def update_session(session): """ Updates and reloads stored session data, triggers reloading of config.js by changing config_ts """ dbo = session.dbo locale = configuration.locale(dbo) theme = "asm" loverride = get_locale_override(dbo, session.user) if loverride != "": al.debug( "user %s has locale override of %s set, switching." % (session.user, loverride), "users.update_session", dbo) locale = loverride toverride = get_theme_override(dbo, session.user) if toverride != "": al.debug( "user %s has theme override of %s set, switching." % (session.user, toverride), "users.update_session", dbo) theme = toverride dbo.locale = locale if not dbo.is_large_db: dbo.is_large_db = dbo.query_int("SELECT COUNT(*) FROM owner") > 4000 or \ dbo.query_int("SELECT COUNT(*) FROM animal") > 2000 session.locale = locale session.theme = theme session.config_ts = i18n.format_date("%Y%m%d%H%M%S", i18n.now())
def update_session(session): """ Updates and reloads stored session data """ dbo = session.dbo locale = configuration.locale(dbo) theme = configuration.system_theme(dbo) loverride = get_locale_override(dbo, session.user) if loverride != "": al.debug( "user %s has locale override of %s set, switching." % (session.user, loverride), "users.update_session", dbo) locale = loverride toverride = get_theme_override(dbo, session.user) if toverride != "": al.debug( "user %s has theme override of %s set, switching." % (session.user, toverride), "users.update_session", dbo) theme = toverride dbo.locale = locale dbo.is_large_db = db.query_int(dbo, "SELECT COUNT(*) FROM animal") > 10000 session.locale = locale session.theme = theme session.config_ts = time.strftime("%Y%m%d%H%M%S", datetime.datetime.today().timetuple())
def update_session(session): """ Updates and reloads stored session data """ dbo = session.dbo locale = configuration.locale(dbo) theme = configuration.system_theme(dbo) loverride = get_locale_override(dbo, session.user) if loverride != "": al.debug("user %s has locale override of %s set, switching." % (session.user, loverride), "users.update_session", dbo) locale = loverride toverride = get_theme_override(dbo, session.user) if toverride != "": al.debug("user %s has theme override of %s set, switching." % (session.user, toverride), "users.update_session", dbo) theme = toverride dbo.locale = locale dbo.is_large_db = db.query_int(dbo, "SELECT COUNT(*) FROM animal") > 10000 session.locale = locale session.theme = theme session.config_ts = time.strftime("%Y%m%d%H%M%S", datetime.datetime.today().timetuple())
def update_session(session): """ Updates and reloads stored session data """ dbo = session.dbo locale = configuration.locale(dbo) theme = "asm" loverride = get_locale_override(dbo, session.user) if loverride != "": al.debug("user %s has locale override of %s set, switching." % (session.user, loverride), "users.update_session", dbo) locale = loverride toverride = get_theme_override(dbo, session.user) if toverride != "": al.debug("user %s has theme override of %s set, switching." % (session.user, toverride), "users.update_session", dbo) theme = toverride dbo.locale = locale if not dbo.is_large_db: dbo.is_large_db = db.query_int(dbo, "SELECT COUNT(*) FROM owner") > 4000 or \ db.query_int(dbo, "SELECT COUNT(*) FROM animal") > 2000 session.locale = locale session.theme = theme session.config_ts = i18n.format_date("%Y%m%d%H%M%S", i18n.now())
def run(dbo, mode): # If the task is maint_db_install, then there won't be a # locale or timezone to read if mode == "maint_db_install": dbo.locale = LOCALE dbo.timezone = TIMEZONE else: # Get the locale and timezone from the system dbo.locale = configuration.locale(dbo) dbo.timezone = configuration.timezone(dbo) dbo.installpath = os.getcwd() + os.sep al.debug("set locale and timezone for database: %s, %d" % (dbo.locale, dbo.timezone), "cron", dbo) if mode == "all": daily(dbo) reports(dbo) publish_html(dbo) publish_pf(dbo) publish_rg(dbo) publish_mp(dbo) publish_hlp(dbo) publish_ap(dbo) publish_pl(dbo) publish_st(dbo) elif mode == "daily": daily(dbo) elif mode == "reports": reports(dbo) elif mode == "publish_html": publish_html(dbo) elif mode == "publish_pf": publish_pf(dbo) elif mode == "publish_rg": publish_rg(dbo) elif mode == "publish_mp": publish_mp(dbo) elif mode == "publish_hlp": publish_hlp(dbo) elif mode == "publish_ap": publish_ap(dbo) elif mode == "publish_pl": publish_pl(dbo) elif mode == "publish_st": publish_st(dbo) elif mode == "maint_recode_all": maint_recode_all(dbo) elif mode == "maint_recode_shelter": maint_recode_shelter(dbo) elif mode == "maint_scale_animal_images": maint_scale_animal_images(dbo) elif mode == "maint_variable_data": maint_variable_data(dbo) elif mode == "maint_animal_figures": maint_animal_figures(dbo) elif mode == "maint_db_diagnostic": maint_db_diagnostic(dbo) elif mode == "maint_db_dump": maint_db_dump(dbo) elif mode == "maint_db_dump_dbfs": maint_db_dump_dbfs(dbo) elif mode == "maint_db_dump_smcom": maint_db_dump_smcom(dbo) elif mode == "maint_db_dump_animalcsv": maint_db_dump_animalcsv(dbo) elif mode == "maint_db_dump_personcsv": maint_db_dump_personcsv(dbo) elif mode == "maint_db_install": maint_db_install(dbo) elif mode == "maint_reinstall_default_media": maint_reinstall_default_media(dbo) elif mode == "maint_db_reinstall": maint_db_reinstall(dbo)
def handler(post, path, remoteip, referer, querystring): """ Handles the various service method types. post: The GET/POST parameters path: The current system path/code.PATH remoteip: The IP of the caller referer: The referer HTTP header querystring: The complete querystring return value is a tuple containing MIME type, max-age, content """ # Get service parameters account = post["account"] username = post["username"] password = post["password"] method = post["method"] animalid = post.integer("animalid") formid = post.integer("formid") seq = post.integer("seq") title = post["title"] strip_personal = post.integer("sensitive") == 0 cache_key = querystring.replace(" ", "") # Do we have a cached response for these parameters? cached_response = get_cached_response(cache_key) if cached_response is not None: al.debug("cache hit for %s" % (cache_key), "service.handler") return cached_response # Are we dealing with multiple databases, but no account was specified? if account == "" and MULTIPLE_DATABASES: return ("text/plain", 0, 0, "ERROR: No database/alias specified") dbo = db.get_database(account) if dbo.database in ("FAIL", "DISABLED", "WRONGSERVER"): al.error( "auth failed - invalid smaccount %s from %s (%s)" % (account, remoteip, dbo.database), "service.handler", dbo) return ("text/plain", 0, 0, "ERROR: Invalid database (%s)" % dbo.database) # If the database has disabled the service API, stop now if not configuration.service_enabled(dbo): al.error("Service API is disabled (%s)" % method, "service.handler", dbo) return ("text/plain", 0, 0, "ERROR: Service API is disabled") # Do any database updates need doing in this db? dbo.installpath = path if