def bid_id_signature_verified_active_bid(self):
if self.initial_organization == self.test_financial_organization:
response = self.app.post_json(
'/auctions/{}/bids'.format(self.auction_id), {
'data': {
'tenderers': [self.initial_organization],
'qualified': True,
'eligible': True
}
})
else:
response = self.app.post_json(
'/auctions/{}/bids'.format(self.auction_id), {
'data': {
'tenderers': [self.initial_organization],
'qualified': True
}
})
bidder = response.json['data']
signature = bidder['participationUrl']
before, sep, sig = signature.partition('signature=')
sig = b64decode(unquote(str(sig)))
signer = Signer(
'fe3b3b5999a08e68dfe62687c2ae147f62712ceace58c1ffca8ea819eabcb5d1'.
decode('hex'))
ver = Verifier(signer.hex_vk())
verified = ver.verify(sig +
str('{}_{}'.format(self.auction_id, bidder['id'])))
self.assertEqual(verified, '{}_{}'.format(self.auction_id, bidder['id']))
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application.
"""
read_users(settings['auth.file'])
config = Configurator(
settings=settings,
authentication_policy=BasicAuthAuthenticationPolicy(
auth_check, __name__),
authorization_policy=ACLAuthorizationPolicy(),
root_factory=Root,
)
config.add_request_method(request_params, 'params', reify=True)
config.add_subscriber(new_request_subscriber, NewRequest)
config.add_subscriber(add_logging_context, ContextFound)
config.include('pyramid_exclog')
config.add_route('status', '/')
config.add_route('register', '/register')
config.add_route('upload', '/upload')
config.add_route('upload_file', '/upload/{doc_id}')
config.add_route('get', '/get/{doc_id}')
config.scan(ignore='openprocurement.documentservice.tests')
config.registry.signer = signer = Signer(
settings.get('dockey', '').decode('hex'))
config.registry.dockey = dockey = signer.hex_vk()[:8]
verifier = Verifier(signer.hex_vk())
config.registry.dockeyring = dockeyring = {dockey: verifier}
dockeys = settings.get(
'dockeys') if 'dockeys' in settings else Signer().hex_vk()
for key in dockeys.split('\0'):
dockeyring[key[:8]] = Verifier(key)
config.registry.keyring = keyring = {dockey: verifier}
apikeys = settings.get(
'apikeys') if 'apikeys' in settings else Signer().hex_vk()
for key in apikeys.split('\0'):
keyring[key[:8]] = Verifier(key)
config.registry.apikey = key[:8]
config.registry.upload_host = settings.get('upload_host')
config.registry.get_host = settings.get('get_host')
# search for storage
storage = settings.get('storage')
for entry_point in iter_entry_points(
'openprocurement.documentservice.plugins', storage):
plugin = entry_point.load()
config.registry.storage = plugin(config)
return config.make_wsgi_app()
def _public_key_from_jwk(self, jwk: Dict[str, Any]) -> Verifier:
if jwk.get('kty') != "OKP":
raise self.server.error("Not an Octet Key Pair")
if jwk.get('crv') != "Ed25519":
raise self.server.error("Invalid Curve")
if 'x' not in jwk:
raise self.server.error("No 'x' argument in jwk")
key = base64url_decode(jwk['x'])
return Verifier(key.hex().encode())
def main(global_config, **settings):
config = Configurator(
autocommit=True,
settings=settings,
authentication_policy=AuthenticationPolicy(settings['auth.file'], __name__),
authorization_policy=AuthorizationPolicy(),
route_prefix=route_prefix(settings),
)
config.include('pyramid_exclog')
config.include("cornice")
config.add_forbidden_view(forbidden)
config.add_request_method(request_params, 'params', reify=True)
config.add_request_method(authenticated_role, reify=True)
config.add_request_method(extract_tender, 'tender', reify=True)
config.add_request_method(check_accreditation)
config.add_request_method(json_body, 'json_body', reify=True)
