def test_setup_security(self):
disabled = registry._disabled_content_types
self.assertEqual(0, len(disabled))
current_app.conf.CELERY_TASK_SERIALIZER = 'json'
setup_security()
self.assertIn('application/x-python-serialize', disabled)
disabled.clear()
def test_setup_security(self):
disabled = registry._disabled_content_types
self.assertEqual(0, len(disabled))
current_app.conf.CELERY_TASK_SERIALIZER = 'json'
setup_security()
self.assertIn('application/x-python-serialize', disabled)
disabled.clear()
def test_setup_registry_complete(self, dis, reg, key="KEY", cert="CERT"):
calls = [0]
def effect(*args):
try:
m = Mock()
m.read.return_value = "B" if calls[0] else "A"
return m
finally:
calls[0] += 1
with mock_open(side_effect=effect):
store = Mock()
setup_security(["json"], key, cert, store)
dis.assert_called_with(["json"])
reg.assert_called_with("A", "B", store)
def test_setup_registry_complete(self, dis, reg, key="KEY", cert="CERT"):
calls = [0]
def effect(*args):
try:
m = Mock()
m.read.return_value = "B" if calls[0] else "A"
return m
finally:
calls[0] += 1
with mock_open(side_effect=effect):
store = Mock()
setup_security(["json"], key, cert, store)
dis.assert_called_with(["json"])
reg.assert_called_with("A", "B", store)
def test_setup_registry_complete(self, dis, reg, key='KEY', cert='CERT'):
calls = [0]
def effect(*args):
try:
m = Mock()
m.read.return_value = 'B' if calls[0] else 'A'
return m
finally:
calls[0] += 1
with mock_open(side_effect=effect):
store = Mock()
setup_security(['json'], key, cert, store)
dis.assert_called_with(['json'])
reg.assert_called_with('A', 'B', store)
def setup_security(self, allowed_serializers=None, key=None, cert=None,
store=None, digest='sha1', serializer='json'):
"""Setup the message-signing serializer.
This will affect all application instances (a global operation).
Disables untrusted serializers and if configured to use the ``auth``
serializer will register the auth serializer with the provided settings
into the Kombu serializer registry.
:keyword allowed_serializers: List of serializer names, or
content_types that should be exempt from being disabled.
:keyword key: Name of private key file to use.
Defaults to the :setting:`security_key` setting.
:keyword cert: Name of certificate file to use.
Defaults to the :setting:`security_certificate` setting.
:keyword store: Directory containing certificates.
Defaults to the :setting:`security_cert_store` setting.
:keyword digest: Digest algorithm used when signing messages.
Default is ``sha1``.
:keyword serializer: Serializer used to encode messages after
they have been signed. See :setting:`task_serializer` for
the serializers supported.
Default is ``json``.
"""
from celery.security import setup_security
return setup_security(allowed_serializers, key, cert,
store, digest, serializer, app=self)
def setup_security(self, allowed_serializers=None, key=None, cert=None,
store=None, digest=DEFAULT_SECURITY_DIGEST,
serializer='json'):
"""Setup the message-signing serializer.
This will affect all application instances (a global operation).
Disables untrusted serializers and if configured to use the ``auth``
serializer will register the ``auth`` serializer with the provided
settings into the Kombu serializer registry.
Arguments:
allowed_serializers (Set[str]): List of serializer names, or
content_types that should be exempt from being disabled.
key (str): Name of private key file to use.
Defaults to the :setting:`security_key` setting.
cert (str): Name of certificate file to use.
Defaults to the :setting:`security_certificate` setting.
store (str): Directory containing certificates.
Defaults to the :setting:`security_cert_store` setting.
digest (str): Digest algorithm used when signing messages.
Default is ``sha256``.
serializer (str): Serializer used to encode messages after
they've been signed. See :setting:`task_serializer` for
the serializers supported. Default is ``json``.
"""
from celery.security import setup_security
return setup_security(allowed_serializers, key, cert,
store, digest, serializer, app=self)
def setup_security(self, allowed_serializers=None, key=None, cert=None,
store=None, digest='sha1', serializer='json'):
"""Setup the message-signing serializer.
This will affect all application instances (a global operation).
Disables untrusted serializers and if configured to use the ``auth``
serializer will register the ``auth`` serializer with the provided
settings into the Kombu serializer registry.
:keyword allowed_serializers: List of serializer names, or
content_types that should be exempt from being disabled.
:keyword key: Name of private key file to use.
Defaults to the :setting:`security_key` setting.
:keyword cert: Name of certificate file to use.
Defaults to the :setting:`security_certificate` setting.
:keyword store: Directory containing certificates.
Defaults to the :setting:`security_cert_store` setting.
:keyword digest: Digest algorithm used when signing messages.
Default is ``sha1``.
:keyword serializer: Serializer used to encode messages after
they have been signed. See :setting:`task_serializer` for
the serializers supported.
Default is ``json``.
