def patch(self: Controller):
"""
Set context.method
Set context.form
:return:
"""
# Preserve patches
patches = context.form
results = []
context.jsonpatch = True
try:
for patch in patches:
context.form = patch.get('value', {})
context.method = patch['op']
remaining_paths = patch['path'].split('/')
if remaining_paths and not remaining_paths[0]:
return_data = self()
else:
return_data = self(*remaining_paths)
results.append(return_data)
DBSession.flush()
DBSession.commit()
return '[%s]' % ',\n'.join(results)
except:
if DBSession.is_active:
DBSession.rollback()
raise
finally:
del context.jsonpatch
def post(self):
email = context.form.get('email')
password = context.form.get('password')
otp = context.form.get('otp', None)
principal = context.application.__authenticator__.login((email, password))
token = principal.dump().decode()
try:
# TODO: Add this feature for admins
if principal.is_in_roles('client'):
client = Client.query.filter(Client.email == email).one()
if client.has_second_factor is True:
if otp is None:
raise HttpBadRequest('Otp needed', 'bad-otp')
oath = Oath(seed=settings.membership.second_factor_seed, derivate_seed_from=client.email)
is_valid, _ = oath.verify_google_auth(otp)
if is_valid is False:
raise HttpBadRequest('Invalid otp', 'invalid-otp')
login_log = SecurityLog.generate_log(type='login')
DBSession.add(login_log)
DBSession.flush()
except Exception as e:
# FIXME: Fix the warning
context.application.__authenticator__.unregister_session(principal.session_id)
raise e
return dict(token=token)
def send(self, target_id):
mimetype = context.form.get('mimetype')
sender = Member.current()
message = Message(body=context.form.get('body'))
message.target_id = int(target_id)
message.sender_id = sender.id
if 'attachment' in context.form:
message.attachment = context.form.get('attachment')
message.mimetype = message.attachment.content_type
if message.attachment.content_type in BLACKLIST_MIME_TYPES:
raise HTTPUnsupportedMediaType()
elif mimetype:
if mimetype not in SUPPORTED_TEXT_MIME_TYPES:
raise HTTPUnsupportedMediaType()
message.mimetype = context.form.get('mimetype')
else:
message.mimetype = 'text/plain'
DBSession.add(message)
DBSession.flush()
queues.push(settings.messaging.workers_queue, message.to_dict())
webhook = Webhook()
webhook.sent_message(target_id, sender.reference_id)
return message
def subscribe(self):
member = Member.current()
query = DBSession.query(Room)
requested_rooms = Target.filter_by_request(query).all()
if len(requested_rooms) >= settings.room.subscription.max_length:
raise HTTPStatus(
f'716 Maximum {settings.room.subscription.max_length} Rooms '
f'To Subscribe At A Time')
requested_rooms_id = {i.id for i in requested_rooms}
subscribed_rooms = DBSession.query(TargetMember) \
.filter(TargetMember.member_id == member.id) \
.join(Target, Target.id == TargetMember.target_id) \
.filter(Target.type == 'room') \
.all()
subscribed_rooms_id = {i.target_id for i in subscribed_rooms}
not_subscribed_rooms_id = requested_rooms_id - subscribed_rooms_id
flush_counter = 0
for each_room_id in not_subscribed_rooms_id:
flush_counter += 1
target_member = TargetMember(target_id=each_room_id,
member_id=member.id)
DBSession.add(target_member)
if flush_counter % 10 == 0:
DBSession.flush()
not_subscribed_rooms = DBSession.query(Target) \
.filter(Target.id.in_(not_subscribed_rooms_id))
return not_subscribed_rooms
def append(self, listtitle, itemtitle):
me = self._get_current_user()
item = Item(
ownerid=context.identity.id,
list=listtitle,
title=itemtitle
)
me.items.append(item)
DBSession.flush()
return ''.join((str(item), CR))
def insert_departments(): # pragma: no cover
department1 = TicketDepartment()
department1.title = 'Test Department 1'
DBSession.add(department1)
department2 = TicketDepartment()
department2.title = 'Test Department 2'
DBSession.add(department2)
department3 = TicketDepartment()
department3.title = 'Test Department 3'
DBSession.add(department3)
DBSession.flush()
def obtain(self):
