def display(self, req, form): """Display search history page. A misnomer.""" argd = wash_urlargd(form, {'p': (str, "n") }) uid = getUid(req) # load the right language _ = gettext_set_language(argd['ln']) if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "%s/youralerts/display" % \ (CFG_SITE_URL,), navmenuid="youralerts") elif uid == -1 or isGuestUser(uid): return redirect_to_url(req, "%s/youraccount/login%s" % ( CFG_SITE_SECURE_URL, make_canonical_urlargd({ 'referer' : "%s/youralerts/display%s" % ( CFG_SITE_URL, make_canonical_urlargd(argd, {})), "ln" : argd['ln']}, {}))) user_info = collect_user_info(req) if not user_info['precached_usealerts']: return page_not_authorized(req, "../", \ text = _("You are not authorized to use alerts.")) if argd['p'] == 'y': _title = _("Popular Searches") else: _title = _("Your Searches") # register event in webstat if user_info['email']: user_str = "%s (%d)" % (user_info['email'], user_info['uid']) else: user_str = "" try: register_customevent("alerts", ["display", "", user_str]) except: register_exception(suffix="Do the webstat tables exists? Try with 'webstatadmin --load-config'") return page(title=_title, body=webalert.perform_display(argd['p'], uid, ln=argd['ln']), navtrail= """<a class="navtrail" href="%(sitesecureurl)s/youraccount/display?ln=%(ln)s">%(account)s</a>""" % { 'sitesecureurl' : CFG_SITE_SECURE_URL, 'ln': argd['ln'], 'account' : _("Your Account"), }, description=_("%s Personalize, Display searches") % CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME), keywords=_("%s, personalize") % CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME), uid=uid, language=argd['ln'], req=req, lastupdated=__lastupdated__, navmenuid='youralerts', secure_page_p=1)
def list(self, req, form): argd = wash_urlargd(form, {}) uid = getUid(req) if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "%s/youralerts/list" % (CFG_SITE_SECURE_URL,), navmenuid="youralerts") elif uid == -1 or isGuestUser(uid): return redirect_to_url( req, "%s/youraccount/login%s" % ( CFG_SITE_SECURE_URL, make_canonical_urlargd( { "referer": "%s/youralerts/list%s" % (CFG_SITE_SECURE_URL, make_canonical_urlargd(argd, {})), "ln": argd["ln"], }, {}, ), ), ) # load the right language _ = gettext_set_language(argd["ln"]) user_info = collect_user_info(req) if not user_info["precached_usealerts"]: return page_not_authorized(req, "../", text=_("You are not authorized to use alerts.")) # register event in webstat if user_info["email"]: user_str = "%s (%d)" % (user_info["email"], user_info["uid"]) else: user_str = "" try: register_customevent("alerts", ["list", "", user_str]) except: register_exception(suffix="Do the webstat tables exists? Try with 'webstatadmin --load-config'") return page( title=_("Your Alerts"), body=webalert.perform_list_alerts(uid, ln=argd["ln"]), navtrail="""<a class="navtrail" href="%(sitesecureurl)s/youraccount/display?ln=%(ln)s">%(account)s</a>""" % {"sitesecureurl": CFG_SITE_SECURE_URL, "ln": argd["ln"], "account": _("Your Account")}, description=_("%s Personalize, Display alerts") % CFG_SITE_NAME_INTL.get(argd["ln"], CFG_SITE_NAME), keywords=_("%s, personalize") % CFG_SITE_NAME_INTL.get(argd["ln"], CFG_SITE_NAME), uid=uid, language=argd["ln"], req=req, lastupdated=__lastupdated__, navmenuid="youralerts", )
def customevent_register(self, req, form): """Register a customevent and reload to it defined url""" argd = wash_urlargd(form, {'event_id': (str, ""), 'arg': (str, ""), 'url': (str, ""), 'ln': (str, CFG_SITE_LANG)}) params = argd['arg'].split(',') if "WEBSTAT_IP" in params: index = params.index("WEBSTAT_IP") params[index] = str(req.remote_ip) register_customevent(argd['event_id'], params) return redirect_to_url(req, unquote(argd['url']), apache.HTTP_MOVED_PERMANENTLY)
