style fixes

Author: mishaschwartz

Makefile

@@ -540,6 +540,13 @@ check-security-only: check-security-code-only check-security-deps-only  ## run s
 #	42194: https://github.com/kvesteri/sqlalchemy-utils/issues/166  # not fixed since 2015
 #	51668: https://github.com/sqlalchemy/sqlalchemy/pull/8563  # still in beta + major version change sqlalchemy 2.0.0b1
 #	51021: This is patched in jwcrypto>=1.4.0 but that version is not available for python version < 3.6
+#   66713: This is patched in jwcrypto>=1.5.1 but that version is not available for python version < 3.6
+#   63154: This is patched in jwcrypto>=1.5.1 but that version is not available for python version < 3.6
+#   64484: This is patched in bandit>=1.7.8 but that version is not available for python version < 3.8
+#   43407: This is an advisory that support for python < 3.6 is no longer supported in the next version
+#   43452: This is a duplicate of 43407
+#   43450: This is a duplicate of 43407
+#   43451: This is a duplicate of 43407
 .PHONY: check-security-deps-only
 check-security-deps-only: mkdir-reports  ## run security checks on package dependencies
 	@echo "Running security checks of dependencies..."
@@ -553,6 +560,13 @@ check-security-deps-only: mkdir-reports  ## run security checks on package depen
 			-i 42194 \
 			-i 51668 \
 			-i 51021 \
+			-i 66713 \
+			-i 63154 \
+			-i 64484 \
+			-i 43407 \
+			-i 43452 \
+			-i 43450 \
+			-i 43451 \
 		1> >(tee "$(REPORTS_DIR)/check-security-deps.txt")'
 
 .PHONY: check-security-code-only

magpie/api/login/login.py

@@ -34,7 +34,7 @@
 from magpie.api import schemas as s
 from magpie.api.management.user.user_formats import format_user
 from magpie.api.management.user.user_utils import create_user
-from magpie.constants import get_constant, protected_user_email_regex, protected_user_name_regex, network_enabled
+from magpie.constants import get_constant, network_enabled, protected_user_email_regex, protected_user_name_regex
 from magpie.security import authomatic_setup, get_providers
 from magpie.utils import (
     CONTENT_TYPE_JSON,

magpie/api/management/network/__init__.py

@@ -4,15 +4,16 @@
 
 
 def includeme(config):
-    from magpie.api import schemas as s
-    from magpie import utils
     from pyramid.exceptions import ConfigurationError
 
+    from magpie import utils
+    from magpie.api import schemas as s
+
     LOGGER.info("Adding API network ...")
     try:
         utils.check_network_configured(config)
     except ConfigurationError as exc:
-        LOGGER.error("API network failed with following configuration error: {}".format(exc))
+        LOGGER.error("API network failed with following configuration error: %s", exc)
         raise
     config.add_route(**s.service_api_route_info(s.NetworkTokenAPI))
     config.add_route(**s.service_api_route_info(s.NetworkJSONWebKeySetAPI))

magpie/api/management/network/network_utils.py

@@ -92,15 +92,15 @@ def create_private_key(filename, password=None, settings_container=None):
             if os.path.realpath(pem_file) == os.path.realpath(filename):
                 password = pem_password
 
-    LOGGER.info("Creating a valid PEM file at '{}'.".format(filename))
+    LOGGER.info("Creating a valid PEM file at '%s'.", filename)
     private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
     if password:
         encryption_algorithm = serialization.BestAvailableEncryption(password)
     else:
         encryption_algorithm = serialization.NoEncryption()
     private_bytes = private_key.private_bytes(serialization.Encoding.PEM,
                                               serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm)
-    with open(filename, mode='wb') as f:
+    with open(filename, mode="wb") as f:
         f.write(private_bytes)
 
