plain 0.24.0__py3-none-any.whl → 0.25.0__py3-none-any.whl

plain/assets/README.md

@@ -30,7 +30,7 @@ Now in your template you can use the `asset()` function to get the URL:
 
 ## Local development
 
-When you're working with `settings.DEBUG = True`, the assets will be served directly from their original location. You don't need to run `plain compile` or configure anything else.
+When you're working with `settings.DEBUG = True`, the assets will be served directly from their original location. You don't need to run `plain build` or configure anything else.
 
 
 ## Production deployment
@@ -38,7 +38,7 @@ When you're working with `settings.DEBUG = True`, the assets will be served dire
 In production, one of your deployment steps should be to compile the assets.
 
 ```bash
-plain compile
+plain build
 ```
 
 By default, this generates "fingerprinted" and compressed versions of the assets, which are then served by your app. This means that a file like `main.css` will result in two new files, like `main.d0db67b.css` and `main.d0db67b.css.gz`.
@@ -61,7 +61,7 @@ url = get_asset_url("css/style.css")
 The generated/copied files are stored in `{repo}/.plain/assets/compiled`. If you need them to be somewhere else, try simply moving them after compilation.
 
 ```bash
-plain compile
+plain build
 mv .plain/assets/compiled /path/to/your/static
 ```
 
@@ -70,7 +70,7 @@ mv .plain/assets/compiled /path/to/your/static
 The steps for this will vary, but the general idea is to compile them, and then upload the compiled assets.
 
 ```bash
-plain compile
+plain build
 ./example-upload-to-cdn-script
 ```
 
@@ -86,7 +86,7 @@ ASSETS_BASE_URL = "https://cdn.example.com/"
 
 The default behavior is to fingerprint assets, which is an exact copy of the original file but with a different filename. The originals aren't copied over because you should generally always use this fingerprinted path (that automatically uses longer-lived caching).
 
-If you need the originals for any reason, you can use `plain compile --keep-original`, though this will typically be combined with `--no-fingerprint` otherwise the fingerprinted files will still get priority in `{{ asset() }}` template calls.
+If you need the originals for any reason, you can use `plain build --keep-original`, though this will typically be combined with `--no-fingerprint` otherwise the fingerprinted files will still get priority in `{{ asset() }}` template calls.
 