def customevent_register(self, req, form): """Register a customevent and reload to it defined url""" argd = wash_urlargd( form, { 'event_id': (str, ""), 'arg': (str, ""), 'url': (str, ""), 'ln': (str, CFG_SITE_LANG) }) params = argd['arg'].split(',') if "WEBSTAT_IP" in params: index = params.index("WEBSTAT_IP") params[index] = str(req.remote_ip) register_customevent(argd['event_id'], params) return redirect_to_url(req, unquote(argd['url']), apache.HTTP_MOVED_PERMANENTLY)
def display(self, req, form): """Display search history page. A misnomer.""" argd = wash_urlargd(form, {'p': (str, "n")}) uid = getUid(req) # load the right language _ = gettext_set_language(argd['ln']) if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "%s/youralerts/display" % \ (CFG_SITE_SECURE_URL,), navmenuid="youralerts") elif uid == -1 or isGuestUser(uid): return redirect_to_url( req, "%s/youraccount/login%s" % (CFG_SITE_SECURE_URL, make_canonical_urlargd( { 'referer': "%s/youralerts/display%s" % (CFG_SITE_SECURE_URL, make_canonical_urlargd( argd, {})), "ln": argd['ln'] }, {}))) user_info = collect_user_info(req) if not user_info['precached_usealerts']: return page_not_authorized(req, "../", \ text = _("You are not authorized to use alerts.")) if argd['p'] == 'y': _title = _("Popular Searches") else: _title = _("Your Searches") # register event in webstat if user_info['email']: user_str = "%s (%d)" % (user_info['email'], user_info['uid']) else: user_str = "" try: register_customevent("alerts", ["display", "", user_str]) except: register_exception( suffix= "Do the webstat tables exists? Try with 'webstatadmin --load-config'" ) return page( title=_title, body=webalert.perform_display(argd['p'], uid, ln=argd['ln']), navtrail= """<a class="navtrail" href="%(sitesecureurl)s/youraccount/display?ln=%(ln)s">%(account)s</a>""" % { 'sitesecureurl': CFG_SITE_SECURE_URL, 'ln': argd['ln'], 'account': _("Your Account"), }, description=_("%s Personalize, Display searches") % CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME), keywords=_("%s, personalize") % CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME), uid=uid, language=argd['ln'], req=req, lastupdated=__lastupdated__, navmenuid='youralerts', secure_page_p=1)
class WebInterfaceYourAlertsPages(WebInterfaceDirectory): """Defines the set of /youralerts pages.""" _exports = [ '', 'display', 'input', 'modify', 'list', 'add', 'update', 'remove' ] def index(self, req, dummy): """Index page.""" redirect_to_url(req, '%s/youralerts/list' % CFG_SITE_SECURE_URL) def display(self, req, form): """Display search history page. A misnomer.""" argd = wash_urlargd(form, {'p': (str, "n")}) uid = getUid(req) # load the right language _ = gettext_set_language(argd['ln']) if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "%s/youralerts/display" % \ (CFG_SITE_SECURE_URL,), navmenuid="youralerts") elif uid == -1 or isGuestUser(uid): return redirect_to_url( req, "%s/youraccount/login%s" % (CFG_SITE_SECURE_URL, make_canonical_urlargd( { 'referer': "%s/youralerts/display%s" % (CFG_SITE_SECURE_URL, make_canonical_urlargd( argd, {})), "ln": argd['ln'] }, {}))) user_info = collect_user_info(req) if not user_info['precached_usealerts']: return page_not_authorized(req, "../", \ text = _("You are not authorized to use alerts.")) if argd['p'] == 'y': _title = _("Popular Searches") else: _title = _("Your Searches") # register event in webstat if user_info['email']: user_str = "%s (%d)" % (user_info['email'], user_info['uid']) else: user_str = "" try: register_customevent("alerts", ["display", "", user_str]) except: register_exception( suffix= "Do the webstat tables exists? Try with 'webstatadmin --load-config'" ) return page( title=_title, body=webalert.perform_display(argd['p'], uid, ln=argd['ln']), navtrail= """<a class="navtrail" href="%(sitesecureurl)s/youraccount/display?ln=%(ln)s">%(account)s</a>""" % { 'sitesecureurl': CFG_SITE_SECURE_URL, 'ln': argd['ln'], 'account': _("Your Account"), }, description=_("%s Personalize, Display