class RHRoomBookingMapOfRoomsWidget(RHRoomBookingBase):
def __init__(self, *args, **kwargs):
RHRoomBookingBase.__init__(self, *args, **kwargs)
self._cache = GenericCache('MapOfRooms')
def _checkParams(self):
RHRoomBookingBase._checkParams(self, request.args)
self._room_id = request.args.get('roomID')
def _process(self):
key = str(sorted(dict(request.args, lang=session.lang, user=session.user.getId()).items()))
html = self._cache.get(key)
if not html:
default_location = Location.default_location
aspects = [a.to_serializable() for a in default_location.aspects]
buildings = default_location.get_buildings()
html = WPRoomBookingMapOfRoomsWidget(self,
aspects=aspects,
buildings=buildings,
room_id=self._room_id,
default_repeat='{}|0'.format(RepeatFrequency.NEVER),
default_start_dt=datetime.combine(date.today(),
Location.working_time_start),
default_end_dt=datetime.combine(date.today(),
Location.working_time_end),
repeat_mapping=RepeatMapping.getMapping()).display()
self._cache.set(key, html, 3600)
return html
class RHRoomBookingMapOfRoomsWidget(RHRoomBookingBase):
def __init__(self, *args, **kwargs):
RHRoomBookingBase.__init__(self, *args, **kwargs)
self._cache = GenericCache('MapOfRooms')
def _checkParams(self):
RHRoomBookingBase._checkParams(self, request.args)
self._room_id = request.args.get('roomID')
def _process(self):
key = str(
sorted(
dict(request.args,
lang=session.lang,
user=session.user.getId()).items()))
html = self._cache.get(key)
if not html:
default_location = Location.default_location
aspects = [a.to_serializable() for a in default_location.aspects]
buildings = default_location.get_buildings()
html = WPRoomBookingMapOfRoomsWidget(
self,
aspects=aspects,
buildings=buildings,
room_id=self._room_id,
default_repeat='{}|0'.format(RepeatFrequency.NEVER),
default_start_dt=datetime.combine(date.today(),
Location.working_time_start),
default_end_dt=datetime.combine(date.today(),
Location.working_time_end),
repeat_mapping=RepeatMapping.mapping).display()
self._cache.set(key, html, 3600)
return html
def _send_confirmation(self, email):
token_storage = GenericCache('confirm-email')
data = {'email': email, 'user_id': self.user.id}
token = make_unique_token(lambda t: not token_storage.get(t))
token_storage.set(token, data, 24 * 3600)
GenericMailer.send(make_email(email, template=get_template_module('users/emails/verify_email.txt',
user=self.user, email=email, token=token)))
def _send_confirmation(self, email):
token_storage = GenericCache('confirm-email')
data = {'email': email, 'user_id': self.user.id}
token = make_unique_token(lambda t: not token_storage.get(t))
token_storage.set(token, data, 24 * 3600)
GenericMailer.send(make_email(email, template=get_template_module('users/emails/verify_email.txt',
user=self.user, email=email, token=token)))
def _get_user_data(self):
user_id = request.args.get('user')
if user_id is None:
return {}
elif user_id.isdigit():
# existing indico user
user = User.find_first(id=user_id, is_deleted=False)
return {t.name: getattr(user, t.name, None) if user else '' for t in PersonalDataType}
else:
# non-indico user
data = GenericCache('pending_identities').get(user_id, {})
return {t.name: data.get(t.name) for t in PersonalDataType}
def send_login_info(user, event=None):
token_storage = GenericCache('resetpass')
endpoint = 'event.confLogin-resetPassword' if event else 'user.signIn-resetPassword'
idList = user.getIdentityList()
logins = []
for id in idList:
if not hasattr(id, 'setPassword'):
config = Config.getInstance()
extra_message = config.getAuthenticatorConfigById(id.getAuthenticatorTag()).get("ResetPasswordMessage")
msg = _("Sorry, you are using an externally managed account (%s) to login into Indico.") % id.getLogin()
if extra_message:
msg += "\n" + extra_message
logins.append({
'tag': id.getAuthenticatorTag(),
'login': id.getLogin(),
'error': msg
})
else:
tag = id.getAuthenticatorTag()
login = id.getLogin()
data = {'tag': tag, 'login': login}
token = str(uuid.uuid4())
while token_storage.get(token):
token = str(uuid.uuid4())
token_storage.set(token, data, 6*3600)
url = url_for(endpoint, event, token=token, _external=True, _secure=True)
logins.append({
'tag': tag,
'login': login,
'link': url
})
if not logins:
url = urlHandlers.UHUserDetails.getURL(user)
text = _("Sorry, we did not find your login.\nPlease, create one here:\n%s") % url
else:
text = _("You can use the following links within the next six hours to reset your password.")
for entry in logins:
text += "\n\n==================\n"
if 'link' in entry:
text += _("Click below to reset your password for the %s login '%s':\n") % (entry['tag'],
entry['login'])
text += entry['link']
else:
text += entry['error']
text += "\n==================\n"
maildata = {
"fromAddr": "Indico Mailer <%s>" % Config.getInstance().getNoReplyEmail(),
"toList": [user.getEmail()],
"subject": _("[%s] Login Information") % getSubjectIndicoTitle(),
"body": text
}
GenericMailer.send(GenericNotification(maildata))
def has_member(self, user):
cache = GenericCache('group-membership')
key = '{}:{}:{}'.format(self.provider, self.name, user.id)
rv = cache.get(key)
if rv is not None:
return rv
elif self.group is None:
warn('Tried to check if {} is in invalid group {}'.format(user, self))
rv = False
else:
rv = any(x[1] in self.group for x in user.iter_identifiers(check_providers=True, providers={self.provider}))
cache.set(key, rv, 1800)
return rv
def _get_user_data(self):
user_id = request.args.get('user')
if user_id is None:
return {}
elif user_id.isdigit():
# existing indico user
user = User.find_first(id=user_id, is_deleted=False)
user_data = {t.name: getattr(user, t.name, None) if user else '' for t in PersonalDataType}
else:
# non-indico user
data = GenericCache('pending_identities').get(user_id, {})
user_data = {t.name: data.get(t.name) for t in PersonalDataType}
user_data['title'] = get_title_uuid(self.regform, user_data['title'])
return user_data
def _get_user_data(self):
user_id = request.args.get("user")
if user_id is None:
return {}
elif user_id.isdigit():
# existing indico user
user = User.find_first(id=user_id, is_deleted=False)
user_data = {t.name: getattr(user, t.name, None) if user else "" for t in PersonalDataType}
else:
# non-indico user
data = GenericCache("pending_identities").get(user_id, {})
user_data = {t.name: data.get(t.name) for t in PersonalDataType}
user_data["title"] = get_title_uuid(self.regform, user_data["title"])
return user_data
def principal_from_fossil(fossil,
allow_pending=False,
allow_groups=True,
legacy=True,
allow_missing_groups=False,
allow_emails=False):
"""Gets a GroupWrapper or AvatarUserWrapper from a fossil"""
from indico.modules.groups import GroupProxy
from indico.modules.users import User
type_ = fossil['_type']
id_ = fossil['id']
if type_ == 'Avatar':
if isinstance(id_, int) or id_.isdigit():
# regular user
user = User.get(int(id_))
elif allow_pending:
data = GenericCache('pending_identities').get(id_)
if not data:
raise ValueError("Cannot find user '{}' in cache".format(id_))
data = {k: '' if v is None else v for (k, v) in data.items()}
email = data['email'].lower()
# check if there is not already a pending user with that e-mail
user = User.find_first(email=email, is_pending=True)
if not user:
user = User(first_name=data.get('first_name') or '',
last_name=data.get('last_name') or '',
email=email,
address=data.get('address', ''),
phone=data.get('phone', ''),
affiliation=data.get('affiliation', ''),
is_pending=True)
db.session.add(user)
db.session.flush()
else:
raise ValueError(
"Id '{}' is not a number and allow_pending=False".format(id_))
if user is None:
raise ValueError('User does not exist: {}'.format(id_))
return user.as_avatar if legacy else user
elif allow_emails and type_ == 'Email':
return EmailPrincipal(id_)
elif allow_groups and type_ in {'LocalGroupWrapper', 'LocalGroup'}:
group = GroupProxy(int(id_))
if group.group is None:
raise ValueError('Local group does not exist: {}'.format(id_))
return group.as_legacy_group if legacy else group
elif allow_groups and type_ in {'LDAPGroupWrapper', 'MultipassGroup'}:
provider = fossil['provider']
group = GroupProxy(id_, provider)
if group.group is None and not allow_missing_groups:
raise ValueError('Multipass group does not exist: {}:{}'.format(
provider, id_))
return group.as_legacy_group if legacy else group
else:
raise ValueError('Unexpected fossil type: {}'.format(type_))
def has_member(self, user):
cache = GenericCache('group-membership')
key = '{}:{}:{}'.format(self.provider, self.name, user.id)
rv = cache.get(key)
if rv is not None:
return rv
elif self.group is None:
warn('Tried to check if {} is in invalid group {}'.format(
user, self))
rv = False
else:
rv = any(x[1] in self.group
for x in user.iter_identifiers(check_providers=True,
providers={self.provider}))
cache.set(key, rv, 1800)
return rv
def _cacheNextStartingRecord(self, queryHash, page, record, obj):
data = obj or {}
data[self._page + 1] = record + 1
Logger.get("search").debug("set page: %s" % data)
GenericCache('Search').set((self._sessionHash, queryHash), data,
12 * 3600)
def get(cls, *args, **kwargs):
"""Create and return a serializable Report object, retrieved from cache if possible"""
from indico_piwik.plugin import PiwikPlugin
if not PiwikPlugin.settings.get('cache_enabled'):
return cls(*args, **kwargs).to_serializable()
cache = GenericCache('Piwik.Report')
key = u'{}-{}-{}'.format(cls.__name__, args, kwargs)
report = cache.get(key)
if not report:
report = cls(*args, **kwargs)
cache.set(key, report, PiwikPlugin.settings.get('cache_ttl'))
return report.to_serializable()
class WPRoomBookingMapOfRoomsWidget(WPNotDecorated):
sidemenu_option = 'map'
cache = GenericCache('MapOfRooms')
def getCSSFiles(self):
return WPNotDecorated.getCSSFiles(self) + ['css/mapofrooms.css']
def getJSFiles(self):
return WPNotDecorated.getJSFiles(self) + self._includeJSPackage('RoomBooking')
def _getTitle(self):
return '{} - {}'.format(WPNotDecorated._getTitle(self), _('Map of rooms'))
def _get_widget_params(self):
default_location = Location.default_location
return {'aspects': [a.to_serializable() for a in default_location.aspects],
'buildings': default_location.get_buildings(),
'default_repeat': '{}|0'.format(int(RepeatFrequency.NEVER)),
'default_start_dt': datetime.combine(date.today(), Location.working_time_start),
'default_end_dt': datetime.combine(date.today(), Location.working_time_end),
'repeat_mapping': RepeatMapping.mapping}
def _getBody(self, params):
cache_key = str(sorted(dict(request.args, lang=session.lang).items()))
html = self.cache.get(cache_key)
if html is None:
params.update(self._get_widget_params())
html = WTemplated('RoomBookingMapOfRoomsWidget').getHTML(params)
self.cache.set(cache_key, html, 3600)
return html
class CachedReport(object):
"""
This class acts as a wrapper for functions which return a report object,
by decorating the get<report> methods with the memonize function in the
BaseStatisticsReport object, the result is wrapped here and its age
is compared with the TTL if in the cache, either returning said item or
allowing the method to generate a new one.
