viur-core 3.9.0.dev3__tar.gz → 3.9.0.dev5__tar.gz

{viur_core-3.9.0.dev3 → viur_core-3.9.0.dev5}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: viur-core
-Version: 3.9.0.dev3
+Version: 3.9.0.dev5
 Summary: The core component of ViUR, a development framework for Google App Engine
 Author-email: Mausbrand Informationssysteme GmbH <devs@viur.dev>
 Maintainer-email: Jan Max Meyer <jm@mausbrand.de>
@@ -48,6 +48,7 @@ Requires-Dist: google-cloud-bigquery~=3.0
 Requires-Dist: google-cloud-datastore~=2.0
 Requires-Dist: google-cloud-iam~=2.0
 Requires-Dist: google-cloud-logging~=3.0
+Requires-Dist: google-cloud-recaptcha-enterprise~=1.0
 Requires-Dist: google-cloud-secret-manager~=2.0
 Requires-Dist: google-cloud-storage~=2.0
 Requires-Dist: google-cloud-tasks~=2.0

{viur_core-3.9.0.dev3 → viur_core-3.9.0.dev5}/pyproject.toml

@@ -14,6 +14,7 @@ dependencies = [
     "google-cloud-datastore~=2.0",
     "google-cloud-iam~=2.0",
     "google-cloud-logging~=3.0",
+    "google-cloud-recaptcha-enterprise~=1.0",
     "google-cloud-secret-manager~=2.0",
     "google-cloud-storage~=2.0",
     "google-cloud-tasks~=2.0",

{viur_core-3.9.0.dev3 → viur_core-3.9.0.dev5}/src/viur/core/__init__.py

@@ -18,6 +18,7 @@ from types import ModuleType
 from viur.core import i18n, request, utils
 from viur.core.config import conf
 from viur.core.decorators import access, exposed, force_post, force_ssl, internal_exposed, skey
+from viur.core.request import before_request, after_request
 from viur.core.i18n import translate
 from viur.core.module import Method, Module
 import inspect
@@ -60,6 +61,8 @@ __all__ = [
     "PeriodicTask",
     # Decorators
     "access",
+    "after_request",
+    "before_request",
     "exposed",
     "force_post",
     "force_ssl",

{viur_core-3.9.0.dev3 → viur_core-3.9.0.dev5}/src/viur/core/bones/__init__.py

@@ -13,6 +13,7 @@ from .base import (
     UniqueValue,
 )
 from .boolean import BooleanBone
+from .code import CodeBone, JinjaBone, LogicsBone, PythonBone
 from .captcha import CaptchaBone
 from .color import ColorBone
 from .credential import CredentialBone
@@ -51,6 +52,10 @@ __all = [
     "BaseBone",
     "BooleanBone",
     "CaptchaBone",
+    "CodeBone",
+    "JinjaBone",
+    "LogicsBone",
+    "PythonBone",
     "CloneBehavior",
     "CloneStrategy",
     "ColorBone",

{viur_core-3.9.0.dev3 → viur_core-3.9.0.dev5}/src/viur/core/bones/base.py

@@ -798,18 +798,23 @@ class BaseBone(object):
         if self.languages and isinstance(self.required, (list, tuple)):
             missing = set(self.required).difference(filled_languages)
             if missing:
-                return [
+                result_errors = [
                     ReadFromClientError(ReadFromClientErrorSeverity.Empty, fieldPath=[lang])
                     for lang in missing
                 ]
+                self.after_from_client(skel, name, result_errors)
+                return result_errors or None
 
         if isEmpty:
-            return [ReadFromClientError(ReadFromClientErrorSeverity.Empty)]
+            result_errors = [ReadFromClientError(ReadFromClientErrorSeverity.Empty)]
+            self.after_from_client(skel, name, result_errors)
+            return result_errors or None
 
         # Check multiple constraints on demand
         if self.multiple and isinstance(self.multiple, MultipleConstraints):
             errors.extend(self._validate_multiple_contraints(self.multiple, skel, name))
 
+        self.after_from_client(skel, name, errors)
         return errors or None
 
     def _get_single_destinct_hash(self, value) -> t.Any:
@@ -1387,6 +1392,24 @@ class BaseBone(object):
         """
         pass
 
