def apply(request):
if request.user.is_authenticated():
year = (datetime.date.today() + timedelta(weeks=21)).year
if request.method == 'POST': # form submitted
apps = Application.objects.filter(cse_username=request.user.username, year=year)
if len(apps) == 0:
appl = Application(year=year, cse_username=request.user.username)
else:
appl = apps[0]
form = ApplicationForm(request.POST, instance=appl) # form bound to POST data
form.setQ9(AwkwardQuestion.objects.get(id=int(request.POST['q9question'])))
if form.is_valid():
form.save() # create new Application instance
return render_to_response('camp/thanks.html', context_instance=RequestContext(request))
else:
q9question = AwkwardQuestion.objects.order_by('?')[0]
apps = Application.objects.filter(cse_username=request.user.username).order_by('-year')
if len(apps) == 0:
most_recent_app = Application(cse_username=request.user.username)
initial = {'q9question': q9question.id}
else:
most_recent_app = apps[0]
if most_recent_app.year != year:
initial = {'q9question': q9question.id, 'q9': ''}
initial = {}
else:
initial = {}
most_recent_app.year = year
form = ApplicationForm(instance=most_recent_app, initial=initial) # unbound form
form.setQ9(q9question)
return render_to_response('camp/apply.html', {'form' : form}, context_instance=RequestContext(request))
else:
messages.error(request, "You need to log in first")
return redirect('/login?redirect=/camp/apply')
def createApplication():
""" User creation """
try:
if "username" in session:
if request.method == 'POST':
myApp=Application(
systemname=request.form["inputSystemName"],
systemdescription=request.form["inputSystemDescription"],
systemtechnology=request.form["inputSystemTechnology"],
systemprovider=request.form["inputSystemProvider"],
systemowner=request.form["inputSystemOwner"],
systemstatus=request.form["inputSystemStatus"],
systemurl=request.form["inputSystemUrl"],
systemcategory=request.form["inputSystemCat"]
)
myApp.save()
flash('Application saved !!! ', 'message')
return redirect(url_for('listeApplication'))
if request.method == 'GET':
return render_template('createapplication.html')
else:
flash('Unknown user !!! ','error')
return render_template('login.html')
except:
return redirect(url_for('appError'))
def apply(request):
year = (datetime.date.today() + timedelta(weeks=21)).year
if request.method == "POST": # form submitted
apps = Application.objects.filter(cse_username=request.user.username, year=year)
if len(apps) == 0:
appl = Application(year=year, cse_username=request.user.username)
else:
appl = apps[0]
form = ApplicationForm(request.POST, instance=appl) # form bound to POST data
form.setQ9(AwkwardQuestion.objects.get(id=int(request.POST["q9question"])))
if form.is_valid():
form.save() # create new Application instance
return render_to_response("thanks.html", context_instance=RequestContext(request))
else:
q9question = AwkwardQuestion.objects.order_by("?")[0]
apps = Application.objects.filter(cse_username=request.user.username).order_by("-year")
if len(apps) == 0:
most_recent_app = Application(cse_username=request.user.username)
initial = {"q9question": q9question.id}
else:
most_recent_app = apps[0]
if most_recent_app.year != year:
initial = {"q9question": q9question.id, "q9": ""}
else:
initial = {}
most_recent_app.year = year
form = ApplicationForm(instance=most_recent_app, initial=initial) # unbound form
form.setQ9(q9question)
return render_to_response("apply.html", {"form": form}, context_instance=RequestContext(request))
def add_application_by_vacancy_id(payload, vacancy_id):
# try:
vacancy = Vacancy.query.filter(Vacancy.id == vacancy_id).one_or_none()
if vacancy is None:
abort(404)
body = request.get_json()
new_company_id = body.get('company_id')
new_vacancy_id = vacancy_id
new_candidate_id = body.get('candidate_id')
new_cover_leter = body.get('cover_letter', None)
new_date_submitted = datetime.now()
# Check if multiple applications are submitted
duplicate = Application.query.filter(
Application.candidate_id == new_candidate_id,
Application.vacancy_id == new_vacancy_id).one_or_none()
if duplicate is not None:
abort(406)
application = Application(company_id=new_company_id,
vacancy_id=new_vacancy_id,
candidate_id=new_candidate_id,
cover_letter=new_cover_leter,
date_submitted=new_date_submitted)