 

magpie/api/management/network/network_views.py

@@ -36,7 +36,7 @@ def post_network_token_view(request):
 @view_config(route_name=s.NetworkTokenAPI.name, request_method="DELETE",
              decorator=check_network_mode_enabled, permission=NO_PERMISSION_REQUIRED)
 def delete_network_token_view(request):
-    node, network_remote_user = get_network_models_from_request_token(request)
+    _, network_remote_user = get_network_models_from_request_token(request)
     if network_remote_user and network_remote_user.network_token:
         request.db.delete(network_remote_user.network_token)
         if network_remote_user.user is None and sqlalchemy.inspect(network_remote_user).persistent:
@@ -53,7 +53,6 @@ def delete_network_tokens_view(request):
         deleted = models.NetworkToken.delete_expired(request.db)
     else:
         deleted = request.db.query(NetworkToken).delete()
-    anonymous_network_user_ids = [n.anonymous_user(request.db).id for n in request.db.query(models.NetworkNode).all()]
     # clean up unused records in the database (no need to keep records associated with anonymous network users)
     (request.db.query(models.NetworkRemoteUser)
      .filter(models.NetworkRemoteUser.user_id == None)  # noqa: E711 # pylint: disable=singleton-comparison

magpie/api/management/network/node/network_node_utils.py

@@ -14,7 +14,7 @@
 if TYPE_CHECKING:
     from pyramid.request import Request
 
-    from magpie.typedefs import AnyRequestType, JSON, List, Optional, Session, Str
+    from magpie.typedefs import JSON, AnyRequestType, List, Optional, Session, Str
 
 NAME_REGEX = r"^[\w-]+$"
 
@@ -121,5 +121,4 @@ def load_redirect_uris(uris, request):
             fallback=lambda: request.db.rollback(),
             msg_on_fail=s.NetworkNodes_CheckInfo_RedirectURIsValue_BadRequestResponseSchema.description
         )
-    else:
-        return uris
+    return uris

magpie/api/management/network/node/network_node_views.py

@@ -22,7 +22,8 @@
     check_network_node_info,
     create_associated_user_groups,
     delete_network_node,
-    update_associated_user_groups, load_redirect_uris
+    load_redirect_uris,
+    update_associated_user_groups
 )
 from magpie.api.requests import check_network_mode_enabled
 from magpie.constants import get_constant

magpie/api/schemas.py

@@ -17,8 +17,8 @@
     HTTPInternalServerError,
     HTTPMethodNotAllowed,
     HTTPNotAcceptable,
-    HTTPNotImplemented,
     HTTPNotFound,
+    HTTPNotImplemented,
     HTTPOk,
     HTTPUnauthorized,
     HTTPUnprocessableEntity

magpie/utils.py

@@ -1194,16 +1194,16 @@ def check_network_configured(settings_container=None):
             raise ConfigurationError("MAGPIE_NETWORK_INSTANCE_NAME is required when network mode is enabled.") from exc
 
         # import here to avoid a potential cyclical import
-        from magpie.api.management.network.network_utils import jwks, pem_files, create_private_key
+        from magpie.api.management.network.network_utils import create_private_key, jwks, pem_files
         try:
             jwks(settings_container=settings_container)
         except Exception as exc:
             create_missing = asbool(
                 get_constant("MAGPIE_NETWORK_CREATE_MISSING_PEM_FILE", settings_container=settings_container))
             pem_files_ = pem_files(settings_container)
             if isinstance(exc, FileNotFoundError) and create_missing and len(pem_files_) == 1:
-                    LOGGER.warning("No network PEM files found")
-                    create_private_key(pem_files_[0], settings_container=settings_container)
+                LOGGER.warning("No network PEM files found")
+                create_private_key(pem_files_[0], settings_container=settings_container)
             else:
                 msg = ("Error occurred when loading PEM keys which are required when network mode is enabled. "
                        "Check that the MAGPIE_NETWORK_PEM_FILES and MAGPIE_NETWORK_PEM_PASSWORDS are set properly. "

requirements-dev.txt

@@ -5,7 +5,7 @@ autopep8>=1.5.4; python_version >= "3.6"
 backports.tempfile; python_version < "3"
 bandit==1.7.1; python_version < "3.7"  # pyup: ignore
 bandit==1.7.5; python_version == "3.7"  # pyup: ignore
-bandit==1.7.7; python_version >= "3.8"
+bandit==1.7.8; python_version >= "3.8"
 bump2version==1.0.1
 codacy-coverage>=1.3.11
 coverage==5.5; python_version < "3"  # pyup: ignore

requirements.txt

@@ -27,7 +27,7 @@ gunicorn>=20; python_version >= "3"
 humanize
 jsonschema<4; python_version < "3.6"
 jsonschema>=4; python_version >= "3.6"
-jwcrypto==1.5.0; python_version >= "3.6"
+jwcrypto==1.5.6; python_version >= "3.6"
 jwcrypto==0.8; python_version < "3.6"  # pyup: ignore
 lxml>=3.7
 mako  # controlled by pyramid_mako

tests/interfaces.py

@@ -61,10 +61,10 @@
     # pylint: disable=W0611,unused-import
     from typing import Dict, List, Optional, Set, Tuple, Union
 