+    def after_from_client(self, skel: "SkeletonInstance", name: str, errors: list[ReadFromClientError]) -> None:
+        """
+        Called at the end of :meth:`fromClient` after ``skel[name]`` has been set and all
+        validation (including multiple-constraints) has run.
+
+        Override to post-process or normalize ``skel[name]`` in-place, or to add/remove
+        entries from ``errors``. Always called when the field was part of the submitted data
+        (i.e. ``skel[name]`` has been written), regardless of whether errors occurred.
+        The ``NotSet`` early-return (field absent from request) is the only case where this
+        hook is *not* called.
+
+        :param skel: The skeleton instance whose bone value was just read.
+        :param name: The attribute name of this bone within the skeleton.
+        :param errors: Mutable list of :class:`ReadFromClientError` collected so far.
+            Changes here affect the return value of :meth:`fromClient`.
+        """
+        pass
+
     def clone_value(self, skel: "SkeletonInstance", src_skel: "SkeletonInstance", bone_name: str) -> None:
         """Clone / Set the value for this bone depending on :attr:`clone_behavior`"""
         match self.clone_behavior.strategy:

viur_core-3.9.0.dev5/src/viur/core/bones/captcha.py

@@ -0,0 +1,177 @@
+import logging
+import typing as t
+import warnings
+
+from viur.core import conf, current
+from viur.core.bones.base import BaseBone, ReadFromClientError, ReadFromClientErrorSeverity
+
+from google.cloud import recaptchaenterprise_v1
+from google.cloud.recaptchaenterprise_v1 import Assessment
+
+if t.TYPE_CHECKING:
+    from viur.core.skeleton import SkeletonInstance
+
+
+class CaptchaBone(BaseBone):
+    r"""
+    The CaptchaBone validates reCAPTCHA Enterprise tokens to protect forms from bots.
+
+    It uses the Google reCAPTCHA Enterprise API and supports both invisible (v3-style score-based)
+    and visible (checkbox widget) challenges via the ``render_challenge`` parameter.
+
+    The token is submitted by the client as the bone's field value and verified server-side
+    against the configured site key. A configurable score threshold determines whether
+    invisible challenges pass.
+
+    .. seealso::
+
+        `Google reCAPTCHA Enterprise setup
+        <https://cloud.google.com/recaptcha/docs/set-up-non-google-cloud-environments-api-keys>`
+        for creating a site key and enabling the API.
+
+        Option :attr:`core.config.Security.captcha_default_public_key`
+        for global security settings.
+
+        Option :attr:`core.config.Security.captcha_enforce_always`
+        to enforce validation even on development servers.
+    """
+
+    type = "captcha"
+
+    def __init__(
+        self,
+        *,
+        public_key: str = None,
+        score_threshold: float = 0.5,
+        render_challenge: bool = False,
+        recaptcha_action: str = "",
+        **kwargs: t.Any
+    ):
+        """
+        Initializes a new CaptchaBone.
+
+        :param public_key: The reCAPTCHA Enterprise site key shown to the client.
+            Can be omitted if set globally via :attr:`core.config.Security.captcha_default_public_key`.
+        :param score_threshold: Minimum score (0–1) required for invisible challenges to pass.
+            Ignored when ``render_challenge`` is ``True``.
+        :param render_challenge: If ``True``, renders a visible checkbox widget instead of
+            running an invisible background check.
+        :param recaptcha_action: The action name passed to reCAPTCHA for analytics and scoring.
+            Should match the action used on the client side.
+        """
+        if "publicKey" in kwargs:
+            warnings.warn("publicKey parameter is deprecated, please use public_key",
+                          DeprecationWarning, stacklevel=2)
+            public_key = kwargs.pop("publicKey")
+        super().__init__(**kwargs)
+        if not public_key and conf.security.captcha_default_public_key:
+            public_key = conf.security.captcha_default_public_key
+        if not public_key:
+            raise ValueError("CaptchaBone requires either a public_key or conf.security.captcha_default_public_key")
+
+        self.public_key = public_key
+
+        if not (0 < score_threshold <= 1):
+            raise ValueError("score_threshold must be between 0 and 1.")