application.insert()
return jsonify({'success': True})
def test_start_application(self):
application = Application.get_for_user(self.not_applicant.id)
self.assertIsNone(application, None)
start_application(self.not_applicant)
application = Application.get_for_user(self.not_applicant.id)
self.assertIsInstance(application, Application)
self.assertEqual(application.user_id, self.not_applicant.id)
def create_app(self): """ It initializes flask_testing """ tmp_directory = tempfile.mkdtemp() app = alde.create_app_v1(self.SQLALCHEMY_DATABASE_URI, 0, tmp_directory, tmp_directory, ['APP_TYPE'], None, None) app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = True app.config['TESTING'] = self.TESTING db.create_all() # We register the upload url upload_prefix = alde.url_prefix_v1 + "/upload" app.register_blueprint(upload.upload_blueprint, url_prefix=upload_prefix) # We create the application and we store it in the db application = Application() application.name = "AppName" db.session.add(application) db.session.commit() return app
def _apply(self, command, stock, price, shares): application = Application(stock = stock, applicant = self, price = price, command = command, shares = shares) application.clean() application.save() application_updated.send(self, application = application) return application
def hr_application_create_view(request, form_id=None):
if form_id:
app_form = get_object_or_404(ApplicationForm, id=form_id)
if request.method == "POST":
if Application.objects.filter(user=request.user).filter(form=app_form).exists():
logger.warn("User %s attempting to duplicate application to %s" % (request.user, app_form.corp))
else:
application = Application(user=request.user, form=app_form)
application.save()
for question in app_form.questions.all():
response = ApplicationResponse(question=question, application=application)
response.answer = request.POST.get(
str(question.pk), "Failed to retrieve answer provided by applicant."
)
response.save()
logger.info("%s created %s" % (request.user, application))
return redirect("auth_hrapplications_view")
else:
questions = app_form.questions.all()
return render_to_response(
"registered/hrapplicationcreate.html",
{"questions": questions, "corp": app_form.corp},
context_instance=RequestContext(request),
)
else:
choices = []
for app_form in ApplicationForm.objects.all():
if not Application.objects.filter(user=request.user).filter(form=app_form).exists():
choices.append((app_form.id, app_form.corp.corporation_name))
return render_to_response(
"registered/hrapplicationcorpchoice.html", {"choices": choices}, context_instance=RequestContext(request)
)
def setUp(self):
"""
It creates the model objects and saves then in the database
"""
super(RankingTests, self).setUp()
self.execution = Execution()
self.execution.slurm_sbatch_id = 2333
execution_configuration = ExecutionConfiguration()
execution_configuration.id = 22
self.execution.execution_configuration = execution_configuration
application = Application()
application.name = "Matmul"
execution_configuration.application = application
testbed = Testbed("nova", True, "SLURM", "SSH", "*****@*****.**",
["SINGULARITY"])
execution_configuration.testbed = testbed
db.session.add(testbed)
db.session.add(application)
db.session.add(execution_configuration)
db.session.add(self.execution)
db.session.commit()
def test_initialization_application(self):
"""Test the initialization method of the class Application"""
application = Application()
application.name = "name"
self.assertEquals("name", application.name)
application.application_type = "XXX"
self.assertEquals("XXX", application.application_type)
def applyForExam():
examID = request.json['examID']
exam = Exam.query.filter(Exam.id == examID).first()
if exam:
print('User {} is trying to apply for exam id {}'.format(
current_identity.username, exam.id))
application = Application(user_id=current_identity.id, exam_id=exam.id)
application.save()
return custom_response({'message': 'Application successful.'})
else:
return custom_response({'message': 'Application failed.'}, 400)
def applications_register():
request_body = request.get_json()
application_id = request_body.get('applicationId')
server_key = request_body.get('serverKey')
application = Application(application_id, server_key)