+    from pytest_httpserver import HTTPServer
     from sqlalchemy.orm.session import Session
 
     from magpie.typedefs import JSON, CookiesType, HeadersType, PermissionDict, SettingsType, Str
-    from pytest_httpserver import HTTPServer
 
 
 @six.add_metaclass(ABCMeta)
@@ -284,13 +284,13 @@ def setup_network_attrs(cls):
         cls.test_node_name = "node2"
         cls.test_remote_user_name = "remote_user_1"
         cls.test_node_host = get_constant("MAGPIE_TEST_REMOTE_NODE_SERVER_HOST", default_value="localhost",
-                                         raise_missing=False, raise_not_set=False)
+                                          raise_missing=False, raise_not_set=False)
         cls.test_node_port = int(get_constant("MAGPIE_TEST_REMOTE_NODE_SERVER_PORT", default_value=2002,
                                               raise_missing=False, raise_not_set=False))
         cls.test_node_jwks_url = "http://{}:{}/network/jwks".format(cls.test_node_host, cls.test_node_port)
         cls.test_node_token_url = "http://{}:{}/network/token".format(cls.test_node_host, cls.test_node_port)
         cls.test_authorization_url = "http://{}:{}/ui/network/authorize".format(cls.test_node_host, cls.test_node_port)
-        cls.test_redirect_uris = '["http://{}:{}/network/link"]'.format(cls.test_node_host, cls.test_node_port)
+        cls.test_redirect_uris = "[\"http://{}:{}/network/link\"]".format(cls.test_node_host, cls.test_node_port)
 
     @classmethod
     def login_admin(cls):
@@ -1403,7 +1403,6 @@ def test_DeleteNetworkToken_And_AnonymousUser(self):
         json_body = utils.get_json_body(resp)
         utils.check_val_false(bool(json_body["remote_users"]))
 
-
     @runner.MAGPIE_TEST_NETWORK
     @utils.check_network_mode
     def test_DeleteNetworkToken_InvalidNode(self):
@@ -2482,7 +2481,6 @@ def test_GetNetworkLink_DifferentUser(self):
                                   cookies=self.cookies, headers=self.headers, expect_errors=True)
         utils.check_response_basic_info(resp, expected_code=404)
 
-
     @runner.MAGPIE_TEST_NETWORK
     @utils.check_network_mode
     def test_GetNetworkLink_MissingClaim_user_name(self):
@@ -8191,7 +8189,7 @@ def test_GetDecodeJWT_NoToken(self):
                                   headers=self.headers, expect_errors=True)
         utils.check_response_basic_info(resp, expected_code=400)
         json_body = utils.get_json_body(resp)
-        utils.check_val_is_in("Missing token", json_body.get("detail", ''))
+        utils.check_val_is_in("Missing token", json_body.get("detail", ""))
 
     @runner.MAGPIE_TEST_NETWORK
     @utils.check_network_mode
@@ -8207,7 +8205,7 @@ def test_GetDecodeJWT_BadToken(self):
                                   headers=self.headers, expect_errors=True)
         utils.check_response_basic_info(resp, expected_code=400)
         json_body = utils.get_json_body(resp)
-        utils.check_val_is_in("Token is improperly formatted", json_body.get("detail", ''))
+        utils.check_val_is_in("Token is improperly formatted", json_body.get("detail", ""))
 
