def fetchUser(username):
db_rw = connect()
cur = db_rw.cursor(mdb.cursors.DictCursor)
cur.execute("SELECT id, username FROM users WHERE username=%s", (username))
if cur.rowcount < 1:
return None
return FormsDict(cur.fetchone())
def selectors():
def getSelector(defenseList, selectedDefense=None):
return "".join("<option value=%d%s>%d - %s</option>" % \
(i,(defenseList[i].name==selectedDefense.name and " selected" or ""), i, defenseList[i].name) \
for i in range(len(defenseList)))
return FormsDict(xssoptions=getSelector(xssDefenses,xssDefense),
csrfoptions=getSelector(csrfDefenses,csrfDefense))
def fetchUser(username):
db_rw = connect()
cur = db_rw.cursor()
cur.execute("SELECT username FROM users WHERE username=?", (username, ))
users = cur.fetchall()
if len(users) < 1:
return None
return FormsDict(username=users[0][0])
def test_decode_method(self):
""" FomsDict.attribute returs u'' on UnicodeError. """
data = tob('äöü')
d = FormsDict(py2=data, py3=data.decode('latin1'))
d = d.decode()
self.assertFalse(d.recode_unicode)
self.assertTrue(hasattr(list(d.keys())[0], 'encode'))
self.assertTrue(hasattr(list(d.values())[0], 'encode'))
def add_picture(b64,key,artist:Multi=[],title=None):
if (checkAPIkey(key)):
keys = FormsDict()
for a in artist:
keys.append("artist",a)
if title is not None: keys.append("title",title)
k_filter, _, _, _ = uri_to_internal(keys)
if "track" in k_filter: k_filter = k_filter["track"]
utilities.set_image(b64,**k_filter)
def setUp(self):
self.old_file_web_schema = api_files.file_web_schema
self.old_request = api_files.request
self.file_web_schema = MagicMock()
self.request = MagicMock()
self.request.query = FormsDict()
self.db = MagicMock()
api_files.file_web_schema = self.file_web_schema
api_files.request = self.request
def trackInfo_external(artist:Multi[str],**keys):
# transform into a multidict so we can use our nomral uri_to_internal function
keys = FormsDict(keys)
for a in artist:
keys.append("artist",a)
k_filter, _, _, _ = uri_to_internal(keys,forceTrack=True)
ckeys = {**k_filter}
results = trackInfo(**ckeys)
return results
def remove_identical(*dicts):
#combine multiple dicts
keys = FormsDict()
for d in dicts:
for k in d:
try: #multidicts
for v in d.getall(k):
keys.append(k, v)
except: #normaldicts
v = d.get(k)
keys.append(k, v)
new = FormsDict()
for k in keys:
#values = set(keys.getall(k))
values = keys.getall(k) # NO IDENTICAL REMOVAL FOR NOW
for v in values:
new.append(k, v)
return new
def remove_identical(*dicts):
#combine multiple dicts
keys = FormsDict()
for d in dicts:
for k in d:
try: #multidicts
for v in d.getall(k):
keys.append(k, v)
except: #normaldicts
v = d.get(k)
keys.append(k, v)
return keys
def pickKeys(d,*keys):
if isinstance(d,dict):
return {k:d.get(k) for k in d if k in keys}
else:
# create a normal dictionary of lists
newd = {k:d.getall(k) for k in d if k in keys}
# one by one add the list entries to the formsdict
finald = FormsDict()
for k in newd:
for v in newd.get(k):
finald.append(k,v)
return finald
def home():
'''
This is the initial view, before the user has clicked "Submit"
'''
return view(
'robo_draft',
#summary_text='',
use_text='',
source_text='',
# Use an empty FormsDict on initial load so data fields are empty
form=FormsDict(),
)
def fetchUser(username):
""" checks if there exists given username in table users or not
if user exists return (id, username) pair
if user does not exist return None
@param username: the username of a user
@return The row which has username is equal to provided input
"""
db_rw = connect()
cur = db_rw.cursor(mdb.cursors.DictCursor)
print username
#TODO: Implement a prepared statement so that this query selects a id and username of the row which has column username = username
if cur.rowcount < 1:
return None
return FormsDict(cur.fetchone())
def fetchUser(username):
""" checks if there exists given username in table users or not
if user exists return (id, username) pair
if user does not exist return None
