Release 2.20.0rc1

paths

package/share/ahriman/templates/utils/bootstrap-scripts.jinja2

@@ -198,16 +198,13 @@
     function updateTable(table, rows) {
         // instead of using load method here, we just update rows manually to avoid table reinitialization
         const currentData = table.bootstrapTable("getData").reduce((accumulator, row) => {
-            accumulator[row.id] = {state: row["0"], status: row.status};
+            accumulator[row.id] = row["0"];
             return accumulator;
         }, {});
-        // insert or update rows, skipping ones whose status hasn't changed
+        // insert or update rows
         rows.forEach(row => {
             if (Object.hasOwn(currentData, row.id)) {
-                if (row.status === currentData[row.id].status) {
+                row["0"] = currentData[row.id]; // copy checkbox state
-                    return;
-                }
-                row["0"] = currentData[row.id].state; // copy checkbox state
                 table.bootstrapTable("updateByUniqueId", {
                     id: row.id,
                     row: row,

src/ahriman/application/handlers/backup.py

@@ -81,13 +81,11 @@ class Backup(Handler):
         Returns:
             set[Path]: map of the filesystem paths
         """
-        # configuration files
+        paths = set(configuration.include.glob("*.ini"))
-        root, _ = configuration.check_loaded()
-        paths = set(configuration.includes)
-        paths.add(root)
 
-        # database
+        root, _ = configuration.check_loaded()
-        paths.add(SQLite.database_path(configuration))
+        paths.add(root)  # the configuration itself
+        paths.add(SQLite.database_path(configuration))  # database
 
         # local caches
         repository_paths = configuration.repository_paths

src/ahriman/application/handlers/restore.py

@@ -47,7 +47,7 @@ class Restore(Handler):
             report(bool): force enable or disable reporting
         """
         with tarfile.open(args.path) as archive:
-            archive.extractall(path=args.output, filter="data")
+            archive.extractall(path=args.output)  # nosec
 
     @staticmethod
     def _set_repo_restore_parser(root: SubParserAction) -> argparse.ArgumentParser:

src/ahriman/core/auth/oauth.py

@@ -86,7 +86,7 @@ class OAuth(Mapping):
         Raises:
             OptionError: in case if invalid OAuth provider name supplied
         """
-        provider: type = getattr(aioauth_client, name, type(None))
+        provider: type[aioauth_client.OAuth2Client] = getattr(aioauth_client, name)
         try:
             is_oauth2_client = issubclass(provider, aioauth_client.OAuth2Client)
         except TypeError:  # what if it is random string?

src/ahriman/core/report/email.py

@@ -74,18 +74,6 @@ class Email(Report, JinjaTemplate):
         self.ssl = SmtpSSLSettings.from_option(configuration.get(section, "ssl", fallback="disabled"))
         self.user = configuration.get(section, "user", fallback=None)
 
-    @property
-    def _smtp_session(self) -> type[smtplib.SMTP]:
-        """
-        build SMTP session based on configuration settings
-
-        Returns:
-            type[smtplib.SMTP]: SMTP or SMTP_SSL session depending on whether SSL is enabled or not
-        """
-        if self.ssl == SmtpSSLSettings.SSL:
-            return smtplib.SMTP_SSL
-        return smtplib.SMTP
-
     def _send(self, text: str, attachment: dict[str, str]) -> None:
         """
         send email callback
@@ -105,13 +93,16 @@ class Email(Report, JinjaTemplate):
             attach.add_header("Content-Disposition", "attachment", filename=filename)
             message.attach(attach)
 
