Register, admin, mod views

admin_webapp/app.py

@@ -1,5 +1,6 @@
 """Provides application for development purposes."""
 from .factory import create_web_app
+import arxiv_db
 
 app = create_web_app()
 # with app.app_context():

admin_webapp/config.py

@@ -102,7 +102,7 @@
 
 
 
-WTF_CSRF_ENABLED = os.environ.get('WTF_CSRF_ENABLED', True)
+WTF_CSRF_ENABLED = os.environ.get('WTF_CSRF_ENABLED', False)
 """Enable CSRF.
 
 Do not disable in production."""
@@ -119,8 +119,10 @@
     FLASK_DEBUG=True
     DEBUG=True
     if not SQLALCHEMY_DATABASE_URI:
-        SQLALCHEMY_DATABASE_URI = 'sqlite:///../locahost_dev.db'
-        CLASSIC_DATABASE_URI = SQLALCHEMY_DATABASE_URI
+        # SQLALCHEMY_DATABASE_URI = 'sqlite:///../locahost_dev.db'
+        SQLALCHEMY_DATABASE_URI='mysql+mysqldb://root:root@localhost:3306/arXiv'
+
+        # CLASSIC_DATABASE_URI = SQLALCHEMY_DATABASE_URI
 
     DEFAULT_LOGIN_REDIRECT_URL='/protected'
     # Need to use this funny name where we have a DNS entry to 127.0.0.1

admin_webapp/controllers/endorsement.py

@@ -0,0 +1,45 @@
+"""arXiv endorsements controllers."""
+from collections import defaultdict
+from datetime import datetime, timedelta
+import logging
+from admin_webapp.routes import endorsement
+
+from flask import Blueprint, render_template, request, \
+    make_response, current_app, Response, abort
+
+from flask_sqlalchemy import Pagination
+
+from sqlalchemy import select, func, case, text, insert, update, desc
+from sqlalchemy.dialects.mysql import JSON
+from sqlalchemy.orm import joinedload, selectinload, aliased
+from arxiv.base import logging
+
+from arxiv_auth.auth.decorators import scoped
+
+from arxiv_db.models import Endorsements, EndorsementsAudit, TapirUsers
+from arxiv_db.models.associative_tables import t_arXiv_paper_owners
+
+from admin_webapp.extensions import get_csrf, get_db
+from admin_webapp.admin_log import audit_admin
+logger = logging.getLogger(__file__)
+
+# blueprint = Blueprint('ownership', __name__, url_prefix='/ownership')
+"""
+All endorsements listing
+"""
+def endorsement_listing(per_page:int, page: int) -> dict:
+    session = get_db(current_app).session
+    report_stmt = (select(Endorsements)
+                #    TODO: do I need a joinedload to prevent N+1 queries
+                #    .options(joinedload(TapirUsers.tapir_nicknames))
+                   .limit(per_page).offset((page -1) * per_page)).join(EndorsementsAudit, isouter=True)
+
+    count_stmt = (select(func.count(Endorsements.endorsement_id)))
+
+    endorsements = session.scalars(report_stmt)
+    count = session.execute(count_stmt).scalar_one()
+    pagination = Pagination(query=None, page=page, per_page=per_page, total=count, items=None)
+
+
+    return dict(pagination=pagination, count=count, endorsements=endorsements)
+

admin_webapp/controllers/registration.py

@@ -8,6 +8,7 @@
 affiliation information, and links to external identities such as GitHub and
 ORCID.
 """
+from admin_webapp import config
 
 from typing import Dict, Tuple, Any, Optional
 from werkzeug.datastructures import MultiDict
@@ -21,17 +22,19 @@
 
 from wtforms import StringField, PasswordField, SelectField, \
     BooleanField, Form, HiddenField
-from wtforms.validators import DataRequired, Email, Length, URL, optional, \
+from wtforms.validators import DataRequired, Email, Length, URL, optional, EqualTo, \
     ValidationError
 from flask import url_for, Markup
+from flask import session as flask_session
 import pycountry
 
 from arxiv import taxonomy
 from .util import MultiCheckboxField, OptGroupSelectField
 
