def jtrain(): current_app.logger.debug("jtrain") schema = { "type" : "object", "properties" : { "trained" : {"type" : "string", "enum" : ["T", "F"], "optional" : False} } } v = Draft4Validator(schema) errors = sorted(v.iter_errors(request.json), key=lambda e: e.path) if len(errors) > 0: msg = u"Fields are not valid" current_app.logger.warning(msg) return jsonify({"status" : "ERROR", "message": msg}) else: trained = request.json['trained'] if trained == 'T': current_user.trained = 1 else: current_user.trained = 0 User.update_user(current_user) current_app.logger.debug("User trained") return jsonify({"status": "OK"})
def settings(): current_app.logger.debug(request.method + " User profile. user_id - " + str(current_user.id)) if request.method == "POST": form = ProfileForm(request.form) if form.validate(): if (current_user.email != form.email.data) and (len(User.get_users_by_email(form.email.data)) >= 1): flash("this email already registered, please choose another email", "error") else: current_user.name = form.username.data current_user.email = form.email.data current_user.setPassword(form.password.data) User.update_user(current_user) current_app.logger.debug("Updated user settings. user_id -" + str(current_user.id)) flash("Your user settings were successfully updated", "info") else: for field, err in form.errors.items(): for error in err: flash(getattr(form, field).label.text + " : " + error, "error") else: form = ProfileForm() form.username.data = current_user.name form.email.data = current_user.email return render_template("profile.html", form=form)
def jupdate(): current_app.logger.debug("jupdate") schema = { "type" : "object", "properties" : { "username" : {"type" : "string", "minLength" : 4, "maxLength" : 25, "pattern" : "^[A-Za-z1-9]+$"} , "email" : {"type" : "string", "optional" : False, "format" : "email", "maxLength" : 25}, "password" : {"type" : "string", "optional" : False, "minLength" : 6, "maxLength" : 25} } } v = Draft4Validator(schema) errors = sorted(v.iter_errors(request.json), key = lambda e: e.path) if len(errors) > 0: msg = u"Fields are not valid" # TODO current_app.logger.warning(msg) return jsonify({"status" : "ERROR", "message" : msg}) # change to flask.abort(code) else: current_user.name = request.json['username'] current_user.email = request.json['email'] current_user.setPassword(request.json['password']) User.update_user(current_user) current_app.logger.debug("User updated") return jsonify({"status" : "OK"})
def setUp(self): super().setUp() test_utils.setup() authorizer = Authorizer([], ['adm_user'], [], [], EmptyGroupProvider()) self.user1 = User('user1', {}) self.admin_user = User('adm_user', {}) self.config_service = ConfigService(authorizer, test_utils.temp_folder)
def test_logging_values(self): param1 = create_script_param_config('p1') param2 = create_script_param_config('p2', param='-x') param3 = create_script_param_config('p3', param='-y', no_value=True) param4 = create_script_param_config('p4', param='-z', type='int') config_model = create_config_model( 'my_script', script_command='echo', parameters=[param1, param2, param3, param4]) execution_id = self.executor_service.start_script( config_model, {'p1': 'abc', 'p3': True, 'p4': 987}, User('userX', create_audit_names(ip='localhost', auth_username='******'))) executor = self.executor_service.get_active_executor(execution_id, USER_X) executor.process_wrapper._write_script_output('some text\n') executor.process_wrapper._write_script_output('another text') executor.process_wrapper.finish(0) wait_observable_close_notification(executor.get_anonymized_output_stream(), 2) entry = self.logging_service.find_history_entry(execution_id, 'userX') self.assertIsNotNone(entry) self.assertEqual('userX', entry.user_id) self.assertEqual('sandy', entry.user_name) self.assertEqual('my_script', entry.script_name) self.assertEqual('echo abc -y -z 987', entry.command) self.assertEqual('my_script', entry.script_name) log = self.logging_service.find_log(execution_id) self.assertEqual('some text\nanother text', log)
