ComputerScienceHouse · pikachu0542 · Oct 21, 2025 · Apr 14, 2024 · Aug 31, 2024 · Sep 2, 2024
diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml
@@ -15,7 +15,7 @@ jobs:
 
     strategy:
       matrix:
-        python-version: [3.8, 3.9]
+        python-version: [3.12]
 
     steps:
       - name: Install ldap dependencies

diff --git a/.pylintrc b/.pylintrc
@@ -9,7 +9,6 @@ disable =
 	duplicate-code,
 	no-member,
 	parse-error,
-	bad-continuation,
 	too-few-public-methods,
 	global-statement,
 	cyclic-import,
@@ -18,14 +17,11 @@ disable =
 
 [REPORTS]
 output-format = text
-files-output = no
 reports = no
 
 [FORMAT]
 max-line-length = 120
-max-statement-lines = 75
 single-line-if-stmt = no
-no-space-check = trailing-comma,dict-separator
 max-module-lines = 1000
 indent-string = '    '
 
@@ -73,8 +69,6 @@ good-names=logger,id,ID
 # Bad variable names which should always be refused, separated by a comma
 bad-names=foo,bar,baz,toto,tutu,tata
 
-# List of builtins function names that should not be used, separated by a comma
-bad-functions=apply,input
 
 
 [DESIGN]
@@ -90,4 +84,4 @@ min-public-methods = 2
 max-public-methods = 20
 
 [EXCEPTIONS]
-overgeneral-exceptions = Exception
+overgeneral-exceptions = builtins.Exception
diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,5 @@
-FROM docker.io/python:3.8-buster
-MAINTAINER Devin Matte <matted@csh.rit.edu>
+FROM docker.io/python:3.12-bookworm
+MAINTAINER Computer Science House <webmaster@csh.rit.edu>
 
 RUN mkdir /opt/conditional
 
@@ -8,19 +8,23 @@ ADD requirements.txt /opt/conditional
 WORKDIR /opt/conditional
 
 RUN apt-get -yq update && \
-    apt-get -yq install libsasl2-dev libldap2-dev libssl-dev gcc g++ make && \
+    apt-get -yq install libsasl2-dev libldap2-dev libldap-common libssl-dev gcc g++ make && \
     pip install -r requirements.txt && \
     apt-get -yq clean all
 
+ENV NVM_DIR /usr/local/nvm
+ENV NODE_VERSION v10.24.1
+RUN mkdir -p $NVM_DIR
+
+RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.0/install.sh | bash
+
+RUN /bin/bash -c "source $NVM_DIR/nvm.sh && nvm install $NODE_VERSION"
+
 ADD . /opt/conditional
 
-RUN curl -sL https://deb.nodesource.com/setup_10.x | bash - && \
-    apt-get -yq update && \
-    apt-get -yq install nodejs && \
-    npm install && \
-    npm run production && \
-    rm -rf node_modules && \
-    apt-get -yq remove nodejs npm && \
+RUN /bin/bash -c "source $NVM_DIR/nvm.sh && nvm use --delete-prefix $NODE_VERSION && npm install && npm run production"
+
+RUN rm -rf node_modules && \
     apt-get -yq clean all
 
 RUN ln -sf /usr/share/zoneinfo/America/New_York /etc/localtime

diff --git a/conditional/__init__.py b/conditional/__init__.py
@@ -3,10 +3,11 @@
 
 import structlog
 from csh_ldap import CSHLDAP
-from flask import Flask, redirect, render_template, g
+from flask import Flask, redirect, render_template, request, g
 from flask_migrate import Migrate
 from flask_gzip import Gzip
 from flask_pyoidc.flask_pyoidc import OIDCAuthentication
+from flask_pyoidc.provider_configuration import ProviderConfiguration, ClientMetadata
 from flask_sqlalchemy import SQLAlchemy
 
 import sentry_sdk
@@ -39,8 +40,10 @@
                app.config['LDAP_BIND_PW'],
                ro=app.config['LDAP_RO'])
 
-auth = OIDCAuthentication(app, issuer=app.config["OIDC_ISSUER"],
-                          client_registration_info=app.config["OIDC_CLIENT_CONFIG"])
+client_metadata = ClientMetadata(app.config["OIDC_CLIENT_CONFIG"])
+provider_config = ProviderConfiguration(issuer=app.config["OIDC_ISSUER"], client_registration_info=client_metadata)
+
+auth = OIDCAuthentication({'default': provider_config}, app)
 
 app.secret_key = app.config["SECRET_KEY"]
 
@@ -55,7 +58,6 @@ def start_of_year():
 # pylint: disable=C0413
 from .models.models import UserLog
 
-
 # Configure Logging
 def request_processor(logger, log_method, event_dict):  # pylint: disable=unused-argument, redefined-outer-name
     if 'request' in event_dict:
@@ -99,6 +101,7 @@ def database_processor(logger, log_method, event_dict):  # pylint: disable=unuse
 # pylint: disable=wrong-import-order
 from conditional.util import context_processors
 from conditional.util.auth import get_user
+from conditional.util.member import gatekeep_status
 from .blueprints.dashboard import dashboard_bp  # pylint: disable=ungrouped-imports
 from .blueprints.attendance import attendance_bp
 from .blueprints.major_project_submission import major_project_bp
@@ -137,7 +140,7 @@ def static_proxy(path):
 
 
 @app.route('/')
-@auth.oidc_auth
+@auth.oidc_auth("default")
 def default_route():
     return redirect('/dashboard')
 
@@ -156,12 +159,25 @@ def health():
     return {'status': 'ok'}
 
 
+@app.route("/gatekeep/<username>")
+def gatekeep(username):
+    token = request.headers.get("X-VOTE-TOKEN", "")
+    if token != app.config["VOTE_TOKEN"]:
+        return "Users cannot access this page", 403
+    try:
+        gatekeep_data = gatekeep_status(username)
+    except KeyError:
+        return "", 404
+
+    return gatekeep_data, 200
+
+
 @app.errorhandler(404)
 @app.errorhandler(500)
-@auth.oidc_auth
+@auth.oidc_auth("default")
 @get_user
 def route_errors(error, user_dict=None):
-    data = dict()
+    data = {}
 
     # Handle the case where the header isn't present
     if user_dict['username'] is not None: