def get_redirect_url(self, *args, **kwargs): api = API(self.request.session.get('obp')) try: urlpath = '/management/consumers/{}'.format(kwargs['consumer_id']) payload = {'enabled': self.enabled} api.put(urlpath, payload) messages.success(self.request, self.success) except APIError as err: messages.error(self.request, err) urlpath = self.request.POST.get('next', reverse('consumers-index')) query = self.request.GET.urlencode() redirect_url = '{}?{}'.format(urlpath, query) return redirect_url
def methodrouting_save(request): method_name = request.POST.get('method_name') connector_name = request.POST.get('connector_name') bank_id_pattern = request.POST.get('bank_id_pattern') is_bank_id_exact_match = request.POST.get('is_bank_id_exact_match') parameters = request.POST.get('parameters') method_routing_id = request.POST.get('method_routing_id') parameters_Json_editor = request.POST.get('parameters_Json_editor') payload = { 'method_name': method_name, 'connector_name': connector_name, 'is_bank_id_exact_match': (is_bank_id_exact_match == "True"), 'bank_id_pattern': bank_id_pattern, 'parameters': eval(parameters_Json_editor), 'method_routing_id': method_routing_id } api = API(request.session.get('obp')) if ("" == method_routing_id ): # if method_routing_id=="". we will create a new method routing . urlpath = '/management/method_routings' result = api.post(urlpath, payload=payload) else: # if method_routing_id not empty. we will update the current method routing .. urlpath = '/management/method_routings/{}'.format(method_routing_id) result = api.put(urlpath, payload=payload) return result
def methodrouting_save(request): method_name = request.POST.get('method_name') connector_name = request.POST.get('connector_name') bank_id_pattern = request.POST.get('bank_id_pattern') is_bank_id_exact_match = request.POST.get('is_bank_id_exact_match') parameters = request.POST.get('parameters') method_routing_id = request.POST.get('method_routing_id') parameters_Json_editor = request.POST.get('parameters_Json_editor') #from sonarcloud: Dynamic code execution should not be vulnerable to injection attacks exec("import json" % json.loads(parameters_Json_editor) ) # Compliant; module is safely cast to json object payload = { 'method_name': method_name, 'connector_name': connector_name, 'is_bank_id_exact_match': (is_bank_id_exact_match == "True"), 'bank_id_pattern': bank_id_pattern, 'parameters': json.loads(parameters_Json_editor), 'method_routing_id': method_routing_id } api = API(request.session.get('obp')) if ("" == method_routing_id ): # if method_routing_id=="". we will create a new method routing . urlpath = '/management/method_routings' result = api.post(urlpath, payload=payload) else: # if method_routing_id not empty. we will update the current method routing .. urlpath = '/management/method_routings/{}'.format(method_routing_id) result = api.put(urlpath, payload=payload) return result
def methodrouting_save(request): method_name = request.POST.get('method_name') connector_name = request.POST.get('connector_name') bank_id_pattern = request.POST.get('bank_id_pattern') is_bank_id_exact_match = request.POST.get('is_bank_id_exact_match') parameters = request.POST.get('parameters') method_routing_id = request.POST.get('method_routing_id') payload = { 'method_name': method_name, 'connector_name': connector_name, 'is_bank_id_exact_match': (is_bank_id_exact_match == "True"), 'bank_id_pattern': bank_id_pattern, 'parameters': eval(parameters), 'method_routing_id': method_routing_id } api = API(request.session.get('obp')) try: if ( "" == method_routing_id ): # if method_routing_id=="". we will create a new method routing . urlpath = '/management/method_routings' result = api.post(urlpath, payload=payload) else: # if method_routing_id not empty. we will update the current method routing .. urlpath = '/management/method_routings/{}'.format( method_routing_id) result = api.put(urlpath, payload=payload) except APIError as err: error_once_only( request, APIError( Exception( "The OBP-API server is not running or does not respond properly." "Please check OBP-API server. Details: " + str(err)))) except Exception as err: error_once_only(request, "Unknown Error. Details: " + str(err)) if 'code' in result and result['code'] >= 400: error_once_only(request, result['message']) msg = 'Submission successfully!' messages.success(request, msg) return JsonResponse({'state': True})
