viur-core 3.9.0.dev4__tar.gz → 3.9.0.dev5__tar.gz

{viur_core-3.9.0.dev4/src/viur_core.egg-info → viur_core-3.9.0.dev5}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: viur-core
-Version: 3.9.0.dev4
+Version: 3.9.0.dev5
 Summary: The core component of ViUR, a development framework for Google App Engine
 Author-email: Mausbrand Informationssysteme GmbH <devs@viur.dev>
 Maintainer-email: Jan Max Meyer <jm@mausbrand.de>
@@ -48,6 +48,7 @@ Requires-Dist: google-cloud-bigquery~=3.0
 Requires-Dist: google-cloud-datastore~=2.0
 Requires-Dist: google-cloud-iam~=2.0
 Requires-Dist: google-cloud-logging~=3.0
+Requires-Dist: google-cloud-recaptcha-enterprise~=1.0
 Requires-Dist: google-cloud-secret-manager~=2.0
 Requires-Dist: google-cloud-storage~=2.0
 Requires-Dist: google-cloud-tasks~=2.0

{viur_core-3.9.0.dev4 → viur_core-3.9.0.dev5}/pyproject.toml

@@ -14,6 +14,7 @@ dependencies = [
     "google-cloud-datastore~=2.0",
     "google-cloud-iam~=2.0",
     "google-cloud-logging~=3.0",
+    "google-cloud-recaptcha-enterprise~=1.0",
     "google-cloud-secret-manager~=2.0",
     "google-cloud-storage~=2.0",
     "google-cloud-tasks~=2.0",

