From 1bc1406fa325605589d8d264852b0c7df103e2ea Mon Sep 17 00:00:00 2001 From: gal432 Date: Sat, 20 Nov 2021 21:43:31 +0200 Subject: [PATCH 01/18] Make register auto tests support multi exercises with same name (#352) --- lms/lmstests/public/unittests/import_tests.py | 35 ++++++++++--------- tests/test_exercise_unit_tests.py | 15 +++++++- 2 files changed, 33 insertions(+), 17 deletions(-) diff --git a/lms/lmstests/public/unittests/import_tests.py b/lms/lmstests/public/unittests/import_tests.py index 7cc4ff13..d462def6 100644 --- a/lms/lmstests/public/unittests/import_tests.py +++ b/lms/lmstests/public/unittests/import_tests.py @@ -13,28 +13,31 @@ def register_test_class(file_path: str, test_class: typing.ClassVar): subject = test_class.__doc__ - exercise = models.Exercise.get_or_none(models.Exercise.subject == subject) - if not exercise: - log.info(f'Failed to find exercise subject {subject}') + exercises = tuple( + models.Exercise.filter(models.Exercise.subject == subject), + ) + if not exercises: + log.info(f'Failed to find exercises for subject {subject}') raise SystemError with open(file_path, 'r') as file_reader: code = file_reader.read() - exercise_test = models.ExerciseTest.get_or_create_exercise_test( - exercise=exercise, - code=code, - ) + for exercise in exercises: + exercise_test = models.ExerciseTest.get_or_create_exercise_test( + exercise=exercise, + code=code, + ) - for test_func_name in inspect.getmembers(test_class): - test_func_name = test_func_name[0] - if test_func_name.startswith('test_'): - test_func = getattr(test_class, test_func_name) - models.ExerciseTestName.create_exercise_test_name( - exercise_test=exercise_test, - test_name=test_func_name, - pretty_test_name=test_func.__doc__, - ) + for test_func_name in inspect.getmembers(test_class): + test_func_name = test_func_name[0] + if test_func_name.startswith('test_'): + test_func = getattr(test_class, test_func_name) + models.ExerciseTestName.create_exercise_test_name( + exercise_test=exercise_test, + test_name=test_func_name, + pretty_test_name=test_func.__doc__, + ) def load_tests_from_path(file_path: str): diff --git a/tests/test_exercise_unit_tests.py b/tests/test_exercise_unit_tests.py index 3fa3c547..56494891 100644 --- a/tests/test_exercise_unit_tests.py +++ b/tests/test_exercise_unit_tests.py @@ -7,7 +7,6 @@ from lms.models import notifications from tests import conftest - STUDENT_CODE = """ def foo(bar=None): return 'bar' if bar == 'bar' else 'foo' @@ -70,6 +69,20 @@ def _verify_comments(): assert expected == first.user_message assert "foo('bar') == 'barbaron'" in first.staff_message + def test_register_two_exercises_with_same_name( + self, + course: models.Course, + ): + ex1 = conftest.create_exercise(course, 0) + ex2 = conftest.create_exercise(course, 0) + import_tests.load_test_from_module(EXERCISE_TESTS) + assert models.ExerciseTest.select().filter( + models.ExerciseTest.exercise == ex1, + ).get() + assert models.ExerciseTest.select().filter( + models.ExerciseTest.exercise == ex2, + ).get() + @staticmethod def _verify_notifications(solution): all_notifications = notifications.get(user=solution.solver) From aabe621b66f70b56b6a15a1c369c146e38f39a5c Mon Sep 17 00:00:00 2001 From: gal432 Date: Mon, 22 Nov 2021 21:06:04 +0200 Subject: [PATCH 02/18] Handle single testsuite (#353) --- lms/lmstests/public/unittests/services.py | 37 +++++++++-------------- 1 file changed, 14 insertions(+), 23 deletions(-) diff --git a/lms/lmstests/public/unittests/services.py b/lms/lmstests/public/unittests/services.py index e62a6eb3..f471b519 100644 --- a/lms/lmstests/public/unittests/services.py +++ b/lms/lmstests/public/unittests/services.py @@ -1,7 +1,6 @@ import logging import subprocess # noqa: S404 -from typing import Iterable, List, Optional, Tuple - +from typing import Iterable, List, Optional from flask_babel import gettext as _ # type: ignore import junitparser from junitparser.junitparser import TestCase @@ -51,7 +50,6 @@ def _run_tests_on_solution(self): python_file = 'test_checks.py' test_output_path = 'output.xml' - junit_results = None try: with executers.get_executor(self._executor_name) as executor: executor.write_file(python_file, python_code) @@ -78,12 +76,17 @@ def _generate_python_code(self) -> str: test_code = self._exercise_auto_test.code return f'{test_code}\n\n{user_code}' - def _get_parsed_suites( + def _get_test_cases( self, raw_results: bytes, - ) -> Optional[Iterable[junitparser.TestSuite]]: + ) -> Optional[Iterable[junitparser.TestCase]]: try: parsed_string = junitparser.TestSuite.fromstring(raw_results) - return parsed_string.testsuites() + test_suites = tuple(parsed_string.testsuites()) + single_test_suite = not test_suites + if single_test_suite: + yield from tuple(parsed_string) + for test_suite in test_suites: + yield from tuple(test_suite) except SyntaxError: # importing xml make the lint go arrrr self._logger.exception('Failed to parse junit result') return None @@ -98,17 +101,15 @@ def _populate_junit_results(self, raw_results: bytes) -> None: if not raw_results: return None - suites = self._get_parsed_suites(raw_results) - if not suites: + test_cases = self._get_test_cases(raw_results) + if not test_cases: return None tests_ran = False number_of_failures = 0 - for test_suite in suites: - failures, ran = self._handle_test_suite(test_suite) - number_of_failures += failures - if ran and not tests_ran: - tests_ran = ran + for test_case in test_cases: + number_of_failures += int(self._handle_test_case(test_case)) + tests_ran = True if not tests_ran: self._handle_failed_to_execute_tests(raw_results) @@ -181,13 +182,3 @@ def _handle_test_case(self, case: TestCase) -> NumberOfErrors: self._handle_result(case.name, result) number_of_failures += 1 return number_of_failures - - def _handle_test_suite( - self, test_suite: junitparser.TestSuite, - ) -> Tuple[int, bool]: - number_of_failures = 0 - tests_ran = False - for case in test_suite: - tests_ran = True - number_of_failures += int(self._handle_test_case(case)) - return number_of_failures, tests_ran From 89abbf3429d5354fba7096b6388ec517ca3c6744 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 18 Dec 2021 18:20:42 +0200 Subject: [PATCH 03/18] build(deps): bump lxml from 4.6.3 to 4.6.5 (#355) Bumps [lxml](https://github.com/lxml/lxml) from 4.6.3 to 4.6.5. - [Release notes](https://github.com/lxml/lxml/releases) - [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt) - [Commits](https://github.com/lxml/lxml/compare/lxml-4.6.3...lxml-4.6.5) --- updated-dependencies: - dependency-name: lxml dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 404ff576..cffc876b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -44,7 +44,7 @@ Jinja2==3.0.1 jinja2-pluralize==0.3.0 junitparser==2.1.1 loguru==0.5.3 -lxml==4.6.3 +lxml==4.6.5 mccabe==0.6.1 mypy==0.910 mypy-extensions==0.4.3 From 4b9c05140b0ed2cc4c53acd836e92937e6383b95 Mon Sep 17 00:00:00 2001 From: Yam Mesicka Date: Sat, 24 Feb 2024 01:32:04 +0200 Subject: [PATCH 04/18] fix: Bump old deps, fix tests (#361) * fix: Bump old deps, fix tests * fix: Update Flake8 autochecker * fix: pytest's spaces format * ci: Update cr-checks.yml * chore: Pin deps * chore: Bump some more versions in CI/CD * fix: flake8 errors (until we merge this huge diff) * fix: Hopefully we're done (temp. disable git) Co-authored-by: Gal Singer --- .github/workflows/cr-checks.yml | 8 +- .gitignore | 1 + README.md | 29 +- dev_requirements.txt | 8 +- devops/lms.yml | 3 +- lms/lmsdb/models.py | 17 +- lms/lmstests/public/unittests/import_tests.py | 2 +- lms/lmstests/public/unittests/services.py | 1 + lms/lmstests/sandbox/linters/defines.py | 3 +- lms/lmstests/sandbox/linters/python.py | 22 +- lms/lmstests/sandbox/linters/sql.py | 3 +- lms/lmsweb/__init__.py | 7 +- lms/lmsweb/git_service.py | 4 +- lms/lmsweb/tools/validators.py | 20 +- lms/lmsweb/views.py | 568 +++++++++++------- lms/models/notifications.py | 7 +- lms/models/upload.py | 4 +- lms/models/users.py | 7 +- requirements.txt | 121 ++-- tests/test_config_migrator.py | 4 +- tests/test_download_file.py | 4 +- tests/test_exercise_unit_tests.py | 4 +- tests/test_extractor.py | 4 +- tests/test_flake8_linter.py | 6 +- tests/test_git_solution.py | 126 ++-- tests/test_solutions.py | 14 +- tests/test_status.py | 2 +- 27 files changed, 577 insertions(+), 422 deletions(-) diff --git a/.github/workflows/cr-checks.yml b/.github/workflows/cr-checks.yml index e0a8117c..df97a8f2 100644 --- a/.github/workflows/cr-checks.yml +++ b/.github/workflows/cr-checks.yml @@ -9,14 +9,14 @@ on: jobs: build: - runs-on: ubuntu-18.04 + runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - - name: Set up Python 3.8 + - name: Set up Python 3.12 uses: actions/setup-python@v1 with: - python-version: 3.8 + python-version: 3.12 - name: Install dependencies run: | python -m pip install --upgrade pip @@ -27,7 +27,7 @@ jobs: chmod +x /opt/vnu/vnu-runtime-image/bin/vnu - name: Lint run: | - flake8 lms --count --show-source --statistics + flake8 lms --ignore Q000,I202,W503,S101,I100,I101,E800 --import-order-style=google --count --show-source --statistics - name: Test run: | export PYTHONPATH=`pwd` diff --git a/.gitignore b/.gitignore index c5b6edef..4fb7459b 100644 --- a/.gitignore +++ b/.gitignore @@ -136,3 +136,4 @@ lms/lmsweb/config.py db.sqlite vim.session devops/rabbitmq.cookie +our.db diff --git a/README.md b/README.md index fdff3b06..61a03385 100644 --- a/README.md +++ b/README.md @@ -9,20 +9,26 @@ ๐Ÿ‘‹ Welcome to Python course learning management system. ๐Ÿ -The system objectives - +The system objectives - + 1. Allow teachers and mentors to input exercises list and provide feedback/comments to students exercises solutions. 2. Allow students to load their exercises solutions and get feedback to their work. ## Creating development environment + ### Prerequisites + 1. Linux based system - either [WSL on windows](https://docs.microsoft.com/en-us/windows/wsl/install-win10) or full blown linux. -2. [Python](https://www.python.org/downloads/release/python-385/) +2. [Python](https://www.python.org/downloads/release/python-385/) 3. [Docker](https://docs.docker.com/docker-for-windows/install/) and docker-compose. + ### Minimal setup -This setup is for debug purposes and will use sqlite database and frontend only. + +This setup is for debug purposes and will use SQLite database and frontend only. Steps to do: + 1. Clone this repository. 2. Set environment variables. 3. Run the application. @@ -48,7 +54,9 @@ After logging in, use [localhost admin](https://127.0.0.1:5000/admin) to modify ### Full setup + This setup will create the following items: + * Application - LMS code. * Middleware (messaging queue) - RabbitMQ. * Persistence database - PostgreSQL. @@ -70,7 +78,8 @@ cd devops ``` In case you want to add the stub data to PostgreSQL DB, run: -``` + +```bash docker exec -it lms_http_1 bash python lmsdb/bootstrap.py ``` @@ -86,17 +95,23 @@ In case you want to enable the mail system: ## Code modification check list -### Run flake8 -``` + +## Run flake8 + +```bash # on lms root directory flake8 lms ``` + ### Run tests -``` + +```bash export PYTHONPATH=`pwd` pip install -r requirements.txt pip install -r dev_requirements.txt py.test -vvv ``` + ### Contributing + View [contributing guidelines](https://github.com/PythonFreeCourse/lms/blob/master/CONTRIBUTING.md). diff --git a/dev_requirements.txt b/dev_requirements.txt index 4f73822f..dad4bd27 100644 --- a/dev_requirements.txt +++ b/dev_requirements.txt @@ -1,4 +1,4 @@ -debugpy==1.4.3 -ipdb==0.13.9 -pytest-cov==2.12.1 -pytest-env==0.6.2 +debugpy==1.8.1 +ipdb==0.13.13 +pytest-cov==4.1.0 +pytest-env==1.1.3 diff --git a/devops/lms.yml b/devops/lms.yml index 1026e773..5f9dcc62 100644 --- a/devops/lms.yml +++ b/devops/lms.yml @@ -21,7 +21,7 @@ services: - lms rabbitmq: - image: rabbitmq:3.9-management-alpine + image: rabbitmq:3.12-management-alpine hostname: celery-mq volumes: - rabbit-data-volume:/var/lib/rabbitmq @@ -130,7 +130,6 @@ volumes: rabbit-data-volume: repositories-data-volume: - networks: lms: external: diff --git a/lms/lmsdb/models.py b/lms/lmsdb/models.py index f28433e3..45851c01 100644 --- a/lms/lmsdb/models.py +++ b/lms/lmsdb/models.py @@ -247,14 +247,15 @@ def __str__(self): @pre_save(sender=User) def on_save_handler(model_class, instance, created): """Hash password on creation/save.""" + supported_hashing = ('pbkdf2:sha256', 'scrypt:') # If password changed then it won't start with hash's method prefix - is_password_changed = not instance.password.startswith('pbkdf2:sha256') + is_password_changed = not instance.password.startswith(supported_hashing) if created or is_password_changed: instance.password = generate_password_hash(instance.password) instance.uuid = uuid4() - is_api_key_changed = not instance.api_key.startswith('pbkdf2:sha256') + is_api_key_changed = not instance.api_key.startswith(supported_hashing) if created or is_api_key_changed: if not instance.api_key: instance.api_key = model_class.random_password() @@ -563,9 +564,7 @@ class Solution(BaseModel): ) @property - def solution_files( - self, - ) -> Union[Iterable['SolutionFile'], 'SolutionFile']: + def solution_files(self) -> Iterable["SolutionFile"]: return SolutionFile.filter(SolutionFile.solution == self) @property @@ -707,8 +706,8 @@ def create_solution( raise AlreadyExists('This solution already exists.') instance = cls.create(**{ - cls.exercise.name: exercise, - cls.solver.name: solver, + cls.exercise.name: exercise.id, + cls.solver.name: solver.id, cls.submission_timestamp.name: datetime.now(), cls.hashed.name: hash_, }) @@ -1135,7 +1134,7 @@ def generate_string( def create_demo_users() -> None: - print('First run! Here are some users to get start with:') # noqa: T001 + print('First run! Here are some users to get start with:') # noqa: T201 fields = ['username', 'fullname', 'mail_address', 'role'] student_role = Role.by_name('Student') admin_role = Role.by_name('Administrator') @@ -1149,7 +1148,7 @@ def create_demo_users() -> None: password = User.random_password() api_key = User.random_password(stronger=True) User.create(**user, password=password, api_key=api_key) - print(f"User: {user['username']}, Password: {password}") # noqa: T001 + print(f"User: {user['username']}, Password: {password}") # noqa: T201 def create_basic_roles() -> None: diff --git a/lms/lmstests/public/unittests/import_tests.py b/lms/lmstests/public/unittests/import_tests.py index d462def6..38a65d35 100644 --- a/lms/lmstests/public/unittests/import_tests.py +++ b/lms/lmstests/public/unittests/import_tests.py @@ -63,5 +63,5 @@ def load_test_from_module(file_path: str): if __name__ == '__main__': if len(sys.argv) != 2: - print('python load_tests.py test-module-path') # noqa: T001 + print('python load_tests.py test-module-path') # noqa: T201 load_tests_from_path(file_path=sys.argv[1]) diff --git a/lms/lmstests/public/unittests/services.py b/lms/lmstests/public/unittests/services.py index f471b519..4dad0724 100644 --- a/lms/lmstests/public/unittests/services.py +++ b/lms/lmstests/public/unittests/services.py @@ -1,6 +1,7 @@ import logging import subprocess # noqa: S404 from typing import Iterable, List, Optional + from flask_babel import gettext as _ # type: ignore import junitparser from junitparser.junitparser import TestCase diff --git a/lms/lmstests/sandbox/linters/defines.py b/lms/lmstests/sandbox/linters/defines.py index 06774b5c..8d62c309 100644 --- a/lms/lmstests/sandbox/linters/defines.py +++ b/lms/lmstests/sandbox/linters/defines.py @@ -15,7 +15,7 @@ 'C404': 'ืื™ืŸ ืกื™ื‘ื” ืœื”ืฉืชืžืฉ ืคื” ื‘ึพlist comprehension โ€“ ื”ืฉืชืžืฉื• ื‘ึพdictionary comprehension ื‘ืžืงื•ื.', 'C406': 'ืื™ืŸ ืกื™ื‘ื” ืœื”ืฉืชืžืฉ ื‘ืคื•ื ืงืฆื™ื” list ืื• tuple. ืืคืฉืจ ื‘ืžืงื•ื ืœื”ืฉืชืžืฉ ืคืฉื•ื˜ ื‘ืกื•ื’ืจื™ื™ื ื”ืžืชืื™ืžื™ื ืฉืžื™ื™ืฆื’ื™ื ืืช ืžื‘ื ื” ื”ื ืชื•ื ื™ื.', 'C407': 'ืœื ื—ื™ื™ื‘ื™ื ืœื”ืฉืชืžืฉ ื›ืืŸ ื‘ึพlist/dict comprehension, ื”ืคื•ื ืงืฆื™ื” ื™ื•ื“ืขืช ืœืงื‘ืœ ื’ื ืจื˜ื•ืจ.', - 'C408': 'ืื™ืŸ ืกื™ื‘ื” ืœืงืจื•ื ืคื” ืœืคื•ื ืงืฆื™ื” โ€“ ืขื“ื™ืฃ ืœืฆื™ื™ืŸ ืžื‘ื ื” ื ืชื•ื ื™ื ืจื™ืง. ื‘ืžืงื•ื dict(), ืœื“ื•ื’ืžื”, ืจืฉืžื• \{\}.', # NOQA: W605 + 'C408': 'ืื™ืŸ ืกื™ื‘ื” ืœืงืจื•ื ืคื” ืœืคื•ื ืงืฆื™ื” โ€“ ืขื“ื™ืฃ ืœืฆื™ื™ืŸ ืžื‘ื ื” ื ืชื•ื ื™ื ืจื™ืง. ื‘ืžืงื•ื dict(), ืœื“ื•ื’ืžื”, ืจืฉืžื• {}.', # NOQA: W605 'C409': 'ื”ืขื‘ืจืช ืœึพtuple() ืจืฉื™ืžื”, ืืš ืื™ืŸ ื‘ื–ื” ืฆื•ืจืš. ืขื“ื™ืฃ ืœื”ืฉืชืžืฉ ื‘ืกื•ื’ืจื™ื™ื ืขื’ื•ืœื™ื ื‘ืžืงื•ื.', 'C410': 'ืื™ืŸ ืฆื•ืจืš ืœื”ืžื™ืจ ืืช ื”ืจืฉื™ืžื” ื”ื–ื• ืœึพlist. ื”ื•ืฆื™ืื• ืื•ืชื” ืžื”ืงืจื™ืื” ืœืคื•ื ืงืฆื™ื”.', 'C413': 'ืื™ืŸ ืฆื•ืจืš ืœื”ืžื™ืจ ืœืจืฉื™ืžื”, sorted ื›ื‘ืจ ืžื—ื–ื™ืจื” ืจืฉื™ืžื” ื‘ืขืฆืžื”.', @@ -135,6 +135,7 @@ 'S322', # input is a dangerous method of Python 2 yada yada 'T000', # todo note found 'T001', # print found + 'T201', # print found (newer version of T001) 'T002', # Python 2.x reserved word print used 'W291', # whitespaces @ end of line 'W292', # no new line in the end of the code diff --git a/lms/lmstests/sandbox/linters/python.py b/lms/lmstests/sandbox/linters/python.py index 3d272cc3..b8103091 100644 --- a/lms/lmstests/sandbox/linters/python.py +++ b/lms/lmstests/sandbox/linters/python.py @@ -1,5 +1,6 @@ +from collections.abc import Iterable import tempfile -import typing +from typing import cast from flake8.main import application @@ -10,7 +11,7 @@ class PythonLinter(BaseLinter): def initialize(self): self._app = application.Application() - self._app.initialize(argv=['--import-order-style', 'google']) + self._argv = ['--import-order-style', 'google'] @property def app(self) -> application.Application: @@ -24,19 +25,22 @@ def get_error_text(self, error: LinterError) -> str: def match_to_file_suffix(file_suffix: str) -> bool: return file_suffix.lower() == 'py' - def _get_errors_from_solution(self) -> typing.Iterable[LinterError]: - index_of_check = 0 + def _get_errors_from_solution(self) -> Iterable[LinterError]: with tempfile.NamedTemporaryFile('w') as temp_file: temp_file.write(self._code) temp_file.flush() - - self.app.run_checks([temp_file.name]) - checkers = self.app.file_checker_manager.checkers - results = checkers[index_of_check].results + self.app.initialize(argv=[temp_file.name, *self._argv]) + self.app.run_checks() + assert self.app.file_checker_manager is not None + artifacts = self.app.file_checker_manager.results + results = [r for _, results_, _ in artifacts for r in results_] for result in results: + assert isinstance(result, tuple) + result = cast(tuple, result) response = LinterError( - *result, solution_file_id=self._solution_file_id) + *result, solution_file_id=self._solution_file_id, + ) if response.error_code in defines.FLAKE_SKIP_ERRORS: self._logger.info( 'Skipping error %s on line %s to solution file %s', diff --git a/lms/lmstests/sandbox/linters/sql.py b/lms/lmstests/sandbox/linters/sql.py index ca93089b..a2d95029 100644 --- a/lms/lmstests/sandbox/linters/sql.py +++ b/lms/lmstests/sandbox/linters/sql.py @@ -12,7 +12,8 @@ class SQLLinter(BaseLinter): def initialize(self): - self._app = Linter(config=FluffConfig.from_root()) + config = {'dialect': 'ansi'} + self._app = Linter(config=FluffConfig(overrides=config)) @property def app(self) -> Linter: diff --git a/lms/lmsweb/__init__.py b/lms/lmsweb/__init__.py index fe328733..953e35a4 100644 --- a/lms/lmsweb/__init__.py +++ b/lms/lmsweb/__init__.py @@ -32,7 +32,12 @@ http_basic_auth = HTTPBasicAuth() -limiter = Limiter(webapp, key_func=get_remote_address) +limiter = Limiter( + app=webapp, + key_func=get_remote_address, + default_limits=["60 per minute"], + storage_uri='memory://', +) if not config_file.exists(): diff --git a/lms/lmsweb/git_service.py b/lms/lmsweb/git_service.py index a20d4254..e28689a8 100644 --- a/lms/lmsweb/git_service.py +++ b/lms/lmsweb/git_service.py @@ -200,7 +200,7 @@ def _build_upload_operation(self) -> _GitOperation: contain_new_commits=False, ) - def _load_files_from_repository(self) -> typing.List[upload.File]: + def _load_files_from_repository(self) -> list[upload.File]: """ Since the remote server is a git bare repository we need to 'clone' the bare repository to resolve the files. @@ -209,7 +209,7 @@ def _load_files_from_repository(self) -> typing.List[upload.File]: """ with tempfile.TemporaryDirectory() as tempdir: self._execute_command( - args=['git', 'clone', self.repository_folder, '.'], + args=['git', 'clone', str(self.repository_folder), '.'], cwd=tempdir, ) to_return = [] diff --git a/lms/lmsweb/tools/validators.py b/lms/lmsweb/tools/validators.py index 0b73d3ce..f1ec408c 100644 --- a/lms/lmsweb/tools/validators.py +++ b/lms/lmsweb/tools/validators.py @@ -1,29 +1,29 @@ +from typing import TYPE_CHECKING + from flask_babel import gettext as _ # type: ignore -from wtforms.fields.core import StringField +from wtforms import StringField from wtforms.validators import ValidationError from lms.lmsdb.models import User +if TYPE_CHECKING: + from lms.lmsweb.forms.register import RegisterForm + from lms.lmsweb.forms.reset_password import ResetPassForm + -def UniqueUsernameRequired( - _form: 'RegisterForm', field: StringField, # type: ignore # NOQA: F821 -) -> None: +def UniqueUsernameRequired(__: 'RegisterForm', field: StringField) -> None: username_exists = User.get_or_none(User.username == field.data) if username_exists: raise ValidationError(_('The username is already in use')) -def UniqueEmailRequired( - _form: 'RegisterForm', field: StringField, # type: ignore # NOQA: F821 -) -> None: +def UniqueEmailRequired(__: 'RegisterForm', field: StringField) -> None: email_exists = User.get_or_none(User.mail_address == field.data) if email_exists: raise ValidationError(_('The email is already in use')) -def EmailNotExists( - _form: 'ResetPassForm', field: StringField, # type: ignore # NOQA: F821 -) -> None: +def EmailNotExists(__: 'ResetPassForm', field: StringField) -> None: email_exists = User.get_or_none(User.mail_address == field.data) if not email_exists: raise ValidationError(_('Invalid email')) diff --git a/lms/lmsweb/views.py b/lms/lmsweb/views.py index a7b91444..d61bb134 100644 --- a/lms/lmsweb/views.py +++ b/lms/lmsweb/views.py @@ -2,64 +2,111 @@ import arrow # type: ignore from flask import ( - Response, jsonify, make_response, render_template, request, - send_from_directory, session, url_for, + # Response, + jsonify, + make_response, + render_template, + request, + send_from_directory, + session, + url_for, ) from flask_babel import gettext as _ # type: ignore from flask_limiter.util import get_remote_address # type: ignore from flask_login import ( # type: ignore - current_user, login_required, login_user, logout_user, + current_user, + login_required, + login_user, + logout_user, ) from itsdangerous import BadSignature, SignatureExpired from werkzeug.datastructures import FileStorage from werkzeug.utils import redirect from lms.lmsdb.models import ( - ALL_MODELS, Comment, Course, Note, Role, RoleOptions, SharedSolution, - Solution, SolutionFile, User, UserCourse, database, + ALL_MODELS, + Comment, + Course, + Note, + Role, + RoleOptions, + SharedSolution, + Solution, + SolutionFile, + User, + UserCourse, + database, +) +from lms.lmsweb import ( + babel, + # http_basic_auth, + limiter, + routes, + webapp, ) -from lms.lmsweb import babel, http_basic_auth, limiter, routes, webapp from lms.lmsweb.admin import ( - AdminModelView, SPECIAL_MAPPING, admin, managers_only, + AdminModelView, + SPECIAL_MAPPING, + admin, + managers_only, ) from lms.lmsweb.config import ( - CONFIRMATION_TIME, LANGUAGES, LIMITS_PER_HOUR, - LIMITS_PER_MINUTE, LOCALE, MAX_UPLOAD_SIZE, REPOSITORY_FOLDER, + CONFIRMATION_TIME, + LANGUAGES, + LIMITS_PER_HOUR, + LIMITS_PER_MINUTE, + LOCALE, + MAX_UPLOAD_SIZE, + # REPOSITORY_FOLDER, ) from lms.lmsweb.forms.change_password import ChangePasswordForm from lms.lmsweb.forms.register import RegisterForm from lms.lmsweb.forms.reset_password import RecoverPassForm, ResetPassForm -from lms.lmsweb.git_service import GitService +# from lms.lmsweb.git_service import GitService from lms.lmsweb.manifest import MANIFEST from lms.lmsweb.redirections import ( - PERMISSIVE_CORS, get_next_url, login_manager, + PERMISSIVE_CORS, + get_next_url, + login_manager, ) from lms.models import ( - comments, notes, notifications, share_link, solutions, upload, users, + comments, + notes, + notifications, + share_link, + solutions, + upload, + users, ) from lms.models.errors import ( - AlreadyExists, FileSizeError, ForbiddenPermission, LmsError, - UnauthorizedError, UploadError, fail, + AlreadyExists, + FileSizeError, + ForbiddenPermission, + LmsError, + UnauthorizedError, + UploadError, + fail, ) from lms.models.users import SERIALIZER, auth, retrieve_salt from lms.utils.consts import RTL_LANGUAGES from lms.utils.files import ( - get_language_name_by_extension, get_mime_type_by_extention, + get_language_name_by_extension, + get_mime_type_by_extention, ) from lms.utils.log import log from lms.utils.mail import ( - send_change_password_mail, send_confirmation_mail, + send_change_password_mail, + send_confirmation_mail, send_reset_password_mail, ) HIGH_ROLES = {str(RoleOptions.STAFF), str(RoleOptions.ADMINISTRATOR)} -@babel.localeselector def get_locale(): if LOCALE in LANGUAGES: return LOCALE - return 'en' + return "en" @webapp.before_request @@ -87,167 +134,192 @@ def load_user(uuid): @webapp.errorhandler(429) def ratelimit_handler(e): - log.info(f'IP Address: {get_remote_address()}: {e}') + log.info(f"IP Address: {get_remote_address()}: {e}") return make_response( - jsonify(error='ratelimit exceeded %s' % e.description), 429, + jsonify(error="ratelimit exceeded %s" % e.description), + 429, ) -@webapp.route('/login', methods=['GET', 'POST']) +@webapp.route("/login", methods=["GET", "POST"]) @limiter.limit( - f'{LIMITS_PER_MINUTE}/minute;{LIMITS_PER_HOUR}/hour', + f"{LIMITS_PER_MINUTE}/minute;{LIMITS_PER_HOUR}/hour", deduct_when=lambda response: response.status_code != 200, ) def login(login_message: Optional[str] = None): if current_user.is_authenticated: - return get_next_url(request.args.get('next')) + return get_next_url(request.args.get("next")) - username = request.form.get('username') - password = request.form.get('password') - next_page = request.form.get('next') - login_message = request.args.get('login_message') + username = request.form.get("username") + password = request.form.get("password") + next_page = request.form.get("next") + login_message = request.args.get("login_message") - if request.method == 'POST': + if request.method == "POST": try: user = auth(username, password) except (ForbiddenPermission, UnauthorizedError) as e: error_message, _ = e.args - error_details = {'next': next_page, 'login_message': error_message} - return redirect(url_for('login', **error_details)) + error_details = {"next": next_page, "login_message": error_message} + return redirect(url_for("login", **error_details)) else: login_user(user) - session['_invalid_password_tries'] = 0 + session["_invalid_password_tries"] = 0 return get_next_url(next_page) - return render_template('login.html', login_message=login_message) + return render_template("login.html", login_message=login_message) -@webapp.route('/signup', methods=['GET', 'POST']) -@limiter.limit(f'{LIMITS_PER_MINUTE}/minute;{LIMITS_PER_HOUR}/hour') +@webapp.route("/signup", methods=["GET", "POST"]) +@limiter.limit(f"{LIMITS_PER_MINUTE}/minute;{LIMITS_PER_HOUR}/hour") def signup(): - if not webapp.config.get('REGISTRATION_OPEN', False): - return redirect(url_for( - 'login', login_message=_('Can not register now'), - )) + if not webapp.config.get("REGISTRATION_OPEN", False): + return redirect( + url_for( + "login", + login_message=_("Can not register now"), + ), + ) form = RegisterForm() if not form.validate_on_submit(): - return render_template('signup.html', form=form) - - user = User.create(**{ - User.mail_address.name: form.email.data, - User.username.name: form.username.data, - User.fullname.name: form.fullname.data, - User.role.name: Role.get_unverified_role(), - User.password.name: form.password.data, - User.api_key.name: User.random_password(), - }) + return render_template("signup.html", form=form) + + user = User.create( + **{ + User.mail_address.name: form.email.data, + User.username.name: form.username.data, + User.fullname.name: form.fullname.data, + User.role.name: Role.get_unverified_role(), + User.password.name: form.password.data, + User.api_key.name: User.random_password(), + }, + ) send_confirmation_mail(user) - return redirect(url_for( - 'login', login_message=_('Registration successfully'), - )) + return redirect( + url_for( + "login", + login_message=_("Registration successfully"), + ), + ) -@webapp.route('/confirm-email//') -@limiter.limit(f'{LIMITS_PER_MINUTE}/minute;{LIMITS_PER_HOUR}/hour') +@webapp.route("/confirm-email//") +@limiter.limit(f"{LIMITS_PER_MINUTE}/minute;{LIMITS_PER_HOUR}/hour") def confirm_email(user_id: int, token: str): user = User.get_or_none(User.id == user_id) if user is None: - return fail(404, 'The authentication code is invalid.') + return fail(404, "The authentication code is invalid.") if not user.role.is_unverified: - return fail(403, 'User has been already confirmed.') + return fail(403, "User has been already confirmed.") try: SERIALIZER.loads( - token, salt=retrieve_salt(user), max_age=CONFIRMATION_TIME, + token, + salt=retrieve_salt(user), + max_age=CONFIRMATION_TIME, ) except SignatureExpired: send_confirmation_mail(user) - return redirect(url_for( - 'login', login_message=( - _( - 'The confirmation link is expired, new link has been ' - 'sent to your email', + return redirect( + url_for( + "login", + login_message=( + _( + "The confirmation link is expired, new link has been " + "sent to your email", + ), ), ), - )) + ) except BadSignature: - return fail(404, 'The authentication code is invalid.') + return fail(404, "The authentication code is invalid.") else: update = User.update( role=Role.get_student_role(), ).where(User.username == user.username) update.execute() - return redirect(url_for( - 'login', login_message=( - _( - 'Your user has been successfully confirmed, ' - 'you can now login', + return redirect( + url_for( + "login", + login_message=( + _( + "Your user has been successfully confirmed, " + "you can now login", + ), ), ), - )) + ) -@webapp.route('/change-password', methods=['GET', 'POST']) +@webapp.route("/change-password", methods=["GET", "POST"]) @login_required def change_password(): user = User.get(User.id == current_user.id) form = ChangePasswordForm(user) if not form.validate_on_submit(): - return render_template('change-password.html', form=form) + return render_template("change-password.html", form=form) user.password = form.password.data user.save() logout_user() send_change_password_mail(user) - return redirect(url_for( - 'login', login_message=( - _('Your password has successfully changed'), + return redirect( + url_for( + "login", + login_message=(_("Your password has successfully changed"),), ), - )) + ) -@webapp.route('/reset-password', methods=['GET', 'POST']) -@limiter.limit(f'{LIMITS_PER_MINUTE}/minute;{LIMITS_PER_HOUR}/hour') +@webapp.route("/reset-password", methods=["GET", "POST"]) +@limiter.limit(f"{LIMITS_PER_MINUTE}/minute;{LIMITS_PER_HOUR}/hour") def reset_password(): form = ResetPassForm() if not form.validate_on_submit(): - return render_template('reset-password.html', form=form) + return render_template("reset-password.html", form=form) user = User.get(User.mail_address == form.email.data) send_reset_password_mail(user) - return redirect(url_for( - 'login', login_message=_('Password reset link has successfully sent'), - )) + return redirect( + url_for( + "login", + login_message=_("Password reset link has successfully sent"), + ), + ) @webapp.route( - '/recover-password//', methods=['GET', 'POST'], + "/recover-password//", + methods=["GET", "POST"], ) -@limiter.limit(f'{LIMITS_PER_MINUTE}/minute;{LIMITS_PER_HOUR}/hour') +@limiter.limit(f"{LIMITS_PER_MINUTE}/minute;{LIMITS_PER_HOUR}/hour") def recover_password(user_id: int, token: str): user = User.get_or_none(User.id == user_id) if user is None: - return fail(404, 'The authentication code is invalid.') + return fail(404, "The authentication code is invalid.") try: SERIALIZER.loads( - token, salt=retrieve_salt(user), max_age=CONFIRMATION_TIME, + token, + salt=retrieve_salt(user), + max_age=CONFIRMATION_TIME, ) except SignatureExpired: - return redirect(url_for( - 'login', login_message=( - _('Reset password link is expired'), + return redirect( + url_for( + "login", + login_message=(_("Reset password link is expired"),), ), - )) + ) except BadSignature: - return fail(404, 'The authentication code is invalid.') + return fail(404, "The authentication code is invalid.") else: return recover_password_check(user, token) @@ -257,51 +329,55 @@ def recover_password_check(user: User, token: str): form = RecoverPassForm() if not form.validate_on_submit(): return render_template( - 'recover-password.html', form=form, id=user.id, token=token, + "recover-password.html", + form=form, + id=user.id, + token=token, ) user.password = form.password.data user.save() - return redirect(url_for( - 'login', login_message=( - _('Your password has successfully changed'), + return redirect( + url_for( + "login", + login_message=(_("Your password has successfully changed"),), ), - )) + ) -@webapp.route('/logout') +@webapp.route("/logout") @login_required def logout(): logout_user() - return redirect('login') + return redirect("login") -@webapp.route('/favicon.ico') +@webapp.route("/favicon.ico") def favicon(): return send_from_directory( webapp.static_folder, - 'favicon.ico', - mimetype='image/vnd.microsoft.icon', + "favicon.ico", + mimetype="image/vnd.microsoft.icon", ) -@webapp.route('/manifest.json') +@webapp.route("/manifest.json") def manifest(): return jsonify(MANIFEST) -@webapp.route('/sw.js') +@webapp.route("/sw.js") def service_worker(): response = make_response( - send_from_directory(webapp.static_folder, 'sw.js'), + send_from_directory(webapp.static_folder, "sw.js"), ) - response.headers['Cache-Control'] = 'no-cache' + response.headers["Cache-Control"] = "no-cache" return response @webapp.before_request def banned_page(): if current_user.is_authenticated and current_user.role.is_banned: - return render_template('banned.html') + return render_template("banned.html") def try_or_fail(callback: Callable, *args: Any, **kwargs: Any): @@ -310,19 +386,19 @@ def try_or_fail(callback: Callable, *args: Any, **kwargs: Any): except LmsError as e: error_message, status_code = e.args return fail(status_code, error_message) - return result or jsonify({'success': 'true'}) + return result or jsonify({"success": "true"}) -@webapp.route('/') +@webapp.route("/") @login_required def main(): - return redirect(url_for('exercises_page')) + return redirect(url_for("exercises_page")) -@webapp.route(f'{routes.STATUS}/') +@webapp.route(f"{routes.STATUS}/") def overview_status(): return render_template( - 'status.html', + "status.html", exercises=Solution.status(), ) @@ -332,57 +408,57 @@ def overview_status(): @login_required def status(course_id: int): return render_template( - 'status.html', + "status.html", exercises=Solution.status(course_id), ) -@webapp.route('/course/') +@webapp.route("/course/") @login_required def change_last_course_viewed(course_id: int): course = Course.get_or_none(course_id) if course is None: - return fail(404, f'No such course {course_id}.') + return fail(404, f"No such course {course_id}.") user = User.get(User.id == current_user.id) if not UserCourse.is_user_registered(user.id, course.id): return fail(403, "You're not allowed to access this page.") user.last_course_viewed = course user.save() - return redirect(url_for('exercises_page')) + return redirect(url_for("exercises_page")) -@webapp.route('/exercises') +@webapp.route("/exercises") @login_required def exercises_page(): - fetch_archived = bool(request.args.get('archived')) + fetch_archived = bool(request.args.get("archived")) exercises = Solution.of_user(current_user.id, fetch_archived) is_manager = current_user.role.is_manager return render_template( - 'exercises.html', + "exercises.html", exercises=exercises, is_manager=is_manager, fetch_archived=fetch_archived, ) -@webapp.route('/notifications') +@webapp.route("/notifications") @login_required def get_notifications(): response = notifications.get(user=current_user) return jsonify(response) -@webapp.route('/read', methods=['PATCH']) +@webapp.route("/read", methods=["PATCH"]) def read_all_notification(): success_state = notifications.read(user=current_user) - return jsonify({'success': success_state}) + return jsonify({"success": success_state}) -@webapp.route('/share', methods=['POST']) +@webapp.route("/share", methods=["POST"]) @login_required def share(): - act = request.json.get('act') - solution_id = int(request.json.get('solutionId', 0)) + act = request.json.get("act") + solution_id = int(request.json.get("solutionId", 0)) try: shared_solution = share_link.get_or_create(solution_id) @@ -390,44 +466,48 @@ def share(): error_message, status_code = e.args return fail(status_code, error_message) - if act == 'get': - return jsonify({ - 'success': 'true', - 'share_link': shared_solution.shared_url, - }) - elif act == 'delete': + if act == "get": + return jsonify( + { + "success": "true", + "share_link": shared_solution.shared_url, + }, + ) + elif act == "delete": shared_solution.delete_instance() - return jsonify({ - 'success': 'true', - 'share_link': 'false', - }) + return jsonify( + { + "success": "true", + "share_link": "false", + }, + ) return fail(400, f'Unknown or unset act value "{act}".') -@webapp.route('/notes/', methods=['GET', 'POST']) +@webapp.route("/notes/", methods=["GET", "POST"]) @login_required def note(user_id: int): - act = request.args.get('act') or request.json.get('act') + act = request.args.get("act") or request.json.get("act") user = User.get_or_none(User.id == user_id) if user is None: - return fail(404, f'No such user {user_id}.') + return fail(404, f"No such user {user_id}.") - if act == 'fetch': + if act == "fetch": return jsonify(tuple(user.notes().dicts())) if not current_user.role.is_manager: return fail(403, "You aren't allowed to access this page.") - if act == 'delete': - note_id = int(request.args.get('noteId')) + if act == "delete": + note_id = int(request.args.get("noteId")) return try_or_fail(notes.delete, note_id=note_id) - if act == 'create': - note_text = request.args.get('note', '') - note_exercise = request.args.get('exercise', '') - privacy = request.args.get('privacy', '0') + if act == "create": + note_text = request.args.get("note", "") + note_exercise = request.args.get("exercise", "") + privacy = request.args.get("privacy", "0") return try_or_fail( notes.create, user=user, @@ -439,37 +519,37 @@ def note(user_id: int): return fail(400, f'Unknown or unset act value "{act}".') -@webapp.route('/comments', methods=['GET', 'POST']) +@webapp.route("/comments", methods=["GET", "POST"]) @login_required def comment(): - act = request.args.get('act') or request.json.get('act') + act = request.args.get("act") or request.json.get("act") - if request.method == 'POST': - file_id = int(request.json.get('fileId', 0)) + if request.method == "POST": + file_id = int(request.json.get("fileId", 0)) else: # it's a GET - file_id = int(request.args.get('fileId', 0)) + file_id = int(request.args.get("fileId", 0)) file = SolutionFile.get_or_none(file_id) if file is None: - return fail(404, f'No such file {file_id}.') + return fail(404, f"No such file {file_id}.") solver_id = file.solution.solver.id if solver_id != current_user.id and not current_user.role.is_manager: return fail(403, "You aren't allowed to access this page.") - if act == 'fetch': + if act == "fetch": return jsonify(Comment.by_file(file_id)) if ( - not webapp.config.get('USERS_COMMENTS', False) + not webapp.config.get("USERS_COMMENTS", False) and not current_user.role.is_manager ): return fail(403, "You aren't allowed to access this page.") - if act == 'delete': + if act == "delete": return try_or_fail(comments.delete) - if act == 'create': + if act == "create": user = User.get_or_none(User.id == current_user.id) try: comment_ = comments.create(file=file, user=user) @@ -477,38 +557,46 @@ def comment(): error_message, status_code = e.args return fail(status_code, error_message) - return jsonify({ - 'success': 'true', 'text': comment_.comment.text, 'is_auto': False, - 'author_name': user.fullname, 'author_role': user.role.id, - 'id': comment_.id, 'line_number': comment_.line_number, - }) + return jsonify( + { + "success": "true", + "text": comment_.comment.text, + "is_auto": False, + "author_name": user.fullname, + "author_role": user.role.id, + "id": comment_.id, + "line_number": comment_.line_number, + }, + ) return