     @runner.MAGPIE_TEST_NETWORK
     @utils.check_network_mode
@@ -8224,7 +8222,7 @@ def test_GetDecodeJWT_BadIssuer(self):
                                       headers=self.headers, expect_errors=True)
         utils.check_response_basic_info(resp, expected_code=400)
         json_body = utils.get_json_body(resp)
-        utils.check_val_is_in("invalid or missing issuer claim", json_body.get("detail", ''))
+        utils.check_val_is_in("invalid or missing issuer claim", json_body.get("detail", ""))
 
     @runner.MAGPIE_TEST_NETWORK
     @utils.check_network_mode
@@ -8339,7 +8337,6 @@ def test_PostNetworkNode_CreateAssociatedRecords(self):
                                   headers=self.headers, expect_errors=True)
         utils.check_response_basic_info(resp)
 
-
     @runner.MAGPIE_TEST_NETWORK
     @utils.check_network_mode
     def test_PostNetworkNode_MissingParamName(self):
@@ -8357,7 +8354,7 @@ def test_PostNetworkNode_MissingParamName(self):
             "redirect_uris": ["http://uri.test.some.example.com"]
         }
 
-        for param, value in node_info.items():
+        for param in node_info:
             json_body = utils.TestSetup.create_TestNetworkNode(self, override_exist=True,
                                                                override_data={**node_info, param: None},
                                                                expect_errors=True)
@@ -8380,7 +8377,7 @@ def test_PostNetworkNode_InvalidParam(self):
             "redirect_uris": ["http://uri.test.some.example.com"]
         }
 
-        for param in node_info.keys():
+        for param in node_info:
             json_body = utils.TestSetup.create_TestNetworkNode(self, override_exist=True,
                                                                override_data={**node_info, param: ""},
                                                                expect_errors=True)
@@ -8482,7 +8479,7 @@ def test_PatchNetworkNode_InvalidName(self):
             "redirect_uris": ["http://uri.test.some.example.com"]
         }
 
-        for param in node_info.keys():
+        for param in node_info:
             resp = utils.test_request(self, "PATCH", "/network/nodes/{}".format(self.test_node_name),
                                       cookies=self.cookies, headers=self.headers,
                                       data={**node_info, param: ""}, expect_errors=True)
@@ -8597,9 +8594,9 @@ def test_GetNetworkRemoteUser(self):
         utils.TestSetup.create_TestNetworkNode(self, override_exist=True)
         utils.TestSetup.create_TestNetworkRemoteUser(self, override_exist=True)
 
-        resp = utils.test_request(self, "GET", 
-                                  "/network/nodes/{}/remote_users/{}".format(self.test_node_name, 
-                                                                             self.test_remote_user_name), 
+        resp = utils.test_request(self, "GET",
+                                  "/network/nodes/{}/remote_users/{}".format(self.test_node_name,
+                                                                             self.test_remote_user_name),
                                   cookies=self.cookies,
                                   headers=self.headers)
         json_body = utils.check_response_basic_info(resp)
@@ -8642,7 +8639,7 @@ def test_PostNetworkRemoteUser_MissingRequiredParams(self):
             "remote_user_name": self.test_remote_user_name,
             "node_name": self.test_node_name
         }
-        for key in data.keys():
+        for key in data:
             resp = utils.test_request(self, "POST", "/network/remote_users", json={**data, key: None},
                                       expect_errors=True, headers=self.headers, cookies=self.cookies)
             utils.check_response_basic_info(resp, expected_method="POST", expected_code=400)
@@ -9254,7 +9251,7 @@ def test_UserNetworkAuthorization(self):
         utils.warn_version(self, "View authorization page.", "3.38.0", skip=True)
 
         utils.TestSetup.create_TestNetworkNode(self, override_exist=True)
-        
+
         with utils.TestSetup.valid_jwt(self, override_jwt_claims={"user_name": "test123"}) as token:
             self.login_test_user()
             path = "/ui/network/authorize?token={}&response_type=id_token&redirect_uri={}".format(
@@ -9268,7 +9265,7 @@ def test_UserNetworkAuthorization(self):
             node_form.text
         )
         utils.check_val_is_in(
-            'on the Magpie instance named "{}"'.format(self.test_node_name),
+            'on the Magpie instance named "{}"'.format(self.test_node_name),  # pylint: disable=C4001
             node_form.text
         )
         token_input = node_form.find_all("input", recursive=True)[0]
@@ -9355,6 +9352,7 @@ def test_UserNetworkAuthorization_BadRedirectURI(self):
             resp = utils.test_request(self, "GET", path, headers=headers, cookies=cookies, expect_errors=True)
             utils.check_val_equal(resp.status_code, 400)
 
