def setup_db(self):
"""
Establish a connection to the database.
All database calls are done at a low level and avoid the
Django ORM.
"""
if not self.cursor:
self.conn = mypool.connect()
self.cursor = self.conn.cursor()
def status_check(environ):
output = ''
# Check we can read from the users_install table, should be nice and
# fast. Anything that fails here, connecting to db, accessing table
# will be an error we need to know about.
try:
conn = mypool.connect()
cursor = conn.cursor()
cursor.execute('SELECT id FROM users_install ORDER BY id DESC LIMIT 1')
except Exception, err:
return 500, str(err)
def __call__(self):
if not self.cursor:
self.conn = mypool.connect()
self.cursor = self.conn.cursor()
# Try and decode the receipt data.
# If its invalid, then just return invalid rather than give out any
# information.
try:
receipt = decode_receipt(self.receipt)
except (jwt.DecodeError, M2Crypto.RSA.RSAError), e:
self.log('Error decoding receipt: %s' % e)
return self.invalid()
def __init__(self, locale, id_, qs=None):
self.conn, self.cursor = None, None
self.data = {
'locale': locale,
'id': id_,
# If we came from getpersonas.com, then look up by `persona_id`.
# Otherwise, look up `addon_id`.
'primary_key': 'persona_id' if qs == 'src=gp' else 'addon_id',
'atype': base.ADDON_PERSONA,
'row': {}
}
if not self.cursor:
self.conn = mypool.connect()
self.cursor = self.conn.cursor()
def status_check(environ):
output = ''
# Check we can read from the users_install table, should be nice and
# fast. Anything that fails here, connecting to db, accessing table
# will be an error we need to know about.
if not settings.SIGNING_SERVER_ACTIVE:
return 500, 'SIGNING_SERVER_ACTIVE is not set'
try:
conn = mypool.connect()
cursor = conn.cursor()
cursor.execute('SELECT id FROM users_install ORDER BY id DESC LIMIT 1')
except Exception, err:
return 500, str(err)
def __init__(self, locale, id_, qs=None):
self.conn, self.cursor = None, None
self.from_gp = qs == 'src=gp'
self.data = {
'locale': locale,
'id': id_,
# If we came from getpersonas.com, then look up by `persona_id`.
# Otherwise, look up `addon_id`.
'primary_key': 'persona_id' if self.from_gp else 'addon_id',
'atype': base.ADDON_PERSONA,
'row': {}
}
if not self.cursor:
self.conn = mypool.connect()
self.cursor = self.conn.cursor()
def __init__(self, locale, id_, qs=None):
self.conn, self.cursor = None, None
self.from_gp = qs == "src=gp"
self.data = {
"locale": locale,
"id": id_,
# If we came from getpersonas.com, then look up by `persona_id`.
# Otherwise, look up `addon_id`.
"primary_key": "persona_id" if self.from_gp else "addon_id",
"atype": base.ADDON_PERSONA,
"row": {},
}
if not self.cursor:
self.conn = mypool.connect()
self.cursor = self.conn.cursor()
def is_valid(self):
# If you accessing this from unit tests, then before calling
# is valid, you can assign your own cursor.
if not self.cursor:
self.conn = mypool.connect()
self.cursor = self.conn.cursor()
data = self.data
# Version can be blank.
data['version'] = data.get('version', '')
for field in ['reqVersion', 'id', 'appID', 'appVersion']:
if field not in data:
return False
data['app_id'] = co.APP_GUIDS.get(data['appID'])
if not data['app_id']:
return False
sql = """SELECT id, status, addontype_id, guid FROM addons
WHERE guid = %(guid)s AND
inactive = 0 AND
status != %(STATUS_DELETED)s
LIMIT 1;"""
self.cursor.execute(sql, {
'guid': self.data['id'],
'STATUS_DELETED': co.STATUS_DELETED
})
result = self.cursor.fetchone()
if result is None:
return False
data['id'], data['addon_status'], data['type'], data['guid'] = result
data['version_int'] = version_int(data['appVersion'])
if 'appOS' in data:
for k, v in co.PLATFORMS.items():
if k in data['appOS']:
data['appOS'] = v
break
else:
data['appOS'] = None
self.is_beta_version = co.VERSION_BETA.search(data['version'])
return True
def is_valid(self):
# If you accessing this from unit tests, then before calling
# is valid, you can assign your own cursor.
if not self.cursor:
self.conn = mypool.connect()
self.cursor = self.conn.cursor()
data = self.data
# Version can be blank.
data['version'] = data.get('version', '')
for field in ['reqVersion', 'id', 'appID', 'appVersion']:
if field not in data:
return False
data['app_id'] = co.APP_GUIDS.get(data['appID'])
if not data['app_id']:
return False
sql = """SELECT id, status, addontype_id, guid FROM addons
WHERE guid = %(guid)s AND
inactive = 0 AND
status != %(STATUS_DELETED)s
LIMIT 1;"""
self.cursor.execute(sql, {'guid': self.data['id'],
'STATUS_DELETED': co.STATUS_DELETED})
result = self.cursor.fetchone()
if result is None:
return False
data['id'], data['addon_status'], data['type'], data['guid'] = result
data['version_int'] = version_int(data['appVersion'])
if 'appOS' in data:
for k, v in co.PLATFORMS.items():
if k in data['appOS']:
data['appOS'] = v
break
else:
data['appOS'] = None
self.is_beta_version = co.VERSION_BETA.search(data['version'])
return True
def setup_db(self):
if not self.cursor:
self.conn = mypool.connect()
self.cursor = self.conn.cursor()
def __call__(self, check_purchase=True):
if not self.cursor:
self.conn = mypool.connect()
self.cursor = self.conn.cursor()
