def post(self):
self._require_registration()
# Check to make sure that they aren't trying to edit another user
current_user_account_id = self.user_bundle.account.key.id()
target_account_id = self.request.get('account_id')
if target_account_id == current_user_account_id:
url = self.request.get('url')
secret_key = self.request.get('secret')
query = MobileClient.query(MobileClient.messaging_id == url,
ancestor=ndb.Key(
Account, current_user_account_id))
if query.count() == 0:
# Webhook doesn't exist, add it
response = TBANSHelper.verify_webhook(url, secret_key)
client = MobileClient(
parent=self.user_bundle.account.key,
user_id=current_user_account_id,
messaging_id=url,
display_name=self.request.get('name'),
secret=secret_key,
client_type=ClientType.WEBHOOK,
verified=False,
verification_code=response.verification_key)
client.put()
else:
# Webhook already exists. Update the secret
current = query.fetch()[0]
current.secret = secret_key
current.put()
self.redirect('/account')
else:
self.redirect('/')
def test_verification(self):
from models.notifications.requests.webhook_request import WebhookRequest
with patch.object(WebhookRequest, 'send') as mock_send:
verification_key = TBANSHelper.verify_webhook(
'https://thebluealliance.com', 'secret')
mock_send.assert_called_once()
self.assertIsNotNone(verification_key)
def post(self):
self._require_registration()
current_user_account_id = self.user_bundle.account.key.id()
target_account_id = self.request.get('account_id')
if target_account_id == current_user_account_id:
client_id = self.request.get('client_id')
webhook = MobileClient.get_by_id(int(client_id),
parent=ndb.Key(
Account,
current_user_account_id))
if webhook.client_type == ClientType.WEBHOOK and current_user_account_id == webhook.user_id:
response = TBANSHelper.verify_webhook(webhook.messaging_id,
webhook.secret)
webhook.verification_code = response.verification_key
webhook.verified = False
webhook.put()
self.redirect('/account')
return
else:
logging.warning("Not webhook, or wrong owner")
else:
logging.warning("Users don't match. " + current_user_account_id +
"/" + target_account_id)
self.redirect('/')
def post(self):
self._require_registration()
self._require_request_user_is_bundle_user()
# Name and URL must be non-None
url = self.request.get('url', None)
name = self.request.get('name', None)
if not url or not name:
return self.redirect('/webhooks/add?error=1')
# Secret may be none - but we'll generate a secret for the user
secret = self.request.get('secret', None)
if not secret:
import uuid
secret = uuid.uuid4().hex
current_user_account_id = self.user_bundle.account.key.id()
query = MobileClient.query(MobileClient.messaging_id == url, ancestor=ndb.Key(Account, current_user_account_id))
if query.count() == 0:
# Webhook doesn't exist, add it
from helpers.tbans_helper import TBANSHelper
response = TBANSHelper.verify_webhook(url, secret)
client = MobileClient(
parent=self.user_bundle.account.key,
user_id=current_user_account_id,
messaging_id=url,
display_name=name,
secret=secret,
client_type=ClientType.WEBHOOK,
verified=False,
verification_code=response.verification_key)
client.put()
else:
# Webhook already exists. Update the secret
current = query.fetch()[0]
current.secret = secret
current.put()
self.redirect('/account')
def post(self):
self._require_registration()
self._require_request_user_is_bundle_user()
# Name and URL must be non-None
url = self.request.get('url', None)
name = self.request.get('name', None)
if not url or not name:
return self.redirect('/webhooks/add?error=1')
# Always generate secret server-side; previously allowed clients to set the secret
import uuid
secret = uuid.uuid4().hex
current_user_account_id = self.user_bundle.account.key.id()
query = MobileClient.query(MobileClient.messaging_id == url, ancestor=ndb.Key(Account, current_user_account_id))
if query.count() == 0:
# Webhook doesn't exist, add it
from helpers.tbans_helper import TBANSHelper
verification_key = TBANSHelper.verify_webhook(url, secret)
client = MobileClient(
parent=self.user_bundle.account.key,
user_id=current_user_account_id,
messaging_id=url,
display_name=name,
secret=secret,
client_type=ClientType.WEBHOOK,
verified=False,
verification_code=verification_key)
client.put()
else:
# Webhook already exists. Update the secret
current = query.fetch()[0]
current.secret = secret
current.put()
self.redirect('/account')
def post(self):
self._require_registration()
self._require_request_user_is_bundle_user()
current_user_account_id = self.user_bundle.account.key.id()
if not current_user_account_id:
return self.redirect('/')
client_id = self.request.get('client_id')
if not client_id:
return self.redirect('/')
webhook = MobileClient.get_by_id(int(client_id), parent=ndb.Key(Account, current_user_account_id))
if not webhook or webhook.client_type != ClientType.WEBHOOK or current_user_account_id != webhook.user_id:
return self.redirect('/')
from helpers.tbans_helper import TBANSHelper
verification_key = TBANSHelper.verify_webhook(webhook.messaging_id, webhook.secret)
webhook.verification_code = verification_key
webhook.verified = False
webhook.put()
return self.redirect('/account')
def post(self):
self._require_registration()
self._require_request_user_is_bundle_user()
current_user_account_id = self.user_bundle.account.key.id()
if not current_user_account_id:
return self.redirect('/')
client_id = self.request.get('client_id')
if not client_id:
return self.redirect('/')
webhook = MobileClient.get_by_id(int(client_id), parent=ndb.Key(Account, current_user_account_id))
if not webhook or webhook.client_type != ClientType.WEBHOOK or current_user_account_id != webhook.user_id:
return self.redirect('/')
from helpers.tbans_helper import TBANSHelper
response = TBANSHelper.verify_webhook(webhook.messaging_id, webhook.secret)
webhook.verification_code = response.verification_key
webhook.verified = False
webhook.put()
return self.redirect('/account')
def test_ping_webhook(self):
TBANSHelper._create_service = self._create_mock_service
TBANSHelper.verify_webhook(url='abc', secret='def')
def test_ping_webhook(self):
TBANSHelper._create_service = self._create_mock_service
TBANSHelper.verify_webhook(url='abc', secret='def')
