class TestFileStore(unittest.TestCase, SimpleUrlKVTest):
def setUp(self):
self.tmpdir = tempfile.mkdtemp()
self.store = FilesystemStore(self.tmpdir)
def tearDown(self):
shutil.rmtree(self.tmpdir)
@unittest.skipUnless(os.name == 'posix', 'Not supported outside posix.')
def test_correct_file_uri(self):
expected = 'file://' + self.tmpdir + '/somekey'
self.assertEqual(expected, self.store.url_for('somekey'))
def test_file_uri(self):
data = 'Hello, World?!\n'
tmpfile = tempfile.NamedTemporaryFile(delete=False)
try:
tmpfile.write(data)
tmpfile.close()
key = self.store.put_file('testkey', tmpfile.name)
url = self.store.url_for(key)
self.assertTrue(url.startswith('file://'))
parts = urlparse(url)
ndata = open(parts.path, 'rb').read()
self.assertEqual(ndata, data)
finally:
if os.path.exists(tmpfile.name):
os.unlink(tmpfile.name)
def test_concurrent_mkdir(self, tmpdir, mocker):
# Concurrent instantiation of the store in two threads could lead to
# the situation where both threads see that the directory does not
# exists. For one, the call to mkdir succeeds, for the other it fails.
# This is ok for us as long as the directory exists afterwards.
makedirs = mocker.patch('os.makedirs')
makedirs.side_effect = OSError("Failure")
mocker.patch('os.path.isdir')
store = FilesystemStore(os.path.join(tmpdir, 'test'))
# We have mocked os.makedirs, so this won't work. But it should
# pass beyond the OS error and simply fail on writing the file itself.
if PY2:
with pytest.raises(IOError):
store.put('test', b'test')
else:
with pytest.raises(FileNotFoundError):
store.put('test', b'test')
def geoposition(text):
""" Use Google Maps API to geocode string """
store = FilesystemStore('./cache')
url = "https://maps.googleapis.com/maps/api/geocode/json?address=%s&sensor=false&language=sv" % text
cache_key = md5.new(text.encode('utf-8')).hexdigest()
try:
result = store.get(cache_key)
if loads(result):
return loads(result)
else:
raise GeoCodingError
except KeyError:
print "no cache for %s" % text.encode('utf-8')
sleep(2) # Sleep to avoid being blocked by Google Maps API
result = requests.get(url).json()
if len(result["results"]):
store.put(cache_key, dumps(result["results"][0]))
return result["results"][0]
else:
# print "empty reply when geocoding %s" % text
store.put(cache_key, dumps(None))
raise GeoCodingError
def setUp(self):
self.tmpdir = tempfile.mkdtemp()
self.store = FilesystemStore(self.tmpdir)
def store(self, tmpdir):
return FilesystemStore(tmpdir)
def create_app(db_connection_string=None, testing=None):
app = Flask(__name__)
try:
secret_key = faraday.server.config.faraday_server.secret_key
except Exception:
# Now when the config file does not exist it doesn't enter in this
# condition, but it could happen in the future. TODO check
save_new_secret_key(app)
else:
if secret_key is None:
# This is what happens now when the config file doesn't exist.
# TODO check
save_new_secret_key(app)
else:
app.config['SECRET_KEY'] = secret_key
if faraday.server.config.faraday_server.agent_token is None:
save_new_agent_creation_token()
login_failed_message = ("Invalid username or password", 'error')
app.config.update({
'SECURITY_PASSWORD_SINGLE_HASH':
True,
'WTF_CSRF_ENABLED':
False,
'SECURITY_USER_IDENTITY_ATTRIBUTES': ['username'],
'SECURITY_POST_LOGIN_VIEW':
'/_api/session',
'SECURITY_POST_LOGOUT_VIEW':
'/_api/login',
'SECURITY_POST_CHANGE_VIEW':
'/_api/change',
'SECURITY_CHANGEABLE':
True,
'SECURITY_SEND_PASSWORD_CHANGE_EMAIL':
False,
'SECURITY_MSG_USER_DOES_NOT_EXIST':
login_failed_message,
'SECURITY_TOKEN_AUTHENTICATION_HEADER':