+        self.render_challenge = render_challenge
+        self.recaptcha_action = recaptcha_action
+        self.score_threshold = score_threshold
+        self.required = True
+
+    def serialize(self, skel: "SkeletonInstance", name: str, parentIndexed: bool) -> bool:
+        """
+        Serializing the Captcha bone is not possible so it return False
+        """
+        return False
+
+    def unserialize(self, skel: "SkeletonInstance", name) -> t.Literal[True]:
+        """
+        Stores the public_key in the SkeletonInstance
+
+        :param skel: The target :class:`SkeletonInstance`.
+        :param name: The name of the CaptchaBone in the :class:`SkeletonInstance`.
+
+        :returns: boolean, that is true, as the Captcha bone is always unserialized successfully.
+        """
+        skel.accessedValues[name] = self.public_key
+        return True
+
+    def fromClient(self, skel: "SkeletonInstance", name: str, data: dict) -> None | list[ReadFromClientError]:
+        """
+        Load the reCAPTCHA token from the provided data and validate it with the help of the API.
+
+        reCAPTCHA provides the token via callback usually as "g-recaptcha-response",
+        but to fit into the skeleton logic, we support both names.
+        So the token can be provided as "g-recaptcha-response" or the name of the CaptchaBone in the Skeleton.
+        While the latter one is the preferred name.
+        """
+
+        if not conf.security.captcha_enforce_always and conf.instance.is_dev_server:
+            logging.info("Skipping captcha validation on development server")
+            return None
+        if not conf.security.captcha_enforce_always and (user := current.user.get()) and "root" in user["access"]:
+            logging.info("Skipping captcha validation for root user")
+            return None  # Don't bother trusted users with this (not supported by admin/vi anyway)
+
+        client = recaptchaenterprise_v1.RecaptchaEnterpriseServiceClient()
+
+        # Set the attributes of the event to be tracked.
+        event = recaptchaenterprise_v1.Event()
+        event.site_key = self.public_key
+        if name in data:
+            event.token = data[name]
+        else:
+            return [ReadFromClientError(
+                ReadFromClientErrorSeverity.NotSet,
+                "Token not set"
+            )]
+        assessment = recaptchaenterprise_v1.Assessment()
+        assessment.event = event
+
+        project_name = f"projects/{conf.instance.project_id}"
+
+        # Create the assessment request.
+        request = recaptchaenterprise_v1.CreateAssessmentRequest()
+        request.assessment = assessment
+        request.parent = project_name
+
+        response = client.create_assessment(request)
+
+        if not response.token_properties.valid:
+            logging.info(
+                "The CreateAssessment call failed because the token was "
+                + "invalid for the following reasons: "
+                + str(response.token_properties.invalid_reason)
+            )
+            return [ReadFromClientError(
+                ReadFromClientErrorSeverity.Invalid,
+                "Invalid Token"
+            )]
+
+        # Check if the expected action was executed.
+        if response.token_properties.action != self.recaptcha_action:
+            logging.info(
+                "The action attribute in your reCAPTCHA tag does not match the action you are expecting to score"
+            )
+            return [ReadFromClientError(
+                ReadFromClientErrorSeverity.Invalid,
+                f"Invalid Action: {self.recaptcha_action}"
+            )]
+        else:
+            # Retrieve the risk score and reasons.
+            # For more information on interpreting the assessment, see:
+            # https://cloud.google.com/recaptcha/docs/interpret-assessment
+            if response.risk_analysis.score < self.score_threshold:
+                return [ReadFromClientError(
+                    ReadFromClientErrorSeverity.Invalid,
+                    f"Invalid Captcha: {response.risk_analysis.score}"
+                )]
+
+        return None
+
+    def structure(self) -> dict:
+        return super().structure() | {
+            "public_key": self.public_key,
+            "render_challenge": self.render_challenge,
+            "action": self.recaptcha_action
+        }