searches") % CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME), keywords=_("%s, personalize") % CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME), uid=uid, language=argd['ln'], req=req, lastupdated=__lastupdated__, navmenuid='youralerts', secure_page_p=1) def input(self, req, form): argd = wash_urlargd( form, { 'idq': (int, None), 'name': (str, ""), 'freq': (str, "week"), 'notif': (str, "y"), 'idb': (int, 0), 'error_msg': (str, ""), }) uid = getUid(req) if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "%s/youralerts/input" % \ (CFG_SITE_SECURE_URL,), navmenuid="youralerts") elif uid == -1 or isGuestUser(uid): return redirect_to_url( req, "%s/youraccount/login%s" % (CFG_SITE_SECURE_URL, make_canonical_urlargd( { 'referer': "%s/youralerts/input%s" % (CFG_SITE_SECURE_URL, make_canonical_urlargd( argd, {})), "ln": argd['ln'] }, {}))) # load the right language _ = gettext_set_language(argd['ln']) user_info = collect_user_info(req) if not user_info['precached_usealerts']: return page_not_authorized(req, "../", \ text = _("You are not authorized to use alerts.")) try: html = webalert.perform_input_alert("add", argd['idq'], argd['name'], argd['freq'], argd['notif'], argd['idb'], uid, ln=argd['ln']) except webalert.AlertError, msg: return page( title=_("Error"), body=webalert_templates.tmpl_errorMsg(ln=argd['ln'], error_msg=msg), navtrail= """<a class="navtrail" href="%(sitesecureurl)s/youraccount/display?ln=%(ln)s">%(account)s</a>""" % { 'sitesecureurl': CFG_SITE_SECURE_URL, 'ln': argd['ln'], 'account': _("Your Account"), }, description=_("%s Personalize, Set a new alert") % CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME), keywords=_("%s, personalize") % CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME), uid=uid, language=argd['ln'], req=req, lastupdated=__lastupdated__, navmenuid='youralerts') if argd['error_msg'] != "": html = webalert_templates.tmpl_errorMsg( ln=argd['ln'], error_msg=argd['error_msg'], rest=html, ) # register event in webstat alert_str = "%s (%d)" % (argd['name'], argd['idq']) if user_info['email']: user_str = "%s (%d)" % (user_info['email'], user_info['uid']) else: user_str = "" try: register_customevent("alerts", ["input", alert_str, user_str]) except: register_exception( suffix= "Do the webstat tables exists? Try with 'webstatadmin --load-config'" ) return page( title=_("Set a new alert"), body=html, navtrail= """<a class="navtrail" href="%(sitesecureurl)s/youraccount/display?ln=%(ln)s">%(account)s</a>""" % { 'sitesecureurl': CFG_SITE_SECURE_URL, 'ln': argd['ln'], 'account': _("Your Account"), }, description=_("%s Personalize, Set a new alert") % CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME), keywords=_("%s, personalize") % CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME), uid=uid, language=argd['ln'], req=req, lastupdated=__lastupdated__, navmenuid='youralerts')
if argd['error_msg'] != "": html = webalert_templates.tmpl_errorMsg( ln=argd['ln'], error_msg=argd['error_msg'], rest=html, ) # register event in webstat alert_str = "%s (%d)" % (argd['name'], argd['idq']) if user_info['email']: user_str = "%s (%d)" % (user_info['email'], user_info['uid']) else: user_str = "" try: register_customevent("alerts", ["modify", alert_str, user_str]) except: register_exception( suffix= "Do the webstat tables exists? Try with 'webstatadmin --load-config'" ) return page( title=_("Modify alert settings"), body=html, navtrail= """<a class="navtrail" href="%(sitesecureurl)s/youraccount/display?ln=%(ln)s">%(account)s</a>""" % { 'sitesecureurl': CFG_SITE_SECURE_URL, 'ln': argd['ln'], 'account': _("Your Account"),
