def reset_password():
"""
Reset password method.
Returns a Jinja2 template.
"""
key = request.args.get('key')
if key is None:
abort(403)
userdict = {}
try:
timeout = current_app.config.get('ACCOUNT_LINK_EXPIRATION', 3600)
userdict = signer.loads(key, max_age=timeout, salt='password-reset')
except BadData:
abort(403)
username = userdict.get('user')
if not username or not userdict.get('password'):
abort(403)
user = user_repo.get_by_name(username)
if user.passwd_hash != userdict.get('password'):
abort(403)
form = ChangePasswordForm(request.body)
if form.validate_on_submit():
user.set_password(form.new_password.data)
user_repo.update(user)
flash(gettext('You reset your password successfully!'), 'success')
return _sign_in_user(user)
if request.method == 'POST' and not form.validate():
flash(gettext('Please correct the errors'), 'error')
response = dict(template='/account/password_reset.html', form=form)
return handle_content_type(response)
def reset_password():
"""
Reset password method.
Returns a Jinja2 template.
"""
key = request.args.get('key')
if key is None:
abort(403)
userdict = {}
try:
userdict = signer.loads(key, max_age=3600, salt='password-reset')
except BadData:
abort(403)
username = userdict.get('user')
if not username or not userdict.get('password'):
abort(403)
user = model.user.User.query.filter_by(name=username).first_or_404()
if user.passwd_hash != userdict.get('password'):
abort(403)
form = ChangePasswordForm(request.form)
if form.validate_on_submit():
user.set_password(form.new_password.data)
db.session.add(user)
db.session.commit()
login_user(user)
flash(gettext('You reset your password successfully!'), 'success')
return redirect(url_for('.signin'))
if request.method == 'POST' and not form.validate():
flash(gettext('Please correct the errors'), 'error')
return render_template('/account/password_reset.html', form=form)
def confirm_account():
key = request.args.get('key')
if key is None:
abort(403)
try:
userdict = signer.loads(key, max_age=3600, salt='account-validation')
except BadData:
abort(403)
# First check if the user exists
users = user_repo.filter_by(name=userdict['name'])
if len(users) == 1 and users[0].name == userdict['name']:
u = users[0]
u.valid_email = True
u.confirmation_email_sent = False
u.email_addr = userdict['email_addr']
user_repo.update(u)
flash(gettext('Your email has been validated.'))
if newsletter.app:
return redirect(url_for('account.newsletter_subscribe'))
else:
return redirect(url_for('home.home'))
account = model.user.User(fullname=userdict['fullname'],
name=userdict['name'],
email_addr=userdict['email_addr'],
valid_email=True)
account.set_password(userdict['password'])
user_repo.save(account)
login_user(account, remember=True)
flash(gettext('Thanks for signing-up'), 'success')
if newsletter.app:
return redirect(url_for('account.newsletter_subscribe'))
else:
return redirect(url_for('home.home'))
def reset_password():
key = request.args.get('key')
if key is None:
abort(403)
userdict = {}
try:
userdict = signer.loads(key, max_age=3600, salt='password-reset')
except BadData:
abort(403)
username = userdict.get('user')
if not username or not userdict.get('password'):
abort(403)
user = model.User.query.filter_by(name=username).first_or_404()
if user.passwd_hash != userdict.get('password'):
abort(403)
form = ChangePasswordForm(request.form)
if form.validate_on_submit():
user.set_password(form.new_password.data)
db.session.add(user)
db.session.commit()
login_user(user)
flash(gettext('You reset your password successfully!'), 'success')
return redirect(url_for('.profile'))
if request.method == 'POST' and not form.validate():
flash(gettext('Please correct the errors'), 'error')
return render_template('/account/password_reset.html', form=form)
def reset_password():
"""
Reset password method.
Returns a Jinja2 template.
