Beispiel #1
0
    def process_resource(self, request, response, resource, params):
        """
        This method validate that the user is authenticated if required by the entry point.
        """
        # meta_resource = MetaResource.get_meta_resource(resource)
        meta_resource = MetaResource._meta_resource_content['data'][
            resource.__class__.__name__]
        if meta_resource is not None:
            if request.method in meta_resource:
                method_meta_info = meta_resource[request.method]
                # Check authentication
                if 'auth_token_required' in method_meta_info:
                    user_types = method_meta_info['auth_token_required']
                    # auth_token = ContextInfo.get_context_data('auth_token')
                    auth_token = request.context['auth_token']

                    # Authenticated?
                    if auth_token is None:
                        raise ServiceException(
                            'UNAUTHORIZED_NOT_AUTHENTICATED',
                            module=find_module_associated_to_uri(request.path))

                    # Still valid?
                    if auth_token.is_expired():
                        raise ServiceException(
                            'UNAUTHORIZED_SESSION_EXPIRED',
                            module=find_module_associated_to_uri(request.path))

                    # Has access?
                    if auth_token['type'] not in user_types:
                        raise ServiceException(
                            'FORBIDDEN',
                            "User doesn't have access to this resource.",
                            module=find_module_associated_to_uri(request.path))
Beispiel #2
0
    def delete_content_item(content_item_id):
        """
        Delete content item with id

        :param content_item_id: content item id to be deleted
        :return: A List of Dictionary with all the deleted item information
        """

        try:
            # Make sure the content exist
            content_item_exist = FacadeContent.get_content_by_id(
                content_item_id)
        except Exception as e:
            raise ServiceException('ADMIN_USER_DATABASE_QUERY_FAIL',
                                   "Unable to delete content.", str(e))

        print(content_item_exist)

        if not content_item_exist:
            raise ServiceException('INVALID_CONTENT_ID',
                                   'Content id not found. Invalid content id')

        try:
            # Make sure the content exist
            FacadeContent.delete(content_item_id)
        except Exception as e:
            raise ServiceException('ADMIN_USER_DATABASE_QUERY_FAIL',
                                   "Unable to delete content.", str(e))
Beispiel #3
0
    def on_delete(self, req, resp, content_item_id=None):
        """
        :description:
            Delete a Content

        :title:
            Admin - Delete's a Item

        :auth_token_required: admin

        :code: 204
            DELETED - 0 - The item deleted

        :code: 400
            CONTENT_ITEM_DELETE_FAIL - Item delete fail

        """

        if content_item_id is None:
            raise ServiceException('CONTENT_ITEM_DELETE_FAIL', 'A content item id needs to be specified')

        Content.delete_content_item(content_item_id)

        try:
            content_item = Content.get_content_from_id(content_item_id)
        except Exception as e:
            raise ServiceException('CONTENT_ITEM_DELETE_VALIDATION_FAIL', 'An error occured while validating the content deletion', str(e))

        if content_item is not None:
            raise ServiceException('CONTENT_ITEM_DELETE_FAIL', 'Unable to delete the content')

        resp.status = HTTP_204
Beispiel #4
0
    def generate_token_from_credential(login, password):
        """
        Verify the authentication information of a user

        :param login: The login associated to this user [String, Required]
        :param password: The password associated to this user [String, Required]

        :return: An authentication token if credential are valid
        """

        # Identify guest login
        is_guest = False

        if not login and not password:
            is_guest = True

        # Try to retrieve the user information
        user = None

        if not is_guest:
            try:
                user = FacadeUser.get_by_login(login)
            except Exception as e:
                raise ServiceException(
                    'USER_DATABASE_QUERY_FAIL',
                    "Fail to load the user current information.", str(e))

            if user is None:
                raise ServiceException('USER_UNKNOWN_INVALID_CREDENTIALS',
                                       "Invalid credentials", "Unknown user")

