diff --git a/CHANGELOG.md b/CHANGELOG.md index 90fc273..ba15691 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,24 +5,6 @@ All notable changes to wuttaweb will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). -## v0.3.0 (2024-08-05) - -### Feat - -- add support for admin user to become / stop being root -- add view to change current user password -- add basic logo, favicon images -- add auth views, for login/logout -- add custom security policy, login/logout for pyramid -- add `wuttaweb.views.essential` module -- add initial/basic forms support -- add `wuttaweb.db` module, with `Session` -- add `util.get_form_data()` convenience function - -### Fix - -- allow custom user getter for `new_request_set_user()` hook - ## v0.2.0 (2024-07-14) ### Feat diff --git a/docs/api/wuttaweb/auth.rst b/docs/api/wuttaweb/auth.rst deleted file mode 100644 index d645c67..0000000 --- a/docs/api/wuttaweb/auth.rst +++ /dev/null @@ -1,6 +0,0 @@ - -``wuttaweb.auth`` -================= - -.. automodule:: wuttaweb.auth - :members: diff --git a/docs/api/wuttaweb/db.rst b/docs/api/wuttaweb/db.rst deleted file mode 100644 index b90e227..0000000 --- a/docs/api/wuttaweb/db.rst +++ /dev/null @@ -1,6 +0,0 @@ - -``wuttaweb.db`` -=============== - -.. automodule:: wuttaweb.db - :members: diff --git a/docs/api/wuttaweb/forms.base.rst b/docs/api/wuttaweb/forms.base.rst deleted file mode 100644 index 8569309..0000000 --- a/docs/api/wuttaweb/forms.base.rst +++ /dev/null @@ -1,6 +0,0 @@ - -``wuttaweb.forms.base`` -======================= - -.. automodule:: wuttaweb.forms.base - :members: diff --git a/docs/api/wuttaweb/forms.rst b/docs/api/wuttaweb/forms.rst deleted file mode 100644 index 1d83240..0000000 --- a/docs/api/wuttaweb/forms.rst +++ /dev/null @@ -1,6 +0,0 @@ - -``wuttaweb.forms`` -================== - -.. automodule:: wuttaweb.forms - :members: diff --git a/docs/api/wuttaweb/index.rst b/docs/api/wuttaweb/index.rst index 204864e..2e49d4b 100644 --- a/docs/api/wuttaweb/index.rst +++ b/docs/api/wuttaweb/index.rst @@ -8,10 +8,6 @@ :maxdepth: 1 app - auth - db - forms - forms.base handler helpers menus @@ -19,7 +15,5 @@ subscribers util views - views.auth views.base views.common - views.essential diff --git a/docs/api/wuttaweb/views.auth.rst b/docs/api/wuttaweb/views.auth.rst deleted file mode 100644 index 9a03e3e..0000000 --- a/docs/api/wuttaweb/views.auth.rst +++ /dev/null @@ -1,6 +0,0 @@ - -``wuttaweb.views.auth`` -======================= - -.. automodule:: wuttaweb.views.auth - :members: diff --git a/docs/api/wuttaweb/views.essential.rst b/docs/api/wuttaweb/views.essential.rst deleted file mode 100644 index 79c0b57..0000000 --- a/docs/api/wuttaweb/views.essential.rst +++ /dev/null @@ -1,6 +0,0 @@ - -``wuttaweb.views.essential`` -============================ - -.. automodule:: wuttaweb.views.essential - :members: diff --git a/docs/conf.py b/docs/conf.py index 3d568ef..3955a96 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -20,15 +20,12 @@ extensions = [ 'sphinx.ext.autodoc', 'sphinx.ext.intersphinx', 'sphinx.ext.viewcode', - 'sphinx.ext.todo', ] templates_path = ['_templates'] exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store'] intersphinx_mapping = { - 'colander': ('https://docs.pylonsproject.org/projects/colander/en/latest/', None), - 'deform': ('https://docs.pylonsproject.org/projects/deform/en/latest/', None), 'pyramid': ('https://docs.pylonsproject.org/projects/pyramid/en/latest/', None), 'python': ('https://docs.python.org/3/', None), 'webhelpers2': ('https://webhelpers2.readthedocs.io/en/latest/', None), diff --git a/pyproject.toml b/pyproject.toml index ce0044d..985bef5 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -6,7 +6,7 @@ build-backend = "hatchling.build" [project] name = "WuttaWeb" -version = "0.3.0" +version = "0.2.0" description = "Web App for Wutta Framework" readme = "README.md" authors = [{name = "Lance Edgar", email = "lance@edbob.org"}] @@ -32,13 +32,10 @@ requires-python = ">= 3.8" dependencies = [ "pyramid>=2", "pyramid_beaker", - "pyramid_deform", "pyramid_mako", - "pyramid_tm", "waitress", "WebHelpers2", "WuttJamaican[db]>=0.7.0", - "zope.sqlalchemy>=1.5", ] diff --git a/src/wuttaweb/app.py b/src/wuttaweb/app.py index 6aadc0c..18b07fb 100644 --- a/src/wuttaweb/app.py +++ b/src/wuttaweb/app.py @@ -31,9 +31,6 @@ from wuttjamaican.conf import make_config from pyramid.config import Configurator -import wuttaweb.db -from wuttaweb.auth import WuttaSecurityPolicy - class WebAppProvider(AppProvider): """ @@ -86,21 +83,17 @@ def make_wutta_config(settings): If this config file path cannot be discovered, an error is raised. """ - # validate config file path + # initialize config and embed in settings dict, to make + # available for web requests later path = settings.get('wutta.config') if not path or not os.path.exists(path): raise ValueError("Please set 'wutta.config' in [app:main] " "section of config to the path of your " "config file. Lame, but necessary.") - # make config per usual, add to settings wutta_config = make_config(path) + settings['wutta_config'] = wutta_config - - # configure database sessions - if hasattr(wutta_config, 'appdb_engine'): - wuttaweb.db.Session.configure(bind=wutta_config.appdb_engine) - return wutta_config @@ -111,18 +104,10 @@ def make_pyramid_config(settings): The config is initialized with certain features deemed useful for