dbupdate.check_for_updates(dbo): dbupdate.perform_updates(dbo) # Does the method require us to authenticate? If so, do it. user = None securitymap = "" if method in AUTH_METHODS: # If the database has authenticated service methods disabled, stop now if not configuration.service_auth_enabled(dbo): al.error("Service API for auth methods is disabled (%s)" % method, "service.handler", dbo) return ("text/plain", 0, 0, "ERROR: Service API for authenticated methods is disabled") user = users.authenticate(dbo, username, password) if user is None: al.error( "auth failed - %s/%s is not a valid username/password from %s" % (username, password, remoteip), "service.handler", dbo) return ("text/plain", 0, 0, "ERROR: Invalid username and password") securitymap = users.get_security_map(dbo, user["USERNAME"]) # Get the preferred locale and timezone for the site l = configuration.locale(dbo) dbo.locale = l dbo.timezone = configuration.timezone(dbo) al.info("call %s->%s [%s %s]" % (username, method, str(animalid), title), "service.handler", dbo) if method == "animal_image": hotlink_protect("animal_image", referer) if utils.cint(animalid) == 0: al.error( "animal_image failed, %s is not an animalid" % str(animalid), "service.handler", dbo) return ("text/plain", 0, 0, "ERROR: Invalid animalid") else: mediadate, data = media.get_image_file_data( dbo, "animal", utils.cint(animalid), seq) if data == "NOPIC": mediadate, data = media.get_image_file_data(dbo, "nopic", 0) return set_cached_response(cache_key, "image/jpeg", 86400, 3600, data) elif method == "animal_thumbnail": if utils.cint(animalid) == 0: al.error( "animal_thumbnail failed, %s is not an animalid" % str(animalid), "service.handler", dbo) return ("text/plain", 0, 0, "ERROR: Invalid animalid") else: mediadate, data = media.get_image_file_data( dbo, "animalthumb", utils.cint(animalid), seq) if data == "NOPIC": mediadate, data = media.get_image_file_data(dbo, "nopic", 0) return set_cached_response(cache_key, "image/jpeg", 86400, 86400, data) elif method == "animal_view": if utils.cint(animalid) == 0: al.error( "animal_view failed, %s is not an animalid" % str(animalid), "service.handler", dbo) return ("text/plain", 0, 0, "ERROR: Invalid animalid") else: return set_cached_response( cache_key, "text/html", 86400, 120, publishers.html.get_animal_view(dbo, utils.cint(animalid))) elif method == "animal_view_adoptable_js": return set_cached_response( cache_key, "application/javascript", 10800, 600, publishers.html.get_animal_view_adoptable_js(dbo)) elif method == "animal_view_adoptable_html": return set_cached_response( cache_key, "text/html", 86400, 120, publishers.html.get_animal_view_adoptable_html(dbo)) elif method == "dbfs_image": hotlink_protect("dbfs_image", referer) return set_cached_response( cache_key, "image/jpeg", 86400, 86400, utils.iif(title.startswith("/"), dbfs.get_string_filepath(dbo, title), dbfs.get_string(dbo, title))) elif method == "extra_image": hotlink_protect("extra_image", referer) return set_cached_response(cache_key, "image/jpeg", 86400, 86400, dbfs.get_string(dbo, title, "/reports")) elif method == "json_adoptable_animal": if utils.cint(animalid) == 0: al.error( "json_adoptable_animal failed, %s is not an animalid" % str(animalid), "service.handler", dbo) return ("text/plain", 0, 0, "ERROR: Invalid animalid") else: users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) rs = publishers.base.get_animal_data( dbo, None, utils.cint(animalid), include_additional_fields=True) return set_cached_response(cache_key, "application/json", 3600, 3600, utils.json(rs)) elif method == "html_adoptable_animals": return set_cached_response(cache_key, "text/html", 10800, 1800, \ publishers.html.get_adoptable_animals(dbo, style=post["template"], \ speciesid=post.integer("speciesid"), animaltypeid=post.integer("animaltypeid"), locationid=post.integer("locationid"))) elif method == "html_adopted_animals": return set_cached_response(cache_key, "text/html", 10800, 1800, \ publishers.html.get_adopted_animals(dbo, daysadopted=post.integer("days"), style=post["template"], \ speciesid=post.integer("speciesid"), animaltypeid=post.integer("animaltypeid"))) elif method == "html_deceased_animals": return set_cached_response(cache_key, "text/html", 10800, 1800, \ publishers.html.get_deceased_animals(dbo, daysdeceased=post.integer("days"), style=post["template"], \ speciesid=post.integer("speciesid"), animaltypeid=post.integer("animaltypeid"))) elif method == "html_held_animals": return set_cached_response(cache_key, "text/html", 10800, 1800, \ publishers.html.get_held_animals(dbo, style=post["template"], \ speciesid=post.integer("speciesid"), animaltypeid=post.integer("animaltypeid"))) elif method == "json_adoptable_animals": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) rs = publishers.base.get_animal_data(dbo, None, include_additional_fields=True) if strip_personal: rs = strip_personal_data(rs) return set_cached_response(cache_key, "application/json", 3600, 3600, utils.json(rs)) elif method == "jsonp_adoptable_animals": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) rs = publishers.base.get_animal_data(dbo, None, include_additional_fields=True) if strip_personal: rs = strip_personal_data(rs) return ("application/javascript", 0, 0, "%s(%s);" % (post["callback"], utils.json(rs))) elif method == "xml_adoptable_animal": if utils.cint(animalid) == 0: al.error( "xml_adoptable_animal failed, %s is not an animalid" % str(animalid), "service.handler", dbo) return ("text/plain", 0, 0, "ERROR: Invalid animalid") else: users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) rs = publishers.base.get_animal_data( dbo, None, utils.cint(animalid), include_additional_fields=True) return set_cached_response(cache_key, "application/xml", 3600, 3600, html.xml(rs)) elif method == "xml_adoptable_animals": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) rs = publishers.base.get_animal_data(dbo, None, include_additional_fields=True) if strip_personal: rs = strip_personal_data(rs) return set_cached_response(cache_key, "application/xml", 3600, 3600, html.xml(rs)) elif method == "json_found_animals": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_FOUND_ANIMAL) rs = lostfound.get_foundanimal_last_days(dbo) return set_cached_response(cache_key, "application/json", 3600, 3600, utils.json(rs)) elif method == "jsonp_found_animals": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_FOUND_ANIMAL) rs = lostfound.get_foundanimal_last_days(dbo) return ("application/javascript", 0, 0, "%s(%s);" % (post["callback"], utils.json(rs))) elif method == "xml_found_animals": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_FOUND_ANIMAL) rs = lostfound.get_foundanimal_last_days(dbo) return set_cached_response(cache_key, "application/json", 3600, 3600, html.xml(rs)) elif method == "json_lost_animals": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_LOST_ANIMAL) rs = lostfound.get_lostanimal_last_days(dbo) return set_cached_response(cache_key, "application/json", 3600, 