application = application.save()
if application is None:
return jsonify({'message': 'Could not subsribe!'})
return jsonify(application.json())
def signup(request):
if request.user.is_authenticated():
# redirect to the 'signups have closed' page if they haven't applied yet
student = Application.objects.filter(
student_number=request.user.username)
if len(student) == 0:
return redirect('/first-year-camp/signup')
this_year = datetime.date.today().year
if request.method == 'POST': # form submitted
student = Application.objects.filter(
student_number=request.user.username)
if len(student) == 0:
student = Application(year=this_year)
else:
student = student[0]
arc = False
if 'arc' in request.POST:
arc = True
form = ApplicationForm(request.POST,
request.FILES,
instance=student) # form bound to POST data
form.clean_file(request.FILES)
early_bird = False
if datetime.datetime.now() < datetime.datetime(
2017, 02, 26, 23, 59, 00):
early_bird = True
if form.is_valid():
form.save()
return render_to_response(
'camp/thanks-signup.html', {
'arc': arc,
'early_bird': early_bird
},
context_instance=RequestContext(request))
else:
student = Application.objects.filter(
student_number=request.user.username)
if len(student) == 0:
appl = Application(year=this_year,
student_number=request.user.username)
form = ApplicationForm(instance=appl) # unbound form
else:
# don't give student the signup form if we've marked their application as deleted
if student[0].payment_status == 'D':
messages.error(
request,
"Your application is marked as deleted. If you wish to rejoin the waiting list or believe this is a mistake, contact [email protected]"
)
return redirect('/first-year-camp/')
form = ApplicationForm(instance=student[0]) # unbound form
return render_to_response('camp/signup.html', {'form': form},
context_instance=RequestContext(request))
def get(self):
args = request.args
if 'id' in args:
return me_obj_to_serializable(
Application.objects.get(id=args['id']))
elif 'job' in args:
return me_obj_to_serializable(Application.objects(job=args['job']))
elif 'resume' in args:
return me_obj_to_serializable(
Application.objects(resume=args['resume']))
else:
return me_obj_to_serializable(Application.objects)
def start_application(current_user=None):
if is_admin(current_user) or is_recruiter(current_user) or is_senior_recruiter(current_user):
raise BadRequestException('Recruiters cannot apply')
character = Character.get(current_user.id)
if character.blocked_from_applying:
raise ForbiddenException('User is blocked')
application = Application.get_for_user(current_user.id)
if application:
raise BadRequestException('An application is already open')
# no application, start one
application = Application(user_id=current_user.id, is_concluded=False)
db.session.add(application)
db.session.commit()
add_status_note(application, 'Application created.')
return {'status': 'ok'}
def set_answers(user_id, answers=None, current_user=None):
if not user_id:
user_id = current_user.id if current_user else None
if not current_user.id == user_id:
raise ForbiddenException(
f'User {current_user.id} is not permitted to answer for {user_id}')
application = Application.get_for_user(user_id)
if not application:
raise ForbiddenException(f'User {user_id} is not an applicant')
elif application.is_submitted:
raise ForbiddenException(
f'Cannot modify answers to a submitted application')
for answer in answers:
answer_record = Answer.query.filter_by(
question_id=answer['question_id'],
application_id=application.id).one_or_none()
if not answer_record:
answer_record = Answer(question_id=answer['question_id'],
text=answer.get('text', ''),
application_id=application.id)
db.session.add(answer_record)
else:
answer_record.text = answer.get('text', '')
db.session.commit()
db.session.commit()
def register_application():
application_form = ApplicationForm(meta={'csrf': False})
if application_form.validate_on_submit():
car_brand = request.form['car_brand']
car_model = request.form['car_model']
name = request.form['name']
last_name = request.form['last_name']
email = request.form['email']
tel = request.form['tel']
try:
application = Application(name=name, last_name=last_name, email=email, tel=tel, car_brand_id=car_brand,
car_model_id=car_model)
db.session.add(application)
db.session.commit()
