Revert future imports for annotations, PEP563 is still defered

Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>
Implement custom UA parsing, allowing to update Flask and Werkzeug
2022-08-25 12:06:59 +02:00 · 2022-08-22 17:18:03 +02:00
9 changed files with 64 additions and 17 deletions
--- a/flaschengeist/controller/pluginController.py
+++ b/flaschengeist/controller/pluginController.py
@ -25,6 +25,7 @@ def get_enabled_plugins():
        class PluginStub:
            def __init__(self, name) -> None:
                self.name = name
+                self.version = "?"

        logger.error("Could not connect to database or database not initialized! No plugins enabled!")
        logger.debug("Can not query enabled plugins", exc_info=True)
--- a/flaschengeist/controller/sessionController.py
+++ b/flaschengeist/controller/sessionController.py
@ -11,7 +11,36 @@ from ..database import db
 lifetime = 1800


-def validate_token(token, user_agent, permission):
+def __get_user_agent_platform(ua: str):
+    if "Win" in ua:
+        return "Windows"
+    if "Mac" in ua:
+        return "Macintosh"
+    if "Linux" in ua:
+        return "Linux"
+    if "Android" in ua:
+        return "Android"
+    if "like Mac" in ua:
+        return "iOS"
+    return "unknown"
+
+
+def __get_user_agent_browser(ua: str):
+    ua_str = ua.lower()
+    if "firefox" in ua_str or "fxios" in ua_str:
+        return "firefox"
+    if "safari" in ua_str:
+        return "safari"
+    if "opr/" in ua_str:
+        return "opera"
+    if "edg" in ua_str:
+        return "edge"
+    if "chrom" in ua_str or "crios" in ua_str:
+        return "chrome"
+    return "unknown"
+
+
+def validate_token(token, request_headers, permission):
    """Verify session

    Verify a Session and Roles so if the User has permission or not.
@ -19,7 +48,7 @@ def validate_token(token, user_agent, permission):

    Args:
        token: Token to verify.
-        user_agent: User agent of browser to check
+        request_headers: Headers to validate user agent of browser
        permission: Permission needed to access restricted routes
    Returns:
        A Session for this given Token
@ -31,8 +60,16 @@ def validate_token(token, user_agent, permission):
    session = Session.query.filter_by(token=token).one_or_none()
    if session:
        logger.debug("token found, check if expired or invalid user agent differs")
+
+        platform = request_headers.get("Sec-CH-UA-Platform", None) or __get_user_agent_platform(
+            request_headers.get("User-Agent", "")
+        )
+        browser = request_headers.get("Sec-CH-UA", None) or __get_user_agent_browser(
+            request_headers.get("User-Agent", "")
+        )
+
        if session.expires >= datetime.now(timezone.utc) and (
-            session.browser == user_agent.browser and session.platform == user_agent.platform
+            session.browser == browser and session.platform == platform
        ):
            if not permission or session.user_.has_permission(permission):
                session.refresh()
--- a/flaschengeist/models/image.py
+++ b/flaschengeist/models/image.py
@ -1,3 +1,5 @@
+from __future__ import annotations  # TODO: Remove if python requirement is >= 3.12 (? PEP 563 is defered)
+
 from sqlalchemy import event
 from pathlib import Path

--- a/flaschengeist/models/notification.py
+++ b/flaschengeist/models/notification.py
@ -1,3 +1,5 @@
+from __future__ import annotations  # TODO: Remove if python requirement is >= 3.12 (? PEP 563 is defered)
+
 from datetime import datetime
 from typing import Any

@ -14,8 +16,8 @@ class Notification(db.Model, ModelSerializeMixin):

    user_id_: int = db.Column("user", Serial, db.ForeignKey("user.id"), nullable=False)
    plugin_id_: int = db.Column("plugin", Serial, db.ForeignKey("plugin.id"), nullable=False)
-    user_: "User" = db.relationship("User")
-    plugin_: "Plugin" = db.relationship(
+    user_: User = db.relationship("User")
+    plugin_: Plugin = db.relationship(
        "Plugin", backref=db.backref("notifications_", cascade="all, delete, delete-orphan")
    )