 
 ### What about source maps or imported css files?

plain/cli/README.md

@@ -24,13 +24,11 @@ __all__ = [
 ]
 ```
 
-### `plain compile`
+### `plain build`
 
 Compile static assets (used in the deploy/production process).
 
-Automatically runs `plain tailwind compile` if [plain-tailwind](https://plainframework.com/docs/plain-tailwind/) is installed.
-
-Automatically runs `npm run compile` if you have a `package.json` with `scripts.compile`.
+Automatically runs `plain tailwind build` if [plain-tailwind](https://plainframework.com/docs/plain-tailwind/) is installed.
 
 ### `plain run`
 

plain/cli/cli.py

@@ -276,8 +276,8 @@ def preflight_checks(package_label, deploy, fail_level, databases):
     default=True,
     help="Compress the assets",
 )
-def compile(keep_original, fingerprint, compress):
-    """Compile static assets"""
+def build(keep_original, fingerprint, compress):
+    """Pre-deployment build step (compile assets, css, js, etc.)"""
 
     if not keep_original and not fingerprint:
         click.secho(
@@ -287,7 +287,7 @@ def compile(keep_original, fingerprint, compress):
         )
         sys.exit(1)
 
-    # Run user-defined compile commands first
+    # Run user-defined build commands first
     pyproject_path = plain.runtime.APP_PATH.parent / "pyproject.toml"
     if pyproject_path.exists():
         with pyproject_path.open("rb") as f:
@@ -296,7 +296,7 @@ def compile(keep_original, fingerprint, compress):
         for name, data in (
             pyproject.get("tool", {})
             .get("plain", {})
-            .get("compile", {})
+            .get("build", {})
             .get("run", {})
             .items()
         ):
@@ -307,8 +307,8 @@ def compile(keep_original, fingerprint, compress):
                 click.secho(f"Error in {name} (exit {result.returncode})", fg="red")
                 sys.exit(result.returncode)
 
-    # Then run installed package compile steps (like tailwind, typically should run last...)
-    for entry_point in entry_points(group="plain.assets.compile"):
+    # Then run installed package build steps (like tailwind, typically should run last...)
+    for entry_point in entry_points(group="plain.build"):
         click.secho(f"Running {entry_point.name}", bold=True)
         result = entry_point.load()()
         print()

plain/csrf/middleware.py

@@ -42,7 +42,6 @@ REASON_INVALID_CHARACTERS = "has invalid characters"
 CSRF_SECRET_LENGTH = 32
 CSRF_TOKEN_LENGTH = 2 * CSRF_SECRET_LENGTH
 CSRF_ALLOWED_CHARS = string.ascii_letters + string.digits
-CSRF_SESSION_KEY = "_csrftoken"
 
 
 def _get_new_csrf_string():

plain/exceptions.py

@@ -22,7 +22,7 @@ class PackageRegistryNotReady(Exception):
 class ObjectDoesNotExist(Exception):
     """The requested object does not exist"""
 
-    silent_variable_failure = True
+    pass
 
 
 class MultipleObjectsReturned(Exception):
@@ -86,12 +86,6 @@ class RequestDataTooBig(SuspiciousOperation):
     pass
 
 
-class RequestAborted(Exception):
-    """The request was closed before it was completed, or timed out."""
-
-    pass
-
-
 class BadRequest(Exception):
     """The request is malformed and cannot be processed."""
 
@@ -104,12 +98,6 @@ class PermissionDenied(Exception):
     pass
 
 
-class ViewDoesNotExist(Exception):
-    """The requested view does not exist"""
-
-    pass
-
-
 class ImproperlyConfigured(Exception):
     """Plain is somehow improperly configured"""
 
@@ -171,14 +159,6 @@ class ValidationError(Exception):
             self.params = params
             self.error_list = [self]
 
-    @property
-    def message_dict(self):
-        # Trigger an AttributeError if this ValidationError
-        # doesn't have an error_dict.
-        getattr(self, "error_dict")
-
-        return dict(self)
-
     @property
     def messages(self):
         if hasattr(self, "error_dict"):

plain/forms/fields.py

@@ -819,7 +819,7 @@ class ChoiceField(Field):
         for k, v in self.choices:
             if isinstance(v, list | tuple):
                 # This is an optgroup, so look inside the group for options
-                for k2, v2 in v:
+                for k2, _ in v:
                     if value == k2 or text_value == str(k2):
                         return True
             else:
