def get_redirect_url(self, *args, **kwargs):
api = API(self.request.session.get('obp'))
try:
urlpath = '/management/consumers/{}'.format(kwargs['consumer_id'])
payload = {'enabled': self.enabled}
api.put(urlpath, payload)
messages.success(self.request, self.success)
except APIError as err:
messages.error(self.request, err)
urlpath = self.request.POST.get('next', reverse('consumers-index'))
query = self.request.GET.urlencode()
redirect_url = '{}?{}'.format(urlpath, query)
return redirect_url
def methodrouting_save(request):
method_name = request.POST.get('method_name')
connector_name = request.POST.get('connector_name')
bank_id_pattern = request.POST.get('bank_id_pattern')
is_bank_id_exact_match = request.POST.get('is_bank_id_exact_match')
parameters = request.POST.get('parameters')
method_routing_id = request.POST.get('method_routing_id')
parameters_Json_editor = request.POST.get('parameters_Json_editor')
payload = {
'method_name': method_name,
'connector_name': connector_name,
'is_bank_id_exact_match': (is_bank_id_exact_match == "True"),
'bank_id_pattern': bank_id_pattern,
'parameters': eval(parameters_Json_editor),
'method_routing_id': method_routing_id
}
api = API(request.session.get('obp'))
if ("" == method_routing_id
): # if method_routing_id=="". we will create a new method routing .
urlpath = '/management/method_routings'
result = api.post(urlpath, payload=payload)
else: # if method_routing_id not empty. we will update the current method routing ..
urlpath = '/management/method_routings/{}'.format(method_routing_id)
result = api.put(urlpath, payload=payload)
return result
def methodrouting_save(request):
method_name = request.POST.get('method_name')
connector_name = request.POST.get('connector_name')
bank_id_pattern = request.POST.get('bank_id_pattern')
is_bank_id_exact_match = request.POST.get('is_bank_id_exact_match')
parameters = request.POST.get('parameters')
method_routing_id = request.POST.get('method_routing_id')
parameters_Json_editor = request.POST.get('parameters_Json_editor')
#from sonarcloud: Dynamic code execution should not be vulnerable to injection attacks
exec("import json" % json.loads(parameters_Json_editor)
) # Compliant; module is safely cast to json object
payload = {
'method_name': method_name,
'connector_name': connector_name,
'is_bank_id_exact_match': (is_bank_id_exact_match == "True"),
'bank_id_pattern': bank_id_pattern,
'parameters': json.loads(parameters_Json_editor),
'method_routing_id': method_routing_id
}
api = API(request.session.get('obp'))
if ("" == method_routing_id
): # if method_routing_id=="". we will create a new method routing .
urlpath = '/management/method_routings'
result = api.post(urlpath, payload=payload)
else: # if method_routing_id not empty. we will update the current method routing ..
urlpath = '/management/method_routings/{}'.format(method_routing_id)
result = api.put(urlpath, payload=payload)
return result
def methodrouting_save(request):
method_name = request.POST.get('method_name')
connector_name = request.POST.get('connector_name')
bank_id_pattern = request.POST.get('bank_id_pattern')
is_bank_id_exact_match = request.POST.get('is_bank_id_exact_match')
parameters = request.POST.get('parameters')
method_routing_id = request.POST.get('method_routing_id')
payload = {
'method_name': method_name,
'connector_name': connector_name,
'is_bank_id_exact_match': (is_bank_id_exact_match == "True"),
'bank_id_pattern': bank_id_pattern,
'parameters': eval(parameters),
'method_routing_id': method_routing_id
}
api = API(request.session.get('obp'))
try:
if (
"" == method_routing_id
): # if method_routing_id=="". we will create a new method routing .
urlpath = '/management/method_routings'
result = api.post(urlpath, payload=payload)
else: # if method_routing_id not empty. we will update the current method routing ..
urlpath = '/management/method_routings/{}'.format(
method_routing_id)
result = api.put(urlpath, payload=payload)
except APIError as err:
error_once_only(
request,
APIError(
Exception(
"The OBP-API server is not running or does not respond properly."
