def setUp(self):
self.valid_user = User.objects.create(
email="*****@*****.**",
full_name="Test User",
given_name="Test",
cn="test2",
department="Dept. of Tests",
employee_id="TESTU12345",
raw_intranet_groups="test1;test2",
agreement=True)
self.valid_user.save()
self.valid_app = App.objects.create(user=self.valid_user,
name="Test App")
self.valid_app.save()
self.empty_scope = OAuthScope.objects.create(scope_number=0)
self.empty_scope.save()
s = Scopes()
scope_num = s.add_scope(0, 'timetable')
self.timetable_scope = OAuthScope.objects.create(
scope_number=scope_num)
self.timetable_scope.save()
self.valid_oauth_token = OAuthToken.objects.create(
app=self.valid_app, user=self.valid_user, scope=self.empty_scope)
self.valid_oauth_token.save()
def create_app(request):
if request.method != "POST":
response = PrettyJsonResponse({
"success": False,
"error": "Request is not of method POST"
})
response.status_code = 400
return response
try:
name = request.POST["name"]
user_id = request.session["user_id"]
except (KeyError, AttributeError):
response = PrettyJsonResponse({
"success":
False,
"message":
"Request does not have name or user."
})
response.status_code = 400
return response
user = get_user_by_id(user_id)
new_app = App(name=name, user=user)
new_app.save()
keen_add_event.delay("App created", {
"appid": new_app.id,
"name": new_app.name,
"userid": user.id
})
s = Scopes()
return PrettyJsonResponse({
"success": True,
"message": "App sucessfully created",
"app": {
"name": new_app.name,
"id": new_app.id,
"token": new_app.api_token,
"created": new_app.created,
"updated": new_app.last_updated,
"oauth": {
"client_id": new_app.client_id,
"client_secret": new_app.client_secret,
"callback_url": new_app.callback_url,
"scopes": s.get_all_scopes()
},
"webhook": {
"verification_secret": new_app.webhook.verification_secret,
}
}
})
def _check_oauth_token_issues(token_code, client_secret, required_scopes):
try:
token = OAuthToken.objects.get(token=token_code)
except OAuthToken.DoesNotExist:
response = JsonResponse({
"ok": False,
"error": "Token does not exist."
})
response.status_code = 400
return response
if token.app.client_secret != client_secret:
response = JsonResponse({
"ok": False,
"error": "Client secret incorrect."
})
response.status_code = 400
return response
if not token.active:
response = JsonResponse({
"ok":
False,
"error":
"The token is inactive as the user has revoked "
"your app's access to their data."
})
response.status_code = 400
return response
scopes = Scopes()
for s in required_scopes:
if not scopes.check_scope(token.scope.scope_number, s):
response = JsonResponse({
"ok":
False,
"error":
"The token provided does not have "
"permission to access this data."
})
response.status_code = 400
return response
# Return the token as there are no issues
return token
def update_scopes(request):
if request.method != "POST":
response = PrettyJsonResponse({
"success": False,
"error": "Request is not of method POST"
})
response.status_code = 400
return response
try:
app_id = request.POST["app_id"]
except KeyError:
response = PrettyJsonResponse({
"success":
False,
"message":
"Request does not have an app_id."
})
response.status_code = 400
return response
try:
user_id = request.session["user_id"]
except (KeyError, AttributeError):
response = PrettyJsonResponse({
"success":
False,
"message":
"User ID not set in session. Please log in again."
})
response.status_code = 400
return response
try:
scopes_json = request.POST["scopes"]
except KeyError:
response = PrettyJsonResponse({
"success": False,
"message": "No scopes data attached."
})
response.status_code = 400
return response
try:
scopes = json.loads(scopes_json)
except ValueError:
response = PrettyJsonResponse({
"success":
False,
"message":
"Invalid scope data that could not be parsed."
})
response.status_code = 400
return response
user = get_user_by_id(user_id)
apps = App.objects.filter(id=app_id, user=user)
if len(apps) == 0:
response = PrettyJsonResponse({
"success": False,
"message": "App does not exist."
})
response.status_code = 400
return response
else:
app = apps[0]
current = app.scope.scope_number
s = Scopes()
try:
for scope in scopes:
if "checked" in scope and scope["checked"]:
current = s.add_scope(current, scope["name"])
else:
current = s.remove_scope(current, scope["name"])
app.scope.scope_number = current
app.scope.save()
app.save()
except (KeyError, ValueError, TypeError):
response = PrettyJsonResponse({
"success":
False,
"message":
"Invalid scope data that could not be iterated."
})
response.status_code = 400
return response
keen_add_event.delay("App scopes changed", {
"appid": app_id,
"userid": user.id,
"scopes": scopes
})
return PrettyJsonResponse({
"success": True,
"message": "Scope successfully changed.",
})
def dashboard(request):
try:
user_id = request.session["user_id"]
except KeyError:
url = os.environ["SHIBBOLETH_ROOT"] + "/Login?target="
param = (request.build_absolute_uri(request.path) +
"user/login.callback")
param = quote(param)
url = url + param
return redirect(url)
user = User.objects.get(id=user_id)
if not user.agreement:
if request.method != "POST":
return render(request, "agreement.html",
{'fair_use': FAIR_USE_POLICY})
try:
agreement = strtobool(request.POST["agreement"])
except (KeyError, ValueError):
return render(
request, "agreement.html", {
'fair_use': FAIR_USE_POLICY,
"error": "You must agree to the fair use policy"
})
if agreement:
user.agreement = True
user.save()
else:
return render(
request, "agreement.html", {
'fair_use': FAIR_USE_POLICY,
"error": "You must agree to the fair use policy"
})
user_meta = {
"name": user.full_name,
"cn": user.cn,
"department": user.department,
"intranet_groups": user.raw_intranet_groups,
"apps": []
}
user_apps = App.objects.filter(user=user, deleted=False)
s = Scopes()
for app in user_apps:
user_meta["apps"].append({
"name": app.name,
"id": app.id,
"token": app.api_token,
"created": app.created,
"updated": app.last_updated,
"oauth": {
"client_id": app.client_id,
"client_secret": app.client_secret,
"callback_url": app.callback_url,
"scopes": s.scope_dict_all(app.scope.scope_number)
},
"webhook": {
"verification_secret": app.webhook.verification_secret,
"url": app.webhook.url,
"siteid": app.webhook.siteid,
"roomid": app.webhook.roomid,
"contact": app.webhook.contact
}
})
initial_data = json.dumps(user_meta, cls=DjangoJSONEncoder)
return render(request, 'dashboard.html', {'initial_data': initial_data})