# !!!
# Uncomment it if you want to use Mail
# !!!
# track_number = application.unique_track_number
# send_application_registered_msg(name, email, track_number)
return jsonify({'success': 'Ваша заявка была успешно подана!'})
except Exception as e:
return jsonify({'errors': f'Что-то пошло не так, попробуйте снова! {e}'})
return jsonify({'errors': application_form.errors})
def test_promote_applicant_to_admin(self):
response = set_roles(self.applicant.id,
is_admin=True,
current_user=self.admin)
self.assertEqual(response, {'status': 'ok'})
self.assertTrue(self.applicant.admin)
self.assertIsNone(Application.get_for_user(self.applicant.id))
def validate_client_id(self, client_id):
"""Check that the client_id represents a valid application.
:param client_id: Client id.
:type client_id: str
"""
return Application.find(client_id) is not None
def patch(self, student_id, application_id):
parser = reqparse.RequestParser()
parser.add_argument('state')
application_args = parser.parse_args()
state = application_args.get('state')
if state is None:
error_dict = {
'error_message': f'Empty payload',
}
LOGGER.error(error_dict)
return error_dict, 400
if state not in APPLICATION_STATES:
error_dict = {
'error_message': f'Invalid state {state}',
}
LOGGER.error(error_dict)
return error_dict, 400
try:
application = Application.get(id=application_id,
student=student_id)
application.state = state
application.save()
return application
except DoesNotExist:
error_dict = {
'error_message':
f'Application with id `{application_id}` does not exist'
f' for student with id {student_id}',
}
LOGGER.error(error_dict)
return error_dict, 400
def create(self, name, amount, number_payments, company_id):
application = Application(name=name,
amount=amount,
company_id=company_id,
number_payments=number_payments,
agree=None)
return self.save(application)
def invite_applicant(applicant_user_id, current_user=current_user):
if not is_senior_recruiter(current_user):
raise ForbiddenException(
'User {} cannot invite applicants.'.format(current_user.id))
else:
application = Application.get_submitted_for_user(applicant_user_id)
if application is None:
raise BadRequestException(
'User {} is not in an open application.'.format(
applicant_user_id
)
)
elif not application.is_accepted:
raise BadRequestException(
'User {} application is not accepted.'.format(
applicant_user_id
)
)
elif application.is_invited:
raise BadRequestException(
'User {} application is already invited.'.format(
applicant_user_id
)
)
else:
send_mail(applicant_user_id, 'invite')
application.is_invited = True
db.session.commit()
add_status_note(
application, 'Application invited by {}.'.format(current_user.name))
def fcm_push():
request_body = request.get_json()
username = request_body.get('username')
application_id = request_body.get('applicationId')
notification = request_body.get('notification')
application = Application.get_application(
request_body.get('applicationId'))
print('username: {}'.format(username))
print('application_id: {}'.format(application_id))
for endpoint in FCMPushEndpoint.get_endpoints_by_username_and_application_id(
username, application_id):
data = {
'notification': notification,
'to': endpoint.get('registration_id')
}
headers = {
'Content-Type': 'application/json',
'Authorization': 'key={}'.format(application.get('server_key'))
}
response = requests.post(url='https://fcm.googleapis.com/fcm/send',
data=json.dumps(data),
headers=headers)
print(data)
print(headers)
print(response.json())
# extracting data in json format
return jsonify({'status': 'success'})
def add_applicant_note(applicant_user_id,
text,
title=None,
is_chat_log=False,
current_user=None):
application = Application.get_submitted_for_user(applicant_user_id)
if application is None:
raise BadRequestException('User {} is not an applicant'.format(
User.get(applicant_user_id).name))
else:
if not is_recruiter(current_user):
raise ForbiddenException('Current user is not a recruiter')
elif (application.recruiter_id != current_user.id
and not is_senior_recruiter(current_user)):
raise ForbiddenException(
'Current recruiter has not claimed applicant {}'.format(
applicant_user_id))
note = Note(
text=text,
title=title,
application_id=application.id,
is_chat_log=is_chat_log,
author_id=current_user.id,
)
db.session.add(note)
db.session.commit()
return {'status': 'ok'}
def handle_application():
"""
Create application and retrieve all applications
"""
# POST request
if request.method == 'POST':
body = request.get_json()
forms = []
for g in body['forms']:
form = Forms.query.get(g)
forms.append(form)
if body is None:
raise APIException(
"You need to specify the request body as a json object",
status_code=400)
if "application_name" not in body:
raise APIException("You need to specify the application",
status_code=400)
apps1 = Application(application_name=body['application_name'],
forms=forms)
db.session.add(apps1)
db.session.commit()
return "ok", 200
# GET request
if request.method == 'GET':
all_applications = Application.query.all()
all_applications = list(map(lambda x: x.serialize(), all_applications))
return jsonify(all_applications), 200
return "Invalid Method", 404
def apply():
form = ApplicationForm()
if form.validate_on_submit():
file = request.files['resume']
if file and allowed_file(file.filename):
filename = secure_filename(file.filename)
file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
new_applicant = Application()
form.populate_obj(new_applicant)
new_applicant.resume = filename
db.session.add(new_applicant)
db.session.commit()
return "Thanks for applying!"
else:
flash("Invalid file extension")
return render_template('application.html', form=form)
return render_template('application.html', form=form)
def signup(request):
if request.user.is_authenticated():
this_year = datetime.date.today().year
if request.method == 'POST': # form submitted
student = Application.objects.filter(
student_number=request.user.username)
deposit = False
if len(student) == 0:
student = Application(year=this_year)
else:
student = student[0]
if student.payment_status == "D":
deposit = True
arc = False
if 'arc' in request.POST:
arc = True
form = ApplicationForm(request.POST,
request.FILES,
instance=student) # form bound to POST data
form.clean_file(request.FILES)
early_bird = False
if str(datetime.date.today()) < "2014-03-08":
early_bird = True
if form.is_valid():
form.save()
return render_to_response(
'camp/thanks-signup.html', {
'arc': arc,
'early_bird': early_bird,
'deposit': deposit
},
context_instance=RequestContext(request))
else:
student = Application.objects.filter(
student_number=request.user.username)
if len(student) == 0:
appl = Application(year=this_year,
student_number=request.user.username)
form = ApplicationForm(instance=appl) # unbound form
else:
form = ApplicationForm(instance=student[0]) # unbound form
return render_to_response('camp/signup.html', {'form': form},
context_instance=RequestContext(request))
else:
messages.error(request, "You are not Logged In")
return redirect('/')
def clean(self):
super(ApplicationParametersForm, self).clean()
filtered = Application.filter(workspace_id=self.instance.workspace_id,
name=self.fields['name'])
if filtered and filtered[0].id != self.instance.id:
self.errors['name'].append(
"Application with this name already exists")
def apply(request):
if request.user.is_authenticated():
year = (datetime.date.today() + timedelta(weeks=21)).year
if request.method == 'POST': # form submitted
apps = Application.objects.filter(
cse_username=request.user.username, year=year)
if len(apps) == 0:
appl = Application(year=year,
cse_username=request.user.username)
else:
appl = apps[0]
form = ApplicationForm(request.POST,
instance=appl) # form bound to POST data
form.setQ9(
AwkwardQuestion.objects.get(
id=int(request.POST['q9question'])))
if form.is_valid():
form.save() # create new Application instance
return render_to_response(
'camp/thanks.html',
context_instance=RequestContext(request))
else:
q9question = AwkwardQuestion.objects.order_by('?')[0]
apps = Application.objects.filter(
cse_username=request.user.username).order_by('-year')
if len(apps) == 0:
most_recent_app = Application(
cse_username=request.user.username)
initial = {'q9question': q9question.id}
else:
most_recent_app = apps[0]
if most_recent_app.year != year:
initial = {'q9question': q9question.id, 'q9': ''}
initial = {}
else:
initial = {}
most_recent_app.year = year
form = ApplicationForm(instance=most_recent_app,
initial=initial) # unbound form
form.setQ9(q9question)
return render_to_response('camp/apply.html', {'form': form},
context_instance=RequestContext(request))
else:
messages.error(request, "You need to log in first")
return redirect('/login?redirect=/camp/apply')
def request_put(request):
header_title, path1, path2 = '添加申请', '用户管理', '填写申请'
if request.method == 'POST':
description = request.POST.get('description', '')
uuid_r = request.user.uuid
user = get_object(User, uuid=uuid_r)
a = Application(description=description, applicant=user)
a.save()
users = User.objects.filter(role='SU')
for u in users:
print u.username, u.name, u.role
title = '新的申请'
msg = description
user = u
mail_notify(title, msg, user)
return my_render('juser/request_put.html', locals(), request)
def submit_application(current_user=None):
application = Application.get_for_user(current_user.id)
if not application:
raise BadRequestException(
f'User {current_user.id} is not an applicant.')