'Authorization',
# The line bellow should not be necessary because of the
# CustomLoginForm, but i'll include it anyway.
'SECURITY_MSG_INVALID_PASSWORD':
login_failed_message,
'SESSION_TYPE':
'filesystem',
'SESSION_FILE_DIR':
faraday.server.config.FARADAY_SERVER_SESSIONS_DIR,
'SQLALCHEMY_TRACK_MODIFICATIONS':
False,
'SQLALCHEMY_RECORD_QUERIES':
True,
# app.config['SQLALCHEMY_ECHO'] = True
'SECURITY_PASSWORD_SCHEMES': [
'bcrypt', # This should be the default value
# 'des_crypt',
'pbkdf2_sha1', # Used by CouchDB passwords
# 'pbkdf2_sha256',
# 'pbkdf2_sha512',
# 'sha256_crypt',
# 'sha512_crypt',
'plaintext', # TODO: remove it
],
'PERMANENT_SESSION_LIFETIME':
datetime.timedelta(hours=12),
'SESSION_COOKIE_NAME':
'faraday_session_2',
'SESSION_COOKIE_SAMESITE':
'Lax',
})
store = FilesystemStore(app.config['SESSION_FILE_DIR'])
prefixed_store = PrefixDecorator('sessions_', store)
KVSessionExtension(prefixed_store, app)
user_logged_in.connect(user_logged_in_succesfull, app)
user_logged_out.connect(expire_session, app)
storage_path = faraday.server.config.storage.path
if not storage_path:
logger.warn(
'No storage section or path in the .faraday/config/server.ini. Setting the default value to .faraday/storage'
)
storage_path = setup_storage_path()
if not DepotManager.get('default'):
if testing:
DepotManager.configure('default', {'depot.storage_path': '/tmp'})
else:
DepotManager.configure('default',
{'depot.storage_path': storage_path})
check_testing_configuration(testing, app)
try:
app.config[
'SQLALCHEMY_DATABASE_URI'] = db_connection_string or faraday.server.config.database.connection_string.strip(
"'")
except AttributeError:
logger.info(
'Missing [database] section on server.ini. Please configure the database before running the server.'
)
except NoOptionError:
logger.info(
'Missing connection_string on [database] section on server.ini. Please configure the database before running the server.'
)
from faraday.server.models import db # pylint:disable=import-outside-toplevel
db.init_app(app)
#Session(app)
# Setup Flask-Security
app.user_datastore = SQLAlchemyUserDatastore(
db, user_model=User,
role_model=None) # We won't use flask security roles feature
Security(app, app.user_datastore, login_form=CustomLoginForm)
# Make API endpoints require a login user by default. Based on
# https://stackoverflow.com/questions/13428708/best-way-to-make-flask-logins-login-required-the-default
app.view_functions['security.login'].is_public = True
app.view_functions['security.logout'].is_public = True
app.debug = faraday.server.config.is_debug_mode()
minify_json_output(app)
for handler in LOGGING_HANDLERS:
app.logger.addHandler(handler)
app.logger.propagate = False
register_blueprints(app)
register_handlers(app)
app.view_functions['agent_api.AgentCreationView:post'].is_public = True
return app
def store(self, tmpdir, perms):
return FilesystemStore(tmpdir, perm=perms)
def _create_store_fs(type, params):
if params['create_if_missing'] and not os.path.exists(params['path']):
os.makedirs(params['path'])
return FilesystemStore(params['path'])
from sqltools import *
#For wallets and session store you can switch between disk and the database
#Set to 1 to use local storage/file system, Set to 0 to use database
LOCALDEVBYPASSDB = 0
ACCOUNT_CREATION_DIFFICULTY = '0400'
LOGIN_DIFFICULTY = '0400'
SERVER_SECRET = 'SoSecret!'
SESSION_SECRET = 'SuperSecretSessionStuff'
data_dir_root = os.environ.get('DATADIR')
store_dir = data_dir_root + '/sessions/'
session_store = FilesystemStore(
store_dir
) # TODO: Need to roll this into a SessionInterface so multiple services can hit it easily
email_domain = socket.gethostname()
email_from = "noreply@" + str(email_domain)
app = Flask(__name__)
app.debug = True
@app.route('/challenge')
def challenge():
validate_uuid = UUID(request.args.get('uuid'))
uuid = str(validate_uuid)
session = ws.hashlib.sha256(SESSION_SECRET + uuid).hexdigest()
salt = ws.hashlib.sha256(SERVER_SECRET + uuid).hexdigest()
from flask import Flask, session, redirect, url_for, escape, request, send_from_directory
from flask_kvsession import KVSessionExtension
from simplekv.fs import FilesystemStore
from PIL import Image, ImageDraw, ImageFont
import hashlib
import random
import re, os
app = Flask(__name__)
app.secret_key = 'A0Zr98j/3yX R~XHH!jmN]LWX/,lol'
app.debug = False
app.flag = "flag{silkroad4ever}"
KVSessionExtension(FilesystemStore('./sessions'), app)
def get_bank_points(username):
return int(open('accounts/' + username).read())
def set_bank_points(username, points):
f = open('accounts/' + username, 'w')
f.write(str(points))
f.close()
def render_template(template, keys={}):
contents = open('templates/' + template).read()
for key in keys:
contents = contents.replace('%' + key + '%', str(keys[key]))
return contents
import os
from flask import Flask
from simplekv.fs import FilesystemStore
from flask.ext.kvsession import KVSessionExtension
from sqlalchemy import create_engine
from sqlalchemy.ext.declarative import declarative_base
from flask.ext.sqlalchemy import SQLAlchemy
from os.path import join, expanduser
# initialize server KV session store
if not os.path.exists('./sessiondata'):
os.makedirs('./sessiondata')
session_store = FilesystemStore('./sessiondata')
# instantiate flask app
app = Flask(__name__,
static_folder='static',
template_folder='templates',
static_url_path='/static')
# get configuration from a non-repo file specified
# in this envvar
try:
app.config.from_envvar('MAPROULETTE_SETTINGS')
except Exception:
# alternate config file location for local development
app.config.from_pyfile(join(expanduser('~'), '.maproulette/config.py'))
# set up the ORM engine and database object
engine = create_engine(app.config['SQLALCHEMY_DATABASE_URI'],
