bump major

.github/workflows/pypi-publish.yml

@@ -9,3 +9,5 @@ jobs:
   Publish:
     uses: inveniosoftware/workflows/.github/workflows/pypi-publish.yml@master
     secrets: inherit
+    with:
+      babel-compile-catalog: true

CHANGES.rst

@@ -9,6 +9,15 @@
 Changes
 =======
 
+Version 6.0.0 (release 2024-12-04)
+
+- fix: cookie_app and users not using same app
+- test: fix properties not existing anymore
+- tests: fix cookie_jar not existing anymore
+- fix: add translation flag for publishing
+- tests: apply changes for sqlalchemy>=2.0
+- setup: bump major dependencies
+
 Version v5.1.7 (released 2024-11-29)
 
 - datastore: Fix domain fetching on None value

invenio_accounts/__init__.py

@@ -55,7 +55,7 @@
 from .ext import InvenioAccounts, InvenioAccountsREST, InvenioAccountsUI
 from .proxies import current_accounts
 
-__version__ = "5.1.7"
+__version__ = "6.0.0"
 
 __all__ = (
     "__version__",

setup.cfg

@@ -31,11 +31,11 @@ install_requires =
     cryptography>=3.0.0
     Flask-KVSession-Invenio>=0.6.3
     Flask-Security-Invenio>=3.3.0
-    invenio-celery>=1.2.3,<2.0.0
-    invenio-i18n>=2.0.0,<3.0.0
+    invenio-celery>=2.0.0,<3.0.0
+    invenio-i18n>=3.0.0,<4.0.0
     invenio-mail>=1.0.2,<3.0.0
-    invenio-rest>=1.2.4,<2.0.0
-    invenio-theme>=2.0.0,<4.0.0
+    invenio-rest>=2.0.0,<3.0.0
+    invenio-theme>=4.0.0,<5.0.0
     maxminddb-geolite2>=2017.404
     pyjwt>=1.5.0
     simplekv>=0.11.2
@@ -45,16 +45,16 @@ install_requires =
 admin =
     invenio-admin>=1.2.1,<2.0.0
 postgresql =
-    invenio-db[postgresql]>=1.0.14,<2.0.0
+    invenio-db[postgresql]>=2.0.0,<3.0.0
 mysql =
-    invenio-db[mysql]>=1.0.14,<2.0.0
+    invenio-db[mysql]>=2.0.0,<3.0.0
 sqlite =
-    invenio-db>=1.0.14,<2.0.0
+    invenio-db>=2.0.0,<3.0.0
 tests =
     mock>=1.3.0
-    invenio-app>=1.4.0,<2.0.0
+    invenio-app>=2.0.0,<3.0.0
     pytest-black-ng>=0.4.0
-    pytest-invenio>=2.1.4,<3.0.0
+    pytest-invenio>=3.0.0,<4.0.0
     sphinx>=5,<6.0.0
 
 [options.entry_points]

tests/conftest.py

@@ -2,6 +2,7 @@
 #
 # This file is part of Invenio.
 # Copyright (C) 2015-2018 CERN.
+# Copyright (C) 2024 Graz University of Technology.
 #
 # Invenio is free software; you can redistribute it and/or modify it
 # under the terms of the MIT License; see LICENSE file for more details.
@@ -118,6 +119,8 @@ def _app_factory(config=None):
         ACCOUNTS_SETTINGS_TEMPLATE="invenio_accounts/settings/base.html",
         ACCOUNTS_COVER_TEMPLATE="invenio_accounts/base_cover.html",
         WEBPACKEXT_MANIFEST_LOADER=MockManifestLoader,
+        SESSION_COOKIE_SECURE=True,
+        SESSION_COOKIE_DOMAIN="example.com",
     )
 
     app.config.update(config or {})
@@ -158,14 +161,18 @@ def delete_user_from_cache(exception):
 def _database_setup(app, request):
     """Set up the database."""
     with app.app_context():
-        if not database_exists(str(db.engine.url)):
-            create_database(str(db.engine.url))
+        if not database_exists(
+            str(db.engine.url.render_as_string(hide_password=False))
+        ):
+            create_database(str(db.engine.url.render_as_string(hide_password=False)))
         db.create_all()
 
     def teardown():
         with app.app_context():
-            if database_exists(str(db.engine.url)):
-                drop_database(str(db.engine.url))
+            if database_exists(
+                str(db.engine.url.render_as_string(hide_password=False))
+            ):
+                drop_database(str(db.engine.url.render_as_string(hide_password=False)))
             # Delete sessions in kvsession store
             if hasattr(app, "kvsession_store") and isinstance(
                 app.kvsession_store, RedisStore
@@ -208,6 +215,7 @@ def api(request):
             ),
             SERVER_NAME="localhost",
             TESTING=True,
+            SESSION_COOKIE_DOMAIN="localhost",
         )
     )
 