@param username: the username of a user
@return The row which has username is equal to provided input
"""
db_rw = connect()
cur = db_rw.cursor(mdb.cursors.DictCursor)
#TODO use cur.execute() to fetch the row with this username from the users table, if it exists
query = "SELECT id, username FROM project2.users WHERE username=%s;"
cur.execute(query, (username))
if cur.rowcount < 1:
return None
return FormsDict(cur.fetchone())
def search():
defenses.setup(request, response)
csrftoken = defenses.csrfDefense.init(request, response)
defenses.xssDefense.init(response)
query = defenses.xssDefense.filter(request.query.q)
user = getUser()
if user and user.id:
if query != "":
database.addHistory(user.id, query)
history = database.getHistory(user.id)
else:
history = None
return dict(v=FormsDict(defenses=defenses.selectors(),
user=getUser(),
query=query,
history=history,
csrfcode=defenses.csrfDefense.formHTML(csrftoken)))
def internal_to_uri(keys):
urikeys = FormsDict()
#filter
if "artist" in keys:
urikeys.append("artist", keys["artist"])
if keys.get("associated"): urikeys.append("associated", "yes")
elif "track" in keys:
for a in keys["track"]["artists"]:
urikeys.append("artist", a)
urikeys.append("title", keys["track"]["title"])
#time
if "timerange" in keys:
keydict = keys["timerange"].urikeys()
for k in keydict:
urikeys.append(k, keydict[k])
elif "within" in keys:
urikeys.append("in", time_str(keys["within"]))
else:
if "since" in keys and keys["since"] is not None:
urikeys.append("since", time_str(keys["since"]))
if "to" in keys and keys["to"] is not None:
urikeys.append("to", time_str(keys["to"]))
# delimit
if "step" in keys:
urikeys.append("step", keys["step"])
if "stepn" in keys:
urikeys.append("stepn", str(keys["stepn"]))
if "trail" in keys:
if keys["trail"] == math.inf:
urikeys.append("cumulative", "yes")
else:
urikeys.append("trail", str(keys["trail"]))
# stuff
#if "max_" in keys:
# urikeys.append("max",str(keys["max_"]))
if "page" in keys:
urikeys.append("page", str(keys["page"]))
if "perpage" in keys:
urikeys.append("perpage", str(keys["perpage"]))
return urikeys
def search():
defenses.setup(request, response)
csrftoken = defenses.csrfDefense.init(request, response)
defenses.xssDefense.init(response)
query = defenses.xssDefense.filter(request.query.q)
user = getUser()
if user and user.id:
if user.username != 'attacker': # Hack to prevent students from polluting each others' history
if query != "":
database.addHistory(user.id, query)
history = database.getHistory(user.id)
else:
history = None
return dict(v=FormsDict(defenses=defenses.selectors(),
user=getUser(),
query=query,
history=history,
csrfcode=defenses.csrfDefense.formHTML(csrftoken)))
def fetchUser(username):
""" checks if there exists given username in table users or not
if user exists return (id, username) pair
if user does not exist return None
@param username: the username of a user
@return The row which has username is equal to provided input
"""
db_rw = connect()
cur = db_rw.cursor(mdb.cursors.DictCursor)
#TODO use cur.execute() to fetch the row with this username from the users table, if it exists
query = "select id,username from users where username=%s"
cur.execute(query, (username, ))
if cur.rowcount < 1:
print("User not found", username)
return None
print('Found user: ', username)
return FormsDict(cur.fetchone())
def handle(self, nodes, reqmethod, querykeys, headers):
for f in self.functions:
if f["method"] != reqmethod: continue
pathkeys = FormsDict()
# match against paths
r = parse.parse(f["path"], "/".join(nodes))
if r is not None:
func = f["func"]
for k in r.named:
# set vars according to path match
pathkeys[k] = r[k]
types = func.__annotations__
for k in pathkeys:
if k in types:
if isinstance(types[k], MultiType):
subtype = types[k].elementtype
pk = pathkeys[k].split("/")
pathkeys[k] = [subtype(e) for e in pk]
else:
pathkeys[k] = types[k](pathkeys[k])
for k in querykeys:
if k in types:
if isinstance(types[k], MultiType):
subtype = types[k].elementtype