        # If the password is valid, generate the authentication token
        if not is_guest and not pbkdf2_sha256.verify(password,
                                                     user['password']):
            raise ServiceException('USER_INVALID_PASSWORD_CREDENTIALS',
                                   "Invalid credentials", "Invalid password")

        try:
            # Build the json payload
            payload = dict()

            if is_guest:
                payload['uuid'] = str(uuid_generator.uuid1())
                payload['type'] = UserAuthTokenType.AUTH_TYPE_GUEST
            else:
                payload['uuid'] = user['uuid']
                payload['type'] = UserAuthTokenType.AUTH_TYPE_USER

            # Generate the token
            return Token.generate_token('Auth-Token', payload,
                                        auth_token_expiration), payload

        except Exception as e:
            raise ServiceException('USER_INVALID_CREDENTIALS',
                                   "Invalid credentials", str(e))
Beispiel #5
0
    def process_request(self, request, response):
        """
        This method extracts and decodes the API-Key and Auth-Token headers.
        It's called before a request is routed to the proper resource.

        :param request: HTTP request structure
        :param response: HTTP response structure
        :return:
        """
        # ContextInfo.clear_auth_token()

        auth_token = request.get_header('Auth-Token')
        if auth_token is None:
            return

        # Decode the token
        try:
            decoded_token = Token(auth_token)
        except:
            raise ServiceException('INVALID_REQUEST',
                                   "Failed to decode 'Auth-Token'.",
                                   "Check SSL certificate.",
                                   module=find_module_associated_to_uri(
                                       request.path))

        # Make sure it's a Auth-Token
        if not decoded_token.is_type('Auth-Token'):
            raise ServiceException('INVALID_FORMAT',
                                   "'Auth-Token' is not valid.",
                                   "Not a 'Auth-Token'.",
                                   module=find_module_associated_to_uri(
                                       request.path))

        # Validate the format
        if not decoded_token.contains('uuid'):
            raise ServiceException('INVALID_FORMAT',
                                   "'Auth-Token' is malformed.",
                                   "'uuid' is missing.",
                                   module=find_module_associated_to_uri(
                                       request.path))
        if not decoded_token.contains('type'):
            raise ServiceException('INVALID_FORMAT',
                                   "'Auth-Token' is malformed.",
                                   "'type' is missing.",
                                   module=find_module_associated_to_uri(
                                       request.path))

        request.context['auth_token'] = decoded_token
Beispiel #6
0
    def update_content_item(content_item_id, entity):
        """
        Update content item with id

        :param content_item_id: content item id to be updated
        :param entity: content to be updated
        :return: A List of Dictionary with all the updated item information
        """

        try:
            # Make sure the content exist
            content_item = FacadeContent.get_content_by_id(content_item_id)
        except Exception as e:
            raise ServiceException('CONTENT_DATABASE_QUERY_FAIL',
                                   "Unable to update content.", str(e))

        if not content_item:
            raise ServiceException('INVALID_CONTENT_ID',
                                   'Content id not found. Invalid content id')

        # Retrieve the user current information
        try:
            content = FacadeContent.get_content_info_by_id(content_item_id)
        except Exception as e:
            raise ServiceException(
                'CONTENT_DATABASE_LOAD_QUERY_FAIL',
                "Fail to load the Content current information.", str(e))

        # Update the content new information over the current information
        if entity.member_exist('title'):
            content['title'] = entity['title']
        if entity.member_exist('popularity'):
            content['popularity'] = entity['popularity']
        if entity.member_exist('director'):
            content['director'] = entity['director']
        if entity.member_exist('genre'):
            content['genre'] = entity['genre']
        if entity.member_exist('imdb_score'):
            content['imdb_score'] = entity['imdb_score']

        try:
            # Make sure the content exist
            FacadeContent.update(content_item_id, content)
        except Exception as e:
            raise ServiceException('ADMIN_CONTENT_DATABASE_QUERY_FAIL',
                                   "Unable to update content.", str(e))
Beispiel #7
0
    def add_content(entity):
        """
        Add content to content list data

        :param entity: content to be added
        :return: A List of Dictionary with all the added item information
        """

        try:
            FacadeContent.add(entity)
            print("ADDING CONTENT LIST")
        except Exception as e:
            raise ServiceException('CONTENT_DATABASE_QUERY_FAIL',
                                   "Unable to add content.", str(e))
Beispiel #8
0
    def get_content_from_id(content_item_id):
        """
        Get content item with id