viur_core-3.9.0.dev5/src/viur/core/bones/code.py

@@ -0,0 +1,95 @@
+import ast
+import jinja2
+import logics
+from viur.core.bones.raw import RawBone
+
+
+class CodeBone(RawBone):
+    """
+    Stores source code with optional language-specific syntax validation.
+
+    The ``syntax`` parameter sets the type suffix used by the frontend for syntax
+    highlighting, e.g. ``syntax="python"`` yields ``type = "raw.code.python"``.
+    ``type_suffix`` can override this to an arbitrary suffix.
+
+    Neither ``multiple`` nor ``languages`` are supported.
+    Setting ``validate=False`` disables any syntax validation in subclasses.
+    """
+
+    type = "raw.code"
+
+    def __init__(
+        self,
+        *,
+        indexed: bool = False,
+        languages=None,
+        multiple: bool = False,
+        syntax: str | None = None,
+        type_suffix: str = "",
+        validate: bool = True,
+        **kwargs,
+    ):
+        assert not multiple, "CodeBone does not support multiple values"
+        assert not languages, "CodeBone does not support language variants"
+        self.syntax = syntax
+        self.validate = validate
+        if self.syntax:
+            type_suffix = type_suffix or syntax
+        super().__init__(indexed=indexed, type_suffix=type_suffix, **kwargs)
+
+
+class LogicsBone(CodeBone):
+    """
+    Validates its value as a Logics expression (https://github.com/viur-framework/logics).
+    Uses Python syntax highlighting in the frontend.
+    """
+
+    def __init__(self, *, syntax: str = "logics", **kwargs):
+        super().__init__(syntax=syntax, type_suffix="python", **kwargs)
+
+    def singleValueFromClient(self, value, skel, bone_name, client_data):
+        if value := str(value or "").strip():
+            value += "\n"
+        return super().singleValueFromClient(value, skel, bone_name, client_data)
+
+    def isInvalid(self, value):
+        if self.validate and value:
+            try:
+                logics.Logics(value)
+            except logics.ParseException as e:
+                return str(e).replace("&eof", "end-of-expression")
+
+
+class JinjaBone(CodeBone):
+    """
+    Validates its value as a Jinja2 template.
+    """
+
+    def __init__(self, *, syntax: str = "jinja2", **kwargs):
+        super().__init__(syntax=syntax, **kwargs)
+
+    def isInvalid(self, value):
+        if self.validate and value:
+            env = jinja2.Environment()
+            try:
+                env.parse(value)
+            except jinja2.TemplateSyntaxError as e:
+                return f"Syntax error in line {e.lineno}: {e.message}"
+            except jinja2.TemplateError as e:
+                return f"General error: {e}"
+
+
+class PythonBone(CodeBone):
+    """
+    Validates its value as Python source code.
+    """
+
+    def __init__(self, *, syntax: str = "python", **kwargs):
+        super().__init__(syntax=syntax, **kwargs)
+
+    def isInvalid(self, value):
+        if self.validate and value:
+            try:
+                ast.parse(value)
+            except SyntaxError as e:
+                return f"Syntax error in line {e.lineno}: {e.msg}"

{viur_core-3.9.0.dev3 → viur_core-3.9.0.dev5}/src/viur/core/bones/email.py

@@ -45,6 +45,10 @@ class EmailBone(StringBone):
             assert account and subDomain and tld
             assert subDomain[0] != "."
             assert len(account) <= 64
+            # RFC 5321: local part must not start/end with a dot or contain consecutive dots
+            assert not account.startswith(".")
+            assert not account.endswith(".")
+            assert ".." not in account
         except (ValueError, AssertionError):
             is_valid = False
 

{viur_core-3.9.0.dev3 → viur_core-3.9.0.dev5}/src/viur/core/bones/randomslice.py

@@ -112,13 +112,13 @@ class RandomSliceBone(BaseBone):
                 q = db.QueryDefinition(origKind, {}, [])
                 property, value = applyFilterHook(dbFilter, f"{name} <=", rndVal)
                 q.filters[property] = value
-                q.orders = [(name, db.SortOrder.Descending)]
+                q.orders = [db.QueryOrder(name, db.SortOrder.Descending)]
                 queries.append(q)
                 # Left Side
                 q = db.QueryDefinition(origKind, {}, [])
                 property, value = applyFilterHook(dbFilter, f"{name} >", rndVal)
                 q.filters[property] = value
-                q.orders = [(name, db.SortOrder.Ascending)]
+                q.orders = [db.QueryOrder(name)]
                 queries.append(q)
             dbFilter.queries = queries
             # Map the original filter back in

