Example #1
0
 def delete(self, username):
     if not username == User.get_username_by_id(session["user_id"]):
         return {
             'message': "You may not access another user's notifications."
         }, 400
     data = self.parser.parse_args()
     if not data['data']:
         NotifModel.delete(user_id=session["user_id"])
     else:
         NotifModel.delete(user_id=session["user_id"], data=data['data'])
     return {
         'message': "Deleted notifications for user {}".format(username)
     }
Example #2
0
 def get(self, username):
     if not username == User.get_username_by_id(session["user_id"]):
         return {
             'message': "You may not access another user's notifications."
         }, 400
     notif = NotifModel.get_all_by_user(session["user_id"])
     if not notif or len(notif) < 1:
         return {'message': "No notifications for this user."}, 404
     result = {'username': username}
     i = 0
     for n in notif:
         result.update(n.json(i))
         i += 1
     return result
Example #3
0
 def post(self, username):
     if not username == User.get_username_by_id(session["user_id"]):
         return {
             'message': "You may not update another user's certificate."
         }, 400
     data = self.parser.parse_args()
     if not data['csr']:
         return {'message': "No certificate Signing Request in Body."}, 400
     cert = CertModel.create(data['csr'], User.find_by_name(username).id)
     if not cert:
         return {
             'message':
             "Signature in CSR could not be verified or invalid CSR data!"
         }, 400
     cert.save_to_db()
     return cert.json()
Example #4
0
 def get(self, username):
     if not username == User.get_username_by_id(session["user_id"]):
         return {'message': "You may not access another user's data."}, 400
     owner = {}
     d = Data.get_all_by_user(user_id=session["user_id"])
     if d:
         for item in d:
             owner.update(
                 {str(item.id): "/data/{}/{}".format(username, item.name)})
     shared = {}
     d = Data_Access.get(user_id=session["user_id"])
     if d:
         for item in d:
             shared.update({
                 str(item.data.id):
                 "/data/{}/{}".format(item.data.user.username,
                                      item.data.name)
             })
     return {'owner': owner, 'shared': shared}
Example #5
0
 def delete(self, username):
     if not username == User.get_username_by_id(session["user_id"]):
         return {
             'message': "You may not delete another user's certificate."
         }, 400
     data = self.parser.parse_args()
     certs = list(
         CertModel.get_all_valid_by_user(user=User.find_by_name(username)))
     if len(certs) < 1:
         return {'message': "No valid certificate for user found."}, 404
     if data['cert_serial']:
         certs = list(
             filter(lambda x: x.serial_number() == data['cert_serial'],
                    certs))
         if len(certs) < 1:
             return {
                 'message': "No valid certificate with the given id found."
             }, 404
     #revoke all of the user's certificates
     certs = list(map(lambda x: x.revoke(), certs))
     #returns the revocation list, which only includes the certificates revoked by this request
     #previously revoked certificates are not includede in the returned list!
     return RevocationList(username, certs).json()
Example #6
0
 def validate_request(self, initiator, replier, step, method):
     if initiator == replier:
         return {'message': "You may not use SMP to verify your own certificate."}, 400
     if not step in self.steps:
         return {'message': "Resource '{}' does not exist.".format(step)}, 404
     init = User.find_by_name(initiator)
     rep  = User.find_by_name(replier)
     if not init:
         return {'message': "Username '{}' does not exist.".format(initiator)}, 404
     if not rep:
         return {'message': "Username '{}' does not exist.".format(replier)}, 404
     username = User.get_username_by_id(session["user_id"])
     if not username in [initiator, replier]:
         return {'message': "You may not access other users' SMP data."}, 400
     if username == initiator and step not in ['question', 'step2', 'step4'] and not method == 'get':
         return {'message': "You may not access someone else's SMP data."}, 400
     if username == replier and step not in ['step1', 'step3'] and not method == 'get':
         return {'message': "You may not access someone else's SMP data."}, 400
     if not init.active:
         return {'message': "User '{}' is not logged in.".format(initiator)}, 404
     if not rep.active:
         return {'message': "User '{}' is not logged in.".format(replier)}, 404
     return True, init, rep