config.add_renderer('json', JSON(serializer=simplejson.dumps))
config.add_renderer('prettyjson', JSON(indent=4, serializer=simplejson.dumps))
config.add_renderer('jsonp', JSONP(param_name='opt_jsonp', serializer=simplejson.dumps))
config.add_renderer('prettyjsonp', JSONP(indent=4, param_name='opt_jsonp', serializer=simplejson.dumps))
config.add_subscriber(add_logging_context, NewRequest)
config.add_subscriber(set_logging_context, ContextFound)
config.add_subscriber(set_renderer, NewRequest)
config.add_subscriber(beforerender, BeforeRender)
config.scan("openprocurement.api.views.spore")
config.scan("openprocurement.api.views.health")
# tender procurementMethodType plugins support
config.add_route_predicate('procurementMethodType', isTender)
config.registry.tender_procurementMethodTypes = {}
config.add_request_method(tender_from_data)
config.add_directive('add_tender_procurementMethodType', register_tender_procurementMethodType)
# search for plugins
plugins = settings.get('plugins') and settings['plugins'].split(',')
for entry_point in iter_entry_points('openprocurement.api.plugins'):
if not plugins or entry_point.name in plugins:
plugin = entry_point.load()
plugin(config)
# CouchDB connection
db_name = os.environ.get('DB_NAME', settings['couchdb.db_name'])
server = Server(settings.get('couchdb.url'), session=Session(retry_delays=range(10)))
if 'couchdb.admin_url' not in settings and server.resource.credentials:
try:
server.version()
except Unauthorized:
server = Server(extract_credentials(settings.get('couchdb.url'))[0])
config.registry.couchdb_server = server
if 'couchdb.admin_url' in settings and server.resource.credentials:
aserver = Server(settings.get('couchdb.admin_url'), session=Session(retry_delays=range(10)))
config.registry.admin_couchdb_server = aserver
users_db = aserver['_users']
if SECURITY != users_db.security:
LOGGER.info("Updating users db security", extra={'MESSAGE_ID': 'update_users_security'})
users_db.security = SECURITY
username, password = server.resource.credentials
user_doc = users_db.get('org.couchdb.user:{}'.format(username), {'_id': 'org.couchdb.user:{}'.format(username)})
if not user_doc.get('derived_key', '') or PBKDF2(password, user_doc.get('salt', ''), user_doc.get('iterations', 10)).hexread(int(len(user_doc.get('derived_key', '')) / 2)) != user_doc.get('derived_key', ''):
user_doc.update({
"name": username,
"roles": [],
"type": "user",
"password": password
})
LOGGER.info("Updating api db main user", extra={'MESSAGE_ID': 'update_api_main_user'})
users_db.save(user_doc)
security_users = [username, ]
if 'couchdb.reader_username' in settings and 'couchdb.reader_password' in settings:
reader_username = settings.get('couchdb.reader_username')
reader = users_db.get('org.couchdb.user:{}'.format(reader_username), {'_id': 'org.couchdb.user:{}'.format(reader_username)})
if not reader.get('derived_key', '') or PBKDF2(settings.get('couchdb.reader_password'), reader.get('salt', ''), reader.get('iterations', 10)).hexread(int(len(reader.get('derived_key', '')) / 2)) != reader.get('derived_key', ''):
reader.update({
"name": reader_username,
"roles": ['reader'],
"type": "user",
"password": settings.get('couchdb.reader_password')
})
LOGGER.info("Updating api db reader user", extra={'MESSAGE_ID': 'update_api_reader_user'})
users_db.save(reader)
security_users.append(reader_username)
if db_name not in aserver:
aserver.create(db_name)
db = aserver[db_name]
SECURITY[u'members'][u'names'] = security_users
if SECURITY != db.security:
LOGGER.info("Updating api db security", extra={'MESSAGE_ID': 'update_api_security'})
db.security = SECURITY
auth_doc = db.get(VALIDATE_DOC_ID, {'_id': VALIDATE_DOC_ID})
