Update dependency versions

.github/workflows/python-app.yml

@@ -15,7 +15,7 @@ jobs:
 
     strategy:
       matrix:
-        python-version: [3.8, 3.9]
+        python-version: [3.12]
 
     steps:
       - name: Install ldap dependencies

.pylintrc

@@ -9,7 +9,6 @@ disable =
 	duplicate-code,
 	no-member,
 	parse-error,
-	bad-continuation,
 	too-few-public-methods,
 	global-statement,
 	cyclic-import,

Dockerfile

@@ -1,4 +1,4 @@
-FROM docker.io/python:3.8-buster
+FROM docker.io/python:3.12-bookworm
 MAINTAINER Computer Science House <[email protected]>
 
 RUN mkdir /opt/conditional
@@ -8,7 +8,7 @@ ADD requirements.txt /opt/conditional
 WORKDIR /opt/conditional
 
 RUN apt-get -yq update && \
-    apt-get -yq install libsasl2-dev libldap2-dev libssl-dev gcc g++ make && \
+    apt-get -yq install libsasl2-dev libldap2-dev libldap-common libssl-dev gcc g++ make && \
     pip install -r requirements.txt && \
     apt-get -yq clean all
 

conditional/__init__.py

@@ -7,6 +7,7 @@
 from flask_migrate import Migrate
 from flask_gzip import Gzip
 from flask_pyoidc.flask_pyoidc import OIDCAuthentication
+from flask_pyoidc.provider_configuration import ProviderConfiguration, ClientMetadata
 from flask_sqlalchemy import SQLAlchemy
 
 import sentry_sdk
@@ -39,8 +40,10 @@
                app.config['LDAP_BIND_PW'],
                ro=app.config['LDAP_RO'])
 
-auth = OIDCAuthentication(app, issuer=app.config["OIDC_ISSUER"],
-                          client_registration_info=app.config["OIDC_CLIENT_CONFIG"])
+client_metadata = ClientMetadata(app.config["OIDC_CLIENT_CONFIG"])
+provider_config = ProviderConfiguration(issuer=app.config["OIDC_ISSUER"], client_registration_info=client_metadata)
+
+auth = OIDCAuthentication({'default': provider_config}, app)
 
 app.secret_key = app.config["SECRET_KEY"]
 
@@ -137,7 +140,7 @@ def static_proxy(path):
 
 
 @app.route('/')
-@auth.oidc_auth
+@auth.oidc_auth("default")
 def default_route():
     return redirect('/dashboard')
 
@@ -158,10 +161,10 @@ def health():
 
 @app.errorhandler(404)
 @app.errorhandler(500)
-@auth.oidc_auth
+@auth.oidc_auth("default")
 @get_user
 def route_errors(error, user_dict=None):
-    data = dict()
+    data = {}
 
     # Handle the case where the header isn't present
     if user_dict['username'] is not None:

conditional/blueprints/attendance.py

@@ -29,7 +29,7 @@
 
 
 @attendance_bp.route('/attendance/ts_members')
-@auth.oidc_auth
+@auth.oidc_auth("default")
 @get_user
 def get_all_members(user_dict=None):
     log = logger.new(request=request, auth_dict=user_dict)
@@ -57,7 +57,7 @@ def get_all_members(user_dict=None):
 
 
 @attendance_bp.route('/attendance/hm_members')
-@auth.oidc_auth
+@auth.oidc_auth("default")
 @get_user
 def get_non_alumni_non_coop(internal=False, user_dict=None):
     log = logger.new(request=request, auth_dict=user_dict)
@@ -102,7 +102,7 @@ def get_non_alumni_non_coop(internal=False, user_dict=None):
 
 
 @attendance_bp.route('/attendance/cm_members')
-@auth.oidc_auth
+@auth.oidc_auth("default")
 @get_user
 def get_non_alumni(user_dict=None):
     log = logger.new(request=request, auth_dict=user_dict)
@@ -130,7 +130,7 @@ def get_non_alumni(user_dict=None):
 
 
 @attendance_bp.route('/attendance_cm')
-@auth.oidc_auth
+@auth.oidc_auth("default")
 @get_user
 def display_attendance_cm(user_dict=None):
     log = logger.new(request=request, auth_dict=user_dict)
@@ -142,7 +142,7 @@ def display_attendance_cm(user_dict=None):
 