application.is_submitted = True
db.session.commit()
add_status_note(application, 'Application submitted.')
return {'status': 'ok'}
def own_application_status(current_user):
application = Application.get_for_user(current_user.id)
if application is None:
status = 'none'
elif application.is_submitted:
status = 'submitted'
else:
status = 'unsubmitted'
return {'status': status}
def get_applicant_notes(applicant_user_id, current_user=None):
applicant = User.get(applicant_user_id)
user_application_access_check(current_user, applicant)
if applicant is None:
applicant_name = Character.get(applicant_user_id).name
return {'error': 'User {} is not an applicant'.format(applicant_name)}
else:
application = Application.get_for_user(applicant_user_id)
return {'info': get_application_note_data(application, current_user)}
def initDbForE2e(wipe=True):
if wipe:
clearDB()
# TODO: Id of user a
admin_id = 123
db.session.add(
Character(
id=admin_id,
user_id=admin_id,
name='ADMIN NAME',
corporation_id=ascee_corp_id,
refresh_token='YOUR TOKEN HERE',
))
db.session.add(Admin(
id=admin_id,
user_id=admin_id,
name='Billy Admin',
))
# TODO: Id of recruiter user
recruiter_id = 345
db.session.add(
Character(id=recruiter_id,
user_id=recruiter_id,
name='RECRUITER NAME',
corporation_id=ascee_corp_id,
refresh_token='YOUR TOKEN HERE'))
db.session.add(Recruiter(
id=recruiter_id,
name='RECRUITER NAME',
))
# TODO: Id of applicant user
character_id = 234
db.session.add(
Character(id=character_id,
user_id=character_id,
name='APPLICANT NAME',
corporation_id=ascee_corp_id,
corporation=Corporation(id=ascee_corp_id, name='ASCEE'),
refresh_token='YOUR TOKEN HERE'))
db.session.add(User(
id=character_id,
name='APPLICANT NAME',
))
db.session.add(Question(text='How long have you been playing Eve?'))
db.session.add(Question(text='PVP or PVE? Why?'))
db.session.add(Application(user_id=character_id))
db.session.commit()
def accept_applicant(applicant_user_id, current_user=current_user):
applicant = User.get(applicant_user_id)
user_application_access_check(current_user, applicant)
application = Application.get_submitted_for_user(applicant_user_id)
application.is_accepted = True
application.is_concluded = True
db.session.commit()
add_status_note(
application, 'Application accepted by {}.'.format(current_user.name))
return {'status': 'ok'}
def CreateApplication(self, appData):
name = appData['name']
existing = Application.query.filter_by(name=name).first()
if existing is None:
myapp = Application(name=name)
db.session.add(myapp)
db.session.commit()
return True
else:
return False
def validate_client_secret(self, client_id, client_secret):
"""Check that the client secret matches the application secret.
:param client_id: Client Id.
:type client_id: str
:param client_secret: Client secret.
:type client_secret: str
"""
app = Application.find(client_id)
if app is not None and app.secret == client_secret:
return True
return False
def validate_redirect_uri(self, client_id, redirect_uri):
"""Validate that the redirect_uri requested is available for the app.