fail(400, f'Unknown or unset act value "{act}".') -@webapp.route('/send//') +@webapp.route("/send//") @login_required def send(course_id: int, _exercise_number: Optional[int]): if not UserCourse.is_user_registered(current_user.id, course_id): return fail(403, "You aren't allowed to watch this page.") - return render_template('upload.html', course_id=course_id) + return render_template("upload.html", course_id=course_id) -@webapp.route('/user/') +@webapp.route("/user/") @login_required def user(user_id): if user_id != current_user.id and not current_user.role.is_manager: return fail(403, "You aren't allowed to watch this page.") target_user = User.get_or_none(User.id == user_id) if target_user is None: - return fail(404, 'There is no such user.') + return fail(404, "There is no such user.") is_manager = current_user.role.is_manager return render_template( - 'user.html', + "user.html", solutions=Solution.of_user( - target_user.id, with_archived=True, from_all_courses=True, + target_user.id, + with_archived=True, + from_all_courses=True, ), user=target_user, is_manager=is_manager, @@ -517,21 +605,21 @@ def user(user_id): ) -@webapp.route('/course') +@webapp.route("/course") @login_required def public_courses(): return render_template( - 'public-courses.html', + "public-courses.html", courses=Course.public_courses(), ) -@webapp.route('/course/join/') +@webapp.route("/course/join/") @login_required def join_public_course(course_id: int): course = Course.get_or_none(course_id) if course is None: - return fail(404, 'There is no such course.') + return fail(404, "There is no such course.") if not course.is_public: return fail(403, "You aren't allowed to do this method.") @@ -541,32 +629,33 @@ def join_public_course(course_id: int): error_message, status_code = e.args return fail(status_code, error_message) - return redirect(url_for('exercises_page')) + return redirect(url_for("exercises_page")) -@webapp.route('/send/', methods=['GET']) +@webapp.route("/send/", methods=["GET"]) @login_required def send_(course_id: int): if not UserCourse.is_user_registered(current_user.id, course_id): return fail(403, "You aren't allowed to watch this page.") - return render_template('upload.html', course_id=course_id) + return render_template("upload.html", course_id=course_id) -@webapp.route('/upload/', methods=['POST']) +@webapp.route("/upload/", methods=["POST"]) @login_required def upload_page(course_id: int): user_id = current_user.id user = User.get_or_none(User.id == user_id) # should never happen if user is None: - return fail(404, 'User not found.') + return fail(404, "User not found.") if request.content_length > MAX_UPLOAD_SIZE: return fail( - 413, f'File is too big. {MAX_UPLOAD_SIZE // 1000000}MB allowed.', + 413, + f"File is too big. {MAX_UPLOAD_SIZE // 1000000}MB allowed.", ) - file: Optional[FileStorage] = request.files.get('file') + file: Optional[FileStorage] = request.files.get("file") if file is None: - return fail(422, 'No file was given.') + return fail(422, "No file was given.") try: matches, misses = upload.new(user.id, course_id, file) @@ -577,13 +666,15 @@ def upload_page(course_id: int): log.debug(e) return fail(413, str(e)) - return jsonify({ - 'exercise_matches': matches, - 'exercise_misses': misses, - }) + return jsonify( + { + "exercise_matches": matches, + "exercise_misses": misses, + }, + ) -@webapp.route(f'{routes.DOWNLOADS}/') +@webapp.route(f"{routes.DOWNLOADS}/") @login_required def download(download_id: str): """Downloading a zip file of the code files. @@ -599,56 +690,66 @@ def download(download_id: str): return fail(status_code, error_message) response = make_response(solutions.create_zip_from_solution(files)) - response.headers.set('Content-Type', 'zip') + response.headers.set("Content-Type", "zip") response.headers.set( - 'Content-Disposition', 'attachment', - filename=f'{filename}.zip'.encode('utf-8'), + "Content-Disposition", + "attachment", + filename=f"{filename}.zip".encode("utf-8"), ) return response -@webapp.route(f'{routes.GIT}/info/refs') -@webapp.route(f'{routes.GIT}/git-receive-pack', methods=['POST']) -@webapp.route(f'{routes.GIT}/git-upload-pack', methods=['POST']) -@http_basic_auth.login_required -def git_handler(course_id: int, exercise_number: int) -> Response: - git_service = GitService( - user=http_basic_auth.current_user(), - exercise_number=exercise_number, - course_id=course_id, - request=request, - base_repository_folder=REPOSITORY_FOLDER, - ) - return git_service.handle_operation() - - -@webapp.route(f'{routes.SOLUTIONS}/') -@webapp.route(f'{routes.SOLUTIONS}//') +# @webapp.route(f"{routes.GIT}/info/refs") +# @webapp.route(f"{routes.GIT}/git-receive-pack", methods=["POST"]) +# @webapp.route(f"{routes.GIT}/git-upload-pack", methods=["POST"]) +# @http_basic_auth.login_required +# def git_handler(course_id: int, exercise_number: int) -> Response: +# current_user = http_basic_auth.current_user() +# assert current_user is not None +# +# git_service = GitService( +# user=current_user, +# exercise_number=exercise_number, +# course_id=course_id, +# request=request, +# base_repository_folder=str(REPOSITORY_FOLDER), +# ) +# return git_service.handle_operation() + + +@webapp.route(f"{routes.SOLUTIONS}/") +@webapp.route(f"{routes.SOLUTIONS}//") @login_required def view( - solution_id: int, file_id: Optional[int] = None, shared_url: str = '', + solution_id: int, + file_id: Optional[int] = None, + shared_url: str = "", ): solution = Solution.get_or_none(Solution.id == solution_id) if solution is None: - return fail(404, 'Solution does not exist.') + return fail(404, "Solution does not exist.") viewer_is_solver = solution.solver.id == current_user.id has_viewer_access = current_user.role.is_viewer if not shared_url and not viewer_is_solver and not has_viewer_access: - return fail(403, 'This user has no permissions to view this page.') + return fail(403, "This user has no permissions to view this page.") is_manager = current_user.role.is_manager solution_files = tuple(solution.files) if not solution_files: if not is_manager: - return fail(404, 'There are no files in this solution.') + return fail(404, "There are no files in this solution.") return done_checking(solution.exercise.id, solution.id) try: view_params = solutions.get_view_parameters( - solution, file_id, shared_url, is_manager, - solution_files, viewer_is_solver, + solution, + file_id, + shared_url, + is_manager, + solution_files, + viewer_is_solver, ) except LmsError as e: error_message, status_code = e.args @@ -657,68 +758,70 @@ def view( if viewer_is_solver: solution.view_solution() - return render_template('view.html', **view_params) + return render_template("view.html", **view_params) -@webapp.route(f'{routes.SHARED}/') -@webapp.route(f'{routes.SHARED}//') +@webapp.route(f"{routes.SHARED}/") +@webapp.route(f"{routes.SHARED}//") @login_required -@limiter.limit(f'{LIMITS_PER_MINUTE}/minute') +@limiter.limit(f"{LIMITS_PER_MINUTE}/minute") def shared_solution(shared_url: str, file_id: Optional[int] = None): - if not webapp.config.get('SHAREABLE_SOLUTIONS', False): - return fail(404, 'Solutions are not shareable.') + if not webapp.config.get("SHAREABLE_SOLUTIONS", False): + return fail(404, "Solutions are not shareable.") shared_solution = SharedSolution.get_or_none( SharedSolution.shared_url == shared_url, ) if shared_solution is None: - return fail(404, 'The solution does not exist.') + return fail(404, "The solution does not exist.") share_link.new_visit(shared_solution) solution_id = shared_solution.solution.id return view( - solution_id=solution_id, file_id=file_id, shared_url=shared_url, + solution_id=solution_id, + file_id=file_id, + shared_url=shared_url, ) -@webapp.route('/assessment/', methods=['POST']) +@webapp.route("/assessment/", methods=["POST"]) @login_required @managers_only def assessment(solution_id: int): - assessment_id = request.json.get('assessment') + assessment_id = request.json.get("assessment") updated = solutions.change_assessment(solution_id, assessment_id) - return jsonify({'success': updated}) + return jsonify({"success": updated}) -@webapp.route('/checked//', methods=['POST']) +@webapp.route("/checked//", methods=["POST"]) @login_required @managers_only def done_checking(exercise_id: int, solution_id: int): is_updated = solutions.mark_as_checked(solution_id, current_user.id) next_solution = solutions.get_next_unchecked(exercise_id) - next_solution_id = getattr(next_solution, 'id', None) - return jsonify({'success': is_updated, 'next': next_solution_id}) + next_solution_id = getattr(next_solution, "id", None) + return jsonify({"success": is_updated, "next": next_solution_id}) -@webapp.route('/check/') +@webapp.route("/check/") @login_required @managers_only def start_checking(exercise_id): next_solution = solutions.get_next_unchecked(exercise_id) if solutions.start_checking(next_solution): - return redirect(f'{routes.SOLUTIONS}/{next_solution.id}') + return redirect(f"{routes.SOLUTIONS}/{next_solution.id}") return redirect(routes.STATUS) -@webapp.route('/common_comments') -@webapp.route('/common_comments/') +@webapp.route("/common_comments") +@webapp.route("/common_comments/") @login_required @managers_only def common_comments(exercise_id=None): return jsonify(comments._common_comments(exercise_id=exercise_id)) -@webapp.template_filter('date_humanize') +@webapp.template_filter("date_humanize") def _jinja2_filter_datetime(date): try: return arrow.get(date).humanize(locale=get_locale()) @@ -726,25 +829,26 @@ def _jinja2_filter_datetime(date): return str(arrow.get(date).date()) -@webapp.template_filter('language_name') +@webapp.template_filter("language_name") def _jinja2_filter_path_to_language_name(filename: str) -> str: - ext = filename.path.rsplit('.')[-1] + ext = filename.path.rsplit(".")[-1] return get_language_name_by_extension(ext) @webapp.context_processor def _jinja2_inject_direction(): - return {'direction': DIRECTION} + return {"direction": DIRECTION} -@webapp.template_filter('mime_type') +@webapp.template_filter("mime_type") def _jinja2_filter_path_to_mime_type(filename: str) -> str: - ext = '.' + filename.path.rsplit('.')[-1] + ext = "." + filename.path.rsplit(".")[-1] return get_mime_type_by_extention(ext) -DIRECTION = 'rtl' if get_locale() in RTL_LANGUAGES else 'ltr' +DIRECTION = "rtl" if get_locale() in RTL_LANGUAGES else "ltr" +babel.init_app(webapp, locale_selector=get_locale) for m in ALL_MODELS: admin.add_view(SPECIAL_MAPPING.get(m, AdminModelView)(m)) diff --git a/lms/models/notifications.py b/lms/models/notifications.py index cc3869d4..a193b141 100644 --- a/lms/models/notifications.py +++ b/lms/models/notifications.py @@ -1,5 +1,5 @@ import enum -from typing import Iterable, Optional +from typing import Iterable, Optional, cast from lms.lmsdb.models import Notification, User @@ -33,7 +33,10 @@ def read(user: Optional[User] = None, id_: Optional[int] = None) -> bool: return all(is_success) # Not gen to prevent lazy evaluation -def read_related(related_id: int, user: int): +def read_related(related_id: int, user: int | User): + if isinstance(user, User): + user = cast(int, user.id) + for n in Notification.of(related_id, user): n.read() diff --git a/lms/models/upload.py b/lms/models/upload.py index 12054671..50905257 100644 --- a/lms/models/upload.py +++ b/lms/models/upload.py @@ -7,8 +7,8 @@ from lms.lmstests.public.identical_tests import tasks as identical_tests_tasks from lms.lmstests.public.linters import tasks as linters_tasks from lms.lmstests.public.unittests import tasks as unittests_tasks -from lms.models.errors import AlreadyExists, UploadError from lms.lmsweb import config +from lms.models.errors import AlreadyExists, UploadError from lms.utils.log import log @@ -95,7 +95,7 @@ def new( def upload_solution( course_id: int, exercise_number: int, - files: List[File], + files: list[File], solution_hash: str, user_id: int, ): diff --git a/lms/models/users.py b/lms/models/users.py index e4d9848e..463030fd 100644 --- a/lms/models/users.py +++ b/lms/models/users.py @@ -12,7 +12,12 @@ SERIALIZER = URLSafeTimedSerializer(config.SECRET_KEY) -HASHED_PASSWORD = re.compile(r'^pbkdf2.+?\$(?P.+?)\$(?P.+)') +HASHED_PASSWORD = re.compile( + r"^(?:scrypt|pbkdf2)" + r".+?\$" + r"(?P.+?)\$" + r"(?P.+)", +) def retrieve_salt(user: User) -> str: diff --git a/requirements.txt b/requirements.txt index cffc876b..fbd22331 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,72 +1,71 @@ -amqp==5.0.6 -arrow==1.1.1 -Babel==2.9.1 -bandit==1.7.0 +amqp==5.2.0 +arrow==1.3.0 +Babel==2.14.0 +bandit==1.7.7 bench-it==1.0.1 -billiard==3.6.4.0 -celery==5.1.2 -certifi==2021.5.30 -coverage==5.5 -debugpy==1.4.3 +billiard==4.2.0 +celery==5.3.6 +certifi==2024.2.2 +coverage==7.4.2 +debugpy==1.8.1 defusedxml==0.7.1 docker-pycreds==0.4.0 -email-validator==1.1.3 -flake8==3.9.2 +email-validator==2.1.0.post1 +flake8==7.0.0 flake8-alfred==1.1.1 -flake8-bandit==2.1.2 -flake8-blind-except==0.2.0 -flake8-broken-line==0.3.0 -flake8-bugbear==21.9.1 -flake8-builtins==1.5.3 -flake8-commas==2.0.0 -flake8-comprehensions==3.6.1 -flake8-eradicate==1.1.0 -flake8-import-order==0.18.1 +flake8-bandit==4.1.1 +flake8-blind-except==0.2.1 +flake8-broken-line==1.0.0 +flake8-bugbear==24.2.6 +flake8-builtins==2.2.0 +flake8-commas==2.1.0 +flake8-comprehensions==3.14.0 +flake8-eradicate==1.5.0 +flake8-import-order==0.18.2 flake8-mutable==1.2.0 flake8-polyfill==1.0.2 -flake8-print==4.0.0 -flake8-quotes==3.3.0 -flake8-tidy-imports==4.4.1 +flake8-print==5.0.0 +flake8-quotes==3.4.0 +flake8-tidy-imports==4.10.0 flake8-todo==0.7 -Flask==2.0.1 -Flask-Admin==1.5.8 -Flask-Babel==2.0.0 -Flask-HTTPAuth==4.4.0 -Flask-Limiter==1.4 -Flask-Login==0.5.0 +Flask==3.0.2 +Flask-Admin==1.6.1 +Flask-Babel==4.0.0 +Flask-HTTPAuth==4.8.0 +Flask-Limiter==3.5.1 +Flask-Login==0.6.3 Flask-Mail==0.9.1 -Flask-WTF==0.15.1 -gunicorn==20.1.0 -importlib-metadata==4.8.1 -itsdangerous==2.0.1 -jedi==0.18.0 -Jinja2==3.0.1 +Flask-WTF==1.2.1 +gunicorn==21.2.0 +importlib-metadata==7.0.1 +itsdangerous==2.1.2 +jedi==0.19.1 +Jinja2==3.1.3 jinja2-pluralize==0.3.0 -junitparser==2.1.1 -loguru==0.5.3 -lxml==4.6.5 -mccabe==0.6.1 -mypy==0.910 -mypy-extensions==0.4.3 -numpy==1.21.2 -peewee==3.14.4 -psycopg2-binary==2.9.1 -pycodestyle==2.7.0 -pycparser==2.20 -pyflakes==2.3.1 -Pygments==2.10.0 -pylint==2.10.2 -pyodbc==4.0.32 -pytest==6.2.5 -pytest-cov==2.12.1 -pytest-env==0.6.2 +junitparser==3.1.2 +loguru==0.7.2 +lxml==5.1.0 +mccabe==0.7.0 +mypy==1.8.0 +mypy-extensions==1.0.0 +numpy==1.26.4 +peewee==3.17.1 +psycopg2-binary==2.9.9 +pycodestyle==2.11.1 +pycparser==2.21 +pyflakes==3.2.0 +Pygments==2.17.2 +pylint==3.0.3 +pyodbc==5.1.0 +pytest==8.0.1 +pytest-cov==4.1.0 +pytest-env==1.1.3 python-dateutil==2.8.2 -python-dotenv==0.19.0 -requests==2.26.0 -sqlfluff==0.6.5 -typing-extensions==3.10.0.2 +python-dotenv==1.0.1 +requests==2.31.0 +sqlfluff==2.3.5 webencodings==0.5.1 -Werkzeug==2.0.1 -wrapt==1.12.1 -wtf-peewee==3.0.2 -WTForms==2.3.3 +Werkzeug==3.0.1 +wrapt==1.16.0 +wtf-peewee==3.0.5 +WTForms==3.1.2 diff --git a/tests/test_config_migrator.py b/tests/test_config_migrator.py index dcfe1799..31c7471c 100644 --- a/tests/test_config_migrator.py +++ b/tests/test_config_migrator.py @@ -13,11 +13,11 @@ class TestConfigMigrator: @staticmethod - def setup(): + def setup_method(): shutil.copyfile(str(CONFIG_COPY_FILE), str(CONFIG_FILE)) @staticmethod - def teardown(): + def teardown_method(): os.remove(str(CONFIG_FILE)) @staticmethod diff --git a/tests/test_download_file.py b/tests/test_download_file.py index 0ddd9ae5..f27c7948 100644 --- a/tests/test_download_file.py +++ b/tests/test_download_file.py @@ -17,11 +17,11 @@ class TestDownloadSolution: - def setup(self): + def setup_method(self): self.zipfile_file = self.zipfile_file() self.zipfile_content = self.zipfile_file.read() - def teardown(self): + def teardown_method(self): self.zipfile_file.close() @staticmethod diff --git a/tests/test_exercise_unit_tests.py b/tests/test_exercise_unit_tests.py index 56494891..3e04fb93 100644 --- a/tests/test_exercise_unit_tests.py +++ b/tests/test_exercise_unit_tests.py @@ -64,8 +64,8 @@ def _verify_comments(): first = auto_comments[0] assert first.exercise_test_name.test_name == 'test_check_bar_bar' assert first.exercise_test_name.pretty_test_name == 'ืฉื ื›ื–ื” ืžื’ื ื™ื‘ 2' - expected = ('AssertionError: ืื™ื–ื” ื‘ืจื‘ืจื•ืŸ' - "assert 'bar' == 'barbaron' - barbaron + bar") + expected = ("AssertionError: ืื™ื–ื” ื‘ืจื‘ืจื•ืŸ" + "assert 'bar' == 'barbaron' - barbaron + bar") assert expected == first.user_message assert "foo('bar') == 'barbaron'" in first.staff_message diff --git a/tests/test_extractor.py b/tests/test_extractor.py index 61ba4bab..45c96885 100644 --- a/tests/test_extractor.py +++ b/tests/test_extractor.py @@ -27,7 +27,7 @@ class TestExtractor: ZIP_FILES = ('Upload_1.zip', 'zipfiletest.zip') ZIP_BOMB_FILE = 'zipbomb.zip' - def setup(self): + def setup_method(self): self.ipynb_file = self.ipynb_file() self.image_file = next(self.zip_files((self.IMAGE_NAME,))) self.image_no_exercise_file = next(self.zip_files( @@ -66,7 +66,7 @@ def setup(self): self.zipbomb_file_list, (self.ZIP_BOMB_FILE,), )) - def teardown(self): + def teardown_method(self): self.ipynb_file.close() self.image_file.close() self.image_no_exercise_file.close() diff --git a/tests/test_flake8_linter.py b/tests/test_flake8_linter.py index 172d9716..8cd53ce8 100644 --- a/tests/test_flake8_linter.py +++ b/tests/test_flake8_linter.py @@ -10,7 +10,7 @@ INVALID_CODE = 'print "Hello Word" ' INVALID_CODE_MESSAGE = 'ื›ืฉื”ื‘ื•ื“ืง ืฉืœื ื• ื ื™ืกื” ืœื”ืจื™ืฅ ืืช ื”ืงื•ื“ ืฉืœืš, ื”ื•ื ืจืื” ืฉืœืคื™ื™ืชื•ืŸ ื™ืฉ ื‘ืขื™ื” ืœื”ื‘ื™ืŸ ืื•ืชื•. ื›ื“ืื™ ืœื•ื•ื“ื ืฉื”ืงื•ื“ ืจืฅ ื›ื”ืœื›ื” ืœืคื ื™ ืฉืžื’ื™ืฉื™ื ืื•ืชื•.' # noqa E501 INVALID_CODE_KEY = 'E999' -VALID_CODE = 'print(0)' +VALID_CODE = 'x = 5 * 2' EXECUTE_CODE = ('import os\n' 'eval(\'os.system("touch {}")\')') @@ -20,13 +20,13 @@ class TestFlake8Linter: test_directory = None @classmethod - def setup_class(cls): + def setup_method(cls): cls.test_directory = tempfile.mkdtemp() cls.file_path = os.path.join(cls.test_directory, 'some-file') cls.execute_script = EXECUTE_CODE.format(cls.file_path) @classmethod - def teardown_class(cls): + def teardown_method(cls): if cls.test_directory is not None: shutil.rmtree(cls.test_directory) diff --git a/tests/test_git_solution.py b/tests/test_git_solution.py index 7724e52d..88834411 100644 --- a/tests/test_git_solution.py +++ b/tests/test_git_solution.py @@ -5,120 +5,134 @@ from unittest import mock from flask.testing import FlaskClient +import pytest from lms.lmsdb import models from lms.lmsweb import webapp from tests import conftest -POST_NEW_REPOSITORY_BUFFER = \ - b'00ab0000000000000000000000000000000000000000 ' \ - b'c1d42352fc88ae88fde7713c23232d7d0703849a refs/heads/master\x00 ' \ - b'report-status-v2 side-band-64k object-format=sha1 ' \ - b'agent=git/2.30.10000PACK\x00\x00\x00\x02\x00\x00\x00\x03\x9d\nx' \ - b'\x9c\x95\xccA\n\xc3 \x10@\xd1\xbd\xa7p_(3\x8e\x9a\x04J\xe8\xae' \ - b'\x07\xe8\t\xa6\x99\xd1\n\x9a\x80\xd8\xfb7\xd0\x13t\xfb\xe1\xfd' \ - b'\xd1U\xed$@\xc2\x92\x92\xdf\xd2\x1c\xf1\x15@\x84=\x12\xba\xa4' \ - b'\xea\xe6e\x89\x88\x12\x12\x1a\xfe\x8c\xf7\xd1\xed\x83\xab}\x96=k' \ - b'\xb7\xb7\xcc\xd5\x93\xbb\xe7\xc6\xa5^\xb7\xa3\xad\x16#\x91\x9b' \ - b'\xc0\x07\xb2\x17 \x00s\xd6V\xc6\xd0\xbf\xa1){)\xe34\xbf\x83\xf9' \ - b'\x02\xa5\x1f3_\xa0\x02x\x9c340031Q(\xc8,Id(M^\xc86;\xe0\xd1\x1d' \ - b'\xefZ\x8bP\x17\x8eU\xd2\x17\xcb\xb6\xc6\x01\x00\xab:\x0b\xe64x' \ - b'\x9c+O\xcc\xe6\x02\x00\x03\xe3\x01NvHX\x85>M\xf7I\xd6\x7fGZ' \ - b'\x0e^\xc8\x82Q\xe3\xcb\xd9' - - -POST_CLONE_REPOSITORY_BUFFER = \ - b'0098want c1d42352fc88ae88fde7713c23232d7d0703849a multi_ack_detailed' \ - b' no-done side-band-64k thin-pack ofs-delta deepen-since deepen-not' \ - b' agent=git/2.30.1\n00000009done\n' - - +POST_NEW_REPOSITORY_BUFFER = ( + b"00ab0000000000000000000000000000000000000000 " + b"c1d42352fc88ae88fde7713c23232d7d0703849a refs/heads/master\x00 " + b"report-status-v2 side-band-64k object-format=sha1 " + b"agent=git/2.30.10000PACK\x00\x00\x00\x02\x00\x00\x00\x03\x9d\nx" + b"\x9c\x95\xccA\n\xc3 \x10@\xd1\xbd\xa7p_(3\x8e\x9a\x04J\xe8\xae" + b"\x07\xe8\t\xa6\x99\xd1\n\x9a\x80\xd8\xfb7\xd0\x13t\xfb\xe1\xfd" + b"\xd1U\xed$@\xc2\x92\x92\xdf\xd2\x1c\xf1\x15@\x84=\x12\xba\xa4" + b"\xea\xe6e\x89\x88\x12\x12\x1a\xfe\x8c\xf7\xd1\xed\x83\xab}\x96=k" + b"\xb7\xb7\xcc\xd5\x93\xbb\xe7\xc6\xa5^\xb7\xa3\xad\x16#\x91\x9b" + b"\xc0\x07\xb2\x17 \x00s\xd6V\xc6\xd0\xbf\xa1){)\xe34\xbf\x83\xf9" + b"\x02\xa5\x1f3_\xa0\x02x\x9c340031Q(\xc8,Id(M^\xc86;\xe0\xd1\x1d" + b"\xefZ\x8bP\x17\x8eU\xd2\x17\xcb\xb6\xc6\x01\x00\xab:\x0b\xe64x" + b"\x9c+O\xcc\xe6\x02\x00\x03\xe3\x01NvHX\x85>M\xf7I\xd6\x7fGZ" + b"\x0e^\xc8\x82Q\xe3\xcb\xd9" +) + + +POST_CLONE_REPOSITORY_BUFFER = ( + b"0098want c1d42352fc88ae88fde7713c23232d7d0703849a multi_ack_detailed" + b" no-done side-band-64k thin-pack ofs-delta deepen-since deepen-not" + b" agent=git/2.30.1\n00000009done\n" +) + + +@pytest.mark.skip class TestSendSolutionFromGit: - INFO_URL = 'info/refs' + INFO_URL = "info/refs" GET_METHOD = FlaskClient.get.