if auth_doc.get('validate_doc_update') != VALIDATE_DOC_UPDATE % username:
auth_doc['validate_doc_update'] = VALIDATE_DOC_UPDATE % username
LOGGER.info("Updating api db validate doc", extra={'MESSAGE_ID': 'update_api_validate_doc'})
db.save(auth_doc)
# sync couchdb views
sync_design(db)
db = server[db_name]
else:
if db_name not in server:
server.create(db_name)
db = server[db_name]
# sync couchdb views
sync_design(db)
config.registry.db = db
# readjust couchdb json decoder
couchdb_json_decode()
# Document Service key
config.registry.docservice_url = settings.get('docservice_url')
config.registry.docservice_username = settings.get('docservice_username')
config.registry.docservice_password = settings.get('docservice_password')
config.registry.docservice_upload_url = settings.get('docservice_upload_url')
config.registry.docservice_key = dockey = Signer(settings.get('dockey', '').decode('hex'))
config.registry.keyring = keyring = {}
dockeys = settings.get('dockeys') if 'dockeys' in settings else dockey.hex_vk()
for key in dockeys.split('\0'):
keyring[key[:8]] = Verifier(key)
# migrate data
if not os.environ.get('MIGRATION_SKIP'):
for entry_point in iter_entry_points('openprocurement.api.migrations'):
plugin = entry_point.load()
plugin(config.registry)
config.registry.server_id = settings.get('id', '')
config.registry.health_threshold = float(settings.get('health_threshold', 99))
config.registry.update_after = asbool(settings.get('update_after', True))
return config.make_wsgi_app()
def main(global_config, **settings):
config = Configurator(
autocommit=True,
settings=settings,
authentication_policy=AuthenticationPolicy(settings['auth.file'],
__name__),
authorization_policy=AuthorizationPolicy(),
route_prefix=ROUTE_PREFIX,
)
config.include('pyramid_exclog')
config.include("cornice")
config.add_forbidden_view(forbidden)
config.add_request_method(request_params, 'params', reify=True)
config.add_request_method(authenticated_role, reify=True)
config.add_request_method(check_accreditation)
config.add_request_method(json_body, 'json_body', reify=True)
config.add_renderer('json', JSON(serializer=simplejson.dumps))
config.add_renderer('prettyjson',
JSON(indent=4, serializer=simplejson.dumps))
config.add_renderer(
'jsonp', JSONP(param_name='opt_jsonp', serializer=simplejson.dumps))
config.add_renderer(
'prettyjsonp',
JSONP(indent=4, param_name='opt_jsonp', serializer=simplejson.dumps))
# search for plugins
plugins = settings.get('plugins') and settings['plugins'].split(',')
load_plugins(config, group='openregistry.api.plugins', plugins=plugins)
# CouchDB connection
aserver, server, db = set_api_security(settings)
config.registry.couchdb_server = server
if aserver:
config.registry.admin_couchdb_server = aserver
config.registry.db = db
couchdb_json_decode()
# Document Service key
config.registry.docservice_url = settings.get('docservice_url')
config.registry.docservice_username = settings.get('docservice_username')
config.registry.docservice_password = settings.get('docservice_password')
config.registry.docservice_upload_url = settings.get(
'docservice_upload_url')
config.registry.docservice_key = dockey = Signer(
settings.get('dockey', '').decode('hex'))
config.registry.keyring = keyring = {}
dockeys = settings.get(
'dockeys') if 'dockeys' in settings else dockey.hex_vk()
for key in dockeys.split('\0'):
keyring[key[:8]] = Verifier(key)
# migrate data
if not os.environ.get('MIGRATION_SKIP'):
load_plugins(config.registry, group='openregistry.api.migrations')
config.registry.server_id = settings.get('id', '')
# search subscribers
subscribers_keys = [k for k in settings if k.startswith('subscribers.')]