3600, utils.json(rs)) elif method == "jsonp_lost_animals": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_LOST_ANIMAL) rs = lostfound.get_lostanimal_last_days(dbo) return ("application/javascript", 0, 0, "%s(%s);" % (post["callback"], utils.json(rs))) elif method == "xml_lost_animals": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_LOST_ANIMAL) rs = lostfound.get_lostanimal_last_days(dbo) return set_cached_response(cache_key, "application/json", 3600, 3600, html.xml(rs)) elif method == "json_recent_adoptions": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) rs = movement.get_recent_adoptions(dbo) return set_cached_response(cache_key, "application/json", 3600, 3600, utils.json(rs)) elif method == "jsonp_recent_adoptions": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) rs = movement.get_recent_adoptions(dbo) return ("application/javascript", 0, 0, "%s(%s);" % (post["callback"], utils.json(rs))) elif method == "xml_recent_adoptions": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) rs = movement.get_recent_adoptions(dbo) return set_cached_response(cache_key, "application/xml", 3600, 3600, html.xml(rs)) elif method == "html_report": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_REPORT) crid = reports.get_id(dbo, title) p = reports.get_criteria_params(dbo, crid, post) rhtml = reports.execute(dbo, crid, username, p) return set_cached_response(cache_key, "text/html", 600, 600, rhtml) elif method == "csv_mail" or method == "csv_report": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_REPORT) crid = reports.get_id(dbo, title) p = reports.get_criteria_params(dbo, crid, post) rows, cols = reports.execute_query(dbo, crid, username, p) mcsv = utils.csv(l, rows, cols, True) return set_cached_response(cache_key, "text/csv", 600, 600, mcsv) elif method == "jsonp_recent_changes": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) sa = animal.get_recent_changes(dbo) return ("application/javascript", 0, 0, "%s(%s);" % (post["callback"], utils.json(sa))) elif method == "json_recent_changes": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) sa = animal.get_recent_changes(dbo) return set_cached_response(cache_key, "application/json", 3600, 3600, utils.json(sa)) elif method == "xml_recent_changes": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) sa = animal.get_recent_changes(dbo) return set_cached_response(cache_key, "application/xml", 3600, 3600, html.xml(sa)) elif method == "jsonp_shelter_animals": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) sa = animal.get_shelter_animals(dbo) if strip_personal: sa = strip_personal_data(sa) return ("application/javascript", 0, 0, "%s(%s);" % (post["callback"], utils.json(sa))) elif method == "json_shelter_animals": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) sa = animal.get_shelter_animals(dbo) if strip_personal: sa = strip_personal_data(sa) return set_cached_response(cache_key, "application/json", 3600, 3600, utils.json(sa)) elif method == "xml_shelter_animals": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) sa = animal.get_shelter_animals(dbo) if strip_personal: sa = strip_personal_data(sa) return set_cached_response(cache_key, "application/xml", 3600, 3600, html.xml(sa)) elif method == "rss_timeline": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) return set_cached_response(cache_key, "application/rss+xml", 3600, 3600, html.timeline_rss(dbo)) elif method == "upload_animal_image": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.ADD_MEDIA) media.attach_file_from_form(dbo, username, media.ANIMAL, int(animalid), post) return ("text/plain", 0, 0, "OK") elif method == "online_form_html": if formid == 0: raise utils.ASMError( "method online_form_html requires a valid formid") return set_cached_response(cache_key, "text/html; charset=utf-8", 120, 120, onlineform.get_onlineform_html(dbo, formid)) elif method == "online_form_json": if formid == 0: raise utils.ASMError( "method online_form_json requires a valid formid") return set_cached_response(cache_key, "application/json; charset=utf-8", 30, 30, onlineform.get_onlineform_json(dbo, formid)) elif method == "online_form_post": flood_protect("online_form_post", remoteip, 15) onlineform.insert_onlineformincoming_from_form(dbo, post, remoteip) redirect = post["redirect"] if redirect == "": redirect = BASE_URL + "/static/pages/form_submitted.html" return ("redirect", 0, 0, redirect) elif method == "sign_document": if formid == 0: raise utils.ASMError( "method sign_document requires a valid formid") if post["sig"] == "": return set_cached_response(cache_key, "text/html", 2, 2, sign_document_page(dbo, formid)) else: media.sign_document(dbo, "service", formid, post["sig"], post["signdate"]) media.create_log(dbo, "service", formid, "ES02", _("Document signed", l)) return ("text/plain", 0, 0, "OK") else: al.error("invalid method '%s'" % method, "service.handler", dbo) raise utils.ASMError("Invalid method '%s'" % method)
def run(dbo, mode): # If the task is maint_db_install, then there won't be a # locale or timezone to read x = time.time() al.info("start %s" % mode, "cron.run", dbo) if mode == "maint_db_install": dbo.locale = LOCALE dbo.timezone = TIMEZONE else: # Get the locale and timezone from the system dbo.locale = configuration.locale(dbo) dbo.timezone = configuration.timezone(dbo) dbo.installpath = os.getcwd() + os.sep al.debug( "set locale and timezone for database: %s, %d" % (dbo.locale, dbo.timezone), "cron", dbo) if mode == "all": daily(dbo) reports_email(dbo) publish_html(dbo) publish_3pty(dbo) elif mode == "daily": daily(dbo) elif mode == "reports_email": reports_email(dbo) elif mode == "publish_3pty": publish_3pty(dbo) elif mode == "publish_html": publish_html(dbo) elif mode == "maint_recode_all": maint_recode_all(dbo) elif mode == "maint_recode_shelter": maint_recode_shelter(dbo) elif mode == "maint_scale_animal_images": maint_scale_animal_images(dbo) elif mode == "maint_scale_odts": maint_scale_odts(dbo) elif mode == "maint_scale_pdfs": maint_scale_pdfs(dbo) elif mode == "maint_switch_dbfs_storage": maint_switch_dbfs_storage(dbo) elif mode == "maint_variable_data": maint_variable_data(dbo) elif mode == "maint_animal_figures": maint_animal_figures(dbo) elif mode == "maint_animal_figures_annual": maint_animal_figures_annual(dbo) elif mode == "maint_db_diagnostic": maint_db_diagnostic(dbo) elif mode == "maint_db_fix_preferred_photos": maint_db_fix_preferred_photos(dbo) elif mode == "maint_db_dump": maint_db_dump(dbo) elif mode == "maint_db_dump_dbfs_base64": maint_db_dump_dbfs_base64(dbo) elif mode == "maint_db_dump_merge": maint_db_dump_merge(dbo) elif mode == "maint_db_dump_smcom": maint_db_dump_smcom(dbo) elif mode == "maint_db_dump_animalcsv": maint_db_dump_animalcsv(dbo) elif mode == "maint_db_dump_personcsv": maint_db_dump_personcsv(dbo) elif mode == "maint_db_dump_hsqldb": maint_db_dump_hsqldb(dbo) elif mode == "maint_db_install": maint_db_install(dbo) elif mode == "maint_db_reinstall": maint_db_reinstall(dbo) elif mode == "maint_db_reinstall_default_onlineforms": maint_db_reinstall_default_onlineforms(dbo) elif mode == "maint_db_reinstall_default_templates": maint_db_reinstall_default_templates(dbo) elif mode == "maint_db_reset": maint_db_reset(dbo) elif mode == "maint_db_update": maint_db_update(dbo) elif mode == "maint_db_delete_orphaned_media": maint_db_delete_orphaned_media(dbo) elif mode == "maint_deduplicate_people": maint_deduplicate_people(dbo) elif mode == "maint_disk_cache": maint_disk_cache(dbo) elapsed = time.time() - x al.info("end %s: elapsed %0.2f secs" % (mode, elapsed), "cron.run", dbo)