async def login(request): post_data = await request.json() try: email = post_data['email'] pw = post_data['password'] except KeyError: return web.Response(body=json.dumps({'message': 'Missing one of the required fields'}), status=400, content_type='application/json') user = User() try: found_users = await user.search('email', 'EQ', email, 1) user_id = found_users[0][0] await user.match_password(user_id, pw) except (User.DoesNotExist, User.PasswordDoesNotMatch, IndexError): return web.Response(body=json.dumps({'message': 'Wrong credentials'}), status=400, content_type='application/json') payload = { 'user_id': user_id, 'exp': datetime.utcnow() + timedelta(minutes=JWT_EXP_DELTA_MINUTES) } jwt_token = jwt.encode(payload, JWT_SECRET, JWT_ALGORITHM) return web.Response(body=json.dumps({'message': 'Your JWT will expire in {} minutes'.format(JWT_EXP_DELTA_MINUTES), 'token': jwt_token.decode('utf-8')}), status=200, content_type='application/json')
def add_user(self, username, password): if username in self.users: raise UsernameAlreadyExists(username) if len(password) < 6: raise PasswordTooShort(username) self.users[username] = User(username, password)
def test_load_without_permissions(self): _create_script_config_file('ConfX', script_path='tests_temp/script.py') self.assertRaisesRegex(InvalidAccessException, 'Code edit is not allowed for this user', self.config_service.load_script_code, 'ConfX', User('admin_non_editor', {}))
def test_non_admin_access(self): config = _prepare_script_config_object( 'conf1', description='My wonderful test config') self.assertRaises(AdminAccessRequiredException, self.config_service.update_config, User('my_user', {}), config, 'confX.json', None)
def create_job(id=None, user_id='UserX', script_name='my_script_A', audit_names=None, repeatable=True, start_datetime=mocked_now + timedelta(seconds=5), repeat_unit=None, repeat_period=None, weekdays=None, parameter_values=None): if audit_names is None: audit_names = {audit_utils.HOSTNAME: 'my-host'} if repeatable and repeat_unit is None: repeat_unit = 'weeks' if repeatable and repeat_period is None: repeat_period = 3 if weekdays is None and repeatable and repeat_unit == 'weeks': weekdays = ['monday', 'wednesday'] if parameter_values is None: parameter_values = {'p1': 987, 'param_2': ['hello', 'world']} schedule_config = ScheduleConfig(repeatable, start_datetime) schedule_config.repeat_unit = repeat_unit schedule_config.repeat_period = repeat_period schedule_config.weekdays = weekdays return SchedulingJob(id, User(user_id, audit_names), schedule_config, script_name, parameter_values)
async def middleware(request): user = User() request.user = None jwt_token = request.headers.get('authorization', None) if jwt_token: try: payload = jwt.decode(jwt_token, JWT_SECRET, algorithms=[JWT_ALGORITHM]) except (jwt.DecodeError, jwt.ExpiredSignatureError): return web.Response(body=json.dumps( {'message': 'Token is invalid, please Log In'}), status=400, content_type='application/json') tmp = await user.get_by_id(payload['user_id']) if tmp == '404': return web.Response(body=json.dumps( {'message': 'User not found, please check Token'}), status=404, content_type='application/json') request.user = { 'id': tmp['id'], 'is_admin': tmp['is_admin'], 'is_organizer': tmp['is_organizer'], 'is_team': tmp['is_team'] } return await handler(request)
def start_script(self, config, values, user: User): audit_name = user.get_audit_name() config.set_all_param_values(values) normalized_values = dict(config.parameter_values) executor = ScriptExecutor(config, normalized_values) execution_id = self._id_generator.next_id() audit_command = executor.get_secure_command() LOGGER.info('Calling script #%s: %s', execution_id, audit_command) executor.start() self._executors[execution_id] = executor self._execution_infos[execution_id] = _ExecutionInfo( execution_id=execution_id, owner_user=user, audit_name=audit_name, audit_command=audit_command, config=config) self._active_executor_ids.add(execution_id) self._add_post_finish_handling(execution_id, executor, user) self._fire_execution_started(execution_id, user) return execution_id