# FIXME: Validation and prevent form.
cas_server = CASClient()
access_token, member_id = cas_server \
.get_access_token(context.form.get('authorizationCode'))
member = cas_server.get_member(access_token)
user = DBSession.query(Member) \
.filter(Member.email == member['email']) \
.one_or_none()
if user is None:
user = Member(
email=member['email'],
title=member['title'],
first_name=member['firstName'],
last_name=member['lastName'],
access_token=access_token,
reference_id=member['id'],
avatar=member['avatar'],
)
if user.title != member['title']:
user.title = member['title']
if user.first_name != member['firstName']:
user.first_name = member['firstName']
if user.avatar != member['avatar']:
user.avatar = member['avatar']
if user.access_token != access_token:
user.access_token = access_token
if user.last_name != member['lastName']:
user.last_name = member['lastName']
DBSession.add(user)
DBSession.flush()
principal = user.create_jwt_principal()
context.response_headers.add_header('X-New-JWT-Token',
principal.dump().decode('utf-8'))
return dict(token=principal.dump().decode('utf-8'))
def create(self):
title = context.form.get('title')
department_id = context.form.get('departmentId')
message = context.form.get('message')
attachment = context.form.get('attachment', None)
client_id = context.form.get('clientId', None)
if TicketDepartment.query.filter(
TicketDepartment.id == department_id).count() == 0:
raise HttpBadRequest('Bad department_id')
ticket = Ticket()
ticket.member_id = context.identity.id if context.identity.is_in_roles(
'client') else client_id
ticket.department_id = department_id
ticket.title = title
ticket_message = TicketMessage()
ticket_message.ticket = ticket
ticket_message.member_id = context.identity.id
ticket_message.text = message
try:
ticket_message.attachment = attachment
except AspectRatioValidationError as ex:
raise HttpBadRequest(str(ex), reason='invalid-aspectratio')
except DimensionValidationError as ex:
raise HttpBadRequest(str(ex), reason='invalid-dimensions')
except (AnalyzeError, ContentTypeValidationError) as ex:
raise HttpBadRequest(str(ex), reason='invalid-type')
DBSession.add(ticket)
DBSession.add(ticket_message)
# FIXME: These are not good:
DBSession.flush()
result = ticket.to_dict()
result['firstMessage'] = ticket_message.to_dict()
return result
def edit(self, id):
id = int_or_notfound(id)
new_message_body = context.form.get('body')
message = DBSession.query(Message).get(id)
if message is None:
raise HTTPNotFound()
if message.is_deleted:
raise HTTPStatus('616 Message Already Deleted')
if message.sender_id != Member.current().id:
raise HTTPForbidden()
message.body = new_message_body
DBSession.add(message)
DBSession.flush()
queues.push(settings.messaging.workers_queue, message.to_dict())
return message
def patch(self: Controller):
"""
Set context.method
Set context.form
:return:
"""
# Preserve patches
patches = context.form
results = []
context.jsonpatch = True
try:
for patch in patches:
context.form = patch.get('value', {})
path, context.query = split_path(patch['path'])
context.method = patch['op'].lower()
context.request_content_length = \
len(context.form) if context.form else 0
remaining_paths = path.split('/')
if remaining_paths and not remaining_paths[0]:
return_data = self()
else:
return_data = self(*remaining_paths)
if isinstance(return_data, types.GeneratorType):
results.append('"%s"' % ''.join(list(return_data)))
else:
results.append(return_data)
DBSession.flush()
context.query = {}
DBSession.commit()
return '[%s]' % ',\n'.join(results)
except:
if DBSession.is_active:
DBSession.rollback()
raise
finally:
del context.jsonpatch
def reply(self, message_id):
