chore: update werkzeug and related package versions (PROJQUAY-5098) (q…

…uay#1982)

* chore: update werkzeug and related package versions (PROJQUAY-5098)

Path converter related change reference: pallets/werkzeug#2506

* Update query count

app.py

@@ -102,7 +102,7 @@
 
 # Fix remote address handling for Flask.
 if app.config.get("PROXY_COUNT", 1):
-    app.wsgi_app = ProxyFix(app.wsgi_app)
+    app.wsgi_app = ProxyFix(app.wsgi_app)  # type: ignore[method-assign]
 
 # Allow user to define a custom storage preference for the local instance.
 _distributed_storage_preference = os.environ.get("QUAY_DISTRIBUTED_STORAGE_PREFERENCE", "").split()
@@ -127,7 +127,7 @@
 # Register additional experimental artifact types.
 # TODO: extract this into a real, dynamic registration system.
 if features.GENERAL_OCI_SUPPORT:
-    for media_type, layer_types in app.config.get("ALLOWED_OCI_ARTIFACT_TYPES").items():
+    for media_type, layer_types in app.config["ALLOWED_OCI_ARTIFACT_TYPES"].items():
         register_artifact_type(media_type, layer_types)
 
 if features.HELM_OCI_SUPPORT:

auth/test/test_registry_jwt.py

@@ -7,7 +7,8 @@
 
 from cryptography.hazmat.primitives import serialization
 
-from app import app, instance_keys
+from app import app as flask_app
+from app import instance_keys
 from auth.auth_context_type import ValidatedAuthContext
 from auth.registry_jwt_auth import identity_from_bearer_token, InvalidJWTException
 from data import model  # TODO: remove this after service keys are decoupled
@@ -16,7 +17,7 @@
 from util.morecollections import AttrDict
 from util.security.registry_jwt import ANONYMOUS_SUB, build_context_and_subject
 
-TEST_AUDIENCE = app.config["SERVER_HOSTNAME"]
+TEST_AUDIENCE = flask_app.config["SERVER_HOSTNAME"]
 TEST_USER = AttrDict({"username": "joeuser", "uuid": "foobar", "enabled": True})
 MAX_SIGNED_S = 3660
 TOKEN_VALIDITY_LIFETIME_S = 60 * 60  # 1 hour

data/userfiles.py

@@ -35,7 +35,7 @@ def get(self, file_id):
                 buffered,
                 mimetype=self._magic.from_buffer(file_header_bytes),
                 as_attachment=True,
-                attachment_filename=file_id,
+                download_name=file_id,
             )
         except IOError:
             logger.exception("Error reading user file")

endpoints/api/__init__.py

@@ -5,6 +5,7 @@
 from email.utils import formatdate
 from functools import partial, wraps
 
+import pytz
 from flask import Blueprint, request, session
 from flask_restful import Resource, abort, Api, reqparse
 from flask_restful.utils import unpack
@@ -441,7 +442,7 @@ def wrapped(*args, **kwargs):
         )
 
         if (
-            last_login >= valid_span
+            last_login.replace(tzinfo=pytz.UTC) >= valid_span.replace(tzinfo=pytz.UTC)
             or not authentication.supports_fresh_login
             or not authentication.has_password_set(user.username)
         ):

endpoints/api/test/test_appspecifictoken.py

@@ -7,8 +7,8 @@
 from test.fixtures import *
 
 
-def test_app_specific_tokens(app, client):
-    with client_with_identity("devtable", client) as cl:
+def test_app_specific_tokens(app):
+    with client_with_identity("devtable", app) as cl:
         # Add an app specific token.
         token_data = {"title": "Testing 123"}
         resp = conduct_api_call(cl, AppTokens, "POST", None, token_data, 200).json
@@ -41,11 +41,11 @@ def test_app_specific_tokens(app, client):
         conduct_api_call(cl, AppToken, "GET", {"token_uuid": token_uuid}, None, 404)
 
 
-def test_delete_expired_app_token(app, client):
+def test_delete_expired_app_token(app):
     user = model.user.get_user("devtable")
     expiration = datetime.now() - timedelta(seconds=10)
     token = model.appspecifictoken.create_token(user, "some token", expiration)
 
-    with client_with_identity("devtable", client) as cl:
+    with client_with_identity("devtable", app) as cl:
         # Delete the token.
         conduct_api_call(cl, AppToken, "DELETE", {"token_uuid": token.uuid}, None, 204)

endpoints/api/test/test_disallow_for_apps.py

@@ -81,7 +81,7 @@
         (BuildTriggerSourceNamespaces, "get", TRIGGER_ARGS),
     ],
 )
-def test_disallowed_for_apps(resource, method, params, client):
+def test_disallowed_for_apps(resource, method, params, app):
     namespace = "devtable"
     repository = "someapprepo"
 