def test_serialize_deserialize(self): user = User('user-X', { audit_utils.AUTH_USERNAME: '******', audit_utils.HOSTNAME: 'localhost' }) schedule_config = ScheduleConfig( True, start_datetime=datetime.now(tz=timezone.utc)) schedule_config.repeat_unit = 'weeks' schedule_config.repeat_period = 3 schedule_config.weekdays = ['monday', 'wednesday'] parameter_values = {'p1': 9, 'p2': ['A', 'C']} job = SchedulingJob(123, user, schedule_config, 'my_script', parameter_values) serialized = json.dumps(job.as_serializable_dict()) restored_job = from_dict(json.loads(serialized)) self.assertEqual(job.id, restored_job.id) self.assertEqual(job.script_name, restored_job.script_name) self.assertEqual(job.parameter_values, restored_job.parameter_values) self.assertEqual(job.user.user_id, restored_job.user.user_id) self.assertEqual(job.user.audit_names, restored_job.user.audit_names) self.assertEqual(job.schedule.repeatable, restored_job.schedule.repeatable) self.assertEqual(job.schedule.start_datetime, restored_job.schedule.start_datetime) self.assertEqual(job.schedule.repeat_period, restored_job.schedule.repeat_period) self.assertEqual(job.schedule.repeat_unit, restored_job.schedule.repeat_unit) self.assertEqual(job.schedule.weekdays, restored_job.schedule.weekdays)
def test_find_by_id_pass(): # given # when user = User.find(id_=_user.id) # then assert user assert _user == user
def wrapper(self, *args, **kwargs): user_id = _identify_user(self) audit_names = audit_utils.get_all_audit_names(self) user = User(user_id, audit_names) new_args = chain([user], args) return func(self, *new_args, **kwargs)
def setUp(self): super().setUp() test_utils.setup() self.user = User('ConfigServiceTest', {AUTH_USERNAME: '******'}) self.config_service = ConfigService(AnyUserAuthorizer(), test_utils.temp_folder)
def test_find_by_username_pass(): # given # when user = User.find(username=_user.username) # then assert user assert _user == user
async def get_user(pool: asyncpg.pool, username: str) -> Maybe[User]: async with pool.acquire() as conn: row = await conn.fetchrow( f'SELECT * FROM {USERS_TABLE_NAME} WHERE username = $1', username) if not row: return ObjectNotFound() return User(**dict(row))
def get(self): # user_key = self.request.get('user_key') user_key = "ag5kZXZ-YW5kcml5Ym9va3IjCxIIY2xzX25hbWUiBFVzZXIMCxIEVXNlchiAgICAgOqgCgw" if not user_key: return user = User.get(user_key) self._fetch_parse(user) return
def test_missing_user_pass(): # given bad_id = -1 # when user = User.find(id_=bad_id) # then assert not user
def test_cleanup(self, user_id, expected_exception): self.executor_service.stop_script(self.execution_id, self.owner_user) self._assert_throws_exception(expected_exception, self.executor_service.cleanup_execution, self.execution_id, User(user_id, {}), has_results=False) self.script_cleaned = True
def setUp(self): super().setUp() test_utils.setup() authorizer = Authorizer([], ['admin_user'], EmptyGroupProvider()) self.admin_user = User('admin_user', {}) self.config_service = ConfigService(authorizer, test_utils.temp_folder) for suffix in 'XYZ': _create_script_config_file('conf' + suffix, name='Conf ' + suffix)
def test_start_logging_on_execution_start(self): execution_id = self.executor_service.start_script( create_config_model('my_script'), {}, User('userX', create_audit_names(ip='localhost'))) executor = self.executor_service.get_active_executor(execution_id, USER_X) executor.process_wrapper.finish(0) entry = self.logging_service.find_history_entry(execution_id, USER_X.user_id) self.assertIsNotNone(entry)
def _start_with_config(execution_service, config, parameter_values=None, user_id=DEFAULT_USER_ID): if parameter_values is None: parameter_values = {} user = User(user_id, DEFAULT_AUDIT_NAMES) execution_id = execution_service.start_script(config, parameter_values, user) execution_owners[execution_id] = user return execution_id
def get_quizes_by_user_id(user_id): quiz_list = Quiz.query.filter_by(user_id=user_id).all() for quiz in quiz_list: questions = Question.get_active_questions_with_revisions_by_quiz_id(quiz.qid) if questions and len(questions) > 0: quiz.latitude = questions[0].question_revision.latitude quiz.longitude = questions[0].question_revision.longitude else: quiz.latitude = 37.4419 quiz.longitude = -122.1419 quiz.questions = questions quiz.user = User.get_user_by_id(quiz.user_id) return quiz_list
