Example #1
0
def jtrain():
    current_app.logger.debug("jtrain")

    schema = {
        "type" : "object",
        "properties" : {
            "trained" : {"type" : "string", "enum" : ["T", "F"], "optional" : False}
            }
        }

    v = Draft4Validator(schema)
    errors = sorted(v.iter_errors(request.json), key=lambda e: e.path)

    if len(errors) > 0:
        msg = u"Fields are not valid"
        current_app.logger.warning(msg)
        return jsonify({"status" : "ERROR", "message": msg})
    else:
        trained = request.json['trained']
        if trained == 'T':
            current_user.trained = 1
        else:
            current_user.trained = 0

        User.update_user(current_user)
        current_app.logger.debug("User trained")

        return jsonify({"status": "OK"})
Example #2
0
def settings():
    current_app.logger.debug(request.method + " User profile. user_id - " + str(current_user.id))
        
    if request.method == "POST":
        form = ProfileForm(request.form)
        if form.validate():

            if (current_user.email != form.email.data) and (len(User.get_users_by_email(form.email.data)) >= 1):
                flash("this email already registered, please choose another email", "error")
            else:

                current_user.name = form.username.data
                current_user.email = form.email.data
                current_user.setPassword(form.password.data)

                User.update_user(current_user)

                current_app.logger.debug("Updated user settings. user_id -" + str(current_user.id))
                flash("Your user settings were successfully updated", "info")
        else:
            for field, err in form.errors.items():
                for error in err:                    
                    flash(getattr(form, field).label.text + " : " + error, "error")
    else:
        form = ProfileForm()
        form.username.data = current_user.name
        form.email.data = current_user.email
        
    return render_template("profile.html", form=form)
Example #3
0
def jupdate():
    current_app.logger.debug("jupdate")
    
    schema = {
        "type" : "object",
        "properties" : {            
            "username" : {"type" : "string", "minLength" : 4, "maxLength" : 25, "pattern" : "^[A-Za-z1-9]+$"} ,
            "email" : {"type" : "string", "optional" : False, "format" : "email", "maxLength" : 25},
            "password" : {"type" : "string", "optional" : False, "minLength" : 6, "maxLength" : 25}
            }
        }
        
    v = Draft4Validator(schema)
    errors = sorted(v.iter_errors(request.json), key = lambda e: e.path)
        
    if len(errors) > 0:
        msg = u"Fields are not valid" # TODO
        current_app.logger.warning(msg)
        return jsonify({"status" : "ERROR", "message" : msg})
        # change to flask.abort(code)
    else:
        current_user.name = request.json['username']
        current_user.email = request.json['email']
        current_user.setPassword(request.json['password'])
        
        User.update_user(current_user)
        
        current_app.logger.debug("User updated")
        
        return jsonify({"status" : "OK"})
Example #4
0
    def setUp(self):
        super().setUp()
        test_utils.setup()

        authorizer = Authorizer([], ['adm_user'], [], [], EmptyGroupProvider())
        self.user1 = User('user1', {})
        self.admin_user = User('adm_user', {})
        self.config_service = ConfigService(authorizer, test_utils.temp_folder)
Example #5
0
    def test_logging_values(self):
        param1 = create_script_param_config('p1')
        param2 = create_script_param_config('p2', param='-x')
        param3 = create_script_param_config('p3', param='-y', no_value=True)
        param4 = create_script_param_config('p4', param='-z', type='int')
        config_model = create_config_model(
            'my_script', script_command='echo', parameters=[param1, param2, param3, param4])

        execution_id = self.executor_service.start_script(
            config_model,
            {'p1': 'abc', 'p3': True, 'p4': 987},
            User('userX', create_audit_names(ip='localhost', auth_username='******')))

        executor = self.executor_service.get_active_executor(execution_id, USER_X)
        executor.process_wrapper._write_script_output('some text\n')
        executor.process_wrapper._write_script_output('another text')
        executor.process_wrapper.finish(0)

        wait_observable_close_notification(executor.get_anonymized_output_stream(), 2)