 
 @attendance_bp.route('/attendance_ts')
-@auth.oidc_auth
+@auth.oidc_auth("default")
 @get_user
 def display_attendance_ts(user_dict=None):
     log = logger.new(request=request, auth_dict=user_dict)
@@ -154,7 +154,7 @@ def display_attendance_ts(user_dict=None):
 
 
 @attendance_bp.route('/attendance_hm')
-@auth.oidc_auth
+@auth.oidc_auth("default")
 @get_user
 def display_attendance_hm(user_dict=None):
     log = logger.new(request=request, auth_dict=user_dict)
@@ -170,7 +170,7 @@ def display_attendance_hm(user_dict=None):
 
 
 @attendance_bp.route('/attendance/submit/cm', methods=['POST'])
-@auth.oidc_auth
+@auth.oidc_auth("default")
 @get_user
 def submit_committee_attendance(user_dict=None):
     log = logger.new(request=request, auth_dict=user_dict)
@@ -183,7 +183,7 @@ def submit_committee_attendance(user_dict=None):
     f_attendees = post_data['freshmen']
     timestamp = post_data['timestamp']
 
-    log.info('Submit {} Meeting Attendance'.format(committee))
+    log.info(f'Submit {committee} Meeting Attendance')
 
     timestamp = datetime.strptime(timestamp, "%Y-%m-%d")
     meeting = CommitteeMeeting(committee, timestamp, approved)
@@ -193,19 +193,19 @@ def submit_committee_attendance(user_dict=None):
     db.session.refresh(meeting)
 
     for m in m_attendees:
-        log.info('Gave Attendance to {} for {}'.format(m, committee))
+        log.info(f'Gave Attendance to {m} for {committee}')
         db.session.add(MemberCommitteeAttendance(m, meeting.id))
 
     for f in f_attendees:
-        log.info('Gave Attendance to freshman-{} for {}'.format(f, committee))
+        log.info(f'Gave Attendance to freshman-{f} for {committee}')
         db.session.add(FreshmanCommitteeAttendance(f, meeting.id))
 
     db.session.commit()
     return jsonify({"success": True}), 200
 
 
 @attendance_bp.route('/attendance/submit/ts', methods=['POST'])
-@auth.oidc_auth
+@auth.oidc_auth("default")
 @get_user
 def submit_seminar_attendance(user_dict=None):
     log = logger.new(request=request, auth_dict=user_dict)
@@ -228,19 +228,19 @@ def submit_seminar_attendance(user_dict=None):
     db.session.refresh(seminar)
 
     for m in m_attendees:
-        log.info('Gave Attendance to {} for {}'.format(m, seminar_name))
+        log.info(f'Gave Attendance to {m} for {seminar_name}')
         db.session.add(MemberSeminarAttendance(m, seminar.id))
 
     for f in f_attendees:
-        log.info('Gave Attendance to freshman-{} for {}'.format(f, seminar_name))
+        log.info(f'Gave Attendance to freshman-{f} for {seminar_name}')
         db.session.add(FreshmanSeminarAttendance(f, seminar.id))
 
     db.session.commit()
     return jsonify({"success": True}), 200
 
 
 @attendance_bp.route('/attendance/submit/hm', methods=['POST'])
-@auth.oidc_auth
+@auth.oidc_auth("default")
 @get_user
 def submit_house_attendance(user_dict=None):
     log = logger.new(request=request, auth_dict=user_dict)
@@ -263,10 +263,7 @@ def submit_house_attendance(user_dict=None):
 
     if "members" in post_data:
         for m in post_data['members']:
-            log.info('Marked {} {} for House Meeting on {}'.format(
-                m['uid'],
-                m['status'],
-                timestamp.strftime("%Y-%m-%d")))
+            log.info(f'Marked {m['uid']} {m['status']} for House Meeting on {timestamp.strftime("%Y-%m-%d")}')
             db.session.add(MemberHouseMeetingAttendance(
                 m['uid'],
                 meeting.id,
@@ -275,10 +272,7 @@ def submit_house_attendance(user_dict=None):
 
     if "freshmen" in post_data:
         for f in post_data['freshmen']:
-            log.info('Marked freshman-{} {} for House Meeting on {}'.format(
-                f['id'],
-                f['status'],
-                timestamp.strftime("%Y-%m-%d")))
+            log.info(f'Marked freshman-{f['id']} {f['status']} for House Meeting on {timestamp.strftime("%Y-%m-%d")}')
             db.session.add(FreshmanHouseMeetingAttendance(
                 f['id'],
                 meeting.id,
@@ -290,7 +284,7 @@ def submit_house_attendance(user_dict=None):
 