all apps. """ - settings.setdefault('pyramid_deform.template_search_path', - 'wuttaweb:templates/deform') - pyramid_config = Configurator(settings=settings) - # configure user authorization / authentication - pyramid_config.set_security_policy(WuttaSecurityPolicy()) - pyramid_config.include('pyramid_beaker') - pyramid_config.include('pyramid_deform') pyramid_config.include('pyramid_mako') - pyramid_config.include('pyramid_tm') return pyramid_config diff --git a/src/wuttaweb/auth.py b/src/wuttaweb/auth.py deleted file mode 100644 index de9b868..0000000 --- a/src/wuttaweb/auth.py +++ /dev/null @@ -1,150 +0,0 @@ -# -*- coding: utf-8; -*- -################################################################################ -# -# wuttaweb -- Web App for Wutta Framework -# Copyright © 2024 Lance Edgar -# -# This file is part of Wutta Framework. -# -# Wutta Framework is free software: you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the Free -# Software Foundation, either version 3 of the License, or (at your option) any -# later version. -# -# Wutta Framework is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for -# more details. -# -# You should have received a copy of the GNU General Public License along with -# Wutta Framework. If not, see . -# -################################################################################ -""" -Auth Utility Logic -""" - -import re - -from pyramid.authentication import SessionAuthenticationHelper -from pyramid.request import RequestLocalCache -from pyramid.security import remember, forget - -from wuttaweb.db import Session - - -def login_user(request, user): - """ - Perform the steps necessary to "login" the given user. This - returns a ``headers`` dict which you should pass to the final - redirect, like so:: - - from pyramid.httpexceptions import HTTPFound - - headers = login_user(request, user) - return HTTPFound(location='/', headers=headers) - - .. warning:: - - This logic does not "authenticate" the user! It assumes caller - has already authenticated the user and they are safe to login. - - See also :func:`logout_user()`. - """ - headers = remember(request, user.uuid) - return headers - - -def logout_user(request): - """ - Perform the logout action for the given request. This returns a - ``headers`` dict which you should pass to the final redirect, like - so:: - - from pyramid.httpexceptions import HTTPFound - - headers = logout_user(request) - return HTTPFound(location='/', headers=headers) - - See also :func:`login_user()`. - """ - request.session.delete() - request.session.invalidate() - headers = forget(request) - return headers - - -class WuttaSecurityPolicy: - """ - Pyramid :term:`security policy` for WuttaWeb. - - For more on the Pyramid details, see :doc:`pyramid:narr/security`. - - But the idea here is that you should be able to just use this, - without thinking too hard:: - - from pyramid.config import Configurator - from wuttaweb.auth import WuttaSecurityPolicy - - pyramid_config = Configurator() - pyramid_config.set_security_policy(WuttaSecurityPolicy()) - - This security policy will then do the following: - - * use the request "web session" for auth storage (e.g. current - ``user.uuid``) - * check permissions as needed, by calling - :meth:`~wuttjamaican:wuttjamaican.auth.AuthHandler.has_permission()` - for current user - - :param db_session: Optional :term:`db session` to use, instead of - :class:`wuttaweb.db.Session`. Probably only useful for tests. - """ - - def __init__(self, db_session=None): - self.session_helper = SessionAuthenticationHelper() - self.identity_cache = RequestLocalCache(self.load_identity) - self.db_session = db_session or Session() - - def load_identity(self, request): - config = request.registry.settings['wutta_config'] - app = config.get_app() - model = app.model - - # fetch user uuid from current session - uuid = self.session_helper.authenticated_userid(request) - if not uuid: - return - - # fetch user object from db - user = self.db_session.get(model.User, uuid) - if not user: - return - - return user - - def identity(self, request): - return self.identity_cache.get_or_create(request) - - def authenticated_userid(self, request): - user = self.identity(request) - if user is not None: - return user.uuid - - def remember(self, request, userid, **kw): - return self.session_helper.remember(request, userid, **kw) - - def forget(self, request, **kw): - return self.session_helper.forget(request, **kw) - - def permits(self, request, context, permission): - - # nb. root user can do anything - if getattr(request, 'is_root', False): - return True - - config = request.registry.settings['wutta_config'] - app = config.get_app() - auth = app.get_auth_handler() - user = self.identity(request) - return auth.has_permission(self.db_session, user, permission) diff --git a/src/wuttaweb/db.py b/src/wuttaweb/db.py deleted file mode 100644 index 32d2418..0000000 --- a/src/wuttaweb/db.py +++ /dev/null @@ -1,66 +0,0 @@ -# -*- coding: utf-8; -*- -################################################################################ -# -# wuttaweb -- Web App for Wutta Framework -# Copyright © 2024 Lance Edgar -# -# This file is part of Wutta Framework. -# -# Wutta Framework is free software: you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the Free -# Software Foundation, either version 3 of the License, or (at your