        entry = self.logging_service.find_history_entry(execution_id, 'userX')
        self.assertIsNotNone(entry)
        self.assertEqual('userX', entry.user_id)
        self.assertEqual('sandy', entry.user_name)
        self.assertEqual('my_script', entry.script_name)
        self.assertEqual('echo abc -y -z 987', entry.command)
        self.assertEqual('my_script', entry.script_name)

        log = self.logging_service.find_log(execution_id)
        self.assertEqual('some text\nanother text', log)
Example #6
0
async def login(request):
    post_data = await request.json()
    try:
        email = post_data['email']
        pw = post_data['password']
    except KeyError:
        return web.Response(body=json.dumps({'message': 'Missing one of the required fields'}),
                            status=400,
                            content_type='application/json')
    user = User()
    try:
        found_users = await user.search('email', 'EQ', email, 1)
        user_id = found_users[0][0]
        await user.match_password(user_id, pw)
    except (User.DoesNotExist, User.PasswordDoesNotMatch, IndexError):
        return web.Response(body=json.dumps({'message': 'Wrong credentials'}),
                            status=400,
                            content_type='application/json')
    payload = {
        'user_id': user_id,
        'exp': datetime.utcnow() + timedelta(minutes=JWT_EXP_DELTA_MINUTES)
    }
    jwt_token = jwt.encode(payload, JWT_SECRET, JWT_ALGORITHM)
    return web.Response(body=json.dumps({'message': 'Your JWT will expire in {} minutes'.format(JWT_EXP_DELTA_MINUTES),
                                         'token': jwt_token.decode('utf-8')}),
                        status=200,
                        content_type='application/json')
Example #7
0
    def add_user(self, username, password):
        if username in self.users:
            raise UsernameAlreadyExists(username)
        if len(password) < 6:
            raise PasswordTooShort(username)

        self.users[username] = User(username, password)
Example #8
0
    def test_load_without_permissions(self):
        _create_script_config_file('ConfX', script_path='tests_temp/script.py')

        self.assertRaisesRegex(InvalidAccessException,
                               'Code edit is not allowed for this user',
                               self.config_service.load_script_code, 'ConfX',
                               User('admin_non_editor', {}))
Example #9
0
    def test_non_admin_access(self):
        config = _prepare_script_config_object(
            'conf1', description='My wonderful test config')

        self.assertRaises(AdminAccessRequiredException,
                          self.config_service.update_config,
                          User('my_user', {}), config, 'confX.json', None)
Example #10
0
def create_job(id=None,
               user_id='UserX',
               script_name='my_script_A',
               audit_names=None,
               repeatable=True,
               start_datetime=mocked_now + timedelta(seconds=5),
               repeat_unit=None,
               repeat_period=None,
               weekdays=None,
               parameter_values=None):
    if audit_names is None:
        audit_names = {audit_utils.HOSTNAME: 'my-host'}

    if repeatable and repeat_unit is None:
        repeat_unit = 'weeks'
    if repeatable and repeat_period is None:
        repeat_period = 3

    if weekdays is None and repeatable and repeat_unit == 'weeks':
        weekdays = ['monday', 'wednesday']

    if parameter_values is None:
        parameter_values = {'p1': 987, 'param_2': ['hello', 'world']}

    schedule_config = ScheduleConfig(repeatable, start_datetime)
    schedule_config.repeat_unit = repeat_unit
    schedule_config.repeat_period = repeat_period
    schedule_config.weekdays = weekdays

    return SchedulingJob(id, User(user_id, audit_names), schedule_config, script_name, parameter_values)
Example #11
0
    async def middleware(request):

        user = User()
        request.user = None
        jwt_token = request.headers.get('authorization', None)
        if jwt_token:
            try:
                payload = jwt.decode(jwt_token,
                                     JWT_SECRET,
                                     algorithms=[JWT_ALGORITHM])
            except (jwt.DecodeError, jwt.ExpiredSignatureError):
                return web.Response(body=json.dumps(
                    {'message': 'Token is invalid, please Log In'}),
                                    status=400,
                                    content_type='application/json')