id = int_or_notfound(message_id)
mimetype = context.form.get('mimetype')
requested_message = DBSession.query(Message).get(id)
if requested_message is None:
raise HTTPNotFound()
if requested_message.is_deleted:
raise HTTPStatus('616 Message Already Deleted')
message = Message(
body=context.form.get('body'),
target_id=requested_message.target_id,
sender_id=Member.current().id,
reply_to=requested_message,
)
if 'attachment' in context.form:
message.attachment = context.form.get('attachment')
message.mimetype = message.attachment.content_type
if message.attachment.content_type in BLACKLIST_MIME_TYPES:
raise HTTPUnsupportedMediaType()
elif mimetype:
if mimetype not in SUPPORTED_TEXT_MIME_TYPES:
raise HTTPUnsupportedMediaType()
message.mimetype = mimetype
else:
message.mimetype = 'text/plain'
DBSession.add(message)
DBSession.flush()
queues.push(settings.messaging.workers_queue, message.to_dict())
return message
def delete(self, id):
try:
id = int(id)
except:
raise HTTPStatus('707 Invalid MessageId')
message = DBSession.query(Message) \
.filter(Message.id == id) \
.one_or_none()
if message is None:
raise HTTPStatus('614 Message Not Found')
if message.is_deleted:
raise HTTPStatus('616 Message Already Deleted')
if not message.sender_id == Member.current().id:
raise HTTPForbidden()
message.body = 'This message is deleted'
message.mimetype = 'text/plain'
message.soft_delete()
DBSession.flush()
queues.push(settings.messaging.workers_queue, message.to_dict())
return message
def insert(): # pragma: no cover
# Currencies
tirr = Fiat(symbol='TIRR',
name='Iran Rial',
normalization_scale=-8,
smallest_unit_scale=0)
tbtc = Cryptocurrency(symbol='TBTC',
name='Bitcoin',
wallet_id="TBTC",
normalization_scale=0,
smallest_unit_scale=-8)
teth = Cryptocurrency(symbol='TETH',
name='Ethereum',
wallet_id="TETH",
normalization_scale=-1,
smallest_unit_scale=-18)
ttry = Fiat(symbol='TTRY',
name='Turkish Lita',
normalization_scale=-4,
smallest_unit_scale=-2)
# Markets
tirr_tbtc = Market(name='TIRR_TBTC',
base_currency=tbtc,
quote_currency=tirr)
tirr_teth = Market(name='TIRR_TETH',
base_currency=teth,
quote_currency=tirr)
tbtc_teth = Market(name='TBTC_TETH',
base_currency=teth,
quote_currency=tbtc)
ttry_tbtc = Market(name='TTRY_TBTC',
base_currency=tbtc,
quote_currency=ttry)
DBSession.add(tirr_tbtc)
DBSession.add(tirr_teth)
DBSession.add(tbtc_teth)
DBSession.add(ttry_tbtc)
# Territories
iran = Country(name='Iran', code='ir', phone_prefix=98)
tehran_state = State(name='Tehran', country=iran)
tehran_city = City(name='Tehran', state=tehran_state)
turkey = Country(name='Turkey', code='tr', phone_prefix=90)
ankara_state = State(name='Ankara', country=turkey)
istanbul_state = State(name='Istanbul', country=turkey)
istanbul_avrupa_city = City(name='Istanbul (Avrupa)', state=istanbul_state)
istanbul_asia_city = City(name='Istanbul (Asia)', state=istanbul_state)
ankara_city = City(name='Tehran', state=ankara_state)
DBSession.add(tehran_city)
DBSession.add(istanbul_avrupa_city)
DBSession.add(istanbul_asia_city)
DBSession.add(ankara_city)
DBSession.flush()
# Payment Gateways
shaparak = PaymentGateway()
shaparak.name = "tshaparak"
shaparak.fiat_symbol = "TIRR"
# shaparak.cashin_min = Decimal('10000'),
# shaparak.cashin_max = Decimal('0'),
# shaparak.cashin_static_commission = Decimal('0'),
# shaparak.cashin_commission_rate = '0.0',
# shaparak.cashin_max_commission = Decimal('0'),
DBSession.add(shaparak)
DBSession.flush()
# Members
admin1 = Admin()
admin1.email = '*****@*****.**'
admin1.password = '******'
admin1.is_active = True
DBSession.add(admin1)
client1 = Client()
client1.email = '*****@*****.**'
client1.password = '******'
client1.is_active = True
