def add_fake_yd_tokens(count: int) -> None:
"""
Adds fake Yandex.Disk tokens in DB.
"""
free_users_count = UserQuery.get_users_without_yd_token_count()
if (count > free_users_count):
raise ValueError(
f"Number of tokens ({count}) can't be greater than "
f"number of free users ({free_users_count})"
)
i = 0
while (i != count):
free_user = UserQuery.get_random_user_without_yd_token()
result = YandexDiskToken.create_fake(free_user)
token = result["value"]
db.session.add(token)
db.session.commit()
i += 1
click.echo(f"Done ({count})")
def wrapper(*args, **kwargs):
tg_user = g.telegram_user
tg_chat = g.telegram_chat
# TODO: check if user came from different chat,
# then also register that chat in db.
if (UserQuery.exists(tg_user.id)):
return func(*args, **kwargs)
new_user = User(telegram_id=tg_user.id,
is_bot=tg_user.is_bot,
language=SupportedLanguage.get(tg_user.language_code))
Chat(telegram_id=tg_chat.id,
type=ChatType.get(tg_chat.type),
user=new_user)
db.session.add(new_user)
try:
db.session.commit()
except Exception as e:
print(e)
return cancel_command(tg_chat.id)
return func(*args, **kwargs)
def add_fake_chats(count: int) -> None:
"""
Adds fake chats in DB.
"""
i = 0
error_count = 0
while (i != count):
if (error_count >= 5):
raise PossibleInfiniteLoopError(
"Too many errors in a row"
)
chat = Chat.create_fake(None)
user = UserQuery.get_random_user()
if (user is None):
raise InvalidTableDataError(
"Random user is none. Users table is empty?"
)
chat.user = user
db.session.add(chat)
try:
db.session.commit()
i += 1
error_count = 0
except IntegrityError:
# error because of same `telegram_id`
error_count += 1
click.echo(f"Done ({count})")
def clear_users() -> None:
"""
Removes all users from a table.
"""
count = UserQuery.delete_all_users()
db.session.commit()
click.echo(f"Done ({count})")
def wrapper(*args, **kwargs):
user = UserQuery.get_user_by_telegram_id(g.telegram_user.id)
# TODO: check if token is expired
if ((user is None) or (user.yandex_disk_token is None)
or (not user.yandex_disk_token.have_access_token())):
return g.direct_dispatch(CommandName.YD_AUTH)()
return func(*args, **kwargs)
def get_user(self, user_id: int, insert_token: str) -> User:
"""
:param user_id:
DB id of needed user.
:param insert_token:
User will be returned only in case when provided
insert token matchs with one from DB. This means
you are allowed to modify this DB user.
Insert token of that user can be modified in futher by
some another operation, so, you should call this function
once and reuse returned result.
:returns:
DB user.
:raises:
`MissingData`, `ExpiredInsertToken`, `InvalidInsertToken`.
"""
user = UserQuery.get_user_by_id(user_id)
if (user is None or
# for some reason `yandex_disk_token` not created,
# it is not intended behavior.
user.yandex_disk_token is None):
raise MissingData()
db_insert_token = None
try:
db_insert_token = user.yandex_disk_token.get_insert_token()
except Exception:
raise ExpiredInsertToken()
if (insert_token != db_insert_token):
raise InvalidInsertToken()
return user
def get_db_user():
"""
- `insert_token` will be checked. If it is not valid,
an error will be thrown. You shouldn't clear any tokens
in case of error, because provided tokens is not known
to attacker (potential).
- you shouldn't try to avoid checking logic! It is really
unsafe to access DB user without `insert_token`.
:returns: User from DB based on incoming `state` from request.
This user have `yandex_disk_token` property which is
not `None`.
:raises InvalidCredentials: If `state` have invalid
data or user not found in DB.
:raises LinkExpired: Requested link is expired and
not valid anymore.
:raises InvalidInsertToken: Provided `insert_token`
is not valid.
"""
base64_state = request.args["state"]
encoded_state = None
decoded_state = None
try:
encoded_state = base64.urlsafe_b64decode(
base64_state.encode()
).decode()
except Exception:
raise InvalidCredentials()
try:
decoded_state = jwt.decode(
encoded_state,
current_app.secret_key.encode(),
algorithm="HS256"
)
except Exception:
raise InvalidCredentials()
incoming_user_id = decoded_state.get("user_id")
incoming_insert_token = decoded_state.get("insert_token")
if (
incoming_user_id is None or
incoming_insert_token is None
):
raise InvalidCredentials()
db_user = UserQuery.get_user_by_id(int(incoming_user_id))
if (
db_user is None or
# for some reason `yandex_disk_token` not created,
# it is not intended behavior.
db_user.yandex_disk_token is None
):
raise InvalidCredentials()
db_insert_token = None
try:
db_insert_token = db_user.yandex_disk_token.get_insert_token()
except Exception:
raise LinkExpired()
if (incoming_insert_token != db_insert_token):
raise InvalidInsertToken()
return db_user
def wrapper(*args, **kwargs):
g.db_user = UserQuery.get_user_by_telegram_id(g.telegram_user.id)
g.db_chat = ChatQuery.get_chat_by_telegram_id(g.telegram_chat.id)
g.db_private_chat = ChatQuery.get_private_chat(g.db_user.id)
return func(*args, **kwargs)