Fix bandit github action

Team334 · Nov 19, 2024 · 988f4b5 · 988f4b5
1 parent 61190a9
commit 988f4b5
Show file tree

Hide file tree

Showing 10 changed files with 334 additions and 343 deletions.
diff --git a/.github/workflows/bandit.yml b/.github/workflows/bandit.yml
@@ -6,24 +6,23 @@ jobs:
   bandit:
     runs-on: ubuntu-latest
     steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
       - name: Set up Python 3.9
-          uses: actions/setup-python@v5
-          with:
-            python-version: 3.9
+        uses: actions/setup-python@v5
+        with:
+          python-version: 3.9
+
       - name: Install Bandit
         shell: bash
         run: pip install bandit[sarif]
 
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
       - name: Scan
         shell: bash
-        run: bandit -c bandit.yml -r -f sarif -o resulat.sarif .
+        run: bandit -c bandit.yml -r -f sarif -o results.sarif .
 
       - name: Upload SARIF file
         uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: results.sarif
-
-
diff --git a/app/app.py b/app/app.py
@@ -13,29 +13,28 @@
 
 
 def create_app():
-    app = Flask(__name__, static_folder='static', template_folder='templates')
+    app = Flask(__name__, static_folder="static", template_folder="templates")
 
     # Load config
     load_dotenv()
     app.config.update(
-        SECRET_KEY=os.getenv('SECRET_KEY', 'team334'),
+        SECRET_KEY=os.getenv("SECRET_KEY", "team334"),
         SESSION_COOKIE_HTTPONLY=True,
         SESSION_COOKIE_SECURE=True,
-        MONGO_URI=os.getenv(
-            'MONGO_URI', 'mongodb://localhost:27017/scouting_app')
+        MONGO_URI=os.getenv("MONGO_URI", "mongodb://localhost:27017/scouting_app"),
     )
 
     mongo.init_app(app)
 
     with app.app_context():
-        if 'team_data' not in mongo.db.list_collection_names():
-            mongo.db.create_collection('team_data')
-        if 'users' not in mongo.db.list_collection_names():
-            mongo.db.create_collection('users')
+        if "team_data" not in mongo.db.list_collection_names():
+            mongo.db.create_collection("team_data")
+        if "users" not in mongo.db.list_collection_names():
+            mongo.db.create_collection("users")
 
     login_manager.init_app(app)
-    login_manager.login_view = 'auth.login'
-    login_manager.login_message_category = 'error'
+    login_manager.login_view = "auth.login"
+    login_manager.login_message_category = "error"
 
     try:
         user_manager = UserManager(app.config["MONGO_URI"])
@@ -57,16 +56,16 @@ def load_user(user_id):
     from auth.routes import auth_bp
     from scout.routes import scouting_bp
 
-    app.register_blueprint(auth_bp, url_prefix='/auth')
-    app.register_blueprint(scouting_bp, url_prefix='/')
+    app.register_blueprint(auth_bp, url_prefix="/auth")
+    app.register_blueprint(scouting_bp, url_prefix="/")
 
-    @app.route('/')
+    @app.route("/")
     def index():
-        return render_template('index.html')
+        return render_template("index.html")
 
     return app
 
 
-if __name__ == '__main__':
+if __name__ == "__main__":
     app = create_app()
     app.run()
diff --git a/app/auth/__init__.py b/app/auth/__init__.py
@@ -3,9 +3,9 @@
 
 
 all = [
-    'check_password_strength',
-    'require_admin',
-    'UserManager',
-    'init_auth_routes',
-    'auth_bp',
+    "check_password_strength",
+    "require_admin",
+    "UserManager",
+    "init_auth_routes",
+    "auth_bp",
 ]
diff --git a/app/auth/auth_utils.py b/app/auth/auth_utils.py
@@ -23,13 +23,15 @@ async def wrapper(*args, **kwargs):
                     last_error = e
                     if attempt < retries - 1:  # don't sleep on last attempt
                         logger.warning(
-                            f"Attempt {attempt + 1} failed: {str(e)}. Retrying...")
+                            f"Attempt {attempt + 1} failed: {str(e)}. Retrying..."
+                        )
                         time.sleep(delay)
                     else:
-                        logger.error(
-                            f"All {retries} attempts failed: {str(e)}")
+                        logger.error(f"All {retries} attempts failed: {str(e)}")
             raise last_error
+
         return wrapper
+
     return decorator
 