viur_core-3.9.0.dev5/src/viur/core/bones/captcha.py

@@ -0,0 +1,177 @@
+import logging
+import typing as t
+import warnings
+
+from viur.core import conf, current
+from viur.core.bones.base import BaseBone, ReadFromClientError, ReadFromClientErrorSeverity
+
+from google.cloud import recaptchaenterprise_v1
+from google.cloud.recaptchaenterprise_v1 import Assessment
+
+if t.TYPE_CHECKING:
+    from viur.core.skeleton import SkeletonInstance
+
+
+class CaptchaBone(BaseBone):
+    r"""
+    The CaptchaBone validates reCAPTCHA Enterprise tokens to protect forms from bots.
+
+    It uses the Google reCAPTCHA Enterprise API and supports both invisible (v3-style score-based)
+    and visible (checkbox widget) challenges via the ``render_challenge`` parameter.
+
+    The token is submitted by the client as the bone's field value and verified server-side
+    against the configured site key. A configurable score threshold determines whether
+    invisible challenges pass.
+
+    .. seealso::
+
+        `Google reCAPTCHA Enterprise setup
+        <https://cloud.google.com/recaptcha/docs/set-up-non-google-cloud-environments-api-keys>`
+        for creating a site key and enabling the API.
+
+        Option :attr:`core.config.Security.captcha_default_public_key`
+        for global security settings.
+
+        Option :attr:`core.config.Security.captcha_enforce_always`
+        to enforce validation even on development servers.
+    """
+
+    type = "captcha"
+
+    def __init__(
+        self,
+        *,
+        public_key: str = None,
+        score_threshold: float = 0.5,
+        render_challenge: bool = False,
+        recaptcha_action: str = "",
+        **kwargs: t.Any
+    ):
+        """
+        Initializes a new CaptchaBone.
+
+        :param public_key: The reCAPTCHA Enterprise site key shown to the client.
+            Can be omitted if set globally via :attr:`core.config.Security.captcha_default_public_key`.
+        :param score_threshold: Minimum score (0–1) required for invisible challenges to pass.
+            Ignored when ``render_challenge`` is ``True``.
+        :param render_challenge: If ``True``, renders a visible checkbox widget instead of
+            running an invisible background check.
+        :param recaptcha_action: The action name passed to reCAPTCHA for analytics and scoring.
+            Should match the action used on the client side.
+        """
+        if "publicKey" in kwargs:
+            warnings.warn("publicKey parameter is deprecated, please use public_key",
+                          DeprecationWarning, stacklevel=2)
+            public_key = kwargs.pop("publicKey")
+        super().__init__(**kwargs)
+        if not public_key and conf.security.captcha_default_public_key:
+            public_key = conf.security.captcha_default_public_key
+        if not public_key:
+            raise ValueError("CaptchaBone requires either a public_key or conf.security.captcha_default_public_key")
+
+        self.public_key = public_key
+
+        if not (0 < score_threshold <= 1):
+            raise ValueError("score_threshold must be between 0 and 1.")
+        self.render_challenge = render_challenge
+        self.recaptcha_action = recaptcha_action
+        self.score_threshold = score_threshold
+        self.required = True
+
+    def serialize(self, skel: "SkeletonInstance", name: str, parentIndexed: bool) -> bool:
+        """
+        Serializing the Captcha bone is not possible so it return False
+        """
+        return False
+
+    def unserialize(self, skel: "SkeletonInstance", name) -> t.Literal[True]:
+        """
+        Stores the public_key in the SkeletonInstance
+
+        :param skel: The target :class:`SkeletonInstance`.
+        :param name: The name of the CaptchaBone in the :class:`SkeletonInstance`.
+
+        :returns: boolean, that is true, as the Captcha bone is always unserialized successfully.
+        """
+        skel.accessedValues[name] = self.public_key
+        return True
+
+    def fromClient(self, skel: "SkeletonInstance", name: str, data: dict) -> None | list[ReadFromClientError]:
+        """
+        Load the reCAPTCHA token from the provided data and validate it with the help of the API.
+
+        reCAPTCHA provides the token via callback usually as "g-recaptcha-response",
+        but to fit into the skeleton logic, we support both names.
+        So the token can be provided as "g-recaptcha-response" or the name of the CaptchaBone in the Skeleton.
+        While the latter one is the preferred name.
+        """
+
+        if not conf.security.captcha_enforce_always and conf.instance.is_dev_server:
+            logging.info("Skipping captcha validation on development server")
+            return None
+        if not conf.security.captcha_enforce_always and (user := current.user.get()) and "root" in user["access"]:
+            logging.info("Skipping captcha validation for root user")
+            return None  # Don't bother trusted users with this (not supported by admin/vi anyway)
+
+        client = recaptchaenterprise_v1.RecaptchaEnterpriseServiceClient()
+
+        # Set the attributes of the event to be tracked.
+        event = recaptchaenterprise_v1.Event()
+        event.site_key = self.public_key
+        if name in data:
+            event.token = data[name]
+        else:
+            return [ReadFromClientError(
+                ReadFromClientErrorSeverity.NotSet,
+                "Token not set"
+            )]
+        assessment = recaptchaenterprise_v1.Assessment()
+        assessment.event = event
+
+        project_name = f"projects/{conf.instance.project_id}"
+
+        # Create the assessment request.
+        request = recaptchaenterprise_v1.CreateAssessmentRequest()
+        request.assessment = assessment
+        request.parent = project_name
+
+        response = client.create_assessment(request)
+
+        if not response.token_properties.valid:
+            logging.info(
+                "The CreateAssessment call failed because the token was "
+                + "invalid for the following reasons: "
+                + str(response.token_properties.invalid_reason)
+            )
+            return [ReadFromClientError(
+                ReadFromClientErrorSeverity.Invalid,
+                "Invalid Token"
+            )]
+
+        # Check if the expected action was executed.
+        if response.token_properties.action != self.recaptcha_action:
+            logging.info(
+                "The action attribute in your reCAPTCHA tag does not match the action you are expecting to score"
+            )
+            return [ReadFromClientError(
+                ReadFromClientErrorSeverity.Invalid,
+                f"Invalid Action: {self.recaptcha_action}"
+            )]
+        else:
+            # Retrieve the risk score and reasons.
+            # For more information on interpreting the assessment, see:
+            # https://cloud.google.com/recaptcha/docs/interpret-assessment
+            if response.risk_analysis.score < self.score_threshold:
+                return [ReadFromClientError(
+                    ReadFromClientErrorSeverity.Invalid,
+                    f"Invalid Captcha: {response.risk_analysis.score}"
+                )]
+
+        return None
+
+    def structure(self) -> dict:
+        return super().structure() | {
+            "public_key": self.public_key,
+            "render_challenge": self.render_challenge,
+            "action": self.recaptcha_action
+        }

