_trim_max_count)`` entries.
+        if is_trim_enabled and (not is_trim_by_user_enabled or user_id in trim_user_ids):
+            filters = [
+                Filter("resource_name", resource_name, COMPARISON.EQ),
+            ]
+            if is_trim_by_user_enabled:
+                filters.append(Filter("user_id", user_id, COMPARISON.EQ))
+
+            count_deleted = storage.trim_objects(
+                parent_id=bucket_uri,
+                resource_name="history",
+                filters=filters,
+                max_objects=trim_history_max,
+            )
+            if count_deleted > 0:
+                logger.info(f"Trimmed {count_deleted} old history entries.")
+            else:
+                logger.info(
+                    f"No old history to trim for {user_id!r} on {resource_name!r} in {bucket_uri!r}."
+                )
+        else:
+            logger.info(
+                f"Trimming of old history entries is not enabled{f' for {user_id!r}.' if is_trim_enabled else '.'}"
+            )
+
+        # Without explicit permissions, the ACLs on the history entries will
+        # fully depend on the inherited permission tree (eg. bucket:read, bucket:write).
+        # This basically means that if user loose the permissions on the related
+        # object, they also loose the permission on the history entry.
+        # See https://github.com/Kinto/kinto/issues/893
+        if not asbool(settings["explicit_permissions"]):
+            return
+
+        # The read permission on the newly created history entry is the union
+        # of the object permissions with the one from bucket and collection.
+        entry_principals = set(read_principals)
+        entry_principals.update(perms.get("read", []))
+        entry_principals.update(perms.get("write", []))
+        entry_perms = {"read": list(entry_principals)}
+        # /buckets/{id}/history is the URI for the list of history entries.
+        entry_perm_id = f"/buckets/{bucket_id}/history/{entry['id']}"
+        permission.replace_object_permissions(entry_perm_id, entry_perms)

kinto/plugins/history/views.py

@@ -0,0 +1,66 @@
+import colander
+
+from kinto.core import resource
+from kinto.core.resource.viewset import ViewSet
+from kinto.core.storage import Filter
+from kinto.core.utils import instance_uri
+
+
+class HistorySchema(resource.ResourceSchema):
+    user_id = colander.SchemaNode(colander.String())
+    uri = colander.SchemaNode(colander.String())
+    action = colander.SchemaNode(colander.String())
+    date = colander.SchemaNode(colander.String())
+    resource_name = colander.SchemaNode(colander.String())
+    bucket_id = colander.SchemaNode(colander.String(), missing=colander.drop)
+    collection_id = colander.SchemaNode(colander.String(), missing=colander.drop)
+    group_id = colander.SchemaNode(colander.String(), missing=colander.drop)
+    record_id = colander.SchemaNode(colander.String(), missing=colander.drop)
+    target = colander.SchemaNode(colander.Mapping())
+
+    class Options:
+        preserve_unknown = False
+
+
+# Add custom OpenAPI tags/operation ids
+plural_get_arguments = getattr(ViewSet, "plural_get_arguments", {})
+plural_delete_arguments = getattr(ViewSet, "plural_delete_arguments", {})
+
+get_history_arguments = {
+    "tags": ["History"],
+    "operation_id": "get_history",
+    **plural_get_arguments,
+}
+delete_history_arguments = {
+    "tags": ["History"],
+    "operation_id": "delete_history",
+    **plural_delete_arguments,
+}
+
+
+@resource.register(
+    name="history",
+    plural_path="/buckets/{{bucket_id}}/history",
+    object_path=None,
+    plural_methods=("GET", "DELETE"),
+    default_arguments={"tags": ["History"], **ViewSet.default_arguments},
+    plural_get_arguments=get_history_arguments,
+    plural_delete_arguments=delete_history_arguments,
+)
+class History(resource.Resource):
+    schema = HistorySchema
+
+    def get_parent_id(self, request):
+        self.bucket_id = request.matchdict["bucket_id"]
+        return instance_uri(request, "bucket", id=self.bucket_id)
+
+    def _extract_filters(self):
+        filters = super()._extract_filters()
+        filters_str_id = []
+        for filt in filters:
+            if filt.field in ("record_id", "collection_id", "bucket_id"):
+                if isinstance(filt.value, int):
+                    filt = Filter(filt.field, str(filt.value), filt.operator)
+            filters_str_id.append(filt)
+
+        return filters_str_id