alephdata · Rosencrantz · Jun 1, 2022 · Feb 15, 2022 · Feb 24, 2022 · Feb 24, 2022
diff --git a/aleph.env.tmpl b/aleph.env.tmpl
@@ -17,9 +17,6 @@ ALEPH_UI_URL=http://localhost:8080/
 # ALEPH_FAVICON=https://investigativedashboard.org/static/favicon.ico
 # ALEPH_LOGO=http://assets.pudo.org/img/logo_bigger.png
 
-# Other customisations
-ALEPH_SAMPLE_SEARCHES=Vladimir Putin:TeliaSonera
-
 # Set email addresses, separated by colons, that will be made admin.
 # ALEPH_ADMINS=friedrich@pudo.org:demo@pudo.org
 

diff --git a/aleph/model/role.py b/aleph/model/role.py
@@ -177,15 +177,15 @@ def by_api_key(cls, api_key):
         return q.first()
 
     @classmethod
-    def load_or_create(cls, foreign_id, type_, name, email=None, is_admin=None):
+    def load_or_create(cls, foreign_id, type_, name, email=None, is_admin=False):
         role = cls.by_foreign_id(foreign_id)
 
         if role is None:
             role = cls()
             role.foreign_id = foreign_id
             role.name = name or email
             role.type = type_
-            role.is_admin = False
+            role.is_admin = is_admin
             role.is_muted = False
             role.is_tester = False
             role.is_blocked = False
@@ -197,14 +197,6 @@ def load_or_create(cls, foreign_id, type_, name, email=None, is_admin=None):
         if email is not None:
             role.email = email
 
-        if is_admin is not None:
-            role.is_admin = is_admin
-
-        # see: https://github.com/alephdata/aleph/issues/111
-        auto_admins = [a.lower() for a in settings.ADMINS]
-        if email is not None and email.lower() in auto_admins:
-            role.is_admin = True
-
         db.session.add(role)
         db.session.flush()
         return role

diff --git a/aleph/oauth.py b/aleph/oauth.py
@@ -1,10 +1,10 @@
 import logging
-from pprint import pformat  # noqa
 from authlib.jose import JsonWebToken, JsonWebKey
 from authlib.integrations.flask_client import OAuth
 from authlib.jose.errors import DecodeError
 
 from aleph import settings
+from aleph.util import is_auto_admin
 
 oauth = OAuth()
 log = logging.getLogger(__name__)
@@ -92,7 +92,7 @@ def handle_oauth(provider, oauth_token):
             role.foreign_id = role_id
             role.update({"name": name})
     if role is None:
-        role = Role.load_or_create(role_id, Role.USER, name, email=email)
+        role = Role.load_or_create(role_id, Role.USER, name, email=email, is_admin=is_auto_admin(email))
     if not role.is_actor:
         return None
     role.clear_roles()

diff --git a/aleph/tests/test_view_util.py b/aleph/tests/test_view_util.py
@@ -1,7 +1,10 @@
+import json
+
 from lxml.html import document_fromstring
+from werkzeug.exceptions import BadRequest
 
 from aleph.logic.html import sanitize_html
-from aleph.views.util import get_url_path
+from aleph.views.util import get_url_path, validate
 from aleph.tests.util import TestCase
 
 
@@ -32,3 +35,25 @@ def test_sanitize_html(self):
         assert attr == "https://example.org/blockchain", html
         assert html.find(".//a").get("target") == "_blank", html
         assert "nofollow" in html.find(".//a").get("rel"), html
+
+    def test_validate_returns_errors_for_paths(self):
+        # given
+        schema = "RoleCreate" # name min length 4, password min length 6
+        data = json.loads('{"name":"Bob","password":"1234","code":"token"}')
+
+        # then
+        with self.assertRaises(BadRequest) as ctx:
+            validate(data, schema)
+
+        self.assertEqual(ctx.exception.response.get_json().get("errors"), {"name": "'Bob' is too short", "password": "'1234' is too short"})
+
+    def test_validate_concatenates_multiple_errors_for_the_same_path(self):
+        # given
+        schema = "RoleCreate" # requires password and code 
+        data = json.loads('{"wrong":"No password, no code"}')
+
+        # then
+        with self.assertRaises(BadRequest) as ctx:
+            validate(data, schema)
+
+        self.assertEqual(ctx.exception.response.get_json().get("errors"), {"": "'password' is a required property; 'code' is a required property"})
diff --git a/aleph/translations/bs/LC_MESSAGES/aleph.po b/aleph/translations/bs/LC_MESSAGES/aleph.po
@@ -14,7 +14,11 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PROJECT VERSION\n"
 "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n"
+<<<<<<< HEAD
+"POT-Creation-Date: 2022-03-24 13:21+0100\n"
+=======
 "POT-Creation-Date: 2022-03-28 10:50+0200\n"
+>>>>>>> main
 "PO-Revision-Date: 2018-03-15 07:37+0000\n"
 "Last-Translator: Tajna Biscevic <tajna@occrp.org>, 2019\n"
 "Language-Team: Bosnian (https://www.transifex.com/aleph/teams/76591/bs/)\n"