@@ -945,9 +945,13 @@ class JSONField(CharField):
         "invalid": "Enter a valid JSON.",
     }
 
-    def __init__(self, encoder=None, decoder=None, **kwargs):
+    def __init__(
+        self, encoder=None, decoder=None, indent=None, sort_keys=False, **kwargs
+    ):
         self.encoder = encoder
         self.decoder = decoder
+        self.indent = indent
+        self.sort_keys = sort_keys
         super().__init__(**kwargs)
 
     def to_python(self, value):
@@ -983,7 +987,13 @@ class JSONField(CharField):
     def prepare_value(self, value):
         if isinstance(value, InvalidJSONInput):
             return value
-        return json.dumps(value, ensure_ascii=False, cls=self.encoder)
+        return json.dumps(
+            value,
+            indent=self.indent,
+            sort_keys=self.sort_keys,
+            ensure_ascii=False,
+            cls=self.encoder,
+        )
 
     def has_changed(self, initial, data):
         if super().has_changed(initial, data):

plain/forms/forms.py

@@ -53,7 +53,6 @@ class BaseForm:
     class.
     """
 
-    field_order = None
     prefix = None
 
     def __init__(

plain/http/multipartparser.py

@@ -399,8 +399,6 @@ class MultiPartParser:
             return None
         return file_name
 
-    IE_sanitize = sanitize_file_name
-
     def _close_files(self):
         # Free up all file handles.
         # FIXME: this currently assumes that upload handlers store the file as 'file'

plain/http/request.py

@@ -5,7 +5,6 @@ from io import BytesIO
 from itertools import chain
 from urllib.parse import parse_qsl, quote, urlencode, urljoin, urlsplit
 
-from plain import signing
 from plain.exceptions import (
     DisallowedHost,
     ImproperlyConfigured,
@@ -24,12 +23,11 @@ from plain.utils.datastructures import (
     ImmutableList,
     MultiValueDict,
 )
-from plain.utils.encoding import escape_uri_path, iri_to_uri
+from plain.utils.encoding import iri_to_uri
 from plain.utils.functional import cached_property
 from plain.utils.http import is_same_domain, parse_header_parameters
 from plain.utils.regex_helper import _lazy_re_compile
 
-RAISE_ERROR = object()
 host_validation_re = _lazy_re_compile(
     r"^([a-z0-9.-]+|\[[a-f0-9]*:[a-f0-9\.:]+\])(:[0-9]+)?$"
 )
@@ -177,12 +175,26 @@ class HttpRequest:
     def get_full_path(self, force_append_slash=False):
         return self._get_full_path(self.path, force_append_slash)
 
-    def get_full_path_info(self, force_append_slash=False):
-        return self._get_full_path(self.path_info, force_append_slash)
-
     def _get_full_path(self, path, force_append_slash):
         # RFC 3986 requires query string arguments to be in the ASCII range.
         # Rather than crash if this doesn't happen, we encode defensively.
+
+        def escape_uri_path(path):
+            """
+            Escape the unsafe characters from the path portion of a Uniform Resource
+            Identifier (URI).
+            """
+            # These are the "reserved" and "unreserved" characters specified in RFC
+            # 3986 Sections 2.2 and 2.3:
+            #   reserved    = ";" | "/" | "?" | ":" | "@" | "&" | "=" | "+" | "$" | ","
+            #   unreserved  = alphanum | mark
+            #   mark        = "-" | "_" | "." | "!" | "~" | "*" | "'" | "(" | ")"
+            # The list of safe characters here is constructed subtracting ";", "=",
+            # and "?" according to RFC 3986 Section 3.3.
+            # The reason for not subtracting and escaping "/" is that we are escaping
+            # the entire path, not a path segment.
+            return quote(path, safe="/:@&+$,-_.!~*'()")
+
         return "{}{}{}".format(
             escape_uri_path(path),
             "/" if force_append_slash and not path.endswith("/") else "",
@@ -191,30 +203,6 @@ class HttpRequest:
             else "",
         )
 
-    def get_signed_cookie(self, key, default=RAISE_ERROR, salt="", max_age=None):
-        """
-        Attempt to return a signed cookie. If the signature fails or the
-        cookie has expired, raise an exception, unless the `default` argument
-        is provided,  in which case return that value.
-        """
-        try:
-            cookie_value = self.COOKIES[key]