def post(self, request, *args, **kwargs): """Deletes a user via API""" api = API(self.request.session.get('obp')) try: if (request.POST.get("Delete")): urlpath = '/users/{}'.format(kwargs['user_id']) result = api.delete(urlpath) if result is not None and 'code' in result and result[ 'code'] >= 400: messages.error(request, result['message']) else: msg = 'User with ID {} has been deleted.'.format( kwargs['user_id']) messages.success(request, msg) else: urlpath = '/users/{}/lock-status'.format(kwargs['username']) result = api.put(urlpath, None) if result is not None and 'code' in result and result[ 'code'] >= 400: messages.error(request, result['message']) else: msg = 'User {} has been unlocked.'.format( kwargs['username']) messages.success(request, msg) except APIError as err: messages.error(request, err) except: messages.error(self.request, 'Unknown Error') # from sonarcloud: Change this code to not perform redirects based on user-controlled data. redirect_url_from_gui = request.POST.get('next', reverse('users-index')) if "/users/all/user_id/" in str(redirect_url_from_gui): redirect_url = reverse('users-detail', kwargs={"user_id": kwargs['user_id']}) elif ("/users/myuser/user_id/" in str(redirect_url_from_gui)): redirect_url = reverse('my-user-detail', kwargs={"user_id": kwargs['user_id']}) else: redirect_url = reverse('users-index') return HttpResponseRedirect(redirect_url)
class DetailView(LoginRequiredMixin, FormView): """Detail view for a consumer""" form_class = ApiConsumersForm template_name = "consumers/detail.html" def dispatch(self, request, *args, **kwargs): self.api = API(request.session.get('obp')) return super(DetailView, self).dispatch(request, *args, **kwargs) def get_form(self, *args, **kwargs): form = super(DetailView, self).get_form(*args, **kwargs) form.fields['consumer_id'].initial = self.kwargs['consumer_id'] return form def form_valid(self, form): """Put limits data to API""" try: data = '' form = ApiConsumersForm(self.request.POST) if form.is_valid(): data = form.cleaned_data urlpath = '/management/consumers/{}/consumer/calls_limit'.format(data['consumer_id']) payload = { 'per_minute_call_limit': data['per_minute_call_limit'], 'per_hour_call_limit': data['per_hour_call_limit'], 'per_day_call_limit': data['per_day_call_limit'], 'per_week_call_limit': data['per_week_call_limit'], 'per_month_call_limit': data['per_month_call_limit'] } user = self.api.put(urlpath, payload=payload) except APIError as err: messages.error(self.request, err) return super(DetailView, self).form_invalid(form) except Exception as err: messages.error(self.request, "{}".format(err)) return super(DetailView, self).form_invalid(form) msg = 'calls limit of consumer {} has been updated successfully.'.format( data['consumer_id']) messages.success(self.request, msg) self.success_url = self.request.path return super(DetailView, self).form_valid(form) def get_context_data(self, **kwargs): context = super(DetailView, self).get_context_data(**kwargs) api = API(self.request.session.get('obp')) try: urlpath = '/management/consumers/{}'.format(self.kwargs['consumer_id']) consumer = api.get(urlpath) consumer['created'] = datetime.strptime( consumer['created'], settings.API_DATETIMEFORMAT) call_limits_urlpath = '/management/consumers/{}/consumer/call-limits'.format(self.kwargs['consumer_id']) consumer_call_limtis = api.get(call_limits_urlpath) if 'code' in consumer_call_limtis and consumer_call_limtis['code'] > 400: messages.error(self.request, "{}".format(consumer_call_limtis['message'])) else: consumer['per_minute_call_limit'] = consumer_call_limtis['per_minute_call_limit'] consumer['per_hour_call_limit'] = consumer_call_limtis['per_hour_call_limit'] consumer['per_day_call_limit'] = consumer_call_limtis['per_day_call_limit'] consumer['per_week_call_limit'] = consumer_call_limtis['per_week_call_limit'] consumer['per_month_call_limit'] = consumer_call_limtis['per_month_call_limit'] except APIError as err: messages.error(self.request, err) except Exception as err: messages.error(self.request, "{}".format(err)) finally: context.update({ 'consumer': consumer }) return context
class UpdateAtmsView(LoginRequiredMixin, FormView): template_name = "atms/update.html" success_url = '/atms/' form_class = CreateAtmForm def dispatch(self, request, *args, **kwargs): self.api = API(request.session.get('obp')) return super(UpdateAtmsView, self).dispatch(request, *args, **kwargs) def get_form(self, *args, **kwargs): form = super(UpdateAtmsView, self).get_form(*args, **kwargs) # Cannot add api in constructor: super complains about unknown kwarg form.api = self.api fields = form.fields urlpath = "/banks/{}/atms/{}".format(self.kwargs['bank_id'], self.kwargs['atm_id']) try: fields['bank_id'].choices = self.api.get_bank_id_choices() except APIError as err: messages.error(self.request, err) except: messages.error(self.request, "Unknown Error") try: result = self.api.get(urlpath) fields['bank_id'].initial = self.kwargs['bank_id'] fields['atm_id'].initial = self.kwargs['atm_id'] fields['name'].initial = result['name'] fields['address'].initial = json.dumps(result['address'], indent=4) fields['location_latitude'].initial = result['location'][ 'latitude'] fields['location_longitude'].initial = result['location'][ 'longitude'] fields['meta_license_id'].initial = result['meta']['license']['id'] fields['meta_license_name'].initial = result['meta']['license'][ 'name'] fields['minimum_withdrawal'].initial = result['minimum_withdrawal'] fields['branch_identification'].initial = result[ 'branch_identification'] if result['is_accessible'].lower() == 'true': fields['is_accessible'].choices = [(True, True), (False, False)] else: fields['is_accessible'].choices = [(False, False), (True, True)] if result['has_deposit_capability'].lower() == 'true': fields['has_deposit_capability'].choices = [(True, True), (False, False)] else: fields['has_deposit_capability'].choices = [(False, False), (True, True)] fields['has_deposit_capability'].initial = result[ 'accessibility_features'] fields['site_identification'].initial = result[ 'site_identification'] fields['site_name'].initial = result['site_name'] fields['cash_withdrawal_national_fee'].initial = result[ 'cash_withdrawal_national_fee'] fields['cash_withdrawal_international_fee'].initial = result[ 'cash_withdrawal_international_fee'] fields['balance_inquiry_fee'].initial = result[ 'balance_inquiry_fee'] fields['services'].initial = result['services'] fields['located_at'].initial = result['located_at'] fields['more_info'].initial = result['more_info'] fields['located_at'].initial = result['located_at'] fields['lobby'].initial = json.dumps(result['lobby'], indent=4) if result['supported_languages'].lower() == 'en': fields['supported_languages'].choices = [("en", "en"), ("fr", "fr"), ("de", "de")] elif result['supported_languages'].lower() == 'fr': fields['supported_languages'].choices = [("fr", "fr"), ("en", "en"), ("de", "de")] else: fields['supported_languages'].choices = [("de", "de"), ("fr", "fr"), ("en", "en")] fields['supported_languages'].initial = result[ 'supported_languages'] if result['supported_currencies'].lower() == 'eur': fields['supported_currencies'].choices = [("EUR", "EUR"), ("MXN", "MXN"), ("USD", "USD")] elif result['supported_currencies'].lower() == 'mxn': fields['supported_currencies'].choices = [("MXN", "MXN"), ("EUR", "EUR"), ("USD", "USD")] else: fields['supported_currencies'].choices = [("USD", "USD"), ("MXN", "MXN"), ("EUR", "EUR")] fields['supported_currencies'].initial = result[ 'supported_currencies'] if result['notes'].lower() == 'string1': fields['notes'].choices = [("String1", "String1"), ("String2", "String2")] else: fields['notes'].choices = [("String2", "String2"), ("String1", "String1")] fields['notes'].initial = result['notes'] if result['location_categories'].lower() == 'atbi': fields['location_categories'].choices = [("ATBI", "ATBI"), ("ATBE", "ATBE")] else: fields['location_categories'].choices = [("ATBE", "ATBE"), ("ATBI", "ATBI")] fields['location_categories'].initial = result[ 'location_categories'] except APIError as err: messages.error(self.request, err) except Exception as err: messages.error(self.request, "Unknown Error {}".format(err)) return form def form_valid(self, form): data = form.cleaned_data urlpath = '/banks/{}/atms/{}'.format(data["bank_id"], data["atm_id"]) payload = { #"id": data["atm_id"], "bank_id": data["bank_id"], "name": data["name"], "address": json.loads(data['address']), "location": { "latitude": float(data["location_latitude"]), "longitude": float(data["location_longitude"]) }, "meta": { "license": { "id": data["meta_license_id"], "name": data["meta_license_name"] } }, "has_deposit_capability": data["has_deposit_capability"], "accessibility_features": data["accessibility_features"], "minimum_withdrawal": data["minimum_withdrawal"], "branch_identification": data["branch_identification"], "site_identification": data["site_identification"], "site_name": data["site_name"], "cash_withdrawal_national_fee": data["cash_withdrawal_national_fee"], "cash_withdrawal_international_fee": data["cash_withdrawal_international_fee"], "balance_inquiry_fee": data["balance_inquiry_fee"], "services": data["services"], "more_info": data["more_info"], "located_at": data["located_at"], "phone_number": data["phone_number"], "supported_languages": data["supported_languages"], "supported_currencies": data["supported_currencies"], "notes": data["notes"], "location_categories": data["location_categories"] } try: result = self.api.put(urlpath, payload=payload) if 'code' in result and result['code'] >= 400: error_once_only(self.request, result['message']) return super(UpdateAtmsView, self).form_invalid(form) except APIError as err: messages.error(self.request, err) return super(UpdateAtmsView, self).form_invalid(form) except: messages.error(self.request, "Unknown Error") return super(UpdateAtmsView, self).form_invalid(form) msg = 'Atm {} for Bank {} has been created successfully!'.format( # noqa data["atm_id"], data["bank_id"]) messages.success(self.request, msg) return super(UpdateAtmsView, self).form_valid(form) def get_context_data(self, **kwargs): context = super(UpdateAtmsView, self).get_context_data(**kwargs) self.bank_id = self.kwargs['bank_id'] self.atm_id = self.kwargs['atm_id'] context.update({'atm_id': self.atm_id, 'bank_id': self.bank_id}) return context
