v0.8.3

* config: set samesite cookie to strict
* dep: bump in base

CHANGES.rst

@@ -1,5 +1,5 @@
 ..
-    Copyright (C) 2020 Mojib Wali.
+    Copyright (C) 2020 - 2022 Graz University of Technology.
 
     invenio-config-tugraz is free software; you can redistribute it and/or
     modify it under the terms of the MIT License; see LICENSE file for more
@@ -7,6 +7,31 @@
 
 Changes
 =======
+Version 0.8.3 (released 2022-03-10)
+
+- config: fix comment & import
+
+Version 0.8.2 (released 2022-03-03)
+
+- config: new introduced to v8 of invenioRDM
+
+Version 0.8.1 (released 2022-02-28)
+
+- config: set samesite cookie to strict
+- dep: bump in base dependencies
+
+Version 0.8.0 (released 2022-02-09)
+
+- dep: bump rdm-records version
+
+Version 0.7.1 (released 2021-12-07)
+
+- configs: adds new & changed configs for v7 #76
+
+Version 0.7.0 (released 2021-12-06)
+
+- fix: update blueprint reorder #74
+- dep: upgrade rdm-records version & OAI #72
 
 Version 0.1.0 (released TBD)
 

MANIFEST.in

@@ -49,3 +49,6 @@ recursive-include invenio_config_tugraz *.html
 
 # added by check-manifest
 recursive-include invenio_config_tugraz *.csv
+
+# added by check-manifest
+recursive-include invenio_config_tugraz *.pdf

README.rst

@@ -16,10 +16,10 @@
         :target: https://pypi.python.org/pypi/invenio-config-tugraz
 
 .. image:: https://img.shields.io/github/tag/tu-graz-library/invenio-config-tugraz.svg
-        :target: https://github.com/mb-wali/invenio-config-tugraz/releases
+        :target: https://github.com/tu-graz-library/invenio-config-tugraz/releases
 
 .. image:: https://img.shields.io/github/license/tu-graz-library/invenio-config-tugraz.svg
-        :target: https://github.com/mb-wali/invenio-config-tugraz/blob/master/LICENSE
+        :target: https://github.com/tu-graz-library/invenio-config-tugraz/blob/master/LICENSE
 
 .. image:: https://readthedocs.org/projects/invenio-config-tugraz/badge/?version=latest
         :target: https://invenio-config-tugraz.readthedocs.io/en/latest/?badge=latest
@@ -38,6 +38,8 @@ Override configs from diffrent invenio modules to meet TU Graz requirement:
 * Invenio-Mail
 * Invenio-shibboleth
 * Invenio-accounts
+* Flask-security
+* Defined routes for TUG
 
 Further documentation is available on
 https://invenio-config-tugraz.readthedocs.io/

docs/conf.py

@@ -332,6 +332,8 @@ texinfo_documents = [
 # Example configuration for intersphinx: refer to the Python standard library.
 intersphinx_mapping = {
     "python": ("https://docs.python.org/", None),
+    'flask': ('https://flask.palletsprojects.com/', None),
+    'werkzeug': ('https://werkzeug.palletsprojects.com/', None),
     # TODO: Configure external documentation references, eg:
     # 'Flask-Admin': ('https://flask-admin.readthedocs.io/en/latest/', None),
 }

invenio_config_tugraz/config.py

@@ -10,7 +10,7 @@
 
 from os.path import abspath, dirname, join
 
-from flask_babelex import gettext as _
+from flask_babelex import lazy_gettext as _
 
 INVENIO_CONFIG_TUGRAZ_SHIBBOLETH = False
 """Set True if SAML is configured"""
@@ -29,33 +29,26 @@ INVENIO_CONFIG_TUGRAZ_IP_RANGES =
 [["127.0.0.2", "127.0.0.99"], ["127.0.1.3", "127.0.1.5"]]
 """
 
+
+CONFIG_TUGRAZ_ROUTES = {
+    "guide": "/guide",
+    "terms": "/terms",
+    "gdpr": "/gdpr",
+}
+"""Defined routes for TUG."""
+
 # Invenio-App
 # ===========
 # See https://invenio-app.readthedocs.io/en/latest/configuration.html
 