def web_login(post, session, remoteip, path): """ Performs a login and sets up the user's session. Returns the username on successful login, or: FAIL - problem with user/pass/account/ip DISABLED - The database is disabled WRONGSERVER - The database is not on this server """ database = post["database"] username = post["username"] password = post["password"] mobileapp = post["mobile"] == "true" nologconnection = post["nologconnection"] == "true" if len(username) > 100: username = username[0:100] dbo = db.get_database(database) if dbo.database in ("FAIL", "DISABLED", "WRONGSERVER"): return dbo.database # Connect to the database and authenticate the username and password user = authenticate(dbo, username, password) if user is not None and not authenticate_ip(user, remoteip): al.error( "user %s with ip %s failed ip restriction check '%s'" % (username, remoteip, user.IPRESTRICTION), "users.web_login", dbo) return "FAIL" if user is not None and "DISABLELOGIN" in user and user.DISABLELOGIN == 1: al.error( "user %s with ip %s failed as account has logins disabled" % (username, remoteip), "users.web_login", dbo) return "FAIL" if user is not None: al.info("%s successfully authenticated from %s" % (username, remoteip), "users.web_login", dbo) try: dbo.locked = configuration.smdb_locked(dbo) dbo.timezone = configuration.timezone(dbo) dbo.installpath = path session.locale = configuration.locale(dbo) dbo.locale = session.locale session.dbo = dbo session.user = user.USERNAME session.superuser = user.SUPERUSER session.mobileapp = mobileapp update_session(session) except: al.error("failed setting up session: %s" % str(sys.exc_info()[0]), "users.web_login", dbo, sys.exc_info()) return "FAIL" try: session.securitymap = get_security_map(dbo, user.USERNAME) except: # This is a pre-3002 login where the securitymap is with # the user (the error occurs because there's no role table) al.debug("role table does not exist, using securitymap from user", "users.web_login", dbo) session.securitymap = user.SECURITYMAP try: ur = get_users(dbo, user.USERNAME)[0] session.roles = ur.ROLES session.roleids = ur.ROLEIDS session.siteid = utils.cint(user.SITEID) session.locationfilter = utils.nulltostr(user.LOCATIONFILTER) except: # Users coming from v2 won't have the # IPRestriction or EmailAddress fields necessary for get_users - we can't # help them right now so just give them an empty set of # roles and locationfilter until they login again after the db update session.roles = "" session.roleids = "" session.locationfilter = "" session.siteid = 0 try: # Mark the user logged in if not nologconnection: audit.login(dbo, username, remoteip) # Check to see if any updates need performing on this database if dbupdate.check_for_updates(dbo): dbupdate.perform_updates(dbo) # We did some updates, better reload just in case config/reports/etc changed update_session(session) # Check to see if our views and sequences are out of date and need reloading if dbupdate.check_for_view_seq_changes(dbo): dbupdate.install_db_views(dbo) dbupdate.install_db_sequences(dbo) except: al.error("failed updating database: %s" % str(sys.exc_info()[0]), "users.web_login", dbo, sys.exc_info()) try: al.info("%s logged in" % user.USERNAME, "users.login", dbo) update_user_activity(dbo, user.USERNAME) except: al.error( "failed updating user activity: %s" % str(sys.exc_info()[0]), "users.web_login", dbo, sys.exc_info()) return "FAIL" else: al.error( "database:%s username:%s password:%s failed authentication from %s" % (database, username, password, remoteip), "users.web_login", dbo) return "FAIL" return user.USERNAME
def web_login(post, session, remoteip, path): """ Performs a login and sets up the user's session. Returns the username on successful login, or: FAIL - problem with user/pass/account/ip DISABLED - The database is disabled """ dbo = db.DatabaseInfo() database = post["database"] username = post["username"] password = post["password"] nologconnection = post["nologconnection"] # Do we have multiple databases? if MULTIPLE_DATABASES: if MULTIPLE_DATABASES_TYPE == "smcom": # Is this sheltermanager.com? If so, we need to get the # database connection info (dbo) before we can login. # If a database hasn't been supplied, let's bail out now # since we can't do anything if str(database).strip() == "": return "FAIL" else: dbo = smcom.get_database_info(database) # Bail out if there was a problem with the database if dbo.database == "FAIL" or dbo.database == "DISABLED": return dbo.database else: # Look up the database info from our map dbo = db.get_multiple_database_info(database) if dbo.database == "FAIL": return dbo.database # Connect to the database and authenticate the username and password user = authenticate(dbo, username, password) if user is not None and not authenticate_ip(user, remoteip): al.error( "user %s with ip %s failed ip restriction check '%s'" % (username, remoteip, user["IPRESTRICTION"]), "users.web_login", dbo) return "FAIL" if user is not None: al.info("%s successfully authenticated from %s" % (username, remoteip), "users.web_login", dbo) try: dbo.locked = configuration.smdb_locked(dbo) dbo.timezone = configuration.timezone(dbo) dbo.installpath = path session.locale = configuration.locale(dbo) dbo.locale = session.locale session.dbo = dbo session.user = user["USERNAME"] session.superuser = user["SUPERUSER"] session.passchange = (password == "password") update_session(session) except: al.error("failed setting up session: %s" % str(sys.exc_info()[0]), "users.web_login", dbo, sys.exc_info()) return "FAIL" try: session.securitymap = get_security_map(dbo, user["USERNAME"]) except: # This is a pre-3002 login where the securitymap is with # the user (the error occurs because there's no role table) al.debug("role table does not exist, using securitymap from user", "users.web_login", dbo) session.securitymap = user["SECURITYMAP"] try: ur = get_users(dbo, user["USERNAME"])[0] session.roles = ur["ROLES"] session.roleids = ur["ROLEIDS"] session.locationfilter = utils.nulltostr(user["LOCATIONFILTER"]) except: # Users coming from v2 won't have the # IPRestriction or EmailAddress fields necessary for get_users - we can't # help them right now so just give them an empty set of # roles and locationfilter until they login again after the db update session.roles = "" session.roleids = "" session.locationfilter = "" try: # If it's a sheltermanager.com database, try