udata 9.1.2.dev30355__py2.py3-none-any.whl → 9.1.2.dev30382__py2.py3-none-any.whl

udata/assets.py

@@ -3,16 +3,16 @@ from flask_cdn import url_for as cdn_url_for
 
 
 def cdn_for(endpoint, **kwargs):
-    '''
+    """
     Get a CDN URL for a static assets.
 
     Do not use a replacement for all flask.url_for calls
     as it is only meant for CDN assets URLS.
     (There is some extra round trip which cost is justified
     by the CDN assets prformance improvements)
-    '''
-    if current_app.config['CDN_DOMAIN']:
-        if not current_app.config.get('CDN_DEBUG'):
-            kwargs.pop('_external', None)  # Avoid the _external parameter in URL
+    """
+    if current_app.config["CDN_DOMAIN"]:
+        if not current_app.config.get("CDN_DEBUG"):
+            kwargs.pop("_external", None)  # Avoid the _external parameter in URL
         return cdn_url_for(endpoint, **kwargs)
     return url_for(endpoint, **kwargs)

udata/auth/__init__.py

@@ -1,16 +1,18 @@
 import logging
 
-from flask import current_app
-from flask import render_template
-
-from flask_principal import identity_loaded  # noqa: facade pattern
+from flask import current_app, render_template
 from flask_principal import Permission as BasePermission
-from flask_principal import PermissionDenied  # noqa: facade pattern
-from flask_principal import RoleNeed
-from flask_principal import UserNeed  # noqa: facade pattern
-
-from flask_security import ( # noqa
-    Security, current_user, login_required, login_user # noqa
+from flask_principal import (
+    PermissionDenied,  # noqa: facade pattern
+    RoleNeed,
+    UserNeed,  # noqa: facade pattern
+    identity_loaded,  # noqa: facade pattern
+)
+from flask_security import (  # noqa
+    Security,  # noqa
+    current_user,
+    login_required,
+    login_user,
 )
 from werkzeug.utils import import_string
 
@@ -19,7 +21,7 @@ log = logging.getLogger(__name__)
 
 def render_security_template(*args, **kwargs):
     try:
-        render = import_string(current_app.config.get('SECURITY_RENDER'))
+        render = import_string(current_app.config.get("SECURITY_RENDER"))
     except Exception:
         render = render_template
     return render(*args, **kwargs)
@@ -30,29 +32,38 @@ security = Security()
 
 class Permission(BasePermission):
     def __init__(self, *needs):
-        '''Let administrator bypass all permissions'''
-        super(Permission, self).__init__(RoleNeed('admin'), *needs)
+        """Let administrator bypass all permissions"""
+        super(Permission, self).__init__(RoleNeed("admin"), *needs)
 
 
 admin_permission = Permission()
 
 
 def init_app(app):
-    from .forms import ExtendedRegisterForm, ExtendedLoginForm, ExtendedResetPasswordForm
+    from udata.models import datastore
+
+    from .forms import (
+        ExtendedLoginForm,
+        ExtendedRegisterForm,
+        ExtendedResetPasswordForm,
+    )
     from .mails import UdataMailUtil
     from .password_validation import UdataPasswordUtil
     from .views import create_security_blueprint
-    from udata.models import datastore
-    security.init_app(app, datastore,
-                      register_blueprint=False,
-                      render_template=render_security_template,
-                      login_form=ExtendedLoginForm,
-                      confirm_register_form=ExtendedRegisterForm,
-                      register_form=ExtendedRegisterForm,
-                      reset_password_form=ExtendedResetPasswordForm,
-                      mail_util_cls=UdataMailUtil,
-                      password_util_cls=UdataPasswordUtil)
-
-    security_bp = create_security_blueprint(app, app.extensions['security'], 'security_blueprint')
+
+    security.init_app(
+        app,
+        datastore,
+        register_blueprint=False,
+        render_template=render_security_template,
+        login_form=ExtendedLoginForm,
+        confirm_register_form=ExtendedRegisterForm,
+        register_form=ExtendedRegisterForm,
+        reset_password_form=ExtendedResetPasswordForm,
+        mail_util_cls=UdataMailUtil,
+        password_util_cls=UdataPasswordUtil,
+    )
+
+    security_bp = create_security_blueprint(app, app.extensions["security"], "security_blueprint")
 
     app.register_blueprint(security_bp)