{viur_core-3.9.0.dev4 → viur_core-3.9.0.dev5}/src/viur/core/bones/randomslice.py

@@ -112,13 +112,13 @@ class RandomSliceBone(BaseBone):
                 q = db.QueryDefinition(origKind, {}, [])
                 property, value = applyFilterHook(dbFilter, f"{name} <=", rndVal)
                 q.filters[property] = value
-                q.orders = [(name, db.SortOrder.Descending)]
+                q.orders = [db.QueryOrder(name, db.SortOrder.Descending)]
                 queries.append(q)
                 # Left Side
                 q = db.QueryDefinition(origKind, {}, [])
                 property, value = applyFilterHook(dbFilter, f"{name} >", rndVal)
                 q.filters[property] = value
-                q.orders = [(name, db.SortOrder.Ascending)]
+                q.orders = [db.QueryOrder(name)]
                 queries.append(q)
             dbFilter.queries = queries
             # Map the original filter back in

{viur_core-3.9.0.dev4 → viur_core-3.9.0.dev5}/src/viur/core/bones/relational.py

@@ -965,7 +965,12 @@ class RelationalBone(BaseBone):
                 raise RuntimeError()
             return f"src.{param}", value
 
-    def orderHook(self, name: str, query: db.Query, orderings):  # FIXME
+    def orderHook(
+        self,
+        name: str,
+        query: db.Query,
+        orderings: list[db.QueryOrder | str] | tuple[db.QueryOrder | str, ...],
+    ) -> list[db.QueryOrder | str] | tuple[db.QueryOrder | str]:
         """
         Hook installed by buildDbFilter that rewrites orderings added to the query to match the layout of the
         viur-relations index and performs sanity checks on the query.
@@ -977,21 +982,23 @@ class RelationalBone(BaseBone):
         :param name: The name of the bone.
         :param query: The datastore query to be modified.
         :param orderings: A list or tuple of orderings to be checked and potentially modified.
-        :type orderings: List[Union[str, Tuple[str, db.SortOrder]]] or Tuple[Union[str, Tuple[str, db.SortOrder]]]
 
         :return: A list of modified orderings that are compatible with the viur-relations index.
-        :rtype: List[Union[str, Tuple[str, db.SortOrder]]]
 
         :raises RuntimeError: If the ordering is invalid, e.g., using properties not in 'refKeys' or 'parentKeys'.
         """
         res = []
-        if not isinstance(orderings, list) and not isinstance(orderings, tuple):
+        if isinstance(orderings, (str, db.QueryOrder)):
             orderings = [orderings]
+        elif not isinstance(orderings, list):
+            orderings = list(orderings)
         for order in orderings:
-            if isinstance(order, tuple):
-                orderKey = order[0]
-            else:
+            if isinstance(order, db.QueryOrder):
+                orderKey = order.name
+            elif isinstance(order, str):
                 orderKey = order
+            else:
+                raise TypeError(f"Invalid ordering {order!r} in orderHook")
             if orderKey.startswith("dest.") or orderKey.startswith("rel.") or orderKey.startswith("src."):
                 # This is already valid for our relational index
                 res.append(order)
@@ -1005,7 +1012,7 @@ class RelationalBone(BaseBone):
                     res.append(order)
                 else:
                     if isinstance(order, tuple):
-                        res.append((f"dest.{k}", order[1]))
+                        res.append(db.QueryOrder(f"dest.{k}", order[1]))
                     else:
                         res.append(f"dest.{k}")
             else:
@@ -1019,7 +1026,7 @@ class RelationalBone(BaseBone):
                             f"Invalid ordering! {orderKey} is not in parentKeys of RelationalBone {name}!")
                         raise RuntimeError()
                     if isinstance(order, tuple):
-                        res.append((f"src.{orderKey}", order[1]))
+                        res.append(db.QueryOrder(f"src.{orderKey}", order[1]))
                     else:
                         res.append(f"src.{orderKey}")
         return res