@@ -91,5 +91,5 @@ def test_disallowed_for_apps(resource, method, params, client):
     params = params or {}
     params["repository"] = "%s/%s" % (namespace, repository)
 
-    with client_with_identity("devtable", client) as cl:
+    with client_with_identity("devtable", app) as cl:
         conduct_api_call(cl, resource, method, params, None, 501)

endpoints/api/test/test_disallow_for_nonnormal.py

@@ -54,7 +54,7 @@
         (BuildTriggerSources, "post", TRIGGER_ARGS),
     ],
 )
-def test_disallowed_for_nonnormal(state, resource, method, params, client):
+def test_disallowed_for_nonnormal(state, resource, method, params, app):
     namespace = "devtable"
     repository = "somenewstaterepo"
 
@@ -66,5 +66,5 @@ def test_disallowed_for_nonnormal(state, resource, method, params, client):
     params = params or {}
     params["repository"] = "%s/%s" % (namespace, repository)
 
-    with client_with_identity("devtable", client) as cl:
+    with client_with_identity("devtable", app) as cl:
         conduct_api_call(cl, resource, method, params, {}, 503)

endpoints/api/test/test_endtoend_auth.py

@@ -50,10 +50,10 @@ def test_entity_search(auth_engine, requires_email, client):
             assert entity["kind"] == "external"
 
 
-def test_link_external_entity(auth_engine, requires_email, client):
+def test_link_external_entity(auth_engine, requires_email, app):
     with auth_engine(requires_email=requires_email) as auth:
         with patch("endpoints.api.search.authentication", auth):
-            with client_with_identity("devtable", client) as cl:
+            with client_with_identity("devtable", app) as cl:
                 # Try an unknown user.
                 conduct_api_call(
                     cl,

endpoints/api/test/test_logs.py

@@ -16,16 +16,15 @@
     os.environ.get("TEST_DATABASE_URI", "").find("mysql") >= 0,
     reason="Queue code is very sensitive to times on MySQL, making this flaky",
 )
-def test_export_logs(client):
-    with client_with_identity("devtable", client) as cl:
-        assert export_action_logs_queue.get() is None
+def test_export_logs(app):
+    timecode = time.time()
 
-        timecode = time.time()
+    def get_time():
+        return timecode - 2
 
-        def get_time():
-            return timecode - 2
-
-        with patch("time.time", get_time):
+    with patch("time.time", get_time):
+        with client_with_identity("devtable", app) as cl:
+            assert export_action_logs_queue.get() is None
             # Call to export logs.
             body = {
                 "callback_url": "http://some/url",
@@ -40,13 +39,13 @@ def get_time():
             assert export_action_logs_queue.get() is not None
 
 
-def test_invalid_date_range(client):
+def test_invalid_date_range(app):
     starttime = "02/02/2020"
     endtime = "01/01/2020"
     parsed_starttime, parsed_endtime = _validate_logs_arguments(starttime, endtime)
     assert parsed_starttime >= parsed_endtime
 
-    with client_with_identity("devtable", client) as cl:
+    with client_with_identity("devtable", app) as cl:
         conduct_api_call(
             cl,
             OrgLogs,

endpoints/api/test/test_manifest.py

@@ -6,8 +6,8 @@
 from test.fixtures import *
 
 
-def test_repository_manifest(client):
-    with client_with_identity("devtable", client) as cl:
+def test_repository_manifest(app):
+    with client_with_identity("devtable", app) as cl:
         repo_ref = registry_model.lookup_repository("devtable", "simple")
         tags = registry_model.list_all_active_repository_tags(repo_ref)
         for tag in tags:

endpoints/api/test/test_mirror.py

@@ -50,7 +50,7 @@ def _setup_mirror():
         ("admin", "admin"),
     ],
 )
-def test_create_mirror_sets_permissions(existing_robot_permission, expected_permission, client):
+def test_create_mirror_sets_permissions(existing_robot_permission, expected_permission, app):
     mirror_bot, _ = model.user.create_robot(
         "newmirrorbot", model.user.get_namespace_user("devtable")
     )
@@ -60,7 +60,7 @@ def test_create_mirror_sets_permissions(existing_robot_permission, expected_perm
             mirror_bot.username, "devtable", "simple", existing_robot_permission
         )
 
