def test_get_from_memcache(self):
     dbconfig['sticky'] = 'stuck'
     self.assertEqual(dbconfig['sticky'], 'stuck')
     for c in Config.all():
         c.delete()
     # should be in memcache:
     self.assertEqual(dbconfig['sticky'], 'stuck')
Ejemplo n.º 2
0
 def wrapped(*args, **kwargs):
     if Config.get_value('CSRF_PROTECT'):
         # only apply CSRF protection to POSTs
         if request.method == 'POST':
             csrf_token = session.pop('csrf_token', None)
             untrusted_token = request.values.get('csrf_token')
             if not csrf_token or untrusted_token != csrf_token:
                 flash('CSRF detected!')
                 return redirect(request.referrer)
     return func(*args, **kwargs)
Ejemplo n.º 3
0
def parse_jwt():
    request.jwt = {}
    token = request.cookies.get('access_token')
    if Config.get_value('BEARER_AUTH_ENABLE'):
        token = get_bearer_token(request.headers)
    try:
        payload = jwt.decode(token, current_app.config['SECRET_KEY'])
    except:
        return
    request.jwt = payload
Ejemplo n.º 4
0
def config():
    # simulate the latency of an external API request
    import time
    time.sleep(0.25)
    # hide the existence of this route if not an admin
    if not g.user or ROLES[g.user.role] != ROLES[0]:
        return abort(404)
    if request.method == 'POST':
        Config.get_by_name('CSRF_PROTECT').value = request.form.get(
            'csrf_protect') == 'on' or False
        Config.get_by_name('BEARER_AUTH_ENABLE').value = request.form.get(
            'bearer_enable') == 'on' or False
        Config.get_by_name('CORS_RESTRICT').value = request.form.get(
            'cors_restrict') == 'on' or False
        Config.get_by_name('OIDC_ENABLE').value = request.form.get(
            'oidc_enable') == 'on' or False
        db.session.commit()
        flash('Configuration updated')
    return render_template('config.html')
Ejemplo n.º 5
0
    def test_warmup(self):
        dbconfig = DBConfig()
        dbconfig['foo'] = 'bar'
        assert memcache.flush_all()

        r = self.client.get('/_ah/warmup')
        self.assertEquals(r.status_code, 200)
        self.assertTasksInQueue(1, url='/api/current_playlist')
        for c in Config.all():
            c.delete()
        self.assertEqual(dbconfig['foo'], 'bar')
Ejemplo n.º 6
0
    def test_warmup(self):
        dbconfig = DBConfig()
        dbconfig['foo'] = 'bar'
        assert memcache.flush_all()

        r = self.client.get('/_ah/warmup')
        self.assertEquals(r.status_code, 200)
        self.assertTasksInQueue(1, url='/api/current_playlist')
        for c in Config.all():
            c.delete()
        self.assertEqual(dbconfig['foo'], 'bar')
Ejemplo n.º 7
0
 def test_load_dbconfig_into_memcache(self):
     dbconfig['one'] = '1'
     dbconfig['two'] = '2'
     dbconfig['three'] = 'three'
     assert memcache.flush_all()
     load_dbconfig_into_memcache()
     for c in Config.all():
         c.delete()
     # should be in memcache:
     self.assertEqual(dbconfig['one'], '1')
     self.assertEqual(dbconfig['two'], '2')
     self.assertEqual(dbconfig['three'], 'three')
 def test_load_dbconfig_into_memcache(self):
     dbconfig['one'] = '1'
     dbconfig['two'] = '2'
     dbconfig['three'] = 'three'
     assert memcache.flush_all()
     load_dbconfig_into_memcache()
     for c in Config.all():
         c.delete()
     # should be in memcache:
     self.assertEqual(dbconfig['one'], '1')
     self.assertEqual(dbconfig['two'], '2')
     self.assertEqual(dbconfig['three'], 'three')
Ejemplo n.º 9
0
 def wrapped(*args, **kwargs):
     if not Config.get_value('BEARER_AUTH_ENABLE'):
         # no Bearer token means cookies (default) are used and CSRF is an issue
         csrf_token = request.headers.get(current_app.config['CSRF_TOKEN_NAME'])
         try:
             untrusted_csrf_obj = jsonpickle.decode(base64.b64decode(csrf_token))
             untrusted_csrf_obj.sign(current_app.config['SECRET_KEY'])
             trusted_csrf_obj = CsrfToken(g.user.id, untrusted_csrf_obj.ts)
             trusted_csrf_obj.sign(current_app.config['SECRET_KEY'])
         except:
             untrusted_csrf_obj = None
         if not untrusted_csrf_obj or trusted_csrf_obj.sig != untrusted_csrf_obj.sig:
             abort(400, 'CSRF detected.')