__name__ POST_METHOD = FlaskClient.post.__name__ - temp_folder = '' + temp_folder = "" - def setup_method(self, _method: str) -> None: + def setup_method(self, _: str) -> None: self.temp_folder = tempfile.mkdtemp() - def teardown_method(self, _method: str) -> None: + def teardown_method(self, _: str) -> None: if self.temp_folder and os.path.exists(self.temp_folder): shutil.rmtree(self.temp_folder) @staticmethod - def _get_formatted_git_url(exercise: models.Exercise, rel_path: str) -> str: - return f'/git/{exercise.course.id}/{exercise.number}.git/{rel_path}' + def _get_formatted_git_url( + exercise: models.Exercise, rel_path: str, + ) -> str: + return f"/git/{exercise.course.id}/{exercise.number}.git/{rel_path}" def _send_git_request( - self, - username: str, - method_name: str, - url: str, - data=None, - service=None, - password=conftest.FAKE_PASSWORD, + self, + username: str, + method_name: str, + url: str, + data: bytes | None = None, + service: str | None = None, + password: str = conftest.FAKE_PASSWORD, ): client = webapp.test_client() - encoded_credentials = base64.b64encode(f'{username}:{password}'.encode()).decode() - headers = ( - ('Authorization', f'Basic {encoded_credentials}'), - ) - query_string = {'service': service} if service is not None else None + encoded_credentials = base64.b64encode( + f"{username}:{password}".encode() + ).decode() + headers = (("Authorization", f"Basic {encoded_credentials}"),) + query_string = {"service": service} if service is not None else None # patch the REPOSITORY_FOLDER to make new repository every test - with mock.patch('lms.lmsweb.views.REPOSITORY_FOLDER', self.temp_folder): - return getattr(client, method_name)(url, query_string=query_string, headers=headers, data=data) + with mock.patch("lms.lmsweb.views.REPOSITORY_FOLDER", self.temp_folder): + return getattr(client, method_name)( + url, query_string=query_string, headers=headers, data=data, + ) - def test_not_authorized_access(self, exercise: models.Exercise, student_user: models.User): + def test_not_authorized_access( + self, exercise: models.Exercise, student_user: models.User + ): client = conftest.get_logged_user(student_user.username) response = client.get(self._get_formatted_git_url(exercise, self.INFO_URL)) assert response.status_code == 401 def test_not_existing_user(self, exercise: models.Exercise): response = self._send_git_request( - username='not-exists', + username="not-exists", method_name=self.GET_METHOD, url=self._get_formatted_git_url(exercise, self.INFO_URL), ) assert response.status_code == 401 - def test_invalid_user_password(self, exercise: models.Exercise, student_user: models.User): + def test_invalid_user_password( + self, exercise: models.Exercise, student_user: models.User, + ): response = self._send_git_request( username=student_user.username, method_name=self.GET_METHOD, url=self._get_formatted_git_url(exercise, self.INFO_URL), - password='not real password' + password="not real password", ) assert response.status_code == 401 def test_push_exercise(self, exercise: models.Exercise, student_user: models.User): - git_receive_pack = 'git-receive-pack' + git_receive_pack = "git-receive-pack" conftest.create_usercourse(student_user, exercise.course) + info_url = self._get_formatted_git_url(exercise, self.INFO_URL) response = self._send_git_request( username=student_user.username, method_name=self.GET_METHOD, - url=self._get_formatted_git_url(exercise, self.INFO_URL), + url=info_url, service=git_receive_pack, ) assert response.status_code == 200 - assert response.data.startswith(b'001f#') + assert response.data.startswith(b"001f#") + post_url = self._get_formatted_git_url(exercise, git_receive_pack) response = self._send_git_request( username=student_user.username, method_name=self.POST_METHOD, - url=self._get_formatted_git_url(exercise, git_receive_pack), + url=post_url, data=POST_NEW_REPOSITORY_BUFFER, ) assert response.status_code == 200 - assert response.data.startswith(b'0030\x01000eunpack ok\n0019ok refs/heads/master\n00000000') + assert response.data.startswith(b"0000") def test_get_exercise(self, exercise: models.Exercise, student_user: models.User): - git_upload_pack = 'git-upload-pack' + git_upload_pack = "git-upload-pack" self.test_push_exercise(exercise, student_user) response = self._send_git_request( username=student_user.username, @@ -127,7 +141,7 @@ def test_get_exercise(self, exercise: models.Exercise, student_user: models.User service=git_upload_pack, ) assert response.status_code == 200 - assert response.data.startswith(b'001e# service=git-upload-pack') + assert response.data.startswith(b"001e# service=git-upload-pack") response = self._send_git_request( username=student_user.username, @@ -136,4 +150,6 @@ def test_get_exercise(self, exercise: models.Exercise, student_user: models.User data=POST_CLONE_REPOSITORY_BUFFER, ) assert response.status_code == 200 - assert response.data.startswith(b'0008NAK\n0023\x02Enumerating objects: 3, done.') + assert response.data.startswith( + b"0008NAK\n0043\x02Enumerating objects: 3, done." + ) diff --git a/tests/test_solutions.py b/tests/test_solutions.py index 90e59952..e97701ea 100644 --- a/tests/test_solutions.py +++ b/tests/test_solutions.py @@ -1,5 +1,3 @@ -from lms.models.errors import ResourceNotFound -from lms.models.solutions import get_view_parameters from unittest import mock from flask import json @@ -15,7 +13,11 @@ from lms.models import notifications, solutions from lms.models.errors import ResourceNotFound from lms.models.solutions import get_view_parameters -from lms.utils.consts import COLORS, DEFAULT_ASSESSMENT_BUTTON_ACTIVE_COLOR, DEFAULT_ASSESSMENT_BUTTON_COLOR +from lms.utils.consts import ( + COLORS, + DEFAULT_ASSESSMENT_BUTTON_ACTIVE_COLOR, + DEFAULT_ASSESSMENT_BUTTON_COLOR, +) from tests import conftest @@ -601,7 +603,7 @@ def test_solution_assessment_color_on_create(course: Course, _assessments): ) assert assessment1.color == COLORS.get('red') assert ( - assessment1.active_color == DEFAULT_ASSESSMENT_BUTTON_ACTIVE_COLOR, + assessment1.active_color == DEFAULT_ASSESSMENT_BUTTON_ACTIVE_COLOR ) assessment2 = SolutionAssessment.create( @@ -625,7 +627,7 @@ def test_solution_assessment_on_save(course: Course, _assessments): assessment.save() assert assessment.color == DEFAULT_ASSESSMENT_BUTTON_COLOR assert ( - assessment.active_color == DEFAULT_ASSESSMENT_BUTTON_ACTIVE_COLOR, + assessment.active_color == DEFAULT_ASSESSMENT_BUTTON_ACTIVE_COLOR ) @staticmethod @@ -657,7 +659,7 @@ def test_solutions_of_user( content_type='application/json', ) solution2 = Solution.get_by_id(solution2.id) - + exercises = solution.of_user(student_user.id, from_all_courses=True) assert exercises[0].get('assessment') is None assert exercises[1].get('assessment') == 'Try again' diff --git a/tests/test_status.py b/tests/test_status.py index bd2693f8..4662e47c 100644 --- a/tests/test_status.py +++ b/tests/test_status.py @@ -4,7 +4,7 @@ class TestStatusPage: @classmethod - def setup(cls): + def setup_method(cls): cls.course1 = conftest.create_course(1) cls.course2 = conftest.create_course(2) cls.course_no_submissions = conftest.create_course(3) From 74fa1c18b4d490ca33f483e76c438b06476d494a Mon Sep 17 00:00:00 2001 From: Yam Mesicka Date: Sat, 24 Feb 2024 05:15:37 +0200 Subject: [PATCH 05/18] fix(notifications): Wrong element ID fixed --- lms/static/my.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lms/static/my.js b/lms/static/my.js index 9e798eb9..fc6389b9 100644 --- a/lms/static/my.js +++ b/lms/static/my.js @@ -84,7 +84,7 @@ function trackDisableShareButton(solutionId, button) { } function updateNotificationsBadge() { - const dropdown = document.getElementById('navbarNavDropdown'); + const dropdown = document.getElementById('navbarSupportedContent'); const container = document.getElementById('notifications-list'); if (dropdown === null || container === null) { return; From cd09e7ce1736de86a129f6c4bcff093d62a849f5 Mon Sep 17 00:00:00 2001 From: Yam Mesicka Date: Sat, 24 Feb 2024 06:06:18 +0200 Subject: [PATCH 06/18] fix(grader): Sending two comments on the same line won't multiple comments (#363) --- lms/static/grader.js | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/lms/static/grader.js b/lms/static/grader.js index 1ab53792..d40b8464 100644 --- a/lms/static/grader.js +++ b/lms/static/grader.js @@ -141,10 +141,14 @@ function focusTextArea(lineNumber) { function trackTextArea(lineNumber) { const target = `textarea[data-line='${lineNumber}']`; + const textareaElement = document.querySelector(target); const popoverElement = document.querySelector(`.grader-add[data-line='${lineNumber}']`); - document.querySelector(target).addEventListener('keydown', (ev) => { - if ((ev.which === 10 || ev.which === 13) && ev.ctrlKey) { // CTRL + ENTER + + const keyDownFunction = function(ev) { + if ((ev.key === 'Enter' && ev.ctrlKey) || ((ev.which === 10 || ev.which === 13) && ev.ctrlKey)) { sendNewComment(window.fileId, lineNumber, ev.target.value); + ev.target.value = ''; + textareaElement.removeEventListener('keydown', keyDownFunction); } else if (ev.key === 'Escape') { ev.preventDefault(); } else { @@ -153,7 +157,9 @@ function trackTextArea(lineNumber) { const popover = bootstrap.Popover.getInstance(popoverElement); if (popover !== null) {popover.hide();} - }); + }; + + textareaElement.addEventListener('keydown', keyDownFunction, {}); } function registerNewCommentPopover(element) { From 011f5bb06d914c5cac26da6e7fa77d7ea3fdcd21 Mon Sep 17 00:00:00 2001 From: Yam Mesicka Date: Sat, 24 Feb 2024 06:13:02 +0200 Subject: [PATCH 07/18] chore(README.md): Remove LGTM --- README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/README.md b/README.md index 61a03385..b033cbca 100644 --- a/README.md +++ b/README.md @@ -3,8 +3,6 @@

- -

๐Ÿ‘‹ Welcome to Python course learning management system. ๐Ÿ From 66ef26143253ab79801c0a4ce856f8ab4448d7ec Mon Sep 17 00:00:00 2001 From: Yam Mesicka Date: Sat, 24 Feb 2024 06:30:34 +0200 Subject: [PATCH 08/18] chore: Update docker's Python versions (#364) --- Dockerfile | 2 +- lms/lmstests/public/unittests/image/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9079dc9e..2f22d185 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3-buster +FROM python:3.12 RUN apt update \ && apt install -y --no-install-recommends docker.io vim unixodbc-dev \ diff --git a/lms/lmstests/public/unittests/image/Dockerfile b/lms/lmstests/public/unittests/image/Dockerfile index 953dc829..cc3293dd 100644 --- a/lms/lmstests/public/unittests/image/Dockerfile +++ b/lms/lmstests/public/unittests/image/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.8.0-slim-buster +FROM python:3.12-slim COPY requirements.txt /tmp/requirements.txt RUN pip3 install -r /tmp/requirements.txt From 39e8675e8f380b6877490f629404b2f3cc52d046 Mon Sep 17 00:00:00 2001 From: Yam Mesicka Date: Sat, 24 Feb 2024 07:46:59 +0200 Subject: [PATCH 09/18] chore: fix deps for Python 3.12 --- .../public/unittests/image/requirements.txt | 23 +++++++++---------- 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/lms/lmstests/public/unittests/image/requirements.txt b/lms/lmstests/public/unittests/image/requirements.txt index f8f855a4..2bd71b64 100644 --- a/lms/lmstests/public/unittests/image/requirements.txt +++ b/lms/lmstests/public/unittests/image/requirements.txt @@ -1,12 +1,11 @@ -atomicwrites==1.4.0 -attrs==19.3.0 -importlib-metadata==1.6.0 -more-itertools==8.2.0 -packaging==20.3 -pluggy==0.13.1 -py==1.10.0 -pyparsing==2.4.7 -pytest==5.0.1 -six==1.14.0 -wcwidth==0.1.9 -zipp==3.1.0 +atomicwrites==1.4.1 +attrs==23.2.0 +importlib-metadata==7.0.1 +more-itertools==10.2.0 +packaging==23.2 +pluggy==1.4.0 +pyparsing==3.1.1 +pytest==8.0.1 +six==1.16.0 +wcwidth==0.2.13 +zipp==3.17.0 From d832580a7535c1537e12b545a8e28c3a912b0d6e Mon Sep 17 00:00:00 2001 From: Yam Mesicka Date: Mon, 26 Feb 2024 21:31:07 +0200 Subject: [PATCH 10/18] fix: Ignore external libs in ESLint (#367) --- .eslintrc.js | 28 +++++++++++++++------------- lms/static/checker.js | 6 +++--- 2 files changed, 18 insertions(+), 16 deletions(-) diff --git a/.eslintrc.js b/.eslintrc.js index 60d95f36..8c3481d5 100644 --- a/.eslintrc.js +++ b/.eslintrc.js @@ -1,19 +1,21 @@ module.exports = { - env: { - browser: true, - es2021: true, + "env": { + "browser": true, + "node": true }, - globals: { - bootstrap: true, - Dropzone: true, - workbox: true, - }, - extends: [ - 'airbnb-base', + "ignorePatterns": [ + "/lms/static/prism.js", + "/lms/static/markdown.js", ], - parserOptions: { - ecmaVersion: 12, - sourceType: 'module', + "globals": { + "bootstrap": true, + "Dropzone": true, + "workbox": true, + }, + "extends": "eslint:recommended", + "parserOptions": { + "ecmaVersion": "latest", + "sourceType": "module" }, rules: { 'no-param-reassign': [2, { props: false }], diff --git a/lms/static/checker.js b/lms/static/checker.js index 0c8f8ae0..e96d3531 100644 --- a/lms/static/checker.js +++ b/lms/static/checker.js @@ -33,7 +33,7 @@ function changeAssessmentsAttributes(assessmentGroup, item) { document.activeElement.blur(); const xhr = new XMLHttpRequest(); - xhr.open('POST', `/assessment/${solutionId}`, true); + xhr.open('POST', `/assessment/${window.solutionId}`, true); xhr.setRequestHeader('Content-Type', 'application/json'); xhr.responseType = 'json'; xhr.onreadystatechange = () => { @@ -44,8 +44,8 @@ function changeAssessmentsAttributes(assessmentGroup, item) { } }; - assessmentValue = assessmentGroup.dataset.checkedid; - assessmentChecked = (assessmentValue !== 'null') ? assessmentValue : null; + const assessmentValue = assessmentGroup.dataset.checkedid; + const assessmentChecked = (assessmentValue !== 'null') ? assessmentValue : null; xhr.send(JSON.stringify({assessment: assessmentChecked})); } From 9eb5de27ed7a9cf156c4fc7ea45678441f933946 Mon Sep 17 00:00:00 2001 From: Yam Mesicka Date: Mon, 26 Feb 2024 21:31:50 +0200 Subject: [PATCH 11/18] chore: Upgrade infra -- pip and Docker (#365) --- Dockerfile | 42 +++++++++++-------- .../public/unittests/image/Dockerfile | 3 +- 2 files changed, 27 insertions(+), 18 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2f22d185..1850687f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,26 +1,34 @@ FROM python:3.12 -RUN apt update \ - && apt install -y --no-install-recommends docker.io vim unixodbc-dev \ - && apt clean \ - && rm -rf /var/lib/apt/lists/* +RUN apt-get update && apt-get install -y \ + ca-certificates \ + curl \ + wget \ + unzip \ + && install -m 0755 -d /etc/apt/keyrings \ + && curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc \ + && chmod a+r /etc/apt/keyrings/docker.asc \ + && echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null \ + && apt-get update \ + && apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* COPY requirements.txt /tmp/requirements.txt -RUN pip3 install -r /tmp/requirements.txt +RUN pip3 install --no-cache-dir -r /tmp/requirements.txt -# Install vnu (html/css validator) -RUN wget https://github.com/validator/validator/releases/download/20.6.30/vnu.linux.zip && \ - unzip vnu.linux.zip -d /opt/vnu/ && \ - chmod +x /opt/vnu/vnu-runtime-image/bin/vnu -ENV PATH=/opt/vnu/vnu-runtime-image/bin:$PATH +RUN wget https://github.com/validator/validator/releases/download/20.6.30/vnu.linux.zip -O /tmp/vnu.linux.zip \ + && unzip /tmp/vnu.linux.zip -d /opt/vnu/ \ + && chmod +x /opt/vnu/vnu-runtime-image/bin/vnu \ + && rm /tmp/vnu.linux.zip -RUN adduser --disabled-password --gecos '' app-user +ENV PATH=/opt/vnu/vnu-runtime-image/bin:$PATH -RUN mkdir -p /app_dir/lms -RUN chown -R app-user:app-user /app_dir +RUN adduser --disabled-password --gecos '' app-user \ + && mkdir -p /app_dir/lms \ + && chown -R app-user:app-user /app_dir -# Note: we don't copy the code to container because we mount the code in different ways -# on each setup WORKDIR /app_dir/lms -ENV LOGURU_LEVEL INFO -ENV PYTHONPATH /app_dir/:$PYTHONPATH +ENV LOGURU_LEVEL=INFO +ENV PYTHONPATH=/app_dir/:$PYTHONPATH +# Note: Code is mounted at runtime, hence not copied. diff --git a/lms/lmstests/public/unittests/image/Dockerfile b/lms/lmstests/public/unittests/image/Dockerfile index cc3293dd..f7d768f5 100644 --- a/lms/lmstests/public/unittests/image/Dockerfile +++ b/lms/lmstests/public/unittests/image/Dockerfile @@ -1,7 +1,8 @@ FROM python:3.12-slim COPY requirements.txt /tmp/requirements.txt -RUN pip3 install -r /tmp/requirements.txt +RUN pip config --user set global.progress_bar off && \ + pip3 install -r /tmp/requirements.txt RUN adduser --disabled-password --gecos '' app-user From ece9ee8e2fc15f91951224ad1c313ac571fb63db Mon Sep 17 00:00:00 2001 From: Yam Mesicka Date: Mon, 26 Feb 2024 21:33:22 +0200 Subject: [PATCH 12/18] feat: Add markdown support for temporary comment system (#368) --- devops/lms.yml | 2 +- lms/static/comments.js | 21 +++++++++++++++++++-- lms/static/markdown.js | 6 ++++++ lms/static/purify.js | 4 ++++ lms/templates/view.html | 2 ++ 5 files changed, 32 insertions(+), 3 deletions(-) create mode 100644 lms/static/markdown.js create mode 100644 lms/static/purify.js diff --git a/devops/lms.yml b/devops/lms.yml index 5f9dcc62..98bfbb23 100644 --- a/devops/lms.yml +++ b/devops/lms.yml @@ -21,7 +21,7 @@ services: - lms rabbitmq: - image: rabbitmq:3.12-management-alpine + image: rabbitmq:3.8-management-alpine hostname: celery-mq volumes: - rabbit-data-volume:/var/lib/rabbitmq diff --git a/lms/static/comments.js b/lms/static/comments.js index 1ddff2a7..0c0c372b 100644 --- a/lms/static/comments.js +++ b/lms/static/comments.js @@ -30,7 +30,8 @@ function isSolverComment(commentData) { } function formatCommentData(commentData) { - let changedCommentText = `${commentData.author_name}: ${commentData.text}`; + const commentText = DOMPurify.sanitize(marked.parse(commentData.text)); + let changedCommentText = `${commentData.author_name}: ${commentText}`; if (window.isUserGrader() || isSolverComment(commentData)) { const deleteButton = ``; changedCommentText = `${deleteButton} ${changedCommentText}`; @@ -55,10 +56,14 @@ function addCommentToLine(line, commentData) { boundary: 'viewport', placement: 'auto', }); + + commentElement.addEventListener('shown.bs.popover', function () { + Prism.highlightAllUnder(existingPopover.tip); + }) } commentElement.dataset.comment = 'true'; - if (commentData.is_auto) { + if ((commentData.is_auto) && (commentElement.dataset.marked !== 'true')) { markLine(commentElement, FLAKE_COMMENTED_LINE_COLOR); } else { const lineColor = window.getLineColorByRole(commentData.author_role); @@ -140,6 +145,17 @@ function addLineSpansToPre(items) { window.dispatchEvent(new Event('lines-numbered')); } +function configureMarkdownParser() { + marked.use({ + renderer: { + code: (code, infoString, _) => { + const language = infoString || 'plaintext'; + return `
${code}