"""
key = request.args.get('key')
if key is None:
abort(403)
userdict = {}
try:
userdict = signer.loads(key, max_age=3600, salt='password-reset')
except BadData:
abort(403)
username = userdict.get('user')
if not username or not userdict.get('password'):
abort(403)
user = user_repo.get_by_name(username)
if user.passwd_hash != userdict.get('password'):
abort(403)
form = ChangePasswordForm(request.form)
if form.validate_on_submit():
user.set_password(form.new_password.data)
user_repo.update(user)
login_user(user)
flash(gettext('You reset your password successfully!'), 'success')
return redirect(url_for('.signin'))
if request.method == 'POST' and not form.validate():
flash(gettext('Please correct the errors'), 'error')
return render_template('/account/password_reset.html', form=form)
def hdfs_file(project_id, cluster, path):
if not current_app.config.get('HDFS_CONFIG'):
raise NotFound('Not Found')
signature = request.args.get('task-signature')
if not signature:
raise Forbidden('No signature')
project = get_project_data(project_id)
timeout = project['info'].get('timeout', ContributionsGuard.STAMP_TTL)
payload = signer.loads(signature, max_age=timeout)
task_id = payload['task_id']
check_allowed(current_user.id, task_id, project, request.path)
client = HDFSKerberos(**current_app.config['HDFS_CONFIG'][cluster])
try:
content = client.get('/{}'.format(path))
project_encryption = project['info'].get('ext_config',
{}).get('encryption', {})
if project_encryption and all(project_encryption.values()):
secret = get_secret_from_vault(project_encryption)
cipher = AESWithGCM(secret)
content = cipher.decrypt(content)
except Exception:
current_app.logger.exception('Project id {} get task file {}'.format(
project_id, path))
raise InternalServerError('An Error Occurred')
return Response(content)
def reset_password():
key = request.args.get("key")
if key is None:
abort(403)
userdict = {}
try:
userdict = signer.loads(key, max_age=3600, salt="password-reset")
except BadData:
abort(403)
username = userdict.get("user")
if not username or not userdict.get("password"):
abort(403)
user = model.User.query.filter_by(name=username).first_or_404()
if user.passwd_hash != userdict.get("password"):
abort(403)
form = ChangePasswordForm(request.form)
if form.validate_on_submit():
user.set_password(form.new_password.data)
db.session.add(user)
db.session.commit()
login_user(user)
print "Changed password"
flash("You reset your password successfully!", "success")
return redirect(url_for(".profile"))
if request.method == "POST" and not form.validate():
flash("Please correct the errors", "error")
return render_template("/account/password_reset.html", form=form)
def reset_password():
"""
Reset password method.
Returns a Jinja2 template.
"""
key = request.args.get('key')
if key is None:
abort(403)
userdict = {}
try:
timeout = current_app.config.get('ACCOUNT_LINK_EXPIRATION', 3600)
userdict = signer.loads(key, max_age=timeout, salt='password-reset')
except BadData:
abort(403)
username = userdict.get('user')
if not username or not userdict.get('password'):
abort(403)
user = user_repo.get_by_name(username)
if user.passwd_hash != userdict.get('password'):
abort(403)
form = ChangePasswordForm(request.form)
if form.validate_on_submit():
user.set_password(form.new_password.data)
user_repo.update(user)
flash(gettext('You reset your password successfully!'), 'success')
return _sign_in_user(user)
if request.method == 'POST' and not form.validate():
flash(gettext('Please correct the errors'), 'error')
return render_template('/account/password_reset.html', form=form)
def encrypted_file(store, bucket, project_id, path):
"""Proxy encrypted task file in a cloud storage"""
current_app.logger.info('Project id {} decrypt file. {}'.format(
project_id, path))
signature = request.args.get('task-signature')
if not signature:
current_app.logger.exception('Project id {} no signature {}'.format(
project_id, path))
raise Forbidden('No signature')
size_signature = len(signature)
if size_signature > TASK_SIGNATURE_MAX_SIZE:
current_app.logger.exception(
'Project id {}, path {} invalid task signature. Signature length {} exceeds max allowed length {}.' \
.format(project_id, path, size_signature, TASK_SIGNATURE_MAX_SIZE))
raise Forbidden('Invalid signature')
project = get_project_data(project_id)
timeout = project['info'].get('timeout', ContributionsGuard.STAMP_TTL)
payload = signer.loads(signature, max_age=timeout)
task_id = payload['task_id']
check_allowed(current_user.id, task_id, project,