        :param content_item_id: content item id to be fetched
        :return: A Entity of Dictionary with all the item information
        """

        try:
            # Make sure the content exist
            content = FacadeContent.get_content_info_by_id(content_item_id)
            return content
        except Exception as e:
            raise ServiceException('ADMIN_USER_DATABASE_QUERY_FAIL',
                                   "Unable to fetch content item.", str(e))
Beispiel #9
0
    def get_content_list(search):
        """
        Get a content list data

        :param search: search parameter
        :return: A List of Dictionary with all the item information
        """

        try:
            # Make sure the user exist
            content_list = FacadeContent.get_list(search)
            print("RETURNING CONTENT LIST")
            return json.dumps(content_list)
        except Exception as e:
            raise ServiceException('USER_DATABASE_QUERY_FAIL',
                                   "Unable to fetch content.", str(e))
Beispiel #10
0
    def create_user(entity):
        """
        Create a new user

        :param entity: A Entity object with required values
                    email: The email associated to this user [String, Required]
                    password: The password associated to this user [String, Required]
                    email: The email associated to this user [String, Required]
                    firstname: The first name of the user [String, Required]
                    lastname: The last name of the user [String, Required]
        :return:
        """

        print("In bl | User | create User method")

        # Make sure the user does not already exist
        try:
            is_user_exists = FacadeUser.is_exist_by_login(entity['login'])
        except Exception as e:
            raise ServiceException(
                'USER_DATABASE_QUERY_FAIL',
                "Fail to verify if the user already exist.", str(e))

        if is_user_exists:
            raise ServiceException('USER_ALREADY_EXIST_FAIL',
                                   "User already exists in the database.")

        # Validate email address
        if not validate_email(entity['login']):
            raise ServiceException('USER_CREATION_EMAIL_FAIL',
                                   "Email doesn't meet requirements.")

        # Validate the password
        if not check_password(entity['password']):
            raise ServiceException('USER_CREATION_PASSWORD_FAIL',
                                   "Password doesn't meet requirements.")

        entity['uuid'] = str(uuid_generator.uuid1())
        # Hash the user password
        try:
            entity['password'] = pbkdf2_sha256.encrypt(entity['password'],
                                                       rounds=2000,
                                                       salt_size=16)
        except:
            raise ServiceException(
                'USER_CREATION_ENCRYPTION_FAIL',
                "The encryption of the password has failed.")

        # Create a new user using the dal
        try:
            FacadeUser.add(entity)
        except Exception as e:
            raise ServiceException('USER_DATABASE_CREATION_QUERY_FAIL',
                                   "The creation of the user has failed.",
                                   str(e))
Beispiel #11
0
    def get_user_from_login(login):
        """
        Get the user information

        :param login: The login of the user [String, Required]
        :return: If not user found, return None
        :return: If user found, return a Entity with the user information
                    user_id: The uuid associated to this user [String]
                    email: The email associated to this user [String]
                    password: The password associated to this user [String]
                    email: The email associated to this user [String]
                    firstname: The first name of the user [String]
                    lastname: The last name of the user [String]
        """
        try:
            # Make sure the user exist
            if not FacadeUser.is_exist_by_login(login):
                return None
            return FacadeUser.get_by_login(login)
        except Exception as e:
            raise ServiceException('USER_DATABASE_QUERY_FAIL',
                                   "Unable to load the user information.",
                                   str(e))
Beispiel #12
0
    def on_put(self, req, resp, content_item_id=None):
        """
        :description:
            Update a Content

        :title:
            Admin - Update a Item

        :auth_token_required: admin

        :input_body::

            {
                "type": "object",
                "properties": {
                    "title": {
                        "type": "string",
                        "description": "title of the content"
                    },
                    "genre": {
                        "type": "array",
                        "description": "The genre of the content"
                    },
                    "director": {
                        "type": "string",
                        "description": "The director of the media"
                    },
                    "idbm_score": {
                        "type": "integer",
                        "description": "The imdb score of the content"
                    },
                    "popularity": {
                        "type": "integer",
                        "description": "The popularity of the content"
                    }
                },
            }

        """

        if content_item_id is None:
            raise ServiceException('CONTENT_ITEM_UPDATE_FAIL', 'A content item id needs to be specified')

        # Extract the 'body' from the request
        entity = Entity(req.context['body'])

        if not req.context['body']:
            raise ServiceException('CONTENT_EMPTY_BODY', "No data provided for update.")

