Ejemplo n.º 1
0
def get_boto_client(client,
                    region=None,
                    aws_access_key_id=None,
                    aws_secret_access_key=None,
                    aws_session_token=None,
                    config=None,
                    endpoint_url=None):
    """Get a boto3 client connection."""
    if config is None:
        config = {}
    cache_key = '{0}:{1}:{2}:{3}:{4}'.format(client, region, aws_access_key_id,
                                             config.get('name'), endpoint_url)
    if not aws_session_token:
        if cache_key in CLIENT_CACHE:
            return CLIENT_CACHE[cache_key]
    session = get_boto_session(region, aws_access_key_id,
                               aws_secret_access_key, aws_session_token)
    if not session:
        logger.error("Failed to get {0} client.".format(client))
        return None

    CLIENT_CACHE[cache_key] = session.client(client,
                                             config=config.get('config'),
                                             endpoint_url=endpoint_url)
    return CLIENT_CACHE[cache_key]
Ejemplo n.º 2
0
def handle_message(client, queue_url):
    try:
        response = client.receive_message(
            QueueUrl=queue_url,
            AttributeNames=['SentTimestamp'],
            MaxNumberOfMessages=1,
            MessageAttributeNames=['All'],
            VisibilityTimeout=60,
            WaitTimeSeconds=10
        )
        if 'Messages' in response:
            messages = response['Messages']
            message = messages[0]
            if 'type' not in message['MessageAttributes']:
                logger.error('SQS message does not have a type attribute.')
                return
            m_type = message['MessageAttributes']['type']['StringValue']
            logger.debug('Received SQS message of type {}'.format(m_type))
            if m_type == 'github_webhook':
                try:
                    handle_webhook(message)
                except Exception:
                    logger.exception(
                        'Failed to handle webhook SQS message'
                    )
                    return
            elif m_type == 'signature':
                try:
                    handle_signature(message)
                except Exception:
                    logger.exception(
                        'Failed to handle signature SQS message'
                    )
                    return
            else:
                logger.error(
                    '{} is an unsupported message type.'.format(m_type)
                )
            client.delete_message(
                QueueUrl=queue_url,
                ReceiptHandle=message['ReceiptHandle']
            )
        else:
            logger.debug('No messages, continuing')
            return
    except Exception:
        logger.exception('General error')
Ejemplo n.º 3
0
 def decorated(*args, **kwargs):
     try:
         email = get_logged_in_user_email()
         is_admin = False
         try:
             orgs = get_logged_in_user_orgs()
             for org in orgs:
                 if org.get('login') == app.config['ORGANIZATION']:
                     is_admin = True
         except OrgsNotFound:
             if not role_has_privilege('user', f.__name__):
                 raise AdminAccessNeeded()
             else:
                 pass
         if is_admin:
             role = 'admin'
         else:
             role = 'user'
         g.auth_role = role
     except (UserEmailNotFound, AdminAccessNeeded):
         logger.info('Attempting to log in a user using Github auth')
         response = make_response()
         if request.is_secure:
             secure_cookie = True
         else:
             secure_cookie = False
         if role_has_privilege('user', f.__name__):
             result = _authomatic.login(
                 WerkzeugAdapter(request, response),
                 'github',
                 session=session,
                 session_saver=lambda: app.save_session(session, response),
                 secure_cookie=secure_cookie
             )
             fetch_orgs = False
         else:
             # This function requires admin, we need to fetch the orgs,
             # which requires different scopes, use the admin login.
             result = _authomatic_admin.login(
                 WerkzeugAdapter(request, response),
                 'github',
                 session=session,
                 session_saver=lambda: app.save_session(session, response),
                 secure_cookie=secure_cookie
             )
             fetch_orgs = True
         if result:
             if result.error:
                 msg = 'Github auth failed with error: {0}'
                 logger.error(msg.format(result.error.message))
                 return abort(403)
             if result.user:
                 result.user.update()
                 user = result.user
                 session['github_oauth2'] = {}
                 session['github_oauth2']['name'] = user.name
                 session['github_oauth2']['username'] = user.username
                 g.auth_type = 'oauth'
                 email_addresses = _authomatic.access(
                     credentials=user.credentials,
                     url='https://api.github.com/user/emails'
                 ).data
                 session['github_oauth2']['email'] = email_addresses
                 if fetch_orgs:
                     organizations = _authomatic.access(
                         credentials=user.credentials,
                         url='https://api.github.com/user/orgs'
                     ).data
                     session['github_oauth2']['orgs'] = organizations
                 # TODO: find a way to save the angular args
                 # authomatic adds url params google auth has stripped the
                 # angular args anyway, so let's just redirect back to the
                 # index.
                 return redirect(url_for('index'))
         return response
     if role_has_privilege(role, f.__name__):
         return f(*args, **kwargs)
     else:
         msg = ('User with email {0}, role {1}, attempted to access'
                ' function {2} without correct privileges')
         logger.warning(msg.format(email, role, f.__name__))
         return abort(403)