DBSession.add(client1)
DBSession.flush()
# Ticketing Departments
verification_department = TicketDepartment()
verification_department.title = 'Verification'
DBSession.add(verification_department)
financial_department = TicketDepartment()
financial_department.title = 'Financial'
DBSession.add(financial_department)
technical_department = TicketDepartment()
technical_department.title = 'Technical'
DBSession.add(technical_department)
general_department = TicketDepartment()
general_department.title = 'General'
DBSession.add(general_department)
DBSession.flush()
def create(self):
# TODO: Add some salt to prevent man in the middle (Extra field to send on creation and check on verification,
# Use description part)
amount = context.form.get('amount')
shetab_address_id = context.form.get('shetabAddressId')
# Check deposit range
payment_gateway = PaymentGateway.query.filter(
PaymentGateway.name == context.form.get(
'paymentGatewayName')).one_or_none()
amount = payment_gateway.fiat.input_to_normalized(amount)
# TODO: More strict check and review how we control payment gateways
if (payment_gateway is None) or (payment_gateway.fiat_symbol
not in ['IRR', 'TIRR']):
raise HttpBadRequest('Bad payment gateway')
Fiat.query.filter(Fiat.symbol == payment_gateway.fiat_symbol).one()
if (payment_gateway.cashin_max != Decimal(0) and amount > payment_gateway.cashin_max) \
or amount < payment_gateway.cashin_min:
raise HttpBadRequest('Amount is not between valid cashin range.')
# Check sheba
target_shetab = BankCard.query \
.filter(BankCard.id == shetab_address_id) \
.filter(BankCard.client_id == context.identity.id) \
.one_or_none()
if target_shetab is None:
raise HttpBadRequest('Shetab address not found.')
if target_shetab.is_verified is False:
raise HttpConflict('Shetab address is not verified.')
# Check commission
commission = payment_gateway.calculate_cashin_commission(amount)
if commission >= amount:
raise HttpConflict('Commission is more than the amount')
shaparak_in = Cashin()
shaparak_in.member_id = context.identity.id
shaparak_in.fiat_symbol = payment_gateway.fiat_symbol
shaparak_in.amount = amount
shaparak_in.commission = commission
shaparak_in.banking_id = target_shetab
shaparak_in.transaction_id = ''
shaparak_in.payment_gateway_name = payment_gateway.name
DBSession.add(shaparak_in)
DBSession.flush()
shaparak_provider = create_shaparak_provider()
try:
shaparak_in.transaction_id = shaparak_provider.create_transaction(
batch_id=shaparak_in.id, amount=amount)
except ShaparakError:
raise HttpBadRequest('Transaction could not be created')
return shaparak_in
def insert(): # pragma: no cover
insert_departments()
iran = Country(name='Iran', code='ir', phone_prefix=98)
tehran_state = State(name='Tehran', country=iran)
tehran_city = City(name='Tehran', state=tehran_state)
DBSession.add(tehran_city)
DBSession.flush()
# Members
admin1 = Admin()
admin1.email = '*****@*****.**'
admin1.password = '******'
admin1.is_active = True
DBSession.add(admin1)
client1 = Client()
client1.email = '*****@*****.**'
client1.password = '******'
client1.is_active = True
DBSession.add(client1)
client2 = Client()
client2.email = '*****@*****.**'
client2.password = '******'
client2.is_active = True
client2.is_email_verified = True
DBSession.add(client2)
client3 = Client()
client3.email = '*****@*****.**'
client3.password = '******'
client3.is_active = True
client3.is_email_verified = True
client3.is_evidence_verified = True
client3.evidence.first_name = 'FirstName3'
client3.evidence.last_name = 'LastName3'
client3.evidence.mobile_phone = '+111111111'
client3.evidence.fixed_phone = '+222222222'
client3.evidence.birthday = '2020-10-21'