"Please check OBP-API server. Details: " + str(err))))
except Exception as err:
error_once_only(request, "Unknown Error. Details: " + str(err))
if 'code' in result and result['code'] >= 400:
error_once_only(request, result['message'])
msg = 'Submission successfully!'
messages.success(request, msg)
return JsonResponse({'state': True})
def post(self, request, *args, **kwargs):
"""Deletes a user via API"""
api = API(self.request.session.get('obp'))
try:
if (request.POST.get("Delete")):
urlpath = '/users/{}'.format(kwargs['user_id'])
result = api.delete(urlpath)
if result is not None and 'code' in result and result[
'code'] >= 400:
messages.error(request, result['message'])
else:
msg = 'User with ID {} has been deleted.'.format(
kwargs['user_id'])
messages.success(request, msg)
else:
urlpath = '/users/{}/lock-status'.format(kwargs['username'])
result = api.put(urlpath, None)
if result is not None and 'code' in result and result[
'code'] >= 400:
messages.error(request, result['message'])
else:
msg = 'User {} has been unlocked.'.format(
kwargs['username'])
messages.success(request, msg)
except APIError as err:
messages.error(request, err)
except:
messages.error(self.request, 'Unknown Error')
# from sonarcloud: Change this code to not perform redirects based on user-controlled data.
redirect_url_from_gui = request.POST.get('next',
reverse('users-index'))
if "/users/all/user_id/" in str(redirect_url_from_gui):
redirect_url = reverse('users-detail',
kwargs={"user_id": kwargs['user_id']})
elif ("/users/myuser/user_id/" in str(redirect_url_from_gui)):
redirect_url = reverse('my-user-detail',
kwargs={"user_id": kwargs['user_id']})
else:
redirect_url = reverse('users-index')
return HttpResponseRedirect(redirect_url)
class DetailView(LoginRequiredMixin, FormView):
"""Detail view for a consumer"""
form_class = ApiConsumersForm
template_name = "consumers/detail.html"
def dispatch(self, request, *args, **kwargs):
self.api = API(request.session.get('obp'))
return super(DetailView, self).dispatch(request, *args, **kwargs)
def get_form(self, *args, **kwargs):
form = super(DetailView, self).get_form(*args, **kwargs)
form.fields['consumer_id'].initial = self.kwargs['consumer_id']
return form
def form_valid(self, form):
"""Put limits data to API"""
try:
data = ''
form = ApiConsumersForm(self.request.POST)
if form.is_valid():
data = form.cleaned_data
urlpath = '/management/consumers/{}/consumer/calls_limit'.format(data['consumer_id'])
payload = {
'per_minute_call_limit': data['per_minute_call_limit'],
'per_hour_call_limit': data['per_hour_call_limit'],
'per_day_call_limit': data['per_day_call_limit'],
'per_week_call_limit': data['per_week_call_limit'],
'per_month_call_limit': data['per_month_call_limit']
}
user = self.api.put(urlpath, payload=payload)
except APIError as err:
messages.error(self.request, err)
return super(DetailView, self).form_invalid(form)
except Exception as err:
messages.error(self.request, "{}".format(err))
return super(DetailView, self).form_invalid(form)
msg = 'calls limit of consumer {} has been updated successfully.'.format(
data['consumer_id'])
messages.success(self.request, msg)
self.success_url = self.request.path
return super(DetailView, self).form_valid(form)
def get_context_data(self, **kwargs):
context = super(DetailView, self).get_context_data(**kwargs)
api = API(self.request.session.get('obp'))
try:
urlpath = '/management/consumers/{}'.format(self.kwargs['consumer_id'])
consumer = api.get(urlpath)
consumer['created'] = datetime.strptime(
consumer['created'], settings.API_DATETIMEFORMAT)
call_limits_urlpath = '/management/consumers/{}/consumer/call-limits'.format(self.kwargs['consumer_id'])
consumer_call_limtis = api.get(call_limits_urlpath)