-        except KeyError:
-            if default is not RAISE_ERROR:
-                return default
-            else:
-                raise
-        try:
-            value = signing.get_cookie_signer(salt=key + salt).unsign(
-                cookie_value, max_age=max_age
-            )
-        except signing.BadSignature:
-            if default is not RAISE_ERROR:
-                return default
-            else:
-                raise
-        return value
-
     def build_absolute_uri(self, location=None):
         """
         Build an absolute URI from the location and the variables available in
@@ -469,10 +457,6 @@ class HttpHeaders(CaseInsensitiveMapping):
             return header
         return f"{cls.HTTP_PREFIX}{header}"
 
-    @classmethod
-    def to_asgi_name(cls, header):
-        return header.replace("-", "_").upper()
-
     @classmethod
     def to_wsgi_names(cls, headers):
         return {
@@ -480,13 +464,6 @@ class HttpHeaders(CaseInsensitiveMapping):
             for header_name, value in headers.items()
         }
 
-    @classmethod
-    def to_asgi_names(cls, headers):
-        return {
-            cls.to_asgi_name(header_name): value
-            for header_name, value in headers.items()
-        }
-
 
 class QueryDict(MultiValueDict):
     """

plain/internal/files/base.py

@@ -1,5 +1,5 @@
 import os
-from io import BytesIO, StringIO, UnsupportedOperation
+from io import UnsupportedOperation
 
 from plain.internal.files.utils import FileProxyMixin
 from plain.utils.functional import cached_property
@@ -118,34 +118,6 @@ class File(FileProxyMixin):
         self.file.close()
 
 
-class ContentFile(File):
-    """
-    A File-like object that takes just raw content, rather than an actual file.
-    """
-
-    def __init__(self, content, name=None):
-        stream_class = StringIO if isinstance(content, str) else BytesIO
-        super().__init__(stream_class(content), name=name)
-        self.size = len(content)
-
-    def __str__(self):
-        return "Raw content"
-
-    def __bool__(self):
-        return True
-
-    def open(self, mode=None):
-        self.seek(0)
-        return self
-
-    def close(self):
-        pass
-
-    def write(self, data):
-        self.__dict__.pop("size", None)  # Clear the computed size.
-        return self.file.write(data)
-
-
 def endswith_cr(line):
     """Return True if line (a text or bytestring) ends with '\r'."""
     return line.endswith("\r" if isinstance(line, str) else b"\r")

plain/internal/handlers/wsgi.py

@@ -1,10 +1,10 @@
 import uuid
 from io import IOBase
+from urllib.parse import quote
 
 from plain import signals
 from plain.http import HttpRequest, QueryDict, parse_cookie
 from plain.internal.handlers import base
-from plain.utils.encoding import repercent_broken_unicode
 from plain.utils.functional import cached_property
 from plain.utils.regex_helper import _lazy_re_compile
 
@@ -161,6 +161,23 @@ def get_path_info(environ):
     """Return the HTTP request's PATH_INFO as a string."""
     path_info = get_bytes_from_wsgi(environ, "PATH_INFO", "/")
 
+    def repercent_broken_unicode(path):
+        """
+        As per RFC 3987 Section 3.2, step three of converting a URI into an IRI,
+        repercent-encode any octet produced that is not part of a strictly legal
+        UTF-8 octet sequence.
+        """
+        while True:
+            try:
+                path.decode()
+            except UnicodeDecodeError as e:
+                # CVE-2019-14235: A recursion shouldn't be used since the exception
+                # handling uses massive amounts of memory
+                repercent = quote(path[e.start : e.end], safe=b"/#%[]=:;$&()+,!?*@'~")
+                path = path[: e.start] + repercent.encode() + path[e.end :]
+            else:
+                return path
+
     return repercent_broken_unicode(path_info).decode()
 
 

plain/paginator.py

@@ -24,10 +24,6 @@ class EmptyPage(InvalidPage):
 
 
 class Paginator:
-    # Translators: String used to replace omitted page numbers in elided page
-    # range generated by paginators, e.g. [1, 2, '…', 5, 6, 7, '…', 9, 10].
-    ELLIPSIS = "…"
-
     def __init__(self, object_list, per_page, orphans=0, allow_empty_first_page=True):