        Content.update_content_item(content_item_id, entity)

        # Retrieve the updated content information
        try:
            content_item = Content.get_content_from_id(content_item_id)
        except Exception as e:
            raise ServiceException('CONTENT_UPDATE_FAIL',
                                   "Unable to load the content information that has just been updated.", str(e))

        if not content_item:
            raise ServiceException('CONTENT_UPDATE_FAIL',
                                   "Unable to load the content information that has just been updated.")

        resp.status = HTTP_200
        resp.body = json.dumps(content_item)
Beispiel #13
0
    def on_post(self, req, resp):
        """
        :description:
            Create user account

        :title:
            Create user account

        :input_body::

            {
                "type": "object",
                "properties": {
                    "firstname": {
                        "type": "string",
                        "description": "The user’s first name"
                    },
                    "lastname": {
                        "type": "string",
                        "description": "he user’s last name"
                    },
                    "email": {
                        "type": "string",
                        "description": "he user’s account email address"
                    },
                    "password": {
                        "type": "string",
                        "description": "The user’s password"
                    }
                },
                "required": ["email", "password"]
            }

        :output_body::

            {
                "type": "object",
                "properties": {
                    "firstname": {
                        "type": "string",
                        "description": "The user’s first name"
                    },
                    "lastname": {
                        "type": "string",
                        "description": "he user’s last name"
                    },
                    "email": {
                        "type": "string",
                        "description": "he user’s account email address"
                    }
                },
                "required": ["firstname", "lastname", "email"]
            }

        """

        # Extract the 'body' from the request
        entity = Entity(req.context['body'])

        # Make sure the entity has all required fields
        entity.add_member('login', entity['email'])

        # Process the request
        User.create_user(entity)

        # Retrieve the new user information
        user_info = User.get_user_from_login(entity.get('login'))

        if not user_info:
            raise ServiceException(
                'USER_CREATION_FAIL',
                "Unable to load the user information that has just been created."
            )

        # Remove the unnecessary fields from the entity
        user_info.remove_member('uuid')
        user_info.remove_member('email')
        user_info.remove_member('password')

        # Fill the response
        resp.status = HTTP_201
        resp.body = json.dumps(user_info)
Beispiel #14
0
    def on_post(self, req, resp):
        """
        :description:
            Login to admin session

        :title:
            Login

        :input_body::

            {
                "type": "object",
                "properties": {
                    "email": {
                        "type": "string",
                        "description": "The user’s registered account email address"
                    },
                    "password": {
                        "type": "string",
                        "description": "The user’s password"
                    }
                },
                "required": ["email", "password"]
            }

        :output_body::

            {
                "type": "object",
                "properties": {
                    "auth_token": {
                        "type": "string",
                        "description": "The user authentication token"
                    }
                },
                "required": ["auth_token"]
            }

        """

        # Extract the 'body' from the request
        entity = Entity(req.context['body'])

        # Make sure the entity has all required fields
        entity.add_member('login', entity['email'])

        if not entity['login']:
            raise ServiceException('ADMIN_CREATION_EMAIL_FAIL',
                                   "Login/Email required.")

        if not entity['password']:
            raise ServiceException('ADMIN_CREATION_PASSWORD_FAIL',
                                   "Password Required")

        # Process the request
        auth_token, self._token_payload = Admin.generate_token_from_credential(
            entity['login'], entity['password'])

        if not auth_token:
            raise ServiceException('ADMIN_USER_INVALID_CREDENTIALS_TOKEN',
                                   "Invalid credentials",
                                   "Token generation failed")

        # Fill the response
        resp.status = HTTP_200
        resp.body = json.dumps({'auth_token': auth_token})