 
 @attendance_bp.route('/attendance/alter/hm/<uid>/<hid>', methods=['GET'])
-@auth.oidc_auth
+@auth.oidc_auth("default")
 @get_user
 def alter_house_attendance(uid, hid, user_dict=None):
     log = logger.new(request=request, auth_dict=user_dict)
@@ -299,7 +293,7 @@ def alter_house_attendance(uid, hid, user_dict=None):
         return "must be evals", 403
 
     if not uid.isdigit():
-        log.info('Mark {} Present for House Meeting ID: {}'.format(uid, hid))
+        log.info(f'Mark {uid} Present for House Meeting ID: {hid}')
         member_meeting = MemberHouseMeetingAttendance.query.filter(
             MemberHouseMeetingAttendance.uid == uid,
             MemberHouseMeetingAttendance.meeting_id == hid
@@ -308,7 +302,7 @@ def alter_house_attendance(uid, hid, user_dict=None):
         db.session.commit()
         return jsonify({"success": True}), 200
 
-    log.info('Mark freshman-{} Present for House Meeting ID: {}'.format(uid, hid))
+    log.info(f'Mark freshman-{uid} Present for House Meeting ID: {hid}')
     freshman_meeting = FreshmanHouseMeetingAttendance.query.filter(
         FreshmanHouseMeetingAttendance.fid == uid,
         FreshmanHouseMeetingAttendance.meeting_id == hid
@@ -320,7 +314,7 @@ def alter_house_attendance(uid, hid, user_dict=None):
 
 
 @attendance_bp.route('/attendance/alter/hm/<uid>/<hid>', methods=['POST'])
-@auth.oidc_auth
+@auth.oidc_auth("default")
 @get_user
 def alter_house_excuse(uid, hid, user_dict=None):
     log = logger.new(request=request, auth_dict=user_dict)
@@ -333,7 +327,7 @@ def alter_house_excuse(uid, hid, user_dict=None):
     hm_excuse = post_data['excuse']
 
     if not uid.isdigit():
-        log.info('Mark {} as {} for HM ID: {}'.format(uid, hm_status, hid))
+        log.info(f'Mark {uid} as {hm_status} for HM ID: {hid}')
         MemberHouseMeetingAttendance.query.filter(
             MemberHouseMeetingAttendance.uid == uid,
             MemberHouseMeetingAttendance.meeting_id == hid
@@ -342,7 +336,7 @@ def alter_house_excuse(uid, hid, user_dict=None):
             'attendance_status': hm_status
         })
     else:
-        log.info('Mark {} as {} for HM ID: {}'.format(uid, hm_status, hid))
+        log.info(f'Mark {uid} as {hm_status} for HM ID: {hid}')
         FreshmanHouseMeetingAttendance.query.filter(
             FreshmanHouseMeetingAttendance.fid == uid,
             FreshmanHouseMeetingAttendance.meeting_id == hid
@@ -357,7 +351,7 @@ def alter_house_excuse(uid, hid, user_dict=None):
 
 
 @attendance_bp.route('/attendance/history', methods=['GET'])
-@auth.oidc_auth
+@auth.oidc_auth("default")
 @get_user
 def attendance_history(user_dict=None):
 
@@ -431,9 +425,9 @@ def get_seminar_attendees(meeting_id):
                    TechnicalSeminar.approved == False).all()] # pylint: disable=singleton-comparison
     all_meetings = sorted((all_cm + all_ts), key=lambda k: k['dt_obj'], reverse=True)[offset:limit]
     if len(all_cm) % 10 != 0:
-        total_pages = (int(len(all_cm) / 10) + 1)
+        total_pages = int(len(all_cm) / 10) + 1
     else:
-        total_pages = (int(len(all_cm) / 10))
+        total_pages = int(len(all_cm) / 10)
     return render_template('attendance_history.html',
                            username=user_dict['username'],
                            history=all_meetings,
@@ -444,7 +438,7 @@ def get_seminar_attendees(meeting_id):
 