-APP_ALLOWED_HOSTS = [
-    "0.0.0.0",
-    "localhost",
-    "127.0.0.1",
-    "invenio-dev01.tugraz.at",
-    "invenio-test.tugraz.at",
-    "repository.tugraz.at",
-]
-"""Allowed Hosts"""
-
 APP_DEFAULT_SECURE_HEADERS = {
     "content_security_policy": {
         "default-src": [
             "'self'",
-            "fonts.googleapis.com",
-            "*.gstatic.com",
             "data:",
             "'unsafe-inline'",
-            "'unsafe-eval'",
             "blob:",
             "ub-support.tugraz.at",  # zammad contact form
-            "api.datacite.org/dois",  # datacite
-            "api.test.datacite.org/dois",  # datacite test
         ],
     },
     "content_security_policy_report_only": False,
@@ -73,6 +66,15 @@ APP_DEFAULT_SECURE_HEADERS = {
     "strict_transport_security_preload": False,
 }
 
+# Invenio-I18N
+# ============
+# See https://invenio-i18n.readthedocs.io/en/latest/configuration.html
+BABEL_DEFAULT_LOCALE = "en"
+# Default time zone
+BABEL_DEFAULT_TIMEZONE = "Europe/Vienna"
+# Other supported languages (do not include BABEL_DEFAULT_LOCALE in list).
+I18N_LANGUAGES = [("de", _("German"))]
+
 # Invenio-Mail
 # ===========
 # See https://invenio-mail.readthedocs.io/en/latest/configuration.html
@@ -113,19 +115,22 @@ Set this to False when sending actual emails.
 # ===========
 # See https://invenio-userprofiles.readthedocs.io/en/latest/configuration.html
 
-USERPROFILES_EXTEND_SECURITY_FORMS = False
+USERPROFILES_EXTEND_SECURITY_FORMS = True
 """Set True in order to register user_profile.
 
 This also forces user to add username and fullname
 when register.
 """
 
-USERPROFILES_EMAIL_ENABLED = False
+USERPROFILES_EMAIL_ENABLED = True
 """Exclude the user email in the profile form."""
 
-# Invenio-shibboleth
+USERPROFILES_READ_ONLY = True
+"""Allow users to change profile info (name, email, etc...)."""
+
+# Invenio-saml
 # ===========
-# See https://invenio-shibboleth.readthedocs.io/en/latest/configuration.html
+# See https://invenio-saml.readthedocs.io/en/latest/configuration.html
 
 SSO_SAML_IDPS = {}
 """Configuration of IDPS. Actual values can be find in to invenio.cfg file"""
@@ -153,13 +158,16 @@ SSO_SAML_DEFAULT_SLS_ROUTE = "/sls/<idp>"
 # ===========
 # See https://invenio-accounts.readthedocs.io/en/latest/configuration.html
 
+ACCOUNTS_LOCAL_LOGIN_ENABLED = True
+"""Allow local login."""
+
 SECURITY_CHANGEABLE = False
 """Allow password change by users."""
 
 SECURITY_RECOVERABLE = False
 """Allow password recovery by users."""
 
-SECURITY_REGISTERABLE = False
+SECURITY_REGISTERABLE = True
 """"Allow users to register.
 
 With this variable set to "False" users will not be
@@ -228,20 +236,22 @@ password from ``users.yaml`` will be used. If that is also absent, a password
 will be generated randomly.
 """
 
-# Custom Access Right
-# RDM_RECORDS_CUSTOM_VOCABULARIES = {
-#     'access_right': {
-#         'path': join(
-#             dirname(abspath(__file__)),
-#             'restrictions', 'access_right', 'access_right_limit.csv'
-#         )
-#     }
-# }
+DATACITE_FORMAT = "{prefix}/{id}"
+"""Customize the generated DOI string."""
+
+DATACITE_DATACENTER_SYMBOL = ""
+""""The OAI-PMH server's metadata format oai_datacite
+that allows you to harvest record from InvenioRDM in DataCite XML needs
+to be configured with your DataCite data center symbol.
+This is only required if you want your records to be harvestable in DataCite XML format.
+"""
 
 # Invenio-app-rdm
 # =========================
 # See https://github.com/inveniosoftware/invenio-app-rdm/blob/master/invenio_app_rdm/config.py
-APP_RDM_DEPOSIT_FORM_DEFAULTS = {}
+APP_RDM_DEPOSIT_FORM_DEFAULTS = {
+    "publisher": "Graz University of Technology",
+}
 """Default values for new records in the deposit UI.
 