udata/auth/forms.py

@@ -2,23 +2,31 @@ import datetime
 
 from flask import current_app
 from flask_login import current_user
-from flask_security.forms import RegisterForm, LoginForm, ResetPasswordForm, Form
-from udata.forms import fields
-from udata.forms import validators
+from flask_security.forms import Form, LoginForm, RegisterForm, ResetPasswordForm
+
+from udata.forms import fields, validators
 from udata.i18n import lazy_gettext as _
 
 
 class ExtendedRegisterForm(RegisterForm):
     first_name = fields.StringField(
-        _('First name'), [validators.DataRequired(_('First name is required')),
-                          validators.NoURLs(_('URLs not allowed in this field'))])
+        _("First name"),
+        [
+            validators.DataRequired(_("First name is required")),
+            validators.NoURLs(_("URLs not allowed in this field")),
+        ],
+    )
     last_name = fields.StringField(
-        _('Last name'), [validators.DataRequired(_('Last name is required')),
-                         validators.NoURLs(_('URLs not allowed in this field'))])
+        _("Last name"),
+        [
+            validators.DataRequired(_("Last name is required")),
+            validators.NoURLs(_("URLs not allowed in this field")),
+        ],
+    )
 
     def validate(self):
         # no register allowed when read only mode is on
-        if not super().validate() or current_app.config.get('READ_ONLY_MODE'):
+        if not super().validate() or current_app.config.get("READ_ONLY_MODE"):
             return False
 
         return True
@@ -30,7 +38,7 @@ class ExtendedLoginForm(LoginForm):
             return False
 
         if self.user.password_rotation_demanded:
-            self.password.errors.append(_('Password must be changed for security reasons'))
+            self.password.errors.append(_("Password must be changed for security reasons"))
             return False
 
         return True
@@ -50,12 +58,12 @@ class ExtendedResetPasswordForm(ResetPasswordForm):
 
 
 class ChangeEmailForm(Form):
-    new_email = fields.StringField(_('New email'), [validators.DataRequired(), validators.Email()])
+    new_email = fields.StringField(_("New email"), [validators.DataRequired(), validators.Email()])
     new_email_confirm = fields.StringField(
-        _('Retype email'),
-        [validators.EqualTo('new_email', message=_('Email does not match')), validators.Email()]
+        _("Retype email"),
+        [validators.EqualTo("new_email", message=_("Email does not match")), validators.Email()],
     )
-    submit = fields.SubmitField(_('Change email'))
+    submit = fields.SubmitField(_("Change email"))
 
     def validate(self):
         if not super().validate():
@@ -65,7 +73,7 @@ class ChangeEmailForm(Form):
 
         if self.user.email.strip() == self.new_email.data.strip():
             self.new_email.errors.append(
-                'Your new email must be different than your '
-                'previous email')
+                "Your new email must be different than your " "previous email"
+            )
             return False
         return True

udata/auth/helpers.py

@@ -5,6 +5,6 @@ from flask_security import current_user
 def current_user_is_admin_or_self() -> bool:
     if current_user.is_anonymous:
         return False
-    if request.endpoint == 'api.me' or current_user.sysadmin:
+    if request.endpoint == "api.me" or current_user.sysadmin:
         return True
     return False

udata/auth/mails.py

@@ -1,19 +1,19 @@
 import email_validator
 from flask import current_app
+
 from udata.tasks import task
 
 
 @task
 def sendmail(msg):
-    debug = current_app.config.get('DEBUG', False)
-    send_mail = current_app.config.get('SEND_MAIL', not debug)
+    debug = current_app.config.get("DEBUG", False)
+    send_mail = current_app.config.get("SEND_MAIL", not debug)
     if send_mail:
         mail = current_app.extensions.get("mail")
         mail.send(msg)
 
 
 class UdataMailUtil:
-
     def __init__(self, app):
         self.app = app
 

udata/auth/password_validation.py

@@ -7,13 +7,12 @@ from udata.i18n import lazy_gettext as _
 
 
 class UdataPasswordUtil:
-
     def __init__(self, app):
         pass
 
     @staticmethod
     def normalize(password):
-        cf = current_app.config.get('SECURITY_PASSWORD_NORMALIZE_FORM')
+        cf = current_app.config.get("SECURITY_PASSWORD_NORMALIZE_FORM")
         if cf:
             return unicodedata.normalize(cf, password)
         return password
@@ -22,28 +21,33 @@ class UdataPasswordUtil:
         pnorm = self.normalize(password)
 
         error_list = []
-        pass_length = current_app.config.get('SECURITY_PASSWORD_LENGTH_MIN')
+        pass_length = current_app.config.get("SECURITY_PASSWORD_LENGTH_MIN")
         if len(pnorm) < pass_length:
-            message = _('Password must be at least {pass_length} characters long')
+            message = _("Password must be at least {pass_length} characters long")
             error_list.append(message.format(pass_length=pass_length))
 