"""
from celery.security import setup_security
return setup_security(allowed_serializers, key, cert,
store, digest, serializer, app=self)
def test_setup_registry_complete(self, dis, reg, key='KEY', cert='CERT'):
calls = [0]
def effect(*args):
try:
m = Mock()
m.read.return_value = 'B' if calls[0] else 'A'
return m
finally:
calls[0] += 1
with mock_open(side_effect=effect):
store = Mock()
setup_security(['json'], key, cert, store)
dis.assert_called_with(['json'])
reg.assert_called_with('A', 'B', store)
def test_setup_registry_complete(self, dis, reg, key='KEY', cert='CERT'):
calls = [0]
def effect(*args):
try:
m = Mock()
m.read.return_value = 'B' if calls[0] else 'A'
return m
finally:
calls[0] += 1
with mock_open(side_effect=effect):
with patch('celery.security.registry') as registry:
store = Mock()
setup_security(['json'], key, cert, store)
dis.assert_called_with(['json'])
reg.assert_called_with('A', 'B', store, 'sha1', 'json')
registry._set_default_serializer.assert_called_with('auth')
def setup_security(self,
allowed_serializers=None,
key=None,
cert=None,
store=None,
digest='sha1',
serializer='json'):
from celery.security import setup_security
return setup_security(allowed_serializers,
key,
cert,
store,
digest,
serializer,
app=self)
def create_app(config_filename='config.py', config_override={}):
"""Factory function for flask application.
Args:
config_filename:
path to python config file
config_override:
a dict with settings to use to override config from file;
useful for writing very specific tests.
"""
app = Flask(__name__)
#
# Configuration handling
#
if config_filename:
app.config.from_pyfile(config_filename)
for key, value in config_override.items():
app.config[key] = value
# ReCaptcha
recaptcha.init_app(app)
# Limiter
limiter.init_app(app)
# Scheduler
if app.config.get('SCHEDULER_ENABLED', True):
if scheduler.running:
scheduler.shutdown()
scheduler.init_app(app)
scheduler.start()
# Celery
celery.init_app(app)
from celery.security import setup_security
setup_security()
#
# Error logging
#
if not app.debug:
import logging
from logging.handlers import RotatingFileHandler
os.makedirs('logs', exist_ok=True)
file_handler = RotatingFileHandler('logs/app.log',
maxBytes=10 * 1024 * 1024,
backupCount=5)
file_handler.setLevel(logging.WARNING)
root_logger = logging.getLogger()
root_logger.addHandler(file_handler)
#
# Database creation
#
db.app = app
db.init_app(app)
db.create_all(bind='__all__')
mode = app.config.get('BDB_MODE', 'c')
bdb.open(app.config['BDB_DNA_TO_PROTEIN_PATH'], mode=mode)
bdb_refseq.open(app.config['BDB_GENE_TO_ISOFORM_PATH'], mode=mode)
if app.config['USE_LEVENSTHEIN_MYSQL_UDF']:
with app.app_context():
for bind_key in ['bio', 'cms']:
engine = get_engine(bind_key)
engine.execute("DROP FUNCTION IF EXISTS levenshtein_ratio")
engine.execute(
"CREATE FUNCTION levenshtein_ratio RETURNS REAL SONAME 'levenshtein.so'"
)
#
# Configure Login Manager
#
from models import User
from models import AnonymousUser
login_manager.anonymous_user = AnonymousUser
login_manager.user_loader(User.user_loader)
login_manager.init_app(app)
#
# Configure mail service
#
mail.init_app(app)
#
# Register assets
#
assets = Environment(app)
for name, bundle in bundles.items():
assets.register(name, bundle)
#
# Import views
#
# allow access to this app from views through module
import sys
sys.path.insert(0, '..')
with app.app_context():
from website.views import views
for view in views:
view.register(app)
#
# Register functions for Jinja
#
import jinja2
base_dir = os.path.dirname(os.path.realpath(__file__))
template_loader = jinja2.ChoiceLoader([
app.jinja_loader,
jinja2.FileSystemLoader(os.path.join(base_dir, 'static/js_templates')),
])
app.jinja_loader = template_loader
from website.views.cms import substitute_variables
from website.views.cms import thousand_separated_number
from website.views.cms import ContentManagementSystem
from jinja2_pluralize import pluralize
import json
# csrf adds hooks in before_request to validate token
app.before_request(csrf.csrf_protect)
app.jinja_env.trim_blocks = True
app.jinja_env.lstrip_blocks = True
jinja_globals = app.jinja_env.globals
jinja_filters = app.jinja_env.filters
app.dependency_manager = DependencyManager(app)
jinja_globals['dependency'] = app.dependency_manager.get_dependency
jinja_globals['system_menu'] = ContentManagementSystem._system_menu
jinja_globals['system_setting'] = ContentManagementSystem._system_setting
jinja_globals['inline_help'] = ContentManagementSystem._inline_help
jinja_globals['text_entry'] = ContentManagementSystem._text_entry
jinja_globals['t_sep'] = thousand_separated_number
jinja_globals['csrf_token'] = csrf.new_csrf_token
jinja_globals['is_debug_mode'] = app.debug
jinja_filters['json'] = json.dumps
jinja_filters['substitute_allowed_variables'] = substitute_variables
jinja_filters['pluralize'] = pluralize
return app
def test_setup_security__default_app(self, current_app):
setup_security()
def setup_security(self, allowed_serializers=None, key=None, cert=None,
store=None, digest='sha1', serializer='json'):
from celery.security import setup_security
return setup_security(allowed_serializers, key, cert,
store, digest, serializer, app=self)
def test_setup_security__default_app(self, current_app):
with pytest.raises(ImproperlyConfigured):
setup_security()
def test_setup_security__default_app(self, current_app):
setup_security()
def test_setup_security__default_app(self, current_app):
with pytest.raises(ImproperlyConfigured):
setup_security()