{viur_core-3.9.0.dev4 → viur_core-3.9.0.dev5}/src/viur/core/bones/spatial.py

@@ -281,22 +281,22 @@ class SpatialBone(BaseBone):
             q1 = deepcopy(origQuery)
             q1.filters[name + ".coordinates.lat >="] = lat
             q1.filters[name + ".tiles.lat ="] = tileLat
-            q1.orders = [(name + ".coordinates.lat", db.SortOrder.Ascending)]
+            q1.orders = [db.QueryOrder(name + ".coordinates.lat")]
             # Lat - Left Side
             q2 = deepcopy(origQuery)
             q2.filters[name + ".coordinates.lat <"] = lat
             q2.filters[name + ".tiles.lat ="] = tileLat
-            q2.orders = [(name + ".coordinates.lat", db.SortOrder.Descending)]
+            q2.orders = [db.QueryOrder(name + ".coordinates.lat", db.SortOrder.Descending)]
             # Lng - Down
             q3 = deepcopy(origQuery)
             q3.filters[name + ".coordinates.lng >="] = lng
             q3.filters[name + ".tiles.lng ="] = tileLng
-            q3.orders = [(name + ".coordinates.lng", db.SortOrder.Ascending)]
+            q3.orders = [db.QueryOrder(name + ".coordinates.lng")]
             # Lng - Top
             q4 = deepcopy(origQuery)
             q4.filters[name + ".coordinates.lng <"] = lng
             q4.filters[name + ".tiles.lng ="] = tileLng
-            q4.orders = [(name + ".coordinates.lng", db.SortOrder.Descending)]
+            q4.orders = [db.QueryOrder(name + ".coordinates.lng", db.SortOrder.Descending)]
             dbFilter.queries = [q1, q2, q3, q4]
             dbFilter._customMultiQueryMerge = lambda *args, **kwargs: self.customMultiQueryMerge(name, lat, lng, *args,
                                                                                                  **kwargs)
@@ -378,7 +378,8 @@ class SpatialBone(BaseBone):
 
         :param skel: Dictionary with the current values from the skeleton the bone belongs to
         :param boneName: The name of the bone that should be modified
-        :param value: The value that should be assigned. Its type depends on the type of the bone
+        :param value: The value that should be assigned. Either a tuple/list of (lat, lng) or a dict
+            with keys ``lat`` and ``lng``
         :param append: If True, the given value will be appended to the existing bone values instead of
             replacing them. Only supported on bones with multiple=True
         :param language: Optional, the language of the value if the bone is language-aware
@@ -387,7 +388,12 @@ class SpatialBone(BaseBone):
         """
         if append:
             raise ValueError(f"append is not possible on {self.type} bones")
-        if not isinstance(value, (tuple, list)) and len(value) == 2:
+        if isinstance(value, dict):
+            try:
+                value = (float(value["lat"]), float(value["lng"]))
+            except (KeyError, TypeError, ValueError):
+                raise ValueError("Value dict must contain 'lat' and 'lng' keys as floats")
+        if not isinstance(value, (tuple, list)) or len(value) != 2:
             raise ValueError("Value must be a tuple or a list of (lat, lng)")
         skel[boneName] = tuple(value)
 

{viur_core-3.9.0.dev4 → viur_core-3.9.0.dev5}/src/viur/core/bones/text.py

@@ -414,7 +414,7 @@ class TextBone(RawBone):
             from viur.core.bones.file import ensureDerived
             for blob_key in blob_keys:
                 file_obj = db.Query("file").filter("dlkey =", blob_key) \
-                    .order(("creationdate", db.SortOrder.Ascending)).getEntry()
+                    .order(db.QueryOrder("creationdate")).getEntry()
                 if file_obj:
                     ensureDerived(file_obj.key, f"{skel.kindName}_{name}", derive_dict, skel["key"])
 

{viur_core-3.9.0.dev4 → viur_core-3.9.0.dev5}/src/viur/core/config.py

@@ -28,10 +28,6 @@ _T = t.TypeVar("_T")
 Multiple: t.TypeAlias = list[_T] | tuple[_T] | set[_T] | frozenset[_T]  # TODO: Refactor for Python 3.12
 
 
-class CaptchaDefaultCredentialsType(t.TypedDict):
-    """Expected type of global captcha credential, see :attr:`Security.captcha_default_credentials`"""
-    sitekey: str
-    secret: str
 
 
 class ConfigType:
@@ -415,7 +411,7 @@ class Security(ConfigType):
     x_permitted_cross_domain_policies: t.Optional[t.Literal["none", "master-only", "by-content-type", "all"]] = "none"
     """Unless set to logical none; ViUR will emit a X-Permitted-Cross-Domain-Policies with each request"""
 
