def prepare(self):
"""Override the prepare RequestHandler method.
Check if the Client send correct token and if the token need refresh.
Support the Authorization Header check or the GET access_token.
if the Client don't send a Token or the token is incorrect this method flush a 403 HTTP Error."""
token = None
#frst we check if the authentication token is send by the Autorization header
if 'Authorization' in self.request.headers:
auth_header = self.request.headers['Authorization']
#the authentication token is send like Bearer <token>
#we need to split the string and obtain the token
header_parts = auth_header.split(' ')
token = header_parts[1]
elif self.get_argument('access_token'):
token = self.get_argument('access_token')
else:
raise tornado.web.HTTPError(403,"not authorized, no token send")
#check if the token is correct
try:
grant = Grant()
results = grant.get(token=token)
except ObjectDoesNotExist, e:
raise tornado.web.HTTPError(403,"invalid authorization token incorrect")
def post(self):
"""POST action to authorize the Client Application.
To authorize will be send a POST with 'grant' parameter set to true, to deny 'parameter' set to false."""
grant = self.get_argument("grant")
client_id = self.get_argument("client_id")
response_type = self.get_argument("response_type")
redirect_uri = self.get_argument("redirect_uri")
scope = self.get_argument("scope")
# the client send correct paramenters, we need to check if the client id exist and we
# create the relation between the user-agent and the client
if grant == "true":
try:
#check if the client exist
client = Client()
exist = client.get(client_id=client_id)
if exist['redirect_uri'] != redirect_uri:
#have an error, return a 403
raise tornado.web.HTTPError(403,"redirect uri problem")
except ObjectDoesNotExist, e:
raise tornado.web.HTTPError(403,"the client id not correspond to any Client")
grant = Grant()
try:
#we accept the grant for the user
grant.is_already_authorized(client_id,self.get_current_user())
grant.update(client_id,self.get_current_user())
except ObjectDoesNotExist, e:
grant.add(client_id,self.get_current_user())
def save_grant(client_id, code, request, *args, **kwargs):
# decide the expires time yourself
expires = datetime.utcnow() + timedelta(seconds=1000)
client = Client.query.filter_by(client_id=client_id).first()
grant = Grant(client_id=client_id,
code=code['code'],
redirect_uri=request.redirect_uri,
_scopes=' '.join(request.scopes),
user=client.user_id,
expires=expires)
db.session.add(grant)
db.session.commit()
return grant
def prepare_db():
client1 = Client(
name='dev', client_id='dev', client_secret='dev',
_redirect_uris=(
'http://localhost:8000/authorized '
'http://localhost/authorized '
'http://127.0.0.1:8000/authorized'
),
)
client2 = Client(
name='confidential', client_id='confidential',
client_secret='confidential', client_type='confidential',
_redirect_uris=(
'http://localhost:8000/authorized '
'http://localhost/authorized '
'http://127.0.0.1:8000/authorized'
),
)
user = User(username='******', password='******')
temp_grant = Grant(
user_id=1, client_id='confidential',
code='12345', scope='email',
expires=datetime.utcnow() + timedelta(seconds=100)
)
access_token = Token(
user_id=1, client_id='dev', access_token='expired', expires_in=5
)
access_token2 = Token(
user_id=1, client_id='dev', access_token='expired', expires_in=1
)
try:
db.session.add(client1)
db.session.add(client2)
db.session.add(user)
db.session.add(temp_grant)
db.session.add(access_token)
db.session.add(access_token2)
db.session.commit()
except:
db.session.rollback()
def modal_add():
form = ModalForm()
print 111111111111111
print form.data
if form.validate_on_submit():
data = form.data
modal_data = Grant(
myrole=data["myrole"],
authip=data["authip"],
)
print 22222222
print data["myrole"]
db.session.add(modal_data)
db.session.commit()
flash("添加数据库权限成功", "ok")
return redirect(url_for("admin.grant_list", page=1))
return render_template("admin/modal.html")
def connect_finance(connections, ftype):
if connections:
for finance in connections:
try:
source = Entity.query.filter_by(id=old_to_new[finance['source']]).first()
target = Entity.query.filter_by(id=old_to_new[finance['target']]).first()
if ftype == 'funding':
grant = Grant(finance['amount'], finance['year'])
# Odd civic.json convention of source/target "received"
source.grants_received.append(grant)
target.grants_given.append(grant)
elif ftype == 'investment':
investment = Investment(finance['amount'], finance['year'])
# Odd civic.json convention of source/target "received"
source.investments_received.append(investment)
target.investments_made.append(investment)
except KeyError as e:
# Some IDs in civic.json aren't rendered...
# Point to them manually.
print "Failed to find ID: ", e
def modal_list(page=None):
form = ModalForm()
if page is None:
page = 1
modal_data = Mysqluser.query.paginate(page=page, per_page=2)
if request.method == "POST":
data = form.data
print data
modal = Grant(
myrole=data["myrole"],
authip=data["authip"],
)
db.session.add(modal)
db.session.commit()
flash("添加数据库权限成功", "ok")
return redirect(url_for("admin.modal_list", page=1))
return render_template("admin/modal.html",
modal_data=modal_data,
url="admin.modal_list",
page=page,
form=form)
def update_fundingconnections(connections, ftype, direction):
# Delete and connections that have been removed.
new_connections = [
connection['id'] for connection in connections if connection['id']
]
# TODO: See if you can make this generic to handle any set of connections for simplicity.
# TODO: Maybe list comprehensions in stead depending on how cascade='delete-orphan' works.
if ftype is 'investment':
if direction is 'given':
for connection in entity.investments_made:
if connection.id not in new_connections:
db.delete(connection)
elif direction is 'received':
for connection in entity.investments_received:
if connection.id not in new_connections:
db.delete(connection)
elif ftype is 'grant':
if direction is 'given':
for connection in entity.grants_given:
if connection.id not in new_connections:
db.delete(connection)
elif direction is 'received':
for connection in entity.grants_received:
if connection.id not in new_connections:
db.delete(connection)
db.commit()
for connection in connections:
if connection['id']:
# Connection exists, update amount and year.
oldconnection = Fundingconnection.query.get(connection['id'])
if oldconnection.amount != connection['amount']:
oldconnection.amount = connection['amount']
app.logger.debug('UPDATING ' + ftype + ' AMOUNT: ' +
str(oldconnection.amount))
if oldconnection.year != connection['year']:
oldconnection.year = connection['year']
app.logger.debug('UPDATING ' + ftype + ' YEAR: ' +
str(oldconnection.year))
elif 'entity_id' in connection:
# Connection doesn't exist, create it connect entities.
otherentity = Entity.query.get(connection['entity_id'])
if ftype is 'investment':
newconnection = Investment(connection['amount'],
connection['year'])
if direction is 'given':
entity.investments_made.append(newconnection)
otherentity.investments_received.append(newconnection)
elif direction is 'received':
entity.investments_received.append(newconnection)
otherentity.investments_made.append(newconnection)
elif ftype is 'grant':
newconnection = Grant(connection['amount'],
connection['year'])
if direction is 'given':
entity.grants_given.append(newconnection)
otherentity.grants_received.append(newconnection)
elif direction is 'received':
entity.grants_received.append(newconnection)
otherentity.grants_given.append(newconnection)
db.commit()
except ObjectDoesNotExist, e:
self.set_status(204)
self.write_result({},"call")
def post(self):
"""Method POST to add a new call on ongoing status."""
try:
call_app = Call()
call_app.check_allowed_calls(self._grant_token,MAXIMUM_ONGOING_CALL)
except RestMaxCallError, e:
raise tornado.web.HTTPError(409,"maximum ongoin calls reached")
number = self.get_argument("number")
grant_app = Grant()
grant_id = grant_app.get(token=self._grant_token)
call_start = Call()
token_call = call_start.start_call(grant_id['id'],number)
self.set_status(201)
self.set_header("Location",DOMAIN_REST+"/call?token_call="+token_call)
self.write("")
def put(self):
"""PUT method to udpate the status of the call, in this case is stop the call and actualize the end time and the duration"""
token_call = self.get_argument("token_call")
call_stop = Call()
returned_call = call_stop.get(token=token_call)
if returned_call['duration'] is None:
call_stop.update(token_call)
self.set_status(200)