qk = querykeys.getall(k)
querykeys.replace(k, [subtype(e) for e in qk])
else:
querykeys[k] = types[k](querykeys[k])
if f["headers"]:
return func(**querykeys, **pathkeys, **headers)
else:
return func(**querykeys, **pathkeys)
return {"error": "Not found"}
def show_wifi_form():
return template('wifi-form',
errors=None,
data=FormsDict(),
orientations=ORIENTATIONS,
geojson=GEOJSON_NAME)
def test_attr_access(self):
""" FomsDict.attribute returs string values as unicode. """
d = FormsDict(py2=tob('瓶'), py3=tob('瓶').decode('latin1'))
self.assertEqual(touni('瓶'), d.py2)
self.assertEqual(touni('瓶'), d.py3)
def setUp(self):
self.old_request = api_scans.request
self.request = MagicMock()
self.request.query = FormsDict()
api_scans.request = self.request
def test_decode_method(self):
d = FormsDict(py2=tob('瓶'), py3=tob('瓶').decode('latin1'))
d = d.decode()
self.assertFalse(d.recode_unicode)
self.assertTrue(hasattr(list(d.keys())[0], 'encode'))
self.assertTrue(hasattr(list(d.values())[0], 'encode'))
def test_attr_unicode_error(self):
""" FomsDict.attribute returs u'' on UnicodeError. """
d = FormsDict(latin=touni('öäüß').encode('latin1'))
self.assertEqual(touni(''), d.latin)
d.input_encoding = 'latin1'
self.assertEqual(touni('öäüß'), d.latin)
def test_attr_missing(self):
""" FomsDict.attribute returs u'' on missing keys. """
d = FormsDict()
self.assertEqual(touni(''), d.missing)
def handle(self, nodes, reqmethod, querykeys, headers):
cls = self.classes[nodes.pop(0)]
# REST access to resource
if (reqmethod in ["POST"] and len(nodes) == 0) or (len(nodes) == 1):
if reqmethod in ["POST"]:
newobj = cls(**querykeys)
# new object will sign up by itself thanks to class decorator
return newobj.__apidict__()
if reqmethod in ["GET", "PATCH", "DELETE"]:
objkey = nodes.pop(0)
obj = self.objects[cls][objkey]
if reqmethod == "PATCH":
try:
return obj.__patch__(**querykeys)
except:
pass
# if no __patch__ method is provided, we try everythin we can
# to somehow patch this object
for key in querykeys:
for assignattempt in (
# oh boy here we go again
"getattr(obj,'set_' + key)(querykeys[key])",
"getattr(obj,'set' + key)(querykeys[key])",
"obj[key] = querykeys[key]",
"setattr(obj,key,querykeys[key])"):
try:
exec(assignattempt)
break
except:
pass
return obj.__apidict__()
if reqmethod == "GET":
return obj.__apidict__()
if reqmethod == "DELETE":
del self.objects[cls][objkey]
return {"status": "success"}
# access to object methods
elif len(nodes) > 1:
objkey = nodes.pop(0)
obj = self.objects[cls][objkey]
for f in self.functions[cls]:
if f["method"] != reqmethod: continue
pathkeys = FormsDict()
# match against paths
r = parse.parse(f["path"], "/".join(nodes))
if r is not None:
func = f["func"]
for k in r.named:
# set vars according to path match
pathkeys[k] = r[k]
types = func.__annotations__
for k in pathkeys:
if k in types:
if isinstance(types[k], MultiType):
subtype = types[k].elementtype
pk = pathkeys[k].split("/")
pathkeys[k] = [subtype(e) for e in pk]
else:
pathkeys[k] = types[k](pathkeys[k])
for k in querykeys:
if k in types:
if isinstance(types[k], MultiType):
subtype = types[k].elementtype
qk = querykeys.getall(k)
querykeys[k] = [subtype(e) for e in qk]
else:
querykeys[k] = types[k](querykeys[k])
if f["headers"]:
return func(obj, **querykeys, **pathkeys, **headers)
else:
return func(obj, **querykeys, **pathkeys)
return {"status": "failure"}
def __init__(self, post, query=None, files=None):
self.POST = FormsDict(**post)
self.query = FormsDict(query) if query else FormsDict()
self.files = FormsDict(files) if files else FormsDict()
def index():
defenses.setup(request, response)
csrftoken = defenses.csrfDefense.init(request, response)
return dict(v=FormsDict(defenses=defenses.selectors(),
user=getUser(),
csrfcode=defenses.csrfDefense.formHTML(csrftoken)))
def setUp(self):
self.db = MagicMock()
self.request = MagicMock()
self.request.query = FormsDict()
self.old_request = api_tags.request
api_tags.request = self.request