         # searching for lowercase
-        if current_app.config.get('SECURITY_PASSWORD_REQUIREMENTS_LOWERCASE') and (
-                re.search(r"[a-z]", pnorm) is None):
-            error_list.append(_('Password must contain lowercases'))
+        if current_app.config.get("SECURITY_PASSWORD_REQUIREMENTS_LOWERCASE") and (
+            re.search(r"[a-z]", pnorm) is None
+        ):
+            error_list.append(_("Password must contain lowercases"))
 
         # searching for digits
-        if current_app.config.get('SECURITY_PASSWORD_REQUIREMENTS_DIGITS') and (re.search(r"\d", pnorm) is None):
-            error_list.append(_('Password must contain digits'))
+        if current_app.config.get("SECURITY_PASSWORD_REQUIREMENTS_DIGITS") and (
+            re.search(r"\d", pnorm) is None
+        ):
+            error_list.append(_("Password must contain digits"))
 
         # searching for uppercase
-        if current_app.config.get('SECURITY_PASSWORD_REQUIREMENTS_UPPERCASE') and (
-                re.search(r"[A-Z]", pnorm) is None):
-            error_list.append(_('Password must contain uppercases'))
+        if current_app.config.get("SECURITY_PASSWORD_REQUIREMENTS_UPPERCASE") and (
+            re.search(r"[A-Z]", pnorm) is None
+        ):
+            error_list.append(_("Password must contain uppercases"))
 
         # searching for symbols
-        if current_app.config.get('SECURITY_PASSWORD_REQUIREMENTS_SYMBOLS') and (
-                re.search(r"[ !#$%&'()*+,-./[\\\]^_`{|}~" + r'"]', pnorm) is None):
-            error_list.append(_('Password must contain symbols'))
+        if current_app.config.get("SECURITY_PASSWORD_REQUIREMENTS_SYMBOLS") and (
+            re.search(r"[ !#$%&'()*+,-./[\\\]^_`{|}~" + r'"]', pnorm) is None
+        ):
+            error_list.append(_("Password must contain symbols"))
 
         return error_list, pnorm

udata/auth/views.py

@@ -1,56 +1,67 @@
-from flask import flash, redirect, current_app, url_for
+from flask import current_app, flash, redirect, url_for
 from flask_login import current_user, login_required
-from flask_security.views import change_password
-from flask_security.views import confirm_email
-from flask_security.views import forgot_password
-from flask_security.views import login
-from flask_security.views import logout
-from flask_security.views import register
-from flask_security.views import reset_password
-from flask_security.views import send_confirmation
-from flask_security.views import send_login
-from flask_security.views import token_login
 from flask_security.utils import (
-    check_and_get_token_status, do_flash, get_message, get_within_delta, hash_data,
-    login_user, logout_user, send_mail, verify_hash)
+    check_and_get_token_status,
+    do_flash,
+    get_message,
+    get_within_delta,
+    hash_data,
+    login_user,
+    logout_user,
+    send_mail,
+    verify_hash,
+)
+from flask_security.views import (
+    change_password,
+    confirm_email,
+    forgot_password,
+    login,
+    logout,
+    register,
+    reset_password,
+    send_confirmation,
+    send_login,
+    token_login,
+)
 from werkzeug.local import LocalProxy
+
 from udata.i18n import lazy_gettext as _
 from udata.uris import endpoint_for
 
 from .forms import ChangeEmailForm
 
-
-_security = LocalProxy(lambda: current_app.extensions['security'])
+_security = LocalProxy(lambda: current_app.extensions["security"])
 _datastore = LocalProxy(lambda: _security.datastore)
 
 
 def slash_url_suffix(url, suffix):
     """Adds a slash either to the beginning or the end of a suffix
-       (which is to be appended to a URL), depending on whether or not
-       the URL ends with a slash.
+    (which is to be appended to a URL), depending on whether or not
+    the URL ends with a slash.
     """
 