            tmp = await user.get_by_id(payload['user_id'])
            if tmp == '404':
                return web.Response(body=json.dumps(
                    {'message': 'User not found, please check Token'}),
                                    status=404,
                                    content_type='application/json')
            request.user = {
                'id': tmp['id'],
                'is_admin': tmp['is_admin'],
                'is_organizer': tmp['is_organizer'],
                'is_team': tmp['is_team']
            }
        return await handler(request)
Example #12
0
    def start_script(self, config, values, user: User):
        audit_name = user.get_audit_name()

        config.set_all_param_values(values)
        normalized_values = dict(config.parameter_values)

        executor = ScriptExecutor(config, normalized_values)
        execution_id = self._id_generator.next_id()

        audit_command = executor.get_secure_command()
        LOGGER.info('Calling script #%s: %s', execution_id, audit_command)

        executor.start()
        self._executors[execution_id] = executor
        self._execution_infos[execution_id] = _ExecutionInfo(
            execution_id=execution_id,
            owner_user=user,
            audit_name=audit_name,
            audit_command=audit_command,
            config=config)
        self._active_executor_ids.add(execution_id)

        self._add_post_finish_handling(execution_id, executor, user)

        self._fire_execution_started(execution_id, user)

        return execution_id
Example #13
0
    def test_serialize_deserialize(self):
        user = User('user-X', {
            audit_utils.AUTH_USERNAME: '******',
            audit_utils.HOSTNAME: 'localhost'
        })
        schedule_config = ScheduleConfig(
            True, start_datetime=datetime.now(tz=timezone.utc))
        schedule_config.repeat_unit = 'weeks'
        schedule_config.repeat_period = 3
        schedule_config.weekdays = ['monday', 'wednesday']
        parameter_values = {'p1': 9, 'p2': ['A', 'C']}

        job = SchedulingJob(123, user, schedule_config, 'my_script',
                            parameter_values)

        serialized = json.dumps(job.as_serializable_dict())
        restored_job = from_dict(json.loads(serialized))

        self.assertEqual(job.id, restored_job.id)
        self.assertEqual(job.script_name, restored_job.script_name)
        self.assertEqual(job.parameter_values, restored_job.parameter_values)

        self.assertEqual(job.user.user_id, restored_job.user.user_id)
        self.assertEqual(job.user.audit_names, restored_job.user.audit_names)

        self.assertEqual(job.schedule.repeatable,
                         restored_job.schedule.repeatable)
        self.assertEqual(job.schedule.start_datetime,
                         restored_job.schedule.start_datetime)
        self.assertEqual(job.schedule.repeat_period,
                         restored_job.schedule.repeat_period)
        self.assertEqual(job.schedule.repeat_unit,
                         restored_job.schedule.repeat_unit)
        self.assertEqual(job.schedule.weekdays, restored_job.schedule.weekdays)
Example #14
0
def test_find_by_id_pass():
    # given
    # when
    user = User.find(id_=_user.id)

    # then
    assert user
    assert _user == user
Example #15
0
    def wrapper(self, *args, **kwargs):
        user_id = _identify_user(self)
        audit_names = audit_utils.get_all_audit_names(self)

        user = User(user_id, audit_names)

        new_args = chain([user], args)
        return func(self, *new_args, **kwargs)
Example #16
0
    def setUp(self):
        super().setUp()
        test_utils.setup()

        self.user = User('ConfigServiceTest',
                         {AUTH_USERNAME: '******'})
        self.config_service = ConfigService(AnyUserAuthorizer(),
                                            test_utils.temp_folder)
Example #17
0
def test_find_by_username_pass():
    # given
    # when
    user = User.find(username=_user.username)

    # then
    assert user
    assert _user == user
Example #18
0
async def get_user(pool: asyncpg.pool, username: str) -> Maybe[User]:
    async with pool.acquire() as conn:
        row = await conn.fetchrow(
            f'SELECT * FROM {USERS_TABLE_NAME} WHERE username = $1', username)

    if not row:
        return ObjectNotFound()
    return User(**dict(row))
Example #19
0
    def get(self):
#        user_key = self.request.get('user_key')
        user_key = "ag5kZXZ-YW5kcml5Ym9va3IjCxIIY2xzX25hbWUiBFVzZXIMCxIEVXNlchiAgICAgOqgCgw"
        if not user_key:
            return

        user = User.get(user_key)
        self._fetch_parse(user)
        return
Example #20
0
def test_missing_user_pass():
    # given
    bad_id = -1