         self.object_list = object_list
         self._check_object_list_is_ordered()

plain/preflight/urls.py

@@ -98,10 +98,3 @@ def get_warning_for_invalid_pattern(pattern):
             id="urls.E004",
         )
     ]
-
-
-def E006(name):
-    return Error(
-        f"The {name} setting must end with a slash.",
-        id="urls.E006",
-    )

plain/urls/resolvers.py

@@ -207,7 +207,7 @@ class URLResolver:
                     else:
                         for name in url_pattern.reverse_dict:
                             for (
-                                matches,
+                                _,
                                 pat,
                                 converters,
                             ) in url_pattern.reverse_dict.getlist(name):

plain/utils/cache.py

@@ -15,14 +15,8 @@ An example: i18n middleware would need to distinguish caches by the
 "Accept-language" header.
 """
 
-import time
 from collections import defaultdict
-from hashlib import md5
 
-from plain.http import Response, ResponseNotModified
-from plain.logs import log_response
-from plain.runtime import settings
-from plain.utils.http import http_date, parse_etags, parse_http_date_safe, quote_etag
 from plain.utils.regex_helper import _lazy_re_compile
 
 cc_delim_re = _lazy_re_compile(r"\s*,\s*")
@@ -97,202 +91,6 @@ def patch_cache_control(response, **kwargs):
     response.headers["Cache-Control"] = cc
 
 
-def get_max_age(response):
-    """
-    Return the max-age from the response Cache-Control header as an integer,
-    or None if it wasn't found or wasn't an integer.
-    """
-    if "Cache-Control" not in response.headers:
-        return
-    cc = dict(
-        _to_tuple(el) for el in cc_delim_re.split(response.headers["Cache-Control"])
-    )
-    try:
-        return int(cc["max-age"])
-    except (ValueError, TypeError, KeyError):
-        pass
-
-
-def set_response_etag(response):
-    if not response.streaming and response.content:
-        response.headers["ETag"] = quote_etag(
-            md5(response.content, usedforsecurity=False).hexdigest(),
-        )
-    return response
-
-
-def _precondition_failed(request):
-    response = Response(status=412)
-    log_response(
-        "Precondition Failed: %s",
-        request.path,
-        response=response,
-        request=request,
-    )
-    return response
-
-
-def _not_modified(request, response=None):
-    new_response = ResponseNotModified()
-    if response:
-        # Preserve the headers required by RFC 9110 Section 15.4.5, as well as
-        # Last-Modified.
-        for header in (
-            "Cache-Control",
-            "Content-Location",
-            "Date",
-            "ETag",
-            "Expires",
-            "Last-Modified",
-            "Vary",
-        ):
-            if header in response.headers:
-                new_response.headers[header] = response.headers[header]
-
-        # Preserve cookies as per the cookie specification: "If a proxy server
-        # receives a response which contains a Set-cookie header, it should
-        # propagate the Set-cookie header to the client, regardless of whether
-        # the response was 304 (Not Modified) or 200 (OK).
-        # https://curl.haxx.se/rfc/cookie_spec.html
-        new_response.cookies = response.cookies
-    return new_response
-
-
-def get_conditional_response(request, etag=None, last_modified=None, response=None):
-    # Only return conditional responses on successful requests.
-    if response and not (200 <= response.status_code < 300):
-        return response
-
-    # Get HTTP request headers.
-    if_match_etags = parse_etags(request.META.get("HTTP_IF_MATCH", ""))
-    if_unmodified_since = request.META.get("HTTP_IF_UNMODIFIED_SINCE")
-    if_unmodified_since = if_unmodified_since and parse_http_date_safe(
-        if_unmodified_since
-    )
-    if_none_match_etags = parse_etags(request.META.get("HTTP_IF_NONE_MATCH", ""))
-    if_modified_since = request.META.get("HTTP_IF_MODIFIED_SINCE")
-    if_modified_since = if_modified_since and parse_http_date_safe(if_modified_since)
-
-    # Evaluation of request preconditions below follows RFC 9110 Section
-    # 13.2.2.
-    # Step 1: Test the If-Match precondition.