option) any -# later version. -# -# Wutta Framework is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for -# more details. -# -# You should have received a copy of the GNU General Public License along with -# Wutta Framework. If not, see . -# -################################################################################ -""" -Database sessions for web app - -The web app uses a different database session than other -(e.g. console) apps. The web session is "registered" to the HTTP -request/response life cycle (aka. transaction) such that the session -is automatically rolled back on error, and automatically committed if -the response is finalized without error. - -.. class:: Session - - Primary database session class for the web app. - - Note that you often do not need to "instantiate" this session, and - can instead call methods directly on the class:: - - from wuttaweb.db import Session - - users = Session.query(model.User).all() - - However in certain cases you may still want/need to instantiate it, - e.g. when passing a "true/normal" session to other logic. But you - can always call instance methods as well:: - - from wuttaweb.db import Session - from some_place import some_func - - session = Session() - - # nb. assuming func does not expect a "web" session per se, pass instance - some_func(session) - - # nb. these behave the same (instance vs. class method) - users = session.query(model.User).all() - users = Session.query(model.User).all() -""" - -from sqlalchemy import orm -from zope.sqlalchemy.datamanager import register - - -Session = orm.scoped_session(orm.sessionmaker()) - -register(Session) diff --git a/src/wuttaweb/forms/__init__.py b/src/wuttaweb/forms/__init__.py deleted file mode 100644 index 35102be..0000000 --- a/src/wuttaweb/forms/__init__.py +++ /dev/null @@ -1,31 +0,0 @@ -# -*- coding: utf-8; -*- -################################################################################ -# -# wuttaweb -- Web App for Wutta Framework -# Copyright © 2024 Lance Edgar -# -# This file is part of Wutta Framework. -# -# Wutta Framework is free software: you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the Free -# Software Foundation, either version 3 of the License, or (at your option) any -# later version. -# -# Wutta Framework is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for -# more details. -# -# You should have received a copy of the GNU General Public License along with -# Wutta Framework. If not, see . -# -################################################################################ -""" -Forms Library - -The ``wuttaweb.forms`` namespace contains the following: - -* :class:`~wuttaweb.forms.base.Form` -""" - -from .base import Form diff --git a/src/wuttaweb/forms/base.py b/src/wuttaweb/forms/base.py deleted file mode 100644 index 0974a50..0000000 --- a/src/wuttaweb/forms/base.py +++ /dev/null @@ -1,476 +0,0 @@ -# -*- coding: utf-8; -*- -################################################################################ -# -# wuttaweb -- Web App for Wutta Framework -# Copyright © 2024 Lance Edgar -# -# This file is part of Wutta Framework. -# -# Wutta Framework is free software: you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the Free -# Software Foundation, either version 3 of the License, or (at your option) any -# later version. -# -# Wutta Framework is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for -# more details. -# -# You should have received a copy of the GNU General Public License along with -# Wutta Framework. If not, see . -# -################################################################################ -""" -Base form classes -""" - -import json -import logging - -import colander -import deform -from pyramid.renderers import render -from webhelpers2.html import HTML - -from wuttaweb.util import get_form_data - - -log = logging.getLogger(__name__) - - -class FieldList(list): - """ - Convenience wrapper for a form's field list. This is a subclass - of :class:`python:list`. - - You normally would not need to instantiate this yourself, but it - is used under the hood for e.g. :attr:`Form.fields`. - """ - - def insert_before(self, field, newfield): - """ - Insert a new field, before an existing field. - - :param field: String name for the existing field. - - :param newfield: String name for the new field, to be inserted - just before the existing ``field``. - """ - if field in self: - i = self.index(field) - self.insert(i, newfield) - else: - log.warning("field '%s' not found, will append new field: %s", - field, newfield) - self.append(newfield) - - def insert_after(self, field, newfield): - """ - Insert a new field, after an existing field. - - :param field: String name for the existing field. - - :param newfield: String name for the new field, to be inserted - just after the existing ``field``. - """ - if field in self: - i = self.index(field) - self.insert(i + 1, newfield) - else: - log.warning("field '%s' not found, will append new field: %s", - field, newfield) - self.append(newfield) - - -class Form: - """ - Base class for all forms. - - :param request: Reference to current :term:`request` object. - - :param fields: List of field names for the form. This is - optional; if not specified an attempt will be made to deduce - the list automatically. See also :attr:`fields`. - - :param schema: Colander-based schema object for