if 'code' in consumer_call_limtis and consumer_call_limtis['code'] > 400:
messages.error(self.request, "{}".format(consumer_call_limtis['message']))
else:
consumer['per_minute_call_limit'] = consumer_call_limtis['per_minute_call_limit']
consumer['per_hour_call_limit'] = consumer_call_limtis['per_hour_call_limit']
consumer['per_day_call_limit'] = consumer_call_limtis['per_day_call_limit']
consumer['per_week_call_limit'] = consumer_call_limtis['per_week_call_limit']
consumer['per_month_call_limit'] = consumer_call_limtis['per_month_call_limit']
except APIError as err:
messages.error(self.request, err)
except Exception as err:
messages.error(self.request, "{}".format(err))
finally:
context.update({
'consumer': consumer
})
return context
class UpdateAtmsView(LoginRequiredMixin, FormView):
template_name = "atms/update.html"
success_url = '/atms/'
form_class = CreateAtmForm
def dispatch(self, request, *args, **kwargs):
self.api = API(request.session.get('obp'))
return super(UpdateAtmsView, self).dispatch(request, *args, **kwargs)
def get_form(self, *args, **kwargs):
form = super(UpdateAtmsView, self).get_form(*args, **kwargs)
# Cannot add api in constructor: super complains about unknown kwarg
form.api = self.api
fields = form.fields
urlpath = "/banks/{}/atms/{}".format(self.kwargs['bank_id'],
self.kwargs['atm_id'])
try:
fields['bank_id'].choices = self.api.get_bank_id_choices()
except APIError as err:
messages.error(self.request, err)
except:
messages.error(self.request, "Unknown Error")
try:
result = self.api.get(urlpath)
fields['bank_id'].initial = self.kwargs['bank_id']
fields['atm_id'].initial = self.kwargs['atm_id']
fields['name'].initial = result['name']
fields['address'].initial = json.dumps(result['address'], indent=4)
fields['location_latitude'].initial = result['location'][
'latitude']
fields['location_longitude'].initial = result['location'][
'longitude']
fields['meta_license_id'].initial = result['meta']['license']['id']
fields['meta_license_name'].initial = result['meta']['license'][
'name']
fields['minimum_withdrawal'].initial = result['minimum_withdrawal']
fields['branch_identification'].initial = result[
'branch_identification']
if result['is_accessible'].lower() == 'true':
fields['is_accessible'].choices = [(True, True),
(False, False)]
else:
fields['is_accessible'].choices = [(False, False),
(True, True)]
if result['has_deposit_capability'].lower() == 'true':
fields['has_deposit_capability'].choices = [(True, True),
(False, False)]
else:
fields['has_deposit_capability'].choices = [(False, False),
(True, True)]
fields['has_deposit_capability'].initial = result[
'accessibility_features']
fields['site_identification'].initial = result[
'site_identification']
fields['site_name'].initial = result['site_name']
fields['cash_withdrawal_national_fee'].initial = result[
'cash_withdrawal_national_fee']
fields['cash_withdrawal_international_fee'].initial = result[
'cash_withdrawal_international_fee']
fields['balance_inquiry_fee'].initial = result[
'balance_inquiry_fee']
fields['services'].initial = result['services']
fields['located_at'].initial = result['located_at']
fields['more_info'].initial = result['more_info']
fields['located_at'].initial = result['located_at']
fields['lobby'].initial = json.dumps(result['lobby'], indent=4)
if result['supported_languages'].lower() == 'en':
fields['supported_languages'].choices = [("en", "en"),
("fr", "fr"),
("de", "de")]
elif result['supported_languages'].lower() == 'fr':
fields['supported_languages'].choices = [("fr", "fr"),
("en", "en"),
("de", "de")]
else:
fields['supported_languages'].choices = [("de", "de"),
("fr", "fr"),
("en", "en")]