:param redirect_uri: Redirect URI.
:type redirect_uri: str
"""
app = Application.find(client_id)
# When matching against a redirect_uri, it is very important to
# ignore the query parameters, or else this step will fail as the
# parameters change with every request
if app is not None and app.redirect_uri == redirect_uri.split('?')[0]:
return True
return False
def apply_form(request):
if request.method == 'GET':
symbols = range(ord('a'), ord('z')) + range(ord('A'), ord('Z')) + range(ord('0'), ord('9'))
random.seed()
form_data = {'auth_key': ''.join([chr(symbols[random.randrange(len(symbols))]) for i in range(8)])}
t = loader.get_template('vtb_apply.html')
return HttpResponse(t.render(Context(form_data)))
if request.method == 'POST':
form = ApplicationForm(request.POST)
#print smart_str(form.data['region']), isinstance(smart_str(form.data['region']), unicode)
data = Application(
job_id = form.data['job_id'],
email = form.data['email'],
firstname = form.data['fname'],
lastname = form.data['lname'],
surname = form.data['mname'],
sex = form.data['sex'] or None,
birthday = form.data['birthdate'],
region_id = form.data['region'],
address = form.data['address'],
home_phone = form.data['phone_home'],
work_phone = form.data['phone_work'],
mobile_phone = form.data['phone_cell'],
specializations = form.data['prof_sect'],
post = form.data['title'],
employment_type = form.data['type'],
desirable_compensation_ammount = form.data['salary'],
desirable_compensation_currency = form.data['scurrency'],
ready_to_movement = 'True' if 'reloc' in form.data else 'False',
last_place_of_work_and_position = form.data['latest_job'],
cv = form.data['resume'],
)
data.save()
return HttpResponse('import_success')
return HttpResponse('Method not allowed: {0} for path {0}'.format(request.method, request.path), status = 400)
def login_post(client_id):
login = request.form['login']
password = request.form['password']
login = Login.find(login)
if login == None:
flash('User not found!', 'error')
return redirect(url_for('.login_get', client_id=client_id))
p_ok = sha256_crypt.verify(password, login.password)
if not p_ok:
flash('Incorect password!', 'error')
return redirect(url_for('.login_get', client_id=client_id))
session['user'] = login
app = Application.find(client_id)
return redirect(url_for('.authorization_code', client_id=client_id,
redirect_uri=app.redirect_uri, response_type='code'))
def device_update(request, device_uid):
if request.method == "GET":
try:
update = DeviceUpdate.objects.filter(device=Device.objects.get(uid=device_uid)).latest("date")
vulnerabilities = find_vulnerabilities(update)
return HttpResponse(vulnerabilities.count())
except DeviceUpdate.DoesNotExist:
return HttpResponse("0")
elif request.method == "POST":
safe = 0
unsafe = 0
similar = 0
unique_apps = {}
json_data = json.loads(request.body.decode("unicode_escape"))
try:
device = Device.objects.get(uid=device_uid)
device.os = json_data['meta']['os_name']
device.save()
except Device.DoesNotExist:
return HttpResponse("Device does not exist", status=404)
device.last_updated = datetime.now()
device.save()
#Next, Munge the software list at json_data['software'] to find CPEs, etc.
for software in json_data['software']:
name = unicode(software['name'].lower())
version = unicode(software['versionString'].lower())
publisher = unicode(software['publisher'].lower())
#Remove version strings in the software name
match = re.match("(.*?)[Vv \.]*(ersion\.)?(\d+(\.\d*)+)(.*)", name)
if match:
if version == "null" and match.group(3) is not None:
version = match.group(3)
name = match.group(1)
if version == "null":
continue
#Publisher like "Microsoft Corporation" will find "Microsoft"
publisher = publisher.split(",")[0] #Removes ", Inc" etc.