editor = False if acc_authorize_action(getUid(req), "cfgwebjournal", name="%s" % journal_name)[0] == 0: editor = True if article_id is None: html = perform_request_index( req, journal_name, journal_issue, argd["ln"], category, editor, verbose=argd["verbose"] ) else: html = perform_request_article( req, journal_name, journal_issue, argd["ln"], category, article_id, editor, verbose=argd["verbose"] ) # register event in webstat try: register_customevent( "journals", ["display", journal_name, journal_issue, category, argd["ln"], article_id] ) except: register_exception(suffix="Do the webstat tables exists? Try with 'webstatadmin --load-config'") return html def contact(self, req, form): """ Display contact information for the journal. """ argd = wash_urlargd(form, {"name": (str, ""), "ln": (str, ""), "verbose": (int, 0)}) try: ln = wash_journal_language(argd["ln"]) washed_journal_name = wash_journal_name(ln, argd["name"]) except InvenioWebJournalNoJournalOnServerError, e: register_exception(req=req)
if argd['error_msg'] != "": html = webalert_templates.tmpl_errorMsg( ln = argd['ln'], error_msg = argd['error_msg'], rest = html, ) # register event in webstat alert_str = "%s (%d)" % (argd['name'], argd['idq']) if user_info['email']: user_str = "%s (%d)" % (user_info['email'], user_info['uid']) else: user_str = "" try: register_customevent("alerts", ["modify", alert_str, user_str]) except: register_exception(suffix="Do the webstat tables exists? Try with 'webstatadmin --load-config'") return page(title=_("Modify alert settings"), body=html, navtrail= """<a class="navtrail" href="%(sitesecureurl)s/youraccount/display?ln=%(ln)s">%(account)s</a>""" % { 'sitesecureurl' : CFG_SITE_SECURE_URL, 'ln': argd['ln'], 'account' : _("Your Account"), }, description=_("%s Personalize, Modify alert settings") % CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME), keywords=_("%s, personalize") % CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME), uid=uid, language=argd['ln'], req=req,
def acc_get_uid_from_request(path, args): """ Looks in the data base for the secret that matches with the API key in the request. If the REST API key is found and if the signature is correct returns the user's id. @param path: uri of the request until the "?" (i.e.: req.uri) @type path: string @param args: All the params of the request (i.e.: req.args) @type args: string @return: If everything goes well it returns the user's uid, it not -1 """ from invenio.webstat import register_customevent params = parse_qsl(args) api_key = signature = timestamp = None for param in params: if param[0] == 'apikey': api_key = param[1] elif param[0] == 'signature': signature = param[1] params.remove(param) #Get rid of the signature elif param [0] == 'timestamp': timestamp = param[1] #Check if the url is well built if api_key == None or signature == None: return -1 url_req = "%s?%s" % (path, urlencode(params)) authorized_time = None need_timestamp = False for url, authorized_time, need_timestamp in _CFG_WEB_API_KEY_ALLOWED_URL: if url.match(url_req) is not None: break if need_timestamp and timestamp == None: return -1 if authorized_time is None: return -1 if authorized_time != 0 and need_timestamp: time_lapse = time.time() - float(timestamp) if time_lapse > authorized_time or time_lapse < 0: return -1 key = run_sql("SELECT id_user, secret FROM webapikey WHERE id=%s AND status <> %s AND status <> %s", (api_key, CFG_WEB_API_KEY_STATUS['REMOVED'], CFG_WEB_API_KEY_STATUS['REVOKED'])) if len(key) == 0 or not key: return -1 else: uid = key[0][0] secret_key = key[0][1] server_signature = hmac.new(secret_key, url_req, sha1).hexdigest() if signature == server_signature: #If the signature is fine, log the key activity and return the UID register_customevent("apikeyusage", [uid, api_key, path, url_req]) return uid else: return -1
argd['ln'], category, editor, verbose=argd['verbose']) else: html = perform_request_article(req, journal_name, journal_issue, argd['ln'], category, article_id, editor, verbose=argd['verbose']) # register event in webstat try: register_customevent("journals", ["display", journal_name, journal_issue, category, argd['ln'], article_id]) except: register_exception(suffix="Do the webstat tables exists? Try with 'webstatadmin --load-config'") return html def contact(self, req, form): """ Display contact information for the journal. """ argd = wash_urlargd(form, {'name': (str, ""), 'ln': (str, ""), 'verbose': (int, 0) }) try: ln = wash_journal_language(argd['ln']) washed_journal_name = wash_journal_name(ln, argd['name'])