diff --git a/aleph/translations/de/LC_MESSAGES/aleph.po b/aleph/translations/de/LC_MESSAGES/aleph.po
@@ -11,7 +11,11 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PROJECT VERSION\n"
 "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n"
+<<<<<<< HEAD
+"POT-Creation-Date: 2022-03-24 13:21+0100\n"
+=======
 "POT-Creation-Date: 2022-03-28 10:50+0200\n"
+>>>>>>> main
 "PO-Revision-Date: 2018-03-15 07:37+0000\n"
 "Last-Translator: pudo <friedrich@pudo.org>, 2020\n"
 "Language-Team: German (https://www.transifex.com/aleph/teams/76591/de/)\n"

diff --git a/aleph/translations/es/LC_MESSAGES/aleph.po b/aleph/translations/es/LC_MESSAGES/aleph.po
@@ -13,7 +13,11 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PROJECT VERSION\n"
 "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n"
+<<<<<<< HEAD
+"POT-Creation-Date: 2022-03-24 13:21+0100\n"
+=======
 "POT-Creation-Date: 2022-03-28 10:50+0200\n"
+>>>>>>> main
 "PO-Revision-Date: 2018-03-15 07:37+0000\n"
 "Last-Translator: Nathan Jaccard <nathan@occrp.org>, 2020\n"
 "Language-Team: Spanish (https://www.transifex.com/aleph/teams/76591/es/)\n"

diff --git a/aleph/translations/fr/LC_MESSAGES/aleph.po b/aleph/translations/fr/LC_MESSAGES/aleph.po
@@ -12,7 +12,11 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PROJECT VERSION\n"
 "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n"
+<<<<<<< HEAD
+"POT-Creation-Date: 2022-03-24 13:21+0100\n"
+=======
 "POT-Creation-Date: 2022-03-28 10:50+0200\n"
+>>>>>>> main
 "PO-Revision-Date: 2018-03-15 07:37+0000\n"
 "Last-Translator: Jean-Philippe Menotti, 2022\n"
 "Language-Team: French (https://www.transifex.com/aleph/teams/76591/fr/)\n"

diff --git a/aleph/translations/messages.pot b/aleph/translations/messages.pot
@@ -8,7 +8,11 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PROJECT VERSION\n"
 "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n"
+<<<<<<< HEAD
+"POT-Creation-Date: 2022-03-24 13:21+0100\n"
+=======
 "POT-Creation-Date: 2022-03-28 10:50+0200\n"
+>>>>>>> main
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"

diff --git a/aleph/translations/pt_BR/LC_MESSAGES/aleph.po b/aleph/translations/pt_BR/LC_MESSAGES/aleph.po
@@ -11,7 +11,11 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PROJECT VERSION\n"
 "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n"
+<<<<<<< HEAD
+"POT-Creation-Date: 2022-03-24 13:21+0100\n"
+=======
 "POT-Creation-Date: 2022-03-28 10:50+0200\n"
+>>>>>>> main
 "PO-Revision-Date: 2018-03-15 07:37+0000\n"
 "Last-Translator: Laura M <kokoroko2@protonmail.com>, 2019\n"
 "Language-Team: Portuguese (Brazil) (https://www.transifex.com/aleph/teams/76591/pt_BR/)\n"

diff --git a/aleph/translations/ru/LC_MESSAGES/aleph.po b/aleph/translations/ru/LC_MESSAGES/aleph.po
@@ -11,7 +11,11 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PROJECT VERSION\n"
 "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n"
+<<<<<<< HEAD
+"POT-Creation-Date: 2022-03-24 13:21+0100\n"
+=======
 "POT-Creation-Date: 2022-03-28 10:50+0200\n"
+>>>>>>> main
 "PO-Revision-Date: 2018-03-15 07:37+0000\n"
 "Last-Translator: jen occrp, 2021\n"
 "Language-Team: Russian (https://www.transifex.com/aleph/teams/76591/ru/)\n"