    # when
    user = User.find(id_=bad_id)

    # then
    assert not user
Example #21
0
    def test_cleanup(self, user_id, expected_exception):
        self.executor_service.stop_script(self.execution_id, self.owner_user)

        self._assert_throws_exception(expected_exception,
                                      self.executor_service.cleanup_execution,
                                      self.execution_id,
                                      User(user_id, {}),
                                      has_results=False)

        self.script_cleaned = True
Example #22
0
    def setUp(self):
        super().setUp()
        test_utils.setup()

        authorizer = Authorizer([], ['admin_user'], EmptyGroupProvider())
        self.admin_user = User('admin_user', {})
        self.config_service = ConfigService(authorizer, test_utils.temp_folder)

        for suffix in 'XYZ':
            _create_script_config_file('conf' + suffix, name='Conf ' + suffix)
Example #23
0
    def test_start_logging_on_execution_start(self):
        execution_id = self.executor_service.start_script(
            create_config_model('my_script'),
            {},
            User('userX', create_audit_names(ip='localhost')))

        executor = self.executor_service.get_active_executor(execution_id, USER_X)
        executor.process_wrapper.finish(0)

        entry = self.logging_service.find_history_entry(execution_id, USER_X.user_id)
        self.assertIsNotNone(entry)
Example #24
0
def _start_with_config(execution_service,
                       config,
                       parameter_values=None,
                       user_id=DEFAULT_USER_ID):
    if parameter_values is None:
        parameter_values = {}

    user = User(user_id, DEFAULT_AUDIT_NAMES)
    execution_id = execution_service.start_script(config, parameter_values,
                                                  user)
    execution_owners[execution_id] = user
    return execution_id
Example #25
0
 def get_quizes_by_user_id(user_id):
     quiz_list = Quiz.query.filter_by(user_id=user_id).all()
     for quiz in quiz_list:
         questions = Question.get_active_questions_with_revisions_by_quiz_id(quiz.qid)
         if questions and len(questions) > 0:
             quiz.latitude = questions[0].question_revision.latitude
             quiz.longitude = questions[0].question_revision.longitude
         else:
             quiz.latitude = 37.4419
             quiz.longitude = -122.1419
         quiz.questions = questions
         quiz.user = User.get_user_by_id(quiz.user_id)
     return quiz_list
Example #26
0
async def check_password(db_pool: asyncpg.pool, username: str,
                         password: str) -> Maybe[User]:
    user_data = await get_user(db_pool, username)
    if isinstance(user_data, Exception):
        return user_data

    user_request = User(username, password)
    is_verified = passlib.hash.pbkdf2_sha256.verify(user_request.password,
                                                    user_data.password)
    if not is_verified:
        return InvalidCredentials()

    return user_data
Example #27
0
 def get_random_public_quizzes(quizzes_number):
     quizzes = Quiz.query.filter_by(permission='public').order_by(func.rand()).limit(quizzes_number).all()
     for quiz in quizzes:
         questions = Question.get_active_questions_with_revisions_by_quiz_id(quiz.qid)
         if questions and len(questions) > 0:
             quiz.latitude = questions[0].question_revision.latitude
             quiz.longitude = questions[0].question_revision.longitude
         else:
             quiz.latitude = 37.4419
             quiz.longitude = -122.1419
         quiz.questions = questions
         quiz.user = User.get_user_by_id(quiz.user_id)
     return quizzes
Example #28
0
def login():
    if request.method == 'GET':
        return render_template('login.html')
    else:
        username = request.form['username'].strip()
        password = request.form['password'].strip()
        if username == 'XXXXXX':
            if password == 'XXXXXX':
                user = User('admin')
                flask_login.login_user(user)
                return render_template('index.html')
            else:
                return render_template('login.html',
                                       msg='User or Password Error')
        else:
            login_result = validate_user(username, password)
            if login_result == 1:
                user = User(username)
                flask_login.login_user(user)
                return render_template('index.html')
            else:
                return render_template('login.html',
                                       msg='User or Password Error!')
Example #29
0
    def setUp(self) -> None:
        super().setUp()
        test_utils.setup()

