diff --git a/.gitignore b/.gitignore index 8862e290..a683cefa 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ config.yaml */*_modules/ .coverage -.cache \ No newline at end of file +.cache diff --git a/client/js/api.js b/client/js/api.js index ec1d9bcf..411cbb1d 100644 --- a/client/js/api.js +++ b/client/js/api.js @@ -337,8 +337,7 @@ class Api extends events.EventTarget { req.auth = null; req.set('Authorization', 'Token ' + new Buffer(this.userName + ":" + this.userToken).toString('base64')) - } - else if (this.userName && this.userPassword) { + } else if (this.userName && this.userPassword) { req.auth( this.userName, encodeURIComponent(this.userPassword) diff --git a/client/js/models/user_token.js b/client/js/models/user_token.js index 93e0693a..613eb4b4 100644 --- a/client/js/models/user_token.js +++ b/client/js/models/user_token.js @@ -45,7 +45,7 @@ class UserToken extends events.EventTarget { let userTokenRequest = { enabled: true }; - if (note){ + if (note) { userTokenRequest.note = note; } if (expirationTime) { @@ -86,4 +86,4 @@ class UserToken extends events.EventTarget { } } -module.exports = UserToken; \ No newline at end of file +module.exports = UserToken; diff --git a/client/js/util/date.js b/client/js/util/date.js index b9744c31..7a40b163 100644 --- a/client/js/util/date.js +++ b/client/js/util/date.js @@ -4,4 +4,4 @@ Date.prototype.addDays = function(days) { let dat = new Date(this.valueOf()); dat.setDate(dat.getDate() + days); return dat; -}; \ No newline at end of file +}; diff --git a/client/js/views/user_tokens_view.js b/client/js/views/user_tokens_view.js index fa3daff3..7e19ca1e 100644 --- a/client/js/views/user_tokens_view.js +++ b/client/js/views/user_tokens_view.js @@ -78,7 +78,9 @@ class UserTokenView extends events.EventTarget { this._userTokenNoteInputNode.value : undefined, - expirationTime: this._userTokenExpirationTimeInputNode && this._userTokenExpirationTimeInputNode.value.length > 0 ? + expirationTime: + (this._userTokenExpirationTimeInputNode + && this._userTokenExpirationTimeInputNode.value.length > 0) ? new Date(this._userTokenExpirationTimeInputNode.value).toISOString() : undefined, diff --git a/server/szurubooru/api/user_token_api.py b/server/szurubooru/api/user_token_api.py index 3f3031da..7724a6c9 100644 --- a/server/szurubooru/api/user_token_api.py +++ b/server/szurubooru/api/user_token_api.py @@ -1,5 +1,4 @@ from typing import Dict - from szurubooru import model, rest from szurubooru.func import auth, users, user_tokens, serialization, versions @@ -37,8 +36,8 @@ def create_user_token( user_tokens.update_user_token_note(user_token, note) if ctx.has_param('expirationTime'): expiration_time = ctx.get_param_as_string('expirationTime') - user_tokens.update_user_token_expiration_time(user_token, - expiration_time) + user_tokens.update_user_token_expiration_time( + user_token, expiration_time) ctx.session.add(user_token) ctx.session.commit() return _serialize(ctx, user_token) @@ -55,8 +54,8 @@ def update_user_token( versions.bump_version(user_token) if ctx.has_param('enabled'): auth.verify_privilege(ctx.user, 'user_tokens:edit:%s' % infix) - user_tokens.update_user_token_enabled(user_token, - ctx.get_param_as_bool('enabled')) + user_tokens.update_user_token_enabled( + user_token, ctx.get_param_as_bool('enabled')) if ctx.has_param('note'): auth.verify_privilege(ctx.user, 'user_tokens:edit:%s' % infix) note = ctx.get_param_as_string('note') @@ -64,8 +63,8 @@ def update_user_token( if ctx.has_param('expirationTime'): auth.verify_privilege(ctx.user, 'user_tokens:edit:%s' % infix) expiration_time = ctx.get_param_as_string('expirationTime') - user_tokens.update_user_token_expiration_time(user_token, - expiration_time) + user_tokens.update_user_token_expiration_time( + user_token, expiration_time) user_tokens.update_user_token_edit_time(user_token) ctx.session.commit() return _serialize(ctx, user_token) diff --git a/server/szurubooru/func/auth.py b/server/szurubooru/func/auth.py index 277d0b58..606d13f5 100644 --- a/server/szurubooru/func/auth.py +++ b/server/szurubooru/func/auth.py @@ -28,7 +28,8 @@ def get_password_hash(salt: str, password: str) -> Tuple[str, int]: ).decode('utf8'), 3 -def get_sha256_legacy_password_hash(salt: str, password: str) -> Tuple[str, int]: +def get_sha256_legacy_password_hash( + salt: str, password: str) -> Tuple[str, int]: ''' Retrieve old-style sha256 password hash. ''' digest = hashlib.sha256() digest.update(config.config['secret'].encode('utf8')) @@ -81,8 +82,10 @@ def is_valid_password(user: model.User, password: str) -> bool: def is_valid_token(user_token: model.UserToken) -> bool: - ''' Token