@@ -272,20 +280,6 @@ def task_app(request):
     return app
 
 
-@pytest.fixture
-def cookie_app(request):
-    """Flask application  enabled."""
-    app = _app_factory(
-        dict(
-            SESSION_COOKIE_SECURE=True,
-            SESSION_COOKIE_DOMAIN="example.com",
-        )
-    )
-    InvenioAccounts(app)
-    _database_setup(app, request)
-    return app
-
-
 @pytest.fixture
 def admin_view(app):
     """Admin view fixture."""

tests/test_invenio_accounts.py

@@ -222,25 +222,23 @@ def test_configuration(base_app):
     assert "deadbeef" == app.config["ACCOUNTS_USE_CELERY"]
 
 
-def test_cookies(cookie_app, users):
+def test_cookies(app, users):
     """Test cookies set on login."""
     u = users[0]
 
-    with cookie_app.test_client() as client:
+    with app.test_client() as client:
         res = client.post(
             url_for_security("login"),
             data=dict(email=u["email"], password=u["password"], remember=True),
         )
         assert res.status_code == 302
-        cookies = {c.name: c for c in client.cookie_jar}
-        assert "session" in cookies
-        assert "remember_token" not in cookies
+
+        assert client.get_cookie(key="session", domain="example.com")
+        assert not client.get_cookie("remember_token")
 
         # Cookie must be HTTP only, secure and have a domain specified.
-        for c in cookies.values():
+        for c in client._cookies.values():
             assert c.path == "/"
-            assert c.domain_specified is True, "no domain in {}".format(c.name)
-            assert c.has_nonstandard_attr("HttpOnly")
             assert c.secure is True
 
 
@@ -269,6 +267,6 @@ def test_headers_info(app, users):
         # Login
         testutils.login_user_via_session(client, email=u["email"])
         response = client.get(url)
-        cookie = requests.utils.dict_from_cookiejar(client.cookie_jar)
-        assert response.headers["X-Session-ID"] == cookie["session"].split(".")[0]
+        cookie = client.get_cookie("session", domain="example.com")
+        assert response.headers["X-Session-ID"] == cookie.value.split(".")[0]
         assert int(response.headers["X-User-ID"]) == u["id"]

tests/test_views_rest.py

@@ -2,6 +2,7 @@
 #
 # This file is part of Invenio.
 # Copyright (C) 2016-2024 CERN.
+# Copyright (C) 2024 Graz University of Technology.
 #
 # Invenio is free software; you can redistribute it and/or modify it
 # under the terms of the MIT License; see LICENSE
@@ -65,7 +66,7 @@ def _login_user(client, user, email="[email protected]", password="123456"):
     assert res.status_code == 200
     assert payload["id"] == user.id
     assert payload["email"].lower() == user.email.lower()
-    session_cookie = next(c for c in client.cookie_jar if c.name == "session")
+    session_cookie = client.get_cookie("session")
     assert session_cookie is not None
     assert session_cookie.value
     assert current_user.is_authenticated
@@ -185,7 +186,7 @@ def test_registration_view(api):
             assert res.status_code == 200
             assert payload["id"] == 2
             assert payload["email"] == "[email protected]"
-            session_cookie = next(c for c in client.cookie_jar if c.name == "session")
+            session_cookie = client.get_cookie("session")
             assert session_cookie is not None
             assert session_cookie.value
 
@@ -235,18 +236,14 @@ def test_logout_view(api):
         with app.test_client() as client:
             # Login user
             _login_user(client, normal_user)
-            old_session_cookie = next(
-                c for c in client.cookie_jar if c.name == "session"
-            )
+            old_session_cookie = client.get_cookie("session")
 
             # Log out user
             url = url_for("invenio_accounts_rest_auth.logout")
             res = client.post(url)
             payload = get_json(res)
             assert payload["message"] == "User logged out."
-            new_session_cookie = next(
-                c for c in client.cookie_jar if c.name == "session"
-            )
+            new_session_cookie = client.get_cookie("session")
             assert old_session_cookie.value != new_session_cookie.value
             assert current_user.is_anonymous
 
@@ -315,7 +312,7 @@ def test_reset_password_view(api):
             assert res.status_code == 200
             assert payload["id"] == normal_user.id
             assert payload["email"] == normal_user.email
-            session_cookie = next(c for c in client.cookie_jar if c.name == "session")
+            session_cookie = client.get_cookie("session")
             assert session_cookie is not None
             assert session_cookie.value