        authorizer = Authorizer([], ['admin_user', 'admin_non_editor'], [],
                                ['admin_user'], EmptyGroupProvider())
        self.admin_user = User('admin_user', {})
        self.config_service = ConfigService(authorizer, test_utils.temp_folder)

        for pair in [('script.py', b'123'), ('another.py', b'xyz'),
                     ('binary 1.bin', bytes.fromhex('300000004000000a')),
                     ('my_python', bytes.fromhex('7F454C46'))]:
            path = os.path.join(test_utils.temp_folder, pair[0])
            file_utils.write_file(path, pair[1], byte_content=True)
Example #30
0
async def init_db(pool: asyncpg.pool) -> None:
    if await _check_table_exists(pool, USERS_TABLE_NAME):
        logger.info('Already initializated.')
        return

    logger.info(f'Create table: {USERS_TABLE_NAME}')
    async with pool.acquire() as conn:
        await conn.execute(f'''
            CREATE TABLE {USERS_TABLE_NAME}(
                username text PRIMARY KEY,
                password text,
                scope text
            )
        ''')

    logger.info(f'Create admin user')
    await create_user(pool, User(ADMIN_USER, ADMIN_PASSWORD, 'admin'))
Example #31
0
    def test_exit_code(self):
        config_model = create_config_model(
            'my_script', script_command='ls', parameters=[])

        execution_id = self.executor_service.start_script(
            config_model,
            {},
            User('userX', create_audit_names(ip='localhost')))

        executor = self.executor_service.get_active_executor(execution_id, USER_X)
        executor.process_wrapper._write_script_output('some text\n')
        executor.process_wrapper._write_script_output('another text')
        executor.process_wrapper.finish(14)

        wait_observable_close_notification(executor.get_anonymized_output_stream(), 2)

        entry = self.logging_service.find_history_entry(execution_id, 'userX')
        self.assertEqual(14, entry.exit_code)
Example #32
0
    def post(self):
        user_key = self.request.get('user_key')
        if not user_key:
            return
        user = User.get(user_key)

        action = self.request.get('action')
        if action == 'fetch':
            # load from douban
            # however, this won't be called now, since the fetching is done outside task queue
            self._fetch(user)
        elif action == 'parse':
            # parse and save into datastore
            self._parse(user)
        elif action == 'fetch_parse':
            # fetch and parse in one loop
            self._fetch_parse(user)
        return
Example #33
0
        def finished(execution_id, user: User):
            return_code = execution_service.get_exit_code(execution_id)

            if return_code != 0:
                script_config = execution_service.get_config(execution_id, user)
                script = str(script_config.name)
                audit_name = user.get_audit_name()
                output_stream = execution_service.get_anonymized_output_stream(execution_id)

                title = script + ' FAILED'
                body = 'The script "' + script + '", started by ' + audit_name + \
                       ' exited with return code ' + str(return_code) + '.' + \
                       ' Usually this means an error, occurred during the execution.' + \
                       ' Please check the corresponding logs'

                output_stream_data = read_until_closed(output_stream)
                script_output = ''.join(output_stream_data)

                files = [File(filename='log.txt', content=script_output)]
                alert_service.send_alert(title, body, files)
Example #34
0
    def test_script_update_exceptions(self, mode, filename, content, username,
                                      expected_exception, expected_message):
        body = None
        if mode == 'new_code':
            script = {'mode': 'new_code', 'code': content, 'path': filename}
        elif mode == 'upload_script':
            script = {'mode': 'upload_script', 'path': filename}
            body = HTTPFile(filename='whatever',
                            body=content.encode('utf8')) if content else None
        elif mode == 'new_path':
            script = script_path(filename)
        elif mode is None:
            script = None
        else:
            script = {'mode': mode, 'path': filename}