-    with client_with_identity("devtable", client) as cl:
+    with client_with_identity("devtable", app) as cl:
         params = {"repository": "devtable/simple"}
         request_body = {
             "external_reference": "quay.io/foobar/barbaz",
@@ -79,25 +79,25 @@ def test_create_mirror_sets_permissions(existing_robot_permission, expected_perm
     assert config.root_rule.rule_value == ["latest", "foo", "bar"]
 
 
-def test_get_mirror_does_not_exist(client):
-    with client_with_identity("devtable", client) as cl:
+def test_get_mirror_does_not_exist(app):
+    with client_with_identity("devtable", app) as cl:
         params = {"repository": "devtable/simple"}
         resp = conduct_api_call(cl, RepoMirrorResource, "GET", params, None, 404)
 
 
-def test_get_repo_does_not_exist(client):
-    with client_with_identity("devtable", client) as cl:
+def test_get_repo_does_not_exist(app):
+    with client_with_identity("devtable", app) as cl:
         params = {"repository": "devtable/unicorn"}
         resp = conduct_api_call(cl, RepoMirrorResource, "GET", params, None, 404)
 
 
-def test_get_mirror(client):
+def test_get_mirror(app):
     """
     Verify that performing a `GET` request returns expected and accurate data.
     """
     mirror = _setup_mirror()
 
-    with client_with_identity("devtable", client) as cl:
+    with client_with_identity("devtable", app) as cl:
         params = {"repository": "devtable/simple"}
         resp = conduct_api_call(cl, RepoMirrorResource, "GET", params, None, 200).json
 
@@ -172,13 +172,13 @@ def test_get_mirror(client):
         ("root_rule", {"rule_kind": "incorrect", "rule_value": ["3.1", "3.1*"]}, 400),
     ],
 )
-def test_change_config(key, value, expected_status, client):
+def test_change_config(key, value, expected_status, app):
     """
     Verify that changing each attribute works as expected.
     """
     mirror = _setup_mirror()
 
-    with client_with_identity("devtable", client) as cl:
+    with client_with_identity("devtable", app) as cl:
         params = {"repository": "devtable/simple"}
         if key in ("http_proxy", "https_proxy", "no_proxy"):
             request_body = {"external_registry_config": {"proxy": {key: value}}}
@@ -188,7 +188,7 @@ def test_change_config(key, value, expected_status, client):
             request_body = {key: value}
         conduct_api_call(cl, RepoMirrorResource, "PUT", params, request_body, expected_status)
 
-    with client_with_identity("devtable", client) as cl:
+    with client_with_identity("devtable", app) as cl:
         params = {"repository": "devtable/simple"}
         resp = conduct_api_call(cl, RepoMirrorResource, "GET", params, None, 200)
 
@@ -241,12 +241,12 @@ def test_change_config(key, value, expected_status, client):
         ({"external_registry_username": "", "external_registry_password": ""}, 201),
     ],
 )
-def test_change_credentials(request_body, expected_status, client):
+def test_change_credentials(request_body, expected_status, app):
     """
     Verify credentials can only be modified as a pair.
     """
     mirror = _setup_mirror()
 
-    with client_with_identity("devtable", client) as cl:
+    with client_with_identity("devtable", app) as cl:
         params = {"repository": "devtable/simple"}
         conduct_api_call(cl, RepoMirrorResource, "PUT", params, request_body, expected_status)

endpoints/api/test/test_organization.py

@@ -16,8 +16,8 @@
         (100000000000000000000, 400),
     ],
 )
-def test_change_tag_expiration(expiration, expected_code, client):
-    with client_with_identity("devtable", client) as cl:
+def test_change_tag_expiration(expiration, expected_code, app):
+    with client_with_identity("devtable", app) as cl:
         conduct_api_call(
             cl,
             Organization,
@@ -28,10 +28,10 @@ def test_change_tag_expiration(expiration, expected_code, client):
         )
 
 
-def test_get_organization_collaborators(client):
+def test_get_organization_collaborators(app):
     params = {"orgname": "buynlarge"}
 
-    with client_with_identity("devtable", client) as cl:
+    with client_with_identity("devtable", app) as cl:
         resp = conduct_api_call(cl, OrganizationCollaboratorList, "GET", params)
 
     collaborator_names = [c["name"] for c in resp.json["collaborators"]]

endpoints/api/test/test_permission.py

@@ -17,8 +17,8 @@
         pytest.param("buynlarge/orgrepo", "buynlarge+coolrobot", 200, id="valid robot under org"),
     ],
 )
-def test_robot_permission(repository, username, expected_code, client):
-    with client_with_identity("devtable", client) as cl:
+def test_robot_permission(repository, username, expected_code, app):
+    with client_with_identity("devtable", app) as cl:
         conduct_api_call(
             cl,
             RepositoryUserPermission,