"""
_config = StatisticsConfig()
def __init__(self, function):
self._function = function
# Cache bucket per implementation
plugin = function.__module__.split('.')[3]
self._cache = GenericCache(plugin + 'StatisticsCache')
def getReport(self, *args, **kwargs):
"""
Ascertain if live updating first, if so disregard and continue.
"""
ttl = self._config.getUpdateInterval()
if not self._config.hasCacheEnabled():
return self._function(*args, **kwargs)
keyParams = list(args)
keyParams.extend([self._function.__module__, self._function.__name__])
key = self._generateKey(keyParams)
resource = self._cache.get(key, None)
if not resource:
result = self._function(*args, **kwargs)
self._cache.set(key, result, ttl)
return result
else:
return resource
def _generateKey(self, params):
"""
Generates a unique key for caching against the params given.
"""
return reduce(lambda x, y: str(x) + '-' + str(y), params)
class CachedReport(object):
"""
This class acts as a wrapper for functions which return a report object,
by decorating the get<report> methods with the memonize function in the
BaseStatisticsReport object, the result is wrapped here and its age
is compared with the TTL if in the cache, either returning said item or
allowing the method to generate a new one.
"""
_config = StatisticsConfig()
def __init__(self, function):
self._function = function
# Cache bucket per implementation
plugin = function.__module__.split('.')[3]
self._cache = GenericCache(plugin + 'StatisticsCache')
def getReport(self, *args, **kwargs):
"""
Ascertain if live updating first, if so disregard and continue.
"""
ttl = self._config.getUpdateInterval()
if not self._config.hasCacheEnabled():
return self._function(*args, **kwargs)
keyParams = list(args)
keyParams.extend([self._function.__module__, self._function.__name__])
key = self._generateKey(keyParams)
resource = self._cache.get(key, None)
if not resource:
result = self._function(*args, **kwargs)
self._cache.set(key, result, ttl)
return result
else:
return resource
def _generateKey(self, params):
"""
Generates a unique key for caching against the params given.
"""
return reduce(lambda x, y: str(x) + '-' + str(y), params)
class RHUserEmailsVerify(RHUserBase):
flash_user_status = False
token_storage = GenericCache('confirm-email')
def _validate(self, data):
if not data:
flash(_('The verification token is invalid or expired.'), 'error')
return False, None
user = User.get(data['user_id'])
if not user or user != self.user:
flash(
_('This token is for a different Indico user. Please login with the correct account'
), 'error')
return False, None
existing = UserEmail.find_first(is_user_deleted=False,
email=data['email'])
if existing and not existing.user.is_pending:
if existing.user == self.user:
flash(
_('This email address is already attached to your account.'
))
else:
flash(
_('This email address is already in use by another account.'
), 'error')
return False, existing.user
return True, existing.user if existing else None
def _process(self):
token = request.view_args['token']
data = self.token_storage.get(token)
valid, existing = self._validate(data)
if valid:
self.token_storage.delete(token)
if existing and existing.is_pending:
logger.info("Found pending user %s to be merged into %s",
existing, self.user)
# If the pending user has missing names, copy them from the active one
# to allow it to be marked as not pending and deleted during the merge.
existing.first_name = existing.first_name or self.user.first_name
existing.last_name = existing.last_name or self.user.last_name
merge_users(existing, self.user)
flash(
_("Merged data from existing '{}' identity").format(
existing.email))
existing.is_pending = False
self.user.secondary_emails.add(data['email'])
signals.users.email_added.send(self.user, email=data['email'])
flash(
_('The email address {email} has been added to your account.').
format(email=data['email']), 'success')
return redirect(url_for('.user_emails'))
def principal_from_fossil(fossil, allow_pending=False, allow_groups=True, legacy=True, allow_missing_groups=False,
allow_emails=False, allow_networks=False):
from indico.modules.networks.models.networks import IPNetworkGroup
from indico.modules.groups import GroupProxy
from indico.modules.users import User
type_ = fossil['_type']
id_ = fossil['id']
if type_ == 'Avatar':
if isinstance(id_, int) or id_.isdigit():
# regular user
user = User.get(int(id_))
elif allow_pending:
data = GenericCache('pending_identities').get(id_)
if not data:
raise ValueError("Cannot find user '{}' in cache".format(id_))
data = {k: '' if v is None else v for (k, v) in data.items()}
email = data['email'].lower()
# check if there is not already a (pending) user with that e-mail
# we need to check for non-pending users too since the search may
# show a user from external results even though the email belongs
# to an indico account in case some of the search criteria did not
# match the indico account
user = User.find_first(User.all_emails.contains(email), ~User.is_deleted)
if not user:
user = User(first_name=data.get('first_name') or '', last_name=data.get('last_name') or '',
email=email,
address=data.get('address', ''), phone=data.get('phone', ''),
affiliation=data.get('affiliation', ''), is_pending=True)
db.session.add(user)
db.session.flush()
else:
raise ValueError("Id '{}' is not a number and allow_pending=False".format(id_))
if user is None:
raise ValueError('User does not exist: {}'.format(id_))
return user.as_avatar if legacy else user
elif allow_emails and type_ == 'Email':
return EmailPrincipal(id_)
elif allow_networks and type_ == 'IPNetworkGroup':
group = IPNetworkGroup.get(int(id_))
if group is None:
raise ValueError('IP network group does not exist: {}'.format(id_))
return group
elif allow_groups and type_ in {'LocalGroupWrapper', 'LocalGroup'}:
group = GroupProxy(int(id_))
if group.group is None:
raise ValueError('Local group does not exist: {}'.format(id_))
return group.as_legacy_group if legacy else group
elif allow_groups and type_ in {'LDAPGroupWrapper', 'MultipassGroup'}:
provider = fossil['provider']
group = GroupProxy(id_, provider)
if group.group is None and not allow_missing_groups:
raise ValueError('Multipass group does not exist: {}:{}'.format(provider, id_))
return group.as_legacy_group if legacy else group
else:
raise ValueError('Unexpected fossil type: {}'.format(type_))
def principal_from_fossil(fossil, allow_pending=False, legacy=True):
"""Gets a GroupWrapper or AvatarUserWrapper from a fossil"""
type_ = fossil['_type']
id_ = fossil['id']
if type_ == 'Avatar':
if isinstance(id_, int) or id_.isdigit():
# regular user
user = User.get(int(id_))
elif allow_pending:
data = GenericCache('pending_identities').get(id_)
if not data:
raise ValueError("Cannot find user '{}' in cache".format(id_))
data = {k: '' if v is None else v for (k, v) in data.items()}
# check if there is not already a pending user with that e-mail
user = User.find_first(email=data['email'], is_pending=True)
if not user:
user = User(first_name=data['first_name'], last_name=data['last_name'], email=data['email'],
address=data.get('address', ''), phone=data.get('phone', ''),
affiliation=data.get('affiliation', ''), is_pending=True)
db.session.add(user)
db.session.flush()
else:
raise ValueError("Id '{}' is not a number and allow_pending=False".format(id_))
if user is None:
raise ValueError('User does not exist: {}'.format(id_))
return user.as_avatar if legacy else user
elif type_ == 'LocalGroupWrapper':
group = GroupProxy(int(id_))
if group.group is None:
raise ValueError('Local group does not exist: {}'.format(id_))
return group.as_legacy_group if legacy else group
elif type_ == 'LDAPGroupWrapper':
provider = fossil['provider']
group = GroupProxy(id_, provider)
if group.group is None:
raise ValueError('Multipass group does not exist: {}:{}'.format(provider, id_))
return group.as_legacy_group if legacy else group
else:
raise ValueError('Unexpected fossil type: {}'.format(type_))
def wrapper(*args, **kwargs):
cache = GenericCache('task-locks')
name = current_task.name
if cache.get(name):
Logger.get('celery').warning('Task {} is locked; not executing it'.format(name))
return
cache.set(name, True)
try:
return f(*args, **kwargs)
finally:
cache.delete(name)
def match(self, criteria, exact=False, onlyActivated=True, searchInAuthenticators=False):
from indico.modules.users.util import search_users
cache = GenericCache('pending_identities')
def _process_identities(obj):
if isinstance(obj, IdentityInfo):
cache.set(obj.provider.name + ":" + obj.identifier, obj.data)
return AvatarProvisionalWrapper(obj)
else:
return obj.as_avatar
results = search_users(exact=exact, include_pending=not onlyActivated, include_deleted=not onlyActivated,
external=searchInAuthenticators,
**{AVATAR_FIELD_MAP[k]: v for (k, v) in criteria.iteritems() if v})
return [_process_identities(obj) for obj in results]
def _getStartingRecord(self, queryHash, page):
obj = GenericCache('Search').get((self._sessionHash, queryHash), {})
if page == 1:
Logger.get("search").debug("first page")
# first page, start with 0
return 0, None
elif page in obj:
Logger.get("search").debug("hit! %s %s" % (obj[page], obj))