-    return url.endswith('/') and ('%s/' % suffix) or ('/%s' % suffix)
+    return url.endswith("/") and ("%s/" % suffix) or ("/%s" % suffix)
 
 
 def send_change_email_confirmation_instructions(user, new_email):
     data = [str(current_user.fs_uniquifier), hash_data(current_user.email), new_email]
     token = _security.confirm_serializer.dumps(data)
-    confirmation_link = url_for('security.confirm_change_email', token=token, _external=True)
+    confirmation_link = url_for("security.confirm_change_email", token=token, _external=True)
 
-    subject = _('Confirm change of email instructions')
+    subject = _("Confirm change of email instructions")
     send_mail(
         subject=subject,
         recipient=new_email,
-        template='confirmation_instructions',
+        template="confirmation_instructions",
         user=current_user,
-        confirmation_link=confirmation_link
+        confirmation_link=confirmation_link,
     )
 
 
 def confirm_change_email_token_status(token):
     expired, invalid, token_data = check_and_get_token_status(
-        token, 'confirm', get_within_delta('CONFIRM_EMAIL_WITHIN'))
+        token, "confirm", get_within_delta("CONFIRM_EMAIL_WITHIN")
+    )
     new_email = None
 
     if not invalid and token_data:
@@ -62,17 +73,21 @@ def confirm_change_email_token_status(token):
 
 
 def confirm_change_email(token):
-    expired, invalid, user, new_email = (
-        confirm_change_email_token_status(token))
+    expired, invalid, user, new_email = confirm_change_email_token_status(token)
 
     if not user or invalid:
         invalid = True
-        do_flash(*get_message('INVALID_CONFIRMATION_TOKEN'))
+        do_flash(*get_message("INVALID_CONFIRMATION_TOKEN"))
     if expired:
         send_change_email_confirmation_instructions(user, new_email)
-        do_flash(_('You did not confirm your change of email within {email_within}. New instructions to confirm your change of email have been sent to {new_email}.').format(email_within=_security.confirm_email_within, new_email=new_email), 'error')
+        do_flash(
+            _(
+                "You did not confirm your change of email within {email_within}. New instructions to confirm your change of email have been sent to {new_email}."
+            ).format(email_within=_security.confirm_email_within, new_email=new_email),
+            "error",
+        )
     if invalid or expired:
-        return redirect(endpoint_for('site.home', 'admin.index'))
+        return redirect(endpoint_for("site.home", "admin.index"))
 
     if user != current_user:
         logout_user()
@@ -80,10 +95,10 @@ def confirm_change_email(token):
 
     user.email = new_email
     _datastore.put(user)
-    msg = (_('Thank you. Your change of email has been confirmed.'), 'success')
+    msg = (_("Thank you. Your change of email has been confirmed."), "success")
 
     do_flash(*msg)
-    return redirect(endpoint_for('site.home', 'admin.index'))
+    return redirect(endpoint_for("site.home", "admin.index"))
 
 
 @login_required
@@ -95,10 +110,15 @@ def change_email():
     if form.validate_on_submit():
         new_email = form.new_email.data
         send_change_email_confirmation_instructions(current_user, new_email)
-        flash(_('Thank you. Confirmation instructions for changing your email have been sent to {new_email}.').format(new_email=new_email), 'success')
-        return redirect(endpoint_for('site.home', 'admin.index'))
+        flash(
+            _(
+                "Thank you. Confirmation instructions for changing your email have been sent to {new_email}."
+            ).format(new_email=new_email),
+            "success",
+        )
+        return redirect(endpoint_for("site.home", "admin.index"))
 
-    return _security.render_template('security/change_email.html', change_email_form=form)
+    return _security.render_template("security/change_email.html", change_email_form=form)
 
 
 def create_security_blueprint(app, state, import_name):
@@ -108,60 +128,66 @@ def create_security_blueprint(app, state, import_name):
     Creates the security extension blueprint
     This creates an I18nBlueprint to use as a base.
     """
-    bp = I18nBlueprint(state.blueprint_name, import_name,
-                       url_prefix=state.url_prefix,
-                       subdomain=state.subdomain,
-                       template_folder='templates')
+    bp = I18nBlueprint(
+        state.blueprint_name,
+        import_name,
+        url_prefix=state.url_prefix,
+        subdomain=state.subdomain,
+        template_folder="templates",
+    )
 