-        with self._smtp_session(self.host, self.port) as session:
+        if self.ssl != SmtpSSLSettings.SSL:
+            session = smtplib.SMTP(self.host, self.port)
             if self.ssl == SmtpSSLSettings.STARTTLS:
                 session.starttls()
-
+        else:
-            if self.user is not None and self.password is not None:
+            session = smtplib.SMTP_SSL(self.host, self.port)
-                session.login(self.user, self.password)
+        if self.user is not None and self.password is not None:
-            session.sendmail(self.sender, self.receivers, message.as_string())
+            session.login(self.user, self.password)
+        session.sendmail(self.sender, self.receivers, message.as_string())
+        session.quit()
 
     def generate(self, packages: list[Package], result: Result) -> None:
         """

src/ahriman/core/utils.py

@@ -164,11 +164,6 @@ def check_output(*args: str, exception: Exception | Callable[[int, list[str], st
         if key in ("PATH",)  # whitelisted variables only
     } | environment
 
-    result: dict[str, list[str]] = {
-        "stdout": [],
-        "stderr": [],
-    }
-
     with subprocess.Popen(args, cwd=cwd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE,
                           user=user, env=full_environment, text=True, encoding="utf8", errors="backslashreplace",
                           bufsize=1) as process:
@@ -177,27 +172,30 @@ def check_output(*args: str, exception: Exception | Callable[[int, list[str], st
             input_channel.write(input_data)
             input_channel.close()
 
-        with selectors.DefaultSelector() as selector:
+        selector = selectors.DefaultSelector()
-            selector.register(get_io(process, "stdout"), selectors.EVENT_READ, data="stdout")
+        selector.register(get_io(process, "stdout"), selectors.EVENT_READ, data="stdout")
-            selector.register(get_io(process, "stderr"), selectors.EVENT_READ, data="stderr")
+        selector.register(get_io(process, "stderr"), selectors.EVENT_READ, data="stderr")
 
-            while selector.get_map():  # while there are unread selectors, keep reading
+        result: dict[str, list[str]] = {
-                for key_data, output in poll(selector):
+            "stdout": [],
-                    result[key_data].append(output)
+            "stderr": [],
+        }
+        while selector.get_map():  # while there are unread selectors, keep reading
+            for key_data, output in poll(selector):
+                result[key_data].append(output)
+
+        stdout = "\n".join(result["stdout"]).rstrip("\n")  # remove newline at the end of any
+        stderr = "\n".join(result["stderr"]).rstrip("\n")
 
         status_code = process.wait()
+        if status_code != 0:
+            if isinstance(exception, Exception):
+                raise exception
+            if callable(exception):
+                raise exception(status_code, list(args), stdout, stderr)
+            raise CalledProcessError(status_code, list(args), stderr)
 
-    stdout = "\n".join(result["stdout"]).rstrip("\n")  # remove newline at the end of any
+        return stdout
-    stderr = "\n".join(result["stderr"]).rstrip("\n")
-
-    if status_code != 0:
-        if isinstance(exception, Exception):
-            raise exception
-        if callable(exception):
-            raise exception(status_code, list(args), stdout, stderr)
-        raise CalledProcessError(status_code, list(args), stderr)
-
-    return stdout
 
 
 def check_user(root: Path, *, unsafe: bool) -> None:

src/ahriman/web/apispec/info.py

@@ -72,7 +72,7 @@ def _security() -> list[dict[str, Any]]:
     return [{
         "token": {
             "type": "apiKey",  # as per specification we are using api key
-            "name": "AHRIMAN",
+            "name": "API_SESSION",
             "in": "cookie",
         }
     }]

src/ahriman/web/middlewares/auth_handler.py

@@ -149,17 +149,11 @@ def setup_auth(application: Application, configuration: Configuration, validator
         Application: configured web application
     """
     secret_key = _cookie_secret_key(configuration)
-    storage = EncryptedCookieStorage(
+    storage = EncryptedCookieStorage(secret_key, cookie_name="API_SESSION", max_age=validator.max_age)
-        secret_key,
-        cookie_name="AHRIMAN",
-        max_age=validator.max_age,
-        httponly=True,
-        samesite="Strict",
-    )
     setup_session(application, storage)
 
     authorization_policy = _AuthorizationPolicy(validator)
-    identity_policy = aiohttp_security.SessionIdentityPolicy("SESSION")
+    identity_policy = aiohttp_security.SessionIdentityPolicy()
 
     aiohttp_security.setup(application, identity_policy, authorization_policy)
     application.middlewares.append(_auth_handler(validator.allow_read_only))

src/ahriman/web/schemas/auth_schema.py

@@ -25,6 +25,6 @@ class AuthSchema(Schema):
     request cookie authorization schema
     """
 