async def check_password(db_pool: asyncpg.pool, username: str, password: str) -> Maybe[User]: user_data = await get_user(db_pool, username) if isinstance(user_data, Exception): return user_data user_request = User(username, password) is_verified = passlib.hash.pbkdf2_sha256.verify(user_request.password, user_data.password) if not is_verified: return InvalidCredentials() return user_data
def get_random_public_quizzes(quizzes_number): quizzes = Quiz.query.filter_by(permission='public').order_by(func.rand()).limit(quizzes_number).all() for quiz in quizzes: questions = Question.get_active_questions_with_revisions_by_quiz_id(quiz.qid) if questions and len(questions) > 0: quiz.latitude = questions[0].question_revision.latitude quiz.longitude = questions[0].question_revision.longitude else: quiz.latitude = 37.4419 quiz.longitude = -122.1419 quiz.questions = questions quiz.user = User.get_user_by_id(quiz.user_id) return quizzes
def login(): if request.method == 'GET': return render_template('login.html') else: username = request.form['username'].strip() password = request.form['password'].strip() if username == 'XXXXXX': if password == 'XXXXXX': user = User('admin') flask_login.login_user(user) return render_template('index.html') else: return render_template('login.html', msg='User or Password Error') else: login_result = validate_user(username, password) if login_result == 1: user = User(username) flask_login.login_user(user) return render_template('index.html') else: return render_template('login.html', msg='User or Password Error!')
def setUp(self) -> None: super().setUp() test_utils.setup() authorizer = Authorizer([], ['admin_user', 'admin_non_editor'], [], ['admin_user'], EmptyGroupProvider()) self.admin_user = User('admin_user', {}) self.config_service = ConfigService(authorizer, test_utils.temp_folder) for pair in [('script.py', b'123'), ('another.py', b'xyz'), ('binary 1.bin', bytes.fromhex('300000004000000a')), ('my_python', bytes.fromhex('7F454C46'))]: path = os.path.join(test_utils.temp_folder, pair[0]) file_utils.write_file(path, pair[1], byte_content=True)
async def init_db(pool: asyncpg.pool) -> None: if await _check_table_exists(pool, USERS_TABLE_NAME): logger.info('Already initializated.') return logger.info(f'Create table: {USERS_TABLE_NAME}') async with pool.acquire() as conn: await conn.execute(f''' CREATE TABLE {USERS_TABLE_NAME}( username text PRIMARY KEY, password text, scope text ) ''') logger.info(f'Create admin user') await create_user(pool, User(ADMIN_USER, ADMIN_PASSWORD, 'admin'))
def test_exit_code(self): config_model = create_config_model( 'my_script', script_command='ls', parameters=[]) execution_id = self.executor_service.start_script( config_model, {}, User('userX', create_audit_names(ip='localhost'))) executor = self.executor_service.get_active_executor(execution_id, USER_X) executor.process_wrapper._write_script_output('some text\n') executor.process_wrapper._write_script_output('another text') executor.process_wrapper.finish(14) wait_observable_close_notification(executor.get_anonymized_output_stream(), 2) entry = self.logging_service.find_history_entry(execution_id, 'userX') self.assertEqual(14, entry.exit_code)
def post(self): user_key = self.request.get('user_key') if not user_key: return user = User.get(user_key) action = self.request.get('action') if action == 'fetch': # load from douban # however, this won't be called now, since the fetching is done outside task queue self._fetch(user) elif action == 'parse': # parse and save into datastore self._parse(user) elif action == 'fetch_parse': # fetch and parse in one loop self._fetch_parse(user) return
def finished(execution_id, user: User): return_code = execution_service.get_exit_code(execution_id) if return_code != 0: script_config = execution_service.get_config(execution_id, user) script = str(script_config.name) audit_name = user.get_audit_name() output_stream = execution_service.get_anonymized_output_stream(execution_id) title = script + ' FAILED' body = 'The script "' + script + '", started by ' + audit_name + \ ' exited with return code ' + str(return_code) + '.' + \ ' Usually this means an error, occurred during the execution.' + \ ' Please check the corresponding logs' output_stream_data = read_until_closed(output_stream) script_output = ''.join(output_stream_data) files = [File(filename='log.txt', content=script_output)] alert_service.send_alert(title, body, files)
