env(reqs): Update with latest packages

pvj · pvj · commit 5455d110226d · 2026-01-04T21:00:10.000+01:00
- Flask-Security
 - Marshmallow
 - Flask-WTF
 - Flask3
diff --git a/arcsi/api/show.py b/arcsi/api/show.py
@@ -5,7 +5,7 @@
 from flask import current_app as app
 from flask_security import auth_token_required, roles_required, roles_accepted
 from marshmallow import fields, post_load, Schema
-from marshmallow.validate import Length
+from marshmallow.validate import Length, Range
 from sqlalchemy import func
 
 from . import arcsi
@@ -35,7 +35,7 @@ class ShowDetailsSchema(Schema):
     cover_image_url = fields.Str(dump_only=True)
     language = fields.Str(validate=Length(min=5))
     playlist_name = fields.Str()
-    frequency = fields.Int(validate=Length(equal=1))
+    frequency = fields.Int(validate=Range(max=31, min=0))
     contact_address = fields.Email()
     week = fields.Int()
     day = fields.Int()
diff --git a/arcsi/api/tag.py b/arcsi/api/tag.py
@@ -1,7 +1,6 @@
 from flask import make_response
 from flask_security import auth_token_required
 from marshmallow import fields, post_load, Schema
-from marshmallow.validate import Length
 
 from arcsi.handler.upload import DoArchive
 from arcsi.api import arcsi
@@ -11,7 +10,8 @@
 
 class TagDetailsSchema(Schema):
     id = fields.Int()
-    display_name = fields.Str(required=True, validate=Length(min=3))
+    # TODO Display name must have min length of 3 chars validated. Right now, error with sending empty tag prevents that
+    display_name = fields.Str(required=True)
     clean_name = fields.Str(dump_only=True)
     icon = fields.Str(dump_only=True)
     items = fields.Nested(
diff --git a/arcsi/api/user.py b/arcsi/api/user.py
@@ -1,6 +1,5 @@
 from flask import jsonify, make_response, request
 from flask_security import roles_required
-from flask_security.utils import verify_password
 from marshmallow import fields, post_load, Schema
 
 from arcsi.api import arcsi
@@ -63,12 +62,12 @@ def get_api_token():
         return make_response(
             jsonify("Only accepts multipart/form-data for now, sorry"), 503, headers
         )
-    show_metadata = request.form.to_dict()
-    name = show_metadata["name"]
-    password = show_metadata["password"]
+    user_metadata = request.form.to_dict()
+    name = user_metadata["name"]
+    password = user_metadata["password"]
     user_query = User.query.filter_by(name=name)
-    user = user_query.first_or_404()
-    if user and verify_password(password, user.password):
+    user = user_query.first()
+    if user and user.verify_and_update_password(password):
         token = user.get_auth_token()
         ret = {"api_token": token}
         return make_response(jsonify(ret), 200, headers)
diff --git a/arcsi/model/user.py b/arcsi/model/user.py
@@ -7,7 +7,7 @@
 class User(db.Model, UserMixin):
     __tablename__ = "users"
     id = db.Column(db.Integer, primary_key=True)
-    fs_uniquifier = db.Column(db.String(64), nullable=False)
+    fs_uniquifier = db.Column(db.String(64), unique=True, nullable=False)
     name = db.Column(db.String(), unique=True)
     email = db.Column(db.String(), unique=True, nullable=False)
     password = db.Column(db.String(128), nullable=False)
@@ -23,7 +23,6 @@ class User(db.Model, UserMixin):
         # TODO will this work ?
         cascade_backrefs=False,
     )
-    fs_uniquifier = db.Column(db.String(64), unique=True, nullable=True)
 
     def __repr__(self):
         return "<Host {}>".format(self.name)
diff --git a/migrations/versions/3706280441e5_populate_users_fs_uniquifier.py b/migrations/versions/3706280441e5_populate_users_fs_uniquifier.py
diff --git a/migrations/versions/6fa7d5c511aa_add_column_fs_uniquifier_to_rel_users.py b/migrations/versions/6fa7d5c511aa_add_column_fs_uniquifier_to_rel_users.py
diff --git a/requirements.txt b/requirements.txt
@@ -1,48 +1,49 @@
-alembic<=2
-
-blinker==1.9.0 # from Flask-Mail
-boto3<=2
-botocore<=2
-
-
-
-Click==8.2.1 # from Flask
-
-
-Flask<=4.0.0
-
-Flask-CKEditor>=1.0.0
-Flask-Login>=0.6.2
-
-Flask-Migrate>=2.5.2
-
-Flask-Security>=4.1.6
-Flask-SQLAlchemy>=3.1.1
-Flask-Swagger-UI>=3.25.0
-
-
-gunicorn==20.0.4
-
-
-
-
-
-
-marshmallow>=3.6.0
-mutagen==1.44.0
-
-
-psycopg2
-
-
-python-slugify>=4.0.1
-pytz
-requests>=2.31.0
-
-six>=1.17.0 # from python-dateutil
-
-SQLAlchemy>=1.5.0
-
-
-Werkzeug>=2.2.3
-WTForms>=2.3.1
+alembic==1.17.2
+argon2-cffi==25.1.0
+argon2-cffi-bindings==25.1.0
+bcrypt==5.0.0
+blinker==1.9.0
+boto3==1.42.21
+botocore==1.42.21
+certifi==2025.11.12
+cffi==2.0.0
+charset-normalizer==3.4.4
+click==8.3.1
+dnspython==2.8.0
+email-validator==2.3.0
+Flask==3.1.2
+Flask-CKEditor==1.0.0
+Flask-Login==0.6.3
+Flask-Mail==0.10.0
+Flask-Migrate==4.1.0
+Flask-Principal==0.4.0
+Flask-Security==5.7.1
+Flask-SQLAlchemy==3.1.1
+flask-swagger-ui==5.21.0
+Flask-WTF==1.2.2
+greenlet==3.3.0
+gunicorn==23.0.0
+idna==3.11
+itsdangerous==2.2.0
+Jinja2==3.1.6
+jmespath==1.0.1
+libpass==1.9.3
+Mako==1.3.10
+MarkupSafe==3.0.3
+marshmallow==4.1.2
+mutagen==1.47.0
+packaging==25.0
+psycopg2==2.9.11
+pycparser==2.23
+python-dateutil==2.9.0.post0
+python-slugify==8.0.4
+pytz==2025.2
+requests==2.32.5
+s3transfer==0.16.0
+six==1.17.0
+SQLAlchemy==2.0.45
+text-unidecode==1.3
+typing_extensions==4.15.0
+urllib3==2.6.2
+Werkzeug==3.1.4
+WTForms==3.2.1