the form. This is - optional; if not specified an attempt will be made to construct - one automatically. See also :meth:`get_schema()`. - - :param labels: Optional dict of default field labels. - - .. note:: - - Some parameters are not explicitly described above. However - their corresponding attributes are described below. - - Form instances contain the following attributes: - - .. attribute:: fields - - :class:`FieldList` instance containing string field names for - the form. By default, fields will appear in the same order as - they are in this list. - - .. attribute:: request - - Reference to current :term:`request` object. - - .. attribute:: action_url - - String URL to which the form should be submitted, if applicable. - - .. attribute:: vue_tagname - - String name for Vue component tag. By default this is - ``'wutta-form'``. See also :meth:`render_vue_tag()`. - - .. attribute:: align_buttons_right - - Flag indicating whether the buttons (submit, cancel etc.) - should be aligned to the right of the area below the form. If - not set, the buttons are left-aligned. - - .. attribute:: auto_disable_submit - - Flag indicating whether the submit button should be - auto-disabled, whenever the form is submitted. - - .. attribute:: button_label_submit - - String label for the form submit button. Default is ``"Save"``. - - .. attribute:: button_icon_submit - - String icon name for the form submit button. Default is ``'save'``. - - .. attribute:: show_button_reset - - Flag indicating whether a Reset button should be shown. - - .. attribute:: validated - - If the :meth:`validate()` method was called, and it succeeded, - this will be set to the validated data dict. - - Note that in all other cases, this attribute may not exist. - """ - - def __init__( - self, - request, - fields=None, - schema=None, - labels={}, - action_url=None, - vue_tagname='wutta-form', - align_buttons_right=False, - auto_disable_submit=True, - button_label_submit="Save", - button_icon_submit='save', - show_button_reset=False, - ): - self.request = request - self.schema = schema - self.labels = labels or {} - self.action_url = action_url - self.vue_tagname = vue_tagname - self.align_buttons_right = align_buttons_right - self.auto_disable_submit = auto_disable_submit - self.button_label_submit = button_label_submit - self.button_icon_submit = button_icon_submit - self.show_button_reset = show_button_reset - - self.config = self.request.wutta_config - self.app = self.config.get_app() - - if fields is not None: - self.set_fields(fields) - elif self.schema: - self.set_fields([f.name for f in self.schema]) - else: - self.fields = None - - def __contains__(self, name): - """ - Custom logic for the ``in`` operator, to allow easily checking - if the form contains a given field:: - - myform = Form() - if 'somefield' in myform: - print("my form has some field") - """ - return bool(self.fields and name in self.fields) - - def __iter__(self): - """ - Custom logic to allow iterating over form field names:: - - myform = Form(fields=['foo', 'bar']) - for fieldname in myform: - print(fieldname) - """ - return iter(self.fields) - - @property - def vue_component(self): - """ - String name for the Vue component, e.g. ``'WuttaForm'``. - - This is a generated value based on :attr:`vue_tagname`. - """ - words = self.vue_tagname.split('-') - return ''.join([word.capitalize() for word in words]) - - def set_fields(self, fields): - """ - Explicitly set the list of form fields. - - This will overwrite :attr:`fields` with a new - :class:`FieldList` instance. - - :param fields: List of string field names. - """ - self.fields = FieldList(fields) - - def set_label(self, key, label): - """ - Set the label for given field name. - - See also :meth:`get_label()`. - """ - self.labels[key] = label - - # update schema if necessary - if self.schema and key in self.schema: - self.schema[key].title = label - - def get_label(self, key): - """ - Get the label for given field name. - - Note that this will always return a string, auto-generating - the label if needed. - - See also :meth:`set_label()`. - """ - return self.labels.get(key, self.app.make_title(key)) - - def get_schema(self): - """ - Return the :class:`colander:colander.Schema` object for the - form, generating it automatically if necessary. - """ - if not self.schema: - raise NotImplementedError - - return self.schema - - def get_deform(self): - """ - Return the :class:`deform:deform.Form` instance for the form, - generating it automatically if necessary. - """ - if not hasattr(self, 'deform_form'): - schema = self.get_schema() - form = deform.Form(schema) - self.deform_form = form - - return self.deform_form - - def render_vue_tag(self, **kwargs): - """ - Render the Vue component tag for the form. - - By default this simply returns: - - .. code-block:: html - - - - The actual output will depend on various form attributes, in - particular :attr:`vue_tagname`. - """ - return HTML.tag(self.vue_tagname, **kwargs) - - def render_vue_template( - self, - template='/forms/vue_template.mako', - **context): - """ - Render the Vue template block for the form. - - This returns something like: - - .. code-block:: none - - - - .. todo:: - - Why can't Sphinx render the above code block as 'html' ? - - It acts like it can't handle a `` - - - -${parent.body()} diff --git a/src/wuttaweb/templates/base.mako b/src/wuttaweb/templates/base.mako index b04c980..5511195 100644 --- a/src/wuttaweb/templates/base.mako +++ b/src/wuttaweb/templates/base.mako @@ -151,11 +151,9 @@