--- a/flaschengeist/models/plugin.py
+++ b/flaschengeist/models/plugin.py
@ -1,3 +1,5 @@
+from __future__ import annotations  # TODO: Remove if python requirement is >= 3.12 (? PEP 563 is defered)
+
 from typing import Any

 from ..database import db
--- a/flaschengeist/models/session.py
+++ b/flaschengeist/models/session.py
@ -1,11 +1,12 @@
+from __future__ import annotations  # TODO: Remove if python requirement is >= 3.12 (? PEP 563 is defered)
+
 from datetime import datetime, timedelta, timezone
 from secrets import compare_digest

+from .. import logger
 from ..database import db
 from ..database.types import ModelSerializeMixin, UtcDateTime, Serial

-from flaschengeist import logger
-

 class Session(db.Model, ModelSerializeMixin):
    """Model for a Session
@ -20,13 +21,13 @@ class Session(db.Model, ModelSerializeMixin):
    expires: datetime = db.Column(UtcDateTime)
    token: str = db.Column(db.String(32), unique=True)
    lifetime: int = db.Column(db.Integer)
-    browser: str = db.Column(db.String(30))
-    platform: str = db.Column(db.String(30))
+    browser: str = db.Column(db.String(127))
+    platform: str = db.Column(db.String(64))
    userid: str = ""

    _id = db.Column("id", Serial, primary_key=True)
    _user_id = db.Column("user_id", Serial, db.ForeignKey("user.id"))
-    user_: "User" = db.relationship("User", back_populates="sessions_")
+    user_: User = db.relationship("User", back_populates="sessions_")

    @property
    def userid(self):
--- a/flaschengeist/models/user.py
+++ b/flaschengeist/models/user.py
@ -1,3 +1,5 @@
+from __future__ import annotations  # TODO: Remove if python requirement is >= 3.12 (? PEP 563 is defered)
+
 from typing import Optional
 from datetime import date, datetime
 from sqlalchemy.orm.collections import attribute_mapped_collection
@ -62,10 +64,10 @@ class User(db.Model, ModelSerializeMixin):
    # Protected stuff for backend use only
    id_ = db.Column("id", Serial, primary_key=True)
    roles_: list[Role] = db.relationship("Role", secondary=association_table, cascade="save-update, merge")
-    sessions_: list["Session"] = db.relationship(
+    sessions_: list[Session] = db.relationship(
        "Session", back_populates="user_", cascade="all, delete, delete-orphan"
    )
-    avatar_: Optional["Image"] = db.relationship("Image", cascade="all, delete, delete-orphan", single_parent=True)
+    avatar_: Optional[Image] = db.relationship("Image", cascade="all, delete, delete-orphan", single_parent=True)
    reset_requests_: list["_PasswordReset"] = db.relationship("_PasswordReset", cascade="all, delete, delete-orphan")

    # Private stuff for internal use
--- a/flaschengeist/utils/decorators.py
+++ b/flaschengeist/utils/decorators.py
@ -14,7 +14,7 @@ def extract_session(permission=None):
        logger.debug("Missing Authorization header or ill-formed")
        raise Unauthorized

-    session = sessionController.validate_token(token, request.user_agent, permission)
+    session = sessionController.validate_token(token, request.headers, permission)
    return session


--- a/setup.cfg
+++ b/setup.cfg
@ -22,14 +22,14 @@ include_package_data = True
 python_requires = >=3.10
 packages = find:
 install_requires =
-    Flask==2.0.3
-    Pillow>=9.0
+    Flask>=2.2.2
+    Pillow>=9.2
    flask_cors
    flask_migrate>=3.1.0
    flask_sqlalchemy>=2.5.1
-    sqlalchemy>=1.4.39
+    sqlalchemy>=1.4.40
    toml
-    werkzeug==2.0.3
+    werkzeug>=2.2.2

 [options.extras_require]
 argon = argon2-cffi
Author	SHA1	Message	Date
Ferdinand Thiessen	4248825af0	Revert future imports for annotations, PEP563 is still defered Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>	2022-08-25 12:06:59 +02:00
Ferdinand Thiessen	e22e38b304	Implement custom UA parsing, allowing to update Flask and Werkzeug Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>	2022-08-22 17:18:03 +02:00