def test_script_update_exceptions(self, mode, filename, content, username, expected_exception, expected_message): body = None if mode == 'new_code': script = {'mode': 'new_code', 'code': content, 'path': filename} elif mode == 'upload_script': script = {'mode': 'upload_script', 'path': filename} body = HTTPFile(filename='whatever', body=content.encode('utf8')) if content else None elif mode == 'new_path': script = script_path(filename) elif mode is None: script = None else: script = {'mode': mode, 'path': filename} config = _prepare_script_config_object('Conf X', script=script) self.assertRaisesRegex(expected_exception, expected_message, self.config_service.create_config, User(username, {}), config, body)
def perform_execution(self, output_files, parameter_values=None, parameters=None): if parameter_values is None: parameter_values = {} if parameters is None: parameters = [create_script_param_config(key) for key in parameter_values.keys()] config_model = create_config_model('my_script', output_files=output_files, parameters=parameters) user = User('userX', create_audit_names(ip='127.0.0.1')) execution_id = self.executor_service.start_script( config_model, parameter_values, user) self.executor_service.stop_script(execution_id, user) finish_condition = threading.Event() self.executor_service.add_finish_listener(lambda: finish_condition.set(), execution_id) finish_condition.wait(2) downloadable_files = self.feature.get_downloadable_files(execution_id) return downloadable_files
def get(self): email = auth.get_email_from_cookies(self.request.cookies) user = User.get_by_email(email) if not user: # needs to be logged in first! self.redirect('/login') return auth_code = self.request.get('code') auth_error = self.request.get('error') if auth_code: # douban user has agreed to authenticate, authorization_code provided. base_url, params = self._prepare_access_token_url(auth_code) try: page = urllib2.urlopen(base_url, urllib.urlencode(params)) except urllib2.HTTPError: msg = "HTTP error when trying to get the access token from douban, auth_code: %s" % auth_code self.redirect('/error?' + urllib.urlencode({'msg': msg})) else: obj = json.loads(page.read()) user.douban_access_token = obj.get('access_token') user.douban_refresh_token = obj.get('refresh_token') user.douban_id = obj.get('douban_user_id') obj = get_my_info(user.douban_access_token) user.add_info_from_douban(obj) user.put() self.redirect('/me') elif auth_error: # douban user disagreed to authenticate, error message provided. msg = "Please click Agree to bind your Douban account! Auth error: %s" % auth_error self.redirect('/error?' + urllib.urlencode({'msg': msg})) else: # To start OAuth2 authentication or has fully finished. if user.is_douban_connected(): self.redirect('/me') else: self.redirect(self._prepare_authorization_code_url())
async def register(request): post_data = await request.json() try: email = post_data['email'] pw = post_data['password'] is_organizer = post_data['is_organizer'] is_team = post_data['is_team'] except KeyError: return web.Response(body=json.dumps({'message': 'Missing one of the required fields'}), status=400, content_type='application/json') user = User() try: await user.add(email, pw, is_organizer=is_organizer, is_team=is_team) except User.EmailDoesExist: return web.Response(body=json.dumps({'message': 'User with this e-mail does exist'}), status=400, content_type='application/json') return web.Response(body=json.dumps({'message': 'Registration successfully completed.' ' To login open: /api/login with POST'}), status=200, content_type='application/json')
def test_get_config(self, user_id, expected_exception): self._assert_throws_exception(expected_exception, self.executor_service.get_config, self.execution_id, User(user_id, {}))
def get_quiz_by_id(qid): q = Quiz.query.filter_by(qid=qid).first() if q: q.questions = Question.get_all_active_questions_by_quiz_id(q.qid) q.user = User.get_user_by_id(q.user_id) return q
def get_historysession_by_id(hsid): hs = Historysession.query.filter_by(hsid=hsid).first() hs.user = User.get_user_by_id(hs.user_id) return hs