def _extract_json_body(request: Request) -> object:
json_body = {}
if request.body == "":
request.body = "{}"
try:
json_body = request.json_body
except (ValueError, TypeError) as err:
error = error_entry("body", None, "Invalid JSON request body".format(err))
request.errors.append(error)
return json_body
def _extract_json_body(request: Request) -> object:
json_body = {}
if request.body == '':
request.body = '{}'
try:
json_body = request.json_body
except (ValueError, TypeError) as err:
error = error_entry('body', None,
'Invalid JSON request body'.format(err))
request.errors.append(error)
return json_body
def _extract_json_body(request: IRequest) -> object:
json_body = {}
if request.body == '':
request.body = '{}'
try:
json_body = request.json_body
except (ValueError, TypeError) as err:
error = error_entry('body', None,
'Invalid JSON request body'.format(err))
request.errors.append(error)
return json_body
def validate_user_headers(request: Request):
"""
Validate the user headers.
If the request has a 'X-User-Path' and/or 'X-User-Token' header, we
ensure that the session takes belongs to the user and is not expired.
"""
headers = request.headers
if "X-User-Path" in headers or "X-User-Token" in headers:
if get_user(request) is None:
error = error_entry("header", "X-User-Token", "Invalid user token")
request.errors.append(error)
def validate_user_headers(request: Request):
"""
Validate the user headers.
If the request has a 'X-User-Path' and/or 'X-User-Token' header, we
ensure that the session takes belongs to the user and is not expired.
"""
headers = request.headers
if 'X-User-Path' in headers or 'X-User-Token' in headers:
if get_user(request) is None:
error = error_entry('header', 'X-User-Token', 'Invalid user token')
request.errors.append(error)
def validate_post_root_versions(context, request: Request):
"""Check and transform the 'root_version' paths to resources."""
# TODO: make this a colander validator and move to schema.py
root_versions = request.validated.get('root_versions', [])
valid_root_versions = []
for root in root_versions:
if not IItemVersion.providedBy(root):
error = 'This resource is not a valid ' \
'root version: {}'.format(request.resource_url(root))
request.errors.append(error_entry('body', 'root_versions', error))
continue
valid_root_versions.append(root)
request.validated['root_versions'] = valid_root_versions
def validate_post_root_versions(context, request: Request):
"""Check and transform the 'root_version' paths to resources."""
# TODO: make this a colander validator and move to schema.py
# use the catalog to find IItemversions
root_versions = request.validated.get("root_versions", [])
valid_root_versions = []
for root in root_versions:
if not IItemVersion.providedBy(root):
error = "This resource is not a valid " "root version: {}".format(request.resource_url(root))
request.errors.append(error_entry("body", "root_versions", error))
continue
valid_root_versions.append(root)
request.validated["root_versions"] = valid_root_versions
def validate_account_active(context, request: Request):
"""Ensure that the user account is already active.
Requires the user object as `user` in `request.validated`.
No error message is added if there were earlier errors, as that would
leak information (indicating that a not-yet-activated account already
exists).
"""
user = request.validated.get("user", None)
if user is None or request.errors:
return
if not user.active:
error = error_entry("body", "name", "User account not yet activated")
request.errors.append(error)
def validate_account_active(context, request: Request):
"""Ensure that the user account is already active.
Requires the user object as `user` in `request.validated`.
No error message is added if there were earlier errors, as that would
leak information (indicating that a not-yet-activated account already
exists).
"""
user = request.validated.get('user', None)
if user is None or request.errors:
return
if not user.active:
error = error_entry('body', 'name', 'User account not yet activated')
request.errors.append(error)
def validate_post_root_versions(context, request: Request):
"""Check and transform the 'root_version' paths to resources."""
# TODO: make this a colander validator and move to schema.py
# use the catalog to find IItemversions
root_versions = request.validated.get('root_versions', [])
valid_root_versions = []
for root in root_versions:
if not IItemVersion.providedBy(root):
error = 'This resource is not a valid ' \
'root version: {}'.format(request.resource_url(root))
request.errors.append(error_entry('body', 'root_versions', error))
continue
valid_root_versions.append(root)
request.validated['root_versions'] = valid_root_versions
def validate_activation_path(context, request: Request):
"""Validate the user name of a login request.
If valid and activated, the user object is added as 'user' to
`request.validated`.
"""
path = request.validated['path']
locator = request.registry.getMultiAdapter((context, request),
IUserLocator)
user = locator.get_user_by_activation_path(path)
registry = request.registry
if user is None or _activation_time_window_has_expired(user, registry):
error = error_entry('body', 'path',
'Unknown or expired activation path')
request.errors.append(error)
else:
user.activate()
request.validated['user'] = user
if user is not None:
user.activation_path = None # activation path can only be used once
def validate_activation_path(context, request: Request):
"""Validate the user name of a login request.
If valid and activated, the user object is added as 'user' to
`request.validated`.
"""
path = request.validated["path"]
locator = request.registry.getMultiAdapter((context, request), IUserLocator)
user = locator.get_user_by_activation_path(path)
error = error_entry("body", "path", "Unknown or expired activation path")
if user is None:
request.errors.append(error)
elif is_older_than(user, days=8):
request.errors.append(error)
user.activation_path = None
else:
user.activate()
user.activation_path = None
request.validated["user"] = user
event = ResourceSheetModified(user, IUserBasic, request.registry, {}, {}, request)
request.registry.notify(event) # trigger reindex activation_path index
def validate_activation_path(context, request: Request):
"""Validate the user name of a login request.
If valid and activated, the user object is added as 'user' to
`request.validated`.
"""
path = request.validated['path']
locator = request.registry.getMultiAdapter((context, request),
IUserLocator)
user = locator.get_user_by_activation_path(path)
error = error_entry('body', 'path', 'Unknown or expired activation path')
if user is None:
request.errors.append(error)
elif is_older_than(user, days=8):
request.errors.append(error)
user.activation_path = None
else:
user.activate()
user.activation_path = None
request.validated['user'] = user
event = ResourceSheetModified(user, IUserBasic, request.registry, {},
{}, request)
request.registry.notify(event) # trigger reindex activation_path index
def _add_no_such_user_or_wrong_password_error(request: Request):
error = error_entry('body', 'password',
'User doesn\'t exist or password is wrong')
request.errors.append(error)
def _add_colander_invalid_error_to_request(error: Invalid, request: Request,
location: str):
for name, msg in error.asdict().items():
request.errors.append(error_entry(location, name, msg))
def _add_no_such_user_or_wrong_password_error(request: Request):
error = error_entry('body', 'password',
'User doesn\'t exist or password is wrong')
request.errors.append(error)
def _add_colander_invalid_error_to_request(error: Invalid, request: Request, location: str):
for name, msg in error.asdict().items():
request.errors.append(error_entry(location, name, msg))
def _add_no_such_user_or_wrong_password_error(request: Request):
error = error_entry("body", "password", "User doesn't exist or password is wrong")
request.errors.append(error)