-    AHRIMAN = fields.String(required=True, metadata={
+    API_SESSION = fields.String(required=True, metadata={
         "description": "API session key as returned from authorization",
     })

tests/ahriman/application/handlers/test_handler_restore.py

@@ -34,7 +34,7 @@ def test_run(args: argparse.Namespace, configuration: Configuration, mocker: Moc
 
     _, repository_id = configuration.check_loaded()
     Restore.run(args, repository_id, configuration, report=False)
-    extract_mock.extractall.assert_called_once_with(path=args.output, filter="data")
+    extract_mock.extractall.assert_called_once_with(path=args.output)
 
 
 def test_disallow_multi_architecture_run() -> None:

tests/ahriman/core/report/test_email.py

@@ -1,5 +1,3 @@
-import smtplib
-
 import pytest
 
 from pytest_mock import MockerFixture
@@ -8,7 +6,6 @@ from ahriman.core.configuration import Configuration
 from ahriman.core.report.email import Email
 from ahriman.models.package import Package
 from ahriman.models.result import Result
-from ahriman.models.smtp_ssl_settings import SmtpSSLSettings
 
 
 def test_template(configuration: Configuration) -> None:
@@ -40,36 +37,17 @@ def test_template_full(configuration: Configuration) -> None:
     assert Email(repository_id, configuration, "email").template_full == root.parent / template
 
 
-def test_smtp_session(email: Email) -> None:
-    """
-    must build normal SMTP session if SSL is disabled
-    """
-    email.ssl = SmtpSSLSettings.Disabled
-    assert email._smtp_session == smtplib.SMTP
-
-    email.ssl = SmtpSSLSettings.STARTTLS
-    assert email._smtp_session == smtplib.SMTP
-
-
-def test_smtp_session_ssl(email: Email) -> None:
-    """
-    must build SMTP_SSL session if SSL is enabled
-    """
-    email.ssl = SmtpSSLSettings.SSL
-    assert email._smtp_session == smtplib.SMTP_SSL
-
-
 def test_send(email: Email, mocker: MockerFixture) -> None:
     """
     must send an email with attachment
     """
     smtp_mock = mocker.patch("smtplib.SMTP")
-    smtp_mock.return_value.__enter__.return_value = smtp_mock.return_value
 
     email._send("a text", {"attachment.html": "an attachment"})
     smtp_mock.return_value.starttls.assert_not_called()
     smtp_mock.return_value.login.assert_not_called()
     smtp_mock.return_value.sendmail.assert_called_once_with(email.sender, email.receivers, pytest.helpers.anyvar(int))
+    smtp_mock.return_value.quit.assert_called_once_with()
 
 
 def test_send_auth(configuration: Configuration, mocker: MockerFixture) -> None:
@@ -79,7 +57,6 @@ def test_send_auth(configuration: Configuration, mocker: MockerFixture) -> None:
     configuration.set_option("email", "user", "username")
     configuration.set_option("email", "password", "password")
     smtp_mock = mocker.patch("smtplib.SMTP")
-    smtp_mock.return_value.__enter__.return_value = smtp_mock.return_value
     _, repository_id = configuration.check_loaded()
 