`; + } + }, + }); +} + window.markLink = markLine; window.hoverLine = hoverLine; window.addCommentToLine = addCommentToLine; @@ -152,6 +168,7 @@ window.addEventListener('load', () => { sessionStorage.setItem('role', codeElementData.role); sessionStorage.setItem('solver', codeElementData.solver); sessionStorage.setItem('allowedComment', codeElementData.allowedComment); + configureMarkdownParser(); addLineSpansToPre(document.getElementsByTagName('code')); pullComments(window.fileId, treatComments); }); diff --git a/lms/static/markdown.js b/lms/static/markdown.js new file mode 100644 index 00000000..be3f0969 --- /dev/null +++ b/lms/static/markdown.js @@ -0,0 +1,6 @@ +/** + * marked v12.0.0 - a markdown parser + * Copyright (c) 2011-2024, Christopher Jeffrey. (MIT Licensed) + * https://github.com/markedjs/marked + */ +!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).marked={})}(this,(function(e){"use strict";function t(){return{async:!1,breaks:!1,extensions:null,gfm:!0,hooks:null,pedantic:!1,renderer:null,silent:!1,tokenizer:null,walkTokens:null}}function n(t){e.defaults=t}e.defaults={async:!1,breaks:!1,extensions:null,gfm:!0,hooks:null,pedantic:!1,renderer:null,silent:!1,tokenizer:null,walkTokens:null};const s=/[&<>"']/,r=new RegExp(s.source,"g"),i=/[<>"']|&(?!(#\d{1,7}|#[Xx][a-fA-F0-9]{1,6}|\w+);)/,l=new RegExp(i.source,"g"),o={"&":"&","<":"<",">":">",'"':""","'":"'"},a=e=>o[e];function c(e,t){if(t){if(s.test(e))return e.replace(r,a)}else if(i.test(e))return e.replace(l,a);return e}const h=/&(#(?:\d+)|(?:#x[0-9A-Fa-f]+)|(?:\w+));?/gi;function p(e){return e.replace(h,((e,t)=>"colon"===(t=t.toLowerCase())?":":"#"===t.charAt(0)?"x"===t.charAt(1)?String.fromCharCode(parseInt(t.substring(2),16)):String.fromCharCode(+t.substring(1)):""))}const u=/(^|[^\[])\^/g;function k(e,t){let n="string"==typeof e?e:e.source;t=t||"";const s={replace:(e,t)=>{let r="string"==typeof t?t:t.source;return r=r.replace(u,"$1"),n=n.replace(e,r),s},getRegex:()=>new RegExp(n,t)};return s}function g(e){try{e=encodeURI(e).replace(/%25/g,"%")}catch(e){return null}return e}const f={exec:()=>null};function d(e,t){const n=e.replace(/\|/g,((e,t,n)=>{let s=!1,r=t;for(;--r>=0&&"\\"===n[r];)s=!s;return s?"|":" |"})).split(/ \|/);let s=0;if(n[0].trim()||n.shift(),n.length>0&&!n[n.length-1].trim()&&n.pop(),t)if(n.length>t)n.splice(t);else for(;n.length0)return{type:"space",raw:t[0]}}code(e){const t=this.rules.block.code.exec(e);if(t){const e=t[0].replace(/^ {1,4}/gm,"");return{type:"code",raw:t[0],codeBlockStyle:"indented",text:this.options.pedantic?e:x(e,"\n")}}}fences(e){const t=this.rules.block.fences.exec(e);if(t){const e=t[0],n=function(e,t){const n=e.match(/^(\s+)(?:```)/);if(null===n)return t;const s=n[1];return t.split("\n").map((e=>{const t=e.match(/^\s+/);if(null===t)return e;const[n]=t;return n.length>=s.length?e.slice(s.length):e})).join("\n")}(e,t[3]||"");return{type:"code",raw:e,lang:t[2]?t[2].trim().replace(this.rules.inline.anyPunctuation,"$1"):t[2],text:n}}}heading(e){const t=this.rules.block.heading.exec(e);if(t){let e=t[2].trim();if(/#$/.test(e)){const t=x(e,"#");this.options.pedantic?e=t.trim():t&&!/ $/.test(t)||(e=t.trim())}return{type:"heading",raw:t[0],depth:t[1].length,text:e,tokens:this.lexer.inline(e)}}}hr(e){const t=this.rules.block.hr.exec(e);if(t)return{type:"hr",raw:t[0]}}blockquote(e){const t=this.rules.block.blockquote.exec(e);if(t){const e=x(t[0].replace(/^ *>[ \t]?/gm,""),"\n"),n=this.lexer.state.top;this.lexer.state.top=!0;const s=this.lexer.blockTokens(e);return this.lexer.state.top=n,{type:"blockquote",raw:t[0],tokens:s,text:e}}}list(e){let t=this.rules.block.list.exec(e);if(t){let n=t[1].trim();const s=n.length>1,r={type:"list",raw:"",ordered:s,start:s?+n.slice(0,-1):"",loose:!1,items:[]};n=s?`\\d{1,9}\\${n.slice(-1)}`:`\\${n}`,this.options.pedantic&&(n=s?n:"[*+-]");const i=new RegExp(`^( {0,3}${n})((?:[\t ][^\\n]*)?(?:\\n|$))`);let l="",o="",a=!1;for(;e;){let n=!1;if(!(t=i.exec(e)))break;if(this.rules.block.hr.test(e))break;l=t[0],e=e.substring(l.length);let s=t[2].split("\n",1)[0].replace(/^\t+/,(e=>" ".repeat(3*e.length))),c=e.split("\n",1)[0],h=0;this.options.pedantic?(h=2,o=s.trimStart()):(h=t[2].search(/[^ ]/),h=h>4?1:h,o=s.slice(h),h+=t[1].length);let p=!1;if(!s&&/^ *$/.test(c)&&(l+=c+"\n",e=e.substring(c.length+1),n=!0),!n){const t=new RegExp(`^ {0,${Math.min(3,h-1)}}(?:[*+-]|\\d{1,9}[.)])((?:[ \t][^\\n]*)?(?:\\n|$))`),n=new RegExp(`^ {0,${Math.min(3,h-1)}}((?:- *){3,}|(?:_ *){3,}|(?:\\* *){3,})(?:\\n+|$)`),r=new RegExp(`^ {0,${Math.min(3,h-1)}}(?:\`\`\`|~~~)`),i=new RegExp(`^ {0,${Math.min(3,h-1)}}#`);for(;e;){const a=e.split("\n",1)[0];if(c=a,this.options.pedantic&&(c=c.replace(/^ {1,4}(?=( {4})*[^ ])/g," ")),r.test(c))break;if(i.test(c))break;if(t.test(c))break;if(n.test(e))break;if(c.search(/[^ ]/)>=h||!c.trim())o+="\n"+c.slice(h);else{if(p)break;if(s.search(/[^ ]/)>=4)break;if(r.test(s))break;if(i.test(s))break;if(n.test(s))break;o+="\n"+c}p||c.trim()||(p=!0),l+=a+"\n",e=e.substring(a.length+1),s=c.slice(h)}}r.loose||(a?r.loose=!0:/\n *\n *$/.test(l)&&(a=!0));let u,k=null;this.options.gfm&&(k=/^\[[ xX]\] /.exec(o),k&&(u="[ ] "!==k[0],o=o.replace(/^\[[ xX]\] +/,""))),r.items.push({type:"list_item",raw:l,task:!!k,checked:u,loose:!1,text:o,tokens:[]}),r.raw+=l}r.items[r.items.length-1].raw=l.trimEnd(),r.items[r.items.length-1].text=o.trimEnd(),r.raw=r.raw.trimEnd();for(let e=0;e"space"===e.type)),n=t.length>0&&t.some((e=>/\n.*\n/.test(e.raw)));r.loose=n}if(r.loose)for(let e=0;e$/,"$1").replace(this.rules.inline.anyPunctuation,"$1"):"",s=t[3]?t[3].substring(1,t[3].length-1).replace(this.rules.inline.anyPunctuation,"$1"):t[3];return{type:"def",tag:e,raw:t[0],href:n,title:s}}}table(e){const t=this.rules.block.table.exec(e);if(!t)return;if(!/[:|]/.test(t[2]))return;const n=d(t[1]),s=t[2].replace(/^\||\| *$/g,"").split("|"),r=t[3]&&t[3].trim()?t[3].replace(/\n[ \t]*$/,"").split("\n"):[],i={type:"table",raw:t[0],header:[],align:[],rows:[]};if(n.length===s.length){for(const e of s)/^ *-+: *$/.test(e)?i.align.push("right"):/^ *:-+: *$/.test(e)?i.align.push("center"):/^ *:-+ *$/.test(e)?i.align.push("left"):i.align.push(null);for(const e of n)i.header.push({text:e,tokens:this.lexer.inline(e)});for(const e of r)i.rows.push(d(e,i.header.length).map((e=>({text:e,tokens:this.lexer.inline(e)}))));return i}}lheading(e){const t=this.rules.block.lheading.exec(e);if(t)return{type:"heading",raw:t[0],depth:"="===t[2].charAt(0)?1:2,text:t[1],tokens:this.lexer.inline(t[1])}}paragraph(e){const t=this.rules.block.paragraph.exec(e);if(t){const e="\n"===t[1].charAt(t[1].length-1)?t[1].slice(0,-1):t[1];return{type:"paragraph",raw:t[0],text:e,tokens:this.lexer.inline(e)}}}text(e){const t=this.rules.block.text.exec(e);if(t)return{type:"text",raw:t[0],text:t[0],tokens:this.lexer.inline(t[0])}}escape(e){const t=this.rules.inline.escape.exec(e);if(t)return{type:"escape",raw:t[0],text:c(t[1])}}tag(e){const t=this.rules.inline.tag.exec(e);if(t)return!this.lexer.state.inLink&&/^/i.test(t[0])&&(this.lexer.state.inLink=!1),!this.lexer.state.inRawBlock&&/^<(pre|code|kbd|script)(\s|>)/i.test(t[0])?this.lexer.state.inRawBlock=!0:this.lexer.state.inRawBlock&&/^<\/(pre|code|kbd|script)(\s|>)/i.test(t[0])&&(this.lexer.state.inRawBlock=!1),{type:"html",raw:t[0],inLink:this.lexer.state.inLink,inRawBlock:this.lexer.state.inRawBlock,block:!1,text:t[0]}}link(e){const t=this.rules.inline.link.exec(e);if(t){const e=t[2].trim();if(!this.options.pedantic&&/^$/.test(e))return;const t=x(e.slice(0,-1),"\\");if((e.length-t.length)%2==0)return}else{const e=function(e,t){if(-1===e.indexOf(t[1]))return-1;let n=0;for(let s=0;s-1){const n=(0===t[0].indexOf("!")?5:4)+t[1].length+e;t[2]=t[2].substring(0,e),t[0]=t[0].substring(0,n).trim(),t[3]=""}}let n=t[2],s="";if(this.options.pedantic){const e=/^([^'"]*[^\s])\s+(['"])(.*)\2/.exec(n);e&&(n=e[1],s=e[3])}else s=t[3]?t[3].slice(1,-1):"";return n=n.trim(),/^$/.test(e)?n.slice(1):n.slice(1,-1)),b(t,{href:n?n.replace(this.rules.inline.anyPunctuation,"$1"):n,title:s?s.replace(this.rules.inline.anyPunctuation,"$1"):s},t[0],this.lexer)}}reflink(e,t){let n;if((n=this.rules.inline.reflink.exec(e))||(n=this.rules.inline.nolink.exec(e))){const e=t[(n[2]||n[1]).replace(/\s+/g," ").toLowerCase()];if(!e){const e=n[0].charAt(0);return{type:"text",raw:e,text:e}}return b(n,e,n[0],this.lexer)}}emStrong(e,t,n=""){let s=this.rules.inline.emStrongLDelim.exec(e);if(!s)return;if(s[3]&&n.match(/[\p{L}\p{N}]/u))return;if(!(s[1]||s[2]||"")||!n||this.rules.inline.punctuation.exec(n)){const n=[...s[0]].length-1;let r,i,l=n,o=0;const a="*"===s[0][0]?this.rules.inline.emStrongRDelimAst:this.rules.inline.emStrongRDelimUnd;for(a.lastIndex=0,t=t.slice(-1*e.length+n);null!=(s=a.exec(t));){if(r=s[1]||s[2]||s[3]||s[4]||s[5]||s[6],!r)continue;if(i=[...r].length,s[3]||s[4]){l+=i;continue}if((s[5]||s[6])&&n%3&&!((n+i)%3)){o+=i;continue}if(l-=i,l>0)continue;i=Math.min(i,i+l+o);const t=[...s[0]][0].length,a=e.slice(0,n+s.index+t+i);if(Math.min(n,i)%2){const e=a.slice(1,-1);return{type:"em",raw:a,text:e,tokens:this.lexer.inlineTokens(e)}}const c=a.slice(2,-2);return{type:"strong",raw:a,text:c,tokens:this.lexer.inlineTokens(c)}}}}codespan(e){const t=this.rules.inline.code.exec(e);if(t){let e=t[2].replace(/\n/g," ");const n=/[^ ]/.test(e),s=/^ /.test(e)&&/ $/.test(e);return n&&s&&(e=e.substring(1,e.length-1)),e=c(e,!0),{type:"codespan",raw:t[0],text:e}}}br(e){const t=this.rules.inline.br.exec(e);if(t)return{type:"br",raw:t[0]}}del(e){const t=this.rules.inline.del.exec(e);if(t)return{type:"del",raw:t[0],text:t[2],tokens:this.lexer.inlineTokens(t[2])}}autolink(e){const t=this.rules.inline.autolink.exec(e);if(t){let e,n;return"@"===t[2]?(e=c(t[1]),n="mailto:"+e):(e=c(t[1]),n=e),{type:"link",raw:t[0],text:e,href:n,tokens:[{type:"text",raw:e,text:e}]}}}url(e){let t;if(t=this.rules.inline.url.exec(e)){let e,n;if("@"===t[2])e=c(t[0]),n="mailto:"+e;else{let s;do{s=t[0],t[0]=this.rules.inline._backpedal.exec(t[0])?.[0]??""}while(s!==t[0]);e=c(t[0]),n="www."===t[1]?"http://"+t[0]:t[0]}return{type:"link",raw:t[0],text:e,href:n,tokens:[{type:"text",raw:e,text:e}]}}}inlineText(e){const t=this.rules.inline.text.exec(e);if(t){let e;return e=this.lexer.state.inRawBlock?t[0]:c(t[0]),{type:"text",raw:t[0],text:e}}}}const m=/^ {0,3}((?:-[\t ]*){3,}|(?:_[ \t]*){3,}|(?:\*[ \t]*){3,})(?:\n+|$)/,y=/(?:[*+-]|\d{1,9}[.)])/,$=k(/^(?!bull )((?:.|\n(?!\s*?\n|bull ))+?)\n {0,3}(=+|-+) *(?:\n+|$)/).replace(/bull/g,y).getRegex(),z=/^([^\n]+(?:\n(?!hr|heading|lheading|blockquote|fences|list|html|table| +\n)[^\n]+)*)/,T=/(?!\s*\])(?:\\.|[^\[\]\\])+/,R=k(/^ {0,3}\[(label)\]: *(?:\n *)?([^<\s][^\s]*|<.*?>)(?:(?: +(?:\n *)?| *\n *)(title))? *(?:\n+|$)/).replace("label",T).replace("title",/(?:"(?:\\"?|[^"\\])*"|'[^'\n]*(?:\n[^'\n]+)*\n?'|\([^()]*\))/).getRegex(),_=k(/^( {0,3}bull)([ \t][^\n]+?)?(?:\n|$)/).replace(/bull/g,y).getRegex(),A="address|article|aside|base|basefont|blockquote|body|caption|center|col|colgroup|dd|details|dialog|dir|div|dl|dt|fieldset|figcaption|figure|footer|form|frame|frameset|h[1-6]|head|header|hr|html|iframe|legend|li|link|main|menu|menuitem|meta|nav|noframes|ol|optgroup|option|p|param|search|section|summary|table|tbody|td|tfoot|th|thead|title|tr|track|ul",S=/|$))/,I=k("^ {0,3}(?:<(script|pre|style|textarea)[\\s>][\\s\\S]*?(?:[^\\n]*\\n+|$)|comment[^\\n]*(\\n+|$)|<\\?[\\s\\S]*?(?:\\?>\\n*|$)|\\n*|$)|\\n*|$)|)[\\s\\S]*?(?:(?:\\n *)+\\n|$)|<(?!script|pre|style|textarea)([a-z][\\w-]*)(?:attribute)*? */?>(?=[ \\t]*(?:\\n|$))[\\s\\S]*?(?:(?:\\n *)+\\n|$)|(?=[ \\t]*(?:\\n|$))[\\s\\S]*?(?:(?:\\n *)+\\n|$))","i").replace("comment",S).replace("tag",A).replace("attribute",/ +[a-zA-Z:_][\w.:-]*(?: *= *"[^"\n]*"| *= *'[^'\n]*'| *= *[^\s"'=<>`]+)?/).getRegex(),E=k(z).replace("hr",m).replace("heading"," {0,3}#{1,6}(?:\\s|$)").replace("|lheading","").replace("|table","").replace("blockquote"," {0,3}>").replace("fences"," {0,3}(?:`{3,}(?=[^`\\n]*\\n)|~{3,})[^\\n]*\\n").replace("list"," {0,3}(?:[*+-]|1[.)]) ").replace("html",")|<(?:script|pre|style|textarea|!--)").replace("tag",A).getRegex(),Z={blockquote:k(/^( {0,3}> ?(paragraph|[^\n]*)(?:\n|$))+/).replace("paragraph",E).getRegex(),code:/^( {4}[^\n]+(?:\n(?: *(?:\n|$))*)?)+/,def:R,fences:/^ {0,3}(`{3,}(?=[^`\n]*(?:\n|$))|~{3,})([^\n]*)(?:\n|$)(?:|([\s\S]*?)(?:\n|$))(?: {0,3}\1[~`]* *(?=\n|$)|$)/,heading:/^ {0,3}(#{1,6})(?=\s|$)(.*)(?:\n+|$)/,hr:m,html:I,lheading:$,list:_,newline:/^(?: *(?:\n|$))+/,paragraph:E,table:f,text:/^[^\n]+/},q=k("^ *([^\\n ].*)\\n {0,3}((?:\\| *)?:?-+:? *(?:\\| *:?-+:? *)*(?:\\| *)?)(?:\\n((?:(?! *\\n|hr|heading|blockquote|code|fences|list|html).*(?:\\n|$))*)\\n*|$)").replace("hr",m).replace("heading"," {0,3}#{1,6}(?:\\s|$)").replace("blockquote"," {0,3}>").replace("code"," {4}[^\\n]").replace("fences"," {0,3}(?:`{3,}(?=[^`\\n]*\\n)|~{3,})[^\\n]*\\n").replace("list"," {0,3}(?:[*+-]|1[.)]) ").replace("html",")|<(?:script|pre|style|textarea|!--)").replace("tag",A).getRegex(),L={...Z,table:q,paragraph:k(z).replace("hr",m).replace("heading"," {0,3}#{1,6}(?:\\s|$)").replace("|lheading","").replace("table",q).replace("blockquote"," {0,3}>").replace("fences"," {0,3}(?:`{3,}(?=[^`\\n]*\\n)|~{3,})[^\\n]*\\n").replace("list"," {0,3}(?:[*+-]|1[.)]) ").replace("html",")|<(?:script|pre|style|textarea|!--)").replace("tag",A).getRegex()},P={...Z,html:k("^ *(?:comment *(?:\\n|\\s*$)|<(tag)[\\s\\S]+? *(?:\\n{2,}|\\s*$)|\\s]*)*?/?> *(?:\\n{2,}|\\s*$))").replace("comment",S).replace(/tag/g,"(?!(?:a|em|strong|small|s|cite|q|dfn|abbr|data|time|code|var|samp|kbd|sub|sup|i|b|u|mark|ruby|rt|rp|bdi|bdo|span|br|wbr|ins|del|img)\\b)\\w+(?!:|[^\\w\\s@]*@)\\b").getRegex(),def:/^ *\[([^\]]+)\]: *]+)>?(?: +(["(][^\n]+[")]))? *(?:\n+|$)/,heading:/^(#{1,6})(.*)(?:\n+|$)/,fences:f,lheading:/^(.+?)\n {0,3}(=+|-+) *(?:\n+|$)/,paragraph:k(z).replace("hr",m).replace("heading"," *#{1,6} *[^\n]").replace("lheading",$).replace("|table","").replace("blockquote"," {0,3}>").replace("|fences","").replace("|list","").replace("|html","").replace("|tag","").getRegex()},Q=/^\\([!"#$%&'()*+,\-./:;<=>?@\[\]\\^_`{|}~])/,v=/^( {2,}|\\)\n(?!\s*$)/,B="\\p{P}\\p{S}",M=k(/^((?![*_])[\spunctuation])/,"u").replace(/punctuation/g,B).getRegex(),O=k(/^(?:\*+(?:((?!\*)[punct])|[^\s*]))|^_+(?:((?!_)[punct])|([^\s_]))/,"u").replace(/punct/g,B).getRegex(),C=k("^[^_*]*?__[^_*]*?\\*[^_*]*?(?=__)|[^*]+(?=[^*])|(?!\\*)[punct](\\*+)(?=[\\s]|$)|[^punct\\s](\\*+)(?!\\*)(?=[punct\\s]|$)|(?!\\*)[punct\\s](\\*+)(?=[^punct\\s])|[\\s](\\*+)(?!\\*)(?=[punct])|(?!\\*)[punct](\\*+)(?!\\*)(?=[punct])|[^punct\\s](\\*+)(?=[^punct\\s])","gu").replace(/punct/g,B).getRegex(),D=k("^[^_*]*?\\*\\*[^_*]*?_[^_*]*?(?=\\*\\*)|[^_]+(?=[^_])|(?!_)[punct](_+)(?=[\\s]|$)|[^punct\\s](_+)(?!_)(?=[punct\\s]|$)|(?!_)[punct\\s](_+)(?=[^punct\\s])|[\\s](_+)(?!_)(?=[punct])|(?!_)[punct](_+)(?!_)(?=[punct])","gu").replace(/punct/g,B).getRegex(),j=k(/\\([punct])/,"gu").replace(/punct/g,B).getRegex(),H=k(/^<(scheme:[^\s\x00-\x1f<>]*|email)>/).replace("scheme",/[a-zA-Z][a-zA-Z0-9+.-]{1,31}/).replace("email",/[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+(@)[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)+(?![-_])/).getRegex(),U=k(S).replace("(?:--\x3e|$)","--\x3e").getRegex(),X=k("^comment|^|^<[a-zA-Z][\\w-]*(?:attribute)*?\\s*/?>|^<\\?[\\s\\S]*?\\?>|^|^").replace("comment",U).replace("attribute",/\s+[a-zA-Z:_][\w.:-]*(?:\s*=\s*"[^"]*"|\s*=\s*'[^']*'|\s*=\s*[^\s"'=<>`]+)?/).getRegex(),F=/(?:\[(?:\\.|[^\[\]\\])*\]|\\.|`[^`]*`|[^\[\]\\`])*?/,N=k(/^!?\[(label)\]\(\s*(href)(?:\s+(title))?\s*\)/).replace("label",F).replace("href",/<(?:\\.|[^\n<>\\])+>|[^\s\x00-\x1f]*/).replace("title",/"(?:\\"?|[^"\\])*"|'(?:\\'?|[^'\\])*'|\((?:\\\)?|[^)\\])*\)/).getRegex(),G=k(/^!?\[(label)\]\[(ref)\]/).replace("label",F).replace("ref",T).getRegex(),J=k(/^!?\[(ref)\](?:\[\])?/).replace("ref",T).getRegex(),K={_backpedal:f,anyPunctuation:j,autolink:H,blockSkip:/\[[^[\]]*?\]\([^\(\)]*?\)|`[^`]*?`|<[^<>]*?>/g,br:v,code:/^(`+)([^`]|[^`][\s\S]*?[^`])\1(?!`)/,del:f,emStrongLDelim:O,emStrongRDelimAst:C,emStrongRDelimUnd:D,escape:Q,link:N,nolink:J,punctuation:M,reflink:G,reflinkSearch:k("reflink|nolink(?!\\()","g").replace("reflink",G).replace("nolink",J).getRegex(),tag:X,text:/^(`+|[^`])(?:(?= {2,}\n)|[\s\S]*?(?:(?=[\\t+" ".repeat(n.length)));e;)if(!(this.options.extensions&&this.options.extensions.block&&this.options.extensions.block.some((s=>!!(n=s.call({lexer:this},e,t))&&(e=e.substring(n.raw.length),t.push(n),!0)))))if(n=this.tokenizer.space(e))e=e.substring(n.raw.length),1===n.raw.length&&t.length>0?t[t.length-1].raw+="\n":t.push(n);else if(n=this.tokenizer.code(e))e=e.substring(n.raw.length),s=t[t.length-1],!s||"paragraph"!==s.type&&"text"!==s.type?t.push(n):(s.raw+="\n"+n.raw,s.text+="\n"+n.text,this.inlineQueue[this.inlineQueue.length-1].src=s.text);else if(n=this.tokenizer.fences(e))e=e.substring(n.raw.length),t.push(n);else if(n=this.tokenizer.heading(e))e=e.substring(n.raw.length),t.push(n);else if(n=this.tokenizer.hr(e))e=e.substring(n.raw.length),t.push(n);else if(n=this.tokenizer.blockquote(e))e=e.substring(n.raw.length),t.push(n);else if(n=this.tokenizer.list(e))e=e.substring(n.raw.length),t.push(n);else if(n=this.tokenizer.html(e))e=e.substring(n.raw.length),t.push(n);else if(n=this.tokenizer.def(e))e=e.substring(n.raw.length),s=t[t.length-1],!s||"paragraph"!==s.type&&"text"!==s.type?this.tokens.links[n.tag]||(this.tokens.links[n.tag]={href:n.href,title:n.title}):(s.raw+="\n"+n.raw,s.text+="\n"+n.raw,this.inlineQueue[this.inlineQueue.length-1].src=s.text);else if(n=this.tokenizer.table(e))e=e.substring(n.raw.length),t.push(n);else if(n=this.tokenizer.lheading(e))e=e.substring(n.raw.length),t.push(n);else{if(r=e,this.options.extensions&&this.options.extensions.startBlock){let t=1/0;const n=e.slice(1);let s;this.options.extensions.startBlock.forEach((e=>{s=e.call({lexer:this},n),"number"==typeof s&&s>=0&&(t=Math.min(t,s))})),t<1/0&&t>=0&&(r=e.substring(0,t+1))}if(this.state.top&&(n=this.tokenizer.paragraph(r)))s=t[t.length-1],i&&"paragraph"===s.type?(s.raw+="\n"+n.raw,s.text+="\n"+n.text,this.inlineQueue.pop(),this.inlineQueue[this.inlineQueue.length-1].src=s.text):t.push(n),i=r.length!==e.length,e=e.substring(n.raw.length);else if(n=this.tokenizer.text(e))e=e.substring(n.raw.length),s=t[t.length-1],s&&"text"===s.type?(s.raw+="\n"+n.raw,s.text+="\n"+n.text,this.inlineQueue.pop(),this.inlineQueue[this.inlineQueue.length-1].src=s.text):t.push(n);else if(e){const t="Infinite loop on byte: "+e.charCodeAt(0);if(this.options.silent){console.error(t);break}throw new Error(t)}}return this.state.top=!0,t}inline(e,t=[]){return this.inlineQueue.push({src:e,tokens:t}),t}inlineTokens(e,t=[]){let n,s,r,i,l,o,a=e;if(this.tokens.links){const e=Object.keys(this.tokens.links);if(e.length>0)for(;null!=(i=this.tokenizer.rules.inline.reflinkSearch.exec(a));)e.includes(i[0].slice(i[0].lastIndexOf("[")+1,-1))&&(a=a.slice(0,i.index)+"["+"a".repeat(i[0].length-2)+"]"+a.slice(this.tokenizer.rules.inline.reflinkSearch.lastIndex))}for(;null!=(i=this.tokenizer.rules.inline.blockSkip.exec(a));)a=a.slice(0,i.index)+"["+"a".repeat(i[0].length-2)+"]"+a.slice(this.tokenizer.rules.inline.blockSkip.lastIndex);for(;null!=(i=this.tokenizer.rules.inline.anyPunctuation.exec(a));)a=a.slice(0,i.index)+"++"+a.slice(this.tokenizer.rules.inline.anyPunctuation.lastIndex);for(;e;)if(l||(o=""),l=!1,!(this.options.extensions&&this.options.extensions.inline&&this.options.extensions.inline.some((s=>!!(n=s.call({lexer:this},e,t))&&(e=e.substring(n.raw.length),t.push(n),!0)))))if(n=this.tokenizer.escape(e))e=e.substring(n.raw.length),t.push(n);else if(n=this.tokenizer.tag(e))e=e.substring(n.raw.length),s=t[t.length-1],s&&"text"===n.type&&"text"===s.type?(s.raw+=n.raw,s.text+=n.text):t.push(n);else if(n=this.tokenizer.link(e))e=e.substring(n.raw.length),t.push(n);else if(n=this.tokenizer.reflink(e,this.tokens.links))e=e.substring(n.raw.length),s=t[t.length-1],s&&"text"===n.type&&"text"===s.type?(s.raw+=n.raw,s.text+=n.text):t.push(n);else if(n=this.tokenizer.emStrong(e,a,o))e=e.substring(n.raw.length),t.push(n);else if(n=this.tokenizer.codespan(e))e=e.substring(n.raw.length),t.push(n);else if(n=this.tokenizer.br(e))e=e.substring(n.raw.length),t.push(n);else if(n=this.tokenizer.del(e))e=e.substring(n.raw.length),t.push(n);else if(n=this.tokenizer.autolink(e))e=e.substring(n.raw.length),t.push(n);else if(this.state.inLink||!(n=this.tokenizer.url(e))){if(r=e,this.options.extensions&&this.options.extensions.startInline){let t=1/0;const n=e.slice(1);let s;this.options.extensions.startInline.forEach((e=>{s=e.call({lexer:this},n),"number"==typeof s&&s>=0&&(t=Math.min(t,s))})),t<1/0&&t>=0&&(r=e.substring(0,t+1))}if(n=this.tokenizer.inlineText(r))e=e.substring(n.raw.length),"_"!==n.raw.slice(-1)&&(o=n.raw.slice(-1)),l=!0,s=t[t.length-1],s&&"text"===s.type?(s.raw+=n.raw,s.text+=n.text):t.push(n);else if(e){const t="Infinite loop on byte: "+e.charCodeAt(0);if(this.options.silent){console.error(t);break}throw new Error(t)}}else e=e.substring(n.raw.length),t.push(n);return t}}class se{options;constructor(t){this.options=t||e.defaults}code(e,t,n){const s=(t||"").match(/^\S*/)?.[0];return e=e.replace(/\n$/,"")+"\n",s?'