-
${request.user} -
- % if request.is_root: - ${h.form(url('stop_root'), ref='stopBeingRootForm')} - ## TODO - ## ${h.csrf_token(request)} - - - Stop being root - - ${h.end_form()} - % elif request.is_admin: - ${h.form(url('become_root'), ref='startBeingRootForm')} - ## TODO - ## ${h.csrf_token(request)} - - - Become root - - ${h.end_form()} - % endif - ${h.link_to("Change Password", url('change_password'), class_='navbar-item')} - ${h.link_to("Logout", url('logout'), class_='navbar-item')} -
-
- % else: - ${h.link_to("Login", url('login'), class_='navbar-item')} - % endif - +<%def name="render_user_menu()"> <%def name="render_instance_header_title_extras()"> @@ -380,18 +345,6 @@ const key = 'menu_' + hash + '_shown' this[key] = !this[key] }, - - % if request.is_admin: - - startBeingRoot() { - this.$refs.startBeingRootForm.submit() - }, - - stopBeingRoot() { - this.$refs.stopBeingRootForm.submit() - }, - - % endif }, } diff --git a/src/wuttaweb/templates/base_meta.mako b/src/wuttaweb/templates/base_meta.mako index c65e68c..4e62198 100644 --- a/src/wuttaweb/templates/base_meta.mako +++ b/src/wuttaweb/templates/base_meta.mako @@ -7,15 +7,11 @@ <%def name="extra_styles()"> <%def name="favicon()"> - + ## <%def name="header_logo()"> - ${h.image(config.get('wuttaweb.header_logo_url', default=request.static_url('wuttaweb:static/img/favicon.ico')), "Header Logo", style="height: 49px;")} - - -<%def name="full_logo()"> - ${h.image(config.get('wuttaweb.logo_url', default=request.static_url('wuttaweb:static/img/logo.png')), f"{app.get_title()} logo")} + ## ${h.image(config.get('wuttaweb.header_image_url', default=request.static_url('wuttaweb:static/img/logo.png')), "Header Logo", style="height: 49px;")} <%def name="footer()"> diff --git a/src/wuttaweb/templates/deform/checked_password.pt b/src/wuttaweb/templates/deform/checked_password.pt deleted file mode 100644 index 624f8a8..0000000 --- a/src/wuttaweb/templates/deform/checked_password.pt +++ /dev/null @@ -1,13 +0,0 @@ -
- ${field.start_mapping()} - - - ${field.end_mapping()} -
diff --git a/src/wuttaweb/templates/deform/password.pt b/src/wuttaweb/templates/deform/password.pt deleted file mode 100644 index 7a56879..0000000 --- a/src/wuttaweb/templates/deform/password.pt +++ /dev/null @@ -1,8 +0,0 @@ -
- -
diff --git a/src/wuttaweb/templates/deform/textinput.pt b/src/wuttaweb/templates/deform/textinput.pt deleted file mode 100644 index 4f09fc6..0000000 --- a/src/wuttaweb/templates/deform/textinput.pt +++ /dev/null @@ -1,7 +0,0 @@ -
- -
diff --git a/src/wuttaweb/templates/form.mako b/src/wuttaweb/templates/form.mako deleted file mode 100644 index 81b6ece..0000000 --- a/src/wuttaweb/templates/form.mako +++ /dev/null @@ -1,24 +0,0 @@ -## -*- coding: utf-8; -*- -<%inherit file="/page.mako" /> - -<%def name="page_content()"> -
- ${form.render_vue_tag()} -
- - -<%def name="render_this_page_template()"> - ${parent.render_this_page_template()} - ${form.render_vue_template()} - - -<%def name="finalize_this_page_vars()"> - ${parent.finalize_this_page_vars()} - - - - -${parent.body()} diff --git a/src/wuttaweb/templates/forms/vue_template.mako b/src/wuttaweb/templates/forms/vue_template.mako deleted file mode 100644 index 11767fd..0000000 --- a/src/wuttaweb/templates/forms/vue_template.mako +++ /dev/null @@ -1,58 +0,0 @@ -## -*- coding: utf-8; -*- - - - - diff --git a/src/wuttaweb/templates/home.mako b/src/wuttaweb/templates/home.mako index 1bb5f0d..61a4eb2 100644 --- a/src/wuttaweb/templates/home.mako +++ b/src/wuttaweb/templates/home.mako @@ -9,9 +9,11 @@ <%def name="page_content()"> -
-
${base_meta.full_logo()}
-

Welcome to ${app.get_title()}

+
+
diff --git a/src/wuttaweb/util.py b/src/wuttaweb/util.py index a8d059f..3275301 100644 --- a/src/wuttaweb/util.py +++ b/src/wuttaweb/util.py @@ -21,33 +21,12 @@ # ################################################################################ """ -Web Utilities +Utilities """ import importlib -def get_form_data(request): - """ - Returns the effective form data for the given request. - - Mostly this is a convenience, which simply returns one of the - following, depending on various attributes of the request. - - * :attr:`pyramid:pyramid.request.Request.POST` - * :attr:`pyramid:pyramid.request.Request.json_body` - """ - # nb. we prefer JSON only if no POST is present - # TODO: this seems to work for our use case at least, but perhaps - # there is a better way? see also - # https://docs.pylonsproject.org/projects/pyramid/en/latest/api/request.html#pyramid.request.Request.is_xhr - if not request.POST and ( - getattr(request, 'is_xhr', False) - or getattr(request, 'content_type', None) == 'application/json'): - return request.json_body - return request.POST - - def get_libver( request, key, diff --git a/src/wuttaweb/views/__init__.py b/src/wuttaweb/views/__init__.py index 68fdd77..0b62a83 100644 --- a/src/wuttaweb/views/__init__.py +++ b/src/wuttaweb/views/__init__.py @@ -33,4 +33,4 @@ from .base import View def includeme(config): - config.include('wuttaweb.views.essential') + config.include('wuttaweb.views.common') diff --git a/src/wuttaweb/views/auth.py b/src/wuttaweb/views/auth.py deleted file mode 100644 index 389271b..0000000 --- a/src/wuttaweb/views/auth.py +++ /dev/null @@ -1,288 +0,0 @@ -# -*- coding: utf-8; -*- -################################################################################ -# -# wuttaweb -- Web App for Wutta Framework -# Copyright © 2024 Lance Edgar -# -# This file is part of Wutta Framework. -# -# Wutta Framework is free software: you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the Free -# Software Foundation, either version 3 of the License, or (at your option) any -# later version. -# -# Wutta Framework is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for -# more details. -# -# You should have received a copy of the GNU General Public License along with -# Wutta Framework. If not, see . -# -################################################################################ -""" -Auth Views -""" - -import colander -from deform.widget import TextInputWidget, PasswordWidget, CheckedPasswordWidget - -from wuttaweb.views import View -from wuttaweb.db import Session -from wuttaweb.auth import login_user, logout_user - - -class AuthView(View): - """ - Auth views shared by all apps. - """ - - def login(self, session=None): - """ - View for user login. - - This view shows the login form, and handles its submission. - Upon successful login, user is redirected to home page. - - * route: ``login`` - * template: ``/auth/login.mako`` - """ - auth = self.app.get_auth_handler() - - # TODO: should call request.get_referrer() - referrer = self.request.route_url('home') - - # redirect if already logged in - if self.request.user: - self.request.session.flash(f"{self.request.user} is already logged in", 'error') - return self.redirect(referrer) - - form = self.make_form(schema=self.login_make_schema(), - align_buttons_right=True, - show_button_reset=True, - button_label_submit="Login", - button_icon_submit='user') - - # TODO - # form.show_cancel = False - - # validate basic form data (sanity check) - data = form.validate() - if data: - - # truly validate user credentials - session = session or Session() - user = auth.authenticate_user(session, data['username'], data['password']) - if user: - - # okay now they're truly logged in - headers = login_user(self.request, user) - return self.redirect(referrer, headers=headers) - - else: - self.request.session.flash("Invalid user credentials", 'error') - - return { - 'index_title': self.app.get_title(), - 'form': form, - # TODO - # 'referrer': referrer, - } - - def login_make_schema(self): - schema = colander.Schema() - - # nb. we must explicitly declare the widgets in order to also - # specify the ref attribute. this is needed for autofocus and - # keydown behavior for login form. - - schema.add(colander.SchemaNode( - colander.String(), - name='username', - widget=TextInputWidget(attributes={ - 'ref': 'username', - }))) - - schema.add(colander.SchemaNode( - colander.String(), - name='password', - widget=PasswordWidget(attributes={ - 'ref': 'password', - }))) - - return schema - - def logout(self): - """ - View for user logout. - - This deletes/invalidates the current user session and then - redirects to the login page. - - Note that a simple GET is sufficient; POST is not required. - - * route: ``logout`` - * template: n/a - """ - # truly logout the user - headers = logout_user(self.request) - - # TODO - # # redirect to home page after logout, if so configured - # if self.config.get_bool('wuttaweb.home_after_logout', default=False): - # return self.redirect(self.request.route_url('home'), headers=headers) - - # otherwise redirect to referrer, with 'login' page as fallback - # TODO: should call request.get_referrer() - # referrer = self.request.get_referrer(default=self.request.route_url('login')) - referrer = self.request.route_url('login') - return self.redirect(referrer, headers=headers) - - def change_password(self): - """ - View allowing a user to change their own password. - - This view shows a change-password form, and handles its - submission. If successful, user is redirected to home page. - - If current user is not authenticated, no form is shown and - user is redirected to home page. - - * route: ``change_password`` - * template: ``/auth/change_password.mako`` - """ - if not self.request.user: - return self.redirect(self.request.route_url('home')) - - form = self.make_form(schema=self.change_password_make_schema(), - show_button_reset=True) - - data = form.validate() - if data: - auth = self.app.get_auth_handler() - auth.set_user_password(self.request.user, data['new_password']) - self.request.session.flash("Your password has been changed.") - # TODO: should use request.get_referrer() instead - referrer = self.request.route_url('home') - return self.redirect(referrer) - - return {'index_title': str(self.request.user), - 'form': form} - - def change_password_make_schema(self): - schema = colander.Schema() - - schema.add(colander.SchemaNode( - colander.String(), - name='current_password', - widget=PasswordWidget(), - validator=self.change_password_validate_current_password)) - - schema.add(colander.SchemaNode( - colander.String(), - name='new_password', - widget=CheckedPasswordWidget(), - validator=self.change_password_validate_new_password)) - - return schema - - def change_password_validate_current_password(self, node, value): - auth = self.app.get_auth_handler() - user = self.request.user - if not auth.check_user_password(user, value): - node.raise_invalid("Current