     return func(*args, **kwargs)
Ejemplo n.º 10
0
def _init_config(request):
    q = Config.all()
    if q.count(1) == 0:
        c = Config()
        c.varname = "dummy"
        c.value = "you can safely delete this after creating new var/vals"
        c.put()
        return HttpResponse("""Config initialized. You can now add new values 
            in the <a href="/_ah/admin">Datastore admin</a>.""")
    else:
        return HttpResponse("""Config does not need initialization. You can
            edit the config in the <a href="/_ah/admin">Datastore admin</a>."""
                            )
Ejemplo n.º 11
0
def _init_config(request):
    q = Config.all()
    if q.count(1) == 0:
        c = Config()
        c.varname = "dummy"
        c.value = "you can safely delete this after creating new var/vals"
        c.put()
        return HttpResponse(
            """Config initialized. You can now add new values 
            in the <a href="/_ah/admin">Datastore admin</a>."""
        )
    else:
        return HttpResponse(
            """Config does not need initialization. You can
            edit the config in the <a href="/_ah/admin">Datastore admin</a>."""
        )
Ejemplo n.º 12
0
def settings(request):
    if request.method == "GET":
        context = {
            'path1': '全局设置',
            'path2': '编辑',
            'config': SysConfig().sys_config
        }
        return render(request, 'common/settings.html', context)
    else:
        if not request.user.has_perm('auth.perm_common_settings_edit'):
            return JsonResponse({'code': 1, 'errmsg': '权限不足,无法修改!'})
        configs = request.POST.get('configs', None)
        try:
            if configs is None or len(json.loads(configs)) == 0:
                return JsonResponse({'code': 1, 'errmsg': '提交内容为空!'})
            with transaction.atomic():
                Config.objects.all().delete()
                Config.objects.bulk_create(
                    [Config(item=items['key'], value=items['value']) for items in json.loads(configs)])
        except Exception as e:
            return JsonResponse({'code': 1, 'errmsg': str(e)})
        return JsonResponse({'code': 0, 'result': '保存成功!'})
Ejemplo n.º 13
0
 def post(self):
     '''Returns a JWT for the user that owns the provided credentials.'''
     id_token = request.json.get('id_token')
     username = request.json.get('username')
     password = request.json.get('password')
     user = None
     if id_token:
         payload = get_unverified_jwt_payload(id_token)
         user = User.get_by_email(payload['email'])
     elif username and password:
         user = User.get_by_username(username)
         if user and not user.check_password(password):
             user = None
     if user and user.is_enabled:
         data = {'user': user.serialize()}
         # build other claims
         claims = {}
         path = os.path.join(current_app.config['UPLOAD_FOLDER'],
                             md5(str(user.id).encode()).hexdigest())
         if not os.path.exists(path):
             os.makedirs(path)
         claims['upload_folder'] = path
         # create a JWT
         token = encode_jwt(user.id, claims=claims)
         # send the JWT as a Bearer token when the feature is enabled
         if Config.get_value('BEARER_AUTH_ENABLE'):
             data['token'] = token
             # remove any existing access token cookie
             return data, 200, {
                 'Set-Cookie':
                 'access_token=; Expires=Thu, 01-Jan-1970 00:00:00 GMT'
             }
         # set the JWT as a HttpOnly cookie by default
         return data, 200, {
             'Set-Cookie': 'access_token=' + token + '; HttpOnly'
         }
     return {'message': 'Invalid username or password.'}
Ejemplo n.º 14
0
 def config_cors(response):
     if Config.get_value('CORS_RESTRICT'):
         # apply the CORS whitelist from the config
         if not is_allowed_origin(response):
             response = remove_cors_headers(response)
     return response
Ejemplo n.º 15
0
 def setUp(self):
     assert memcache.flush_all()
     for c in Config.all():
         c.delete()
Ejemplo n.º 16
0
 def setUp(self):
     assert memcache.flush_all()
     for c in Config.all():
         c.delete()