must be enabled and if it has an expiration, - it must be greater than now. ''' + ''' + Token must be enabled and if it has an expiration, it must be + greater than now. + ''' assert user_token if not user_token.enabled: return False diff --git a/server/szurubooru/func/user_tokens.py b/server/szurubooru/func/user_tokens.py index 74879863..ebafefcc 100644 --- a/server/szurubooru/func/user_tokens.py +++ b/server/szurubooru/func/user_tokens.py @@ -74,10 +74,12 @@ def serialize_user_token( def get_by_user_and_token( user: model.User, token: str) -> model.UserToken: - return (db.session.query(model.UserToken) - .filter(model.UserToken.user_id == user.user_id, - model.UserToken.token == token) - .one_or_none()) + return ( + db.session + .query(model.UserToken) + .filter(model.UserToken.user_id == user.user_id) + .filter(model.UserToken.token == token) + .one_or_none()) def get_user_tokens(user: model.User) -> List[model.UserToken]: @@ -111,23 +113,23 @@ def update_user_token_edit_time(user_token: model.UserToken) -> None: def update_user_token_expiration_time( - user_token: model.UserToken, expiration_time: str) -> None: + user_token: model.UserToken, expiration_time_str: str) -> None: assert user_token - if expiration_time is not None: - try: - expiration_time = dateutil_parser.parse(expiration_time) - except ValueError: - raise InvalidExpirationError( - 'Expiration is in invalid format {}'.format(expiration_time)) + try: + expiration_time = dateutil_parser.parse(expiration_time_str) if expiration_time.tzinfo is None: raise InvalidExpirationError( 'Expiration cannot be missing timezone') else: expiration_time = expiration_time.astimezone(pytz.UTC) - if expiration_time < datetime.utcnow().replace(tzinfo=pytz.UTC): - raise InvalidExpirationError( - 'Expiration cannot happen in the past') - user_token.expiration_time = expiration_time + if expiration_time < datetime.utcnow().replace(tzinfo=pytz.UTC): + raise InvalidExpirationError( + 'Expiration cannot happen in the past') + user_token.expiration_time = expiration_time + except ValueError: + raise InvalidExpirationError( + 'Expiration is in an invalid format {}'.format( + expiration_time_str)) def update_user_token_note(user_token: model.UserToken, note: str) -> None: diff --git a/server/szurubooru/func/users.py b/server/szurubooru/func/users.py index 38c6a905..e5946dc9 100644 --- a/server/szurubooru/func/users.py +++ b/server/szurubooru/func/users.py @@ -170,10 +170,11 @@ def get_user_count() -> int: def try_get_user_by_name(name: str) -> Optional[model.User]: - return (db.session - .query(model.User) - .filter(sa.func.lower(model.User.name) == sa.func.lower(name)) - .one_or_none()) + return ( + db.session + .query(model.User) + .filter(sa.func.lower(model.User.name) == sa.func.lower(name)) + .one_or_none()) def get_user_by_name(name: str) -> model.User: diff --git a/server/szurubooru/middleware/authenticator.py b/server/szurubooru/middleware/authenticator.py index f82d72cf..cf8555e5 100644 --- a/server/szurubooru/middleware/authenticator.py +++ b/server/szurubooru/middleware/authenticator.py @@ -5,7 +5,7 @@ from szurubooru.func import auth, users, user_tokens from szurubooru.rest.errors import HttpBadRequest -def _authenticate(username: str, password: str) -> model.User: +def _authenticate_basic_auth(username: str, password: str) -> model.User: ''' Try to authenticate user. Throw AuthError for invalid users. ''' user = users.get_user_by_name(username) if not auth.is_valid_password(user, password): @@ -31,7 +31,7 @@ def _get_user(ctx: rest.Context) -> Optional[model.User]: if auth_type.lower() == 'basic': username, password = base64.decodebytes( credentials.encode('ascii')).decode('utf8').split(':', 1) - return _authenticate(username, password) + return _authenticate_basic_auth(username, password) elif auth_type.lower() == 'token': username, token = base64.decodebytes( credentials.encode('ascii')).decode('utf8').split(':', 1) diff --git a/server/szurubooru/migrations/versions/a39c7f98a7fa_add_user_token_table.py b/server/szurubooru/migrations/versions/a39c7f98a7fa_add_user_token_table.py index f78fb24c..53f7ff5b 100644 --- a/server/szurubooru/migrations/versions/a39c7f98a7fa_add_user_token_table.py +++ b/server/szurubooru/migrations/versions/a39c7f98a7fa_add_user_token_table.py @@ -27,7 +27,9 @@ def upgrade(): sa.Column('last_edit_time', sa.DateTime(), nullable=True), sa.Column('version', sa.Integer(), nullable=False), sa.ForeignKeyConstraint( - ['user_id'], ['user.id'], ondelete='CASCADE'), + ['user_id'], + ['user.id'], + ondelete='CASCADE'), sa.PrimaryKeyConstraint('id')) op.create_index( op.f('ix_user_token_user_id'), 