{viur_core-3.9.0.dev3 → viur_core-3.9.0.dev5}/src/viur/core/bones/relational.py

@@ -965,7 +965,12 @@ class RelationalBone(BaseBone):
                 raise RuntimeError()
             return f"src.{param}", value
 
-    def orderHook(self, name: str, query: db.Query, orderings):  # FIXME
+    def orderHook(
+        self,
+        name: str,
+        query: db.Query,
+        orderings: list[db.QueryOrder | str] | tuple[db.QueryOrder | str, ...],
+    ) -> list[db.QueryOrder | str] | tuple[db.QueryOrder | str]:
         """
         Hook installed by buildDbFilter that rewrites orderings added to the query to match the layout of the
         viur-relations index and performs sanity checks on the query.
@@ -977,21 +982,23 @@ class RelationalBone(BaseBone):
         :param name: The name of the bone.
         :param query: The datastore query to be modified.
         :param orderings: A list or tuple of orderings to be checked and potentially modified.
-        :type orderings: List[Union[str, Tuple[str, db.SortOrder]]] or Tuple[Union[str, Tuple[str, db.SortOrder]]]
 
         :return: A list of modified orderings that are compatible with the viur-relations index.
-        :rtype: List[Union[str, Tuple[str, db.SortOrder]]]
 
         :raises RuntimeError: If the ordering is invalid, e.g., using properties not in 'refKeys' or 'parentKeys'.
         """
         res = []
-        if not isinstance(orderings, list) and not isinstance(orderings, tuple):
+        if isinstance(orderings, (str, db.QueryOrder)):
             orderings = [orderings]
+        elif not isinstance(orderings, list):
+            orderings = list(orderings)
         for order in orderings:
-            if isinstance(order, tuple):
-                orderKey = order[0]
-            else:
+            if isinstance(order, db.QueryOrder):
+                orderKey = order.name
+            elif isinstance(order, str):
                 orderKey = order
+            else:
+                raise TypeError(f"Invalid ordering {order!r} in orderHook")
             if orderKey.startswith("dest.") or orderKey.startswith("rel.") or orderKey.startswith("src."):
                 # This is already valid for our relational index
                 res.append(order)
@@ -1005,7 +1012,7 @@ class RelationalBone(BaseBone):
                     res.append(order)
                 else:
                     if isinstance(order, tuple):
-                        res.append((f"dest.{k}", order[1]))
+                        res.append(db.QueryOrder(f"dest.{k}", order[1]))
                     else:
                         res.append(f"dest.{k}")
             else:
@@ -1019,7 +1026,7 @@ class RelationalBone(BaseBone):
                             f"Invalid ordering! {orderKey} is not in parentKeys of RelationalBone {name}!")
                         raise RuntimeError()
                     if isinstance(order, tuple):
-                        res.append((f"src.{orderKey}", order[1]))
+                        res.append(db.QueryOrder(f"src.{orderKey}", order[1]))
                     else:
                         res.append(f"src.{orderKey}")
         return res
@@ -1107,7 +1114,7 @@ class RelationalBone(BaseBone):
 
         ref_skel_cache, using_skel_cache = self._getSkels()
         for idx, lang, value in self.iter_bone_value(skel, name):
-            if value is None:
+            if not value:
                 continue
             if value["dest"]:
                 get_values(ref_skel_cache, value["dest"])