 
 @attendance_bp.route('/attendance/alter/cm/<cid>', methods=['POST'])
-@auth.oidc_auth
+@auth.oidc_auth("default")
 @get_user
 def alter_committee_attendance(cid, user_dict=None):
     log = logger.new(request=request, auth_dict=user_dict)
@@ -476,7 +470,7 @@ def alter_committee_attendance(cid, user_dict=None):
 
 
 @attendance_bp.route('/attendance/alter/ts/<sid>', methods=['POST'])
-@auth.oidc_auth
+@auth.oidc_auth("default")
 @get_user
 def alter_seminar_attendance(sid, user_dict=None):
     log = logger.new(request=request, auth_dict=user_dict)
@@ -508,7 +502,7 @@ def alter_seminar_attendance(sid, user_dict=None):
 
 
 @attendance_bp.route('/attendance/ts/<sid>', methods=['GET', 'DELETE'])
-@auth.oidc_auth
+@auth.oidc_auth("default")
 @get_user
 def get_cm_attendees(sid, user_dict=None):
     if request.method == 'GET':
@@ -526,7 +520,7 @@ def get_cm_attendees(sid, user_dict=None):
         return jsonify({"attendees": attendees}), 200
 
     log = logger.new(request=request, auth_dict=user_dict)
-    log.info('Delete Technical Seminar {}'.format(sid))
+    log.info(f'Delete Technical Seminar {sid}')
 
     if not ldap_is_eboard(user_dict['account']):
         return jsonify({"success": False, "error": "Not EBoard"}), 403
@@ -545,7 +539,7 @@ def get_cm_attendees(sid, user_dict=None):
 
 
 @attendance_bp.route('/attendance/cm/<cid>', methods=['GET', 'DELETE'])
-@auth.oidc_auth
+@auth.oidc_auth("default")
 @get_user
 def get_ts_attendees(cid, user_dict=None):
     if request.method == 'GET':
@@ -563,7 +557,7 @@ def get_ts_attendees(cid, user_dict=None):
         return jsonify({"attendees": attendees}), 200
 
     log = logger.new(request=request, auth_dict=user_dict)
-    log.info('Delete Committee Meeting {}'.format(cid))
+    log.info(f'Delete Committee Meeting {cid}')
 
     if not ldap_is_eboard(user_dict['account']):
         return jsonify({"success": False, "error": "Not EBoard"}), 403
@@ -582,11 +576,11 @@ def get_ts_attendees(cid, user_dict=None):
 
 
 @attendance_bp.route('/attendance/cm/<cid>/approve', methods=['POST'])
-@auth.oidc_auth
+@auth.oidc_auth("default")
 @get_user
 def approve_cm(cid, user_dict=None):
     log = logger.new(request=request, auth_dict=user_dict)
-    log.info('Approve Committee Meeting {} Attendance'.format(cid))
+    log.info(f'Approve Committee Meeting {cid} Attendance')
 
     if not ldap_is_eboard(user_dict['account']):
         return jsonify({"success": False, "error": "Not EBoard"}), 403
@@ -600,11 +594,11 @@ def approve_cm(cid, user_dict=None):
 
 
 @attendance_bp.route('/attendance/ts/<sid>/approve', methods=['POST'])
-@auth.oidc_auth
+@auth.oidc_auth("default")
 @get_user
 def approve_ts(sid, user_dict=None):
     log = logger.new(request=request, auth_dict=user_dict)
-    log.info('Approve Technical Seminar {} Attendance'.format(sid))
+    log.info(f'Approve Technical Seminar {sid} Attendance')
 
     if not ldap_is_eboard(user_dict['account']):
         return jsonify({"success": False, "error": "Not EBoard"}), 403

conditional/blueprints/cache_management.py

@@ -21,7 +21,7 @@
 
 
 @cache_bp.route('/restart')
-@auth.oidc_auth
+@auth.oidc_auth("default")
 @get_user
 def restart_app(user_dict=None):
     if not ldap_is_rtp(user_dict['account']):
@@ -34,7 +34,7 @@ def restart_app(user_dict=None):
 
 
 @cache_bp.route('/clearcache')
-@auth.oidc_auth
+@auth.oidc_auth("default")
 @get_user
 def clear_cache(user_dict=None):
     if not ldap_is_eval_director(user_dict['account']) and not ldap_is_rtp(user_dict['account']):