-    captcha_default_credentials: t.Optional[CaptchaDefaultCredentialsType] = None
+    captcha_default_public_key: t.Optional[str] = None
     """The default sitekey and secret to use for the :class:`CaptchaBone`.
     If set, must be a dictionary of "sitekey" and "secret".
     """
@@ -508,8 +504,6 @@ class Security(ConfigType):
         "xXssProtection": "x_xss_protection",
         "xContentTypeOptions": "x_content_type_options",
         "xPermittedCrossDomainPolicies": "x_permitted_cross_domain_policies",
-        "captcha_defaultCredentials": "captcha_default_credentials",
-        "captcha.defaultCredentials": "captcha_default_credentials",
     }
 
 

{viur_core-3.9.0.dev4 → viur_core-3.9.0.dev5}/src/viur/core/db/__init__.py

@@ -27,6 +27,7 @@ from .types import (
     Key,
     KeyType,
     QueryDefinition,
+    QueryOrder,
     SortOrder,
 )
 from .utils import (
@@ -51,6 +52,7 @@ __all__ = [
     "KEY_SPECIAL_PROPERTY",
     "DATASTORE_BASE_TYPES",
     "SortOrder",
+    "QueryOrder",
     "Entity",
     "QueryDefinition",
     "Key",

{viur_core-3.9.0.dev4 → viur_core-3.9.0.dev5}/src/viur/core/db/query.py

@@ -13,6 +13,7 @@ from .types import (
     Entity,
     KEY_SPECIAL_PROPERTY,
     QueryDefinition,
+    QueryOrder,
     SortOrder,
     TFilters,
     TOrders,
@@ -282,14 +283,14 @@ class Query(object):
             if op in {"<", "<=", ">", ">="}:
                 if isinstance(self.queries, list):
                     for queryObj in self.queries:
-                        if not queryObj.orders or queryObj.orders[0][0] != field:
-                            queryObj.orders = [(field, SortOrder.Ascending)] + (queryObj.orders or [])
+                        if not queryObj.orders or queryObj.orders[0].name != field:
+                            queryObj.orders = [QueryOrder(field)] + (queryObj.orders or [])
                 else:
-                    if not self.queries.orders or self.queries.orders[0][0] != field:
-                        self.queries.orders = [(field, SortOrder.Ascending)] + (self.queries.orders or [])
+                    if not self.queries.orders or self.queries.orders[0].name != field:
+                        self.queries.orders = [QueryOrder(field)] + (self.queries.orders or [])
         return self
 
-    def order(self, *orderings: t.Tuple[str, SortOrder]) -> t.Self:
+    def order(self, *orderings: QueryOrder | t.Tuple[str, SortOrder] | str) -> t.Self:
         """
         Specify a query sorting.
 
@@ -301,7 +302,10 @@ class Query(object):
         .. code-block:: python
 
             query = Query("Person")
-            query.order(("bday" db.SortOrder.Ascending), ("age", db.SortOrder.Descending))
+            query.order(
+                db.QueryOrder("bday"),
+                db.QueryOrder("age", db.SortOrder.Descending),
+            )
 
         sorts every Person in order of their birthday, starting with January 1.
         People with the same birthday are sorted by age, oldest to youngest.
@@ -311,7 +315,7 @@ class Query(object):
         from scratch.
 
         If an inequality filter exists in this Query it must be the first property
-        passed to ``order()``. t.Any number of sort orders may be used after the
+        passed to ``order()``. Any number of sort orders may be used after the
         inequality filter property. Without inequality filters, any number of
         filters with different orders may be specified.
 
@@ -328,8 +332,9 @@ class Query(object):
         made to compare property values across types.
 