publisher_words = publisher.split(" ")
#Attempt to grab things like "amd"
if len(publisher_words) > 2: #Only 3 or more words
acronym = ""
for word in publisher_words:
if len(word) > 0:
acronym += word[0]
publisher_words.append(acronym)
#Remove some brackets (Usually x64 stuff)
brackets = re.search("(\(.*\))", name)
if brackets:
name = name.replace(brackets.group(1), "").strip()
#Remove publisher names at the start, if we can
for word in publisher_words:
#Try and compare
if word in name:
publisher = word
replaced_name = name.replace(word, "").strip()
#Products with a single name, e.g. Evernote by Evernote
if len(replaced_name) > 5: #Less than 3 characters
name = replaced_name
if name == publisher + "t":
name = publisher
publisher = publisher.strip().replace(" ", "_")
name = name.strip().replace(" ", "_")
out = publisher +" - " + name + " - " + version
try:
#Try to do stuff
unique_apps[out] = App(publisher, name, version, software["name"])
except KeyError:
unique_apps[out] = App(publisher, name, version, software["name"])
for key,app in sorted(unique_apps.items(), key=lambda x: x[1].publisher):
out = key
matched = False
matches = Cpe.objects.filter(product=app.name, version=app.version)
non_match = Cpe.objects.filter(product=app.name)
if matches.count() > 0 and "RELATED" not in matches[0].cpe:
matched = True
out += " VULNERABLE"
unsafe += 1
app.cpe = matches[0]
elif non_match.count() > 0:
matched = True
out += " SAFE"
safe += 1
app.related_cpe = non_match[0]
if not matched:
vendor_family = Cpe.objects.filter(vendor=app.publisher, product__contains=app.name)
vendor_match = Cpe.objects.filter(vendor=app.publisher, product__contains=app.name, version=app.version)
if vendor_match.count() > 0 and "RELATED" not in vendor_match[0].cpe:
matched = True
out += " VULNERABLE"
unsafe += 1
app.cpe = vendor_match[0]
elif vendor_family.count() > 0:
matched = True
out +="SAFE"
safe += 1
app.related_cpe = vendor_family[0]
if not matched:
prods = Cpe.objects.filter(version__contains=app.version)
for prod in prods:
if prod.product.replace("_", " ") in app.title.lower():
matched = True
out += " SIMILAR-------------- " + prod.product
similar += 1
app.cpe = prod
print out
print safe, "safe"
print unsafe, "unsafe"
print similar, "similar"
print len(unique_apps), "total"
#Add a new device update
d = DeviceUpdate(date=datetime.now(), device=device)
d.save()
#For each app, find if it has been added for this device
matched_apps = [ app for key,app in unique_apps.items() if app.cpe is not None]
for app in matched_apps:
#Attach to an application
#This shouldnt exist, Application objects for Vulns should exist already
newApp, created = Application.objects.get_or_create(cpe=app.cpe)
if created:
newApp.save()
up = UpdateApplications(update=d, application=newApp)
up.save()
detected_apps = [ app for key,app in unique_apps.items() if app.related_cpe is not None]
for app in detected_apps:
#Make a new CPE from the related CPE
cpe, created = Cpe.objects.get_or_create(
cpe=app.related_cpe.cpe + ":RELATED:" + app.version,
part=app.related_cpe.part,
vendor=app.related_cpe.vendor,
product=app.related_cpe.product,
version=app.version,
update=app.related_cpe.update,
edition=app.related_cpe.edition,
language=app.related_cpe.language,
sw_edition=app.related_cpe.sw_edition,
target_sw=app.related_cpe.target_sw,
target_hw=app.related_cpe.target_hw,
other=app.related_cpe.other,
title=app.related_cpe.title
)
if created:
cpe.save()
#Create a new application
newApp = Application(cpe=cpe)
newApp.save()
else:
newApp = Application.objects.get(cpe=cpe)
upApp = UpdateApplications(update=d, application=newApp)
upApp.save()
response = HttpResponse(device_uid)
response["Access-Control-Allow-Origin"] = "*"
response["Access-Control-Allow-Methods"] = "POST"
response["Access-Control-Max-Age"] = "1000"
response["Access-Control-Allow-Headers"] = "*"
return response