'+(n?e:c(e,!0))+"
\n":"
"+(n?e:c(e,!0))+"
\n"}blockquote(e){return`
\n${e}
\n`}html(e,t){return e}heading(e,t,n){return`${e}\n`}hr(){return"
\n"}list(e,t,n){const s=t?"ol":"ul";return"<"+s+(t&&1!==n?' start="'+n+'"':"")+">\n"+e+"\n"}listitem(e,t,n){return`
  • ${e}
    • \n`}checkbox(e){return"'}paragraph(e){return`

    ${e}

    \n`}table(e,t){return t&&(t=`${t}`),"\n\n"+e+"\n"+t+"
    \n"}tablerow(e){return`\n${e}\n`}tablecell(e,t){const n=t.header?"th":"td";return(t.align?`<${n} align="${t.align}">`:`<${n}>`)+e+`\n`}strong(e){return`${e}`}em(e){return`${e}`}codespan(e){return`${e}`}br(){return"
    "}del(e){return`${e}`}link(e,t,n){const s=g(e);if(null===s)return n;let r='    ",r}image(e,t,n){const s=g(e);if(null===s)return n;let r=`${n}0&&"paragraph"===n.tokens[0].type?(n.tokens[0].text=e+" "+n.tokens[0].text,n.tokens[0].tokens&&n.tokens[0].tokens.length>0&&"text"===n.tokens[0].tokens[0].type&&(n.tokens[0].tokens[0].text=e+" "+n.tokens[0].tokens[0].text)):n.tokens.unshift({type:"text",text:e+" "}):o+=e+" "}o+=this.parse(n.tokens,i),l+=this.renderer.listitem(o,r,!!s)}n+=this.renderer.list(l,t,s);continue}case"html":{const e=r;n+=this.renderer.html(e.text,e.block);continue}case"paragraph":{const e=r;n+=this.renderer.paragraph(this.parseInline(e.tokens));continue}case"text":{let i=r,l=i.tokens?this.parseInline(i.tokens):i.text;for(;s+1{const r=e[s].flat(1/0);n=n.concat(this.walkTokens(r,t))})):e.tokens&&(n=n.concat(this.walkTokens(e.tokens,t)))}}return n}use(...e){const t=this.defaults.extensions||{renderers:{},childTokens:{}};return e.forEach((e=>{const n={...e};if(n.async=this.defaults.async||n.async||!1,e.extensions&&(e.extensions.forEach((e=>{if(!e.name)throw new Error("extension name required");if("renderer"in e){const n=t.renderers[e.name];t.renderers[e.name]=n?function(...t){let s=e.renderer.apply(this,t);return!1===s&&(s=n.apply(this,t)),s}:e.renderer}if("tokenizer"in e){if(!e.level||"block"!==e.level&&"inline"!==e.level)throw new Error("extension level must be 'block' or 'inline'");const n=t[e.level];n?n.unshift(e.tokenizer):t[e.level]=[e.tokenizer],e.start&&("block"===e.level?t.startBlock?t.startBlock.push(e.start):t.startBlock=[e.start]:"inline"===e.level&&(t.startInline?t.startInline.push(e.start):t.startInline=[e.start]))}"childTokens"in e&&e.childTokens&&(t.childTokens[e.name]=e.childTokens)})),n.extensions=t),e.renderer){const t=this.defaults.renderer||new se(this.defaults);for(const n in e.renderer){if(!(n in t))throw new Error(`renderer '${n}' does not exist`);if("options"===n)continue;const s=n,r=e.renderer[s],i=t[s];t[s]=(...e)=>{let n=r.apply(t,e);return!1===n&&(n=i.apply(t,e)),n||""}}n.renderer=t}if(e.tokenizer){const t=this.defaults.tokenizer||new w(this.defaults);for(const n in e.tokenizer){if(!(n in t))throw new Error(`tokenizer '${n}' does not exist`);if(["options","rules","lexer"].includes(n))continue;const s=n,r=e.tokenizer[s],i=t[s];t[s]=(...e)=>{let n=r.apply(t,e);return!1===n&&(n=i.apply(t,e)),n}}n.tokenizer=t}if(e.hooks){const t=this.defaults.hooks||new le;for(const n in e.hooks){if(!(n in t))throw new Error(`hook '${n}' does not exist`);if("options"===n)continue;const s=n,r=e.hooks[s],i=t[s];le.passThroughHooks.has(n)?t[s]=e=>{if(this.defaults.async)return Promise.resolve(r.call(t,e)).then((e=>i.call(t,e)));const n=r.call(t,e);return i.call(t,n)}:t[s]=(...e)=>{let n=r.apply(t,e);return!1===n&&(n=i.apply(t,e)),n}}n.hooks=t}if(e.walkTokens){const t=this.defaults.walkTokens,s=e.walkTokens;n.walkTokens=function(e){let n=[];return n.push(s.call(this,e)),t&&(n=n.concat(t.call(this,e))),n}}this.defaults={...this.defaults,...n}})),this}setOptions(e){return this.defaults={...this.defaults,...e},this}lexer(e,t){return ne.lex(e,t??this.defaults)}parser(e,t){return ie.parse(e,t??this.defaults)}#e(e,t){return(n,s)=>{const r={...s},i={...this.defaults,...r};!0===this.defaults.async&&!1===r.async&&(i.silent||console.warn("marked(): The async option was set to true by an extension. The async: false option sent to parse will be ignored."),i.async=!0);const l=this.#t(!!i.silent,!!i.async);if(null==n)return l(new Error("marked(): input parameter is undefined or null"));if("string"!=typeof n)return l(new Error("marked(): input parameter is of type "+Object.prototype.toString.call(n)+", string expected"));if(i.hooks&&(i.hooks.options=i),i.async)return Promise.resolve(i.hooks?i.hooks.preprocess(n):n).then((t=>e(t,i))).then((e=>i.hooks?i.hooks.processAllTokens(e):e)).then((e=>i.walkTokens?Promise.all(this.walkTokens(e,i.walkTokens)).then((()=>e)):e)).then((e=>t(e,i))).then((e=>i.hooks?i.hooks.postprocess(e):e)).catch(l);try{i.hooks&&(n=i.hooks.preprocess(n));let s=e(n,i);i.hooks&&(s=i.hooks.processAllTokens(s)),i.walkTokens&&this.walkTokens(s,i.walkTokens);let r=t(s,i);return i.hooks&&(r=i.hooks.postprocess(r)),r}catch(e){return l(e)}}}#t(e,t){return n=>{if(n.message+="\nPlease report this to https://github.com/markedjs/marked.",e){const e="

    An error occurred:

    "+c(n.message+"",!0)+"
    ";return t?Promise.resolve(e):e}if(t)return Promise.reject(n);throw n}}}const ae=new oe;function ce(e,t){return ae.parse(e,t)}ce.options=ce.setOptions=function(e){return ae.setOptions(e),ce.defaults=ae.defaults,n(ce.defaults),ce},ce.getDefaults=t,ce.defaults=e.defaults,ce.use=function(...e){return ae.use(...e),ce.defaults=ae.defaults,n(ce.defaults),ce},ce.walkTokens=function(e,t){return ae.walkTokens(e,t)},ce.parseInline=ae.parseInline,ce.Parser=ie,ce.parser=ie.parse,ce.Renderer=se,ce.TextRenderer=re,ce.Lexer=ne,ce.lexer=ne.lex,ce.Tokenizer=w,ce.Hooks=le,ce.parse=ce;const he=ce.options,pe=ce.setOptions,ue=ce.use,ke=ce.walkTokens,ge=ce.parseInline,fe=ce,de=ie.parse,xe=ne.lex;e.Hooks=le,e.Lexer=ne,e.Marked=oe,e.Parser=ie,e.Renderer=se,e.TextRenderer=re,e.Tokenizer=w,e.getDefaults=t,e.lexer=xe,e.marked=ce,e.options=he,e.parse=fe,e.parseInline=ge,e.parser=de,e.setOptions=pe,e.use=ue,e.walkTokens=ke})); diff --git a/lms/static/purify.js b/lms/static/purify.js new file mode 100644 index 00000000..56bf4d96 --- /dev/null +++ b/lms/static/purify.js @@ -0,0 +1,4 @@ +// https://cdn.jsdelivr.net/npm/dompurify/dist/purify.min.js +/*! @license DOMPurify 3.0.9 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.0.9/LICENSE */ +!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e||self).DOMPurify=t()}(this,(function(){"use strict";const{entries:e,setPrototypeOf:t,isFrozen:n,getPrototypeOf:o,getOwnPropertyDescriptor:r}=Object;let{freeze:i,seal:a,create:l}=Object,{apply:c,construct:s}="undefined"!=typeof Reflect&&Reflect;i||(i=function(e){return e}),a||(a=function(e){return e}),c||(c=function(e,t,n){return e.apply(t,n)}),s||(s=function(e,t){return new e(...t)});const u=N(Array.prototype.forEach),m=N(Array.prototype.pop),f=N(Array.prototype.push),p=N(String.prototype.toLowerCase),d=N(String.prototype.toString),h=N(String.prototype.match),g=N(String.prototype.replace),T=N(String.prototype.indexOf),y=N(String.prototype.trim),E=N(Object.prototype.hasOwnProperty),A=N(RegExp.prototype.test),_=(b=TypeError,function(){for(var e=arguments.length,t=new Array(e),n=0;n1?n-1:0),r=1;r2&&void 0!==arguments[2]?arguments[2]:p;t&&t(e,null);let i=o.length;for(;i--;){let t=o[i];if("string"==typeof t){const e=r(t);e!==t&&(n(o)||(o[i]=e),t=e)}e[t]=!0}return e}function R(e){for(let t=0;t/gm),B=a(/\${[\w\W]*}/gm),W=a(/^data-[\-\w.\u00B7-\uFFFF]/),G=a(/^aria-[\-\w]+$/),Y=a(/^(?:(?:(?:f|ht)tps?|mailto|tel|callto|sms|cid|xmpp):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i),j=a(/^(?:\w+script|data):/i),q=a(/[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205F\u3000]/g),X=a(/^html$/i);var K=Object.freeze({__proto__:null,MUSTACHE_EXPR:H,ERB_EXPR:z,TMPLIT_EXPR:B,DATA_ATTR:W,ARIA_ATTR:G,IS_ALLOWED_URI:Y,IS_SCRIPT_OR_DATA:j,ATTR_WHITESPACE:q,DOCTYPE_NAME:X});const V=function(){return"undefined"==typeof window?null:window},$=function(e,t){if("object"!=typeof e||"function"!=typeof e.createPolicy)return null;let n=null;const o="data-tt-policy-suffix";t&&t.hasAttribute(o)&&(n=t.getAttribute(o));const r="dompurify"+(n?"#"+n:"");try{return e.createPolicy(r,{createHTML:e=>e,createScriptURL:e=>e})}catch(e){return console.warn("TrustedTypes policy "+r+" could not be created."),null}};var Z=function t(){let n=arguments.length>0&&void 0!==arguments[0]?arguments[0]:V();const o=e=>t(e);if(o.version="3.0.9",o.removed=[],!n||!n.document||9!==n.document.nodeType)return o.isSupported=!1,o;let{document:r}=n;const a=r,c=a.currentScript,{DocumentFragment:s,HTMLTemplateElement:b,Node:N,Element:R,NodeFilter:H,NamedNodeMap:z=n.NamedNodeMap||n.MozNamedAttrMap,HTMLFormElement:B,DOMParser:W,trustedTypes:G}=n,j=R.prototype,q=D(j,"cloneNode"),Z=D(j,"nextSibling"),J=D(j,"childNodes"),Q=D(j,"parentNode");if("function"==typeof b){const e=r.createElement("template");e.content&&e.content.ownerDocument&&(r=e.content.ownerDocument)}let ee,te="";const{implementation:ne,createNodeIterator:oe,createDocumentFragment:re,getElementsByTagName:ie}=r,{importNode:ae}=a;let le={};o.isSupported="function"==typeof e&&"function"==typeof Q&&ne&&void 0!==ne.createHTMLDocument;const{MUSTACHE_EXPR:ce,ERB_EXPR:se,TMPLIT_EXPR:ue,DATA_ATTR:me,ARIA_ATTR:fe,IS_SCRIPT_OR_DATA:pe,ATTR_WHITESPACE:de}=K;let{IS_ALLOWED_URI:he}=K,ge=null;const Te=S({},[...L,...x,...v,...k,...I]);let ye=null;const Ee=S({},[...M,...U,...P,...F]);let Ae=Object.seal(l(null,{tagNameCheck:{writable:!0,configurable:!1,enumerable:!0,value:null},attributeNameCheck:{writable:!0,configurable:!1,enumerable:!0,value:null},allowCustomizedBuiltInElements:{writable:!0,configurable:!1,enumerable:!0,value:!1}})),_e=null,be=null,Ne=!0,Se=!0,Re=!1,we=!0,De=!1,Le=!1,xe=!1,ve=!1,Ce=!1,ke=!1,Oe=!1,Ie=!0,Me=!1;const Ue="user-content-";let Pe=!0,Fe=!1,He={},ze=null;const Be=S({},["annotation-xml","audio","colgroup","desc","foreignobject","head","iframe","math","mi","mn","mo","ms","mtext","noembed","noframes","noscript","plaintext","script","style","svg","template","thead","title","video","xmp"]);let We=null;const Ge=S({},["audio","video","img","source","image","track"]);let Ye=null;const je=S({},["alt","class","for","id","label","name","pattern","placeholder","role","summary","title","value","style","xmlns"]),qe="http://www.w3.org/1998/Math/MathML",Xe="http://www.w3.org/2000/svg",Ke="http://www.w3.org/1999/xhtml";let Ve=Ke,$e=!1,Ze=null;const Je=S({},[qe,Xe,Ke],d);let Qe=null;const et=["application/xhtml+xml","text/html"],tt="text/html";let nt=null,ot=null;const rt=r.createElement("form"),it=function(e){return e instanceof RegExp||e instanceof Function},at=function(){let e=arguments.length>0&&void 0!==arguments[0]?arguments[0]:{};if(!ot||ot!==e){if(e&&"object"==typeof e||(e={}),e=w(e),Qe=-1===et.indexOf(e.PARSER_MEDIA_TYPE)?tt:e.PARSER_MEDIA_TYPE,nt="application/xhtml+xml"===Qe?d:p,ge=E(e,"ALLOWED_TAGS")?S({},e.ALLOWED_TAGS,nt):Te,ye=E(e,"ALLOWED_ATTR")?S({},e.ALLOWED_ATTR,nt):Ee,Ze=E(e,"ALLOWED_NAMESPACES")?S({},e.ALLOWED_NAMESPACES,d):Je,Ye=E(e,"ADD_URI_SAFE_ATTR")?S(w(je),e.ADD_URI_SAFE_ATTR,nt):je,We=E(e,"ADD_DATA_URI_TAGS")?S(w(Ge),e.ADD_DATA_URI_TAGS,nt):Ge,ze=E(e,"FORBID_CONTENTS")?S({},e.FORBID_CONTENTS,nt):Be,_e=E(e,"FORBID_TAGS")?S({},e.FORBID_TAGS,nt):{},be=E(e,"FORBID_ATTR")?S({},e.FORBID_ATTR,nt):{},He=!!E(e,"USE_PROFILES")&&e.USE_PROFILES,Ne=!1!==e.ALLOW_ARIA_ATTR,Se=!1!==e.ALLOW_DATA_ATTR,Re=e.ALLOW_UNKNOWN_PROTOCOLS||!1,we=!1!==e.ALLOW_SELF_CLOSE_IN_ATTR,De=e.SAFE_FOR_TEMPLATES||!1,Le=e.WHOLE_DOCUMENT||!1,Ce=e.RETURN_DOM||!1,ke=e.RETURN_DOM_FRAGMENT||!1,Oe=e.RETURN_TRUSTED_TYPE||!1,ve=e.FORCE_BODY||!1,Ie=!1!==e.SANITIZE_DOM,Me=e.SANITIZE_NAMED_PROPS||!1,Pe=!1!==e.KEEP_CONTENT,Fe=e.IN_PLACE||!1,he=e.ALLOWED_URI_REGEXP||Y,Ve=e.NAMESPACE||Ke,Ae=e.CUSTOM_ELEMENT_HANDLING||{},e.CUSTOM_ELEMENT_HANDLING&&it(e.CUSTOM_ELEMENT_HANDLING.tagNameCheck)&&(Ae.tagNameCheck=e.CUSTOM_ELEMENT_HANDLING.tagNameCheck),e.CUSTOM_ELEMENT_HANDLING&&it(e.CUSTOM_ELEMENT_HANDLING.attributeNameCheck)&&(Ae.attributeNameCheck=e.CUSTOM_ELEMENT_HANDLING.attributeNameCheck),e.CUSTOM_ELEMENT_HANDLING&&"boolean"==typeof e.CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements&&(Ae.allowCustomizedBuiltInElements=e.CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements),De&&(Se=!1),ke&&(Ce=!0),He&&(ge=S({},I),ye=[],!0===He.html&&(S(ge,L),S(ye,M)),!0===He.svg&&(S(ge,x),S(ye,U),S(ye,F)),!0===He.svgFilters&&(S(ge,v),S(ye,U),S(ye,F)),!0===He.mathMl&&(S(ge,k),S(ye,P),S(ye,F))),e.ADD_TAGS&&(ge===Te&&(ge=w(ge)),S(ge,e.ADD_TAGS,nt)),e.ADD_ATTR&&(ye===Ee&&(ye=w(ye)),S(ye,e.ADD_ATTR,nt)),e.ADD_URI_SAFE_ATTR&&S(Ye,e.ADD_URI_SAFE_ATTR,nt),e.FORBID_CONTENTS&&(ze===Be&&(ze=w(ze)),S(ze,e.FORBID_CONTENTS,nt)),Pe&&(ge["#text"]=!0),Le&&S(ge,["html","head","body"]),ge.table&&(S(ge,["tbody"]),delete _e.tbody),e.TRUSTED_TYPES_POLICY){if("function"!=typeof e.TRUSTED_TYPES_POLICY.createHTML)throw _('TRUSTED_TYPES_POLICY configuration option must provide a "createHTML" hook.');if("function"!=typeof e.TRUSTED_TYPES_POLICY.createScriptURL)throw _('TRUSTED_TYPES_POLICY configuration option must provide a "createScriptURL" hook.');ee=e.TRUSTED_TYPES_POLICY,te=ee.createHTML("")}else void 0===ee&&(ee=$(G,c)),null!==ee&&"string"==typeof te&&(te=ee.createHTML(""));i&&i(e),ot=e}},lt=S({},["mi","mo","mn","ms","mtext"]),ct=S({},["foreignobject","desc","title","annotation-xml"]),st=S({},["title","style","font","a","script"]),ut=S({},[...x,...v,...C]),mt=S({},[...k,...O]),ft=function(e){let t=Q(e);t&&t.tagName||(t={namespaceURI:Ve,tagName:"template"});const n=p(e.tagName),o=p(t.tagName);return!!Ze[e.namespaceURI]&&(e.namespaceURI===Xe?t.namespaceURI===Ke?"svg"===n:t.namespaceURI===qe?"svg"===n&&("annotation-xml"===o||lt[o]):Boolean(ut[n]):e.namespaceURI===qe?t.namespaceURI===Ke?"math"===n:t.namespaceURI===Xe?"math"===n&&ct[o]:Boolean(mt[n]):e.namespaceURI===Ke?!(t.namespaceURI===Xe&&!ct[o])&&(!(t.namespaceURI===qe&&!lt[o])&&(!mt[n]&&(st[n]||!ut[n]))):!("application/xhtml+xml"!==Qe||!Ze[e.namespaceURI]))},pt=function(e){f(o.removed,{element:e});try{e.parentNode.removeChild(e)}catch(t){e.remove()}},dt=function(e,t){try{f(o.removed,{attribute:t.getAttributeNode(e),from:t})}catch(e){f(o.removed,{attribute:null,from:t})}if(t.removeAttribute(e),"is"===e&&!ye[e])if(Ce||ke)try{pt(t)}catch(e){}else try{t.setAttribute(e,"")}catch(e){}},ht=function(e){let t=null,n=null;if(ve)e=""+e;else{const t=h(e,/^[\r\n\t ]+/);n=t&&t[0]}"application/xhtml+xml"===Qe&&Ve===Ke&&(e=''+e+"");const o=ee?ee.createHTML(e):e;if(Ve===Ke)try{t=(new W).parseFromString(o,Qe)}catch(e){}if(!t||!t.documentElement){t=ne.createDocument(Ve,"template",null);try{t.documentElement.innerHTML=$e?te:o}catch(e){}}const i=t.body||t.documentElement;return e&&n&&i.insertBefore(r.createTextNode(n),i.childNodes[0]||null),Ve===Ke?ie.call(t,Le?"html":"body")[0]:Le?t.documentElement:i},gt=function(e){return oe.call(e.ownerDocument||e,e,H.SHOW_ELEMENT|H.SHOW_COMMENT|H.SHOW_TEXT,null)},Tt=function(e){return e instanceof B&&("string"!=typeof e.nodeName||"string"!=typeof e.textContent||"function"!=typeof e.removeChild||!(e.attributes instanceof z)||"function"!=typeof e.removeAttribute||"function"!=typeof e.setAttribute||"string"!=typeof e.namespaceURI||"function"!=typeof e.insertBefore||"function"!=typeof e.hasChildNodes)},yt=function(e){return"function"==typeof N&&e instanceof N},Et=function(e,t,n){le[e]&&u(le[e],(e=>{e.call(o,t,n,ot)}))},At=function(e){let t=null;if(Et("beforeSanitizeElements",e,null),Tt(e))return pt(e),!0;const n=nt(e.nodeName);if(Et("uponSanitizeElement",e,{tagName:n,allowedTags:ge}),e.hasChildNodes()&&!yt(e.firstElementChild)&&A(/<[/\w]/g,e.innerHTML)&&A(/<[/\w]/g,e.textContent))return pt(e),!0;if(!ge[n]||_e[n]){if(!_e[n]&&bt(n)){if(Ae.tagNameCheck instanceof RegExp&&A(Ae.tagNameCheck,n))return!1;if(Ae.tagNameCheck instanceof Function&&Ae.tagNameCheck(n))return!1}if(Pe&&!ze[n]){const t=Q(e)||e.parentNode,n=J(e)||e.childNodes;if(n&&t){for(let o=n.length-1;o>=0;--o)t.insertBefore(q(n[o],!0),Z(e))}}return pt(e),!0}return e instanceof R&&!ft(e)?(pt(e),!0):"noscript"!==n&&"noembed"!==n&&"noframes"!==n||!A(/<\/no(script|embed|frames)/i,e.innerHTML)?(De&&3===e.nodeType&&(t=e.textContent,u([ce,se,ue],(e=>{t=g(t,e," ")})),e.textContent!==t&&(f(o.removed,{element:e.cloneNode()}),e.textContent=t)),Et("afterSanitizeElements",e,null),!1):(pt(e),!0)},_t=function(e,t,n){if(Ie&&("id"===t||"name"===t)&&(n in r||n in rt))return!1;if(Se&&!be[t]&&A(me,t));else if(Ne&&A(fe,t));else if(!ye[t]||be[t]){if(!(bt(e)&&(Ae.tagNameCheck instanceof RegExp&&A(Ae.tagNameCheck,e)||Ae.tagNameCheck instanceof Function&&Ae.tagNameCheck(e))&&(Ae.attributeNameCheck instanceof RegExp&&A(Ae.attributeNameCheck,t)||Ae.attributeNameCheck instanceof Function&&Ae.attributeNameCheck(t))||"is"===t&&Ae.allowCustomizedBuiltInElements&&(Ae.tagNameCheck instanceof RegExp&&A(Ae.tagNameCheck,n)||Ae.tagNameCheck instanceof Function&&Ae.tagNameCheck(n))))return!1}else if(Ye[t]);else if(A(he,g(n,de,"")));else if("src"!==t&&"xlink:href"!==t&&"href"!==t||"script"===e||0!==T(n,"data:")||!We[e]){if(Re&&!A(pe,g(n,de,"")));else if(n)return!1}else;return!0},bt=function(e){return"annotation-xml"!==e&&e.indexOf("-")>0},Nt=function(e){Et("beforeSanitizeAttributes",e,null);const{attributes:t}=e;if(!t)return;const n={attrName:"",attrValue:"",keepAttr:!0,allowedAttributes:ye};let r=t.length;for(;r--;){const i=t[r],{name:a,namespaceURI:l,value:c}=i,s=nt(a);let f="value"===a?c:y(c);if(n.attrName=s,n.attrValue=f,n.keepAttr=!0,n.forceKeepAttr=void 0,Et("uponSanitizeAttribute",e,n),f=n.attrValue,n.forceKeepAttr)continue;if(dt(a,e),!n.keepAttr)continue;if(!we&&A(/\/>/i,f)){dt(a,e);continue}De&&u([ce,se,ue],(e=>{f=g(f,e," ")}));const p=nt(e.nodeName);if(_t(p,s,f)){if(!Me||"id"!==s&&"name"!==s||(dt(a,e),f=Ue+f),ee&&"object"==typeof G&&"function"==typeof G.getAttributeType)if(l);else switch(G.getAttributeType(p,s)){case"TrustedHTML":f=ee.createHTML(f);break;case"TrustedScriptURL":f=ee.createScriptURL(f)}try{l?e.setAttributeNS(l,a,f):e.setAttribute(a,f),m(o.removed)}catch(e){}}}Et("afterSanitizeAttributes",e,null)},St=function e(t){let n=null;const o=gt(t);for(Et("beforeSanitizeShadowDOM",t,null);n=o.nextNode();)Et("uponSanitizeShadowNode",n,null),At(n)||(n.content instanceof s&&e(n.content),Nt(n));Et("afterSanitizeShadowDOM",t,null)};return o.sanitize=function(e){let t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},n=null,r=null,i=null,l=null;if($e=!e,$e&&(e="\x3c!--\x3e"),"string"!=typeof e&&!yt(e)){if("function"!=typeof e.toString)throw _("toString is not a function");if("string"!=typeof(e=e.toString()))throw _("dirty is not a string, aborting")}if(!o.isSupported)return e;if(xe||at(t),o.removed=[],"string"==typeof e&&(Fe=!1),Fe){if(e.nodeName){const t=nt(e.nodeName);if(!ge[t]||_e[t])throw _("root node is forbidden and cannot be sanitized in-place")}}else if(e instanceof N)n=ht("\x3c!----\x3e"),r=n.ownerDocument.importNode(e,!0),1===r.nodeType&&"BODY"===r.nodeName||"HTML"===r.nodeName?n=r:n.appendChild(r);else{if(!Ce&&!De&&!Le&&-1===e.indexOf("<"))return ee&&Oe?ee.createHTML(e):e;if(n=ht(e),!n)return Ce?null:Oe?te:""}n&&ve&&pt(n.firstChild);const c=gt(Fe?e:n);for(;i=c.nextNode();)At(i)||(i.content instanceof s&&St(i.content),Nt(i));if(Fe)return e;if(Ce){if(ke)for(l=re.call(n.ownerDocument);n.firstChild;)l.appendChild(n.firstChild);else l=n;return(ye.shadowroot||ye.shadowrootmode)&&(l=ae.call(a,l,!0)),l}let m=Le?n.outerHTML:n.innerHTML;return Le&&ge["!doctype"]&&n.ownerDocument&&n.ownerDocument.doctype&&n.ownerDocument.doctype.name&&A(X,n.ownerDocument.doctype.name)&&(m="\n"+m),De&&u([ce,se,ue],(e=>{m=g(m,e," ")})),ee&&Oe?ee.createHTML(m):m},o.setConfig=function(){let e=arguments.length>0&&void 0!==arguments[0]?arguments[0]:{};at(e),xe=!0},o.clearConfig=function(){ot=null,xe=!1},o.isValidAttribute=function(e,t,n){ot||at({});const o=nt(e),r=nt(t);return _t(o,r,n)},o.addHook=function(e,t){"function"==typeof t&&(le[e]=le[e]||[],f(le[e],t))},o.removeHook=function(e){if(le[e])return m(le[e])},o.removeHooks=function(e){le[e]&&(le[e]=[])},o.removeAllHooks=function(){le={}},o}();return Z})); +//# sourceMappingURL=purify.min.js.map diff --git a/lms/templates/view.html b/lms/templates/view.html index 67c6685a..08b6b8c1 100644 --- a/lms/templates/view.html +++ b/lms/templates/view.html @@ -147,6 +147,8 @@