and update the # last time the user connected to today if smcom.active() and database != "" and nologconnection == "": smcom.set_last_connected(dbo) except: pass try: # Check to see if any updates need performing on this database if dbupdate.check_for_updates(dbo): dbupdate.perform_updates(dbo) # We did some updates, better reload just in case config/reports/etc changed update_session(session) # Check to see if our views and sequences are out of date and need reloading if dbupdate.check_for_view_seq_changes(dbo): dbupdate.install_db_views(dbo) dbupdate.install_db_sequences(dbo) except: al.error("failed updating database: %s" % str(sys.exc_info()[0]), "users.web_login", dbo, sys.exc_info()) try: # Log out any old users that have been hanging around auto_logout(dbo) # Let this user through login(dbo, user["USERNAME"]) except: al.error( "failed updating activeuser table: %s" % str(sys.exc_info()[0]), "users.web_login", dbo, sys.exc_info()) return "FAIL" else: al.error( "database:%s username:%s password:%s failed authentication from %s" % (database, username, password, remoteip), "users.web_login", dbo) return "FAIL" return user["USERNAME"]
def run(dbo, mode): # If the task is maint_db_install, then there won't be a # locale or timezone to read if mode == "maint_db_install": dbo.locale = LOCALE dbo.timezone = TIMEZONE else: # Get the locale and timezone from the system dbo.locale = configuration.locale(dbo) dbo.timezone = configuration.timezone(dbo) dbo.installpath = os.getcwd() + os.sep al.debug("set locale and timezone for database: %s, %d" % (dbo.locale, dbo.timezone), "cron", dbo) if mode == "all": daily(dbo) reports(dbo) reports_email(dbo) publish_ap(dbo) publish_hlp(dbo) publish_html(dbo) publish_mp(dbo) publish_pf(dbo) publish_pl(dbo) publish_pcuk(dbo) publish_pr(dbo) publish_abuk(dbo) publish_ptuk(dbo) publish_rg(dbo) publish_st(dbo) elif mode == "daily": daily(dbo) elif mode == "reports": reports(dbo) elif mode == "reports_email": reports_email(dbo) elif mode == "publish_ap": publish_ap(dbo) elif mode == "publish_fa": publish_fa(dbo) elif mode == "publish_hlp": publish_hlp(dbo) elif mode == "publish_html": publish_html(dbo) elif mode == "publish_mp": publish_mp(dbo) elif mode == "publish_pf": publish_pf(dbo) elif mode == "publish_pl": publish_pl(dbo) elif mode == "publish_pcuk": publish_pcuk(dbo) elif mode == "publish_pr": publish_pr(dbo) elif mode == "publish_abuk": publish_abuk(dbo) elif mode == "publish_ptuk": publish_ptuk(dbo) elif mode == "publish_rg": publish_rg(dbo) elif mode == "publish_st": publish_st(dbo) elif mode == "publish_vear": publish_vear(dbo) elif mode == "publish_veha": publish_veha(dbo) elif mode == "maint_recode_all": maint_recode_all(dbo) elif mode == "maint_recode_shelter": maint_recode_shelter(dbo) elif mode == "maint_scale_animal_images": maint_scale_animal_images(dbo) elif mode == "maint_scale_odts": maint_scale_odts(dbo) elif mode == "maint_scale_pdfs": maint_scale_pdfs(dbo) elif mode == "maint_variable_data": maint_variable_data(dbo) elif mode == "maint_animal_figures": maint_animal_figures(dbo) elif mode == "maint_animal_figures_annual": maint_animal_figures_annual(dbo) elif mode == "maint_db_diagnostic": maint_db_diagnostic(dbo) elif mode == "maint_db_dump": maint_db_dump(dbo) elif mode == "maint_db_dump_dbfs": maint_db_dump_dbfs(dbo) elif mode == "maint_db_dump_merge": maint_db_dump_merge(dbo) elif mode == "maint_db_dump_smcom": maint_db_dump_smcom(dbo) elif mode == "maint_db_dump_animalcsv": maint_db_dump_animalcsv(dbo) elif mode == "maint_db_dump_personcsv": maint_db_dump_personcsv(dbo) elif mode == "maint_db_install": maint_db_install(dbo) elif mode == "maint_reinstall_default_media": maint_reinstall_default_media(dbo) elif mode == "maint_db_reinstall": maint_db_reinstall(dbo) elif mode == "maint_db_reset": maint_db_reset(dbo) elif mode == "maint_deduplicate_people": maint_deduplicate_people(dbo)
def handler(data, remoteip, referer): """ Handles the various service method types. data: The GET/POST parameters return value is a tuple containing MIME type, max-age, content """ # Database info dbo = db.DatabaseInfo() # Get service parameters account = utils.df_ks(data, "account") username = utils.df_ks(data, "username") password = utils.df_ks(data, "password") method = utils.df_ks(data, "method") animalid = utils.df_ki(data, "animalid") formid = utils.df_ki(data, "formid") title = utils.df_ks(data, "title") cache_key = "a" + account + "u" + username + "p" + password + "m" + method + "a" + str( animalid) + "f" + str(formid) + "t" + title # cache keys aren't allowed spaces cache_key = cache_key.replace(" ", "") # Do we have a cached response for these parameters? cached_response = get_cached_response(cache_key) if cached_response is not None: al.debug( "cache hit for %s/%s/%s/%s" % (account, method, animalid, title), "service.handler") return cached_response # Are we dealing with multiple databases, but no account was specified? if account == "" and MULTIPLE_DATABASES: return ("text/plan", 0, "ERROR: No database/alias specified") # Are we dealing with multiple databases and an account was specified? if account != "": if MULTIPLE_DATABASES: if MULTIPLE_DATABASES_TYPE == "smcom": # Is this sheltermanager.com? If so, we need to get the # database connection info (dbo) before we can login. dbo = smcom.get_database_info(account) else: # Look up the database info from our map dbo = db.get_multiple_database_info(account) if dbo.database == "FAIL" or dbo.database == "DISABLED": al.error( "auth failed - invalid smaccount %s from %s" % (account, remoteip), "service.handler", dbo) return ("text/plain", 0, "ERROR: Invalid database") # Does the method require us to authenticate? If so, do it. user = None if method in AUTH_METHODS: user = users.authenticate(dbo, username, password) if user is None: al.error( "auth failed - %s/%s is not a valid username/password from %s" % (username, password, remoteip), "service.handler", dbo) return ("text/plain", 0, "ERROR: Invalid username and password") # Get the preferred locale for the site dbo.locale = configuration.locale(dbo) al.info("call %s->%s [%s %s]" % (username, method, str(animalid), title), "service.handler", dbo) if method == "animal_image": # If we have a hotlinking restriction, enforce it if referer != "" and IMAGE_HOTLINKING_ONLY_FROM_DOMAIN != "" and referer.find( IMAGE_HOTLINKING_ONLY_FROM_DOMAIN) == -1: raise utils.ASMPermissionError("Image hotlinking is forbidden.") if animalid == "" or utils.cint(animalid) == 0: al.error( "animal_image failed, %s is not an animalid" % str(animalid), "service.handler", dbo) return ("text/plain", 0, "ERROR: Invalid animalid") # If the option is on, forbid hotlinking else: seq = utils.df_ki(data, "seq") if seq == 0: seq = 1 mm = media.get_media_by_seq(dbo, media.ANIMAL, utils.cint(animalid), seq) if len(mm) == 0: return ("image/jpeg", 86400, dbfs.get_string(dbo, "nopic.jpg", "/reports")) else: return ("image/jpeg", 86400, dbfs.get_string(dbo, mm[0]["MEDIANAME"])) elif method == "extra_image": return ("image/jpeg", 86400, dbfs.get_string(dbo, title, "/reports")) elif method == "json_adoptable_animals": pc = publish.PublishCriteria(configuration.publisher_presets(dbo)) rs = publish.get_animal_data(dbo, pc, True) return set_cached_response(cache_key, "application/json", 3600, html.json(rs)) elif method == "xml_adoptable_animals": pc = publish.PublishCriteria(configuration.publisher_presets(dbo)) rs = publish.get_animal_data(dbo, pc, True) return set_cached_response(cache_key, "application/xml", 3600, html.xml(rs)) elif method == "json_recent_adoptions": rs = movement.get_recent_adoptions(dbo) return set_cached_response(cache_key, "application/json", 3600, html.json(rs)) elif method == "xml_recent_adoptions": rs = movement.get_recent_adoptions(dbo) return set_cached_response(cache_key, "application/xml", 3600, html.xml(rs)) elif method == "html_report": crid = reports.get_id(dbo, title) p = reports.get_criteria_params(dbo, crid, data) rhtml = reports.execute(dbo, crid, username, p) return set_cached_response(cache_key, "text/html", 3600, rhtml) elif method == "jsonp_shelter_animals": sa = animal.get_animal_find_simple(dbo, "", "shelter") return set_cached_response( cache_key, "application/javascript", 3600, str(utils.df_ks(data, "callback")) + "(" + html.json(sa) + ")") elif method == "json_shelter_animals": sa = animal.get_animal_find_simple(dbo, "", "shelter") return set_cached_response(cache_key, "application/json", 3600, html.json(sa)) elif method == "xml_shelter_animals": sa = animal.get_animal_find_simple(dbo, "", "shelter") return set_cached_response(cache_key, "application/xml", 3600, html.json(sa)) elif method == "upload_animal_image": media.attach_file_from_form(dbo, username, media.ANIMAL, int(animalid), data) return ("text/plain", 0, "OK") elif method == "online_form_html": if formid == 0: raise utils.ASMError( "method online_form_html requires a valid formid") return set_cached_response(cache_key, "text/html", 120, onlineform.get_onlineform_html(dbo, formid)) elif method == "online_form_post": onlineform.insert_onlineformincoming_from_form(dbo, data, remoteip) redirect = utils.df_ks(data, "redirect") if redirect == "": redirect = BASE_URL + "/static/pages/form_submitted.html" return ("redirect", 0, redirect) else: al.error("invalid method '%s'" % method, "service.handler", dbo) raise utils.ASMError("Invalid method '%s'" % method)
def web_login(post, session, remoteip, path): """ Performs a login and sets up the user's session. Returns the username on successful login, or: FAIL - problem with user/pass/account/ip DISABLED - The database is disabled WRONGSERVER - The database is not on this server """ dbo = db.DatabaseInfo() database = post["database"] username = post["username"] password = post["password"] mobileapp = post["mobile"] == "true" nologconnection = post["nologconnection"] if len(username) > 100: username = username[0:100] # Do we have multiple databases? if MULTIPLE_DATABASES: if MULTIPLE_DATABASES_TYPE == "smcom": # Is this sheltermanager.com? If so, we need to get the # database connection info (dbo) before we can login. # If a database hasn't been supplied, let's bail out now # since we can't do anything if str(database).strip() == "": return "FAIL" else: dbo = smcom.get_database_info(database) # Bail out if there was a problem with the database if dbo.database in ("FAIL", "DISABLED", "WRONGSERVER"): return dbo.database else: # Look up the database info from our map dbo = db.get_multiple_database_info(database) if dbo.database == "FAIL": return dbo.database # Connect to the database and authenticate the username and password user = authenticate(dbo, username, password) if user is not None and not authenticate_ip(user, remoteip): al.error("user %s with ip %s failed ip restriction check '%s'" % (username, remoteip, user["IPRESTRICTION"]), "users.web_login", dbo) return "FAIL" if user is not None: al.info("%s successfully authenticated from %s" % (username, remoteip), "users.web_login", dbo) try: dbo.locked = configuration.smdb_locked(dbo) dbo.timezone = configuration.timezone(dbo) dbo.installpath = path session.locale = configuration.locale(dbo) dbo.locale = session.locale session.dbo = dbo session.user = user["USERNAME"] session.superuser = user["SUPERUSER"] session.passchange = (password == "password") session.mobileapp = mobileapp update_session(session) except: al.error("failed setting up session: %s" % str(sys.exc_info()[0]), "users.web_login", dbo, sys.exc_info()) return "FAIL" try: session.securitymap = get_security_map(dbo, user["USERNAME"]) except: # This is a pre-3002 login where the securitymap is with # the user (the error occurs because there's no role table) al.debug("role table does not exist, using securitymap from user", "users.web_login", dbo) session.securitymap = user["SECURITYMAP"] try: ur = get_users(dbo, user["USERNAME"])[0] session.roles = ur["ROLES"] session.roleids = ur["ROLEIDS"] session.siteid = utils.cint(user["SITEID"]) session.locationfilter = utils.nulltostr(user["LOCATIONFILTER"]) except: # Users coming from v2 won't have the # IPRestriction or EmailAddress fields necessary for get_users - we can't # help them right now so just give them an empty set of # roles and locationfilter until they login again after the db update session.roles = "" session.roleids = "" session.locationfilter = "" session.siteid = 0 try: # If it's a sheltermanager.com database, try and update the # last time the user connected to today if smcom.active() and database != "" and nologconnection == "": smcom.set_last_connected(dbo) except: pass try: # Mark the user logged in audit.login(dbo, username) # Check to see if any updates need performing on this database if dbupdate.check_for_updates(dbo): dbupdate.perform_updates(dbo) # We did some updates, better reload just in case config/reports/etc changed update_session(session) # Check to see if our views and sequences are out of date and need reloading if dbupdate.check_for_view_seq_changes(dbo): dbupdate.install_db_views(dbo) dbupdate.install_db_sequences(dbo) except: al.error("failed updating database: %s" % str(sys.exc_info()[0]), "users.web_login", dbo, sys.exc_info()) try: al.info("%s logged in" % user["USERNAME"], "users.login", dbo) update_user_activity(dbo, user["USERNAME"]) except: al.error("failed updating user activity: %s" % str(sys.exc_info()[0]), "users.web_login", dbo, sys.exc_info()) return "FAIL" else: al.error("database:%s username:%s password:%s failed authentication from %s" % (database, username, password, remoteip), "users.web_login", dbo) return "FAIL" return user["USERNAME"]
def handler(data, remoteip, referer): """ Handles the various service method types. data: The GET/POST parameters return value is a tuple containing MIME type, max-age, content """ # Database info dbo = db.DatabaseInfo() # Get service parameters account = utils.df_ks(data, "account") username = utils.df_ks(data, "username") password = utils.df_ks(data, "password") method = utils.df_ks(data, "method") animalid = utils.df_ki(data, "animalid") formid = utils.df_ki(data, "formid") title = utils.df_ks(data, "title") cache_key = "a" + account + "u" + username + "p" + password + "m" + method + "a" + str(animalid) + "f" + str(formid) + "t" + title # cache keys aren't allowed spaces cache_key = cache_key.replace(" ", "") # Do we have a cached response for these parameters? cached_response = get_cached_response(cache_key) if cached_response is not None: al.debug("cache hit for %s/%s/%s/%s" % (account, method, animalid, title), "service.handler") return cached_response # Are we dealing with multiple databases, but no account was specified? if account == "" and MULTIPLE_DATABASES: return ("text/plan", 0, "ERROR: No database/alias specified") # Are we dealing with multiple databases and an account was specified? if account != "": if MULTIPLE_DATABASES: if MULTIPLE_DATABASES_TYPE == "smcom": # Is this sheltermanager.com? If so, we need to get the # database connection info (dbo) before we can login. dbo = smcom.get_database_info(account) else: # Look up the database info from our map dbo = db.get_multiple_database_info(account) if dbo.database == "FAIL" or dbo.database == "DISABLED": al.error("auth failed - invalid smaccount %s from %s" % (account, remoteip), "service.handler", dbo) return ("text/plain", 0, "ERROR: Invalid database") # Does the method require us to authenticate? If so, do it. user = None if method in AUTH_METHODS: user = users.authenticate(dbo, username, password) if user is None: al.error("auth failed - %s/%s is not a valid username/password from %s" % (username, password, remoteip), "service.handler", dbo) return ("text/plain", 0, "ERROR: Invalid username and password") # Get the preferred locale for the site dbo.locale = configuration.locale(dbo) al.info("call %s->%s [%s %s]" % (username, method, str(animalid), title), "service.handler", dbo) if method =="animal_image": # If we have a hotlinking restriction, enforce it if referer != "" and IMAGE_HOTLINKING_ONLY_FROM_DOMAIN != "" and referer.find(IMAGE_HOTLINKING_ONLY_FROM_DOMAIN) == -1: raise utils.ASMPermissionError("Image hotlinking is forbidden.") if animalid == "" or utils.cint(animalid) == 0: al.error("animal_image failed, %s is not an animalid" % str(animalid), "service.handler", dbo) return ("text/plain", 0, "ERROR: Invalid animalid") # If the option is on, forbid hotlinking else: seq = utils.df_ki(data, "seq") if seq == 0: seq = 1 mm = media.get_media_by_seq(dbo, media.ANIMAL, utils.cint(animalid), seq) if len(mm) == 0: return ("image/jpeg", 86400, dbfs.get_string(dbo, "nopic.jpg", "/reports")) else: return ("image/jpeg", 86400, dbfs.get_string(dbo, mm[0]["MEDIANAME"])) elif method =="extra_image": return ("image/jpeg", 86400, dbfs.get_string(dbo, title, "/reports")) elif method == "json_adoptable_animals": pc = publish.PublishCriteria(configuration.publisher_presets(dbo)) rs = publish.get_animal_data(dbo, pc, True) return set_cached_response(cache_key, "application/json", 3600, html.json(rs)) elif method == "xml_adoptable_animals": pc = publish.PublishCriteria(configuration.publisher_presets(dbo)) rs = publish.get_animal_data(dbo, pc, True) return set_cached_response(cache_key, "application/xml", 3600, html.xml(rs)) elif method == "json_recent_adoptions": rs = movement.get_recent_adoptions(dbo) return set_cached_response(cache_key, "application/json", 3600, html.json(rs)) elif method == "xml_recent_adoptions": rs = movement.get_recent_adoptions(dbo) return set_cached_response(cache_key, "application/xml", 3600, html.xml(rs)) elif method == "html_report": crid = reports.get_id(dbo, title) p = reports.get_criteria_params(dbo, crid, data) rhtml = reports.execute(dbo, crid, username, p) return set_cached_response(cache_key, "text/html", 3600, rhtml) elif method == "jsonp_shelter_animals": sa = animal.get_animal_find_simple(dbo, "", "shelter") return set_cached_response(cache_key, "application/javascript", 3600, str(utils.df_ks(data, "callback")) + "(" + html.json(sa) + ")") elif method == "json_shelter_animals": sa = animal.get_animal_find_simple(dbo, "", "shelter") return set_cached_response(cache_key, "application/json", 3600, html.json(sa)) elif method == "xml_shelter_animals": sa = animal.get_animal_find_simple(dbo, "", "shelter") return set_cached_response(cache_key, "application/xml", 3600, html.json(sa)) elif method == "upload_animal_image": media.attach_file_from_form(dbo, username, media.ANIMAL, int(animalid), data) return ("text/plain", 0, "OK") elif method == "online_form_html": if formid == 0: raise utils.ASMError("method online_form_html requires a valid formid") return set_cached_response(cache_key, "text/html", 120, onlineform.get_onlineform_html(dbo, formid)) elif method == "online_form_post": onlineform.insert_onlineformincoming_from_form(dbo, data, remoteip) redirect = utils.df_ks(data, "redirect") if redirect == "": redirect = BASE_URL + "/static/pages/form_submitted.html" return ("redirect", 0, redirect) else: al.error("invalid method '%s'" % method, "service.handler", dbo) raise utils.ASMError("Invalid method '%s'" % method)
def handler(post, remoteip, referer): """ Handles the various service method types. data: The GET/POST parameters return value is a tuple containing MIME type, max-age, content """ # Database info dbo = db.DatabaseInfo() # Get service parameters account = post["account"] username = post["username"] password = post["password"] method = post["method"] animalid = post.integer("animalid") formid = post.integer("formid") seq = post.integer("seq") title = post["title"] cache_key = "a" + account + "u" + username + "p" + password + "m" + method + \ "i" + str(animalid) + "s" + str(seq) + "f" + str(formid) + "t" + title # cache keys aren't allowed spaces cache_key = cache_key.replace(" ", "") # Do we have a cached response for these parameters? cached_response = get_cached_response(cache_key) if cached_response is not None: al.debug("cache hit for %s/%s/%s/%s" % (account, method, animalid, title), "service.handler") return cached_response # Are we dealing with multiple databases, but no account was specified? if account == "" and MULTIPLE_DATABASES: return ("text/plan", 0, "ERROR: No database/alias specified") # Are we dealing with multiple databases and an account was specified? if account != "": if MULTIPLE_DATABASES: if MULTIPLE_DATABASES_TYPE == "smcom": # Is this sheltermanager.com? If so, we need to get the # database connection info (dbo) before we can login. dbo = smcom.get_database_info(account) else: # Look up the database info from our map dbo = db.get_multiple_database_info(account) if dbo.database == "FAIL" or dbo.database == "DISABLED": al.error("auth failed - invalid smaccount %s from %s" % (account, remoteip), "service.handler", dbo) return ("text/plain", 0, "ERROR: Invalid database") # If the database has disabled the service API, stop now if not configuration.service_enabled(dbo): al.error("Service API is disabled (%s)" % method, "service.handler", dbo) return ("text/plain", 0, "ERROR: Service API is disabled") # Do any database updates need doing in this db? if dbupdate.check_for_updates(dbo): dbupdate.perform_updates(dbo) # Does the method require us to authenticate? If so, do it. user = None securitymap = "" if method in AUTH_METHODS: # If the database has authenticated service methods disabled, stop now if not configuration.service_auth_enabled(dbo): al.error("Service API for auth methods is disabled (%s)" % method, "service.handler", dbo) return ("text/plain", 0, "ERROR: Service API for authenticated methods is disabled") user = users.authenticate(dbo, username, password) if user is None: al.error("auth failed - %s/%s is not a valid username/password from %s" % (username, password, remoteip), "service.handler", dbo) return ("text/plain", 0, "ERROR: Invalid username and password") securitymap = users.get_security_map(dbo, user["USERNAME"]) # Get the preferred locale and timezone for the site l = configuration.locale(dbo) dbo.locale = l dbo.timezone = configuration.timezone(dbo) al.info("call %s->%s [%s %s]" % (username, method, str(animalid), title), "service.handler", dbo) if method =="animal_image": hotlink_protect("animal_image", referer) if animalid == "" or utils.cint(animalid) == 0: al.error("animal_image failed, %s is not an animalid" % str(animalid), "service.handler", dbo) return ("text/plain", 0, "ERROR: Invalid animalid") else: if seq == 0: seq = 1 mm = media.get_media_by_seq(dbo, media.ANIMAL, utils.cint(animalid), seq) if len(mm) == 0: return set_cached_response(cache_key, "image/jpeg", 86400, 120, dbfs.get_string(dbo, "nopic.jpg", "/reports")) else: return set_cached_response(cache_key, "image/jpeg", 86400, 120, dbfs.get_string(dbo, mm[0]["MEDIANAME"])) elif method == "animal_view": if animalid == "" or utils.cint(animalid) == 0: al.error("animal_view failed, %s is not an animalid" % str(animalid), "service.handler", dbo) return ("text/plain", 0, "ERROR: Invalid animalid") else: return set_cached_response(cache_key, "text/html", 120, 120, publish.get_animal_view(dbo, int(animalid))) elif method =="dbfs_image": hotlink_protect("dbfs_image", referer) return set_cached_response(cache_key, "image/jpeg", 86400, 120, dbfs.get_string_filepath(dbo, title)) elif method =="extra_image": hotlink_protect("extra_image", referer) return set_cached_response(cache_key, "image/jpeg", 86400, 120, dbfs.get_string(dbo, title, "/reports")) elif method == "json_adoptable_animals": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) pc = publish.PublishCriteria(configuration.publisher_presets(dbo)) rs = publish.get_animal_data(dbo, pc, True) return set_cached_response(cache_key, "application/json", 3600, 3600, html.json(rs)) elif method == "jsonp_adoptable_animals": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) pc = publish.PublishCriteria(configuration.publisher_presets(dbo)) rs = publish.get_animal_data(dbo, pc, True) return ("application/javascript", 0, "%s(%s);" % (post["callback"], html.json(rs))) elif method == "xml_adoptable_animals": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) pc = publish.PublishCriteria(configuration.publisher_presets(dbo)) rs = publish.get_animal_data(dbo, pc, True) return set_cached_response(cache_key, "application/xml", 3600, 3600, html.xml(rs)) elif method == "json_recent_adoptions": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) rs = movement.get_recent_adoptions(dbo) return set_cached_response(cache_key, "application/json", 3600, 3600, html.json(rs)) elif method == "jsonp_recent_adoptions": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) rs = movement.get_recent_adoptions(dbo) return ("application/javascript", 0, "%s(%s);" % (post["callback"], html.json(rs))) elif method == "xml_recent_adoptions": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) rs = movement.get_recent_adoptions(dbo) return set_cached_response(cache_key, "application/xml", 3600, 3600, html.xml(rs)) elif method == "html_report": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_REPORT) crid = reports.get_id(dbo, title) p = reports.get_criteria_params(dbo, crid, post) rhtml = reports.execute(dbo, crid, username, p) return set_cached_response(cache_key, "text/html", 3600, 3600, rhtml) elif method == "csv_mail" or method == "csv_report": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_REPORT) crid = reports.get_id(dbo, title) p = reports.get_criteria_params(dbo, crid, post) rows, cols = reports.execute_query(dbo, crid, username, p) mcsv = utils.csv(l, rows, cols, True) return set_cached_response(cache_key, "text/csv", 3600, 3600, mcsv) elif method == "jsonp_shelter_animals": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) sa = animal.get_animal_find_simple(dbo, "", "shelter") return ("application/javascript", 0, "%s(%s);" % (post["callback"], html.json(sa))) elif method == "json_shelter_animals": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) sa = animal.get_animal_find_simple(dbo, "", "shelter") return set_cached_response(cache_key, "application/json", 3600, 3600, html.json(sa)) elif method == "xml_shelter_animals": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) sa = animal.get_animal_find_simple(dbo, "", "shelter") return set_cached_response(cache_key, "application/xml", 3600, 3600, html.xml(sa)) elif method == "rss_timeline": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.VIEW_ANIMAL) return set_cached_response(cache_key, "application/rss+xml", 3600, 3600, html.timeline_rss(dbo)) elif method == "upload_animal_image": users.check_permission_map(l, user["SUPERUSER"], securitymap, users.ADD_MEDIA) media.attach_file_from_form(dbo, username, media.ANIMAL, int(animalid), post) return ("text/plain", 0, "OK") elif method == "online_form_html": if formid == 0: raise utils.ASMError("method online_form_html requires a valid formid") return set_cached_response(cache_key, "text/html; charset=utf-8", 120, 120, onlineform.get_onlineform_html(dbo, formid)) elif method == "online_form_json": if formid == 0: raise utils.ASMError("method online_form_json requires a valid formid") return set_cached_response(cache_key, "text/json; charset=utf-8", 30, 30, onlineform.get_onlineform_json(dbo, formid)) elif method == "online_form_post": flood_protect("online_form_post", remoteip, 15) onlineform.insert_onlineformincoming_from_form(dbo, post, remoteip) redirect = post["redirect"] if redirect == "": redirect = BASE_URL + "/static/pages/form_submitted.html" return ("redirect", 0, redirect) elif method == "sign_document": if formid == 0: raise utils.ASMError("method sign_document requires a valid formid") if post["sig"] == "": return set_cached_response(cache_key, "text/html", 2, 2, sign_document_page(dbo, formid)) else: media.sign_document(dbo, "service", formid, post["sig"], post["signdate"]) return ("text/plain", 0, "OK") else: al.error("invalid method '%s'" % method, "service.handler", dbo) raise utils.ASMError("Invalid method '%s'" % method)