 The keys denote the dot-separated path, where in the record's metadata
@@ -250,6 +260,17 @@ If the value is callable, its return value will be used for the field
 (e.g. lambda/function for dynamic calculation of values).
 """
 
+APP_RDM_DEPOSIT_FORM_AUTOCOMPLETE_NAMES = 'off'
+"""Behavior for autocomplete names search field for creators/contributors.
+
+Available options:
+
+- ``search`` (default): Show search field and form always.
+- ``search_only``: Only show search field. Form displayed after selection or
+  explicit "manual" entry.
+- ``off``: Only show person form (no search field).
+"""
+
 SQLALCHEMY_ECHO = False
 """Enable to see all SQL queries."""
 
@@ -311,3 +332,31 @@ reopened regularly.
 
 See https://docs.sqlalchemy.org/en/latest/core/engines.html.
 """
+
+# Redis (cache)
+# ========
+# Cache or Redis configurations
+RATELIMIT_AUTHENTICATED_USER = "25000 per hour;1000 per minute"
+"""Increase defaults for authenticated users."""
+
+RATELIMIT_GUEST_USER = "5000 per hour;500 per minute"
+"""Increase defaults for guest users."""
+
+SESSION_COOKIE_SAMESITE = 'Strict'
+"""Sets cookie with the samesite flag to 'Strict' by default."""
+
+
+# OAI-PMH
+# =======
+# See https://github.com/inveniosoftware/invenio-oaiserver/blob/master/invenio_oaiserver/config.py
+
+OAISERVER_ID_PREFIX = "repository.tugraz.at"
+"""The prefix that will be applied to the generated OAI-PMH ids."""
+
+OAISERVER_ADMIN_EMAILS = [
+    'oai@repository.tugraz.at',
+]
+"""The e-mail addresses of administrators of the repository.
+
+It **must** include one or more instances.
+"""

invenio_config_tugraz/rdm_permissions.py

@@ -53,34 +53,34 @@ Using Custom Generator for a policy:
 Permissions for Invenio (RDM) Records.
 """
 
-from invenio_rdm_records.services import RDMRecordPermissionPolicy
-from invenio_rdm_records.services.config import RDMRecordServiceConfig
-from invenio_rdm_records.services.generators import IfDraft, IfRestricted, RecordOwners
-from invenio_records_permissions.generators import (
-    Admin,
-    AnyUser,
-    AuthenticatedUser,
-    Disable,
-    SuperUser,
-    SystemProcess,
-)
+# from invenio_rdm_records.services import RDMRecordPermissionPolicy
+# from invenio_rdm_records.services.config import RDMRecordServiceConfig
+# from invenio_rdm_records.services.generators import IfDraft, IfRestricted, RecordOwners
+# from invenio_records_permissions.generators import (
+#     Admin,
+#     AnyUser,
+#     AuthenticatedUser,
+#     Disable,
+#     SuperUser,
+#     SystemProcess,
+# )
 
 
-class TUGRAZPermissionPolicy(RDMRecordPermissionPolicy):
-    """Access control configuration for rdm records.
+# class TUGRAZPermissionPolicy(RDMRecordPermissionPolicy):
+#     """Access control configuration for rdm records.
 
-    This overrides the origin:
-    https://github.com/inveniosoftware/invenio-rdm-records/blob/master/invenio_rdm_records/services/permissions.py.
-    Access control configuration for records.
-    Note that even if the array is empty, the invenio_access Permission class
-    always adds the ``superuser-access``, so admins will always be allowed.
-    - Create action given to everyone for now.
-    - Read access given to everyone if public record and given to owners
-      always. (inherited)
-    - Update access given to record owners. (inherited)
-    - Delete access given to admins only. (inherited)
-    """
+#     This overrides the origin:
+#     https://github.com/inveniosoftware/invenio-rdm-records/blob/master/invenio_rdm_records/services/permissions.py.
+#     Access control configuration for records.
+#     Note that even if the array is empty, the invenio_access Permission class
+#     always adds the ``superuser-access``, so admins will always be allowed.
+#     - Create action given to everyone for now.
+#     - Read access given to everyone if public record and given to owners
+#       always. (inherited)
+#     - Update access given to record owners. (inherited)
+#     - Delete access given to admins only. (inherited)
+#     """
 