-    bp.route(app.config['SECURITY_LOGOUT_URL'], endpoint='logout')(logout)
+    bp.route(app.config["SECURITY_LOGOUT_URL"], endpoint="logout")(logout)
 
     if state.passwordless:
-        bp.route(app.config['SECURITY_LOGIN_URL'],
-                 methods=['GET', 'POST'],
-                 endpoint='login')(send_login)
+        bp.route(app.config["SECURITY_LOGIN_URL"], methods=["GET", "POST"], endpoint="login")(
+            send_login
+        )
         bp.route(
-            app.config['SECURITY_LOGIN_URL'] + slash_url_suffix(app.config['SECURITY_LOGIN_URL'], '<token>'),
-            endpoint='token_login'
+            app.config["SECURITY_LOGIN_URL"]
+            + slash_url_suffix(app.config["SECURITY_LOGIN_URL"], "<token>"),
+            endpoint="token_login",
         )(token_login)
     else:
-        bp.route(app.config['SECURITY_LOGIN_URL'],
-                 methods=['GET', 'POST'],
-                 endpoint='login')(login)
+        bp.route(app.config["SECURITY_LOGIN_URL"], methods=["GET", "POST"], endpoint="login")(login)
 
     if state.registerable:
-        bp.route(app.config['SECURITY_REGISTER_URL'],
-                 methods=['GET', 'POST'],
-                 endpoint='register')(register)
+        bp.route(app.config["SECURITY_REGISTER_URL"], methods=["GET", "POST"], endpoint="register")(
+            register
+        )
 
     if state.recoverable:
-        bp.route(app.config['SECURITY_RESET_URL'],
-                 methods=['GET', 'POST'],
-                 endpoint='forgot_password')(forgot_password)
         bp.route(
-            app.config['SECURITY_RESET_URL'] + slash_url_suffix(app.config['SECURITY_RESET_URL'], '<token>'),
-            methods=['GET', 'POST'],
-            endpoint='reset_password'
+            app.config["SECURITY_RESET_URL"], methods=["GET", "POST"], endpoint="forgot_password"
+        )(forgot_password)
+        bp.route(
+            app.config["SECURITY_RESET_URL"]
+            + slash_url_suffix(app.config["SECURITY_RESET_URL"], "<token>"),
+            methods=["GET", "POST"],
+            endpoint="reset_password",
         )(reset_password)
 
     if state.changeable:
-        bp.route(app.config['SECURITY_CHANGE_URL'],
-                 methods=['GET', 'POST'],
-                 endpoint='change_password')(change_password)
+        bp.route(
+            app.config["SECURITY_CHANGE_URL"], methods=["GET", "POST"], endpoint="change_password"
+        )(change_password)
 
     if state.confirmable:
-        bp.route(app.config['SECURITY_CONFIRM_URL'],
-                 methods=['GET', 'POST'],
-                 endpoint='send_confirmation')(send_confirmation)
         bp.route(
-            app.config['SECURITY_CONFIRM_URL'] + slash_url_suffix(app.config['SECURITY_CONFIRM_URL'], '<token>'),
-            methods=['GET', 'POST'],
-            endpoint='confirm_email'
+            app.config["SECURITY_CONFIRM_URL"],
+            methods=["GET", "POST"],
+            endpoint="send_confirmation",
+        )(send_confirmation)
+        bp.route(
+            app.config["SECURITY_CONFIRM_URL"]
+            + slash_url_suffix(app.config["SECURITY_CONFIRM_URL"], "<token>"),
+            methods=["GET", "POST"],
+            endpoint="confirm_email",
         )(confirm_email)
 
-    bp.route('/confirm-change-email/<token>',
-             methods=['GET', 'POST'],
-             endpoint='confirm_change_email')(confirm_change_email)
+    bp.route(
+        "/confirm-change-email/<token>", methods=["GET", "POST"], endpoint="confirm_change_email"
+    )(confirm_change_email)
 
-    bp.route('/change-email', methods=['GET', 'POST'], endpoint='change_email')(change_email)
+    bp.route("/change-email", methods=["GET", "POST"], endpoint="change_email")(change_email)
 
     return bp