 
-        :param orderings: The properties to sort by, in sort order.
-            Each argument must be a (name, direction) 2-tuple.
+        :param orderings: The properties to sort by, in sort order. Each argument may be a
+            :class:`QueryOrder`, a ``(name, direction)`` tuple, or a plain ``str`` (implies
+            ``SortOrder.Ascending``).
         :returns: Returns the query itself for chaining.
         """
         if self.queries is None:
@@ -340,12 +345,20 @@ class Query(object):
         orders = []
         for order in orderings:
             if isinstance(order, str):
-                order = (order, SortOrder.Ascending)
-
-            if not (isinstance(order[0], str) and isinstance(order[1], SortOrder)):
+                order = QueryOrder(order)
+            elif isinstance(order, QueryOrder):
+                pass
+            elif (
+                isinstance(order, (tuple, list)) and
+                len(order) == 2 and
+                isinstance(order[0], str) and isinstance(order[1], SortOrder)
+            ):
+                order = QueryOrder(order[0], order[1])
+            else:
                 raise TypeError(
-                    f"Invalid ordering {order}, it has to be a tuple. Try: `(\"{order}\", SortOrder.Ascending)`")
-
+                    f"Invalid ordering {order!r}, expected a (str, SortOrder) tuple or QueryOrder."
+                    f' Try: `QueryOrder("{order}")`'
+                )
             orders.append(order)
 
         if self._orderHook is not None:
@@ -445,7 +458,7 @@ class Query(object):
                 q = self.queries[0]
         return base64.urlsafe_b64encode(q.currentCursor).decode("ASCII") if q.currentCursor else None
 
-    def get_orders(self) -> t.List[t.Tuple[str, SortOrder]] | None:
+    def get_orders(self) -> t.List[QueryOrder] | None:
         """
         Get the orders from this query.
 
@@ -502,10 +515,10 @@ class Query(object):
         return self._resort_result(res, {}, self.queries[0].orders)
 
     def _resort_result(
-            self,
-            entities: t.List[Entity],
-            filters: t.Dict[str, DATASTORE_BASE_TYPES],
-            orders: t.List[t.Tuple[str, SortOrder]],
+        self,
+        entities: t.List[Entity],
+        filters: t.Dict[str, DATASTORE_BASE_TYPES],
+        orders: t.List[QueryOrder],
     ) -> t.List[Entity]:
         """
         Internal helper that takes a (deduplicated) list of entities that has been fetched from different internal
@@ -550,8 +563,8 @@ class Query(object):
             if "<" in end or ">" in end:
                 ineqFilter = k.split(" ")[0]
                 break
-        if ineqFilter and (not orders or not orders[0][0] == ineqFilter):
-            orders = [(ineqFilter, SortOrder.Ascending)] + (orders or [])
+        if ineqFilter and (not orders or not orders[0].name == ineqFilter):
+            orders = [QueryOrder(ineqFilter)] + (orders or [])
 
         for orderField, direction in orders[::-1]:
             if orderField == KEY_SPECIAL_PROPERTY:
@@ -572,10 +585,10 @@ class Query(object):
         """
         resultList = list(resultList)
         if (
-                resultList
-                and resultList[0].key.kind != self.origKind
-                and resultList[0].key.parent
-                and resultList[0].key.parent.kind == self.origKind
+            resultList
+            and resultList[0].key.kind != self.origKind
+            and resultList[0].key.parent
+            and resultList[0].key.parent.kind == self.origKind
         ):
             return list(get(list(dict.fromkeys([x.key.parent for x in resultList]))))
 

{viur_core-3.9.0.dev4 → viur_core-3.9.0.dev5}/src/viur/core/db/transport.py

@@ -207,14 +207,12 @@ def run_single_filter(query: QueryDefinition, limit: int, keys_only: bool) -> t.
 
         if query.orders:
             hasInvertedOrderings = any(
-                [
-                    x[1] in [SortOrder.InvertedAscending, SortOrder.InvertedDescending]
-                    for x in query.orders
-                ]
+                order.order in (SortOrder.InvertedAscending, SortOrder.InvertedDescending)
+                for order in query.orders
             )
             qry.order = [
-                x[0] if x[1] in [SortOrder.Ascending, SortOrder.InvertedDescending] else f"-{x[0]}"
-                for x in query.orders
+                order.name if order.order in (SortOrder.Ascending, SortOrder.InvertedDescending) else f"-{order.name}"
+                for order in query.orders
             ]
 
         if query.distinct:

{viur_core-3.9.0.dev4 → viur_core-3.9.0.dev5}/src/viur/core/db/types.py

@@ -36,6 +36,12 @@ class SortOrder(enum.Enum):
     """Fetch A->Z, then flip the results (useful in pagination)"""
 