        config = _prepare_script_config_object('Conf X', script=script)
        self.assertRaisesRegex(expected_exception, expected_message,
                               self.config_service.create_config,
                               User(username, {}), config, body)
Example #35
0
    def perform_execution(self, output_files, parameter_values=None, parameters=None):
        if parameter_values is None:
            parameter_values = {}

        if parameters is None:
            parameters = [create_script_param_config(key) for key in parameter_values.keys()]

        config_model = create_config_model('my_script', output_files=output_files, parameters=parameters)

        user = User('userX', create_audit_names(ip='127.0.0.1'))
        execution_id = self.executor_service.start_script(
            config_model, parameter_values, user)
        self.executor_service.stop_script(execution_id, user)

        finish_condition = threading.Event()
        self.executor_service.add_finish_listener(lambda: finish_condition.set(), execution_id)
        finish_condition.wait(2)

        downloadable_files = self.feature.get_downloadable_files(execution_id)

        return downloadable_files
Example #36
0
    def get(self):
        email = auth.get_email_from_cookies(self.request.cookies)
        user = User.get_by_email(email)
        if not user:
            # needs to be logged in first!
            self.redirect('/login')
            return

        auth_code = self.request.get('code')
        auth_error = self.request.get('error')

        if auth_code:
            # douban user has agreed to authenticate, authorization_code provided.
            base_url, params = self._prepare_access_token_url(auth_code)
            try:
                page = urllib2.urlopen(base_url, urllib.urlencode(params))
            except urllib2.HTTPError:
                msg = "HTTP error when trying to get the access token from douban, auth_code: %s" % auth_code
                self.redirect('/error?' + urllib.urlencode({'msg': msg}))
            else:
                obj = json.loads(page.read())
                user.douban_access_token = obj.get('access_token')
                user.douban_refresh_token = obj.get('refresh_token')
                user.douban_id = obj.get('douban_user_id')

                obj = get_my_info(user.douban_access_token)
                user.add_info_from_douban(obj)
                user.put()

                self.redirect('/me')
        elif auth_error:
            # douban user disagreed to authenticate, error message provided.
            msg = "Please click Agree to bind your Douban account! Auth error: %s" % auth_error
            self.redirect('/error?' + urllib.urlencode({'msg': msg}))
        else:
            # To start OAuth2 authentication or has fully finished.
            if user.is_douban_connected():
                self.redirect('/me')
            else:
                self.redirect(self._prepare_authorization_code_url())
Example #37
0
async def register(request):
    post_data = await request.json()
    try:
        email = post_data['email']
        pw = post_data['password']
        is_organizer = post_data['is_organizer']
        is_team = post_data['is_team']
    except KeyError:
        return web.Response(body=json.dumps({'message': 'Missing one of the required fields'}),
                            status=400,
                            content_type='application/json')
    user = User()
    try:
        await user.add(email, pw, is_organizer=is_organizer, is_team=is_team)
    except User.EmailDoesExist:
        return web.Response(body=json.dumps({'message': 'User with this e-mail does exist'}),
                            status=400,
                            content_type='application/json')
    return web.Response(body=json.dumps({'message': 'Registration successfully completed.'
                                                    ' To login open: /api/login with POST'}),
                        status=200,
                        content_type='application/json')
Example #38
0
 def test_get_config(self, user_id, expected_exception):
     self._assert_throws_exception(expected_exception,
                                   self.executor_service.get_config,
                                   self.execution_id, User(user_id, {}))
Example #39
0
 def get_quiz_by_id(qid):
     q = Quiz.query.filter_by(qid=qid).first()
     if q:
         q.questions = Question.get_all_active_questions_by_quiz_id(q.qid)
         q.user = User.get_user_by_id(q.user_id)
     return q
Example #40
0
 def get_historysession_by_id(hsid):
     hs = Historysession.query.filter_by(hsid=hsid).first()
     hs.user = User.get_user_by_id(hs.user_id)
     return hs