fields['supported_languages'].initial = result[
'supported_languages']
if result['supported_currencies'].lower() == 'eur':
fields['supported_currencies'].choices = [("EUR", "EUR"),
("MXN", "MXN"),
("USD", "USD")]
elif result['supported_currencies'].lower() == 'mxn':
fields['supported_currencies'].choices = [("MXN", "MXN"),
("EUR", "EUR"),
("USD", "USD")]
else:
fields['supported_currencies'].choices = [("USD", "USD"),
("MXN", "MXN"),
("EUR", "EUR")]
fields['supported_currencies'].initial = result[
'supported_currencies']
if result['notes'].lower() == 'string1':
fields['notes'].choices = [("String1", "String1"),
("String2", "String2")]
else:
fields['notes'].choices = [("String2", "String2"),
("String1", "String1")]
fields['notes'].initial = result['notes']
if result['location_categories'].lower() == 'atbi':
fields['location_categories'].choices = [("ATBI", "ATBI"),
("ATBE", "ATBE")]
else:
fields['location_categories'].choices = [("ATBE", "ATBE"),
("ATBI", "ATBI")]
fields['location_categories'].initial = result[
'location_categories']
except APIError as err:
messages.error(self.request, err)
except Exception as err:
messages.error(self.request, "Unknown Error {}".format(err))
return form
def form_valid(self, form):
data = form.cleaned_data
urlpath = '/banks/{}/atms/{}'.format(data["bank_id"], data["atm_id"])
payload = {
#"id": data["atm_id"],
"bank_id":
data["bank_id"],
"name":
data["name"],
"address":
json.loads(data['address']),
"location": {
"latitude": float(data["location_latitude"]),
"longitude": float(data["location_longitude"])
},
"meta": {
"license": {
"id": data["meta_license_id"],
"name": data["meta_license_name"]
}
},
"has_deposit_capability":
data["has_deposit_capability"],
"accessibility_features":
data["accessibility_features"],
"minimum_withdrawal":
data["minimum_withdrawal"],
"branch_identification":
data["branch_identification"],
"site_identification":
data["site_identification"],
"site_name":
data["site_name"],
"cash_withdrawal_national_fee":
data["cash_withdrawal_national_fee"],
"cash_withdrawal_international_fee":
data["cash_withdrawal_international_fee"],
"balance_inquiry_fee":
data["balance_inquiry_fee"],
"services":
data["services"],
"more_info":
data["more_info"],
"located_at":
data["located_at"],
"phone_number":
data["phone_number"],
"supported_languages":
data["supported_languages"],
"supported_currencies":
data["supported_currencies"],
"notes":
data["notes"],
"location_categories":
data["location_categories"]
}
try:
result = self.api.put(urlpath, payload=payload)
if 'code' in result and result['code'] >= 400:
error_once_only(self.request, result['message'])
return super(UpdateAtmsView, self).form_invalid(form)
except APIError as err:
messages.error(self.request, err)
return super(UpdateAtmsView, self).form_invalid(form)
except:
messages.error(self.request, "Unknown Error")
return super(UpdateAtmsView, self).form_invalid(form)
msg = 'Atm {} for Bank {} has been created successfully!'.format( # noqa
data["atm_id"], data["bank_id"])
messages.success(self.request, msg)
return super(UpdateAtmsView, self).form_valid(form)
def get_context_data(self, **kwargs):
context = super(UpdateAtmsView, self).get_context_data(**kwargs)
self.bank_id = self.kwargs['bank_id']
self.atm_id = self.kwargs['atm_id']
context.update({'atm_id': self.atm_id, 'bank_id': self.bank_id})
return context
class UpdateBranchesView(LoginRequiredMixin, FormView):
template_name = "branches/update.html"
success_url = '/branches/'
form_class = CreateBranchForm
def dispatch(self, request, *args, **kwargs):
self.api = API(request.session.get('obp'))
return super(UpdateBranchesView,
self).dispatch(request, *args, **kwargs)
def get_form(self, *args, **kwargs):