client3.evidence.address = 'Address3 - address3 - address3'
client3.evidence.gender = 'male'
client3.evidence.city = tehran_city
client3.evidence.id_card = join(STUFF_DIR, 'test-image-1.jpg')
client3.evidence.id_card_secondary = join(STUFF_DIR, 'test-image-2.png')
DBSession.add(client3)
DBSession.flush()
# Markets
tirr = Fiat(
symbol='TIRR',
name='Iran Rial',
normalization_scale=-8,
smallest_unit_scale=0
)
tbtc = Cryptocurrency(
symbol='TBTC',
name='Bitcoin',
wallet_id="TBTC",
normalization_scale=0,
smallest_unit_scale=-8
)
teth = Cryptocurrency(
symbol='TETH',
name='Ethereum',
wallet_id='TETH',
normalization_scale=-1,
smallest_unit_scale=-18
)
tirr_tbtc = Market(name='TIRR_TBTC', base_currency=tbtc, quote_currency=tirr)
tirr_teth = Market(name='TIRR_TETH', base_currency=teth, quote_currency=tirr)
tbtc_teth = Market(name='TBTC_TETH', base_currency=teth, quote_currency=tbtc)
DBSession.add(tirr_tbtc)
DBSession.add(tirr_teth)
DBSession.add(tbtc_teth)
# Payment Gateways
shaparak = PaymentGateway()
shaparak.name = "tshaparak"
shaparak.fiat_symbol = "TIRR"
shaparak.cashin_min = 10000,
shaparak.cashin_max = 0,
shaparak.cashin_static_commission = 0,
shaparak.cashin_commission_rate = '0.0',
shaparak.cashin_max_commission = 0,
DBSession.add(shaparak)
DBSession.flush()
# Funds
# DBSession.add(Fund(client=client1, currency=btc, total_balance=0, blocked_balance=0))
# DBSession.add(Fund(client=client2, currency=btc, total_balance=34700000, blocked_balance=14660000))
# DBSession.add(Fund(client=client3, currency=btc, total_balance=10000000000, blocked_balance=0))
# DBSession.add(Fund(client=client1, currency=irr, total_balance=0, blocked_balance=0))
# DBSession.add(Fund(client=client2, currency=irr, total_balance=56000000, blocked_balance=158000))
# DBSession.add(Fund(client=client3, currency=irr, total_balance=9872000000, blocked_balance=150578))
DBSession.flush()
def mention(self):
form = context.form
mention = Mention()
mention.body = form.get('body')
origin_target = DBSession.query(Target) \
.filter(Target.id == form.get('originTargetId')) \
.one_or_none()
if origin_target is None:
raise HTTPTargetNotFound()
mention.origin_target_id = origin_target.id
if not (self.target or self.member):
raise HTTPNotFound()
if self.target:
mention.target_id = self.target.id
mention.sender_id = Member.current().id
DBSession.add(mention)
DBSession.flush()
queues.push(settings.messaging.workers_queue, mention.to_dict())
else:
mentioner = Member.current()
mentioned = self.member
if mentioner.id == mentioned.id:
raise HTTPStatus('620 Can Not Mention Yourself')
aliased_target = aliased(Target)
aliased_target_member1 = aliased(TargetMember)
aliased_target_member2 = aliased(TargetMember)
target_member = DBSession.query(aliased_target_member1) \
.join(
aliased_target_member2,
aliased_target_member2.target_id == \
aliased_target_member1.target_id
) \
.filter(aliased_target_member2.member_id == mentioner.id) \
.filter(aliased_target_member1.member_id == mentioned.id) \
.join(
aliased_target,
aliased_target.id == aliased_target_member1.target_id
) \
.filter(aliased_target.type == 'direct') \
.one_or_none()
mention.sender_id = mentioner.id
if target_member is None:
direct = Direct(members=[mentioner, mentioned])
DBSession.add(direct)
DBSession.flush()
mention.target_id = direct.id
else:
mention.target_id = target_member.target_id
DBSession.add(mention)
DBSession.flush()
mention_message = mention.to_dict()
mention_message.update({
'mentionedMember': mentioned.id,
'type': 'mention'
})
queues.push(settings.messaging.workers_queue, mention_message)
webhook = Webhook()
webhook.mentioned_member(mention.origin_target_id,
mentioned.reference_id)
return mention