for k in subscribers_keys:
subscribers = settings[k].split(',')
for subscriber in subscribers:
load_plugins(config,
group='openregistry.{}'.format(k),
name=subscriber)
config.registry.health_threshold = float(
settings.get('health_threshold', 512))
config.registry.health_threshold_func = settings.get(
'health_threshold_func', 'all')
config.registry.update_after = asbool(settings.get('update_after', True))
return config.make_wsgi_app()
def key_get_vk(key):
return Verifier(key.hex_vk())
def key_decode_vk(string):
return Verifier(b64_decode(string).encode('hex'))
def main(global_config, **settings):
dsn = settings.get("sentry.dsn", None)
if dsn:
LOGGER.info("Init sentry sdk for {}".format(dsn))
sentry_sdk.init(
dsn=dsn,
integrations=[
LoggingIntegration(level=None, event_level=None),
PyramidIntegration()
],
send_default_pii=True,
request_bodies="always",
environment=settings.get("sentry.environment", None),
debug=settings.get("sentry.debug", False),
)
config = Configurator(
autocommit=True,
settings=settings,
authentication_policy=AuthenticationPolicy(settings["auth.file"],
__name__),
authorization_policy=AuthorizationPolicy(),
route_prefix=ROUTE_PREFIX,
)
config.include("pyramid_exclog")
config.include("cornice")
config.add_forbidden_view(forbidden)
config.add_view(precondition, context=HTTPPreconditionFailed)
config.add_request_method(request_params, "params", reify=True)
config.add_request_method(authenticated_role, reify=True)
config.add_request_method(check_accreditations)
config.add_request_method(get_currency_rates,
name="currency_rates",
reify=True)
config.add_renderer("json", JSON(serializer=simplejson.dumps))
config.add_renderer("prettyjson",
JSON(indent=4, serializer=simplejson.dumps))
config.add_renderer(
"jsonp", JSONP(param_name="opt_jsonp", serializer=simplejson.dumps))
config.add_renderer(
"prettyjsonp",
JSONP(indent=4, param_name="opt_jsonp", serializer=simplejson.dumps))
# search for plugins
plugins = settings.get("plugins") and [
plugin.strip() for plugin in settings["plugins"].split(",")
]
for entry_point in iter_entry_points("openprocurement.api.plugins"):
if not plugins or entry_point.name in plugins:
plugin = entry_point.load()
plugin(config)
# CouchDB connection
aserver, server, db = set_api_security(settings)
config.registry.couchdb_server = server
if aserver:
config.registry.admin_couchdb_server = aserver
config.registry.db = db
# readjust couchdb json decoder
couchdb_json_decode()
# Document Service key
config.registry.docservice_url = settings.get("docservice_url")
config.registry.docservice_username = settings.get("docservice_username")
config.registry.docservice_password = settings.get("docservice_password")
config.registry.docservice_upload_url = settings.get(
"docservice_upload_url")
config.registry.docservice_key = dockey = Signer(
settings.get("dockey", "").decode("hex"))
config.registry.keyring = keyring = {}
dockeys = settings.get(
"dockeys") if "dockeys" in settings else dockey.hex_vk()
for key in dockeys.split("\0"):
keyring[key[:8]] = Verifier(key)
# Archive keys
arch_pubkey = settings.get("arch_pubkey", None)
config.registry.arch_pubkey = PublicKey(
arch_pubkey.decode("hex") if arch_pubkey else SecretKey().pk)
# migrate data
if not os.environ.get("MIGRATION_SKIP"):
for entry_point in iter_entry_points("openprocurement.api.migrations"):
plugin = entry_point.load()
plugin(config.registry)
config.registry.server_id = settings.get("id", "")
# search subscribers
subscribers_keys = [k for k in settings if k.startswith("subscribers.")]
for k in subscribers_keys:
subscribers = settings[k].split(",")
for subscriber in subscribers:
for entry_point in iter_entry_points(
"openprocurement.{}".format(k), subscriber):
if entry_point:
plugin = entry_point.load()
plugin(config)
config.registry.health_threshold = float(
settings.get("health_threshold", 512))
config.registry.health_threshold_func = settings.get(
"health_threshold_func", "all")
config.registry.update_after = asbool(settings.get("update_after", True))
return config.make_wsgi_app()