lambda v: v == request.path)
## download file
if bucket != current_app.config.get('S3_REQUEST_BUCKET'):
secret = get_encryption_key(project)
else:
secret = current_app.config.get('FILE_ENCRYPTION_KEY')
try:
key_name = '/{}/{}'.format(project_id, path)
decrypted, key = get_content_and_key_from_s3(bucket,
key_name,
'S3_TASK_REQUEST',
decrypt=secret,
secret=secret)
except S3ResponseError as e:
current_app.logger.exception(
'Project id {} get task file {} {}'.format(project_id, path, e))
if e.error_code == 'NoSuchKey':
raise NotFound('File Does Not Exist')
else:
raise InternalServerError('An Error Occurred')
response = Response(decrypted, content_type=key.content_type)
if key.content_encoding:
response.headers.add('Content-Encoding', key.content_encoding)
if key.content_disposition:
response.headers.add('Content-Disposition', key.content_disposition)
return response
def hdfs_file(project_id, cluster, path):
if not current_app.config.get('HDFS_CONFIG'):
raise NotFound('Not Found')
signature = request.args.get('task-signature')
if not signature:
raise Forbidden('No signature')
size_signature = len(signature)
if size_signature > TASK_SIGNATURE_MAX_SIZE:
current_app.logger.exception(
'Project id {}, cluster {} path {} invalid task signature. Signature length {} exceeds max allowed length {}.' \
.format(project_id, cluster, path, size_signature, TASK_SIGNATURE_MAX_SIZE))
raise Forbidden('Invalid signature')
project = get_project_data(project_id)
timeout = project['info'].get('timeout', ContributionsGuard.STAMP_TTL)
payload = signer.loads(signature, max_age=timeout)
task_id = payload['task_id']
try:
check_allowed(
current_user.id, task_id, project,
is_valid_hdfs_url(request.path, request.args.to_dict(flat=False)))
except Exception:
current_app.logger.exception(
'Project id %s not allowed to get file %s %s', project_id, path,
str(request.args))
raise
current_app.logger.info(
"Project id %s, task id %s. Accessing hdfs cluster %s, path %s",
project_id, task_id, cluster, path)
client = HDFSKerberos(**current_app.config['HDFS_CONFIG'][cluster])
offset = request.args.get('offset')
length = request.args.get('length')
try:
offset = int(offset) if offset else None
length = int(length) if length else None
content = client.get('/{}'.format(path), offset=offset, length=length)
project_encryption = get_project_encryption(project)
if project_encryption and all(project_encryption.values()):
secret = get_secret_from_vault(project_encryption)
cipher = AESWithGCM(secret)
content = cipher.decrypt(content)
except Exception:
current_app.logger.exception(
"Project id %s, task id %s, cluster %s, get task file %s, %s",
project_id, task_id, cluster, path, str(request.args))
raise InternalServerError('An Error Occurred')
return Response(content)
def encrypted_task_payload(project_id, task_id):
"""Proxy to decrypt encrypted task payload"""
current_app.logger.info(
'Project id {}, task id {}, decrypt task payload.'.format(
project_id, task_id))
signature = request.args.get('task-signature')
if not signature:
current_app.logger.exception(
'Project id {}, task id {} has no signature.'.format(
project_id, task_id))
raise Forbidden('No signature')
size_signature = len(signature)
if size_signature > TASK_SIGNATURE_MAX_SIZE:
current_app.logger.exception(
'Project id {}, task id {} invalid task signature. Signature length {} exceeds max allowed length {}.' \
.format(project_id, task_id, size_signature, TASK_SIGNATURE_MAX_SIZE))
raise Forbidden('Invalid signature')
project = get_project_data(project_id)
if not project:
current_app.logger.exception('Invalid project id {}.'.format(
project_id, task_id))
raise BadRequest('Invalid Project')
timeout = project['info'].get('timeout', ContributionsGuard.STAMP_TTL)
payload = signer.loads(signature, max_age=timeout)
task_id = payload.get('task_id', 0)
validate_task(project, task_id, current_user.id)
## decrypt encrypted task data under private_json__encrypted_payload
try:
secret = get_encryption_key(project)
task = task_repo.get_task(task_id)
content = task.info.get('private_json__encrypted_payload')
if content:
cipher = AESWithGCM(secret)
content = cipher.decrypt(content)
else:
content = ''
except Exception as e:
current_app.logger.exception(
'Project id {} task {} decrypt encrypted data {}'.format(
project_id, task_id, e))
raise InternalServerError('An Error Occurred')
response = Response(content, content_type='application/json')
return response
def confirm_account():
"""Confirm account endpoint."""