# cache hit!
return obj[page], obj
else:
Logger.get("search").debug("miss")
# cache miss, force first page to be loaded
self._page = 1
return 0, None
def wrapper(*args, **kwargs):
cache = GenericCache('task-locks')
name = current_task.name
if cache.get(name):
Logger.get('celery').warning('Task {} is locked; not executing it'.format(name))
return
cache.set(name, True)
try:
return f(*args, **kwargs)
finally:
cache.delete(name)
class RHUserEmailsVerify(RHUserBase):
token_storage = GenericCache('confirm-email')
def _validate(self, data):
if not data:
flash(_('The verification token is invalid or expired.'), 'error')
return False, None
user = User.get(data['user_id'])
if not user or user != self.user:
flash(
_('This token is for a different Indico user. Please login with the correct account'
), 'error')
return False, None
existing = UserEmail.find_first(is_user_deleted=False,
email=data['email'])
if existing and not existing.user.is_pending:
if existing.user == self.user:
flash(
_('This email address is already attached to your account.'
))
else:
flash(
_('This email address is already in use by another account.'
), 'error')
return False, existing.user
return True, existing.user if existing else None
def _process(self):
token = request.view_args['token']
data = self.token_storage.get(token)
valid, existing = self._validate(data)
if valid:
self.token_storage.delete(token)
if existing and existing.is_pending:
flash(
_("Merged data from existing '{}' identity").format(
existing.email))
merge_users(existing, self.user)
existing.is_pending = False
self.user.secondary_emails.add(data['email'])
flash(
_('The email address {email} has been added to your account.').
format(email=data['email']), 'success')
return redirect(url_for('.user_emails'))
def memoize_redis(ttl):
"""Memoize a function in redis
The cached value can be cleared by calling the method
``clear_cached()`` of the decorated function with the same
arguments that were used during the function call. To check
whether a value has been cached call ``is_cached()`` in the
same way.
:param ttl: How long the result should be cached. May be a
timedelta or a number (seconds).
"""
from MaKaC.common.cache import GenericCache
cache = GenericCache('memoize')
def decorator(f):
def _get_key(args, kwargs):
return f.__name__, make_hashable(args), make_hashable(kwargs)
def _clear_cached(*args, **kwargs):
cache.delete(_get_key(args, kwargs))
def _is_cached(*args, **kwargs):
return cache.get(_get_key(args, kwargs), _notset) is not _notset
@wraps(f)
def memoizer(*args, **kwargs):
if current_app.config['TESTING'] or current_app.config.get('REPL'):
# No memoization during tests or in the shell
return f(*args, **kwargs)
key = _get_key(args, kwargs)
value = cache.get(key, _notset)
if value is _notset:
value = f(*args, **kwargs)
cache.set(key, value, ttl)
return value
memoizer.clear_cached = _clear_cached
memoizer.is_cached = _is_cached
return memoizer
return decorator
class SudsCache(Cache):
_instance = None
def __init__(self, duration=DEFAULT_CACHE_TTL):
self._cache = GenericCache("SudsCache")
self._duration = duration
def get(self, key):
self._cache.get(key)
def put(self, key, val):
self._cache.set(key, val, self._duration)
def purge(self, key):
self._cache.delete(key)
class OAuthGrant(object):
"""OAuth grant token"""
#: cache entry to store grant tokens
_cache = GenericCache('oauth-grant-tokens')
def __init__(self, client_id, code, redirect_uri, user, scopes, expires):
self.client_id = client_id
self.code = code
self.redirect_uri = redirect_uri
self.user = user
self.scopes = scopes
self.expires = expires
@property
def key(self):
return self.make_key(self.client_id, self.code)
@property
def ttl(self):
return self.expires - datetime.utcnow()
@classmethod
def get(cls, client_id, code):
key = cls.make_key(client_id, code)
return cls._cache.get(key)
@classmethod
def make_key(cls, client_id, code):
return '{}:{}'.format(client_id, code)
def delete(self):
self._cache.delete(self.key)
def save(self):
self._cache.set(key=self.key, val=self, time=self.ttl)
class SudsCache(Cache):
_instance = None
@classmethod
def getInstance(cls, duration=None):
if cls._instance is None:
cls._instance = SudsCache(duration)
return cls._instance
def __init__(self, duration=None):
self._cache = GenericCache("SudsCache")
if duration is None:
duration = 24 * 3600 # we put as default 1 day cache
self._duration = duration
def get(self, key):
self._cache.get(key)
def put(self, key, val):
self._cache.set(key, val, self._duration)
def purge(self, key):
self._cache.delete(key)
class SudsCache(Cache):
_instance = None
@classmethod
def getInstance(cls, duration=None):
if cls._instance is None:
cls._instance = SudsCache(duration)
return cls._instance
def __init__(self, duration=None):
self._cache = GenericCache("SudsCache")
if duration is None:
duration = 24 * 3600 # we put as default 1 day cache
self._duration = duration
def get(self, key):
self._cache.get(key)
def put(self, key, val):
self._cache.set(key, val, self._duration)
def purge(self, key):
self._cache.delete(key)
class IndicoSessionInterface(SessionInterface):
pickle_based = True
serializer = cPickle
session_class = IndicoSession
temporary_session_lifetime = timedelta(days=7)
def __init__(self):
self.storage = GenericCache('flask-session')
def generate_sid(self):
return str(uuid.uuid4())
def get_cookie_secure(self, app):
return request.is_secure
def get_storage_lifetime(self, app, session):
# Permanent sessions are stored for exactly the same duration as the session id cookie.
# "Temporary" session are stored for a period that is not too short/long as some people
# close their browser very rarely and thus shouldn't be logged out that often.
if session.permanent:
return app.permanent_session_lifetime
else:
return self.temporary_session_lifetime
def should_refresh_session(self, app, session):
if session.new or '_expires' not in session:
return False
threshold = self.get_storage_lifetime(app, session) / 2
return session['_expires'] - datetime.now() < threshold
def should_refresh_sid(self, app, session):
if not session.new and self.get_cookie_secure(
app) and not session.get('_secure'):
return True
if getattr(session, '_refresh_sid', False):
return True
return False
def open_session(self, app, request):
sid = request.cookies.get(app.session_cookie_name)
if not sid:
return self.session_class(sid=self.generate_sid(), new=True)
data = self.storage.get(sid)
if data is not None:
return self.session_class(self.serializer.loads(data), sid=sid)
return self.session_class(sid=self.generate_sid(), new=True)
def save_session(self, app, session, response):
domain = self.get_cookie_domain(app)
secure = self.get_cookie_secure(app)
refresh_sid = self.should_refresh_sid(app, session)
if not session and not session.new:
# empty session, delete it from storage and cookie
self.storage.delete(session.sid)
response.delete_cookie(app.session_cookie_name, domain=domain)
return
if not refresh_sid and not session.modified and not self.should_refresh_session(
app, session):
# If the session has not been modified we only store if it needs to be refreshed
return
if app.config['INDICO_SESSION_PERMANENT']:
# Setting session.permanent marks the session as modified so we only set it when we
# are saving the session anyway!
session.permanent = True
storage_ttl = self.get_storage_lifetime(app, session)
cookie_lifetime = self.get_expiration_time(app, session)
session['_expires'] = datetime.now() + storage_ttl
if refresh_sid:
self.storage.delete(session.sid)
session.sid = self.generate_sid()
session['_secure'] = request.is_secure
self.storage.set(session.sid, self.serializer.dumps(dict(session)),
storage_ttl)
response.set_cookie(app.session_cookie_name,
session.sid,
expires=cookie_lifetime,
httponly=True,
secure=secure)
def handler(prefix, path):
path = posixpath.join('/', prefix, path)
ContextManager.destroy()
clearCache() # init fossil cache
logger = Logger.get('httpapi')
if request.method == 'POST':
# Convert POST data to a query string
queryParams = [(key, [x.encode('utf-8') for x in values])
for key, values in request.form.iterlists()]
query = urllib.urlencode(queryParams, doseq=1)