{viur_core-3.9.0.dev3 → viur_core-3.9.0.dev5}/src/viur/core/bones/spatial.py

@@ -281,22 +281,22 @@ class SpatialBone(BaseBone):
             q1 = deepcopy(origQuery)
             q1.filters[name + ".coordinates.lat >="] = lat
             q1.filters[name + ".tiles.lat ="] = tileLat
-            q1.orders = [(name + ".coordinates.lat", db.SortOrder.Ascending)]
+            q1.orders = [db.QueryOrder(name + ".coordinates.lat")]
             # Lat - Left Side
             q2 = deepcopy(origQuery)
             q2.filters[name + ".coordinates.lat <"] = lat
             q2.filters[name + ".tiles.lat ="] = tileLat
-            q2.orders = [(name + ".coordinates.lat", db.SortOrder.Descending)]
+            q2.orders = [db.QueryOrder(name + ".coordinates.lat", db.SortOrder.Descending)]
             # Lng - Down
             q3 = deepcopy(origQuery)
             q3.filters[name + ".coordinates.lng >="] = lng
             q3.filters[name + ".tiles.lng ="] = tileLng
-            q3.orders = [(name + ".coordinates.lng", db.SortOrder.Ascending)]
+            q3.orders = [db.QueryOrder(name + ".coordinates.lng")]
             # Lng - Top
             q4 = deepcopy(origQuery)
             q4.filters[name + ".coordinates.lng <"] = lng
             q4.filters[name + ".tiles.lng ="] = tileLng
-            q4.orders = [(name + ".coordinates.lng", db.SortOrder.Descending)]
+            q4.orders = [db.QueryOrder(name + ".coordinates.lng", db.SortOrder.Descending)]
             dbFilter.queries = [q1, q2, q3, q4]
             dbFilter._customMultiQueryMerge = lambda *args, **kwargs: self.customMultiQueryMerge(name, lat, lng, *args,
                                                                                                  **kwargs)
@@ -378,7 +378,8 @@ class SpatialBone(BaseBone):
 
         :param skel: Dictionary with the current values from the skeleton the bone belongs to
         :param boneName: The name of the bone that should be modified
-        :param value: The value that should be assigned. Its type depends on the type of the bone
+        :param value: The value that should be assigned. Either a tuple/list of (lat, lng) or a dict
+            with keys ``lat`` and ``lng``
         :param append: If True, the given value will be appended to the existing bone values instead of
             replacing them. Only supported on bones with multiple=True
         :param language: Optional, the language of the value if the bone is language-aware
@@ -387,7 +388,12 @@ class SpatialBone(BaseBone):
         """
         if append:
             raise ValueError(f"append is not possible on {self.type} bones")
-        if not isinstance(value, (tuple, list)) and len(value) == 2:
+        if isinstance(value, dict):
+            try:
+                value = (float(value["lat"]), float(value["lng"]))
+            except (KeyError, TypeError, ValueError):
+                raise ValueError("Value dict must contain 'lat' and 'lng' keys as floats")
+        if not isinstance(value, (tuple, list)) or len(value) != 2:
             raise ValueError("Value must be a tuple or a list of (lat, lng)")
         skel[boneName] = tuple(value)
 

{viur_core-3.9.0.dev3 → viur_core-3.9.0.dev5}/src/viur/core/bones/string.py

@@ -6,7 +6,7 @@ import typing as t
 import warnings
 from numbers import Number
 
-from viur.core import current, db, utils
+from viur.core import conf, current, db, utils
 from .base import ReadFromClientError, ReadFromClientErrorSeverity
 from .raw import RawBone
 
@@ -29,7 +29,7 @@ class StringBone(RawBone):
         max_length: int | None = 254,
         min_length: int | None = None,
         natural_sorting: bool | t.Callable = False,
-        escape_html: bool = True,
+        escape_html: bool | None = None,
         **kwargs
     ):
         """
@@ -46,6 +46,7 @@ class StringBone(RawBone):
             that creates the value for the index property.
         :param escape_html: Replace some characters in the string with HTML-safe sequences with
             using :meth:`utils.string.escape` for safe use in HTML.
+            Defaults to :attr:`conf.bone_string_escape_html` if not set explicitly.
         :param kwargs: Inherited arguments from the BaseBone.
         """
         # fixme: Remove in viur-core >= 4
@@ -71,7 +72,7 @@ class StringBone(RawBone):
         elif not natural_sorting:
             self.natural_sorting = None
         # else: keep self.natural_sorting as is
-        self.escape_html = escape_html
+        self.escape_html = conf.bone_string_escape_html if escape_html is None else escape_html
 
     def type_coerce_single_value(self, value: t.Any) -> str:
         """Convert a value to a string (if not already)