password is incorrect.") - - def change_password_validate_new_password(self, node, value): - auth = self.app.get_auth_handler() - user = self.request.user - if auth.check_user_password(user, value): - node.raise_invalid("New password must be different from old password.") - - def become_root(self): - """ - Elevate the current request to 'root' for full system access. - - This is only allowed if current (authenticated) user is a - member of the Administrator role. Also note that GET is not - allowed for this view, only POST. - - See also :meth:`stop_root()`. - """ - if self.request.method != 'POST': - raise self.forbidden() - - if not self.request.is_admin: - raise self.forbidden() - - self.request.session['is_root'] = True - self.request.session.flash("You have been elevated to 'root' and now have full system access") - - url = self.request.get_referrer() - return self.redirect(url) - - def stop_root(self): - """ - Lower the current request from 'root' back to normal access. - - Also note that GET is not allowed for this view, only POST. - - See also :meth:`become_root()`. - """ - if self.request.method != 'POST': - raise self.forbidden() - - if not self.request.is_admin: - raise self.forbidden() - - self.request.session['is_root'] = False - self.request.session.flash("Your normal system access has been restored") - - url = self.request.get_referrer() - return self.redirect(url) - - @classmethod - def defaults(cls, config): - cls._auth_defaults(config) - - @classmethod - def _auth_defaults(cls, config): - - # login - config.add_route('login', '/login') - config.add_view(cls, attr='login', - route_name='login', - renderer='/auth/login.mako') - - # logout - config.add_route('logout', '/logout') - config.add_view(cls, attr='logout', - route_name='logout') - - # change password - config.add_route('change_password', '/change-password') - config.add_view(cls, attr='change_password', - route_name='change_password', - renderer='/auth/change_password.mako') - - # become root - config.add_route('become_root', '/root/yes', - request_method='POST') - config.add_view(cls, attr='become_root', - route_name='become_root') - - # stop root - config.add_route('stop_root', '/root/no', - request_method='POST') - config.add_view(cls, attr='stop_root', - route_name='stop_root') - - -def defaults(config, **kwargs): - base = globals() - - AuthView = kwargs.get('AuthView', base['AuthView']) - AuthView.defaults(config) - - -def includeme(config): - defaults(config) diff --git a/src/wuttaweb/views/base.py b/src/wuttaweb/views/base.py index e412ed2..3906c0b 100644 --- a/src/wuttaweb/views/base.py +++ b/src/wuttaweb/views/base.py @@ -24,10 +24,6 @@ Base Logic for Views """ -from pyramid import httpexceptions - -from wuttaweb import forms - class View: """ @@ -39,7 +35,8 @@ class View: .. attribute:: request - Reference to the current :term:`request` object. + Reference to the current + :class:`pyramid:pyramid.request.Request` object. .. attribute:: app @@ -54,38 +51,3 @@ class View: self.request = request self.config = self.request.wutta_config self.app = self.config.get_app() - - def forbidden(self): - """ - Convenience method, to raise a HTTP 403 Forbidden exception:: - - raise self.forbidden() - """ - return httpexceptions.HTTPForbidden() - - def make_form(self, **kwargs): - """ - Make and return a new :class:`~wuttaweb.forms.base.Form` - instance, per the given ``kwargs``. - - This is the "default" form factory which merely invokes - the constructor. - """ - return forms.Form(self.request, **kwargs) - - def redirect(self, url, **kwargs): - """ - Convenience method to return a HTTP 302 response. - - Note that this technically returns an "exception" - so in - your code, you can either return that error, or raise it:: - - return self.redirect('/') - # ..or - raise self.redirect('/') - - Which you should do will depend on context, but raising the - error is always "safe" since Pyramid will handle that - correctly no matter what. - """ - return httpexceptions.HTTPFound(location=url, **kwargs) diff --git a/src/wuttaweb/views/essential.py b/src/wuttaweb/views/essential.py deleted file mode 100644 index 93c8149..0000000 --- a/src/wuttaweb/views/essential.py +++ /dev/null @@ -1,45 +0,0 @@ -# -*- coding: utf-8; -*- -################################################################################ -# -# wuttaweb -- Web App for Wutta Framework -# Copyright © 2024 Lance Edgar -# -# This file is part of Wutta Framework. -# -# Wutta Framework is free software: you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the Free -# Software Foundation, either version 3 of the License, or (at your option) any -# later version. -# -# Wutta Framework is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for -# more details. -# -# You should have received a copy of the GNU General Public License along with -# Wutta Framework. If not, see . -# -################################################################################ -""" -Essential views for convenient includes - -Most apps should include this module:: - - pyramid_config.include('wuttaweb.views.essential') - -That will in turn include the following modules: - -* :mod:`wuttaweb.views.auth` -* :mod:`wuttaweb.views.common` -""" - - -def defaults(config, **kwargs): - mod = lambda spec: kwargs.get(spec, spec) - - config.include(mod('wuttaweb.views.auth')) - config.include(mod('wuttaweb.views.common')) - - -def