1. 06 Jun, 2021 5 commits
    • Kevin Morris's avatar
      add SSHPubKey ORM model · 670f711b
      Kevin Morris authored
      
      
      Includes `aurweb.models.ssh_pub_key.get_fingerprint(pubkey)` helper.
      
      Signed-off-by: Kevin Morris's avatarKevin Morris <kevr@0cost.org>
      670f711b
    • Kevin Morris's avatar
      add passreset routes · a33d076d
      Kevin Morris authored
      
      
      Introduced `get|post` `/passreset` routes. These routes mimic the
      behavior of the existing PHP implementation, with the exception of
      HTTP status code returns.
      
      Routes added:
          GET /passreset
          POST /passreset
      
      Routers added:
          aurweb.routers.accounts
      
      * On an unknown user or mismatched resetkey (where resetkey must ==
        user.resetkey), return HTTP status NOT_FOUND (404).
      * On another error in the request, return HTTP status BAD_REQUEST (400).
      
      Both `get|post` routes requires that the current user is **not**
      authenticated, hence `@auth_required(False, redirect="/")`.
      
      + Added auth_required decorator to aurweb.auth.
      + Added some more utility to aurweb.models.user.User.
      + Added `partials/error.html` template.
      + Added `passreset.html` template.
      + Added aurweb.db.ConnectionExecutor functor for paramstyle logic.
        Decoupling the executor logic from the database connection logic
        is needed for us to easily use the same logic with a fastapi
        database session, when we need to use aurweb.scripts modules.
      
      At this point, notification configuration is now required to complete
      tests involved with notifications properly, like passreset.
      `conf/config.dev` has been modified to include [notifications] sendmail,
      sender and reply-to overrides. Dockerfile and .gitlab-ci.yml have been
      updated to setup /etc/hosts and start postfix before running tests.
      
      * setup.cfg: ignore E741, C901 in aurweb.routers.accounts
      
      These two warnings (shown in the commit) are not dangerous and a bi-product
      of maintaining compatibility with our current code flow.
      
      Signed-off-by: Kevin Morris's avatarKevin Morris <kevr@0cost.org>
      a33d076d
    • Kevin Morris's avatar
      add aurweb.auth and authentication to User · 56f27982
      Kevin Morris authored
      
      
      + Added aurweb.auth.AnonymousUser
          * An instance of this model is returned as the request user
            when the request is not authenticated
      + Added aurweb.auth.BasicAuthBackend
      + Add starlette's AuthenticationMiddleware to app middleware,
        which uses our BasicAuthBackend facility
      + Added User.is_authenticated()
      + Added User.authenticate(password)
      + Added User.login(request, password)
      + Added User.logout(request)
      + Added repr(User(...)) representation
      + Added aurweb.auth.auth_required decorator.
      
      This change uses the same AURSID logic in the PHP implementation.
      
      Additionally, introduce a few helpers for authentication,
      one of which being `User.update_password(password, rounds = 12)`
      where `rounds` is a configurable number of salt rounds.
      
      Signed-off-by: Kevin Morris's avatarKevin Morris <kevr@0cost.org>
      56f27982
    • Kevin Morris's avatar
      aurweb.db: add query, create, delete helpers · a836892c
      Kevin Morris authored
      
      
      Takes sqlalchemy kwargs or stanzas:
      
      query(Model, Model.Column == value)
      query(Model, and_(Model.Column == value, Model.Column != "BAD!"))
      
      Updated tests to reflect the new utility and a comment about upcoming
      function deprecation is added to get_account_type().
      
      From here on, phase out the use of get_account_type().
      
      + aurweb.db: Added create utility function
      + aurweb.db: Added delete utility function
      
      The `delete` function can be used to delete a record by search
      kwargs directly.
      
      Example:
          delete(User, User.ID == 6)
      
      All three functions added in this commit are typically useful to
      perform these operations without having to import aurweb.db.session.
      Removes a bit of redundancy overall.
      
      Signed-off-by: Kevin Morris's avatarKevin Morris <kevr@0cost.org>
      a836892c
    • Kevin Morris's avatar
      add aurweb.models.user.User · 8a47afd2
      Kevin Morris authored
      
      
      + Added aurweb.models.user.User class. This is the first example
        of an sqlalchemy ORM model. We can search for users via for example:
        `session.query(User).filter(User.ID==1).first()`, where `session` is
        a configured `aurweb.db.session` object.
      + Along with the User class, defined the AccountType class.
        Each User maintains a relationship to its AccountType via User.AccountType.
      + Added AccountType.users backref.
      
      Signed-off-by: Kevin Morris's avatarKevin Morris <kevr@0cost.org>
      8a47afd2