def call_api(domain: str):
if domain not in cache.sites_metadata:
return abort(Response('Unrecognized domain', 400))
try:
access_token = mwoauth.AccessToken(**session['access_token'])
except KeyError:
return abort(Response('Not authenticated', 403))
consumer_token = create_consumer_token()
auth = OAuth1(consumer_token.key,
client_secret=consumer_token.secret,
resource_owner_key=access_token.key,
resource_owner_secret=access_token.secret)
with cache.create_session(user_requested=True) as state:
site = state.get_site(domain)
params = request.get_json()
# FIXME ?
action = params.pop('action') if 'action' in params else 'query'
if action == 'edit':
print(f"Modifying page {params['title']} at {domain}")
try:
result = site(action,
EXTRAS=dict(auth=auth),
NO_LOGIN=True,
POST=True,
**params)
except ApiError as err:
print("----------------------------boom")
print(repr(err.data))
if 'text' in err.data:
print(err.data.text)
print("----------------------end")
return abort(Response('API boom', 500))
return jsonify(result)
def generate_auth():
access_token = mwoauth.AccessToken(**flask.session['oauth_access_token'])
return requests_oauthlib.OAuth1(
client_key=consumer_token.key,
client_secret=consumer_token.secret,
resource_owner_key=access_token.key,
resource_owner_secret=access_token.secret,
)
def authenticated_session(domain = 'meta.wikimedia.org'): if 'oauth_access_token' in flask.session: access_token = mwoauth.AccessToken(**flask.session['oauth_access_token']) auth = requests_oauthlib.OAuth1(client_key=app.config['CONSUMER_KEY'], client_secret=app.config['CONSUMER_SECRET'], resource_owner_key=access_token.key, resource_owner_secret=access_token.secret) return mwapi.Session(host='https://'+domain, auth=auth, user_agent=user_agent) else: return None
def identify():
if 'oauth_access_token' in flask.session:
access_token = mwoauth.AccessToken(**flask.session['oauth_access_token'])
return mwoauth.identify('https://www.wikidata.org/w/index.php',
consumer_token,
access_token)
else:
return None
def authenticated_session():
if 'oauth_access_token' in flask.session:
access_token = mwoauth.AccessToken(**flask.session['oauth_access_token'])
auth = requests_oauthlib.OAuth1(client_key=consumer_token.key, client_secret=consumer_token.secret,
resource_owner_key=access_token.key, resource_owner_secret=access_token.secret)
return mwapi.Session(host='https://www.wikidata.org', auth=auth, user_agent=user_agent)
else:
return None
def get_current_user(cached=True):
if cached:
return session.get('mwoauth_username')
# Get user info
identity = handshaker.identify(
mwoauth.AccessToken(**session['mwoauth_access_token']))
# Store user info in session
session['mwoauth_username'] = identity['username']
return session['mwoauth_username']
def userinfo():
try:
access_token = mwoauth.AccessToken(**session['access_token'])
except KeyError:
return abort(Response('Not authenticated', 403))
identity = mwoauth.identify(app.config["OAUTH_MWURI"],
create_consumer_token(), access_token)
# TODO: remove this -- needed to track any changes being done while testing
print(f"******************** {identity['username']}")
return jsonify(identity)
def test_session_fits_in_cookie():
base_rev_id = 850000000
base_page_id = 60000000
with speedpatrolling.app.test_client() as client:
with client.session_transaction() as session:
for rev_id in range(base_rev_id, base_rev_id + 10000):
speedpatrolling.ids.append(session, 'skipped_rev_ids', rev_id)
for page_id in range(base_page_id, base_page_id + 10000):
speedpatrolling.ids.append(session, 'acted_page_ids', page_id)
for page_id in range(base_page_id + 10000, base_page_id + 20000):
speedpatrolling.ids.append(session, 'skipped_page_ids',
page_id)
for page_id in range(base_page_id + 20000, base_page_id + 30000):
speedpatrolling.ids.append(session, 'ignored_page_ids',
page_id)
for user_number in range(1000):
user_name = ''.join(
random.choice(string.ascii_letters + string.digits)
for _ in range(32))
speedpatrolling.ids.append(
session, 'acted_user_fake_ids',
speedpatrolling.ids.user_fake_id(user_name))
for user_number in range(1000):
user_name = ''.join(
random.choice(string.ascii_letters + string.digits)
for _ in range(32))
speedpatrolling.ids.append(
session, 'skipped_user_fake_ids',
speedpatrolling.ids.user_fake_id(user_name))
for user_number in range(1000):
user_name = ''.join(
random.choice(string.ascii_letters + string.digits)
for _ in range(32))
speedpatrolling.ids.append(
session, 'ignored_user_fake_ids',
speedpatrolling.ids.user_fake_id(user_name))
session['csrf_token'] = ''.join(
random.choice(string.ascii_letters + string.digits)
for _ in range(64))
access_token = mwoauth.AccessToken('%x' % random.getrandbits(128),
'%x' % random.getrandbits(128))
session['oauth_access_token'] = dict(
zip(access_token._fields, access_token))
# oauth_request_token not tested
session['supported_scripts'] = list(unicodescripts.all_scripts())
request = urllib.request.Request(
'http://localhost' +
speedpatrolling.app.config.get('APPLICATION_ROOT', '/'))
client.cookie_jar.add_cookie_header(request)
header = request.get_header('Cookie')