key = request.args.get('key')
if key is None:
abort(403)
try:
timeout = current_app.config.get('ACCOUNT_LINK_EXPIRATION', 3600)
userdict = signer.loads(key, max_age=timeout, salt='account-validation')
except BadData:
abort(403)
# First check if the user exists
user = user_repo.get_by_name(userdict['name'])
if user is not None:
return _update_user_with_valid_email(user, userdict['email_addr'])
return _create_account(userdict)
def confirm_account():
"""Confirm account endpoint."""
key = request.args.get('key')
if key is None:
abort(403)
try:
timeout = current_app.config.get('ACCOUNT_LINK_EXPIRATION', 3600)
userdict = signer.loads(key, max_age=timeout, salt='account-validation')
except BadData:
abort(403)
# First check if the user exists
user = user_repo.get_by_name(userdict['name'])
if user is not None:
return _update_user_with_valid_email(user, userdict['email_addr'])
return _create_account(userdict)
def confirm_account():
key = request.args.get('key')
if key is None:
abort(403)
try:
userdict = signer.loads(key, max_age=3600, salt='account-validation')
except BadData:
abort(403)
account = model.user.User(fullname=userdict['fullname'],
name=userdict['name'],
email_addr=userdict['email_addr'])
account.set_password(userdict['password'])
user_repo.save(account)
login_user(account, remember=True)
flash(gettext('Thanks for signing-up'), 'success')
return redirect(url_for('home.home'))
def confirm_account():
key = request.args.get('key')
if key is None:
abort(403)
try:
userdict = signer.loads(key, max_age=3600, salt='account-validation')
except BadData:
abort(403)
account = model.user.User(fullname=userdict['fullname'],
name=userdict['name'],
email_addr=userdict['email_addr'])
account.set_password(userdict['password'])
db.session.add(account)
db.session.commit()
login_user(account, remember=True)
flash(gettext('Thanks for signing-up'), 'success')
return redirect(url_for('home.home'))
def encrypted_file(store, bucket, project_id, path):
"""Proxy encrypted task file in a cloud storage"""
current_app.logger.info('Project id {} decrypt file. {}'.format(
project_id, path))
conn_args = current_app.config.get('S3_TASK_REQUEST', {})
signature = request.args.get('task-signature')
if not signature:
current_app.logger.exception('Project id {} no signature {}'.format(
project_id, path))
raise Forbidden('No signature')
project = get_project_data(project_id)
timeout = project['info'].get('timeout', ContributionsGuard.STAMP_TTL)
payload = signer.loads(signature, max_age=timeout)
task_id = payload['task_id']
check_allowed(current_user.id, task_id, project, request.path)
## download file
try:
key = '/{}/{}'.format(project_id, path)
conn = create_connection(**conn_args)
_bucket = conn.get_bucket(bucket, validate=False)
_key = _bucket.get_key(key, validate=False)
content = _key.get_contents_as_string()
except S3ResponseError as e:
current_app.logger.exception(
'Project id {} get task file {} {}'.format(project_id, path, e))
if e.error_code == 'NoSuchKey':
raise NotFound('File Does Not Exist')
else:
raise InternalServerError('An Error Occurred')
## decyrpt file
secret = current_app.config.get('FILE_ENCRYPTION_KEY')
cipher = AESWithGCM(secret)
decrypted = cipher.decrypt(content)
response = Response(decrypted, content_type=_key.content_type)
response.headers.add('Content-Encoding', _key.content_encoding)
response.headers.add('Content-Disposition', _key.content_disposition)
return response
def join_private_team():
key = request.args.get('key')
if key is None:
abort(403)
userdict = {}
try:
userdict = signer.loads(key, max_age=3600, salt='join-private-team')