    {{ _('Comments for this exercise') }}

    {% if not shared_url %} + + {%- if is_manager or config.USERS_COMMENTS %} From f982fec1e3dab8bf9a0f0422e79355869b7516b5 Mon Sep 17 00:00:00 2001 From: Yam Mesicka Date: Wed, 28 Feb 2024 01:11:52 +0200 Subject: [PATCH 13/18] fix: Change email BREAKING CHANGES: Autochecker user is now `lms-checker@python*ic*.guru`, soon to be configured using the configuration file. Should also change it accordingly in the database. --- lms/lmsdb/models.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lms/lmsdb/models.py b/lms/lmsdb/models.py index 45851c01..138d0476 100644 --- a/lms/lmsdb/models.py +++ b/lms/lmsdb/models.py @@ -193,8 +193,8 @@ def has_course(self, course_id: int) -> bool: @classmethod def get_system_user(cls) -> 'User': instance, _ = cls.get_or_create(**{ - cls.mail_address.name: 'linter-checks@python.guru', - User.username.name: 'linter-checks@python.guru', + cls.mail_address.name: 'linter-checks@pythonic.guru', + User.username.name: 'linter-checks@pythonic.guru', }, defaults={ User.fullname.name: 'Checker guru', User.role.name: Role.get_staff_role(), From a43528e0898daca0d24d9a666400832b95640587 Mon Sep 17 00:00:00 2001 From: Yam Mesicka Date: Fri, 1 Mar 2024 10:57:19 +0200 Subject: [PATCH 14/18] feat: Better comments section (#366) * refactor: Smarter code line JS/CSS modeling * feat: Add comment component * fix: Erlang cookie might be a dir: add rm -r * fix: linter email problem + migration * dev(comment): Added field to `Comment._by_file` * refactor(comment): `comment.delete` now gets id as a parameter, instead of using the `request` object. * fix: Better indication of errors on /comment endpoint * feat: Comments now also show user's gravatar * fix: Responsibility issues * tests: Add test for all the refactors KNOWN BUG: New edit button doesn't work ATM. --- devops/build.sh | 2 +- devops/lms.yml | 4 +- lms/lmsdb/bootstrap.py | 17 +++ lms/lmsdb/models.py | 8 +- lms/lmsweb/views.py | 41 +++++-- lms/models/comments.py | 15 +-- lms/models/users.py | 36 ++++-- lms/static/comments.js | 181 ++++++++++++++++++++++------ lms/static/grader.js | 32 ++--- lms/static/keyboard.js | 4 +- lms/static/my.css | 84 +++++++++++-- lms/templates/comment-template.html | 148 +++++++++++++++++++++++ lms/templates/view.html | 5 +- tests/test_comments.py | 56 +++++++++ tests/test_solutions.py | 37 ++++-- tests/test_users.py | 45 ++++++- 16 files changed, 602 insertions(+), 113 deletions(-) create mode 100644 lms/templates/comment-template.html create mode 100644 tests/test_comments.py diff --git a/devops/build.sh b/devops/build.sh index 97943fb4..13455d66 100755 --- a/devops/build.sh +++ b/devops/build.sh @@ -6,7 +6,7 @@ MAIN_FOLDER="${SCRIPT_FOLDER}/.." echo "Using sudo to remove the old erlang cookie" ERLANG_COOKIE_FILE="${SCRIPT_FOLDER}/rabbitmq.cookie" -sudo rm -f "$ERLANG_COOKIE_FILE" +sudo rm -rf "$ERLANG_COOKIE_FILE" echo "Running build on folder ${MAIN_FOLDER}" ( cd "${MAIN_FOLDER}" && docker build -t lms . ) diff --git a/devops/lms.yml b/devops/lms.yml index 98bfbb23..94becd49 100644 --- a/devops/lms.yml +++ b/devops/lms.yml @@ -132,5 +132,5 @@ volumes: networks: lms: - external: - name: lms + external: true + name: lms diff --git a/lms/lmsdb/bootstrap.py b/lms/lmsdb/bootstrap.py index e6dff390..09f08fe6 100644 --- a/lms/lmsdb/bootstrap.py +++ b/lms/lmsdb/bootstrap.py @@ -322,6 +322,22 @@ def _assessment_migration() -> bool: return True +def _linter_email_migration(): + old_mail_address = 'lms-checks@python.guru' + new_mail_address = 'lms-checks@pythonic.guru' + + find_user = models.User.select().where + mail_field = models.User.mail_address + + if find_user(mail_field == old_mail_address).exists(): + user = find_user(mail_field == old_mail_address).get() + user.mail_address = new_mail_address + user.save() + log.info(f'Changed {old_mail_address} to {new_mail_address} in User') + else: + log.info(f'{new_mail_address} already exists in User') + + def is_tables_exists(tables: Union[Model, Iterable[Model]]) -> bool: if not isinstance(tables, (tuple, list)): tables = (tables,) @@ -351,6 +367,7 @@ def main(): _uuid_migration() _add_user_course_constaint() + _linter_email_migration() models.create_basic_roles() if models.User.select().count() == 0: diff --git a/lms/lmsdb/models.py b/lms/lmsdb/models.py index 138d0476..4b5d5d99 100644 --- a/lms/lmsdb/models.py +++ b/lms/lmsdb/models.py @@ -1096,9 +1096,13 @@ def create_comment( @classmethod def _by_file(cls, file_id: int): fields = ( - cls.id, cls.line_number, cls.is_auto, - CommentText.id.alias('comment_id'), CommentText.text, + cls.id, + cls.line_number, + cls.is_auto, + cls.timestamp, + CommentText.text, SolutionFile.id.alias('file_id'), + User.id.alias('author_id'), User.fullname.alias('author_name'), User.role.alias('author_role'), ) diff --git a/lms/lmsweb/views.py b/lms/lmsweb/views.py index d61bb134..265a834b 100644 --- a/lms/lmsweb/views.py +++ b/lms/lmsweb/views.py @@ -1,3 +1,4 @@ +from functools import partial from typing import Any, Callable, Optional import arrow # type: ignore @@ -522,9 +523,11 @@ def note(user_id: int): @webapp.route("/comments", methods=["GET", "POST"]) @login_required def comment(): - act = request.args.get("act") or request.json.get("act") + act = request.args.get("act") + if act is None and request.json and request.json.get("act"): + act = request.json.get("act") - if request.method == "POST": + if request.method == "POST" and request.json: file_id = int(request.json.get("fileId", 0)) else: # it's a GET file_id = int(request.args.get("fileId", 0)) @@ -538,7 +541,10 @@ def comment(): return fail(403, "You aren't allowed to access this page.") if act == "fetch": - return jsonify(Comment.by_file(file_id)) + fetched_comments = Comment.by_file(file_id) + for c in fetched_comments: + c['avatar'] = get_avatar(c['author_id']) + return jsonify(fetched_comments) if ( not webapp.config.get("USERS_COMMENTS", False) @@ -547,7 +553,17 @@ def comment(): return fail(403, "You aren't allowed to access this page.") if act == "delete": - return try_or_fail(comments.delete) + comment_id = request.args.get('commentId') + if not comment_id: + return fail(400, "No comment id was given.") + + delete_comment = partial( + comments.delete, + comment_id=int(comment_id), + request_user_id=current_user.id, + is_manager=current_user.role.is_manager, + ) + return try_or_fail(delete_comment) if act == "create": user = User.get_or_none(User.id == current_user.id) @@ -560,12 +576,16 @@ def comment(): return jsonify( { "success": "true", + "id": comment_.id, + "file_id": comment_.file.id, + "line_number": comment_.line_number, "text": comment_.comment.text, - "is_auto": False, + "author_id": user.id, "author_name": user.fullname, "author_role": user.role.id, - "id": comment_.id, - "line_number": comment_.line_number, + "avatar": get_avatar(user.id), + "timestamp": comment_.timestamp, + "is_auto": False, }, ) @@ -821,6 +841,13 @@ def common_comments(exercise_id=None): return jsonify(comments._common_comments(exercise_id=exercise_id)) +@webapp.route("/user//avatar") +@login_required +def get_avatar(user_id: int): + # In the meanwhile, support gravatar only. + return users.get_gravatar(user_id) + + @webapp.template_filter("date_humanize") def _jinja2_filter_datetime(date): try: diff --git a/lms/models/comments.py b/lms/models/comments.py index c09d7491..5c38e579 100644 --- a/lms/models/comments.py +++ b/lms/models/comments.py @@ -1,7 +1,6 @@ from typing import Optional from flask import request -from flask_login import current_user # type: ignore from peewee import fn # type: ignore from lms.lmsdb.models import ( @@ -52,13 +51,15 @@ def _create_comment( ) -def delete(): - comment_id = int(request.args.get('commentId')) +def delete(*, comment_id: int, request_user_id: int, is_manager: bool = False): + if not isinstance(comment_id, int): + raise NotValidRequest('Invalid comment id.', 400) + comment_ = Comment.get_or_none(Comment.id == comment_id) - if ( - comment_.commenter.id != current_user.id - and not current_user.role.is_manager - ): + if comment_ is None: + raise ResourceNotFound('No such comment.', 404) + + if comment_.commenter.id != request_user_id and not is_manager: raise ForbiddenPermission( "You aren't allowed to access this page.", 403, ) diff --git a/lms/models/users.py b/lms/models/users.py index 463030fd..2754819c 100644 --- a/lms/models/users.py +++ b/lms/models/users.py @@ -1,13 +1,16 @@ +from functools import cache +import hashlib import re +from typing import cast -from flask_babel import gettext as _ # type: ignore +from flask_babel import gettext as _ from itsdangerous import URLSafeTimedSerializer from lms.lmsdb.models import Course, User, UserCourse from lms.lmsweb import config from lms.models.errors import ( - AlreadyExists, ForbiddenPermission, UnauthorizedError, - UnhashedPasswordError, + AlreadyExists, ForbiddenPermission, NotValidRequest, ResourceNotFound, + UnauthorizedError, UnhashedPasswordError, ) @@ -20,11 +23,22 @@ ) +def _to_user_object(user: int | User) -> User: + if isinstance(user, int): + user = cast(User, User.get_or_none(User.id == user)) + if user is None: + raise ResourceNotFound(_('User not found'), 404) + + if not isinstance(user, User): + raise NotValidRequest(_('User is not valid'), 400) + + return user + + def retrieve_salt(user: User) -> str: - password = HASHED_PASSWORD.match(user.password) - try: - return password.groupdict().get('salt') - except AttributeError: # should never happen + if password := HASHED_PASSWORD.match(str(user.password)): + return password.groupdict()['salt'] + else: raise UnhashedPasswordError('Password format is invalid.') @@ -57,3 +71,11 @@ def join_public_course(course: Course, user: User) -> None: course_name=course.name, ), 409, ) + + +@cache +def get_gravatar(user: int | User) -> str: + user = _to_user_object(user) + user_email = str(user.mail_address).strip().lower() + gravatar_hash = hashlib.sha256(user_email.encode('utf-8')).hexdigest() + return f'https://www.gravatar.com/avatar/{gravatar_hash}?d=404' diff --git a/lms/static/comments.js b/lms/static/comments.js index 0c0c372b..792f5fa4 100644 --- a/lms/static/comments.js +++ b/lms/static/comments.js @@ -29,49 +29,64 @@ function isSolverComment(commentData) { return (authorIsSolver && allowedComment); } -function formatCommentData(commentData) { - const commentText = DOMPurify.sanitize(marked.parse(commentData.text)); - let changedCommentText = `${commentData.author_name}: ${commentText}`; - if (window.isUserGrader() || isSolverComment(commentData)) { - const deleteButton = ``; - changedCommentText = `${deleteButton} ${changedCommentText}`; - } - return changedCommentText; +function createCommentLine(commentData) { + const commentLineElement = document.createElement('comment-line'); + const commentContent = DOMPurify.sanitize(marked.parse(commentData.text)); + + commentAttributes = { + 'data-comment-id': commentData.id, + 'data-file-id': commentData.file_id, + 'data-line': commentData.line_number, + 'data-author-role': commentData.author_role, + 'avatar': commentData.avatar, + 'name': commentData.author_name, + 'date': commentData.timestamp, + 'editor': window.isUserGrader() || isSolverComment(commentData), + } + + for (const [key, value] of Object.entries(commentAttributes)) { + commentLineElement.setAttribute(key, value); + } + + commentLineElement.innerHTML = `${commentContent}`; + + return commentLineElement; } -function addCommentToLine(line, commentData) { - const commentElement = document.querySelector(`.line[data-line="${line}"]`); - const formattedComment = formatCommentData(commentData); - const commentText = `${formattedComment}`; - let existingPopover = bootstrap.Popover.getInstance(commentElement); - if (existingPopover !== null) { - const existingContent = `${existingPopover._config.content}
    `; - existingPopover._config.content = existingContent + commentText; - } else { - existingPopover = new bootstrap.Popover(commentElement, { - html: true, - title: `ืฉื•ืจื” ${line}`, - content: commentText, - sanitize: false, - boundary: 'viewport', - placement: 'auto', - }); +function getCommentsContainer(line) { + let commentsContainer = document.querySelector(`.comments-container[data-line="${line}"]`); + if (commentsContainer !== null) { + return commentsContainer; + } - commentElement.addEventListener('shown.bs.popover', function () { - Prism.highlightAllUnder(existingPopover.tip); - }) + const lineContainer = document.querySelector(`.line-container[data-line="${line}"]`); + commentsContainer = document.createElement('div'); + commentsContainer.classList.add('comments-container'); + commentsContainer.setAttribute('data-line', line); + + if (document.documentElement?.dir === 'rtl') { + commentsContainer.classList.add('rtl'); } - commentElement.dataset.comment = 'true'; - if ((commentData.is_auto) && (commentElement.dataset.marked !== 'true')) { - markLine(commentElement, FLAKE_COMMENTED_LINE_COLOR); - } else { - const lineColor = window.getLineColorByRole(commentData.author_role); - markLine(commentElement, lineColor, true); - commentElement.dataset.marked = true; + lineContainer.insertAdjacentElement('afterend', commentsContainer); + return commentsContainer; +} + +function addCommentToLine(line, commentData) { + const commentedLine = document.querySelector(`.line-container[data-line="${line}"]`); + if (commentedLine === null) { + console.error(`No line found for comment: ${commentData.id}`); + return; } - return existingPopover; + const commentsContainer = getCommentsContainer(line); + const commentLine = createCommentLine(commentData); + commentsContainer.appendChild(commentLine); + Prism.highlightAllUnder(commentLine); + + commentedLine.dataset.comment = 'true'; + + return commentLine; } function getLineColorByRole(authorRole) { @@ -132,12 +147,13 @@ function addLineSpansToPre(items) { const openSpans = []; Array.from(items).forEach((item) => { const code = item.innerHTML.trim().split('\n'); + const digits = code.length.toString().length; item.innerHTML = code.map( (line, i) => { let lineContent = openSpans.join('') + line; updateOpenedSpans(openSpans, line); lineContent += ''.repeat(openSpans.length); - const wrappedLine = `${lineContent}`; + const wrappedLine = `
    ${i + 1} ${lineContent}
    `; return wrappedLine; }, ).join('\n'); @@ -145,6 +161,93 @@ function addLineSpansToPre(items) { window.dispatchEvent(new Event('lines-numbered')); } +class LineComment extends HTMLElement { + static observedAttributes = [ + 'data-line', 'avatar', 'name', 'date', 'editor', 'data-comment-id', 'data-file-id', + ]; + + constructor() { + super(); + this.attachShadow({ mode: 'open' }); + const template = document.getElementById('comment-template').content.cloneNode(true); + this.shadowRoot.appendChild(template); + } + + connectedCallback() { + this.#trackEditButton(); + this.#trackDeleteButton(); + this.updateComponent(); + } + + #trackEditButton() { + const editButton = this.shadowRoot.querySelector('.edit-btn'); + const commentId = this.getAttribute('data-comment-id'); + editButton.addEventListener('click', () => { + window.location.href = `/comments/${commentId}/edit`; + }); + } + + #trackDeleteButton() { + const deleteButton = this.shadowRoot.querySelector('.delete-btn'); + + const fileId = this.getAttribute('data-file-id'); + const commentId = this.getAttribute('data-comment-id'); + + deleteButton.addEventListener('click', () => { + deleteComment(fileId, commentId); + }); + } + + attributeChangedCallback(_, oldValue, newValue) { + if (oldValue !== newValue) { + this.updateComponent(); + } + } + + updateComponent() { + const img = this.shadowRoot.querySelector('.commenter-image'); + const name = this.shadowRoot.querySelector('.commenter-name'); + const dateElement = this.shadowRoot.querySelector('.comment-date-text'); + const editDeleteBtns = this.shadowRoot.querySelector('.edit-delete-btns'); + + img.src = this.getAttribute('avatar') || '/static/avatar.jpg'; + img.alt = `${this.getAttribute('name')}'s profile picture`; + + name.textContent = this.getAttribute('name'); + + const dateString = this.getAttribute('date'); + dateElement.textContent = this.formatDate(dateString); + dateElement.setAttribute('datetime', this.createDatetime(dateString)); + + editDeleteBtns.style.display = 'none'; + if (this.getAttribute('editor') === 'true') { + editDeleteBtns.style.display = 'flex'; + } + } + + formatDate(dateString) { + if (!dateString) return ''; + const lang = document.documentElement.lang; + const date = new Date(dateString); + const options = { + year: 'numeric', + month: 'numeric', + day: 'numeric', + hour: '2-digit', + minute: '2-digit', + } + return new Intl.DateTimeFormat(lang, options).format(date); + } + + createDatetime(dateString) { + const date = new Date(dateString); + let year = date.getFullYear(); + let month = String(date.getMonth() + 1).padStart(2, '0'); // JS months are 0-based + let day = String(date.getDate()).padStart(2, '0'); + return `${year}-${month}-${day}`; + } +} + function configureMarkdownParser() { marked.use({ renderer: { @@ -156,7 +259,7 @@ function configureMarkdownParser() { }); } -window.markLink = markLine; +window.markLine = markLine; window.hoverLine = hoverLine; window.addCommentToLine = addCommentToLine; window.getLineColorByRole = getLineColorByRole; @@ -167,7 +270,9 @@ window.addEventListener('load', () => { window.exerciseId = codeElementData.exercise; sessionStorage.setItem('role', codeElementData.role); sessionStorage.setItem('solver', codeElementData.solver); + sessionStorage.setItem('solverId', codeElementData.solverId); sessionStorage.setItem('allowedComment', codeElementData.allowedComment); + customElements.define('comment-line', LineComment); configureMarkdownParser(); addLineSpansToPre(document.getElementsByTagName('code')); pullComments(window.fileId, treatComments); diff --git a/lms/static/grader.js b/lms/static/grader.js index d40b8464..b47e1b01 100644 --- a/lms/static/grader.js +++ b/lms/static/grader.js @@ -26,29 +26,11 @@ function sendComment(kind, fileId, line, commentData) { } function visuallyRemoveComment(commentId) { - const commentElement = document.querySelector(`.grader-delete[data-commentid="${commentId}"]`).closest('.comment'); - const lineElement = document.querySelector(`.line[data-line="${commentElement.dataset.line}"]`); - const existingPopover = bootstrap.Popover.getInstance(lineElement); - const hr = commentElement.nextElementSibling || commentElement.previousElementSibling; - if (hr === null) { - lineElement.dataset.marked = false; - window.markLine(lineElement, 'none'); - const popover = bootstrap.Popover.getInstance(lineElement); - if (popover !== null) { - popover.dispose(); - } - } else { - let removeContent = `
    ${commentElement.outerHTML}`; - if (!existingPopover._config.content.includes(removeContent)) { - removeContent = `${commentElement.outerHTML}