 
+class QueryOrder(t.NamedTuple):
+    """A named tuple describing a single sort order for a datastore query."""
+    name: str
+    order: SortOrder = SortOrder.Ascending
+
+
 class Key(Datastore_key):
     """
         The python representation of one datastore key. Unlike the original implementation, we don't store a
@@ -165,7 +171,7 @@ KeyType: t.TypeAlias = Key | str | int
 Alias that describes a key-type.
 """
 
-TOrders: t.TypeAlias = list[tuple[str, SortOrder]]
+TOrders: t.TypeAlias = list[QueryOrder]
 TFilters: t.TypeAlias = dict[str, DATASTORE_BASE_TYPES | list[DATASTORE_BASE_TYPES]]
 
 

{viur_core-3.9.0.dev4 → viur_core-3.9.0.dev5}/src/viur/core/modules/file.py

@@ -748,7 +748,8 @@ class File(Tree):
             return ""
 
         if isinstance(file, str):
-            file = db.Query("file").filter("dlkey =", file).order(("creationdate", db.SortOrder.Ascending)).getEntry()
+            file = db.Query("file").filter("dlkey =", file).order(
+                db.QueryOrder("creationdate")).getEntry()
 
         if not file:
             return ""

{viur_core-3.9.0.dev4 → viur_core-3.9.0.dev5}/src/viur/core/modules/script.py

@@ -120,6 +120,11 @@ class Script(Tree):
         super().onEdit(skelType, skel)
 
     def onEdited(self, skelType, skel):
+        old_path = skel["path"]
+        self.update_path(skel)
+        if skel["path"] != old_path:
+            skel.patch({"path": skel["path"]})
+
         if skelType == "node":
             self.update_path_recursive("node", skel["path"], skel["key"])
             self.update_path_recursive("leaf", skel["path"], skel["key"])
@@ -158,9 +163,9 @@ class Script(Tree):
             if not parent_skel.read(key) or parent_skel["key"] == skel["parentrepo"]:
                 break
 
-            path.insert(0, parent_skel["name"])
+            if parent_skel["name"]:
+                path.insert(0, parent_skel["name"])
             key = parent_skel["parententry"]
-
         skel["path"] = "/".join(path)
 
     @exposed

{viur_core-3.9.0.dev4 → viur_core-3.9.0.dev5}/src/viur/core/modules/translation.py

@@ -10,7 +10,7 @@ from viur.core.decorators import exposed
 from viur.core.bones import *
 from viur.core.i18n import KINDNAME, initializeTranslations, systemTranslations, translate
 from viur.core.prototypes.list import List
-from viur.core.skeleton import Skeleton, ViurTagsSearchAdapter
+from viur.core.skeleton import Skeleton, SkeletonInstance, ViurTagsSearchAdapter
 
 
 class Creator(enum.Enum):
@@ -211,7 +211,7 @@ class Translation(List):
         "admin": "*",
     }
 
-    def addSkel(self):
+    def addSkel(self) -> SkeletonInstance["TranslationSkel"]:
         """
         Returns a custom TranslationSkel where the name is editable.
         The name becomes part of the key.

{viur_core-3.9.0.dev4 → viur_core-3.9.0.dev5}/src/viur/core/modules/user.py

@@ -557,7 +557,7 @@ class UserPassword(UserPrimaryAuthentication):
     def canAdd(self) -> bool:
         return self.registrationEnabled
 
-    def addSkel(self):
+    def addSkel(self) -> skeleton.SkeletonInstance["UserSkel"]:
         """
             Prepare the add-Skel for rendering.
             Currently only calls self._user_module.addSkel() and sets skel["status"] depending on
@@ -1350,7 +1350,7 @@ class User(List):
 
         return ret
 
-    def addSkel(self):
+    def addSkel(self) -> skeleton.SkeletonInstance["UserSkel"]:
         skel = super().addSkel().clone()
 
         if self.is_admin(current.user.get()):
@@ -1377,7 +1377,7 @@ class User(List):
         skel.name.readOnly = False  # Don't enforce readonly name in user/add
         return skel
 
-    def editSkel(self, *args, **kwargs):
+    def editSkel(self, *args, **kwargs) -> skeleton.SkeletonInstance["UserSkel"]:
         skel = super().editSkel().clone()
 
         if "password" in skel: