def post(self): self._require_registration() # Check to make sure that they aren't trying to edit another user current_user_account_id = self.user_bundle.account.key.id() target_account_id = self.request.get('account_id') if target_account_id == current_user_account_id: url = self.request.get('url') secret_key = self.request.get('secret') query = MobileClient.query(MobileClient.messaging_id == url, ancestor=ndb.Key( Account, current_user_account_id)) if query.count() == 0: # Webhook doesn't exist, add it response = TBANSHelper.verify_webhook(url, secret_key) client = MobileClient( parent=self.user_bundle.account.key, user_id=current_user_account_id, messaging_id=url, display_name=self.request.get('name'), secret=secret_key, client_type=ClientType.WEBHOOK, verified=False, verification_code=response.verification_key) client.put() else: # Webhook already exists. Update the secret current = query.fetch()[0] current.secret = secret_key current.put() self.redirect('/account') else: self.redirect('/')
def test_verification(self): from models.notifications.requests.webhook_request import WebhookRequest with patch.object(WebhookRequest, 'send') as mock_send: verification_key = TBANSHelper.verify_webhook( 'https://thebluealliance.com', 'secret') mock_send.assert_called_once() self.assertIsNotNone(verification_key)
def post(self): self._require_registration() current_user_account_id = self.user_bundle.account.key.id() target_account_id = self.request.get('account_id') if target_account_id == current_user_account_id: client_id = self.request.get('client_id') webhook = MobileClient.get_by_id(int(client_id), parent=ndb.Key( Account, current_user_account_id)) if webhook.client_type == ClientType.WEBHOOK and current_user_account_id == webhook.user_id: response = TBANSHelper.verify_webhook(webhook.messaging_id, webhook.secret) webhook.verification_code = response.verification_key webhook.verified = False webhook.put() self.redirect('/account') return else: logging.warning("Not webhook, or wrong owner") else: logging.warning("Users don't match. " + current_user_account_id + "/" + target_account_id) self.redirect('/')
def post(self): self._require_registration() self._require_request_user_is_bundle_user() # Name and URL must be non-None url = self.request.get('url', None) name = self.request.get('name', None) if not url or not name: return self.redirect('/webhooks/add?error=1') # Secret may be none - but we'll generate a secret for the user secret = self.request.get('secret', None) if not secret: import uuid secret = uuid.uuid4().hex current_user_account_id = self.user_bundle.account.key.id() query = MobileClient.query(MobileClient.messaging_id == url, ancestor=ndb.Key(Account, current_user_account_id)) if query.count() == 0: # Webhook doesn't exist, add it from helpers.tbans_helper import TBANSHelper response = TBANSHelper.verify_webhook(url, secret) client = MobileClient( parent=self.user_bundle.account.key, user_id=current_user_account_id, messaging_id=url, display_name=name, secret=secret, client_type=ClientType.WEBHOOK, verified=False, verification_code=response.verification_key) client.put() else: # Webhook already exists. Update the secret current = query.fetch()[0] current.secret = secret current.put() self.redirect('/account')
def post(self): self._require_registration() self._require_request_user_is_bundle_user() # Name and URL must be non-None url = self.request.get('url', None) name = self.request.get('name', None) if not url or not name: return self.redirect('/webhooks/add?error=1') # Always generate secret server-side; previously allowed clients to set the secret import uuid secret = uuid.uuid4().hex current_user_account_id = self.user_bundle.account.key.id() query = MobileClient.query(MobileClient.messaging_id == url, ancestor=ndb.Key(Account, current_user_account_id)) if query.count() == 0: # Webhook doesn't exist, add it from helpers.tbans_helper import TBANSHelper verification_key = TBANSHelper.verify_webhook(url, secret) client = MobileClient( parent=self.user_bundle.account.key, user_id=current_user_account_id, messaging_id=url, display_name=name, secret=secret, client_type=ClientType.WEBHOOK, verified=False, verification_code=verification_key) client.put() else: # Webhook already exists. Update the secret current = query.fetch()[0] current.secret = secret current.put() self.redirect('/account')
def post(self): self._require_registration() self._require_request_user_is_bundle_user() current_user_account_id = self.user_bundle.account.key.id() if not current_user_account_id: return self.redirect('/') client_id = self.request.get('client_id') if not client_id: return self.redirect('/') webhook = MobileClient.get_by_id(int(client_id), parent=ndb.Key(Account, current_user_account_id)) if not webhook or webhook.client_type != ClientType.WEBHOOK or current_user_account_id != webhook.user_id: return self.redirect('/') from helpers.tbans_helper import TBANSHelper verification_key = TBANSHelper.verify_webhook(webhook.messaging_id, webhook.secret) webhook.verification_code = verification_key webhook.verified = False webhook.put() return self.redirect('/account')
def post(self): self._require_registration() self._require_request_user_is_bundle_user() current_user_account_id = self.user_bundle.account.key.id() if not current_user_account_id: return self.redirect('/') client_id = self.request.get('client_id') if not client_id: return self.redirect('/') webhook = MobileClient.get_by_id(int(client_id), parent=ndb.Key(Account, current_user_account_id)) if not webhook or webhook.client_type != ClientType.WEBHOOK or current_user_account_id != webhook.user_id: return self.redirect('/') from helpers.tbans_helper import TBANSHelper response = TBANSHelper.verify_webhook(webhook.messaging_id, webhook.secret) webhook.verification_code = response.verification_key webhook.verified = False webhook.put() return self.redirect('/account')
def test_ping_webhook(self): TBANSHelper._create_service = self._create_mock_service TBANSHelper.verify_webhook(url='abc', secret='def')
def test_ping_webhook(self): TBANSHelper._create_service = self._create_mock_service TBANSHelper.verify_webhook(url='abc', secret='def')