     email = Email(repository_id, configuration, "email")
@@ -93,7 +70,6 @@ def test_send_auth_no_password(configuration: Configuration, mocker: MockerFixtu
     """
     configuration.set_option("email", "user", "username")
     smtp_mock = mocker.patch("smtplib.SMTP")
-    smtp_mock.return_value.__enter__.return_value = smtp_mock.return_value
     _, repository_id = configuration.check_loaded()
 
     email = Email(repository_id, configuration, "email")
@@ -107,7 +83,6 @@ def test_send_auth_no_user(configuration: Configuration, mocker: MockerFixture)
     """
     configuration.set_option("email", "password", "password")
     smtp_mock = mocker.patch("smtplib.SMTP")
-    smtp_mock.return_value.__enter__.return_value = smtp_mock.return_value
     _, repository_id = configuration.check_loaded()
 
     email = Email(repository_id, configuration, "email")
@@ -121,7 +96,6 @@ def test_send_ssl_tls(configuration: Configuration, mocker: MockerFixture) -> No
     """
     configuration.set_option("email", "ssl", "ssl")
     smtp_mock = mocker.patch("smtplib.SMTP_SSL")
-    smtp_mock.return_value.__enter__.return_value = smtp_mock.return_value
     _, repository_id = configuration.check_loaded()
 
     email = Email(repository_id, configuration, "email")
@@ -129,6 +103,7 @@ def test_send_ssl_tls(configuration: Configuration, mocker: MockerFixture) -> No
     smtp_mock.return_value.starttls.assert_not_called()
     smtp_mock.return_value.login.assert_not_called()
     smtp_mock.return_value.sendmail.assert_called_once_with(email.sender, email.receivers, pytest.helpers.anyvar(int))
+    smtp_mock.return_value.quit.assert_called_once_with()
 
 
 def test_send_starttls(configuration: Configuration, mocker: MockerFixture) -> None:
@@ -137,7 +112,6 @@ def test_send_starttls(configuration: Configuration, mocker: MockerFixture) -> N
     """
     configuration.set_option("email", "ssl", "starttls")
     smtp_mock = mocker.patch("smtplib.SMTP")
-    smtp_mock.return_value.__enter__.return_value = smtp_mock.return_value
     _, repository_id = configuration.check_loaded()
 
     email = Email(repository_id, configuration, "email")

tests/ahriman/web/apispec/test_info.py

@@ -23,7 +23,7 @@ def test_security() -> None:
     must generate security definitions for swagger
     """
     token = next(iter(_security()))["token"]
-    assert token == {"type": "apiKey", "name": "AHRIMAN", "in": "cookie"}
+    assert token == {"type": "apiKey", "name": "API_SESSION", "in": "cookie"}
 
 
 def test_servers(application: Application) -> None:

tests/ahriman/web/schemas/test_auth_schema.py

@@ -6,4 +6,4 @@ def test_schema() -> None:
     must return valid schema
     """
     schema = AuthSchema()
-    assert not schema.validate({"AHRIMAN": "key"})
+    assert not schema.validate({"API_SESSION": "key"})

tests/ahriman/web/views/api/test_view_api_swagger.py

@@ -27,7 +27,7 @@ def _client(client: TestClient, mocker: MockerFixture) -> TestClient:
                     "parameters": [
                         {
                             "in": "cookie",
-                            "name": "AHRIMAN",
+                            "name": "API_SESSION",
                             "schema": {
                                 "type": "string",
                             },
@@ -39,7 +39,7 @@ def _client(client: TestClient, mocker: MockerFixture) -> TestClient:
                     "parameters": [
                         {
                             "in": "cookie",
-                            "name": "AHRIMAN",
+                            "name": "API_SESSION",
                             "schema": {
                                 "type": "string",
                             },
@@ -60,7 +60,7 @@ def _client(client: TestClient, mocker: MockerFixture) -> TestClient:
             {
                 "token": {
                     "type": "apiKey",
-                    "name": "AHRIMAN",
+                    "name": "API_SESSION",
                     "in": "cookie",
                 },
             },