# we only need/keep multiple values so we can properly validate the signature.
# the legacy code below expects a dict with just the first value.
# if you write a new api endpoint that needs multiple values get them from
# ``request.values.getlist()`` directly
queryParams = {key: values[0] for key, values in queryParams}
else:
# Parse the actual query string
queryParams = dict((key, value.encode('utf-8'))
for key, value in request.args.iteritems())
query = request.query_string
dbi = DBMgr.getInstance()
dbi.startRequest()
apiKey = get_query_parameter(queryParams, ['ak', 'apikey'], None)
cookieAuth = get_query_parameter(queryParams, ['ca', 'cookieauth'],
'no') == 'yes'
signature = get_query_parameter(queryParams, ['signature'])
timestamp = get_query_parameter(queryParams, ['timestamp'],
0,
integer=True)
noCache = get_query_parameter(queryParams, ['nc', 'nocache'],
'no') == 'yes'
pretty = get_query_parameter(queryParams, ['p', 'pretty'], 'no') == 'yes'
onlyPublic = get_query_parameter(queryParams, ['op', 'onlypublic'],
'no') == 'yes'
onlyAuthed = get_query_parameter(queryParams, ['oa', 'onlyauthed'],
'no') == 'yes'
scope = 'read:legacy_api' if request.method == 'GET' else 'write:legacy_api'
try:
oauth_valid, oauth_request = oauth.verify_request([scope])
if not oauth_valid and oauth_request and oauth_request.error_message != 'Bearer token not found.':
raise BadRequest('OAuth error: {}'.format(
oauth_request.error_message))
elif g.get(
'received_oauth_token'
) and oauth_request.error_message == 'Bearer token not found.':
raise BadRequest('OAuth error: Invalid token')
except ValueError:
# XXX: Dirty hack to workaround a bug in flask-oauthlib that causes it
# not to properly urlencode request query strings
# Related issue (https://github.com/lepture/flask-oauthlib/issues/213)
oauth_valid = False
# Get our handler function and its argument and response type
hook, dformat = HTTPAPIHook.parseRequest(path, queryParams)
if hook is None or dformat is None:
raise NotFound
# Disable caching if we are not just retrieving data (or the hook requires it)
if request.method == 'POST' or hook.NO_CACHE:
noCache = True
ak = error = result = None
ts = int(time.time())
typeMap = {}
responseUtil = ResponseUtil()
is_response = False
try:
used_session = None
if cookieAuth:
used_session = session
if not used_session.user: # ignore guest sessions
used_session = None
if apiKey or oauth_valid or not used_session:
if not oauth_valid:
# Validate the API key (and its signature)
ak, enforceOnlyPublic = checkAK(apiKey, signature, timestamp,
path, query)
if enforceOnlyPublic:
onlyPublic = True
# Create an access wrapper for the API key's user
aw = buildAW(ak, onlyPublic)
else: # Access Token (OAuth)
at = load_token(oauth_request.access_token.access_token)
aw = buildAW(at, onlyPublic)
# Get rid of API key in cache key if we did not impersonate a user
if ak and aw.getUser() is None:
cacheKey = normalizeQuery(
path,
query,
remove=('_', 'ak', 'apiKey', 'signature', 'timestamp',
'nc', 'nocache', 'oa', 'onlyauthed'))
else:
cacheKey = normalizeQuery(path,
query,
remove=('_', 'signature',
'timestamp', 'nc', 'nocache',
'oa', 'onlyauthed'))
if signature:
# in case the request was signed, store the result under a different key
cacheKey = 'signed_' + cacheKey
else:
# We authenticated using a session cookie.
if Config.getInstance().getCSRFLevel() >= 2:
token = request.headers.get(
'X-CSRF-Token',
get_query_parameter(queryParams, ['csrftoken']))
if used_session.csrf_protected and used_session.csrf_token != token:
raise HTTPAPIError('Invalid CSRF token', 403)
aw = AccessWrapper()
if not onlyPublic:
aw.setUser(used_session.avatar)
userPrefix = 'user-{}_'.format(used_session.user.id)
cacheKey = userPrefix + normalizeQuery(
path,
query,
remove=('_', 'nc', 'nocache', 'ca', 'cookieauth', 'oa',
'onlyauthed', 'csrftoken'))
# Bail out if the user requires authentication but is not authenticated
if onlyAuthed and not aw.getUser():
raise HTTPAPIError('Not authenticated', 403)
addToCache = not hook.NO_CACHE
cache = GenericCache('HTTPAPI')
cacheKey = RE_REMOVE_EXTENSION.sub('', cacheKey)
if not noCache:
obj = cache.get(cacheKey)
if obj is not None:
result, extra, ts, complete, typeMap = obj
addToCache = False
if result is None:
ContextManager.set("currentAW", aw)
# Perform the actual exporting
res = hook(aw)
if isinstance(res, current_app.response_class):
addToCache = False
is_response = True
result, extra, complete, typeMap = res, {}, True, {}
elif isinstance(res, tuple) and len(res) == 4:
result, extra, complete, typeMap = res
else:
result, extra, complete, typeMap = res, {}, True, {}
if result is not None and addToCache:
ttl = api_settings.get('cache_ttl')
if ttl > 0:
cache.set(cacheKey, (result, extra, ts, complete, typeMap),
ttl)
except HTTPAPIError, e:
error = e
if e.getCode():
responseUtil.status = e.getCode()
if responseUtil.status == 405:
responseUtil.headers[
'Allow'] = 'GET' if request.method == 'POST' else 'POST'
def handler(req, **params):
ContextManager.destroy()
logger = Logger.get('httpapi')
path, query = req.URLFields['PATH_INFO'], req.URLFields['QUERY_STRING']
if req.method == 'POST':
# Convert POST data to a query string
queryParams = dict(req.form)
for key, value in queryParams.iteritems():
queryParams[key] = [str(value)]
query = urllib.urlencode(remove_lists(queryParams))
else:
# Parse the actual query string
queryParams = parse_qs(query)
dbi = DBMgr.getInstance()
dbi.startRequest()
minfo = HelperMaKaCInfo.getMaKaCInfoInstance()
if minfo.getRoomBookingModuleActive():
Factory.getDALManager().connect()
mode = path.split('/')[1]
apiKey = get_query_parameter(queryParams, ['ak', 'apikey'], None)
signature = get_query_parameter(queryParams, ['signature'])
timestamp = get_query_parameter(queryParams, ['timestamp'],
0,
integer=True)
no_cache = get_query_parameter(queryParams, ['nc', 'nocache'],
'no') == 'yes'
pretty = get_query_parameter(queryParams, ['p', 'pretty'], 'no') == 'yes'
onlyPublic = get_query_parameter(queryParams, ['op', 'onlypublic'],
'no') == 'yes'
# Disable caching if we are not exporting
if mode != 'export':
no_cache = True
# Get our handler function and its argument and response type
func, dformat = HTTPAPIHook.parseRequest(path, queryParams)
if func is None or dformat is None:
raise apache.SERVER_RETURN, apache.HTTP_NOT_FOUND
ak = error = result = None
ts = int(time.time())
typeMap = {}
try:
# Validate the API key (and its signature)
ak, enforceOnlyPublic = checkAK(apiKey, signature, timestamp, path,
query)
if enforceOnlyPublic:
onlyPublic = True
# Create an access wrapper for the API key's user
aw = buildAW(ak, req, onlyPublic)
# Get rid of API key in cache key if we did not impersonate a user
if ak and aw.getUser() is None:
cache_key = normalizeQuery(path,
query,
remove=('ak', 'apiKey', 'signature',
'timestamp', 'nc', 'nocache'))
else:
cache_key = normalizeQuery(path,
query,
remove=('signature', 'timestamp', 'nc',
'nocache'))
if signature:
# in case the request was signed, store the result under a different key
cache_key = 'signed_' + cache_key
obj = None
addToCache = True
cache = GenericCache('HTTPAPI')
cache_key = RE_REMOVE_EXTENSION.sub('', cache_key)
if not no_cache:
obj = cache.get(cache_key)
if obj is not None:
result, extra, ts, complete, typeMap = obj
addToCache = False
if result is None:
# Perform the actual exporting
res = func(aw, req)
if isinstance(res, tuple) and len(res) == 4:
result, extra, complete, typeMap = res
else:
result, extra, complete, typeMap = res, {}, True, {}
if result is not None and addToCache:
ttl = HelperMaKaCInfo.getMaKaCInfoInstance().getAPICacheTTL()
cache.set(cache_key, (result, extra, ts, complete, typeMap), ttl)
except HTTPAPIError, e:
error = e
if e.getCode():
req.status = e.getCode()
if req.status == apache.HTTP_METHOD_NOT_ALLOWED:
req.headers_out[
'Allow'] = 'GET' if req.method == 'POST' else 'POST'
class IndicoSessionInterface(SessionInterface):
pickle_based = True
serializer = cPickle
session_class = IndicoSession
temporary_session_lifetime = timedelta(days=7)
def __init__(self):
self.storage = GenericCache('flask-session')
def generate_sid(self):
return str(uuid.uuid4())
def get_cookie_secure(self, app):
return request.is_secure
def get_storage_lifetime(self, app, session):