-    if if_match_etags and not _if_match_passes(etag, if_match_etags):
-        return _precondition_failed(request)
-
-    # Step 2: Test the If-Unmodified-Since precondition.
-    if (
-        not if_match_etags
-        and if_unmodified_since
-        and not _if_unmodified_since_passes(last_modified, if_unmodified_since)
-    ):
-        return _precondition_failed(request)
-
-    # Step 3: Test the If-None-Match precondition.
-    if if_none_match_etags and not _if_none_match_passes(etag, if_none_match_etags):
-        if request.method in ("GET", "HEAD"):
-            return _not_modified(request, response)
-        else:
-            return _precondition_failed(request)
-
-    # Step 4: Test the If-Modified-Since precondition.
-    if (
-        not if_none_match_etags
-        and if_modified_since
-        and not _if_modified_since_passes(last_modified, if_modified_since)
-        and request.method in ("GET", "HEAD")
-    ):
-        return _not_modified(request, response)
-
-    # Step 5: Test the If-Range precondition (not supported).
-    # Step 6: Return original response since there isn't a conditional response.
-    return response
-
-
-def _if_match_passes(target_etag, etags):
-    """
-    Test the If-Match comparison as defined in RFC 9110 Section 13.1.1.
-    """
-    if not target_etag:
-        # If there isn't an ETag, then there can't be a match.
-        return False
-    elif etags == ["*"]:
-        # The existence of an ETag means that there is "a current
-        # representation for the target resource", even if the ETag is weak,
-        # so there is a match to '*'.
-        return True
-    elif target_etag.startswith("W/"):
-        # A weak ETag can never strongly match another ETag.
-        return False
-    else:
-        # Since the ETag is strong, this will only return True if there's a
-        # strong match.
-        return target_etag in etags
-
-
-def _if_unmodified_since_passes(last_modified, if_unmodified_since):
-    """
-    Test the If-Unmodified-Since comparison as defined in RFC 9110 Section
-    13.1.4.
-    """
-    return last_modified and last_modified <= if_unmodified_since
-
-
-def _if_none_match_passes(target_etag, etags):
-    """
-    Test the If-None-Match comparison as defined in RFC 9110 Section 13.1.2.
-    """
-    if not target_etag:
-        # If there isn't an ETag, then there isn't a match.
-        return True
-    elif etags == ["*"]:
-        # The existence of an ETag means that there is "a current
-        # representation for the target resource", so there is a match to '*'.
-        return False
-    else:
-        # The comparison should be weak, so look for a match after stripping
-        # off any weak indicators.
-        target_etag = target_etag.strip("W/")
-        etags = (etag.strip("W/") for etag in etags)
-        return target_etag not in etags
-
-
-def _if_modified_since_passes(last_modified, if_modified_since):
-    """
-    Test the If-Modified-Since comparison as defined in RFC 9110 Section
-    13.1.3.
-    """
-    return not last_modified or last_modified > if_modified_since
-
-
-def patch_response_headers(response, cache_timeout=None):
-    """
-    Add HTTP caching headers to the given Response: Expires and
-    Cache-Control.
-
-    Each header is only added if it isn't already set.
-
-    cache_timeout is in seconds. The CACHE_MIDDLEWARE_SECONDS setting is used
-    by default.
-    """
-    if cache_timeout is None:
-        cache_timeout = settings.CACHE_MIDDLEWARE_SECONDS
-    if cache_timeout < 0:
-        cache_timeout = 0  # Can't have max-age negative
-    if "Expires" not in response.headers:
-        response.headers["Expires"] = http_date(time.time() + cache_timeout)
-    patch_cache_control(response, max_age=cache_timeout)
-
-
-def add_never_cache_headers(response):
-    """
-    Add headers to a response to indicate that a page should never be cached.
-    """
-    patch_response_headers(response, cache_timeout=-1)
-    patch_cache_control(
-        response, no_cache=True, no_store=True, must_revalidate=True, private=True
-    )
-
-
 def patch_vary_headers(response, newheaders):
     """
     Add (or update) the "Vary" header in the given Response object.