diff --git a/aleph/translations/tr/LC_MESSAGES/aleph.po b/aleph/translations/tr/LC_MESSAGES/aleph.po
@@ -11,7 +11,11 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PROJECT VERSION\n"
 "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n"
+<<<<<<< HEAD
+"POT-Creation-Date: 2022-03-24 13:21+0100\n"
+=======
 "POT-Creation-Date: 2022-03-28 10:50+0200\n"
+>>>>>>> main
 "PO-Revision-Date: 2018-03-15 07:37+0000\n"
 "Last-Translator: Pinar Dag <pinar.dag@dagmedya.com>, 2018\n"
 "Language-Team: Turkish (https://www.transifex.com/aleph/teams/76591/tr/)\n"

diff --git a/aleph/util.py b/aleph/util.py
@@ -1,5 +1,6 @@
 import json
 import structlog
+from aleph import settings
 from datetime import datetime, date
 from normality import stringify
 from flask_babel.speaklater import LazyString
@@ -82,3 +83,7 @@ def perform_request(self, method, url, headers=None, params=None, body=None):
             del payload["es_req_body"]
         log.debug("Performed ES request", **payload)
         return result
+
+def is_auto_admin(email):
+    auto_admins = [a.lower() for a in settings.ADMINS]
+    return email is not None and email.lower() in auto_admins
diff --git a/aleph/views/roles_api.py b/aleph/views/roles_api.py
@@ -10,6 +10,7 @@
 from aleph.search import QueryParser, DatabaseQueryResult
 from aleph.model import Role
 from aleph.logic.roles import challenge_role, update_role, create_user, get_deep_role
+from aleph.util import is_auto_admin
 from aleph.views.serializers import RoleSerializer
 from aleph.views.util import require, jsonify, parse_request, obj_or_404
 from aleph.views.context import tag_request
@@ -146,7 +147,7 @@ def create():
             status=409,
         )
 
-    role = create_user(email, data.get("name"), data.get("password"))
+    role = create_user(email, data.get("name"), data.get("password"), is_admin=is_auto_admin(email))
     # Let the serializer return more info about this user
     request.authz = Authz.from_role(role)
     tag_request(role_id=role.id)

diff --git a/aleph/views/util.py b/aleph/views/util.py
@@ -59,11 +59,13 @@ def parse_request(schema):
 def validate(data, schema):
     """Validate the data inside a request against a schema."""
     validator = get_validator(schema)
-    # data = clean_object(data)
     errors = {}
     for error in validator.iter_errors(data):
         path = ".".join((str(c) for c in error.path))
-        errors[path] = error.message
+        if path not in errors:
+            errors[path] = error.message
+        else:
+            errors[path] += '; ' + error.message
         log.info("ERROR [%s]: %s", path, error.message)
 
     if not len(errors):

diff --git a/contrib/aleph-traefik-minio-keycloak/.dockerignore b/contrib/aleph-traefik-minio-keycloak/.dockerignore
@@ -0,0 +1,14 @@
+build
+ui
+helm
+aleph.env
+aleph.egg-info
+docker-compose.*
+celerybeat-schedul*
+contrib/allCountries.zip
+.git
+.vscode
+.github
+.travis.yml
+.env
+.tx
diff --git a/contrib/aleph-traefik-minio-keycloak/.gitignore b/contrib/aleph-traefik-minio-keycloak/.gitignore
@@ -0,0 +1,107 @@
+*.pyc
+*.DS_Store
+.DS_Store
+*.sqlite3
+__pycache__
+balkhashdb
+
+TODO.md
+
+build*
+
+ui/node_modules
+ui/build
+ui/package-lock.json
+ui/i18n/messages.json
+ui/i18n/messages.pot
+ui/**/*.css
+
+services/elasticsearch/secrets
+
+celerybeat-schedule*
+aleph.env
+test_settings.py
+.coverage
+
+npm-debug.log*
+.idea/
+ui/.idea/
+node_modules/*
+.eslintcache
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+env/
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+.vscode/
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*,cover
+.hypothesis/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# pyenv
+.python-version
+
+# dotenv
+.env
+
+# virtualenv
+.venv
+venv/
+ENV/
+
+# Spyder project settings
+.spyderproject
+
+# Rope project settings
+.ropeproject
diff --git a/contrib/aleph-traefik-minio-keycloak/LICENSE.txt b/contrib/aleph-traefik-minio-keycloak/LICENSE.txt
@@ -0,0 +1,22 @@
+MIT License
+
+Copyright (c) 2014-2015 Friedrich Lindenberg
+Copyright (c) 2016-2020 Journalism Development Network, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.