# Try and decode the receipt data.
# If its invalid, then just return invalid rather than give out any
# information.
try:
receipt = decode_receipt(self.receipt)
except:
log_exception({
'receipt': '%s...' % self.receipt[:10],
'addon': self.addon_id
})
self.log('Error decoding receipt')
return self.invalid()
try:
assert receipt['user']['type'] == 'directed-identifier'
except (AssertionError, KeyError):
self.log('No directed-identifier supplied')
return self.invalid()
# Get the addon and user information from the installed table.
try:
uuid = receipt['user']['value']
except KeyError:
# If somehow we got a valid receipt without a uuid
# that's a problem. Log here.
self.log('No user in receipt')
return self.invalid()
# Newer receipts have the addon_id in the storedata,
# if it doesn't match the URL, then it's wrong.
receipt_addon_id = None
try:
storedata = receipt['product']['storedata']
receipt_addon_id = int(dict(parse_qsl(storedata)).get('id', ''))
except:
# There was some value for storedata but it was invalid.
self.log('Invalid store data')
return self.invalid()
# The addon_id in the URL and the receipt did not match, fail.
if receipt_addon_id and receipt_addon_id != self.addon_id:
self.log('The addon_id in the receipt and the URL did not match.')
return self.invalid()
sql = """SELECT id, user_id, premium_type FROM users_install
WHERE addon_id = %(addon_id)s
AND uuid = %(uuid)s LIMIT 1;"""
self.cursor.execute(sql, {'addon_id': self.addon_id, 'uuid': uuid})
result = self.cursor.fetchone()
if not result:
# We've got no record of this receipt being created.
self.log('No entry in users_install for uuid: %s' % uuid)
return self.invalid()
rid, self.user_id, self.premium = result
# If it's a premium addon, then we need to get that the purchase
# information.
if self.premium != ADDON_PREMIUM:
self.log('Valid receipt, not premium')
return self.ok_or_expired(receipt)
elif self.premium and not check_purchase:
return self.ok_or_expired(receipt)
else:
sql = """SELECT id, type FROM addon_purchase
WHERE addon_id = %(addon_id)s
AND user_id = %(user_id)s LIMIT 1;"""
self.cursor.execute(sql, {
'addon_id': self.addon_id,
'user_id': self.user_id
})
result = self.cursor.fetchone()
if not result:
self.log('Invalid receipt, no purchase')
return self.invalid()
if result[-1] in [CONTRIB_REFUND, CONTRIB_CHARGEBACK]:
self.log('Valid receipt, but refunded')
return self.refund()
elif result[-1] == CONTRIB_PURCHASE:
self.log('Valid receipt')
return self.ok_or_expired(receipt)
else:
self.log('Valid receipt, but invalid contribution')
return self.invalid()
def __call__(self, check_purchase=True):
if not self.cursor:
self.conn = mypool.connect()
self.cursor = self.conn.cursor()
# Try and decode the receipt data.
# If its invalid, then just return invalid rather than give out any
# information.
try:
receipt = decode_receipt(self.receipt)
except:
log_exception({'receipt': '%s...' % self.receipt[:10],
'addon': self.addon_id})
self.log('Error decoding receipt')
return self.invalid()
try:
assert receipt['user']['type'] == 'directed-identifier'
except (AssertionError, KeyError):
self.log('No directed-identifier supplied')
return self.invalid()
# Get the addon and user information from the installed table.
try:
uuid = receipt['user']['value']
except KeyError:
# If somehow we got a valid receipt without a uuid
# that's a problem. Log here.
self.log('No user in receipt')
return self.invalid()
# Newer receipts have the addon_id in the storedata,
# if it doesn't match the URL, then it's wrong.
receipt_addon_id = None
try:
storedata = receipt['product']['storedata']
receipt_addon_id = int(dict(parse_qsl(storedata)).get('id', ''))
except:
# There was some value for storedata but it was invalid.
self.log('Invalid store data')
return self.invalid()
# The addon_id in the URL and the receipt did not match, fail.
if receipt_addon_id and receipt_addon_id != self.addon_id:
self.log('The addon_id in the receipt and the URL did not match.')
return self.invalid()
sql = """SELECT id, user_id, premium_type FROM users_install
WHERE addon_id = %(addon_id)s
AND uuid = %(uuid)s LIMIT 1;"""
self.cursor.execute(sql, {'addon_id': self.addon_id,
'uuid': uuid})
result = self.cursor.fetchone()
if not result:
# We've got no record of this receipt being created.
self.log('No entry in users_install for uuid: %s' % uuid)
return self.invalid()
rid, self.user_id, self.premium = result
# If it's a premium addon, then we need to get that the purchase
# information.
if self.premium != ADDON_PREMIUM:
self.log('Valid receipt, not premium')
return self.ok_or_expired(receipt)
elif self.premium and not check_purchase:
return self.ok_or_expired(receipt)
else:
sql = """SELECT id, type FROM addon_purchase
WHERE addon_id = %(addon_id)s
AND user_id = %(user_id)s LIMIT 1;"""
self.cursor.execute(sql, {'addon_id': self.addon_id,
'user_id': self.user_id})
result = self.cursor.fetchone()
if not result:
self.log('Invalid receipt, no purchase')
return self.invalid()
if result[-1] in [CONTRIB_REFUND, CONTRIB_CHARGEBACK]:
self.log('Valid receipt, but refunded')
return self.refund()
elif result[-1] == CONTRIB_PURCHASE:
self.log('Valid receipt')
return self.ok_or_expired(receipt)
else:
self.log('Valid receipt, but invalid contribution')
return self.invalid()
def setup_db(self):
if not self.cursor:
self.conn = mypool.connect()
self.cursor = self.conn.cursor()