+
 @runner.MAGPIE_TEST_UI
 @six.add_metaclass(ABCMeta)
 class Interface_MagpieUI_AdminAuth(AdminTestCase, BaseTestCase):

tests/test_constants.py

@@ -168,7 +168,7 @@ def test_no_network_network_mode_on(self):
 
     @runner.MAGPIE_TEST_NETWORK
     @utils.check_network_mode(enable=False)
-    def test_include_network(self):
+    def test_include_network_network_mode_off(self):
         c.protected_user_name_regex.cache_clear()
         assert re.search(c.protected_user_name_regex(),
                          c.get_constant("MAGPIE_NETWORK_NAME_PREFIX") + "test") is None
@@ -210,7 +210,7 @@ def test_no_network_network_mode_on(self):
 
     @runner.MAGPIE_TEST_NETWORK
     @utils.check_network_mode(enable=False)
-    def test_include_network(self):
+    def test_include_network_network_mode_off(self):
         c.protected_user_email_regex.cache_clear()
         assert re.search(c.protected_user_email_regex(),
                          c.get_constant("MAGPIE_NETWORK_ANONYMOUS_EMAIL_FORMAT").format("test")) is None
@@ -233,7 +233,8 @@ def test_include_network(self):
         assert re.search(c.protected_group_name_regex(), c.get_constant("MAGPIE_NETWORK_NAME_PREFIX") + "test")
 
     def test_no_admin(self):
-        assert re.search(c.protected_group_name_regex(include_admin=False), c.get_constant("MAGPIE_ADMIN_GROUP")) is None
+        assert re.search(c.protected_group_name_regex(include_admin=False),
+                         c.get_constant("MAGPIE_ADMIN_GROUP")) is None
 
     def test_no_anonymous(self):
         assert re.search(c.protected_group_name_regex(include_anonymous=False),
@@ -247,8 +248,7 @@ def test_no_network_network_mode_on(self):
 
     @runner.MAGPIE_TEST_NETWORK
     @utils.check_network_mode(enable=False)
-    def test_include_network(self):
+    def test_include_network_network_mode_off(self):
         c.protected_group_name_regex.cache_clear()
         assert re.search(c.protected_group_name_regex(),
                          c.get_constant("MAGPIE_NETWORK_NAME_PREFIX") + "test") is None
-

tests/test_magpie_api.py

@@ -570,7 +570,6 @@ def test_DeleteNetworkTokens_AndAnonymousNetworkUsers_ExpiredOnly(self):
         with patch_datetime({"utcnow": datetime.datetime.utcnow() - datetime.timedelta(days=365)}):
             utils.TestSetup.create_TestNetworkToken(self, override_remote_user_name="test2", override_node_name="test2")
 
-
         utils.test_request(self, "DELETE", "/network/tokens", data={"expired_only": True}, cookies=self.cookies,
                            headers=self.headers)
 

tests/test_magpie_cli.py

@@ -294,16 +294,16 @@ def test_purge_expired_network_tokens():
     test_password = "qwertyqwerty"
 
     def mocked_request(*args, **_kwargs):
-        method, url, *_ = args
+        method, *_ = args
         response = requests.Response()
         response.status_code = 200
         if method == "DELETE":
-            response._content = '{"deleted": 101}'.encode()
+            response._content = '{"deleted": 101}'.encode()  # pylint: disable=C4001,W0212
         return response
 
     with mock.patch("requests.Session.request", side_effect=mocked_request) as session_mock:
         cmd = ["api", test_url, test_username, test_password]
         assert purge_expired_network_tokens.main(cmd) == 0, "failed execution due to invalid arguments"
         session_mock.assert_any_call("POST", "{}/signin".format(test_url), data=None,
-                                     json={'user_name': 'test_username', 'password': 'qwertyqwerty'})
+                                     json={"user_name": "test_username", "password": "qwertyqwerty"})
         session_mock.assert_any_call("DELETE", "{}/network/tokens?expired_only=true".format(test_url))