assert len(header) <= 4093
def authenticated_session(wiki: str) -> Optional[mwapi.Session]:
if 'oauth_access_token' not in flask.session:
return None
access_token = mwoauth.AccessToken(
**flask.session['oauth_access_token'])
auth = requests_oauthlib.OAuth1(client_key=consumer_token.key,
client_secret=consumer_token.secret,
resource_owner_key=access_token.key,
resource_owner_secret=access_token.secret)
return mwapi.Session(host='https://' + wiki,
auth=auth,
user_agent=user_agent)
def logged_in_user_name():
if 'user_name' in flask.g:
return flask.g.user_name
if 'oauth' not in app.config:
return flask.g.setdefault('user_name', None)
if 'oauth_access_token' not in flask.session:
return flask.g.setdefault('user_name', None)
access_token = mwoauth.AccessToken(**flask.session['oauth_access_token'])
identity = mwoauth.identify('https://www.wikidata.org/w/index.php',
consumer_token, access_token)
return flask.g.setdefault('user_name', identity['username'])
def authenticated_session(domain):
if 'oauth_access_token' not in flask.session:
return None
host = 'https://' + domain
access_token = mwoauth.AccessToken(**flask.session['oauth_access_token'])
auth = requests_oauthlib.OAuth1(client_key=consumer_token.key,
client_secret=consumer_token.secret,
resource_owner_key=access_token.key,
resource_owner_secret=access_token.secret)
return mwapi.Session(host=host,
auth=auth,
user_agent=user_agent,
formatversion=2)
def call_api(domain: str):
_validate_not_stopping()
print(f"++++ /api/{domain}")
_validate_domain(domain)
try:
access_token = mwoauth.AccessToken(**session['access_token'])
except KeyError:
return abort(Response('Not authenticated', 403))
consumer_token = _create_consumer_token()
auth = OAuth1(consumer_token.key,
client_secret=consumer_token.secret,
resource_owner_key=access_token.key,
resource_owner_secret=access_token.secret)
with create_session(user_requested=True) as state:
site = state.get_site(domain)
params = request.get_json()
action = params.pop('action')
filename = f'{datetime.utcnow()}-{action}'
if action == 'edit':
modifying = 'nocreate' in params
print(
f"{'**** Modifying' if modifying else 'Creating'} page {params['title']} at {domain}"
)
filename += ('modify' if modifying else 'create')
is_token = action == 'query' and 'meta' in params and params[
'meta'] == 'tokens'
if not is_token:
record_to_log(filename, domain, params)
try:
result = site(action,
EXTRAS=dict(auth=auth),
NO_LOGIN=True,
POST=True,
**params)
if not is_token:
record_to_log(filename, domain, result)
except ApiError as err:
print("----------------------------boom")
print(repr(err.data))
if 'text' in err.data:
record_to_log(
filename, domain,
dict(err=repr(err.data), text=repr(err.data.text)))
print(err.data.text)
else:
record_to_log(filename, domain, dict(err=repr(err.data)))
print("----------------------end")
return abort(Response('API boom', 500))
return jsonify(result)
def authentication_area() -> flask.Markup:
if 'oauth' not in app.config:
return flask.Markup()
if 'oauth_access_token' not in flask.session:
return (flask.Markup(r'<a id="login" class="navbar-text" href="') +
flask.Markup.escape(flask.url_for('login')) +
flask.Markup(r'">Log in</a>'))
access_token = mwoauth.AccessToken(**flask.session['oauth_access_token'])
identity = mwoauth.identify(index_php, consumer_token, access_token)
return (flask.Markup(r'<span class="navbar-text">Logged in as ') +
user_link(identity['username']) + flask.Markup(r'</span>'))
def identity(self) -> Optional[dict]:
"""Get identifying information about a user via an authorized token."""
if self.access_token is None:
pywikibot.error('Access token not set')
return None
consumer_token = mwoauth.ConsumerToken(*self.consumer_token)
access_token = mwoauth.AccessToken(*self.access_token)
try:
identity = mwoauth.identify(self.site.base_url(self.site.path()),
consumer_token, access_token)
return identity
except Exception as e:
pywikibot.error(e)
return None
def get_accesstoken(self):
return mwoauth.AccessToken(self.oauthtoken.encode('utf-8'),
self.oauthsecret.encode('utf-8'))
return (flask.Markup(r'<a id="login" class="navbar-text" href="') +
flask.Markup.escape(flask.url_for('login')) +
flask.Markup(r'">Log in</a>'))
userinfo = session.get(action='query',
meta='userinfo')['query']['userinfo']
return (flask.Markup(r'<span class="navbar-text">Logged in as ') +
user_link(userinfo['name']) +
flask.Markup(r'</span>'))
def authenticated_session(){% if cookiecutter.set_up_mypy == "True" %} -> Optional[mwapi.Session]{% endif %}:
if 'oauth_access_token' not in flask.session:
return None
access_token = mwoauth.AccessToken(
**flask.session['oauth_access_token'])
auth = requests_oauthlib.OAuth1(client_key=consumer_token.key,
client_secret=consumer_token.secret,
resource_owner_key=access_token.key,
resource_owner_secret=access_token.secret)
return mwapi.Session(host='https://{{ cookiecutter.wiki_domain }}',
auth=auth,
user_agent=user_agent)
@app.route('/')
def index(){% if cookiecutter.set_up_mypy == "True" %} -> str{% endif %}:
return flask.render_template('index.html')
@app.route('/greet/<name>')