 
-class TUGRAZRDMRecordServiceConfig(RDMRecordServiceConfig):
-    """Overriding BibliographicRecordServiceConfig."""
+# class TUGRAZRDMRecordServiceConfig(RDMRecordServiceConfig):
+#     """Overriding BibliographicRecordServiceConfig."""

invenio_config_tugraz/templates/security/email/welcome.txt

@@ -4,10 +4,10 @@
 
 {{ _('To help you get started, here are some useful links:') }}
 
-    - {{ _('Guidelines:')}} {{ _('Repository Guide')}} ({{ _('how to upload files')}}) (https://{{ config.SITE_HOSTNAME }}{{ url_for('invenio_theme_tugraz.guide') }})
-    - {{ _('Search Guide')}} (https://{{ config.SITE_HOSTNAME }}/help/search
-    - {{ _('Terms And Conditions') }} (https://{{ config.SITE_HOSTNAME }}{{ url_for('invenio_theme_tugraz.terms') }})
-    - {{ _('Data Protection Rights')}} (https://{{ config.SITE_HOSTNAME }}{{ url_for('invenio_theme_tugraz.gdpr') }})
+    - {{ _('Guidelines:')}} {{ _('Repository Guide')}} ({{ _('how to upload files')}}) (https://{{ config.SITE_HOSTNAME }}{{ url_for('invenio_config_tugraz.guide') }})
+    - {{ _('Search Guide')}} (https://{{ config.SITE_HOSTNAME }}{{url_for('invenio_app_rdm.help_search')}})
+    - {{ _('Terms And Conditions') }} (https://{{ config.SITE_HOSTNAME }}{{ url_for('invenio_config_tugraz.terms') }})
+    - {{ _('Data Protection Rights')}} (https://{{ config.SITE_HOSTNAME }}{{ url_for('invenio_config_tugraz.gdpr') }})
 {% if security.confirmable %}
 {{ _('You can confirm your email through the link below:') }}
 {{ confirmation_link }}">

invenio_config_tugraz/version.py

@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
 #
-# Copyright (C) 2020 Mojib Wali.
+# Copyright (C) 2020-2022 Graz University of Technology.
 #
 # invenio-config-tugraz is free software; you can redistribute it and/or
 # modify it under the terms of the MIT License; see LICENSE file for more
@@ -12,4 +12,4 @@ This file is imported by ``invenio_config_tugraz.__init__``,
 and parsed by ``setup.py``.
 """
 
-__version__ = "0.5.6"
+__version__ = "0.8.3"

invenio_config_tugraz/views.py

@@ -12,33 +12,62 @@ from os import environ
 from typing import Dict
 
 from elasticsearch_dsl.utils import AttrDict
-from flask import Blueprint, current_app
+from flask import Blueprint, current_app, redirect, url_for
+from flask_babelex import get_locale
 
 
 def ui_blueprint(app):
     """Blueprint for the routes and resources provided by invenio-config-tugraz."""
+    routes = app.config.get("CONFIG_TUGRAZ_ROUTES")
+
     blueprint = Blueprint(
         "invenio_config_tugraz",
         __name__,
         template_folder="templates",
+        static_folder="static",
     )
 
+    blueprint.add_url_rule(routes["guide"], view_func=guide)
+    blueprint.add_url_rule(routes["terms"], view_func=terms)
+    blueprint.add_url_rule(routes["gdpr"], view_func=gdpr)
+
     @blueprint.before_app_first_request
     def rank_higher():
-        """Rank this modules blueprint higher than blueprint of security module."""
-        blueprints = current_app._blueprint_order
-        our_index = None
-        security_index = None
+        """Rank this modules blueprint higher than blueprint of security module.
 
-        for index, bp in enumerate(blueprints):
-            if bp.name == "security":
-                security_index = index
-            if bp.name == "invenio_config_tugraz":
-                our_index = index
+        Needed in order to overwrite email templates.
 