def acc_get_uid_from_request(path, args): """ Looks in the data base for the secret that matches with the API key in the request. If the REST API key is found and if the signature is correct returns the user's id. @param path: uri of the request until the "?" (i.e.: req.uri) @type path: string @param args: All the params of the request (i.e.: req.args) @type args: string @return: If everything goes well it returns the user's uid, it not -1 """ from invenio.webstat import register_customevent params = parse_qsl(args) api_key = signature = timestamp = None for param in params: if param[0] == 'apikey': api_key = param[1] elif param[0] == 'signature': signature = param[1] params.remove(param) #Get rid of the signature elif param[0] == 'timestamp': timestamp = param[1] #Check if the url is well built if api_key == None or signature == None: return -1 url_req = "%s?%s" % (path, urlencode(params)) authorized_time = None need_timestamp = False for url, authorized_time, need_timestamp in _CFG_WEB_API_KEY_ALLOWED_URL: if url.match(url_req) is not None: break if need_timestamp and timestamp == None: return -1 if authorized_time is None: return -1 if authorized_time != 0 and need_timestamp: time_lapse = time.time() - float(timestamp) if time_lapse > authorized_time or time_lapse < 0: return -1 key = run_sql( "SELECT id_user, secret FROM webapikey WHERE id=%s AND status <> %s AND status <> %s", (api_key, CFG_WEB_API_KEY_STATUS['REMOVED'], CFG_WEB_API_KEY_STATUS['REVOKED'])) if len(key) == 0 or not key: return -1 else: uid = key[0][0] secret_key = key[0][1] server_signature = hmac.new(secret_key, url_req, sha1).hexdigest() if signature == server_signature: #If the signature is fine, log the key activity and return the UID register_customevent("apikeyusage", [uid, api_key, path, url_req]) return uid else: return -1
def acc_get_uid_from_request(cls): """ Looks in the data base for the secret that matches with the API key in the request. If the REST API key is found and if the signature is correct returns the user's id. @return: If everything goes well it returns the user's uid, if not -1 """ from invenio.webstat import register_customevent from flask import request api_key = signature = timestamp = None if 'apikey' in request.values: api_key = request.values['apikey'] if 'signature' in request.values: signature = request.values['signature'] if 'timestamp' in request.values: timestamp = request.values['timestamp'] # Check if the request is well built if api_key is None or signature is None: return -1 # Remove signature from the url params path = request.base_url url_req = request.url parsed_url = urlparse(url_req) params = parse_qs(parsed_url.query) params = dict([(i, j[0]) for i, j in list(params.items())]) try: del params['signature'] except KeyError: # maybe signature was in post params pass # Reconstruct the url query = urlencode(sorted(params.items(), key=lambda x: x[0])) url_req = urlunparse( (parsed_url.scheme, parsed_url.netloc, parsed_url.path, parsed_url.params, query, parsed_url.fragment)) authorized_time = None need_timestamp = False for url, authorized_time, need_timestamp in _CFG_WEB_API_KEY_ALLOWED_URL: if url.match(url_req) is not None: break if need_timestamp and timestamp is None: return -1 if authorized_time is None: return -1 if authorized_time != 0 and need_timestamp: time_lapse = time.time() - float(timestamp) if time_lapse > authorized_time or time_lapse < 0: return -1 keys = cls.get_available(apikey=api_key) if not len(keys): return -1 key = keys[0] uid = key.id_user secret_key = key.secret server_signature = cls.get_server_signature(secret_key, url_req) if signature == server_signature: #If the signature is fine, log the key activity and return the UID register_customevent("apikeyusage", [uid, api_key, path, url_req]) return uid else: return -1