 from .. import stateless_captcha
 
-from arxiv_auth import legacy
+from arxiv_auth.legacy import sessions as legacy_sessions
+
 from arxiv_auth.legacy import accounts
 from arxiv_auth.legacy.exceptions import RegistrationFailed, \
     SessionCreationFailed, SessionDeletionFailed
@@ -44,8 +47,11 @@
 def _login_classic(user: domain.User, auth: domain.Authorizations,
                    ip: Optional[str]) -> Tuple[domain.Session, str]:
     try:
-        c_session = legacy.create(auth, ip, ip, user=user)
-        c_cookie = legacy.generate_cookie(c_session)
+        # c_session = legacy.create(auth, ip, ip, user=user)
+        # c_cookie = legacy.generate_cookie(c_session)
+        # no tracking cookie used
+        c_session = legacy_sessions.create(auth, ip, ip, '', user=user)
+        c_cookie = legacy_sessions.generate_cookie(c_session)
         logger.debug('Created classic session: %s', c_session.session_id)
     except SessionCreationFailed as ee:
         logger.debug('Could not create classic session: %s', ee)
@@ -87,7 +93,7 @@ def register(method: str, params: MultiDict, captcha_secret: str, ip: str,
         form.configure_captcha(captcha_secret, ip)
         data = {'form': form, 'next_page': next_page}
     elif method == 'POST':
-        logger.debug('Registration form submitted')
+        logger.debug('Registration form advancing to step 2')
         form = RegistrationForm(params, next_page=next_page)
         data = {'form': form, 'next_page': next_page}
         form.configure_captcha(captcha_secret, ip)
@@ -97,9 +103,62 @@ def register(method: str, params: MultiDict, captcha_secret: str, ip: str,
             return data, status.HTTP_400_BAD_REQUEST, {}
 
         logger.debug('Registration form is valid')
-        password = form.password.data
+        # password = form.password.data
 
         # Perform the actual registration.
+
+        # user, auth = accounts.register(form.to_domain(), password, ip, ip)
+
+        # try:
+        #     user, auth = accounts.register(form.to_domain(), password, ip, ip)
+        # except RegistrationFailed as e:
+        #     msg = 'Registration failed'
+        #     raise InternalServerError(msg) from e  # type: ignore
+
+        # Log the user in.
+        # session, cookie = _login(user, auth, ip)
+        # c_session, c_cookie = _login_classic(user, auth, ip)
+        # data.update({
+        #     'cookies': {
+        #         'session_cookie': (cookie, session.expires),
+        #         'classic_cookie': (c_cookie, c_session.expires)
+        #     },
+        #     'user_id': user.user_id
+        # })
+
+
+        # print(session)
+
+        return data, status.HTTP_303_SEE_OTHER, {'Location': next_page}
+    return data, status.HTTP_200_OK, {}
+
+def register2(method: str, params: MultiDict, ip: str,
+             next_page: str) -> ResponseData:
+    """Handle requests for the registration view step 2."""
+    data: Dict[str, Any]
+
+    print("session data", flask_session)
+    if method == 'GET':
+        form = ProfileForm(params)
+        data = {'form': form, 'next_page': next_page}
+
+    elif method == 'POST':
+        logger.debug('Registration form submitted')
+        form = ProfileForm(params, next_page=next_page)
+        data = {'form': form, 'next_page': next_page}
+        # form.configure_captcha(captcha_secret, ip)
+
+        if not form.validate():
+            logger.debug('Registration form not valid')
+            return data, status.HTTP_400_BAD_REQUEST, {}
+
+        logger.debug('Registration form is valid')
+        password = flask_session['password']
+
+        # Perform the actual registration.
+        print(password, form.forename.data)
+        # user, auth = accounts.register(form.to_domain(), password, ip, ip)
+
         try:
             user, auth = accounts.register(form.to_domain(), password, ip, ip)
         except RegistrationFailed as e:
@@ -116,10 +175,11 @@ def register(method: str, params: MultiDict, captcha_secret: str, ip: str,
             },
             'user_id': user.user_id
         })
-        return data, status.HTTP_303_SEE_OTHER, {'Location': next_page}
-    return data, status.HTTP_200_OK, {}
 
+        # next_page = next_page if good_next_page(next_page) else config.DEFAULT_LOGIN_REDIRECT_URL
+        return data, status.HTTP_303_SEE_OTHER, {'Location': next_page}
 
+    return data, status.HTTP_200_OK, {}
 
 
 def edit_profile(method: str, user_id: str, session: domain.Session,
@@ -232,10 +292,14 @@ def from_domain(cls, user: domain.User) -> 'ProfileForm':
 
     def to_domain(self) -> domain.User:
         """Generate a :class:`.User` from this form's data."""
+        print(self.default_category.data.split('.'))
+        print(domain.Category('test'))
+        print(self.default_category.data)
         return domain.User(
             user_id=self.user_id.data if self.user_id.data else None,
-            username=self.username.data,
-            email=self.email.data,
+            # use flask session data for step 1 fields
+            username=flask_session['username'],
+            email=flask_session['email'],
             name=domain.UserFullName(
                 forename=self.forename.data,
                 surname=self.surname.data,
@@ -247,7 +311,7 @@ def to_domain(self) -> domain.User:
                 rank=int(self.status.data),     # WTF can't handle int values.
                 submission_groups=self.groups.data,
                 default_category=domain.Category(
-                    *self.default_category.data.split('.')
+                    self.default_category.data
                 ),
                 homepage_url=self.url.data,
                 remember_me=self.remember_me.data
@@ -276,7 +340,7 @@ class RegistrationForm(Form):
 