-        if (security_index is not None) and (our_index > security_index):
-            temp = blueprints[security_index]
-            blueprints[security_index] = blueprints[our_index]
-            blueprints[our_index] = temp
+        Since the blueprints are in a dict and the order of insertion is
+         retained, popping and reinserting all items (except ours), ensures
+         our blueprint will be in front.
+        """
+        bps = current_app.blueprints
+        for blueprint_name in list(bps.keys()):
+            if blueprint_name != "invenio_config_tugraz":
+                bps.update({blueprint_name: bps.pop(blueprint_name)})
 
     return blueprint
+
+
+def guide():
+    """TUGraz_Repository_Guide."""
+    locale = get_locale()
+    return redirect(url_for('static',
+                            filename=f'documents/TUGraz_Repository_Guide_02_{locale}.pdf',
+                            _external=True))
+
+
+def terms():
+    """Terms_And_Conditions."""
+    locale = get_locale()
+    return redirect(url_for('static',
+                            filename=f'documents/TUGraz_Repository_Terms_And_Conditions_{locale}.pdf',
+                            _external=True))
+
+
+def gdpr():
+    """General_Data_Protection_Rights."""
+    locale = get_locale()
+    return redirect(url_for('static',
+                            filename=f'documents/TUGraz_Repository_General_Data_Protection_Rights_{locale}.pdf',
+                            _external=True))

run-tests.sh

@@ -25,9 +25,9 @@ trap cleanup EXIT
 
 
 python -m check_manifest --ignore ".*-requirements.txt"
-python -m sphinx.cmd.build -qnNW docs docs/_build/html
+python -m sphinx.cmd.build -qnN docs docs/_build/html
 eval "$(docker-services-cli up --db ${DB:-postgresql} --search ${SEARCH:-elasticsearch} --cache ${CACHE:-redis} --env)"
 python -m pytest
 tests_exit_code=$?
-python -m sphinx.cmd.build -qnNW -b doctest docs docs/_build/doctest
+python -m sphinx.cmd.build -qnN -b doctest docs docs/_build/doctest
 exit "$tests_exit_code"

setup.py

@@ -16,13 +16,12 @@ readme = open("README.rst").read()
 history = open("CHANGES.rst").read()
 
 tests_require = [
-    "pytest-invenio>=1.4.0",
-    "invenio-app>=1.3.0,<2.0.0",
+    "pytest-invenio>=1.4.1",
 ]
 
 # Should follow invenio-app-rdm
-invenio_search_version = ">=1.4.0,<1.5.0"
-invenio_db_version = ">=1.0.9,<1.1.0"
+invenio_search_version = ">=1.4.2,<1.5.0"
+invenio_db_version = ">=1.0.11,<1.1.0"
 
 extras_require = {
     "elasticsearch7": [f"invenio-search[elasticsearch7]{invenio_search_version}"],
@@ -30,7 +29,7 @@ extras_require = {
     "postgresql": [f"invenio-db[postgresql,versioning]{invenio_db_version}"],
     "sqlite": [f"invenio-db[versioning]{invenio_db_version}"],
     "docs": [
-        "Sphinx>=3",
+        "Sphinx==4.2.0",
     ],
     "tests": tests_require,
 }
@@ -47,14 +46,13 @@ for name, reqs in extras_require.items():
     extras_require["all"].extend(reqs)
 
 setup_requires = [
-    "Babel>=1.3",
-    "pytest-runner>=3.0.0,<5",
+    "Babel>=2.8,<3",
 ]
 
 install_requires = [
-    "Flask-BabelEx>=0.9.4",
     # keep this in sync with invenioRDM release
-    "invenio_rdm_records>=0.28.0,<0.29.0",
+    "invenio-rdm-records>=0.34.5,<0.35.0",
+    "invenio-cache>=1.1.0"
 ]
 
 packages = find_packages()
@@ -110,6 +108,7 @@ setup(
         "Programming Language :: Python :: 3.6",
         "Programming Language :: Python :: 3.7",
         "Programming Language :: Python :: 3.8",
-        "Development Status :: 3 - Alpha",
+        "Programming Language :: Python :: 3.9",
+        "Development Status :: 5 - Production/Stable",
     ],
 )