except BadData:
abort(403)
username = userdict.get('user')
teamname = userdict.get('team')
if not username or not teamname or current_user.name != username:
abort (403)
''' Add to Public with invitation team '''
team = cached_teams.get_team(teamname)
if not team:
flash(gettext('This team doesn\'t exists'), 'error')
return redirect(url_for('team.myteams'))
''' Search relationship '''
user2team = db.session.query(User2Team)\
.filter(User2Team.user_id == current_user.id)\
.filter(User2Team.team_id == team.id )\
.first()
if user2team:
flash(gettext('This user is already in this team'), 'error')
return redirect(url_for('team.users', name=team.name ))
else:
user2team = User2Team(user_id = current_user.id,
team_id = team.id
)
cached_teams.delete_team_summary()
db.session.add(user2team)
db.session.commit()
flash(gettext('Congratulations! You belong to the Public Invitation Only Team'), 'sucess')
return redirect(url_for('team.users', name=team.name ))
def encrypted_file(store, bucket, project_id, path):
"""Proxy encrypted task file in a cloud storage"""
current_app.logger.info('Project id {} decrypt file. {}'.format(
project_id, path))
signature = request.args.get('task-signature')
if not signature:
current_app.logger.exception('Project id {} no signature {}'.format(
project_id, path))
raise Forbidden('No signature')
project = get_project_data(project_id)
timeout = project['info'].get('timeout', ContributionsGuard.STAMP_TTL)
payload = signer.loads(signature, max_age=timeout)
task_id = payload['task_id']
check_allowed(current_user.id, task_id, project,
lambda v: v == request.path)
## download file
try:
key_name = '/{}/{}'.format(project_id, path)
decrypted, key = get_content_and_key_from_s3(bucket,
key_name,
'S3_TASK_REQUEST',
decrypt=True)
except S3ResponseError as e:
current_app.logger.exception(
'Project id {} get task file {} {}'.format(project_id, path, e))
if e.error_code == 'NoSuchKey':
raise NotFound('File Does Not Exist')
else:
raise InternalServerError('An Error Occurred')
response = Response(decrypted, content_type=key.content_type)
response.headers.add('Content-Encoding', key.content_encoding)
response.headers.add('Content-Disposition', key.content_disposition)
return response
def join_private_team():
key = request.args.get('key')
if key is None:
abort(403)
userdict = {}
try:
userdict = signer.loads(key, max_age=3600, salt='join-private-team')
except BadData:
abort(403)
username = userdict.get('user')
teamname = userdict.get('team')
if not username or not teamname or current_user.name != username:
abort(403)
''' Add to Public with invitation team '''
team = cached_teams.get_team(teamname)
if not team:
flash(gettext('This team doesn\'t exists'), 'error')
return redirect(url_for('team.myteams'))
''' Search relationship '''
user2team = db.session.query(User2Team)\
.filter(User2Team.user_id == current_user.id)\
.filter(User2Team.team_id == team.id )\
.first()
if user2team:
flash(gettext('This user is already in this team'), 'error')
return redirect(url_for('team.users', name=team.name))
else:
user2team = User2Team(user_id=current_user.id, team_id=team.id)
cached_teams.delete_team_summary()
db.session.add(user2team)
db.session.commit()
flash(
gettext(
'Congratulations! You belong to the Public Invitation Only Team'
), 'sucess')
return redirect(url_for('team.users', name=team.name))
def get_passwd(self):
if self.needs_password():
return signer.loads(self.get_passwd_hash())
return None
def get_passwd(self):
if self.needs_password():
return signer.loads(self.get_passwd_hash())
return None