includeme(config): - defaults(config) diff --git a/tests/forms/__init__.py b/tests/forms/__init__.py deleted file mode 100644 index e69de29..0000000 diff --git a/tests/forms/test_base.py b/tests/forms/test_base.py deleted file mode 100644 index 27e2109..0000000 --- a/tests/forms/test_base.py +++ /dev/null @@ -1,271 +0,0 @@ -# -*- coding: utf-8; -*- - -from unittest import TestCase -from unittest.mock import MagicMock - -import colander -import deform -from pyramid import testing - -from wuttjamaican.conf import WuttaConfig -from wuttaweb.forms import base -from wuttaweb import helpers - - -class TestFieldList(TestCase): - - def test_insert_before(self): - fields = base.FieldList(['f1', 'f2']) - self.assertEqual(fields, ['f1', 'f2']) - - # typical - fields.insert_before('f1', 'XXX') - self.assertEqual(fields, ['XXX', 'f1', 'f2']) - fields.insert_before('f2', 'YYY') - self.assertEqual(fields, ['XXX', 'f1', 'YYY', 'f2']) - - # appends new field if reference field is invalid - fields.insert_before('f3', 'ZZZ') - self.assertEqual(fields, ['XXX', 'f1', 'YYY', 'f2', 'ZZZ']) - - def test_insert_after(self): - fields = base.FieldList(['f1', 'f2']) - self.assertEqual(fields, ['f1', 'f2']) - - # typical - fields.insert_after('f1', 'XXX') - self.assertEqual(fields, ['f1', 'XXX', 'f2']) - fields.insert_after('XXX', 'YYY') - self.assertEqual(fields, ['f1', 'XXX', 'YYY', 'f2']) - - # appends new field if reference field is invalid - fields.insert_after('f3', 'ZZZ') - self.assertEqual(fields, ['f1', 'XXX', 'YYY', 'f2', 'ZZZ']) - - -class TestForm(TestCase): - - def setUp(self): - self.config = WuttaConfig() - self.request = testing.DummyRequest(wutta_config=self.config) - - self.pyramid_config = testing.setUp(request=self.request, settings={ - 'mako.directories': ['wuttaweb:templates'], - 'pyramid_deform.template_search_path': 'wuttaweb:templates/deform', - }) - - def tearDown(self): - testing.tearDown() - - def make_form(self, request=None, **kwargs): - return base.Form(request or self.request, **kwargs) - - def make_schema(self): - schema = colander.Schema(children=[ - colander.SchemaNode(colander.String(), - name='foo'), - colander.SchemaNode(colander.String(), - name='bar'), - ]) - return schema - - def test_init_with_none(self): - form = self.make_form() - self.assertIsNone(form.fields) - - def test_init_with_fields(self): - form = self.make_form(fields=['foo', 'bar']) - self.assertEqual(form.fields, ['foo', 'bar']) - - def test_init_with_schema(self): - schema = self.make_schema() - form = self.make_form(schema=schema) - self.assertEqual(form.fields, ['foo', 'bar']) - - def test_vue_tagname(self): - form = self.make_form() - self.assertEqual(form.vue_tagname, 'wutta-form') - - def test_vue_component(self): - form = self.make_form() - self.assertEqual(form.vue_component, 'WuttaForm') - - def test_contains(self): - form = self.make_form(fields=['foo', 'bar']) - self.assertIn('foo', form) - self.assertNotIn('baz', form) - - def test_iter(self): - form = self.make_form(fields=['foo', 'bar']) - - fields = list(iter(form)) - self.assertEqual(fields, ['foo', 'bar']) - - fields = [] - for field in form: - fields.append(field) - self.assertEqual(fields, ['foo', 'bar']) - - def test_set_fields(self): - form = self.make_form(fields=['foo', 'bar']) - self.assertEqual(form.fields, ['foo', 'bar']) - form.set_fields(['baz']) - self.assertEqual(form.fields, ['baz']) - - def test_get_schema(self): - form = self.make_form() - self.assertIsNone(form.schema) - - # provided schema is returned - schema = self.make_schema() - form = self.make_form(schema=schema) - self.assertIs(form.schema, schema) - self.assertIs(form.get_schema(), schema) - - # auto-generating schema not yet supported - form = self.make_form(fields=['foo', 'bar']) - self.assertIsNone(form.schema) - self.assertRaises(NotImplementedError, form.get_schema) - - def test_get_deform(self): - schema = self.make_schema() - form = self.make_form(schema=schema) - self.assertFalse(hasattr(form, 'deform_form')) - dform = form.get_deform() - self.assertIsInstance(dform, deform.Form) - self.assertIs(form.deform_form, dform) - - def test_get_label(self): - form = self.make_form(fields=['foo', 'bar']) - self.assertEqual(form.get_label('foo'), "Foo") - form.set_label('foo', "Baz") - self.assertEqual(form.get_label('foo'), "Baz") - - def test_set_label(self): - form = self.make_form(fields=['foo', 'bar']) - self.assertEqual(form.get_label('foo'), "Foo") - form.set_label('foo', "Baz") - self.assertEqual(form.get_label('foo'), "Baz") - - # schema should be updated when setting label - schema = self.make_schema() - form = self.make_form(schema=schema) - form.set_label('foo', "Woohoo") - self.assertEqual(form.get_label('foo'), "Woohoo") - self.assertEqual(schema['foo'].title, "Woohoo") - - def test_render_vue_tag(self): - schema = self.make_schema() - form = self.make_form(schema=schema) - html = form.render_vue_tag() - self.assertEqual(html, '') - - def test_render_vue_template(self): - self.pyramid_config.include('pyramid_mako') - self.pyramid_config.add_subscriber('wuttaweb.subscribers.before_render', - 'pyramid.events.BeforeRender') - - # form button is disabled on @submit by default - schema = self.make_schema() - form = self.make_form(schema=schema) - html = form.render_vue_template() - self.assertIn('