Merge branch 'staging' into stable

.cico.pipeline

@@ -17,7 +17,7 @@
  * Distros we want to test on
  */
 //def ACTIVE_DISTROS = ["f31", "f32", "epel7", "rawhide"]
-def ACTIVE_DISTROS = ["f31", "f32", "latest"]
+def ACTIVE_DISTROS = ["f32", "f33", "latest"]
 
 
 
@@ -42,9 +42,9 @@ ACTIVE_DISTROS.each { fedora ->
                         sh "rm -rf .tox"
                         try {
                             sh "tox --skip-missing-interpreters"
-                            githubNotify context: "CI on ${fedora}", status: 'SUCCESS'
+                            githubNotify context: "CI on ${fedora}", status: 'SUCCESS', credentialsId: 'status-push-cred'
                         } catch(error) {
-                            githubNotify context: "CI on ${fedora}", status: 'FAILURE'
+                            githubNotify context: "CI on ${fedora}", status: 'FAILURE', credentialsId: 'status-push-cred'
                             throw error
                         }
                     }

.github/dependabot.yml

@@ -0,0 +1,17 @@
+version: 2
+updates:
+- package-ecosystem: pip
+  directory: "/"
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 10
+  versioning-strategy: lockfile-only
+  allow:
+  - dependency-type: all
+  ignore:
+  - dependency-name: typed-ast
+    versions:
+    - 1.4.3
+  - dependency-name: pyotp
+    versions:
+    - 2.5.1

.mergify.yml

@@ -11,7 +11,8 @@ pull_request_rules:
   - approved-reviews-by=@fedora-infra/authdev
   - "#approved-reviews-by>=1"
   - status-success=DCO
-  - status-success=CI on f31
+  - status-success=CI on f32
+  - status-success=CI on f33
 
 - name: Sensitive files
   actions:
@@ -25,4 +26,5 @@ pull_request_rules:
   - approved-reviews-by=@fedora-infra/authdev
   - "#approved-reviews-by>=2"
   - status-success=DCO
-  - status-success=CI on f31
+  - status-success=CI on f32
+  - status-success=CI on f33

.rstcheck.cfg

@@ -0,0 +1,2 @@
+[rstcheck]
+ignore_directives = automodule

docs/contributing.rst

@@ -41,11 +41,11 @@ Check out the code and run ``vagrant up``::
     $ cd noggin
     $ vagrant up
 
-Next, SSH into your newly provisioned development environment:
+Next, SSH into your newly provisioned development environment::
 
     $ vagrant ssh
 
-where you can run the following commands:
+where you can run the following commands::
 
     $ noggin-restart
     $ noggin-stop
@@ -193,14 +193,19 @@ Releasing
 When cutting a new release, follow these steps:
 
 #. Update the version in ``pyproject.toml``
+#. Run ``poetry install`` to update the version in the metadata
 #. Add missing authors to the release notes fragments by changing to the ``news`` directory and
    running the ``get-authors.py`` script, but check for duplicates and errors
-#. Generate the release notes by running
-   ``towncrier``
+#. Generate the release notes by running ``towncrier`` (in the base directory)
+#. Adjust the release notes in ``docs/release_notes.rst``.
+#. Generate the docs with ``tox -e docs`` and check them in ``docs/_build/html``.
 #. Commit the changes
+#. Push the commit to the upstream Github repository (via a PR or not).
+#. Change to the stable branch and cherry-pick the commit (or merge if appropriate)
 #. Tag the commit with ``-s`` to generate a signed tag
-#. Push those changes to the upstream Github repository (via a PR or not)
-#. Generate a tarball and push to PyPI with the command ``poetry --build publish``
+#. Push the commit to the upstream Github repository with ``git push``,
+   and the new tag with ``git push --tags``
+#. Generate a tarball and push to PyPI with the command ``poetry publish --build``
 
 
 Translations

docs/release_notes.rst

@@ -4,6 +4,51 @@ Release notes
 
 .. towncrier release notes start
 
+v1.1.0
+======
+
+This is a feature release that adds a few interesting enhancements.
+
+
+Features
+^^^^^^^^
+
+* Add a verification step when enrolling a new OTP token (:issue:`422`).
+* The GPG key ID fields now refuse key IDs shorter than 16 characters, and
+  allow up to 40 characters (the full fingerprint) (:issue:`556`).
+* Paginate the group members list (:issue:`580`).
+
+Bug Fixes
+^^^^^^^^^
+
+* Start messages with capital letter (:pr:`521`).
+* Show more than 100 users on /group/<groupname> (:pr:`550`).
+* Fixed mailto href adding mailto in the template of the group (:pr:`581`).
+* Indirect groups are now included in the user's group list (:issue:`560`).
+* Redirect back to the original page after login (:issue:`574`).
+* Fix the OTP QR code being displayed by default (:issue:`577`).
+
+Documentation Improvements
+^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Add rstcheck to check our rst files (:issue:`1c2205f`).
+* Update the release docs (:issue:`96b08ea`).
+* Fix code-block format in contributing docs (:pr:`595`).
+
+Contributors
+^^^^^^^^^^^^
+
+Many thanks to the contributors of bug reports, pull requests, and pull request
+reviews for this release:
+
+* Aurélien Bompard
+* Chenxiong Qi
+* Josseline Perdomo
+* Rafael Fontenelle
+* Ryan Lerch
+* Vipul Siddhartha
+
+
 v1.0.0
 ======
 