 
@@ -54,16 +56,15 @@ def connect(self):
         """Establish connection to MongoDB with basic error handling"""
         try:
             if self.client is None:
-                self.client = MongoClient(
-                    self.mongo_uri, serverSelectionTimeoutMS=5000)
+                self.client = MongoClient(self.mongo_uri, serverSelectionTimeoutMS=5000)
                 # Test the connection
                 self.client.server_info()
                 self.db = self.client.get_default_database()
                 logger.info("Successfully connected to MongoDB")
 
                 # Ensure users collection exists
-                if 'users' not in self.db.list_collection_names():
-                    self.db.create_collection('users')
+                if "users" not in self.db.list_collection_names():
+                    self.db.create_collection("users")
                     logger.info("Created users collection")
         except Exception as e:
             logger.error(f"Failed to connect to MongoDB: {str(e)}")
@@ -78,21 +79,20 @@ def ensure_connected(self):
                 # Test if connection is still alive
                 self.client.server_info()
         except Exception:
-            logger.warning(
-                "Lost connection to MongoDB, attempting to reconnect...")
+            logger.warning("Lost connection to MongoDB, attempting to reconnect...")
             self.connect()
 
     @with_mongodb_retry(retries=3, delay=2)
-    async def create_user(self, email, username, password, team_number, role='user'):
+    async def create_user(self, email, username, password, team_number, role="user"):
         """Create a new user with retry mechanism"""
         self.ensure_connected()
         try:
             # Check for existing email
-            if self.db.users.find_one({'email': email}):
+            if self.db.users.find_one({"email": email}):
                 return False, "Email already registered"
 
             # Check for existing username
-            if self.db.users.find_one({'username': username}):
+            if self.db.users.find_one({"username": username}):
                 return False, "Username already taken"
 
             # Check password strength
@@ -102,13 +102,13 @@ async def create_user(self, email, username, password, team_number, role='user')
 
             # Create user document
             user_data = {
-                'email': email,
-                'username': username,
-                'team_number': int(team_number),
-                'password_hash': generate_password_hash(password),
-                'role': role,
-                'created_at': datetime.now(timezone.utc),
-                'last_login': None,
+                "email": email,
+                "username": username,
+                "team_number": int(team_number),
+                "password_hash": generate_password_hash(password),
+                "role": role,
+                "created_at": datetime.now(timezone.utc),
+                "last_login": None,
             }
 
             result = self.db.users.insert_one(user_data)
@@ -125,14 +125,14 @@ async def authenticate_user(self, login, password):
         self.ensure_connected()
         try:
             if user_data := self.db.users.find_one(
-                {'$or': [{'email': login}, {'username': login}]}
+                {"$or": [{"email": login}, {"username": login}]}
             ):
                 user = User.create_from_db(user_data)
                 if user and user.check_password(password):
                     # Update last login
                     self.db.users.update_one(
-                        {'_id': user._id},
-                        {'$set': {'last_login': datetime.now(timezone.utc)}},
+                        {"_id": user._id},
+                        {"$set": {"last_login": datetime.now(timezone.utc)}},
                     )
                     logger.info(f"Successful login: {login}")
                     return True, user
@@ -147,7 +147,8 @@ def get_user_by_id(self, user_id):
         self.ensure_connected()
         try:
             from bson.objectid import ObjectId
-            user_data = self.db.users.find_one({'_id': ObjectId(user_id)})
+
+            user_data = self.db.users.find_one({"_id": ObjectId(user_id)})
             return User.create_from_db(user_data) if user_data else None
         except Exception as e:
             logger.error(f"Error loading user: {str(e)}")

diff --git a/app/auth/routes.py b/app/auth/routes.py
@@ -1,4 +1,12 @@
-from flask import Blueprint, current_app, render_template, redirect, url_for, request, flash
+from flask import (
+    Blueprint,
+    current_app,
+    render_template,
+    redirect,
+    url_for,
+    request,
+    flash,
+)
 from flask_login import login_required, login_user, current_user, logout_user
 from auth.auth_utils import UserManager
 import asyncio
@@ -18,10 +26,11 @@ def async_route(f):
     @wraps(f)
     def wrapper(*args, **kwargs):
         return run_async(f(*args, **kwargs))
+
     return wrapper
 
 
-auth_bp = Blueprint('auth', __name__)
+auth_bp = Blueprint("auth", __name__)
 user_manager = None
 
 
@@ -31,87 +40,82 @@ def on_blueprint_init(state):
     user_manager = UserManager(state.app.config["MONGO_URI"])
 