    `; - } - existingPopover._config.content = existingPopover._config.content.replace(removeContent, ''); - const commentParent = commentElement.parentNode; - hr.parentNode.removeChild(hr); - commentParent.removeChild(commentElement); - const lastAuthorRole = commentParent.lastChild.previousElementSibling.dataset.authorRole; - const newLineColor = window.getLineColorByRole(lastAuthorRole); - window.markLine(lineElement, newLineColor, true); + const commentElement = document.querySelector(`comment-line[data-comment-id='${commentId}']`); + const commentsContainer = commentElement.parentElement; + commentElement.remove(); + if (commentsContainer.children.length === 0) { + commentsContainer.remove(); } } @@ -82,12 +64,12 @@ function sendExistsComment(...commentData) { function trackDragAreas(lineItems, addCommentItems) { function findElementsToMark(e) { const span = (e.target.nodeType === 3) ? e.target.parentNode : e.target; - let lineTarget = span.closest('.line'); + let lineTarget = span.closest('.line-container'); let addCommentTarget = span.closest('.grader-add'); const codeView = document.querySelector('#code-view'); if (lineTarget === null || addCommentTarget !== null) { const commentLine = addCommentTarget.dataset.line; - lineTarget = codeView.querySelector(`.line[data-line="${commentLine}"]`); + lineTarget = codeView.querySelector(`.line-container[data-line="${commentLine}"]`); } else { const commentLine = lineTarget.dataset.line; addCommentTarget = codeView.querySelector(`.grader-add[data-line="${commentLine}"]`); diff --git a/lms/static/keyboard.js b/lms/static/keyboard.js index f040416b..8d5e8df5 100644 --- a/lms/static/keyboard.js +++ b/lms/static/keyboard.js @@ -35,7 +35,7 @@ function highlightLinesThatStartsWith(lineNumber, enable) { const highlight = enable || (enable === undefined); const specificSelector = lineNumber && `^='${lineNumber}'`; const lines = document.querySelectorAll( - `#code-view .line[data-line${specificSelector}]`, + `#code-view .line-container[data-line${specificSelector}]`, ); Array.from(lines).forEach((line) => { line.dataset.vimbackground = highlight; @@ -68,7 +68,7 @@ function listenToKeys() { return; } const key = event.key.toLowerCase(); - const linesSelected = `#code-view .line[data-line='${lineNumber}']`; + const linesSelected = `#code-view .line-container[data-line='${lineNumber}']`; const graderAddButton = `.grader-add[data-line='${lineNumber}']`; if (key === 'q') { event.preventDefault(); diff --git a/lms/static/my.css b/lms/static/my.css index 553a0d49..3e447636 100644 --- a/lms/static/my.css +++ b/lms/static/my.css @@ -470,6 +470,7 @@ button#share-action:hover { flex-flow: column wrap; flex-basis: 70vw; flex-grow: 4; + border: 1px solid #e1e4e8; } #code-view { @@ -478,6 +479,43 @@ button#share-action:hover { overflow-x: hidden; } +.line-number { + box-sizing: content-box; + display: flex; + flex-shrink: 0; + justify-content: flex-end; + align-items: center; + padding-right: 0.75em; + text-align: right; + border-right: 1px solid #e1e4e8; + color: rgba(0, 0, 0, 0.5); +} + +.line { + display: inline-block; + width: 100%; + padding-inline-start: 0.5em; +} + +.comments-container { + display: flex; + width: 100%; + padding: 0.4em 0; + flex-direction: column; +} + +.comments-container code { + border: 1px solid #e1e4e8; + border-radius: 5px; + padding: 0.25rem; +} + +.line-comment { + display: flex; + background: white; + border-block: 1px solid #e1e4e8; +} + #code-toolbar { display: flex; background-color: #f5f2f0; @@ -669,17 +707,18 @@ ol.comments > li:active { cursor: grabbing; } -.comment-author { - color: #50514f; +.comment-text { + display: inline-flex; + flex-direction: column; + gap: 0.625rem; } -span.line { - cursor: pointer; - direction: ltr; - display: inline-block; - text-align: left; - width: calc(100% - 1.4em); - margin-left: 0.3em; +.comment-text p { + margin: 0; +} + +.comment-author { + color: #50514f; } #grader-buttons { @@ -695,7 +734,7 @@ span.line { margin-top: 1rem; } -.line[data-vimbackground="true"] { +.line-container[data-vimbackground="true"] { background: lightgreen; } @@ -715,14 +754,35 @@ code > code:last-of-type{ display: inherit; } */ +pre[class*="language-"] { + /* Override prism.js */ + padding: 0 !important; + margin: 0 !important; +} + +code#user-code { + display: flex; + flex-direction: column; +} -.line[data-marked="true"] { +.line-container[data-marked="true"] { background: #fac4c3; } +.line-container { + display: flex; + align-items: center; + flex-direction: row; + justify-content: start; + cursor: pointer; + width: 100%; + flex-grow: 1; +} + .grader-add { background-attachment: fixed; - display: inline-flex; + display: flex; + margin-inline-start: -0.5rem; width: 1rem; height: 1em; line-height: 1em; diff --git a/lms/templates/comment-template.html b/lms/templates/comment-template.html new file mode 100644 index 00000000..9b0d85f0 --- /dev/null +++ b/lms/templates/comment-template.html @@ -0,0 +1,148 @@ + diff --git a/lms/templates/view.html b/lms/templates/view.html index 08b6b8c1..ee4c8762 100644 --- a/lms/templates/view.html +++ b/lms/templates/view.html @@ -78,8 +78,8 @@

    {{ _('Exercise view') }} {{ solution['exercise']['number'] }}: {{ solution[' -
    - 
    {% if current_file | language_name in image_extensions %}
    {% else %}{{- current_file.code | trim(chars=' ') | e -}}{% endif %}
    +
    + 
    {% if current_file | language_name in image_extensions %}
    {% else %}{{- current_file.code | trim(chars=' ') | e -}}{% endif %}
    {% if test_results and not shared_url %}
    @@ -147,6 +147,7 @@

    {{ _('Comments for this exercise') }}

    {% if not shared_url %} +{% include 'comment-template.html' %} diff --git a/tests/test_comments.py b/tests/test_comments.py new file mode 100644 index 00000000..c3251d24 --- /dev/null +++ b/tests/test_comments.py @@ -0,0 +1,56 @@ +import pytest + +from lms.lmsdb.models import Comment, Solution, User +from lms.models import comments +from lms.models.errors import ForbiddenPermission, NotValidRequest +from tests.conftest import create_student_user + + +class TestComments: + @staticmethod + def test_comment_delete( + comment: Comment, staff_user: User, solution: Solution, + ): + second_comment = Comment.create_comment( + commenter=staff_user, + line_number=1, + comment_text="Yabalulu", + file=solution.solution_files.get(), + is_auto=False, + )[0] + assert Comment.get_or_none(comment.id) + assert Comment.get_or_none(second_comment.id) + comments.delete( + comment_id=comment.id, + request_user_id=staff_user.id, + is_manager=True, + ) + assert Comment.get_or_none(comment.id) is None + assert Comment.get_or_none(second_comment.id) + + @staticmethod + def test_comment_delete_invalid_comment_id(): + with pytest.raises(NotValidRequest): + comments.delete( + comment_id="Shawarma", # type: ignore + request_user_id=1, + ) + + @staticmethod + def test_comment_delete_by_unexisting_user(comment: Comment): + assert Comment.get_or_none(comment.id) + with pytest.raises(ForbiddenPermission): + comments.delete( + comment_id=comment.id, + request_user_id=50000, + ) + + @staticmethod + def test_comment_delete_by_unprivileged_delete(comment: Comment): + bad_user = create_student_user(index=500) + assert Comment.get_or_none(comment.id) + with pytest.raises(ForbiddenPermission): + comments.delete( + comment_id=comment.id, + request_user_id=bad_user.id, + ) diff --git a/tests/test_solutions.py b/tests/test_solutions.py index e97701ea..f01c5a4e 100644 --- a/tests/test_solutions.py +++ b/tests/test_solutions.py @@ -249,9 +249,24 @@ def test_user_comments( }, content_type='application/json') assert delete_response.status_code == 200 + # Now with no comment ID + delete_response = client.get('/comments', query_string={ + 'fileId': solution.files[0].id, 'act': 'delete', + }, content_type='application/json') + assert delete_response.status_code == 400 + # Disabling users comments option conftest.disable_users_comments() + # Trying to create a comment + disable_comment_response = client.post( + '/comments', data=json.dumps({ + 'fileId': solution.files[0].id, 'act': 'create', + 'kind': 'text', 'comment': 'well well well', 'line': 2, + }), content_type='application/json', + ) + assert disable_comment_response.status_code == 403 + # Trying to remove a comment json_response_comment = json.loads( comment_response.get_data(as_text=True), @@ -262,14 +277,16 @@ def test_user_comments( }, content_type='application/json') assert delete_response.status_code == 403 - # Trying to create a comment - disable_comment_response = client.post( - '/comments', data=json.dumps({ - 'fileId': solution.files[0].id, 'act': 'create', - 'kind': 'text', 'comment': 'well well well', 'line': 2, - }), content_type='application/json', + # Trying to fetch a comment + comments_fetched = client.post( + '/comments', + data=json.dumps({'fileId': solution.files[0].id, 'act': 'fetch'}), + content_type='application/json', + ) + assert ( + comments_fetched.json and + all(comment['id'] is not None for comment in comments_fetched.json) ) - assert disable_comment_response.status_code == 403 @staticmethod def test_staff_and_user_comments( @@ -338,6 +355,12 @@ def test_staff_and_user_comments( }, content_type='application/json') assert delete_response.status_code == 403 + delete_response = client2.get('/comments', query_string={ + 'fileId': solution.files[0].id, 'act': 'delete', + 'commentId': 987654321, + }, content_type='application/json') + assert delete_response.status_code == 404 + @staticmethod def test_share_solution_by_another_user( exercise: Exercise, diff --git a/tests/test_users.py b/tests/test_users.py index 63823ee5..7c103660 100644 --- a/tests/test_users.py +++ b/tests/test_users.py @@ -1,11 +1,14 @@ import time from unittest.mock import Mock, patch +from urllib.parse import urlparse from flask.testing import FlaskClient +import pytest from lms.lmsdb.models import Course, User from lms.lmsweb.config import CONFIRMATION_TIME, MAX_INVALID_PASSWORD_TRIES -from lms.models.users import generate_user_token +from lms.models.errors import NotValidRequest, ResourceNotFound +from lms.models.users import _to_user_object, generate_user_token, get_gravatar from tests import conftest @@ -177,6 +180,46 @@ def test_expired_token(client: FlaskClient): fail_login_response = client.get('/exercises') assert fail_login_response.status_code == 200 + @staticmethod + def test_to_user_object(student_user: User): + with pytest.raises(NotValidRequest): + _to_user_object('Shmulik') # type: ignore + with pytest.raises(ResourceNotFound): + _to_user_object(500) + assert _to_user_object(student_user.id) == student_user + assert _to_user_object(student_user) == student_user + + @staticmethod + def test_avatar_gravatar_bad_entity(): + with pytest.raises(NotValidRequest): + assert get_gravatar('Shmulik') + + @staticmethod + def test_avatar_gravatar(student_user: User): + def get_hash(url: str): + parsed_url = urlparse(url) + hash_ = parsed_url.path.split('/')[-1] + return hash_ + + student_user.mail_address = 'linter-checks@pythonic.guru' + + wanted_response = ( + 'https://www.gravatar.com/avatar/' + '872341a5e93f23af67cfaa441cbffb431a4fe6a8923fcf13864deb2f5119deae' + '?d=404' + ) + response = get_gravatar(student_user) + assert get_hash(response) == get_hash(wanted_response) + + @staticmethod + def test_avatar_using_gravatar(student_user: User): + client = conftest.get_logged_user(str(student_user.username)) + student_user.mail_address = 'linter-checks@pythonic.guru' + student_user.save() + response = client.get(f'/user/{student_user.id}/avatar') + assert 200 <= response.status_code < 400 + assert response.text.startswith("https://www.gravatar.com/") + @staticmethod def test_user_registered_to_course(student_user: User, course: Course): conftest.create_usercourse(student_user, course) From 3cafd502c60d301b582122312a1f7a193892f1f8 Mon Sep 17 00:00:00 2001 From: Yam Mesicka Date: Fri, 1 Mar 2024 11:27:28 +0200 Subject: [PATCH 15/18] fix: Don't allow name in docker.yml --- devops/lms.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/devops/lms.yml b/devops/lms.yml index 94becd49..16b73c9d 100644 --- a/devops/lms.yml +++ b/devops/lms.yml @@ -133,4 +133,3 @@ volumes: networks: lms: external: true - name: lms From 23f61e2dbea949a75911cc31f48492280bf50de1 Mon Sep 17 00:00:00 2001 From: Yam Mesicka Date: Fri, 1 Mar 2024 11:40:57 +0200 Subject: [PATCH 16/18] fix: upgrade.sh should also start services --- devops/upgrade.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/devops/upgrade.sh b/devops/upgrade.sh index 4b21413f..8fbbdbff 100755 --- a/devops/upgrade.sh +++ b/devops/upgrade.sh @@ -21,6 +21,7 @@ upgrade () { docker exec -t lms_db_1 pg_dump -c -U lmsweb lms > /home/$USER/dump_`date +%d-%m-%Y"_"%H_%M_%S`.sql cd devops || { echo "cd failed"; exit 127; } source ./build.sh + source ./start.sh sudo systemctl restart lms sudo systemctl start nginx source ./i18n.sh From 2c31f387c92c8831fe2005ff99dd52e68fa1d6e1 Mon Sep 17 00:00:00 2001 From: Yam Mesicka Date: Fri, 22 Mar 2024 02:50:40 +0200 Subject: [PATCH 17/18] fix: New default -- semi-hide Flake8 issues (#372) --- lms/static/comments.js | 35 ++++++++++++++++++++++++++++++++++- lms/static/grader.js | 3 +++ 2 files changed, 37 insertions(+), 1 deletion(-) diff --git a/lms/static/comments.js b/lms/static/comments.js index 792f5fa4..05bc6712 100644 --- a/lms/static/comments.js +++ b/lms/static/comments.js @@ -1,11 +1,20 @@ +const AUTO_CHECKER_ROLE = 2; const DEFAULT_COMMENTED_LINE_COLOR = '#fab3b0'; const STUDENT_COMMENTED_LINE_COLOR = '#a9f6f9'; const FLAKE_COMMENTED_LINE_COLOR = '#fac4c3'; const HOVER_LINE_STYLE = '1px solid #0d0d0f'; + +function removeMark(lineElement) { + lineElement.classList.remove('marked'); + lineElement.style.background = 'none'; +} + + function markLine(target, color, deletion = false) { if (target.dataset && target.dataset.marked === 'true' && !deletion) {return;} if (target.dataset && target.dataset.vimbackground === 'true' && !deletion) {return;} + target.classList.add('marked'); target.style.background = color; } @@ -72,6 +81,19 @@ function getCommentsContainer(line) { return commentsContainer; } + +function createToggledComment(lineElement, commentsContainer, authorRole) { + if (lineElement.classList.contains('marked')) { return; } + + markLine(lineElement, getLineColorByRole(authorRole)); + + commentsContainer.classList.add('d-none'); + lineElement.addEventListener('click', () => { + commentsContainer.classList.toggle('d-none'); + }); +} + + function addCommentToLine(line, commentData) { const commentedLine = document.querySelector(`.line-container[data-line="${line}"]`); if (commentedLine === null) { @@ -84,13 +106,23 @@ function addCommentToLine(line, commentData) { commentsContainer.appendChild(commentLine); Prism.highlightAllUnder(commentLine); + if (commentData.author_role === AUTO_CHECKER_ROLE) { + createToggledComment(commentedLine, commentsContainer, commentData.author_role); + } commentedLine.dataset.comment = 'true'; return commentLine; } function getLineColorByRole(authorRole) { - return authorRole === 1 ? STUDENT_COMMENTED_LINE_COLOR : DEFAULT_COMMENTED_LINE_COLOR; + switch (authorRole) { + case 1: + return STUDENT_COMMENTED_LINE_COLOR; + case 2: + return FLAKE_COMMENTED_LINE_COLOR; + default: + return DEFAULT_COMMENTED_LINE_COLOR; + } } function treatComments(comments) { @@ -260,6 +292,7 @@ function configureMarkdownParser() { } window.markLine = markLine; +window.removeMark = removeMark; window.hoverLine = hoverLine; window.addCommentToLine = addCommentToLine; window.getLineColorByRole = getLineColorByRole; diff --git a/lms/static/grader.js b/lms/static/grader.js index b47e1b01..710357fa 100644 --- a/lms/static/grader.js +++ b/lms/static/grader.js @@ -28,9 +28,12 @@ function sendComment(kind, fileId, line, commentData) { function visuallyRemoveComment(commentId) { const commentElement = document.querySelector(`comment-line[data-comment-id='${commentId}']`); const commentsContainer = commentElement.parentElement; + const lineNumber = commentsContainer.dataset.line; commentElement.remove(); if (commentsContainer.children.length === 0) { commentsContainer.remove(); + const lineContainer = document.querySelector(`.line-container[data-line='${lineNumber}']`); + removeMark(lineContainer); } } From bca90681121738f891b57222624408024aa884b1 Mon Sep 17 00:00:00 2001 From: Yam Mesicka Date: Fri, 22 Mar 2024 03:17:37 +0200 Subject: [PATCH 18/18] Hide autochecks (#373) * fix: New default -- semi-hide Flake8 issues * feat: Support detecting is-auto in frontend --- lms/static/comments.js | 28 ++++++++-------------------- 1 file changed, 8 insertions(+), 20 deletions(-) diff --git a/lms/static/comments.js b/lms/static/comments.js index 05bc6712..4300a496 100644 --- a/lms/static/comments.js +++ b/lms/static/comments.js @@ -1,6 +1,3 @@ -const AUTO_CHECKER_ROLE = 2; -const DEFAULT_COMMENTED_LINE_COLOR = '#fab3b0'; -const STUDENT_COMMENTED_LINE_COLOR = '#a9f6f9'; const FLAKE_COMMENTED_LINE_COLOR = '#fac4c3'; const HOVER_LINE_STYLE = '1px solid #0d0d0f'; @@ -11,13 +8,14 @@ function removeMark(lineElement) { } -function markLine(target, color, deletion = false) { +function markLine(target, deletion = false) { if (target.dataset && target.dataset.marked === 'true' && !deletion) {return;} if (target.dataset && target.dataset.vimbackground === 'true' && !deletion) {return;} target.classList.add('marked'); - target.style.background = color; + target.style.background = FLAKE_COMMENTED_LINE_COLOR; } + function hoverLine(targets, hover) { const [lineTarget, addCommentTarget] = targets; if (lineTarget.dataset && lineTarget.dataset.vimbackground === 'true') {return;} @@ -47,6 +45,7 @@ function createCommentLine(commentData) { 'data-file-id': commentData.file_id, 'data-line': commentData.line_number, 'data-author-role': commentData.author_role, + 'data-is-auto': commentData.is_auto, 'avatar': commentData.avatar, 'name': commentData.author_name, 'date': commentData.timestamp, @@ -85,7 +84,7 @@ function getCommentsContainer(line) { function createToggledComment(lineElement, commentsContainer, authorRole) { if (lineElement.classList.contains('marked')) { return; } - markLine(lineElement, getLineColorByRole(authorRole)); + markLine(lineElement); commentsContainer.classList.add('d-none'); lineElement.addEventListener('click', () => { @@ -106,7 +105,7 @@ function addCommentToLine(line, commentData) { commentsContainer.appendChild(commentLine); Prism.highlightAllUnder(commentLine); - if (commentData.author_role === AUTO_CHECKER_ROLE) { + if (commentLine.dataset.isAuto === "true") { createToggledComment(commentedLine, commentsContainer, commentData.author_role); } commentedLine.dataset.comment = 'true'; @@ -114,17 +113,6 @@ function addCommentToLine(line, commentData) { return commentLine; } -function getLineColorByRole(authorRole) { - switch (authorRole) { - case 1: - return STUDENT_COMMENTED_LINE_COLOR; - case 2: - return FLAKE_COMMENTED_LINE_COLOR; - default: - return DEFAULT_COMMENTED_LINE_COLOR; - } -} - function treatComments(comments) { if (comments === undefined) { console.error('Probably bad xhr request'); @@ -195,7 +183,8 @@ function addLineSpansToPre(items) { class LineComment extends HTMLElement { static observedAttributes = [ - 'data-line', 'avatar', 'name', 'date', 'editor', 'data-comment-id', 'data-file-id', + 'data-line', 'avatar', 'name', 'date', 'editor', 'data-comment-id', + 'data-file-id', ]; constructor() { @@ -295,7 +284,6 @@ window.markLine = markLine; window.removeMark = removeMark; window.hoverLine = hoverLine; window.addCommentToLine = addCommentToLine; -window.getLineColorByRole = getLineColorByRole; window.addEventListener('load', () => { const codeElementData = document.getElementById('code-view').dataset; window.solutionId = codeElementData.id;