news/1c2205f.docs

@@ -0,0 +1,2 @@
+Add rstcheck to check our rst files
+

news/422.feature

@@ -0,0 +1 @@
+Add a verification step when enrolling a new OTP token

news/556.feature

@@ -0,0 +1 @@
+The GPG key ID fields now refuse key IDs shorter than 16 characters, and allow up to 40 characters (the full fingerprint)

news/560.bug

@@ -0,0 +1 @@
+Indirect groups are now included in the user's group list

news/574.bug

@@ -0,0 +1,2 @@
+Redirect back to the original page after login
+

news/577.bug

@@ -0,0 +1 @@
+Fix the OTP QR code being displayed by default

news/580.feature

@@ -0,0 +1 @@
+Paginate the group members list

news/96b08ea.docs

@@ -0,0 +1 @@
+Update the release docs

news/PR521.bug

@@ -0,0 +1 @@
+Start messages with capital letter

news/PR550.bug

@@ -0,0 +1,2 @@
+Show more than 100 users on /group/<groupname>
+

news/PR581.bug

@@ -0,0 +1,2 @@
+Fixed mailto href adding mailto in the template of the group
+

news/PR595.docs

@@ -0,0 +1,2 @@
+Fix code-block format in contributing docs
+

news/get-authors.py

@@ -19,14 +19,34 @@
 """
 
 import os
+import sys
 from subprocess import check_output
+from argparse import ArgumentParser
 
 
+EXCLUDE = ["dependabot-preview[bot]", "Weblate (bot)"]
+
 last_tag = check_output(
     "git tag | sort -n | tail -n 1", shell=True, universal_newlines=True
+).strip()
+
+args_parser = ArgumentParser()
+args_parser.add_argument(
+    "until",
+    nargs="?",
+    default="HEAD",
+    help="Consider all commits until this one (default: %(default)s).",
+)
+args_parser.add_argument(
+    "since",
+    nargs="?",
+    default=last_tag,
+    help="Consider all commits since this one (default: %(default)s).",
 )
+args = args_parser.parse_args()
+
 authors = {}
-log_range = last_tag.strip() + "..HEAD"
+log_range = args.since + ".." + args.until
 output = check_output(
     ["git", "log", log_range, "--format=%ae\t%an"], universal_newlines=True
 )
@@ -38,6 +58,8 @@
     authors[email] = fullname
 
 for nick, fullname in authors.items():
+    if fullname in EXCLUDE:
+        continue
     filename = "{}.author".format(nick)
     if os.path.exists(filename):
         continue

noggin/controller/authentication.py

@@ -1,5 +1,13 @@
 import python_freeipa
-from flask import current_app, flash, redirect, render_template, session, url_for
+from flask import (
+    current_app,
+    flash,
+    redirect,
+    render_template,
+    request,
+    session,
+    url_for,
+)
 from flask_babel import _
 
 from noggin.form.sync_token import SyncTokenForm
@@ -38,7 +46,13 @@ def handle_login_form(form):
         raise FormError("non_field_errors", _('Could not log in to the IPA server.'))
 
     flash(_('Welcome, %(username)s!', username=username), 'success')
-    return redirect(url_for('.user', username=username))
+    next = request.args.get("next")
+    # Keep the same domain
+    if next and not next.startswith("/"):
+        next = None
+    if next is None:
+        next = url_for('.user', username=username)
+    return redirect(next)
 
 
 @bp.route('/otp/sync/', methods=['GET', 'POST'])

noggin/controller/group.py

@@ -22,13 +22,12 @@ def group(ipa, groupname):
     sponsor_form = AddGroupMemberForm(groupname=groupname)
     remove_form = RemoveGroupMemberForm(groupname=groupname)
 
-    members = [User(u) for u in ipa.user_find(in_group=groupname)['result']]
+    members = paginated_find(ipa, User, in_group=groupname, default_page_size=48)
 
     batch_methods = [
         {"method": "user_find", "params": [[], {"uid": sponsorname, 'all': True}]}
         for sponsorname in group.sponsors
     ]
-
     # Don't call remote batch method with an empty list
     if batch_methods:
         sponsors = [