# Permanent sessions are stored for exactly the same duration as the session id cookie.
# "Temporary" session are stored for a period that is not too short/long as some people
# close their browser very rarely and thus shouldn't be logged out that often.
if session.permanent:
return app.permanent_session_lifetime
else:
return self.temporary_session_lifetime
def should_refresh_session(self, app, session):
if session.new or '_expires' not in session:
return False
threshold = self.get_storage_lifetime(app, session) / 2
return session['_expires'] - datetime.now() < threshold
def should_refresh_sid(self, app, session):
return self.get_cookie_secure(app) and not session.get('_secure')
def open_session(self, app, request):
sid = request.cookies.get(app.session_cookie_name)
if not sid:
return self.session_class(sid=self.generate_sid(), new=True)
data = self.storage.get(sid)
if data is not None:
return self.session_class(self.serializer.loads(data), sid=sid)
return self.session_class(sid=self.generate_sid(), new=True)
def save_session(self, app, session, response):
domain = self.get_cookie_domain(app)
secure = self.get_cookie_secure(app)
refresh_sid = self.should_refresh_sid(app, session)
if not session and not session.new:
# empty session, delete it from storage and cookie
self.storage.delete(session.sid)
response.delete_cookie(app.session_cookie_name, domain=domain)
return
if not refresh_sid and not session.modified and not self.should_refresh_session(app, session):
# If the session has not been modified we only store if it needs to be refreshed
return
if app.config['INDICO_SESSION_PERMANENT']:
# Setting session.permanent marks the session as modified so we only set it when we
# are saving the session anyway!
session.permanent = True
storage_ttl = self.get_storage_lifetime(app, session)
cookie_lifetime = self.get_expiration_time(app, session)
session['_expires'] = datetime.now() + storage_ttl
if refresh_sid:
self.storage.delete(session.sid)
session.sid = self.generate_sid()
session['_secure'] = request.is_secure
self.storage.set(session.sid, self.serializer.dumps(dict(session)), storage_ttl)
response.set_cookie(app.session_cookie_name, session.sid, expires=cookie_lifetime, httponly=True,
secure=secure)
def handler(req, **params):
ContextManager.destroy()
logger = Logger.get('httpapi')
path, query = req.URLFields['PATH_INFO'], req.URLFields['QUERY_STRING']
if req.method == 'POST':
# Convert POST data to a query string
queryParams = dict(req.form)
for key, value in queryParams.iteritems():
queryParams[key] = [str(value)]
query = urllib.urlencode(remove_lists(queryParams))
else:
# Parse the actual query string
queryParams = parse_qs(query)
dbi = DBMgr.getInstance()
dbi.startRequest()
minfo = HelperMaKaCInfo.getMaKaCInfoInstance()
if minfo.getRoomBookingModuleActive():
Factory.getDALManager().connect()
mode = path.split('/')[1]
apiKey = get_query_parameter(queryParams, ['ak', 'apikey'], None)
signature = get_query_parameter(queryParams, ['signature'])
timestamp = get_query_parameter(queryParams, ['timestamp'], 0, integer=True)
no_cache = get_query_parameter(queryParams, ['nc', 'nocache'], 'no') == 'yes'
pretty = get_query_parameter(queryParams, ['p', 'pretty'], 'no') == 'yes'
onlyPublic = get_query_parameter(queryParams, ['op', 'onlypublic'], 'no') == 'yes'
# Disable caching if we are not exporting
if mode != 'export':
no_cache = True
# Get our handler function and its argument and response type
func, dformat = HTTPAPIHook.parseRequest(path, queryParams)
if func is None or dformat is None:
raise apache.SERVER_RETURN, apache.HTTP_NOT_FOUND
ak = error = result = None
ts = int(time.time())
typeMap = {}
try:
# Validate the API key (and its signature)
ak, enforceOnlyPublic = checkAK(apiKey, signature, timestamp, path, query)
if enforceOnlyPublic:
onlyPublic = True
# Create an access wrapper for the API key's user
aw = buildAW(ak, req, onlyPublic)
# Get rid of API key in cache key if we did not impersonate a user
if ak and aw.getUser() is None:
cache_key = normalizeQuery(path, query, remove=('ak', 'apiKey', 'signature', 'timestamp', 'nc', 'nocache'))
else:
cache_key = normalizeQuery(path, query, remove=('signature', 'timestamp', 'nc', 'nocache'))
if signature:
# in case the request was signed, store the result under a different key
cache_key = 'signed_' + cache_key
obj = None
addToCache = True
cache = GenericCache('HTTPAPI')
cache_key = RE_REMOVE_EXTENSION.sub('', cache_key)
if not no_cache:
obj = cache.get(cache_key)
if obj is not None:
result, extra, ts, complete, typeMap = obj
addToCache = False
if result is None:
# Perform the actual exporting
res = func(aw, req)
if isinstance(res, tuple) and len(res) == 4:
result, extra, complete, typeMap = res
else:
result, extra, complete, typeMap = res, {}, True, {}
if result is not None and addToCache:
ttl = HelperMaKaCInfo.getMaKaCInfoInstance().getAPICacheTTL()
cache.set(cache_key, (result, extra, ts, complete, typeMap), ttl)
except HTTPAPIError, e:
error = e
if e.getCode():
req.status = e.getCode()
if req.status == apache.HTTP_METHOD_NOT_ALLOWED:
req.headers_out['Allow'] = 'GET' if req.method == 'POST' else 'POST'
def handler(req, **params):
ContextManager.destroy()
logger = Logger.get("httpapi")
path, query = req.URLFields["PATH_INFO"], req.URLFields["QUERY_STRING"]
if req.method == "POST":
# Convert POST data to a query string
queryParams = dict(req.form)
for key, value in queryParams.iteritems():
queryParams[key] = [str(value)]
query = urllib.urlencode(remove_lists(queryParams))
else:
# Parse the actual query string
queryParams = parse_qs(query)
dbi = DBMgr.getInstance()
dbi.startRequest()
minfo = HelperMaKaCInfo.getMaKaCInfoInstance()
if minfo.getRoomBookingModuleActive():
Factory.getDALManager().connect()
apiKey = get_query_parameter(queryParams, ["ak", "apikey"], None)
cookieAuth = get_query_parameter(queryParams, ["ca", "cookieauth"], "no") == "yes"
signature = get_query_parameter(queryParams, ["signature"])
timestamp = get_query_parameter(queryParams, ["timestamp"], 0, integer=True)
noCache = get_query_parameter(queryParams, ["nc", "nocache"], "no") == "yes"
pretty = get_query_parameter(queryParams, ["p", "pretty"], "no") == "yes"
onlyPublic = get_query_parameter(queryParams, ["op", "onlypublic"], "no") == "yes"
onlyAuthed = get_query_parameter(queryParams, ["oa", "onlyauthed"], "no") == "yes"
# Get our handler function and its argument and response type
hook, dformat = HTTPAPIHook.parseRequest(path, queryParams)
if hook is None or dformat is None:
raise apache.SERVER_RETURN, apache.HTTP_NOT_FOUND
# Disable caching if we are not just retrieving data (or the hook requires it)
if req.method == "POST" or hook.NO_CACHE:
noCache = True
ak = error = result = None
ts = int(time.time())
typeMap = {}
try:
sessionUser = getSessionForReq(req).getUser() if cookieAuth else None
if apiKey or not sessionUser:
# Validate the API key (and its signature)
ak, enforceOnlyPublic = checkAK(apiKey, signature, timestamp, path, query)
if enforceOnlyPublic:
onlyPublic = True
# Create an access wrapper for the API key's user
aw = buildAW(ak, req, onlyPublic)
# Get rid of API key in cache key if we did not impersonate a user
if ak and aw.getUser() is None:
cacheKey = normalizeQuery(
path, query, remove=("ak", "apiKey", "signature", "timestamp", "nc", "nocache", "oa", "onlyauthed")
)
else:
cacheKey = normalizeQuery(
path, query, remove=("signature", "timestamp", "nc", "nocache", "oa", "onlyauthed")
)
if signature:
# in case the request was signed, store the result under a different key
cacheKey = "signed_" + cacheKey
else:
# We authenticated using a session cookie.
# Reject POST for security reasons (CSRF)
if req.method == "POST":
raise HTTPAPIError("Cannot POST when using cookie authentication", apache.HTTP_FORBIDDEN)
aw = AccessWrapper()
if not onlyPublic:
aw.setUser(sessionUser)
userPrefix = "user-" + sessionUser.getId() + "_"
cacheKey = userPrefix + normalizeQuery(
path, query, remove=("nc", "nocache", "ca", "cookieauth", "oa", "onlyauthed")
)
# Bail out if the user requires authentication but is not authenticated
if onlyAuthed and not aw.getUser():
raise HTTPAPIError("Not authenticated", apache.HTTP_FORBIDDEN)
obj = None
addToCache = not hook.NO_CACHE
cache = GenericCache("HTTPAPI")
cacheKey = RE_REMOVE_EXTENSION.sub("", cacheKey)
if not noCache:
obj = cache.get(cacheKey)
if obj is not None:
result, extra, ts, complete, typeMap = obj
addToCache = False
if result is None:
# Perform the actual exporting
res = hook(aw, req)
if isinstance(res, tuple) and len(res) == 4:
result, extra, complete, typeMap = res
else:
result, extra, complete, typeMap = res, {}, True, {}
if result is not None and addToCache:
ttl = HelperMaKaCInfo.getMaKaCInfoInstance().getAPICacheTTL()
cache.set(cacheKey, (result, extra, ts, complete, typeMap), ttl)
except HTTPAPIError, e:
error = e
if e.getCode():
req.status = e.getCode()
if req.status == apache.HTTP_METHOD_NOT_ALLOWED:
req.headers_out["Allow"] = "GET" if req.method == "POST" else "POST"
def __init__(self, duration=DEFAULT_CACHE_TTL):
self._cache = GenericCache("SudsCache")
self._duration = duration
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Indico; if not, see <http://www.gnu.org/licenses/>.
import posixpath
from io import BytesIO
from flask import redirect
from indico.core.config import Config
from indico.web.flask.util import send_file
from indico.modules.rb.models.rooms import Room
from indico.modules.rb.models.photos import Photo
from MaKaC.common.cache import GenericCache
_cache = GenericCache('Rooms')
def _redirect_no_photo(size):
return redirect(
posixpath.join(Config.getInstance().getImagesBaseURL(),
'rooms/{}_photos/NoPhoto.jpg'.format(size)))
def room_photo(roomID, size, **kw):
cache_key = 'photo-{}-{}'.format(roomID, size)
photo_data = _cache.get(cache_key)
if photo_data == '*':
return _redirect_no_photo(size)
elif photo_data is None:
def __init__(self):
self.storage = GenericCache('flask-session')
def handler(prefix, path):
path = posixpath.join('/', prefix, path)
ContextManager.destroy()
clearCache() # init fossil cache
logger = Logger.get('httpapi')
if request.method == 'POST':
# Convert POST data to a query string
queryParams = dict((key, value.encode('utf-8'))
for key, value in request.form.iteritems())
query = urllib.urlencode(queryParams)
else:
# Parse the actual query string
queryParams = dict((key, value.encode('utf-8'))
for key, value in request.args.iteritems())
query = request.query_string
dbi = DBMgr.getInstance()
dbi.startRequest()
apiKey = get_query_parameter(queryParams, ['ak', 'apikey'], None)
cookieAuth = get_query_parameter(queryParams, ['ca', 'cookieauth'],
'no') == 'yes'
signature = get_query_parameter(queryParams, ['signature'])
timestamp = get_query_parameter(queryParams, ['timestamp'],
0,
integer=True)
noCache = get_query_parameter(queryParams, ['nc', 'nocache'],
'no') == 'yes'
pretty = get_query_parameter(queryParams, ['p', 'pretty'], 'no') == 'yes'
onlyPublic = get_query_parameter(queryParams, ['op', 'onlypublic'],
'no') == 'yes'
onlyAuthed = get_query_parameter(queryParams, ['oa', 'onlyauthed'],
'no') == 'yes'
oauthToken = 'oauth_token' in queryParams
# Check if OAuth data is supplied in the Authorization header
if not oauthToken and request.headers.get('Authorization') is not None:
oauthToken = 'oauth_token' in request.headers.get('Authorization')
# Get our handler function and its argument and response type
hook, dformat = HTTPAPIHook.parseRequest(path, queryParams)
if hook is None or dformat is None:
raise NotFound
# Disable caching if we are not just retrieving data (or the hook requires it)
if request.method == 'POST' or hook.NO_CACHE:
noCache = True
ak = error = result = None
ts = int(time.time())
typeMap = {}
responseUtil = ResponseUtil()
try:
used_session = None
if cookieAuth:
used_session = session
if not used_session.avatar: # ignore guest sessions
used_session = None
if apiKey or oauthToken or not used_session:
if not oauthToken:
# Validate the API key (and its signature)
ak, enforceOnlyPublic = checkAK(apiKey, signature, timestamp,
path, query)
if enforceOnlyPublic:
onlyPublic = True
# Create an access wrapper for the API key's user
aw = buildAW(ak, onlyPublic)
else: # Access Token (OAuth)
at = OAuthUtils.OAuthCheckAccessResource()
aw = buildAW(at, onlyPublic)
# Get rid of API key in cache key if we did not impersonate a user
if ak and aw.getUser() is None:
cacheKey = normalizeQuery(
path,
query,
remove=('_', 'ak', 'apiKey', 'signature', 'timestamp',
'nc', 'nocache', 'oa', 'onlyauthed'))
else:
cacheKey = normalizeQuery(path,
query,
remove=('_', 'signature',
'timestamp', 'nc', 'nocache',
'oa', 'onlyauthed'))
if signature:
# in case the request was signed, store the result under a different key
cacheKey = 'signed_' + cacheKey
else:
# We authenticated using a session cookie.
if Config.getInstance().getCSRFLevel() >= 2:
token = request.headers.get(
'X-CSRF-Token',
get_query_parameter(queryParams, ['csrftoken']))
if used_session.csrf_protected and used_session.csrf_token != token:
raise HTTPAPIError('Invalid CSRF token', 403)
aw = AccessWrapper()
if not onlyPublic:
aw.setUser(used_session.avatar)
userPrefix = 'user-' + used_session.avatar.getId() + '_'
cacheKey = userPrefix + normalizeQuery(
path,
query,
remove=('_', 'nc', 'nocache', 'ca', 'cookieauth', 'oa',
'onlyauthed', 'csrftoken'))
# Bail out if the user requires authentication but is not authenticated
if onlyAuthed and not aw.getUser():
raise HTTPAPIError('Not authenticated', 403)
addToCache = not hook.NO_CACHE
cache = GenericCache('HTTPAPI')
cacheKey = RE_REMOVE_EXTENSION.sub('', cacheKey)
if not noCache:
obj = cache.get(cacheKey)
if obj is not None:
result, extra, ts, complete, typeMap = obj
addToCache = False
if result is None:
ContextManager.set("currentAW", aw)
# Perform the actual exporting
res = hook(aw)
if isinstance(res, tuple) and len(res) == 4:
result, extra, complete, typeMap = res
else:
result, extra, complete, typeMap = res, {}, True, {}
if result is not None and addToCache:
ttl = api_settings.get('cache_ttl')
cache.set(cacheKey, (result, extra, ts, complete, typeMap), ttl)
except HTTPAPIError, e:
error = e
if e.getCode():
responseUtil.status = e.getCode()
if responseUtil.status == 405:
responseUtil.headers[
'Allow'] = 'GET' if request.method == 'POST' else 'POST'
def __init__(self, *args, **kwargs):
RHRoomBookingBase.__init__(self, *args, **kwargs)
self._cache = GenericCache('MapOfRooms')
def handler(prefix, path):
path = posixpath.join('/', prefix, path)
ContextManager.destroy()
clearCache() # init fossil cache
logger = Logger.get('httpapi')
if request.method == 'POST':
# Convert POST data to a query string
queryParams = dict((key, value.encode('utf-8')) for key, value in request.form.iteritems())
query = urllib.urlencode(queryParams)
else:
# Parse the actual query string
queryParams = dict((key, value.encode('utf-8')) for key, value in request.args.iteritems())
query = request.query_string
dbi = DBMgr.getInstance()
dbi.startRequest()
apiKey = get_query_parameter(queryParams, ['ak', 'apikey'], None)
cookieAuth = get_query_parameter(queryParams, ['ca', 'cookieauth'], 'no') == 'yes'
signature = get_query_parameter(queryParams, ['signature'])
timestamp = get_query_parameter(queryParams, ['timestamp'], 0, integer=True)
noCache = get_query_parameter(queryParams, ['nc', 'nocache'], 'no') == 'yes'
pretty = get_query_parameter(queryParams, ['p', 'pretty'], 'no') == 'yes'
onlyPublic = get_query_parameter(queryParams, ['op', 'onlypublic'], 'no') == 'yes'
onlyAuthed = get_query_parameter(queryParams, ['oa', 'onlyauthed'], 'no') == 'yes'
scope = 'read:legacy_api' if request.method == 'GET' else 'write:legacy_api'
try:
oauth_valid, oauth_request = oauth.verify_request([scope])
if not oauth_valid and oauth_request and oauth_request.error_message != 'Bearer token not found.':
raise BadRequest('OAuth error: {}'.format(oauth_request.error_message))
elif g.get('received_oauth_token') and oauth_request.error_message == 'Bearer token not found.':
raise BadRequest('OAuth error: Invalid token')
except ValueError:
# XXX: Dirty hack to workaround a bug in flask-oauthlib that causes it
# not to properly urlencode request query strings
# Related issue (https://github.com/lepture/flask-oauthlib/issues/213)
oauth_valid = False
# Get our handler function and its argument and response type
hook, dformat = HTTPAPIHook.parseRequest(path, queryParams)
if hook is None or dformat is None:
raise NotFound
# Disable caching if we are not just retrieving data (or the hook requires it)
if request.method == 'POST' or hook.NO_CACHE:
noCache = True
ak = error = result = None
ts = int(time.time())
typeMap = {}
responseUtil = ResponseUtil()
try:
used_session = None
if cookieAuth:
used_session = session
if not used_session.user: # ignore guest sessions
used_session = None
if apiKey or oauth_valid or not used_session:
if not oauth_valid:
# Validate the API key (and its signature)
ak, enforceOnlyPublic = checkAK(apiKey, signature, timestamp, path, query)
if enforceOnlyPublic:
onlyPublic = True
# Create an access wrapper for the API key's user
aw = buildAW(ak, onlyPublic)
else: # Access Token (OAuth)
at = load_token(oauth_request.access_token.access_token)
aw = buildAW(at, onlyPublic)
# Get rid of API key in cache key if we did not impersonate a user
if ak and aw.getUser() is None:
cacheKey = normalizeQuery(path, query,
remove=('_', 'ak', 'apiKey', 'signature', 'timestamp', 'nc', 'nocache',
'oa', 'onlyauthed'))
else:
cacheKey = normalizeQuery(path, query,
remove=('_', 'signature', 'timestamp', 'nc', 'nocache', 'oa', 'onlyauthed'))
if signature:
# in case the request was signed, store the result under a different key
cacheKey = 'signed_' + cacheKey
else:
# We authenticated using a session cookie.
if Config.getInstance().getCSRFLevel() >= 2:
token = request.headers.get('X-CSRF-Token', get_query_parameter(queryParams, ['csrftoken']))
if used_session.csrf_protected and used_session.csrf_token != token:
raise HTTPAPIError('Invalid CSRF token', 403)
aw = AccessWrapper()
if not onlyPublic:
aw.setUser(used_session.avatar)
userPrefix = 'user-{}_'.format(used_session.user.id)
cacheKey = userPrefix + normalizeQuery(path, query,
remove=('_', 'nc', 'nocache', 'ca', 'cookieauth', 'oa', 'onlyauthed',
'csrftoken'))
# Bail out if the user requires authentication but is not authenticated
if onlyAuthed and not aw.getUser():
raise HTTPAPIError('Not authenticated', 403)
addToCache = not hook.NO_CACHE
cache = GenericCache('HTTPAPI')
cacheKey = RE_REMOVE_EXTENSION.sub('', cacheKey)
if not noCache:
obj = cache.get(cacheKey)
if obj is not None:
result, extra, ts, complete, typeMap = obj
addToCache = False
if result is None:
ContextManager.set("currentAW", aw)
# Perform the actual exporting
res = hook(aw)
if isinstance(res, tuple) and len(res) == 4:
result, extra, complete, typeMap = res
else:
result, extra, complete, typeMap = res, {}, True, {}
if result is not None and addToCache:
ttl = api_settings.get('cache_ttl')
cache.set(cacheKey, (result, extra, ts, complete, typeMap), ttl)
except HTTPAPIError, e:
error = e
if e.getCode():
responseUtil.status = e.getCode()
if responseUtil.status == 405:
responseUtil.headers['Allow'] = 'GET' if request.method == 'POST' else 'POST'
def __init__(self, duration=None):
self._cache = GenericCache("SudsCache")
if duration is None:
duration = 24 * 3600 # we put as default 1 day cache
self._duration = duration
def handler(req, **params):
ContextManager.destroy()
logger = Logger.get('httpapi')
path, query = req.URLFields['PATH_INFO'], req.URLFields['QUERY_STRING']
if req.method == 'POST':
# Convert POST data to a query string
queryParams = dict(req.form)
for key, value in queryParams.iteritems():
queryParams[key] = [str(value)]
query = urllib.urlencode(remove_lists(queryParams))
else:
# Parse the actual query string
queryParams = parse_qs(query)
dbi = DBMgr.getInstance()
dbi.startRequest()
minfo = HelperMaKaCInfo.getMaKaCInfoInstance()
if minfo.getRoomBookingModuleActive():
Factory.getDALManager().connect()
apiKey = get_query_parameter(queryParams, ['ak', 'apikey'], None)
cookieAuth = get_query_parameter(queryParams, ['ca', 'cookieauth'], 'no') == 'yes'
signature = get_query_parameter(queryParams, ['signature'])
timestamp = get_query_parameter(queryParams, ['timestamp'], 0, integer=True)
noCache = get_query_parameter(queryParams, ['nc', 'nocache'], 'no') == 'yes'
pretty = get_query_parameter(queryParams, ['p', 'pretty'], 'no') == 'yes'
onlyPublic = get_query_parameter(queryParams, ['op', 'onlypublic'], 'no') == 'yes'
onlyAuthed = get_query_parameter(queryParams, ['oa', 'onlyauthed'], 'no') == 'yes'
# Get our handler function and its argument and response type
hook, dformat = HTTPAPIHook.parseRequest(path, queryParams)
if hook is None or dformat is None:
raise apache.SERVER_RETURN, apache.HTTP_NOT_FOUND
# Disable caching if we are not just retrieving data (or the hook requires it)
if req.method == 'POST' or hook.NO_CACHE:
noCache = True
ak = error = result = None
ts = int(time.time())
typeMap = {}
try:
session = None
if cookieAuth:
session = getSessionForReq(req)
if not session.getUser(): # ignore guest sessions
session = None
if apiKey or not session:
# Validate the API key (and its signature)
ak, enforceOnlyPublic = checkAK(apiKey, signature, timestamp, path, query)
if enforceOnlyPublic:
onlyPublic = True
# Create an access wrapper for the API key's user
aw = buildAW(ak, req, onlyPublic)
# Get rid of API key in cache key if we did not impersonate a user
if ak and aw.getUser() is None:
cacheKey = normalizeQuery(path, query,
remove=('ak', 'apiKey', 'signature', 'timestamp', 'nc', 'nocache',
'oa', 'onlyauthed'))
else:
cacheKey = normalizeQuery(path, query,
remove=('signature', 'timestamp', 'nc', 'nocache', 'oa', 'onlyauthed'))
if signature:
# in case the request was signed, store the result under a different key
cacheKey = 'signed_' + cacheKey
else:
# We authenticated using a session cookie.
if Config.getInstance().getCSRFLevel() >= 2:
token = req.headers_in.get('X-CSRF-Token', get_query_parameter(queryParams, ['csrftoken']))
if session.csrf_token != token:
raise HTTPAPIError('Invalid CSRF token', apache.HTTP_FORBIDDEN)
aw = AccessWrapper()
if not onlyPublic:
aw.setUser(session.getUser())
userPrefix = 'user-' + session.getUser().getId() + '_'
cacheKey = userPrefix + normalizeQuery(path, query,
remove=('nc', 'nocache', 'ca', 'cookieauth', 'oa', 'onlyauthed',
'csrftoken'))
# Bail out if the user requires authentication but is not authenticated
if onlyAuthed and not aw.getUser():
raise HTTPAPIError('Not authenticated', apache.HTTP_FORBIDDEN)
obj = None
addToCache = not hook.NO_CACHE
cache = GenericCache('HTTPAPI')
cacheKey = RE_REMOVE_EXTENSION.sub('', cacheKey)
if not noCache:
obj = cache.get(cacheKey)
if obj is not None:
result, extra, ts, complete, typeMap = obj
addToCache = False
if result is None:
# Perform the actual exporting
res = hook(aw, req)
if isinstance(res, tuple) and len(res) == 4:
result, extra, complete, typeMap = res
else:
result, extra, complete, typeMap = res, {}, True, {}
if result is not None and addToCache:
ttl = HelperMaKaCInfo.getMaKaCInfoInstance().getAPICacheTTL()
cache.set(cacheKey, (result, extra, ts, complete, typeMap), ttl)
except HTTPAPIError, e:
error = e
if e.getCode():
req.status = e.getCode()
if req.status == apache.HTTP_METHOD_NOT_ALLOWED:
req.headers_out['Allow'] = 'GET' if req.method == 'POST' else 'POST'
def _confirm_email_address(self, email, data_type):
email = email.strip().lower()
if not validMail(email):
raise NoReportError(_("Invalid email address: {0}").format(email))
# Prevent adding the primary email as a secondary email
if data_type == 'secondaryEmails' and email == self._avatar.getEmail():
raise NoReportError(_("{0} is already the primary email address "
"and cannot be used as a secondary email address.").format(email))
# When setting a secondary email as primary, set it automatically and
# re-index the user's emails without sending a confirmation email
# (We assume the secondary emails are valid)
if data_type == 'email' and email in self._avatar.getSecondaryEmails():
self._avatar.removeSecondaryEmail(email)
self._avatar.setEmail(email, reindex=True)
return False
existing = AvatarHolder().match({'email': email}, searchInAuthenticators=False)
if existing:
if any(av for av in existing if av != self._avatar):
raise NoReportError(_("The email address {0} is already used by another user.").format(email))
else: # The email is already set correctly for the user: Do nothing
return False
# New email address
token_storage = GenericCache('confirm-email')
data = {'email': email, 'data_type': data_type, 'uid': self._avatar.getId()}
token = str(uuid.uuid4())
while token_storage.get(token):
token = str(uuid.uuid4())
token_storage.set(token, data, 24 * 3600)
url = url_for('user.confirm_email', token=token, _external=True, _secure=True)
if data_type == 'email':
body_format = _(
"Dear {0},\n"
"You requested to change your account's primary email address.\n"
"Please open the link below within 24 hours to confirm and activate this email address:\n"
"\n{1}\n\n"
"--\n"
"Indico"
)
else:
body_format = _(
"Dear {0},\n"
"You added this email address to your account's secondary emails list.\n"
"Please open the link below within 24 hours to confirm and activate this email address:\n"
"\n{1}\n\n"
"--\n"
"Indico"
)
confirmation = {
'toList': [email],
'fromAddr': Config.getInstance().getSupportEmail(),
'subject': _("[Indico] Verify your email address"),
'body': body_format.format(self._avatar.getFirstName(), url)
}
# Send mail with template message and link
GenericMailer.send(GenericNotification(confirmation))
return True
def __init__(self, function):
self._function = function
# Cache bucket per implementation
plugin = function.__module__.split('.')[3]
self._cache = GenericCache(plugin + 'StatisticsCache')
def _cache(self):
return GenericCache('UpcomingEvents')
# You should have received a copy of the GNU General Public License
# along with Indico; if not, see <http://www.gnu.org/licenses/>.
import re
from persistent import Persistent
from sqlalchemy.orm import load_only, noload
from indico.core.config import Config
from indico.util.caching import memoize_request
from MaKaC.common import filters
from MaKaC.common.cache import GenericCache
from MaKaC.common.ObjectHolders import ObjectHolder
from MaKaC.common.Locators import Locator
_cache = GenericCache('room-mapper')
class RoomMapperHolder(ObjectHolder):
"""
"""
idxName = "roomsMapping"
counterName = "ROOMS_MAPPING"
def match(self, criteria, exact=False):
crit = {}
for f, v in criteria.items():
crit[f] = [v]
if crit.has_key("roommappername"):
crit["name"] = crit["roommappername"]
f = RoomMapperFilter(_RoomMapperFilterCriteria(crit), None)
def handler(prefix, path):
path = posixpath.join('/', prefix, path)
ContextManager.destroy()
clearCache() # init fossil cache
logger = Logger.get('httpapi')
if request.method == 'POST':
# Convert POST data to a query string
queryParams = dict((key, value.encode('utf-8')) for key, value in request.form.iteritems())
query = urllib.urlencode(queryParams)
else:
# Parse the actual query string
queryParams = dict((key, value.encode('utf-8')) for key, value in request.args.iteritems())
query = request.query_string
dbi = DBMgr.getInstance()
dbi.startRequest()
minfo = HelperMaKaCInfo.getMaKaCInfoInstance()
if minfo.getRoomBookingModuleActive():
Factory.getDALManager().connect()
apiKey = get_query_parameter(queryParams, ['ak', 'apikey'], None)
cookieAuth = get_query_parameter(queryParams, ['ca', 'cookieauth'], 'no') == 'yes'
signature = get_query_parameter(queryParams, ['signature'])
timestamp = get_query_parameter(queryParams, ['timestamp'], 0, integer=True)
noCache = get_query_parameter(queryParams, ['nc', 'nocache'], 'no') == 'yes'
pretty = get_query_parameter(queryParams, ['p', 'pretty'], 'no') == 'yes'
onlyPublic = get_query_parameter(queryParams, ['op', 'onlypublic'], 'no') == 'yes'
onlyAuthed = get_query_parameter(queryParams, ['oa', 'onlyauthed'], 'no') == 'yes'
oauthToken = 'oauth_token' in queryParams
# Get our handler function and its argument and response type
hook, dformat = HTTPAPIHook.parseRequest(path, queryParams)
if hook is None or dformat is None:
raise NotFound
# Disable caching if we are not just retrieving data (or the hook requires it)
if request.method == 'POST' or hook.NO_CACHE:
noCache = True
ak = error = result = None
ts = int(time.time())
typeMap = {}
responseUtil = ResponseUtil()
try:
used_session = None
if cookieAuth:
used_session = session
if not used_session.user: # ignore guest sessions
used_session = None
if apiKey or oauthToken or not used_session:
if not oauthToken:
# Validate the API key (and its signature)
ak, enforceOnlyPublic = checkAK(apiKey, signature, timestamp, path, query)
if enforceOnlyPublic:
onlyPublic = True
# Create an access wrapper for the API key's user
aw = buildAW(ak, onlyPublic)
else: # Access Token (OAuth)
at = OAuthUtils.OAuthCheckAccessResource()
aw = buildAW(at, onlyPublic)
# Get rid of API key in cache key if we did not impersonate a user
if ak and aw.getUser() is None:
cacheKey = normalizeQuery(path, query,
remove=('_', 'ak', 'apiKey', 'signature', 'timestamp', 'nc', 'nocache',
'oa', 'onlyauthed'))
else:
cacheKey = normalizeQuery(path, query,
remove=('_', 'signature', 'timestamp', 'nc', 'nocache', 'oa', 'onlyauthed'))
if signature:
# in case the request was signed, store the result under a different key
cacheKey = 'signed_' + cacheKey
else:
# We authenticated using a session cookie.
if Config.getInstance().getCSRFLevel() >= 2:
token = request.headers.get('X-CSRF-Token', get_query_parameter(queryParams, ['csrftoken']))
if used_session.csrf_protected and used_session.csrf_token != token:
raise HTTPAPIError('Invalid CSRF token', 403)
aw = AccessWrapper()
if not onlyPublic:
aw.setUser(used_session.user)
userPrefix = 'user-' + used_session.user.getId() + '_'
cacheKey = userPrefix + normalizeQuery(path, query,
remove=('_', 'nc', 'nocache', 'ca', 'cookieauth', 'oa', 'onlyauthed',
'csrftoken'))
# Bail out if the user requires authentication but is not authenticated
if onlyAuthed and not aw.getUser():
raise HTTPAPIError('Not authenticated', 403)
addToCache = not hook.NO_CACHE
cache = GenericCache('HTTPAPI')
cacheKey = RE_REMOVE_EXTENSION.sub('', cacheKey)
if not noCache:
obj = cache.get(cacheKey)
if obj is not None:
result, extra, ts, complete, typeMap = obj
addToCache = False
if result is None:
# Perform the actual exporting
res = hook(aw)
if isinstance(res, tuple) and len(res) == 4:
result, extra, complete, typeMap = res
else:
result, extra, complete, typeMap = res, {}, True, {}
if result is not None and addToCache:
ttl = HelperMaKaCInfo.getMaKaCInfoInstance().getAPICacheTTL()
cache.set(cacheKey, (result, extra, ts, complete, typeMap), ttl)
except HTTPAPIError, e:
error = e
if e.getCode():
responseUtil.status = e.getCode()
if responseUtil.status == 405:
responseUtil.headers['Allow'] = 'GET' if request.method == 'POST' else 'POST'
def __init__(self):
self.storage = GenericCache('flask-session')
def __init__(self, duration=None):
self._cache = GenericCache("SudsCache")
if duration is None:
duration = 24 * 3600 # we put as default 1 day cache
self._duration = duration
def __init__(self, *args, **kwargs):
RHRoomBookingBase.__init__(self, *args, **kwargs)
self._cache = GenericCache('MapOfRooms')
from werkzeug.urls import url_parse
from indico.core import signals
from indico.core.config import Config
from indico.core.db import db
from indico.modules.events.layout import layout_settings
from indico.modules.events.layout.models.menu import MenuEntry, MenuEntryType, TransientMenuEntry
from indico.util.caching import memoize_request
from indico.util.signals import named_objects_from_signal
from indico.util.string import crc32, return_ascii
from indico.web.flask.util import url_for
import MaKaC
from MaKaC.common.cache import GenericCache
_cache = GenericCache('updated-menus')
def _menu_entry_key(entry_data):
return entry_data.position == -1, entry_data.position, entry_data.name
@memoize_request
def get_menu_entries_from_signal():
return named_objects_from_signal(signals.event.sidemenu.send(),
plugin_attr='plugin')
def build_menu_entry_name(name, plugin=None):
""" Builds the proper name for a menu entry.