     password = PasswordField(
         'Password',
-        validators=[Length(min=8, max=20), DataRequired()],
+        validators=[Length(min=8, max=20), DataRequired(), EqualTo('password2', message="Passwords must match.")],
         description="Please choose a password that is between 8 and 20"
                     " characters in length. Longer passwords are more secure."
                     " You may use alphanumeric characters, as well as"
@@ -341,10 +405,10 @@ def validate_captcha_value(self, field: StringField) -> None:
             self.captcha_value.data = ''    # Clear the field.
             raise ValidationError('Please try again') from e
 
-    def validate_password(self) -> None:
-        """Verify that the password is the same in both fields."""
-        if self.password.data != self.password2.data:
-            raise ValidationError('Passwords must match')
+    # def validate_password(self) -> None:
+    #     """Verify that the password is the same in both fields."""
+    #     if self.password.data != self.password2.data:
+    #         raise ValidationError('Passwords must match')
 
     @classmethod
     def from_domain(cls, user: domain.User) -> 'RegistrationForm':

admin_webapp/controllers/search.py

@@ -0,0 +1,52 @@
+from flask import current_app, Response
+from flask_sqlalchemy import Pagination
+from admin_webapp.extensions import get_db
+from sqlalchemy import select, or_, func
+from arxiv_db.models import TapirUsers, TapirNicknames
+
+"""
+Basic search logic that does some loose similarity checking:
+
+"""
+def general_search(search_string: str, per_page:int, page: int) -> Response:
+    session = get_db(current_app).session
+
+    # check if the string is numeric
+    if search_string.isdigit():
+        # Check if unique user exists based on user ID
+        unique_user_id = session.query(TapirUsers).filter(TapirUsers.user_id==search_string).all()
+        if len(unique_user_id) == 1:
+            return dict(count=1, unique_id=search_string)
+
+    # Check if unique user exists based on nickname
+    unique_user_nickname = session.query(TapirNicknames).filter(TapirNicknames.nickname==search_string).all()
+    if len(unique_user_nickname) == 1:
+        return dict(count=1, unique_id=unique_user_nickname[0].user_id)
+
+    # General search logic
+    stmt = (select(TapirUsers).join(TapirNicknames)
+               .filter(
+                   or_(TapirUsers.user_id.like(f'%{search_string}%'),
+                       TapirUsers.first_name.like(f'%{search_string}%'),
+                        TapirUsers.last_name.like(f'%{search_string}%'),
+                        TapirNicknames.nickname.like(f'%{search_string}%')
+                       ))
+               .limit(per_page).offset((page -1) * per_page))
+
+    count_stmt = (select(func.count(TapirUsers.user_id)).where(
+        or_(TapirUsers.user_id.like(f'%{search_string}%'),
+                       TapirUsers.first_name.like(f'%{search_string}%'),
+                        TapirUsers.last_name.like(f'%{search_string}%'),
+                        )))
+
+    users = session.scalars(stmt)
+    count = session.execute(count_stmt).scalar_one()
+
+    pagination = Pagination(query=None, page=page, per_page=per_page, total=count, items=None)
+
+    return dict(pagination=pagination, count=count, users=users)
+
+def advanced_search(options):
+    session = get_db(current_app).session
+
+    return

admin_webapp/controllers/tapir_functions.py

@@ -0,0 +1,29 @@
+from flask import current_app, Response
+from admin_webapp.extensions import get_db
+from sqlalchemy import select, func
+from arxiv_db.models import TapirEmailTemplates
+import json 
+
+"""
+Tapir email templates
+"""
+def manage_email_templates() -> Response:
+    session = get_db(current_app).session
+
+    stmt = (select(TapirEmailTemplates))
+    count_stmt = (select(func.count(TapirEmailTemplates.template_id)))
+
+    email_templates = session.scalars(stmt)
+    count = session.execute(count_stmt).scalar_one()
+
+    # return json.dumps(email_templates)
+    return dict(count=count, email_templates=email_templates)
+
+def email_template(template_id: int) -> Response:
+    session = get_db(current_app).session
+
+    stmt = (select(TapirEmailTemplates).where(TapirEmailTemplates.template_id == template_id))
+
+    template = session.scalar(stmt)
+
+    return dict(template=template)