{viur_core-3.9.0.dev3 → viur_core-3.9.0.dev5}/src/viur/core/bones/text.py

@@ -414,7 +414,7 @@ class TextBone(RawBone):
             from viur.core.bones.file import ensureDerived
             for blob_key in blob_keys:
                 file_obj = db.Query("file").filter("dlkey =", blob_key) \
-                    .order(("creationdate", db.SortOrder.Ascending)).getEntry()
+                    .order(db.QueryOrder("creationdate")).getEntry()
                 if file_obj:
                     ensureDerived(file_obj.key, f"{skel.kindName}_{name}", derive_dict, skel["key"])
 

{viur_core-3.9.0.dev3 → viur_core-3.9.0.dev5}/src/viur/core/config.py

@@ -28,10 +28,6 @@ _T = t.TypeVar("_T")
 Multiple: t.TypeAlias = list[_T] | tuple[_T] | set[_T] | frozenset[_T]  # TODO: Refactor for Python 3.12
 
 
-class CaptchaDefaultCredentialsType(t.TypedDict):
-    """Expected type of global captcha credential, see :attr:`Security.captcha_default_credentials`"""
-    sitekey: str
-    secret: str
 
 
 class ConfigType:
@@ -415,7 +411,7 @@ class Security(ConfigType):
     x_permitted_cross_domain_policies: t.Optional[t.Literal["none", "master-only", "by-content-type", "all"]] = "none"
     """Unless set to logical none; ViUR will emit a X-Permitted-Cross-Domain-Policies with each request"""
 
-    captcha_default_credentials: t.Optional[CaptchaDefaultCredentialsType] = None
+    captcha_default_public_key: t.Optional[str] = None
     """The default sitekey and secret to use for the :class:`CaptchaBone`.
     If set, must be a dictionary of "sitekey" and "secret".
     """
@@ -508,8 +504,6 @@ class Security(ConfigType):
         "xXssProtection": "x_xss_protection",
         "xContentTypeOptions": "x_content_type_options",
         "xPermittedCrossDomainPolicies": "x_permitted_cross_domain_policies",
-        "captcha_defaultCredentials": "captcha_default_credentials",
-        "captcha.defaultCredentials": "captcha_default_credentials",
     }
 
 
@@ -794,6 +788,9 @@ class Conf(ConfigType):
     bone_boolean_str2true: Multiple[str | int] = ("true", "yes", "1")
     """Allowed values that define a str to evaluate to true"""
 
+    bone_string_escape_html: bool = True
+    """Default escape_html setting for StringBone. Set to False to disable HTML escaping globally."""
+
     bone_html_default_allow: "HtmlBoneConfiguration" = {
         "validTags": [
             "a",

viur_core-3.9.0.dev5/src/viur/core/contrib/__init__.py

@@ -0,0 +1,43 @@
+"""
+viur.core.contrib — optional, reusable application-level components.
+
+This package contains self-contained components that are commonly needed
+but *not* required to run a ViUR application.  Components are opt-in;
+import only what you use.
+
+Available modules
+-----------------
+loginkey
+    :class:`~viur.core.contrib.loginkey.IndexedCredentialBone` and
+    :class:`~viur.core.contrib.loginkey.LoginKey` — a
+    :class:`~viur.core.modules.user.UserPrimaryAuthentication` that
+    authenticates users via a secret token stored in a Datastore-indexed
+    :class:`~viur.core.bones.CredentialBone`.  Suitable for "magic link"
+    style logins or machine-to-machine auth.
+
+Usage example::
+
+    from viur.core.modules.user import User
+    from viur.core.contrib.loginkey import LoginKey
+
+    class MyUser(User):
+        authenticationProviders = [LoginKey, ...]
+
+ratelimit
+    :class:`~viur.core.contrib.ratelimit.RequestRateLimit` — a
+    :class:`~viur.core.request.RequestValidator` that enforces per-IP /
+    per-user request-rate limits using App Engine Memcache.  Suitable for
+    global rate-limiting and basic DDoS mitigation at the WSGI boundary.
+
+Usage example::
+
+    from viur.core.request import Router
+    from viur.core.contrib.ratelimit import RequestRateLimit, TimeWindow
+
+    Router.requestValidators.append(
+        RequestRateLimit(
+            rate_for_guests=TimeWindow(limit=200, time_window=60),
+            rate_for_users=TimeWindow(limit=500, time_window=60),
+        )
+    )
+"""