form = super(UpdateBranchesView, self).get_form(*args, **kwargs)
# Cannot add api in constructor: super complains about unknown kwarg
form.api = self.api
fields = form.fields
urlpath = "/banks/{}/branches/{}".format(self.kwargs['bank_id'],
self.kwargs['branch_id'])
try:
fields['bank_id'].choices = self.api.get_bank_id_choices()
except APIError as err:
messages.error(self.request, err)
except:
messages.error(self.request, "Unknown Error")
try:
result = self.api.get(urlpath)
fields['bank_id'].initial = self.kwargs['bank_id']
fields['branch_id'].initial = self.kwargs['branch_id']
fields['name'].initial = result['name']
fields['address'].initial = json.dumps(result['address'], indent=4)
fields['location_latitude'].initial = result['location'][
'latitude']
fields['location_longitude'].initial = result['location'][
'longitude']
fields['meta_license_id'].initial = result['meta']['license']['id']
fields['meta_license_name'].initial = result['meta']['license'][
'name']
fields['branch_routing_scheme'].initial = result['branch_routing'][
'scheme']
fields['branch_routing_address'].initial = result[
'branch_routing']['address']
if result['is_accessible'].lower() == 'true':
fields['is_accessible'].choices = [(True, True),
(False, False)]
else:
fields['is_accessible'].choices = [(False, False),
(True, True)]
fields['accessibleFeatures'].initial = result['accessibleFeatures']
fields['branch_type'].initial = result['branch_type']
fields['more_info'].initial = result['more_info']
fields['phone_number'].initial = result['phone_number']
fields['lobby'].initial = json.dumps(result['lobby'], indent=4)
fields['drive_up'].initial = json.dumps(result['drive_up'],
indent=4)
except APIError as err:
messages.error(self.request, err)
except Exception as err:
messages.error(self.request, "Unknown Error {}".format(err))
return form
def form_valid(self, form):
data = form.cleaned_data
urlpath = '/banks/{}/branches/{}'.format(data["bank_id"],
data["branch_id"])
payload = {
#"id": data["branch_id"],
"bank_id": data["bank_id"],
"name": data["name"],
"address": json.loads(data['address']),
"location": {
"latitude": float(data["location_latitude"]),
"longitude": float(data["location_longitude"])
},
"meta": {
"license": {
"id": data["meta_license_id"],
"name": data["meta_license_name"]
}
},
"lobby": json.loads(data["lobby"]),
"drive_up": json.loads(data["drive_up"]),
"branch_routing": {
"scheme":
data["branch_routing_scheme"]
if data["branch_routing_scheme"] != "" else "license name",
"address":
data["branch_routing_address"]
if data["branch_routing_address"] != "" else "license name"
},
"is_accessible": data["is_accessible"],
"accessibleFeatures": data["accessibleFeatures"],
"branch_type": data["branch_type"],
"more_info": data["more_info"],
"phone_number": data["phone_number"]
}
try:
result = self.api.put(urlpath, payload=payload)
if 'code' in result and result['code'] >= 400:
error_once_only(self.request, result['message'])
return super(UpdateBranchesView, self).form_invalid(form)
except APIError as err:
messages.error(self.request, err)
return super(UpdateBranchesView, self).form_invalid(form)
except:
messages.error(self.request, "Unknown Error")
return super(UpdateBranchesView, self).form_invalid(form)
msg = 'Branch {} for Bank {} has been created successfully!'.format( # noqa
data["branch_id"], data["bank_id"])
messages.success(self.request, msg)
return super(UpdateBranchesView, self).form_valid(form)
def get_context_data(self, **kwargs):
context = super(UpdateBranchesView, self).get_context_data(**kwargs)
self.bank_id = self.kwargs['bank_id']
self.branch_id = self.kwargs['branch_id']
context.update({'branch_id': self.branch_id, 'bank_id': self.bank_id})
return context