class UpdateBranchesView(LoginRequiredMixin, FormView): template_name = "branches/update.html" success_url = '/branches/' form_class = CreateBranchForm def dispatch(self, request, *args, **kwargs): self.api = API(request.session.get('obp')) return super(UpdateBranchesView, self).dispatch(request, *args, **kwargs) def get_form(self, *args, **kwargs): form = super(UpdateBranchesView, self).get_form(*args, **kwargs) # Cannot add api in constructor: super complains about unknown kwarg form.api = self.api fields = form.fields urlpath = "/banks/{}/branches/{}".format(self.kwargs['bank_id'], self.kwargs['branch_id']) try: fields['bank_id'].choices = self.api.get_bank_id_choices() except APIError as err: messages.error(self.request, err) except: messages.error(self.request, "Unknown Error") try: result = self.api.get(urlpath) fields['bank_id'].initial = self.kwargs['bank_id'] fields['branch_id'].initial = self.kwargs['branch_id'] fields['name'].initial = result['name'] fields['address'].initial = json.dumps(result['address'], indent=4) fields['location_latitude'].initial = result['location'][ 'latitude'] fields['location_longitude'].initial = result['location'][ 'longitude'] fields['meta_license_id'].initial = result['meta']['license']['id'] fields['meta_license_name'].initial = result['meta']['license'][ 'name'] fields['branch_routing_scheme'].initial = result['branch_routing'][ 'scheme'] fields['branch_routing_address'].initial = result[ 'branch_routing']['address'] if result['is_accessible'].lower() == 'true': fields['is_accessible'].choices = [(True, True), (False, False)] else: fields['is_accessible'].choices = [(False, False), (True, True)] fields['accessibleFeatures'].initial = result['accessibleFeatures'] fields['branch_type'].initial = result['branch_type'] fields['more_info'].initial = result['more_info'] fields['phone_number'].initial = result['phone_number'] fields['lobby'].initial = json.dumps(result['lobby'], indent=4) fields['drive_up'].initial = json.dumps(result['drive_up'], indent=4) except APIError as err: messages.error(self.request, err) except Exception as err: messages.error(self.request, "Unknown Error {}".format(err)) return form def form_valid(self, form): data = form.cleaned_data urlpath = '/banks/{}/branches/{}'.format(data["bank_id"], data["branch_id"]) payload = { #"id": data["branch_id"], "bank_id": data["bank_id"], "name": data["name"], "address": json.loads(data['address']), "location": { "latitude": float(data["location_latitude"]), "longitude": float(data["location_longitude"]) }, "meta": { "license": { "id": data["meta_license_id"], "name": data["meta_license_name"] } }, "lobby": json.loads(data["lobby"]), "drive_up": json.loads(data["drive_up"]), "branch_routing": { "scheme": data["branch_routing_scheme"] if data["branch_routing_scheme"] != "" else "license name", "address": data["branch_routing_address"] if data["branch_routing_address"] != "" else "license name" }, "is_accessible": data["is_accessible"], "accessibleFeatures": data["accessibleFeatures"], "branch_type": data["branch_type"], "more_info": data["more_info"], "phone_number": data["phone_number"] } try: result = self.api.put(urlpath, payload=payload) if 'code' in result and result['code'] >= 400: error_once_only(self.request, result['message']) return super(UpdateBranchesView, self).form_invalid(form) except APIError as err: messages.error(self.request, err) return super(UpdateBranchesView, self).form_invalid(form) except: messages.error(self.request, "Unknown Error") return super(UpdateBranchesView, self).form_invalid(form) msg = 'Branch {} for Bank {} has been created successfully!'.format( # noqa data["branch_id"], data["bank_id"]) messages.success(self.request, msg) return super(UpdateBranchesView, self).form_valid(form) def get_context_data(self, **kwargs): context = super(UpdateBranchesView, self).get_context_data(**kwargs) self.bank_id = self.kwargs['bank_id'] self.branch_id = self.kwargs['branch_id'] context.update({'branch_id': self.branch_id, 'bank_id': self.bank_id}) return context