 
-@auth_bp.route('/login', methods=['GET', 'POST'])
+@auth_bp.route("/login", methods=["GET", "POST"])
 @async_route
 async def login():
     if current_user.is_authenticated:
-        return redirect(url_for('index'))
+        return redirect(url_for("index"))
 
     form_data = {}
-    if request.method == 'POST':
-        login = request.form.get('login', '').strip()
-        password = request.form.get('password', '').strip()
-        remember = bool(request.form.get('remember', False))
+    if request.method == "POST":
+        login = request.form.get("login", "").strip()
+        password = request.form.get("password", "").strip()
+        remember = bool(request.form.get("remember", False))
 
-        form_data = {
-            'login': login,
-            'remember': remember
-        }
+        form_data = {"login": login, "remember": remember}
 
         if not login or not password:
-            flash('Please provide both login and password', 'error')
-            return render_template('auth/login.html', form_data=form_data)
+            flash("Please provide both login and password", "error")
+            return render_template("auth/login.html", form_data=form_data)
 
         try:
             success, user = await user_manager.authenticate_user(login, password)
             if success and user:
                 login_user(user, remember=remember)
-                next_page = request.args.get('next')
-                if not next_page or not next_page.startswith('/'):
-                    next_page = url_for('index')
-                flash('Successfully logged in', 'success')
+                next_page = request.args.get("next")
+                if not next_page or not next_page.startswith("/"):
+                    next_page = url_for("index")
+                flash("Successfully logged in", "success")
                 return redirect(next_page)
             else:
-                flash('Invalid login credentials', 'error')
+                flash("Invalid login credentials", "error")
         except Exception as e:
-            flash(f'An error occurred during login: {str(e)}', 'error')
+            flash(f"An error occurred during login: {str(e)}", "error")
 
-    return render_template('auth/login.html', form_data=form_data)
+    return render_template("auth/login.html", form_data=form_data)
 
 
-@auth_bp.route('/register', methods=['GET', 'POST'])
+@auth_bp.route("/register", methods=["GET", "POST"])
 @async_route
 async def register():
     if current_user.is_authenticated:
-        return redirect(url_for('index'))
+        return redirect(url_for("index"))
 
     form_data = {}
-    if request.method == 'POST':
-        email = request.form.get('email', '').strip().lower()
-        username = request.form.get('username', '').strip()
-        password = request.form.get('password', '').strip()
-        confirm_password = request.form.get('confirm_password', '').strip()
-        team_number = request.form.get('teamNumber', 0)
-
-        form_data = {
-            'email': email,
-            'username': username,
-            'team_number': team_number
-        }
+    if request.method == "POST":
+        email = request.form.get("email", "").strip().lower()
+        username = request.form.get("username", "").strip()
+        password = request.form.get("password", "").strip()
+        confirm_password = request.form.get("confirm_password", "").strip()
+        team_number = request.form.get("teamNumber", 0)
+
+        form_data = {"email": email, "username": username, "team_number": team_number}
 
         if not all([email, username, password, confirm_password]):
-            flash('All fields are required', 'error')
-            return render_template('auth/register.html', form_data=form_data)
+            flash("All fields are required", "error")
+            return render_template("auth/register.html", form_data=form_data)
 
         if password != confirm_password:
-            flash('Passwords do not match', 'error')
-            return render_template('auth/register.html', form_data=form_data)
+            flash("Passwords do not match", "error")
+            return render_template("auth/register.html", form_data=form_data)
 
         try:
-            success, message = await user_manager.create_user(email, username, password, team_number)
+            success, message = await user_manager.create_user(
+                email, username, password, team_number
+            )
             if success:
-                flash('Registration successful! Please login.', 'success')
-                return redirect(url_for('auth.login'))
-            flash(message, 'error')
+                flash("Registration successful! Please login.", "success")
+                return redirect(url_for("auth.login"))
+            flash(message, "error")
         except Exception as e:
-            flash(f'An error occurred during registration: {str(e)}', 'error')
+            flash(f"An error occurred during registration: {str(e)}", "error")
 
-    return render_template('auth/register.html', form_data=form_data)
+    return render_template("auth/register.html", form_data=form_data)
 
 
-@auth_bp.route('/logout')
+@auth_bp.route("/logout")
 @login_required
 def logout():
     logout_user()
-    flash('Successfully logged out', 'success')
-    return redirect(url_for('auth.login'))
+    flash("Successfully logged out", "success")
+    return redirect(url_for("auth.login"))