'user_token', ['user_id'], unique=False) diff --git a/server/szurubooru/tests/api/test_user_token_creating.py b/server/szurubooru/tests/api/test_user_token_creating.py index 11b2f95b..0a73a10f 100644 --- a/server/szurubooru/tests/api/test_user_token_creating.py +++ b/server/szurubooru/tests/api/test_user_token_creating.py @@ -1,7 +1,5 @@ from unittest.mock import patch - import pytest - from szurubooru import api from szurubooru.func import user_tokens, users @@ -22,7 +20,10 @@ def test_creating_user_token( user_tokens.serialize_user_token.return_value = 'serialized user token' user_tokens.create_user_token.return_value = user_token result = api.user_token_api.create_user_token( - context_factory(user=user_token.user), - {'user_name': user_token.user.name}) + context_factory( + user=user_token.user), + { + 'user_name': user_token.user.name + }) assert result == 'serialized user token' user_tokens.create_user_token.assert_called_once_with(user_token.user) diff --git a/server/szurubooru/tests/api/test_user_token_deleting.py b/server/szurubooru/tests/api/test_user_token_deleting.py index 16bc1f23..e84f2a6e 100644 --- a/server/szurubooru/tests/api/test_user_token_deleting.py +++ b/server/szurubooru/tests/api/test_user_token_deleting.py @@ -1,7 +1,5 @@ from unittest.mock import patch - import pytest - from szurubooru import api, db from szurubooru.func import user_tokens, users @@ -22,9 +20,12 @@ def test_deleting_user_token( users.get_user_by_name.return_value = user_token.user user_tokens.get_by_user_and_token.return_value = user_token result = api.user_token_api.delete_user_token( - context_factory(user=user_token.user), - {'user_name': user_token.user.name, - 'user_token': user_token.token}) + context_factory( + user=user_token.user), + { + 'user_name': user_token.user.name, + 'user_token': user_token.token + }) assert result == {} user_tokens.get_by_user_and_token.assert_called_once_with( user_token.user, user_token.token) diff --git a/server/szurubooru/tests/api/test_user_token_retrieving.py b/server/szurubooru/tests/api/test_user_token_retrieving.py index 8b2fc7ea..194c84d7 100644 --- a/server/szurubooru/tests/api/test_user_token_retrieving.py +++ b/server/szurubooru/tests/api/test_user_token_retrieving.py @@ -1,7 +1,5 @@ from unittest.mock import patch - import pytest - from szurubooru import api from szurubooru.func import user_tokens, users @@ -25,7 +23,10 @@ def test_retrieving_user_tokens( user_tokens.get_user_tokens.return_value = [user_token1, user_token2, user_token3] result = api.user_token_api.get_user_tokens( - context_factory(user=user_token1.user), - {'user_name': user_token1.user.name}) + context_factory( + user=user_token1.user), + { + 'user_name': user_token1.user.name + }) assert result == {'results': ['serialized user token'] * 3} user_tokens.get_user_tokens.assert_called_once_with(user_token1.user) diff --git a/server/szurubooru/tests/api/test_user_token_updating.py b/server/szurubooru/tests/api/test_user_token_updating.py index 0c8e3d3e..bf725a35 100644 --- a/server/szurubooru/tests/api/test_user_token_updating.py +++ b/server/szurubooru/tests/api/test_user_token_updating.py @@ -1,7 +1,5 @@ from unittest.mock import patch - import pytest - from szurubooru import api, db from szurubooru.func import user_tokens, users @@ -25,12 +23,16 @@ def test_edit_user_token(user_token_factory, context_factory, fake_datetime): user_tokens.serialize_user_token.return_value = 'serialized user token' user_tokens.get_by_user_and_token.return_value = user_token result = api.user_token_api.update_user_token( - context_factory(params={'version': user_token.version, - 'enabled': False, - }, - user=user_token.user), - {'user_name': user_token.user.name, - 'user_token': user_token.token}) + context_factory( + params={ + 'version': user_token.version, + 'enabled': False, + }, + user=user_token.user), + { + 'user_name': user_token.user.name, + 'user_token': user_token.token + }) assert result == 'serialized user token' user_tokens.get_by_user_and_token.assert_called_once_with( user_token.user, user_token.token) diff --git a/server/szurubooru/tests/middleware/test_authenticator.py b/server/szurubooru/tests/middleware/test_authenticator.py index 05f9608f..11b824d3 100644 --- a/server/szurubooru/tests/middleware/test_authenticator.py +++ b/server/szurubooru/tests/middleware/test_authenticator.py @@ -1,9 +1,8 @@ from unittest.mock import patch - +import pytest from szurubooru.func import auth, users, user_tokens from szurubooru.middleware import authenticator from szurubooru.rest import errors -import pytest def test_process_request_no_header(context_factory):